Slashdot Mirror
Bill Gates: Windows Patched Faster than Linux
petard writes "In a very interesting interview published by the Register, Bill Gates made several interesting claims about Longhorn. Many of them have been extensively covered recently, including plans to force users to patch automatically. Surprisingly, everyone seems to have overlooked his statement that Microsoft fixes bugs faster than Linux developers do. 'We've gone from little over 40 hours on average to 24 hours. With Linux, that would be a couple of weeks on average.' Either he's lying or woefully misinformed; their recent performance seems to be more on the order of 3+ months, or over 2000 hours."
Maybe they meant they make bugs faster?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
The real question is which OS needs to be patched faster.
Can *you* tell the difference listening to marketing folks?
You are being MICROattacked, from various angles, in a SOFT manner.
this must be an early april fools or something.
btw: FP
anime+manga together at last.. in real time.
Bill means that his developers, who are near geniuses, conceptualize the patch in 24 hours; they are just woefully inept at implementation. Just like me and my homework.
Bill Gates is a very intelligent man... who is currently acting like a very intelligent trained monkey, spouting defensive FUD. But that's nothing new.
I wouldn't be surprised if MS does make pages in under 24 hours. But I bet the process looks like this.
- Microsoft notified about a problem.
- Notification email sits in Exchange server for a week due to problems with a corrupted mailbox.
- Flunky reads email, decides it would never happen in real life, demotes to low priority.
- MS Updates their problem tracking database. Issue is lost in the db move.
- Another flunky goes through and re-adds all the issues from emails.
- Smarter employee upgrades importance, flags it as 'do now!'
- Issue languishes for another few weeks.
- Vulnerability 'approved for fix!'
- Programmers fix it in under 24 hours.
- Patch enters testing queue.
- Patch is tested in an inadequate number of systems that all include only MS software an no 'unusual' configurations like, say, not using IE as default browser.
- Patch is sent to deployment team.
- Wait another week.
- Deployment team packages fix, places it on wu.ms.c.
- Fix breaks on many systems, system admins tear out hair, MS pats themselves on backs for their fine bug fixing system.
Myrddin.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
Lie?
Or when did it become not illegal??
The linuxpower.ca site has published a demonstration of a hole in linux. Apparently it has already been exploited.
Darl's crack pipe or is he smoking Darl's beef pipe??
Maybe he means man hours, not time since the issue was discovered.
Sig is on vacation
Didn't you know that Bill Gates' watch runs Windows CE and it crashed some months ago do to an exploit in RPC in the second hand. Now it just goes really slow. What is a month to you or me is 2 hours to him. He now talks that slowly as well.
'Whuaaaaaaa?'
What about system uptime? Right now I'm averaging only 72 hours before I have to do a restart, because each bug fix demands a restart. Didn't they once state that Windows was supposed to reduce this?
No no, his statement is quite correct. Its just that their patches arean't released until three months after they are needed, standard precedure.
All Bill is doing is keeping MS in the news and in peoples mind until the next OS release (2006). Otherwise, *nix might get too much press coverage and take some minor amount of marketshare. Especially with all the releases happening, like Mandrake and the upcoming Redhat release.
I don't know if anyone else has noticed this, but there have been a lot of security updates lately. The pace of patching has increased significantly since the time XP was released.
I wonder if they've got some better testers in there or some new automatic code scanning software that can find exploits easily.
There were 7 updates yesterday!
It's disappointing to see slashdot turned into a veritable MS-hatefest. There are so many better and more interesting stories out there, but the editors are desperate for page hits to drive up the ad traffic.
Sad.
He wasn't lying, but talking about the time between the moment he yell that has found a bug in his windows desktop, and the fix arrives from a Microsoft engineer. It's not about average users.
Gates is assuming that when you do something enough times you get better at it than people who don't do it as often...
The race isn't always to the swift... but that's the way to bet!
"We invented personal computing."
Is bill gates arrogant or ignorant?
With recent bugs, we hear about them in the morning, the patch is out by the afternoon. I'd rather rely on a company responding quickly to problems than an open source community where I have no idea how long it will take.
wouldn't patch time depend on the bugs involved?
"Lawyers are for sucks."
- Doug McKenzie
So every 20 years or so, we get a useless memory quote from Bill that will be irrelevant in the next couple of years. A new tradition.
US Democracy:The best person for the job (among These pre-selected choices...)
Everyone choose your side!
Round 1,168,139,856
Fight!
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
...his personal desktop. "It's good to be da king!" (-:
Got time? Spend some of it coding or testing
Quoth Bill: But apart from Photoshop, I can't think of desktop applications where you would need more than 4 gigabytes of physical memory
He's broadening his outlook (so to speak). I can remember a time when he couldn't think of any reason why you'd need more than 640K.
Someone you trust is one of us.
...referring to.
Loading...
Most Windows admins know that patches should be installed only when they are really needed, because M$ has a bad history of releasing patches that break systems instead of fixing them, Windows XP SP 1 is an example.
This doesn't sound good to me, unless they are willing to test their patches extensively before forcing users to install them.
The IT section color scheme sucks.
Windows bugs are patched faster. Microsoft has a whole team out working on this stuff. What is not mentioned is the fact that there are so many more bugs in Windows than in Linux anyway. I won't give Microsoft much, but they do do a lot of patching. Problem is, this patching should not even be necessary: Microsoft should test their OSs more thoroughly and anticipate these problems before shipping their product. Open source is the easiest way to do this, via open source beta versions. Hence, Linux has fewer bugs on Final release day.
"Excuse me, did you say 'Trekker'? The word is 'Trekkie.' I should know; I created them." -- Gene Roddenberry
...Bill's machine that gets patched that quickly.
