Slashdot Mirror

According the article on ZDnet, background services and basic windows apps don't count, so you can basically can open Firefox, Thunderbird and say Winamp at once.

It depends on how much it will cost.
If Windows 7 Starter will be priced at $1 - $5, it will be well worth it.

RTFA (Well, to be fair, R another FA that the original FA links to) http://blogs.zdnet.com/Bott/?p=844

That three-app limit isnâ(TM)t as cut and dried as it sounds ... Windows Explorer windows donâ(TM)t count ... basic Windows tools donâ(TM)t trigger the limit ... Desktop gadgets are free ... some system utilities get to bypass the three-app limit

So, basically, the three app limit is there to hinder the end user's use of products that compete with Windows' own components that are unhindered. Can't run Firefox, Thunderbird, Pidgin, and Openoffice all at the same time? No problem, just supplant one of those with a Windows component and buy a little of your freedom back with a little bit of soul crushing submission.

What counts and doesn't count was clearly stated out in a better article: http://blogs.zdnet.com/Bott/?p=844 In short, a lot of things don't count towards the limit: services, Explorer, tray apps, command prompts, etc. TFA appears to just be a bad (and very incomplete) rip of the piece at zdnet... (which seems increasingly common on /.--quoting from "articles" or blogs that are often incomplete and poor rips of an original article)

Here is a review of using the Starter Edition. Including some things that don't count against the app count.

This may help.

http://blogs.zdnet.com/Bott/?p=844

Here are some selected quotes:

"you can open as many windows as you want from a single program. So if you want to open 15 tabs in your browser, six images in your photo-editing program, and a couple of instant messenger windows, you can do it."

"Windows Explorer windows don't count."

"Basic Windows tools don't trigger the limit. You can run a Command Prompt window or open Task Manager"

"Antivirus programs that run as a system service don't count."

"In short, when I used this system as a netbook, it worked just fine. On a netbook, most of the tasks you're likely to tackle are going to take place in a browser window anyway."

"If I tried to use this system as a conventional notebook, running multiple Microsoft Office or OpenOffice aps, playing music in iTunes or Windows Media Player, and using third-party IM programs, I would probably be incredibly frustrated with the limitations of Starter Edition."

Now I'm not an M$ fanboy so save your trolling, but TFA is clearly biased and written badly. Thankfully there's a link to a better article hidden in there somewhere, and I suggest people read it before they post or judge.

"Moving away from Windows is simply necessary judging by the kinds of attacks described" - by erroneus (253617) on Saturday April 18, @07:13PM (#27631191) Homepage

No, it's not, IF you know how to secure it, per a guide such as this one -> http://www.tcmagazine.com/forums/index.php?s=ced36a7f152cf6e6f138af849a4fe3a7&showtopic=2662

Where people who have used it (end users-wise), have gotten results such as this one:

http://www.xtremepccentral.com/forums/showthread.php?s=17638f526de3f23590590f1643425f87&t=28430&page=3

----

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"

THRONKA @ xtremepccentral.com

----

And, as far as stability/uptime, AND SECURITY, in a corporate environs (and, in a high tpm example no less)?

Look no further than NASDAQ, here:

----

NASDAQ Migrates to SQL Server 2005:

http://windowsfs.com/enews/nasdaq-migrates-to-sql-server-2005 [windowsfs.com] [windowsfs.com] [windowsfs.com]

----

Where Windows Server 2003 + SQLServer 2005 does, and has done for YEARS now mind you, a great job of being the official disseminator of trade data @ NASDAQ, running into the "fabled 5-9's" of 99.999% uptime for years now, 24x7, via failover clustering... that was back in 2006 (possibly earlier, as that is only the date of the article)...

Best of ALL? Hey, it's Windows!

(Which means you probably already own & are familiar w/ Microsoft + Win32 applications on every level of use there is...)

APK

P.S.=> How secure an OS is, is dependent on the person(s) running the machine/network, & their diligence as well as "know-how"... this extends to ANY OS there is, period, and you ALL know it (despite the "Pro-*NIX" bias this website has bigtime)... additionally?

The ONLY reason Linux is not as victimized, is because it is less used. Now, make Linux take as much share of the market as Windows enjoys? Linux WILL be hit as hard, if not harder...

