Slashdot Mirror

If M$ actually does show the code, the main purpose would as a transmission vector for NDAs designed to taint would-be developers and prevent them from ever working on GPL'd code again. e.g. "hey that bubble-sort algorithm there infringes on our valuable M$ intellectual property. cease using it or pay up."

The government is going to win this case. It's a business, not a real person, all the arguments Google can make against the government holding the information the government could make against Google themselves holding it.

What are you talking about? Google, as a company, is legally free to collect and keep whatever data it likes. Google didn't force other companies to hand over data; they collected it themselves from users who voluntarily visited Google. The government is also free to collect the data it likes (within the limitations of the fourth amendment). But the government has no particular grounds to force Google to cough up Google's collection of information. Google is not charged with any crime. The government isn't seeking the information in regards to a specific crime. Those are reasons for a supeona. Fishing expeditions hoping to find something to justify a law that the Supreme Court is already pretty ticked at is hardly grounds for search and seizure.

If they would have been smart and just never recorded searches in the first place (which they do on the Google Search Appliance) then this wouldn't have been a big deal.

Records of search results (at very least in the form of standard webserver log files) are a useful and powerful tool for optimizing your web service and debugging problems. Sometimes it's useful to be able to compare what people are search for from, say, a year ago to today's results. I would expect any major online service to keep at least a year's logs, and the government's request was for data within that year.

I'm also betting Google's Search Appliance does keep all sorts of interesting logs. Of course, those log probably aren't shipped off to Google, which is appropriate since the data would proprietary to the company which paid for the appliance.

IMHO, their response should not have been "No, we will not give you that information." it should have been, "No, we do not record that information." I've been using Yahoo's streamlined search at http://search.yahoo.com/ now for the last two months, but this alone would be enough to make me switch if I hadn't already. I loathe MSN's search, but I've found Yahoo's to be nice enough that I just never enable cookies.

I think Internet searching at the same place that you hold an active email account is probably the worst thing you could possibly do for privacy right now. And it doesn't matter who it is.

What a strange thing to obsess over as the worst thing for ones privacy. First, while disassociating your email from your searches will make you slightly harder to track down, any search engine still has your IP address and when you contacted. If there was a serious legal case, that information could be used to contact your ISP and track you down. Add in some cookies and other data mining techniques and your gain is pretty minimal. And is Google knowing what searches you're making really that much worse than, say, your credit card company knowing everything you purchase on your credit card?

Isn't this what the new Sun chips are about? Hmmm, found this eweek artical about it

The chip (formerly code-named Niagara), with eight cores that can process four instruction threads simultaneously,

So, it's not 32 cores but 32 threads on 8 cores. Not what you or the grandparent were looking for exactly but it's something worth mentioning.

What a load of horse manure. How can they not be seen as the huge American company when they do things like asking US Government and DoJ to intervene on their behalf in EU investigations? http://www.eweek.com/article2/0,1895,1887714,00.as p

Apple shipped 1.2M CPUs in Q4 vs. 7.52M CPUs for HP. But does HP really use AMD for more than 16% of its boxes? After HP, the next largest PC vendor is Dell. Dell certainly isn't presently shipping 1M AMD chips per quarter. (Granted, they may in the future.) AMD may have outsold Intel this past financial quarter, but how many of the folks shipping AMD chips are top ten PC vendors like Apple?

On March 2nd, 2005, I sent an email to the Microsoft Security Response Center (secure@microsoft.com) with a draft of my paper "Cache Missing for Fun and Profit", in which I described an information leakage attack against systems with shared caches in general, and systems with Hyper-Threading in specific. Among other things, I showed how this could be used to steal an RSA private key.

Over the following two months, I was told by three independent third parties that Microsoft was "very concerned" about this issue and had "several people" looking at it; but while one of your managers, Stephen Toulouse, claimed in an eWeek article that you commit to providing [researchers] with a progress report on the Microsoft investigation every time they ask for one, my repeated emails inquiring as to whether you had made any progress or intended to fix the problem at all went unanswered.