Gates: "I can't think of desktop applications where you would need more than 4 gigabytes of physical memory."
Heh, so, 20 years from now, will we laugh at that like we do with the old quote "640K ought to be enough for anybody"?
Here's hoping to yes =)
I'll give MS credit for being faster on average. Sometimes, linux apps have patches out in a matter of hours. Other times... not so fast. Or the patch would put you out-of-sync with the distro you're using, unless you wait for the "approved" patch.
:-)
Long story short, I think the "windows-vs-linux" thing is a lot like "cars-vs-SUV's". Someone call someone else a Nazi so we can move on.
I think he's talking about major holes, such as the recent worm attacks and the such. While I agree that Linux patches bugs and the such faster, if there is a major attack on windows systems, M$ is usually very fast in responding.
Yes, Microsoft is faster at patching things AFTER the weaknesses they've known about for the previous ten months are finally exploited, AFTER people that report their problems months earlier don't see a fix and publicize the vulnerabilities.
Microsoft is indeed very quick at fixing things after their corrupted servers have DDOS'd the rest of the Internet. Congratulations Microsoft!
I mean, after I install an average workstation of redhat 9.0 I see a lot more patches downloaded from up2date than the 36 or so for a fresh XP Pro install. Of course I mean for all the apps, not just core kernel stuff.
Minor version numbers for *nix packages seem to increase faster, which is a good thing because that means more holes getting patched faster [than Windows].
I guess my comment is that we need to see more Windows patches at a much faster rate, and stop being surprised when MS issues 4 patches in one day. Hell, up2date issues 4 new updates a day on a slow day ;)
Ive had notification of patches from Red Hat in my email before I read about the need for it on Slashdot. Sameday service, something MS has never done on anything. How many bugs has Microsoft ignored? There are things in Win 95, 98, 2000, and even 3.11 that never got fixed, then corrupted the next release.
Professional Politicians are not the solution, they ARE the problem.
Althought I think the average slashdotter will have a knee jerk reaction to this, I think Microsoft have been pretty good at realeasing patches so far and that most windows viruses have either been spread by either unpatched machines or buggy third party software.
Here in the lab we have a cluster of windows machines that regularly have uptimes of over two weeks (essential when evaluating climatic models involving quadratic equations). Our Linux machines have slightly longer uptimes, but they often require (admittedly infrequent) kernel rebuilds which can leave them out of action for up to a day. In addition we find windows update far easier than compiling linux fixes from source (we are after all partical physcists and not sys admins)
All that glitters has a high refractive index.
Either way its the lazy sys-admin, who didnt apply the patch that results in the system being affected,.
How often does a system get compromised, between the time that the vulnerability is publicised and a patch is released?
I guess the patches do have to come out faster because of that...
Wouldn't such a fast patching be nullified by the new practice of releasing patches monthly?
Sure, we've got the fix...but you'll have to wait next month 'til we release it.
Of course this 24hr patch average sounds a lot like a case of bogosity.
A full SCO license for Linux costs at least $699, whereas you can get the full version of XP for only $199.
If it takes 24 hours to look at the problem, find a solution, change the code and make it available on the web site, then they are admiting that they aren't fully testing the patches before releasing it...
Where's the quality assurance ?
It seems that Microsoft is attacking the system, not the kernel.
I havent really heard anything about Linux, really.
I have heard about the SSH issues, ect, but never about Linux. SSH, OpenSSH,ect. are just parts of a Linux system, or BSD for that matter.
has there actually been a Linux KERNEL exploit in the last few years?
and besides, when there is a Linux KERNEL exploit its fixed in hours, or minutes! I think it would be impossible for M$ to match that.
this article qualifies for more M$ Fud.
"We have to. We invented personal computing. It is the best tool of empowerment there has ever been. If there is anything that clouds that picture, we need to fix it."
We INVENTED personal computing?! I'd say Woz (as well as numerous other computer pioneers) has a better claim to saying that than Bill does.
Posting to an MS article!!!
That will be a nightmare. Even when MS tries to issue what they think are legitimate security patches they do horrible things (like render Outlook Express unable to receive attachements that don't end in extensions MS approves - this is supposed to stop viruses but it doesn't have any override so I can't receive tarballs or stuffit files at all wihtout asking the sender to rename it to a .zip extension and resend it). Imagine what it will be like when they force you to install patches to break your DivX codec or stop you from running non MS software.
Jason
ProfQuotes
their recent performance seems to be more on the order of 3+ months
Not only that, but most linux vulns get patched within a few hours.
Most of the time, I hear about the patch before I hear that there was ever a vuln. Contrast this with the 30+ known IE vulnerabilities that haven't been patched in years.
Go figure.
He's not talking about those publicly avaible "update" fixes that you download to fix say... blaster. He is talking about private "hotfixes" that are only given out to corps who have given MS a LOT of money for support contracts.
Honestly, why does anyone still take these clown seriously?
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
He means the time it takes to patch a bug once it's been found by his people. What he should mean is the time it takes to FIND and patch a bug. Who cares if by the time microsoft finds it they issue a patch in 1 hour. That's not impressive if it takes them 4 months to find it in the first place... (and it takes virus writers 3 months).
You may not agree with his business tactics, but I really don't think the homicide was necessary.
No doubt Bill is referring to the speed at which they can fix critical earth shattering holes in the code such as the recent worms that hit windows systems on the net.
And Linux man though I am, I'd have to agree that in all likelihood if Microsoft agrees that the issue at hand is actually a problem worth addressing then they can fix and distribute it faster then the Linux equivalent.