I.E.-> Today's malware makers are after your personal information and monies, after all, & they shoot @ the largest target there is - Windows!

I mean, hey - the very fact that webbrowsers on Linux can run Javascript alone indicates they are just as vulnerable, via the webbrowsers themselves, as is Windows...

(& please, don't try to tell us "*NIX is invulnerable", because this -> http://blogs.zdnet.com/security/?p=3157 clearly shows otherwise, & is only a "portent of things to come")... apk

"One thing which is absolutely clear; Windows should be ruled out" - by rtfa-troll (1340807) on Sunday April 19, @04:16AM (#27634457)

Not if you know how to secure & administer it, properly (this goes for ANY OS out there mind you), per a guide such as this one:

http://www.tcmagazine.com/forums/index.php?s=7e43749a95b34ffdc7e782a0d5bedc58&showtopic=2662

Where users who have applied it have experienced results such as this one:

http://www.xtremepccentral.com/forums/showthread.php?s=17638f526de3f23590590f1643425f87&t=28430&page=3

----

"Its 2009 - still trouble free!

I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009 No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008.

Great stuff!

My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads.

APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"

THRONKA @ xtremepccentral.com

----

And, as far as the stability AND SECURITY of a Windows machine, in a HIGH TRANSACTIONS-PER-MINUTE (TPM) ENVIRONS? Look no further than NASDAQ:

(Because, for stability? Windows has DEFINITELY "made it", & well (w/ proof thereof below) in that area, as well, per this evidence thereof)

Windows Server 2003 + SQLServer 2005 does, and has done for YEARS now mind you, a great job of being the official disseminator of trade data @ NASDAQ, running into the "fabled 5-9's" of 99.999% uptime for years now, 24x7, via failover clustering... that was back in 2006 (possibly earlier, as that is only the date of the article):

----

NASDAQ Migrates to SQL Server 2005:

http://windowsfs.com/enews/nasdaq-migrates-to-sql-server-2005 [windowsfs.com] [windowsfs.com]

----

Best of ALL? Hey, it's Windows!

(Which means you probably already own & are familiar w/ Microsoft + Win32 applications on every level of use there is...)

APK

P.S.=> The ONLY reason Linux is not as victimized, is because it is less used... make Linux take as much share of the market as Windows enjoys? Linux WILL be hit as hard, if not harder...

I.E.-> Today's malware makers are after your personal information and monies, after all, & they shoot @ the largest target there is - Windows!

I mean, hey - the very fact that webbrowsers on Linux can run Javascript alone indicates they are just as vulnerable, via the webbrowsers themselves, as is Windows...

(& please, don't try to tell us "*NIX is invulnerable", because this -> http://blogs.zdnet.com/security/?p=3157 clearly shows otherwise, & is only a "portent of things to come")... apk

'I asked Ramji if he could explain Microsoft's open-source strategy to me in a nutshell (or at least in a single PowerPoint slide). Here's what he showed me:'

'I asked Ramji if he could explain Microsoft's open-source strategy to me in a nutshell (or at least in a single PowerPoint slide). Here's what he showed me:'

I doubt it. More likely that (a) they're using Ad-hoc distribution and paying an appropriate

Ad hoc distribution? That will work fine! After all, the US army only has 100 soliders, so that will work fine with the ad hoc 100 user limit...oh wait.

they're using unlocked phones (which aren't "special"--you can buy unlocked phones from Apple for $600).

*rolls eyes* I don't mean sim-locked, I mean Apple's-distribution-channel-locked.

We're talking about iPod touches and iPhones here remember - Touches don't have sim cards.

That quote from Ramji was taken completely out of context. It takes a bit of digging, because the distortion is already present in TFA, but here is the blog post to which TFA "responds". Note especially:

Due to the downturn in the economy, many business users are putting the kibosh on migrations to or from open source. [...] That's why Microsoft is advising open-source partners with whom the company is collaborating not to focus their customer pitches on costs, but instead to lead their sales pitches with "value," he said.

(Emphasis mine.)