Since you've agreed to answer questions from slashdot, I'm going to try again: What action, if any, do you intend to take to protect systems against side channel attacks exploiting the shared caches on Intel Hyper-Threading processors?

Mr. Nash, over the past year there have been countless stories about MS Windows and its vulnerability to "stealth rootkit infections". For example, F-Secure reported, adware/spyware developer ContextPlus, Inc. is responsible for a large number of "stealth rootkit infections" related to its products. What is MS doing to secure its newly released OSes from dangerous kernal-mode rootkits built in adware, spyware and other applications?

"Third, most major vendors are now completely behind Java. Sun, IBM, Novell, and Oracle, for instance..."

I guess the author hasn't seen the news about Novell and Mono, and Oracle and IBM including .NET CLR capabilities in their databases. Also, Mono is being included with Red Hat Fedora.

"Fourth, you can download Oracle Express for free, and use it with Oracle's Java developer's tools ..."

And you can also download Oracle's .NET tools for free.

75% of Fortune 100 companies use .NET as their primary development platform (http://www.eweek.com/article2/0,1759,1645550,00.a sp)

Six unpatched flaws, with aggregate total of 737 days since informed.

Redhat EL4

17 critical vulnerabilities [in 2005], Red Hat made fixes for every one of them available to customers via the Red Hat Network within two days of the vulnerabilities being known to the public, with 87 percent of them being available the first day. Source

[I calculate that as 19 days total exposure]

Arithmetic says: MS exposure 38.79 times as bad as RH!

Apple hasn't done anything to preclude Windows, or any other OS, from being installed on the Intel-based Macs. That is a perfectly accurate statement. Apple Vice President Phil Schiller's two direct quotes on the subject, the most recent which was made on January 10, 2006, can be seen here. Intel has also specifically said that Apple will not be using proprietary chipsets and/or processors, and they'll just represent standard Intel offerings.

Windows XP would directly boot and install on the Developer Transition Kit platform because it was just a standard Intel motherboard and processor, and also used a standard Intel BIOS.

However, the shipping Intel-based Macs use EFI (Wikipedia article), Intel's "next generation of BIOS". (more info)

Windows XP 32-bit does not currently support EFI for booting. Windows XP 64-bit does, but Intel Core Duo is not a 64-bit chip. Now, there are a bunch of other variables, such as whether or not Apple's current EFI implementation offers BIOS backward-compatibility, and so on, but it's clear that regardless, EFI is the future, and it's only a matter of time before the PC world at large transitions to EFI. Further, Windows Vista does support EFI. See here for Microsoft's presentations on EFI, particularly the first two links.

That said, dual booting is intensely annoying anyway, and the really interesting thing will be able to just run Windows (or some other x86 OS) and Mac OS X side-by-side.

What we will *definitely* see are "Virtual PC"-like programs that let you run Windows alongside OS X (in a Window, or taking over the screen, etc., with a hotkey to flip back and forth, for example).

It's important to note this will NOT be emulation: Windows (or other x86 OS) will run at essentially the native speed of the underlying hardware (with certain exceptions). There could even be direct access to video, with support for things like DirectX.

vmware already has a version for Mac OS X in development, and Microsoft has already announced they will be developing a version of Virtual PC for Intel-based Macs that one can only presume will be a virtual machine. Then there are things like QEMU, Xen, etc. The Darwin/Mac OS X version of WINE, DarWINE, has even been working under betas of Mac OS X for Intel. Now that Intel Macs are shipping, it will only be a matter of weeks/months before we have several options for running Windows itself, and/or Windows applications at essentially the native speed of the underlying hardware.

And since Intel Core Duo also supports Intel's VT hardware virtualization, the possibilities of future virtual machine technology are even more interesting. But the bottom line is that Apple is again leading the way with the adoption of technologies like EFI and ExpressCard. Naturally, it will take a little while for Windows to catch up. ;-)

http://www.eweek.com/article2/0,1895,1908369,00.as p David Coursey from EWeek has an interesting opinion piece on this subject. From the article- "Is it the responsibility of citizens to change what they're doing for the convenience of the government? Or should government seek to meet the needs of the largest number of its citizens?"