In other words they only take the fights they can win, and therefore of the fights they take they always win.
. fireI'm sorry, but have you EVER written a program without bugs? Even SlashCode has a HUGE list of unpatched bugs.
There are more bad people out there attacking MS operating systems. Just because you can doesn't mean you should.
did you even read the interview? There was cool stuff in there about WinFS, the MSFT view on 64bit computing, etc...I didn't think so.
This is quite an odd assertation, as the link only details one security flaw, and only mentions the date it was discovered, not the date it was patched. Besides, it would be utterly incompetent (and dare I say malicious?) to draw a conclusion from one datapoint.
Slashdot: Playing Favorites Since 1997
Linux Users: Windows Breaks Faster Than Linux
Why do you think they are giving Linux so much attention these days? I think this means we are now in between the "They laughed at us" and "They tried to fight us" part.
And if we follow Mahatma Gandhi's approach, the best approach is to keep doing what we do while letting MS bash away. Eventually it will become quite evident as to which side is interested in doing good for their fellow man.
Un-news
Our Prime Minister too told the press some outageous comment on Mussolini about "... just recluding dissindent to exclusive summer resorts..." He backed off claiming he had drunk too much wine during the interview... watch Billy say the same... ;-)
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
What is going to be important, Gates told reporters yesterday, is security. Microsoft invested over $100 million to refocus on building products that strive to be secure by design, by default and by deployment. In the Windows Division development work was put on hold while Microsoft conducted security training, threat modeling, source-code review and penetration testing.
... uber-tragic.
Blasphemy. Pure unadulterated blasphemy. Note, he says it's going to be important. All this time, and secure by default is now going to be important.
Note, it takes $100 million for Microsoft to figure out how to be secure by default. Somehow, OpenBSD and the like figured it out with little or no funding. Certainly not $100 million.
Can't fight the Systemagic
A programmer is a machine for converting coffee into code.
Which was exactly the question I asked when I posted this very quote as a Slashdot article, yesterday. Sometimes I think Slashdot editors sleep all day.
Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, Immunix Inc.
Immunix: Security Hardened Linux Distribution
You, sir, are no PhysicsGenius.
He was misheard. He was really claiming to generate bugs faster than Linux.
(though, truth be told, they generate more bugs than a 5-month-long New York City garbageman strike)
Don't blame Durga. I voted for Centauri.
Marketing tactics 101: Repeat, repeat, repeat. It doesn't matter at all if your message makes sense or is even something that can be proved, as long as you keep repeating it people will start to believe.
Take a look at TCO studies. Somehow a bunch of folks are convinced that a completely free solution such as say, Samba taking over your aging NT4 network, will somehow cost more "in the long run" than a commercial application with up front and per-year licensing costs. It's free. It's trivial to deploy. A decent Windows administrator or man-of-many-hats IT worker can configure and maintain it. But somehow people still believe that the smoke and mirrors about vague support costs, hidden charges, and whatnot.
So Microsoft is getting dinged about their poor security history. By their own admission security was not something they put at the forefront. Rather, their products were customer and feature driven. Not necessarily a bad thing, but certainly not the best thing if you're worried about security. So now they want to spin the recent barrage of newly discovered vulnerabilities into something good. Their message now is that Windows' developers get fixes out faster than open/free software. But wait, this is completely contrary to documented exploits... So they'll just repeat it some more. Look for Microsoft in the next few weeks to pull some obscure cases of open source bugs not getting fixed within a day or so and contrast it against those that they found and fixed themselves.
Gates will do this often.
They can patch one bug in 24 hours which causes two more bugs that need to be patched.
Amazingly enough there appears to be little discussion of the fact that the recent MSRPC fixes *still* leave the host vulnerable - that's after 2 previous patches. Still no word from Microsoft on a fix, but a DoS exploit has been around for over a week now.
i just read the title of this article at my ACM meeting as soon as it was posted...
they all laughed
Yea, I don't forsee any potential problems with that plan.
Prof. Farnsworth - "Oh a lesson in not changing history from Mr I'm-My-Own-Grandpa!"
I'd like to know what part of the process he is talking about? Is that the time between when the hole is made public and when the patch is released? That would explain things a bit... since MS typicaly can keep the news under wraps until they release the patch simultaneously.
Including a lot of "0 seconds between bug announcement and patch release" is bound to give you a much lower average. So, it would be possible for MS to receive 85 bug reports, surpress all but one for three months, release 85 patches and average just a bit better than 24 hours between public announcement and patch.
The man is smokin crack.
Half the products Microsoft produces are not patched at all and when 2000/XP are found to be lost causes to Microsoft's multiple security initiatives over the past years, products are just decommisioned.
Yeah, they patched all the holes in Win98 permenantly this year because it is no longer supported and end of lifed.
I still have patches comming in for my Linux 2.0.xx kernel!!!
-Hack
PS: Bill your doin serious weed man, you should stop that.
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
This is why Ballmer wants security experts to "just shut up" about security problems in MS products.
How are they supposed to keep their "fixed in 24 hours" record going if they have to count from the point at which the exploit is discovered and in the wild, rather than from the point at which Microsoft decides to actually admit the vulnerability exists?
"How does Microsoft change a light bulb?" "They don't, they just redefine darkness as the new standard for light"...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Like I said, a big load of PR crap.
If I read that right, he's right back to having us on 16bit processors with minimal memory. Unfortunately, his own OS can't handle it.
I liked that 32bit was a big deal in the second quote, but in the 8th quote it wasn't. Sounds like he's trying to set himself up for not having to support 64bit processors, except in a 32bit compatability mode (remember the DEC Alphas?)