Now this may certainly be bad and self-serving advice from Microsoft, but it is still very different from what TFA makes it out to be. Microsoft isn't begging OS vendors to change their sales pitches to something it can compete with. It's telling vendors how it thinks they should pitch in a time of economic difficulty.

We now return you to your regularly-scheduled Microsoft bashing.

They could do it without a trojan, if they had the right signing key. I forget which worm it was, but a few years back there was a major vulnerability that Microsoft patched, which triggered the automatic reboot. The issue was the patch went ahead and updated the machine even if you had the system set to "download, but notify" rather than automagically patch. Similar deal here where an update did something it should not have.

Were I the FBI, I'd make Microsoft 'digitally sign' such a beasty, and then send it via an unannounced update.

Always helps to have stupid criminals, however.

There was a time when Oracle was considering Netbeans, but Oracle joined the Eclipse Foundation.

I don't think JDeveloper is based on Eclipse though.

Might be interesting to see what happens. I think Netbeans will live on. Too many of sun's products rely on it.

What I'm more concerned with is the amount of contributions to PostgreSQL.

I still feel had they put more money/time into postgresql instead of buying MySQL, they wouldn't need to be bought.

I loved that article. My entire family is made up fo mac minions, and keep tellign me this kind of thing, despite the fact that I have never had a virus, never had to reformat except when I rebuilt the whole computer, get way more performance and paid one third as much as they did.

Here's the article, btw.

http://blogs.zdnet.com/security/?p=2941

For your "old programmer", you took my words out of context and twisted them. The poster was trying to "drop knowledge" on me from his assumed superior position of knowing what SYN cookies are for. I was merely responding to that. Your insult comes out of left field.

You can substitute any word you want for mainstream if you have trouble figuring out the meaning of it. Since we're adding up the total market penetration anyway, it doesn't really matter if the distro you pick isn't mainstream, since that means it'll just have an immeasurably low market penetration.

The stupid old hat thing has taken on a life of its own. My point (and why this came up) about whether ASLR is old hat or not is merely to try to measure the relative value of Vista having ASLR. If ASLR is commonplace, then Vista's ASLR isn't anything special, it just means it is keeping pace with other OSes. But, if ASLR is not commonplace, then Vista SP1 having ASLR means it has an additional layer of security that most people don't have working for them right now, and it bolsters MS' claim that perhaps Vista should be considered a pretty secure OS (I don't get into this "most secure OS" thing, as I've said many times, the most secure OS in the world likely doesn't do the things I need to do, although, I'm sure it is excellent for the uses it is designed for). Somehow my argument about this got turned into the idea of when ASLR was invented, which isn't at all the point.

No mainstream OS besides Vista SP1 has more than a weak form of ASLR. And thus very few people who are using any OS besides Vista have ASLR working for them. So this means Vista is a step above those other OSes in at least one way. It also means for virtually everyone out there, if they switched to Vista they would gain some security measures that they don't currently have. This, for the sake of the actual argument (and not some word game about old hat), it DOES matter if the proles aren't using it.

As to your comment 'A system cannot be considered secure if insecure code running as an unprivileged user on the system causes it to be compromised.', Vista SP1 does not come with Flash (the source of the 2008 pwn2own exploit) or Java (the source of the 2009 pwn2own exploit) installed. So saying these exploits show problems with Vista SP1 is a bit of a stretch. Just as when you make your linux machine secure you don't insert stuff on it that would add no functionality you need, only more bugs, if you wanted to secure a Vista SP1 machine, you wouldn't install Java or Flash. Additionally, I'm not sure you understand that these two exploits only get you to regular user status, not privileged user status. Of course, as on UNIX, once you get in, all you need to know is a privilege escalation exploit.

Thanks for the helpful presentation, I appreciate info (instead of slap fights) in all forms. I wonder why there was no .NET exploit at pwn2own 2009?

After all the "sky is falling" responses to the presentation you linked, there was an actual thoughtful interview.

http://blogs.zdnet.com/Bott/?p=513

He has a lot of nice things to say about Vista SP1 in this recap, seems he's more impressed than the parent poster. He also mentions the exploit he demoed was actually closed a long time ago, he did exploit on a Vista SP1 machine, but with an exploit which is not present in IE anymore, he had a gaffed machine.