MS deserves bashing for the flaw, but there's a difference between an untested one-man release, and the official, QA'd patch. Part of the reason Microsoft couldn't release a patch immediately is because they need to make sure their fix doesn't break snything else.

It seems that Wyse will be making hardware that runs Google's software. There could be others.

Google has said they are working on software to compete with Microsoft. Think Sun was in on this too.

If you're curious as to what all they do, you can take a look here. A sample quote from the article:

In some cases, particularly when the Internet Explorer browser is involved, the testing process "becomes a significant undertaking," Toulouse said. "It's not easy to test an IE update. There are six or seven supported versions and then we're dealing with all the different languages. Our commitment is to protect all customers in all languages on all supported products at the same time, so it becomes a huge undertaking."

Am I the only one who thinks the RIAA/MPAA "wrote" that message?

Grokster sold out all their assets to Mashboxx (including their domain).

Mashboxx itself is a sham RIAA front company that pitches itself as "the world's first P2P application with content authorized by major record labels". Which is a total load, considering they don't even have a client available to the public.

So, in short, this is all nothing but a marketing ploy driven by smoke, mirrors, and fear. What else were you expecting from the RIAA?

Already happened. "Another part of Microsoft's RSS plans seemed to draw the most criticism. Microsoft also released a specification for an extension to one format of syndication feeds, RSS 2.0, for handling ordered lists."

The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences.

Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug.

I find this mind-boggling to the point of absurdity. Regardless of any supposed benefit gained by this, allowing a data file to execute arbitrary code upon it being viewed is simply begging for an exploit like this. No matter whan spin Microsoft will try to put on this one, it makes them look bad. Extremely bad.

The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences.

Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug.

I find this mind-boggling to the point of absurdity. Regardless of any supposed benefit gained by this, allowing a data file to execute arbitrary code upon it being viewed is simply begging for an exploit like this. No matter whan spin Microsoft will try to put on this one, it makes them look bad. Extremely bad.

I may be a bit paranoid but I'd like to turn off images and video for a few days until this ".wmf" issue is resolved.

".wma" and ".wmv" file extensions seem closer to the ".wmf" extension than ".jpg" or ".tif" extensions, so they may also be loaded by programs that open ".wmf" files only to read the internal label and execute the malicious code.

I unchecked the box called "load images" in Firefox, but animated web sites still come up. So I reinstalled Firefox (also deleting the directory) to try to return to Firefox's original default settings, but my settings were still active. Apparently, Firefox saves personal settings in the registry even after it is uninstalled.

Security web sites seem to be of little help:

Secunia, Kaspersky strongly caution against opening any untrusted *.wmf files
http://secunia.com/advisories/18255/
http://www.viruslist.com/en/alerts?alertid=1767016 69

VNUNet.com says Firefox will first ask the user before opening the file.
http://www.vnunet.com/vnunet/news/2147909/hackers- attack-zero-day-windows

Pete Lindstrom, research director for Spire Security LLC, said,
"There's no such thing as 'extremely critical' when user interaction is required. [...] That's just silly."

Lisa Vaas of eweek.com says "Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether."
http://www.eweek.com/article2/0,1895,1906177,00.as p

Jay Wrolstad at CIO-Today says, "Current exploits use the Windows Picture and Fax Viewer to attack any application that can handle Windows Metafiles. Disabling the Windows Picture and Fax Viewer will not eliminate the risk as the flaw exists in the Windows Graphical Device Interface library".
http://www.cio-today.com/news/Flaw-Detected-in-Win dows-Metafile/story.xhtml?story_id=131004IKPNAU

Alex Eckelberry, president of Sunbelt Software.
"There is no user interaction required," he wrote in an e-mail exchange. "You hit the Web site, you get hit immediately. No prompts, nothing."
http://www.eweek.com/article2/0,1895,1906489,00.as p

I may be a bit paranoid but I'd like to turn off images and video for a few days until this ".wmf" issue is resolved.