It's a big "We made the PC, we make the software, you will take it, and you will love it!", then the crowds applaud, and a couple hundred thousand *nix folks roll their eyes and `ping -f microsoft.com` (ya, I know, dozens of better things to do, it's for illustrative purposes)
Serious? Seriousness is well above my pay grade.
so what if it takes them 24 hrs to make a patch - so how long is that in QA then? and why would I want them to force me to patch - I usually wait a while before patching in order to see if there are any problems - C'MON I play Halo and UT2003 on this box!! - QAChaos
His statement may be completely true. However, it doesn't mean anyone outside the developers had access to the "fix".
quote from the article:
"...apart from Photoshop, I can't think of desktop applications where you would need more than 4 gigabytes of physical memory..."
will we be repeating this one and laughing 20 years from now?
Didn't he make a statement like that a few decades ago? And wasn't he wrong? I figure that UIs in the future are going to need a LOT of RAM. In fact, this one VERY good voice recognition software that a company I'm dealing with has, requires a mimimum of 1 Gig of RAM just for their app. This is what makes it poerate so well. I'm sure there will be plenty of apps (especially in the UI realm) that will make use of more than a gig of RAM.
Hah! 640K. WHAT was he thinking?
Un-news
Just to give you an idea "Trogre". This is how it is. Have a great day now, ya hear?
Granted, he's wrong. But does it really matter?
Two or three years ago, when Linux was still struggling for widespread adoption and everyone still thought Microsoft was the greatest thing going in computing, this would have been a big deal. The press used to treat anything Microsoft said as the gospel truth, and were hugely skeptical of Linux. A comment like this from Gates would have meant a lot.
But now Linux has made huge inroads into the server market and is already beginning to penetrate the desktop market. After their recent legal battles, Microsoft is no longer given a free ride by the press. At this point, a simple lie from Microsoft won't make much of an impression on anyone.
So, not to sound flip, but who cares what Bill said?
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
Everyone likes forced updates because it ensures a virus can get distributed to all the windoze lusers. Yay! ;-)
reminds me of the Iraqi "Information" Minister.
"What Americans? There are no American troops on Iraqi soil"
Also good to note that Linux patches have been kicking more ass than Windows EVER will, from back in the day with the port 139 "bug" (Linux patch was out within hours, Windows, took ALOT longer for obvious reasons) to any in the unforeseen future.
Hell...I think Ol' Gatesy is mistaken; bugs that are intentionally placed in software in order to patch and call it an upgrade, well....they don't count.
Most likely, he's just reporting what he's being told. And most likely, it's being mis-measured by someone.
Microsoft is a big company, and Windows is a very complex beast. My initial thought is that perhaps the security developers do indeed code and submit a patch within 24 hours.
But then the patch has to wend its way through the labyrinth of QA and regression testing. Because Windows is so highly integrated, even small changes can have big unforeseen consequences, so they can't rush patches out the door without breaking things. I believe Microsoft makes patches available via their support pages well before it hits Windows Update. What *we* are measuring is the time from bug report to being in Windows Update; what *they* are probably measuring is time to patch submittal or time to initial availability via support.
I really, really prefer the improved code separation in the Unix environment; if, say, BIND has a problem or exploit, it's highly unlikely that a patch it will break Postfix or Apache. Because things are better-separated, the developers understand their packages better and can more confidently push patches into their stable branches.
I worry a little about the way the Unix desktops are becoming increasingly interdependent, with lots of libraries and lots of integration... are we going to end up in the same place, eventually? Microsoft doesn't employ idiots, and considering the amount of trouble they've had scaling, well.... I just hope the free software developers are thinking about this.
Old Billy-Boy's claim is definitely "Number 2".
Gates: We invented personal computing
God what a lying idiot he is! Apple, TRS-80, S100-systems, ABC80 (in Sweden), PET, C64, Amiga, Sinclair, etc. Plus many other that I haven't mentioned. All predates the PC. They didn't invent jack shit, they are just a bunch of shoddy cloners!
More modern GUI systems? Xerox! Mac! Microsoft don't invent. They clone, embrace, extend and extinguish, leaving the ground deserted and barren where they have passed by.
)9TSS
He could have at least thought of something better to say than that. I mean geez I don't know any Windows diehards who would agree with him about Windows patching. They might argue about which is more secure, but not about who is better at getting patches out quickly. Every admin myself included has real issues with the quality of MS's patching. Beyond the length of time it takes to get patches there is the cross your fingers and hope the patch doesn't blow up your server factor. Then there is the patch for the patch for the patch because MS didn't get it right the first time.
These quotes are just making Bill seem like he is either totally out of touch with what is going on with his company or he is in complete denial. Either way he looks really bad.
If you wanna get rich, you know that payback is a bitch
"I can't think of desktop applications where you would need more than 4 gigabytes of physical memory" -Bill Gates
Uhh......remember when you claimed that 640K should be enough? Bill... you're setting yourself up for another infamous quote. History has a way of repeating itself though I guess....
"There is no spoon." - The Matrix
Did everyone catch the comment at the end of the article "We invented personal computing." Uh, yeah...right.
There were 7 updates yesterday!
And none of those updates covered the RPC vulnerability, again! That's right the Microsoft RPC vulnerability that has already been patched twice is STILL vulnerable and an exploit exists. Word is that Microsoft has been informed but, as usual, no word from Microsoft yet. The notification was sent 10 days ago.
So much for 24 hour patches. On the other hand, I must admit that I have no desire to reboot my servers every 24 hours so, it's just as well that Bill isn't as fast as he says he is.
I wonder if they will actually fix RPC on the third attempt.