I wonder what Vista SP2 has in store? The original article has the MS person bragging about Vista SP2. Of course, Vista SP2 has a very low market penetration right now since it isn't out. As such, to me it's not valid to brag about how secure it is, since it (like all the minor linux configs with full ASLR/DEP you talk about) is not really out in the real world where it can protect machines.

WinOld users will still be free to use Firefox 3.5, and will get updates for a good while.

A "good while" is only 6 months after the next (incompatible) version is released. For example, Firefox 3.0 was released May/June 2008, and no longer supports Win98/SE/ME, so Win98/SE/ME users must use Firefox 2.0.x, but security releases for Firefox 2.0.x ended in December 2008.

Mozilla to end support for Firefox 2

"Firefox 2.0.0.x will be maintained with security and stability updates until mid-December, 2008. All users are strongly encouraged to upgrade to Firefox 3."

While I agree that google is not Mr. Friendly, I'd be surprised if this particular move is about lock-in.

It never is. Whenever somebody modifies standard technology to suit themselves, they get accused of trying to create lockin. That's what happened when Phil Katz decided he could redo the ARC format faster and smaller. That's what happened when Anders Hejlsberg decided he couldn't live with Java's limitations. Netscape and HTML. Microsoft and HTML, CP/M, x86....

Lockin does usually occur when people do things in a different way, and the different way ends up being the de facto standard. But that's not why they do them. They do them because developers just plain like to do things their own way.

In the case of Google's "white list" this doesn't even come close to being lockin, because any application that will run on Google's classes will run on "standard Java". Sun's problem is that the reverse isn't true. And I'm not sure that really matters. Unless I've missed something, the missing classes are all legacy cruft that should have been deleted from Java long ago.

So why haven't they been? Lack of will. One Java core engineer told me that Sun got in trouble when they even deprecated an API, never mind removing a whole class. People just don't want to fix up all their legacy code, and Sun was too anxious to monetize Java to stand up to them.

Google has more flexibility, since they don't need for their version of the Java platform to make money anytime soon.

First it's 84% of IT pros and now it's 83% of businesses? Might have something to do with these surveys being carried out on a submission basis, where the only people who respond are a minority that are either passionate "must-have-the-latest-version" fanatics or passionate "anything-other-than-XP-sucks" fanatics. The apathetic majority isn't taken into account.

The core service platform at LinkedIn runs on Java

They do have a Facebook application that runs on Ruby.

pageviews do not suddenly get easier to service because that page has a video on it.

No, they get considerably harder. Hulu, if I remember correctly, dynamically alters the bitrate to compensate slow connections and improve the quality on faster ones. It also puts a load on the server that's throwing out the video regardless of the bitrate.

You're using Alexa's rank rather than their pageviews, which shows a considerably different picture. Also, unless I'm missing something, linkedin is written in java, not ruby on rails, it just had a rather high profile experiment with ruby on rails and a facebook app.

http://content.zdnet.com/2346-12554_22-278706-34.html

Faster than Vista and XP

http://content.zdnet.com/2346-12554_22-278706-35.html

Faster than both as well as earlier versions of itself.

But no, obviously, no Windows OS could ever be faster than it's predecessors.. (Slashdot..SSDD)

http://content.zdnet.com/2346-12554_22-278706-34.html

Faster than Vista and XP

http://content.zdnet.com/2346-12554_22-278706-35.html

Faster than both as well as earlier versions of itself.

But no, obviously, no Windows OS could ever be faster than it's predecessors.. (Slashdot..SSDD)

Since their defunct Microsoft Live OneCare is leaving in June of 2009, this Stirling is replacing it. It kind of makes one wonder if this will fail just like OneCare did.

Even an open source version is made available.

OpenSolaris is a last-ditch effort to remain relevant in the face of Linux.

Solaris is doomed to fail because Sun made it unnecessarily baroque. Speaking as someone who cut their Sun teeth on SunOS 4.1.1 on sun3 (now is your cue, crusty Unix overlords, to come and tell me you started with sun2) I can conclusively say that while SunOS has come a long way it has also become continually more of a PITA. If it's so fucking great, why is Linux eating its lunch? Maybe ZFS and dtrace just aren't enough?

"Eating its lunch"?