".wma" and ".wmv" file extensions seem closer to the ".wmf" extension than ".jpg" or ".tif" extensions, so they may also be loaded by programs that open ".wmf" files only to read the internal label and execute the malicious code.

I unchecked the box called "load images" in Firefox, but animated web sites still come up. So I reinstalled Firefox (also deleting the directory) to try to return to Firefox's original default settings, but my settings were still active. Apparently, Firefox saves personal settings in the registry even after it is uninstalled.

Security web sites seem to be of little help:

Secunia, Kaspersky strongly caution against opening any untrusted *.wmf files
http://secunia.com/advisories/18255/
http://www.viruslist.com/en/alerts?alertid=1767016 69

VNUNet.com says Firefox will first ask the user before opening the file.
http://www.vnunet.com/vnunet/news/2147909/hackers- attack-zero-day-windows

Pete Lindstrom, research director for Spire Security LLC, said,
"There's no such thing as 'extremely critical' when user interaction is required. [...] That's just silly."

Lisa Vaas of eweek.com says "Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether."
http://www.eweek.com/article2/0,1895,1906177,00.as p

Jay Wrolstad at CIO-Today says, "Current exploits use the Windows Picture and Fax Viewer to attack any application that can handle Windows Metafiles. Disabling the Windows Picture and Fax Viewer will not eliminate the risk as the flaw exists in the Windows Graphical Device Interface library".
http://www.cio-today.com/news/Flaw-Detected-in-Win dows-Metafile/story.xhtml?story_id=131004IKPNAU

Alex Eckelberry, president of Sunbelt Software.
"There is no user interaction required," he wrote in an e-mail exchange. "You hit the Web site, you get hit immediately. No prompts, nothing."
http://www.eweek.com/article2/0,1895,1906489,00.as p

Ahem

1. Windows is still by far the dominant desktop software.
2. Office is still by far the dominant office software.
3. IE is still hovering at 85-90% of marketshare with its browser. That's more of a hold than iTunes has on the music bought online, which others are very concerned about.

1. As late as this last Fall, Microsoft tried to strongarm vendors of machines to put Windows Media Player exclusively, though it did retract the terms.
2. IE still refuses to adopt some standards like a full CSS implementation

In any case, though, the new AOL browser is IE-based.

Chinese web censorship is well documented. (Do a google search for "chinese web censorship") Currently there is no US web censorship. THe problem is, this proposal would allow web censorship if it was allowed.

Dont like the competitor thats undercutting your offers? All of a sudden, routing to their network takes 100 hops.

Union website you dont like? Ok, route anything going to that IP address through the 486 in the corner.

Currently they cant do this. If they are allowed to prioritise leaves the flip side, in that they can also de-prioritise other traffic, Eg, VOIP traffic. Someone has already tried this (Madison River Communications) but they got slapped down by the FCC (http://www.eweek.com/article2/0,1759,1772661,00.a sp). What they want is legislation so they dont get slapped down any more.

Open doesn't mean what it should anymore.

Like in this article for example.

QUOTE:

Thanks to Microsoft, users will face the "unsavory prospect of two supposed standards. The truth is that only one of them is free of intellectual property encumbrances. Only one reflects multivendor support, and only one reflects openness. That standard is OpenDocument Format,"

"R2, which is due later this year, would bring features such as Services for Unix, the WS-Management standard, along with the next generation of the management console, MMC 3.0. "Closing the loop between developers and operational systems still has a long way to go, but delivering MMC 3.0 is the first deliverable in that regard," Muglia said.

"With R2, we'll also deliver the first version of Active Directory Federation Services (ADFS) to make it easier for developers to build federated Web applications. In the Windows Vista timeframe, we will deliver WinFX and the 'InfoCard' user experience," he said.

Next month: Microsoft announces security vulnerability in MMC 3.0.

hmmm. it seems like the server is running excel...
hereis another article covering this...

Summary: Erik Marcus (the Vegan in question) is a jackass.

George Lambert put up a free Podcast indexing service which Erik subscribed to. Then Erik forgot he'd done it, complained to George and told him to remove the entry. George did so. Then Erik got mad again and told George to put the entry back up, but modified to fit some absurd demands. George said "no". George however also said that if Erik wanted to pay him for his time to to program in the exception, he'd follow Erik's demands. Erik got mad again and cried extortion.