My guess is that he's right. The programmers DO get the code fixed within 24 hours.
The problem sets in when it's got to be run on millions of PC's now. Most likely this takes a good week or two to verify if the patch won't bork 90% of the PC's out there.
In Soviet Russia, Trojan exploits YOU!
We've gone from little over 40 hours on average to 24 hours.
Would this be time from discovery of security hole, or would this be time from world-wide windows meltdown because of worm exploiting the security hole?
Anonymous Cowards Unite
Conectiva routinely releases patches that are months late.
Take, for instance, the most recent, CLA-2003:762, released October 14 for a glibc bug from August 14.
My all-time favorite, however, is CLA-2003:628, released in April 2003 for a vulnerability in vixie cron announced in March 2001!
So, if you count Conectiva, Gates is probably right about it taking a couple of weeks on average, even if everyone else does it in 24 hours.
760 days for Conectiva + 1 day each for 50 other distributions is about 16 days, on average.
Bill borrowed Steve Jobs' Reality Distortion Field
From the article:
"Gates says he isn't aware of Microsoft expanding its relationship with BIOS maker Phoenix Technologies in a deal designed to more closely integrate the basic building blocks of the PC with the Longhorn system, as suggested by ZDNET. Both Microsoft and Phoenix are involved in plans to integrate digital rights management (DRM) technology at the operating system and hardware level, according to sources in the US.
"To be honest, I haven't heard from Phoenix Technologies for over five years," Gates said. "Are they still in business? The BIOS will always be separated from the operating system. Actually, it's gotten out of date. If you run Windows XP, it calls very little of the BIOS."
Gates sound disingenuous, at best, when he asks if Phoenix is still in business.
Bill Gates probably has no idea how long it takes for Linux to get patched. And he doesn't have to know, because there are few if any consequences for dishonesty for a person with power.
You had me at "dicks fuck assholes".
Gates also claims Microsoft invented personal computing.
Bwa-ha-ha!
ISTR that Gates and Allen started Microsoft to offer products for the personal computers already in existence. To quote from the Microsoft Museum "Microsoft History Trivia" document, the appearance of the MITS Altair 8800 inspired Gates and Allen to develop a BASIC language for it.
Microsoft can't even be trusted to get their revisionist history straight.
Little Debian: America's #1 Snack Distro!
Cause there was no more good Amiga after 1993. But Linux is alive, and not it took over the ass-kicking of Gates-infected PCs. :-)
Forced updates are a good thing, in my opinion. All those braindead computer newbies who can't tell the Netscape Online service and the Netscape browser apart (not to mention the Messenger service and the Messenger IM thing) will have their computers protected automatically.
Only thing is, there should be a test for anyone who doesn't want forced updating. I say at minimum, you need to know at least 4 programming languages before you become nerd enough to know how to patch computers by yourself.
I come from on old communist state...
There it worked like this: the boss asks the
worker: how much have you produced? -the worker
says 10 units. -the boss says: I can not report this; this is to bad...
-the worker says: 20 units...
the boss says: ok, this sound better...
The result was that the administrative organs of
the country did not have reliable info on
virtually anything about the country...
Seems like Bills organisation is heading that
way...
..no one is posting any hard data, any more than he is. This post references actual numbers, but other than "what a freaking liar/what a misinformed idiot" no one is offering proof on the matter.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
In order to make a correct average, you must find the starting point. If he starts averaging the number of patches released since last week, then maybe he's right. If he starts when the Universe began, then patches for Windows and Linux have been released in almost identical frequency.
i work for microsoft and in 3+ months i probably only put in about 24 hours of coding...
I mean, MSBlast patched my box in no time...
how long until
It's a Marketing feature!
( And unfortunately not limited to MS or even the computer industry!)
The difference between a used car salesman and a corporate wonk like Gates:
The salseman KNOWS when he is lying.
*I* think he's referring to the time until a bug gets fixed in the source tree. Furthermore, what measures as a "bug" may differ. Many "bugs" in open source software are feature requests, etc. The measurement may be from the time that Microsoft filter personnel classify something as a "bug" (i.e. a reported severe security hole may sit around for months before it reaches developers flagged as a MUSTFIX bug with MS's internal bug tracking system, for all I know). Finally, security-related bugs may differ in fix time from ordinary bugs ("this icon should be moved over by two pixels to the right").
This doesn't mean that Bill's wrong, but it certainly doesn't tally with my past experience, and given that this is currently a senstive Microsoft weak point, I'd be expecting at least a bit of coloring of the truth.
May we never see th
Marketing? I think he is just stoned :) People believe all sorts of daft things when they are stoned... I even believe I make sense :p
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
I can't keep from getting angry when I hear these kinds of totally false statements that Microsoft solves bugs quickly.
It wouldn't be so bad I guess, if it was from some lowly person like me saying it off the cuff, but to hear it from that totally rich bastard Bill Gates say it, really makes my blood boil. He's made all his money on lies, deception and hoodwinkery!
The sad thing is that many people believe him, because he's rich -- not because he is correct.
Microsoft's approach to solving bugs is this:
1. If it's broken, ignore it until it does major damage (because so much is broken, and you can make much more money on big disasters).
2. If it's NOT broken, fix it so you can sell the new version of it, and make more money, since if it's not broken, you must know how it works enough to change it so that it requires a new boxed version.
3. Repeat and feel free to interchange 1 & 2 after each step, because breaking the product is acceptable, since the public expects it sometimes.
Yes, Mr. Gates. 640k ought to be enough for anyone.
First Patch!
In case you've forgotten - Mahatma Gandhi was shot dead!
and thats why for years now IE has had a broken CSS box model... 'cause they fix the bugs quicker.
and
also
And many more ...