Really? Get thee to a real customer that demands five 9s or better uptimes. Yeah, there are probably some - running IBM mostly. We'll see how IBM likes handing support revenue over to RedHat now that it looks like they'll have their own open-sourced OS that's not burdened by GPL restrictions.

Until Linux guarantees backwards binary compatibility, Solaris is going to stay put. Nothing sucks more than applying a patch and having your customer's app fail to run. And as long as backwards compatiblity can be broken by some long-haired wackademic on his vision of free-software jihad deciding unilaterally "THIS IS THE RIGHT WAY TO DO IT!", Linux has a problem.

Ever try to back out an upgrade on Linux? Hint: enterprise customers do NOT upgrade their boxes by running yum or some other app against an internet repository.

Yes, I said burdened by the GPL earlier. Get this: there are a lot of companies that simply will NOT put their product into a mix that includes the GPL. Period.

The GPL allowed Linux to grow into what it is. It's also going to prevent it from "winning".

Even an open source version is made available.

OpenSolaris is a last-ditch effort to remain relevant in the face of Linux.

Solaris is doomed to fail because Sun made it unnecessarily baroque. Speaking as someone who cut their Sun teeth on SunOS 4.1.1 on sun3 (now is your cue, crusty Unix overlords, to come and tell me you started with sun2) I can conclusively say that while SunOS has come a long way it has also become continually more of a PITA. If it's so fucking great, why is Linux eating its lunch? Maybe ZFS and dtrace just aren't enough?

.....

Because there have been numerous betas that have blown both Vista and even XP out of the water?

http://content.zdnet.com/2346-12554_22-278706-34.html

[] ...or that it is even improving as it progresses through beta:

http://content.zdnet.com/2346-12554_22-278706-35.html

Yeah, I know....someone backing up their statements on Slashdot with actual results? What was I thinking?

.....

Because there have been numerous betas that have blown both Vista and even XP out of the water?

http://content.zdnet.com/2346-12554_22-278706-34.html

[] ...or that it is even improving as it progresses through beta:

http://content.zdnet.com/2346-12554_22-278706-35.html

Yeah, I know....someone backing up their statements on Slashdot with actual results? What was I thinking?

http://blogs.zdnet.com/storage/?p=442 Basic premise, for the past 5 years Microsoft has 81 percent margins ($189,878 billion) versus Apple's 32% percent ($31 billion). Microsoft tax has been brilliantly spent on Zune (trounced by Apple), Windows search (trounced by Google), and Vista (trounced by XP). I don't agree with the further discussion about antivirus as I feel all computer users should have some form of antivirus and there are free solutions for Macs, PC's, and Linux.

Nov. 25th 2007
http://blogs.zdnet.com/emergingtech/?p=755

Nov. 4th 1988
http://ieeexplore.ieee.org/iel2/727/3075/00095357.pdf?arnumber=95357

Monkey Feeding Itself

Brain-Computer Interface

It's not that I'm unimpressed, just not really impressed, especially since Asimo already has coordination and calculating abilities of it's own so it's not really "raw" input=result.

My first computer was a 80286 with 1 MB of RAM. That RAM was all parity memory. Cheaper than ECC, but still good enough to positively identify a genuine bit flip with great accuracy. My 80386SX had parity RAM, so did my 486DX4 120. I ran a computer shop for some years, so I went through at least a dozen machines ranging from the 386 era through the Pentium II era, at which point I sold the shop and settled on a AMDK62 450. And right about the time that the Pentium was giving way to the Pentium II, non-parity memory started to take hold.

What protection did parity memory provide, anyway? Not much, really. It would detect with 99.99...? % accuracy when a memory bit had flipped, but provided no answer as to which one. The result was that if parity failed, you'd see a generic "MEMORY FAILURE" message and the system would instantly lock up.

I saw this message perhaps three times - it didn't really help much. I had other problems, but when I've had problems with memory, it's usually been due to mismatched sticks, or sticks that are strangely incompatible with a specific motherboard, etc. none of which caused a parity error. So, if it matters, spend the money and get ECC RAM to eliminate the small risk of parity error. If it doesn't, don't bother, at least not now.