There is no such thing as Podjacking. Erik is a jackass.

FTA:

Marcus contacted Lambert to ask that his listing be removed. Lambert did so. This, however, caused Marcus' listenership to crash by some 75 percent, he claimed. Marcus then asked that his listing temporarily be reinstated on Podkeyword while he worked to fix things with Apple Computer Inc.'s iTunes.

Lambert responded that it would be reinstated only if Marcus provided an unspecified payment or agreed permanently to his terms--a description that sounds like hijacking and extortion and that has resulted in Lambert's being harassed around the clock by profane e-mail and phone calls.

However, as Lambert told Ziff Davis Internet News and also explained on a Podcast by David Lawrence, the request for reimbursement was simply to compensate him for the custom coding that Marcus reportedly demanded.

Specifically, Marcus reportedly requested that Lambert allow individuals to find his feed via keyword but not to allow OPML directories to have the feed any longer.

"He wanted me to make sure no other directory services got the information from me, but I can't tell who are directory services, because we're not submitting anything," Lambert said. "People are coming to look at our list. I have a choice: I remove it from anywhere or I [don't] remove it. You can't restrict who comes to look at your Podcast. So his request wasn't technically practical.

Lambert has posted on his Weblog what he claims is the complete, unedited e-mail conversation between himself and Marcus.

I think the fact that it works through a firewall is a drawback, at least from the IT perspective. Corporate IT departments hate Skype's security holes http://www.eweek.com/article2/0,1759,1891306,00.as p and companies are going to block ithttp://www.eweek.com/article2/0,1759,1877000,00. asp.

I think the fact that it works through a firewall is a drawback, at least from the IT perspective. Corporate IT departments hate Skype's security holes http://www.eweek.com/article2/0,1759,1891306,00.as p and companies are going to block ithttp://www.eweek.com/article2/0,1759,1877000,00. asp.

When the 6502 was a hot processor, Woz was a pretty fair hack electrical engineer. Running the video off the CPU was a cute trick. But he hasn't had anything relevant to say about computers in a very long, long time.


Are you trolling?
1986:
The //gs was the first computer to include a Large Scale Integration (LSI) chip, designed by Steve Wozniak, and called the IWM (Integrated Woz Machine).
http://www.apple-history.com/?page=gallery&model=a IIgs&performa=off&sort=date&order=ASC

2004:
Wheels of Zeus
http://www.eweek.com/article2/0,1895,1734857,00.as p

He knows more about modern technology than you do.
Enjoy,

As opposed to say, perl, right?

While perl security has gotten better, it is still a problem. perl is still widely exploited, formmail.pl is one of the more infamous ones. lusers just download whatever script they find off the web and install it, and get quickly compromised.

Are the majority of perl users well versed in perl security? I doubt it.

What, you going to recommend people use C instead of PHP then? python? Even java has issues.

It's very fashionable, hip and trendy to bash PHP on /., while ignoring the fact most other languages really aren't any better.

I don't know about you but I'd rather have Windows Media Player than RealPlayer or Quicktime installed by default.

Well, I don't know about you - but I would much rather have mplayer, Zoomplayer or Classic Media Player installed by default then Windows Media Player

The point here is currently only one entity can decide.

Try this link instead: http://www.eweek.com/article2/0,1759,1896641,00.as p?kc=EWRSS03119TX1K0000594

• Adobe Systems
• IBM
• Intel
• Novell
• Sun Microsystems

well possibly not, though the boyd guy is well known for hitting big "busts" - last one was this http://www.eweek.com/article2/0,1895,1888714,00.as p and he had the bittorrent thing some time ago. i'd say thats a pretty decent accomplishment. and what sounds better - "security mvp" finds x, y and z" or "some random guy"? Surely a little background info goes a long way?

http://www.eweek.com/article2/0,1895,1524941,00.as p

The U.S. District Court in Seattle ruled in favor of Lindows.com's assertion that the jury should consider the historical use of the term 'windows' in graphical user interfaces rather just its current usage as being synonymous with Microsoft Windows.