MOD THE CHILD UP!
I'm sure that if they start the clock at the point they decide a bug is important enough to fix and assign a programmer to work on it right away, then they can claim 24 hours.
... well 3 months is often closer to the truth.
... from a certain point of view."
In the real world where we are concerned with how long a vulnerability is out there from the first moment somebody notices it
So as Ben Kenobi said "
He makes quite a few remarks that clearly show he is disillusioned.
:)
"We have to. We invented personal computing."
Yeah right... It was alot more along the lines of the silicon valley based computer users group.. They layed all the ground work for personal computing... MS inventing it? Thats a huge stretch.
Microsoft invested over $100 million to refocus on building products that strive to be secure by design, by default and by deployment.
Where is this secruity? We haven't seen any yet.. secure by design? I thought it was obsecuirty as they have shown and commented... Just a few days ago there was a comment made about people announcing exploits to "Shut-up". Not to mention... "Secure by default" most defaults are insecure because they are in a predictable state.. The only truely secure default is unplugged hardware... You buy it unplugged so there for its in a default state and extreamly secure
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
... tout how "open source is great because problems get fixed right away!", but when MS catches up to that, all you can focus on is Bill Gates making a comment about Linux that isn't favorable. Geez, you guys find fault in every attempt Microsoft makes to address the issues you all have been noisy about.
Funny thing is, this story was posted as an Anti-MS troll, and a lot of people fell for it.
"Derp de derp."
Practice makes perfect.
Nah, just like the SCO execs, Bill must be smoking crack.
We are an industrial automation manufacturer and we design complete assemblies in SolidWorks (somewhat low-end, relatively cheap 3d CAD software for Windows). Our lead designer has 2Gb of RAM and he is constantly running out of it (about once or twice a day), which causes SolidWorks to dump core after unsuccessful malloc attempt. It uses about 1.6Gb at the time of crash. Mind you, we know about the problem and therefore keep our 3d models simple, although we (and our customers) would love to be able to make everything more detailed. I estimate that we will need about 8-12Gb of RAM in order to do that.
To summarize: yes, we need much more than 4Gb on the desktop and we need it NOW, not in some distant future.
Did Billy-boy say, "We invented personal computing"? at the end of that article? What? How could they copy it from the Mac if they invented it first? Everyone knows able was first and Microsoft copied it.
"We invented personal computing"
Yet another revisionist reading of computing history
by Microshaft's Head Cheese.
Pain is merely failure leaving the body
The Slashdot community will no doubt issue a chorus of blather about how horrible MS security is while hipocrytically complaining that Longhorn will automatically push updates to users. Pick an argument and stick with it.
"It takes considerable knowledge just to realize the extent of your own ignorance." - Thomas Sowell
Some random webpage is the authority of ALL times.
Look I can prove it just browse to http://www.yadayada.com and it will prove that what ever I say is true...
No Shit, I swear! The internet would never lie
Neither would BillG
Bill Gates has obviously been watching our current US Presidential Administration closely.
The bigger, and more outrageous the lie - the less people will question it's veracity. As long as proving that it's a lie takes more than 5 minutes, or involves logic that a typical American High School graduate can't grasp, you can say anything - and it's as good as truth.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Just not a physics genius :) Keep em coming; I love reading about what zany hijinks happens "here in the lab".
Not that anyone will read this post anyhow but...
Release times of patches don't matter when system administrators don't do anything about it. Linux admins tend to have a clue, I can't say that the Windows (or Novell) admin population is quite as clueful. It doesn't matter if you release a patch an hour after an expliot is found if the admin never updates. Auto-updating is kind of an interesting idea.. quite frankly given the trash rapidly pushed through in the past however, I'd rather not thanks.
"But apart from Photoshop, I can't think of desktop applications where you would need more than 4 gigabytes of physical memory, which is what you have to have in order to benefit from this technology. Right now, it is costly."
This line will someday be as famous as the now classic "640k" quote.
Yes, you're right, Linux is scary and is poised to take a chunk out of the Microsoft empire. Just don't let it slip in public how worried you are. DOH! Now go buy some company and deliver game #2 for the Xbox (Halo was 1).
> In case you've forgotten - Mahatma Gandhi was shot dead!
And can you name the shooter? Yet, Ghandi's remembered, and more importantly, so are his ideas.
yes but as always there is a difference between submission time of patches and when they actually get put into use....humm IE has what 31 known holes that still have not been patched?
...Practice makes perfect?
When their numbers dwindled from 50 to 8, the dwarves began to suspect Hungry.
...his own personal machine. Seriously.
Heh!I mean geez, that entire interview is so full of holes I am starting to doubt the sanity of the guy. Or maybe it is one of those totally taken out of context interviews.
I mean we all know that the old "640k should be enough for everyone" quote is not all it seems. Now he makes another memory prediction? Talk about stupid.
MS spends a 100 million on security. Oh whoopie. Anyone else think MS pays more in fines for its "criminal" behaviour? It is a company with profits in the billions. 100 million is peanuts and an excellent showcase of how serious MS is about security.
Upgrading IE? First not until longhorn. Oops that caused some bad press, so of course we are going to upgrade it. Notice no actual examples of what is going to be fixed. Granted they did patch the list of security holes. I just had hoped they would apply the patch to IE, not to the list itself.
Then the whopper. MS releases patches faster then linux. Even the most sincere microsoft apologist can't claim that with a straight face. Not if they ever worked with both operating sytems.