Note: having more memory increases your error rate assuming a constant rate of error (per megabyte) in the memory. However, if the error rate drops as technology advances, adding more memory does not necessarily result in a higher system error rate. And based on what I've seen, this most definitely seems to be the case.

Remember this blog article about the end of RAID 5 in 2009? Come on... are you really going to think that Western Digital is going to be OK with near 100% failure of their drives in a RAID 5 array? They'll do whatever it takes to keep it working because they have to - if the error rate became anywhere near that high, their good name would be trashed because some other company (Seagate, Hitachi, etc) would do the research and pwn3rz the marketplace.

He did a substantially similar 1-page interview at zdnet.

While it's true that youtube may or may not be making money I think that the companies financial status is really irrelevant to the source of their content.

Unless they are a registered non-profit, they are in it for the money, and we know Google is certainly in it for the money and doing well. Our music writers? Whether they wrote the shittiest song of all time or a mega-hit, they really should get something for their work and they aren't. WHY should they be paid you ask?

Here on slashdot we too often side with the open information movement. I myself use open source software as much as possible. Microsoft? F@#$ em. OpenOffice is great. Linux runs my company servers, email, etc. I use Opera and Firefox, Thunderbird for internet. We all do. These sets of software have figured out how to work in an opensource economy. Since we use them and largely subscribe to this vague notion of "free and open is good" we sometimes jump at the music industry for not going the same way.

But there is a HUGE difference.

Open source software provides a solutions to a predetermined goal. It gives it away for free, and then covers costs by selling support for that solution and licensing professionals to do the same.

Suppose we were to open source music. How would that go? We all need to write a song that will accomplish the task of making us feel happy when everything in life is crushing our spirit. Let's start a community for it, open up our development process, track bugs, let users request features such as a second bridge that modulates the chord progression up one half step. Perfect, we have the something so generic that everyone can use it without caring. That's what music is for right, just a mindless background tool that helps you accomplish a task. Just like Thunderbird or Apache.

Then how do set up a community of consultants or license specialists in your song, genre, etc? The problem requires a much different outlook that we have with FOSS or general OSS, because the creativity that goes into writing music is not the same as that which goes into software. It requires personal investment of emotion, a dialogues between a writer and a listening transmitted by another frequently overlooked party, the artist (which in some genres looks more like a programmer these days, but that's beside the point).

We are so used to the idea that the internet is in some way this awesome tool that if you don't get on board and use that we say "you are the short sighted moron" to the musicians struggling to make it. Now don't get me started on record labels, because I think they are really the enemy here, but writers and musicians get caught in the crossfire and treated the same.

IP for software and IP for music are so different, even though their distribution models are almost identical (write it, test it, package it, advertise it, copy it to a zillion CDs and then mark it up to make some $$) While both industries are undoubtedly facing a myriad of challenges in finding alternate distribution methods that focus on web content we need to recognize that there is a real difference.

No one will be making Sgt. Pepper 2.1.18, or Bethoven's 5.2th, they are unique and aesthetically set in stone. You might improve the packaging or remaster the recording but that is a footnote not a new release. There is no competitive improvement to promote by limiting IP. As for monetizing, YouTube thankfully is light on the Advertising, which I appreciate. Perhaps they should offer free ads to people who find their work on the site? Or prioratize ads from legit vendors of their works? Have you ever done a torrent search? Lots of those big torrent sites do just that, why not YouTube? This would allow them redirect watchers to their site, or a vendor like Amazon or iTunes where a legal purchase can be made.

I guess what Irked me about the initial

Who says Google doesn't pay for service contracts?

Google is open in many ways but very secretive in others. Especially about their infrastructure.

Their main search platform, probably not, but not everything seems to run on the main search platform.

A few years ago it was easy to find links to McNealy talking about how sun servers were used to power adwords/adsense or something along those lines. Hard to find those links now. All I can seem to find is this story where mcnealy mentions he can't give specifics about Sun/Google business

I don't know what the current state of things are but neither do you. If you did know, you wouldn't be allowed to say anything.

It really illustrates the tone set by your money for nothing market economy, now that the Reagan generation has grown up. This is your future.