The court also ruled that after a word is declared generic it would continue to be generic, and thus could not be made a corporate trademark. Chief District Judge John Coughenour said in his Tuesday ruling: "If the term is found to be generic 'it cannot be the subject of trademark protection under any circumstances.'"

This is not the first time the court has cast doubt [PDF document] about Microsoft's use of 'windows' as a trademark in the case. In a March, 2002 ruling, Judge Coughenour noted, "that there are serious questions regarding whether Windows is a non-generic name and thus eligible for the protections of federal trademark law."

As you can see from the judge's statement "that there are serious questions regarding whether Windows is a non-generic name and thus eligible for the protections of federal trademark law", only non-generic names are eligible. Generics aren't. "Risk" by itself is generic. "Hasbro Risk" isn't.

So, wanna try again?

Far from 'clear'. For instance, evidently many other countries had a problem with it as well.

The flaw is in IE not google desktop. Google desktop was just the program he used to test his findings. From the origonal article (http://www.eweek.com/article2/0,1759,1895579,00.a sp?kc=EWRSS03129TX1K0000614): Gillon used the Google Desktop utility to prove his findings, but in theory, any domain or application that depends on the IE cross-domain security model is vulnerable. "Thousands of Web sites can be exploited, and there isn't a simple solution against this attack at least until IE is fixed," Gillon said.

Actually this is not so similar to Google Base, but a more direct (and small-thinking) rip off of Craigslist, as far as I can see. There is the similarity that Microsoft also have a search engine to directly map over this data, but eWeek are going much too far (also in http://www.eweek.com/article2/0,1895,1877217,00.as p [eweek.com], linked) in ignoring the fundamental differences between a community listing site, an auction site (where the role of the provider is much more hands-on) and the need for Google to get their engine to work with sites dynamically generated from a back-end database...

Posting anonymously to avoid karma whoring

I think this would be a better article to read about US influence:
http://www.eweek.com/article2/0,1895,1888417,00.as p

ICANN is under the administration of the US Department of Commerce, so ultimately the US will control it. As to whether they are giving undue influence, that is to be debated. I would assume that many countries who are unhappy with the US influence are also unhappy with the current Bush administration. President Bush is currently unpopular in the US as well as the world, and this may be contributing to the sentiment.

But to be fair, we have to ask ourselves:
Who invented the internet? DARPA, US
Who invented the digital circuit? Claude Shannon, US
Who invented the silicon chip? Bell Labs, US
Who invented the bipolar transistor? Bell Labs, US

These examples are not a reason that the US should control it, just some things to think about. If you invented something as powerful as the internet, would you just want to give away control of it? It is a hard thing to take a stand on.

I second the Google Talk compliments. But it's Windows-only, of course. Maybe Gaim's main dev, Sean Egan, will borrow from some of the experience he had working at Google on Google Talk, and incorporate some of that into the direction Gaim takes. I for one am certainly looking forward to Gaim 2.0.

According to the article, "...Microsoft felt it unnecessary to patch a flaw six months ago that was originally low risk but mutated in to something extremely dangerous." This is, presumably, in reference to the JavaScript exploit that was recently covered on Slashdot and in an Eweek article.

The thing is, this flaw didn't "mutate" -- it's just that we didn't until recently understand how dangerous this security flaw really is. That there's already a working proof of concept is alarming.

It's quite inaccurate to say that the flaw "mutated" when in reality it never changed -- only our understanding of it changed. Who's to say that someone, somewhere, wasn't already aware of the true potential for abuse when the flaw was first discovered half a year ago? Microsoft didn't make fixing this a high priority because they were lulled into the belief (along with almost everyone else, apparently) that this was a simple DoS exploit instead of the own-the-machine exploit it turned out to be. (Yeah, it takes a lot more work to actually gain control of the machine, but the same fundamental mechanism is used.)

see http://www.eweek.com/article2/0,1895,1893639,00.as p

O. Wyss

You could just give Red Hat or Novell a call and either one will be more than happy to give you their dog-and-pony show for their desktop offerings. I mean, they do do this kind of thing for a living these days.