No this is like Magrat Tatcher or Ronald Reagan. Dementia is a cruel thing. Please let Bill Gates live out his remaining live with some dignity no need to show him dribling and soiling himself.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
No need to mention a distribution or an application. Just "Linux."
Really a fair comparison there... I mean, does this sound right? "Patches are released for Mandrake faster than they are for the win32 kernel."
Maybe Mr. Gates had a distribution in mind when he said "Linux" or perhaps he is just spreading FUD. Then again, perhaps he is just genuinely ignorant of the fact that "Linux" itself is a kernel, not an OS.
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
-This line will someday be as famous as the now classic "640k" quote.
betcha it wont....
MS spent weeks denying it was a problem, admitting it was a problem, saying it was a problem but only a small one that no one need worry about, admitting it was worse than that, then finally after loads of BS releasing a patch.
I seem to remember I had a patched konqueror about 3 days after it was announced.
Was Gates' quote a statement, a manifesto or the result of a hallucinogenic mushroom in an omellette?
Hmmmmmm..... Deep fried and look like Squirrel.
It is just that he is talking about the time between the press release announcing the bug and the press release about the bug being fixed.
If they really want to beat linux, they should put out the "we fixed it!" release first...then they could go negative.
He sounds very out of date, wishy washy
and confusing. It doesn't really sound
like he has an idea of current events.
Typical
Yep, it's true. There was a bright light, and a big round gleaming metal ship came down and abducted my schnauzer poopsie. (They sucked him up in a giant laser beam). They also had sucked up someone who looked (surprisingly) like William Henry Gates III! I heard them tell him that "Windows is patched faster than Linux" right before they told me my poopsie would be returned unharmed. Then, a second later GZAAAAAAAP! They cooked my poopsie with a giant laser beam and gave an evil hideous laugh (just like they did when they said Windows is patched faster than Linux!!! Have I (or even Bill Gates for that matter) ever lied to you before????? (Trussssst Me)
force is a key word here. linux has always been about choice. do I need this in my kernel? nah, i'll not compile it. do I need this? maybe, I'll compile it as a module. windows will force users to update, and even if it's not necessarily neccesary. for example, one guy who's behind a giant cisco firewall doesn't neccesarily need this giant 200 meg firewall update.
This is simply Bill Gates observing that "up-is-downism" works in today's society. Call me a troll if you want, but I mean this sincerely: The current US Presidential administration tells outright, baldfaced lies constantly and they get away with it. To them, up is down, black is white and so on. Gates figures that most people won't question Microsoft, so why not give it a shot? If Bush can get away with it, the heads of major corporations probably can too.
Some of that is already appearing. Take a look at some of the more recent distributions by Redhat, Debian or Gentoo. It used to be that installing the minimal size was the default. Now some distros such as Gentoo won't even do anything without Python, Java, Perl, etc. Of course the real issue is, how do you define "Linux" are we talking the Kernel, or a fully built Redhat system with loads of interdependencies?
I can't help but think that, left unchecked, the windows state is where some of these distros will go.
About Bill, He's no idiot either. If he's not lying outright then he's stretching the truth and he's smart enough to know that too.
But look at it this way, of course we aren't going to believe him. Neither are most people who know Linux. But for those that don't know it or don't care -- or say used to work at Microsoft and have since become the cybersecurity czar and need to sell it in Congress -- these statements will have wieght.
Why dosent he just sell all his stock, take his billion dollars and get the hell out of that card house. what does he care about windows anyways?....i'm sure he'd rather use linux.
Yes, remember how world peace was achieved? All thanks to Gandhi. And by the way, it is, in fact, "Gandhi", not "Ghandi".
From Gates himself "How could we ignore the browser?," Gates responded. 'The Explorer is fully integrated with the operating system, take it away and the OS grinds to a halt. When you call up Help, you're using the browser. In Office 2003 instead of going to the local files, the browser will go online and fetch the latest documents."
Any software engineer/programmer who reads this can make a good case for bad design of windows because it's not modular. What morons design an OS that depends on a higher level application. In this case it's IE but it it could easily be any other application, like solitare. Of course it's rubbish that the Windows OS depends on IE but this is the story they have to front ever since they won the case against Netscape.
is his description of how IE is so tightly bound with the oS:
"How could we ignore the browser?," Gates responded. 'The Explorer is fully integrated with the operating system, take it away and the OS grinds to a halt. When you call up Help, you're using the browser. In Office 2003 instead of going to the local files, the browser will go online and fetch the latest documents."
Oh, oh, ahh, the innovation...
-- Free software on every PC on every desk
Microsoft lately waits until each Wednesday to release ALL of their new Windows patches (Exchange, Offic, etc may be released on another schedule).
Therefore, giving them the benefit of the doubt, assume it takes them 24 hours to develop and debug a patch. It will then take them, on average, 3.5 more days before it is released.
Nothing to see here; Move along.
yeah...yeah, that sounds about right, i'll buy that.
Bugs in the kernel right? That seems rather funny. Most of what he is thinking about are probably things like OpenSSH exploits or something.
Wow a comercial vendor fixes bugs faster than a bunch of guys writing software in their free time.
Not that I believe him, but it is sad when that is even debated. It would be like De Niro bragging that he's a better actor than most people doing community theatre.
Really? Wow! you are good.
Bill's quotes are in quotes.
About Longhorn, "This release is going to be driven by technology, not by a release date. Which probably means it is going to be late."
If there will not be a release date, then how can it be late?
"We have a lot more understanding of database technology these days"
That should scare anybody who is using MSSQLServer.
From the article: One thing that seems to slow down the next release of Windows is the much talked about data storage system WinFS, technology designed to make information easier to find and view. Since it is based on the next version of SQL Server or Yukon, the system will essentially function as a relational database.