That's exactly what happened this year:

I actually found this bug before last year's Pwn2Own but, at the time, it was harder to exploit. I came to CanSecWest last year with two bugs but only one exploit. Last year, you could only win once so I saved the second bug. Turns out, it was still there this year so I wrote another exploit and used it this year.

So in a way what this event did is help keep a known vulnerability open for a year more than it should have been. Which means that there is a fair chance that in the mean time some body else might have found and used it in the wild.

Brilliant.

Wrong. Read the rest of the link:

Did you consider reporting the vulnerability to Apple?

I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there's value to this work. No more free bugs.

He wouldn't have given up the bug if not for the contest. He'd have sat on it anyway until he found someone else to pay him for it.

I guess the others fell just as easily, but with a bit more crude exploits.

That's not what this interview with the Safari winner seems to indicate. He says that IE8 and Windows in general is tougher to crack than safari and OSX.

A little off topic, but I was checking out this reddit "viewer" that shows activity in real time and the interview article was getting _slammed_ with downvotes.

That's exactly what happened this year:

I actually found this bug before last year's Pwn2Own but, at the time, it was harder to exploit. I came to CanSecWest last year with two bugs but only one exploit. Last year, you could only win once so I saved the second bug. Turns out, it was still there this year so I wrote another exploit and used it this year.

So in a way what this event did is help keep a known vulnerability open for a year more than it should have been. Which means that there is a fair chance that in the mean time some body else might have found and used it in the wild.

Brilliant.

Nobody will sit on an exploit all year because there's no way to know what to hang on to, or whether the hole will still be there in a month, let alone a year.

That's exactly what happened this year:

I actually found this bug before last year's Pwn2Own but, at the time, it was harder to exploit. I came to CanSecWest last year with two bugs but only one exploit. Last year, you could only win once so I saved the second bug. Turns out, it was still there this year so I wrote another exploit and used it this year.

a good article by Ed Bott from Zdnet highlighting the usability improvements in IE8 http://blogs.zdnet.com/Bott/?p=731

Hopefully this guy is playing for the good guys:

http://blogs.zdnet.com/security/?p=2934

... Joanna Rutkowska is hot!

Would have been an interesting news if some people didn't hack it, almost the same time the news was being broadcasted...
http://blogs.zdnet.com/security/?p=2934&tag=nl.e589

IBM had an excellent 4th quarter last year, but for a while last year they were behind HP (I think it was second quarter). Overall IBM had about 32% marketshare last year (36% was 4th quarter) to HP's 29.5% (29% 4th quarter) according to this blog

In any case you seem to be undercutting Sun, which was around 10% (9% for 4th quarter), though that may have changed in 2009. There is also speculation (on that blog) that IBM may sell the hardware part of the business to Fujitsu, but I don't know how successful such a merger would be, as both Sun and FSC have been bleeding marketshare the last few years.

Wouldn't it be lovely to have a nice, clean installation of Microsoft's Office 2007 Suite to run on your Ubuntu Linux Distribution?

Before trying to get a nice, clean installation of MS Office on linux, how about we wait until a nice, clean installation of MS Office is available for Windows? I haven't seen anything nice or clean yet. MS Office can't even open its own, older files securely (and so MS doesn't allow it to try), and file format isn't documented so any application that wants to interoperate resorts to reverse engineering. Did you see the piece of crap MS put together for their OOXML "standard"? It's an order of magnitude longer than ODF -- see, e.g., http://government.zdnet.com/images/ooxml.JPG

Also after a disk failure, there is significant correlation of a second failure (failures are not independent - some risk analyses presume they are): Usenix: Disk failures in the real world.

Also I wouldn't ignore anecdotes that the rebuild process thrashes disks hard and can cause a second failure (or that the rebuild can take longer than you thought).

Better article written by a known security researcher Dancho Danchev, who also thinks it was controversial and illegal act.

Why throw the word "controversial" around like an accusation? Controversial is not a synonym for "bad". It merely means that there is contention or strong disagreement.

You'll note that without controversy, there would be no current affairs programs, and newspapers would look like pamphlets...

Accessing and modifying data on other peoples computers is illegal. Better article written by a known security researcher Dancho Danchev, who also thinks it was controversial and illegal act.

Even if your intentions are good, I DO NOT WANT you using my computer or making changes to it without my permissions.