Do you have must-keep Windows apps? Try CrossOver Office

http://www.eweek.com/article2/0,1895,1886920,00.as p

or

Verasora/Win4Lin

http://www.versora.com/

I've used and deployed them all in small businesses with AD management, and they've all worked. There's no reason why they wouldn't work in larger businesses. After all, as IBM and Oracle are showing, they already do.

Steven

Haven't tried it, but PXES might be worth looking at. It can work with a variety of M$ and Linux/Unix terminal server clients. They have a proprietry server available but the client appears to be free. It's bootable from HDD, USB, CD, network etc and can be run on a diskless system. This article also discusses this topic...Skolelinux, which is designed for schools, appears to be a nice package with a thin-client option.

Amazing, this survey lists the first fact what I pray for years: "There are not enough common applications on Linux"! And the solution for this is: "Cross-platform development". Cross-platform development is easy if you do it as wyoGuide (http://wyoguide.sf.net/) suggests. Besides see this summarizing eWeek article http://www.eweek.com/article2/0,1895,1893639,00.as p.

Actually this is not so similar to Google Base, but a more direct (and small-thinking) rip off of Craigslist, as far as I can see. There is the similarity that Microsoft also have a search engine to directly map over this data, but eWeek are going much too far (also in http://www.eweek.com/article2/0,1895,1877217,00.as p, linked) in ignoring the fundamental differences between a community listing site, an auction site (where the role of the provider is much more hands-on) and the need for Google to get their engine to work with sites dynamically generated from a back-end database...

In the Windows world, one doesn't get the alpha or beta patches, just the blessed finished product

yeah, right!
i won't even mention IE's security holes for the last 8 or so years (active x, ...) or outlook's bad record of keeping spam from executing malicious code (mostly through the IE engine).

but boldly stating how much due diligence is exacted upon the microsoft patches before final release is ridiculous in face of them frequently backfiring and leaving old or new vulnerabilities in their wake:

http://www.hideaway.net/home/public_html/article.p hp?story=20020924094345962
http://www.infoworld.com/article/03/09/08/HNhacker sjump_1.html
http://www.eweek.com/article2/0,1895,1753511,00.as p
http://www.vnunet.com/vnunet/news/2120864/doubts-r aised-microsoft-patches

jethr0

If you can view adbanners, you can nab a virus/malware/spyware via a web-browser program!

Yes, believe-it-or-not, it's been known to happen & was even reported here on slashdot in the past quite a few times the last 2-3 years now.

See here for more potential vulnerabilities found in FireFox in the past, & also its plugins, such as the "greasemonkey" one that made 'big headlines' in the past, e.g.'s:

http://secunia.com/advisories/16911/

http://it.slashdot.org/it/05/07/19/143241.shtml?ti d=154&tid=172

http://www.eweek.com/article2/0,1895,1838261,00.as p

http://www.theregister.co.uk/2005/09/12/mozilla_id n_fix/

(And, there are others, those are just examples... as well as the initial point I made about adbanners having been shown to harbor malware/spyware inserts into your OS as well in the past 2-3 years now a few times already).

Sure, many of them have been patched (as far as internal-to-FireFox code itself), but what about those plugins as well?

(I'd say, it's a GOOD bet that more will popup in the browser extensions FireFox has available for it, unfortunately... part of the "growing pains" of this browser, and a note about the 'danger' of 3rd party extensibility tools. ActiveX didn't come out as planned for IE either, so-to-speak, security-wise outside of Intranet usage & then probably not 110% totally safe either).

APK

P.S.=> Personally, though I think FireFox is excellent work & has come a LONG ways (since "FireBird" etc. builds of it), Opera 8.51 is my web-browser choice, since Opera's typically been shown to be faster:

http://www.howtocreate.co.uk/browserSpeed.html#win

And, also it seems that Opera has always been less subject to online vulnerability vs. BOTH FireFox &/or IE, period, as well as being consistently a faster/better performer year in & year out... apk