Bill: "We will have pointers in the data like a URL or weblink. URLs are a perfect tool for this, but in previous databases we really had a problem with them. They screwed up the query semantics."
So every flaw in MSSQLServer will affect the file system. And will be accessible using URLs.
"How could we ignore the browser? The Explorer is fully integrated with the operating system, take it away and the OS grinds to a halt."
Don't you love that every flaw in the browser affects the whole OS? (On my system, MSIE is the only application that grinds the OS to a halt.)
This quote was responding to the lack of feature updates for MS Internet Explorer. Is this from the same company that announced there will never be a new version of Internet Explorer?
"To be honest, I haven't heard from Phoenix Technologies for over five years. Are they still in business?"
Bill does not follow technology news? Slashdot posted many articles about the Phoenix trademark issue when there was a Mozilla variation using the name. This answers whether Bill reads Slashdot.
"But apart from Photoshop, I can't think of desktop applications where you would need more than 4 gigabytes of physical memory"
But won't 4 GBs of RAM be required just to load Longhorn and the then-current MSOffice? MS seems to be one of the main drivers of the need to upgrade consumer hardware. We know this quote is going to haunt Bill for a very long time.
"Critical security patches should be applied with the speed of the internet."
Viruses are already applied at the "speed of the internet." Patches need to be even faster.
"We used to send megabytes of software to fix a 20 byte file"
But the viruses were already small!
"We invented personal computing."
Remember Apple? Atari? Commodore? Tandy? And anybody else that sold a personal computer before 1981?
He could say that he brought personal computing to the masses, and taught them the definition and joy of "reboot".
---
I skipped how he says MS is releasing patches faster than the Linux community. MS might be releasing MORE patches, but faster? Read the article if you want a laugh.
I spend my life entertaining my brain.
What happened to the media? People seem to be lying about all sorts of things these days and nobody seems to care.
There doesn't appear to be any repercussion anymore. People are too willing to ascribe a lie to being a 'mistake'. Why cant we be held accountable for the facts?
Journalism Programs everywhere: Please stop producing these Soft Ball pitchers. While there is a lot of money to be made in 'Infotainment' news shows, it is necessary for democracy that we have impartial journalists that know how to dig up dirt, have integrity, and follow through.
-n
http://www.remix.net/
You don't count bugs unreported by Microsoft. When their programmers work on a new patch, don't you think they encounter and have to deal with many bugs before it is posted on their update site? If you fix 99 bugs in one day, it allows you to go back and fix that old bug posted 2000 hours ago, and still beat that 24 hours/bug average. As their patches become increasingly complex, you can expect them to deal with 1000s bugs per day, thus bringing the average to under 1 hour/bug.
In theory there is no difference between theory and practice. In practice there is. - Yogi Berra
And if we follow Mahatma Gandhi's approach, the best approach is to keep doing what we do while letting Linux zealots bash away at whatever Microsoft is doing. Eventually it will become quite evident as to which side is interested in doing good for their fellow man.
You're right. Microsoft has gotten better. Whether they've caught up is a point for debate. But at least they have generally improved their reaction speed. Let's give credit where its due.
Now - issues such as ignored bugs, fundimental design flaws, non-patches, destructive patches, so-called Responsible Disclosure, "I wish those people just would be quiet", etc are all fodder for other holy wars.
Heaven forbid someone think that Microsoft's attempts to "address the issues" might be anything but. You refer to this whole article as an Anti-MS troll. Pray tell what you think Mr. Gate's statement is. How does Linux play in to the improvment of Microsoft's commitment to a secure product?
Instead of trying to get in a (questionable) jab at Linux... perhapse he could have referred to his own company's record. Something along the lines of "We've gone from little over 40 hours on average to 24 hours. We've really improved since the mid-90s and Windows NT when we didn't really have any focus on security."
But hey - that's just not Mr. Gate's style. And I'm sure he's got quite a following of fanboys who call that "agressive" and "good business". Even as they snear at "Linux zealots" and "anti-MS" criticism.
oh the good quotes from the story
"To be honest, I haven't heard from Phoenix Technologies for over five years," Gates said. "Are they still in business?"
"We invented personal computing..."
"None of the security problems recently affected people who had their software up to date..."
-Since Bill is such a shrewd buisness man I would think he would atleast know the major buisness's in his related field, I think he is just playing dumb
-when I read this I just about choked, yeah invented, I think he meant marketed/monopolized
-cough rpc cough
Selling software wont make you money, selling a service will.
Does anyone else see the craziness of this article? Why are they building YET ANOTHER OS? Couldn't MS simply update and reform the OS code they have out there already? I mean, if they simply refined the update process, they'd have the door to pump software out to the public. Plus, it would be in their best interest to allow for "beta testers" to examine the releases before general use. Sounds a bit like Linux, eh? Instead, this sounds like IBM of the 70's, esp. given MS's throwing their weight around in the hardware world.
The model of rebuilding, retesting, reselling, and re-patching a machine that ALREADY does what 99.9% of what users want seems insane. Then again, I'm not an MS business person. Everybody knows that if you're not selling, you're dying.
Most home users get a new desktop theme, with a few new icons, and they think they have a "new OS". But with the MS spin machine on full churn, people will be humming a new "Start Me Up" theme and standing in line for another blue box after midnight, just to do the same crap they did the day before.
You can bet your bottom dollar that Linux will still be around in 2005,6,7 - and it'll still support most of the popular technologies, have another giant pile of new experiments run on it for info tech, and still be the baseline for cheap reliable computing power.
And Bill...it'll still be your competition, and still be free.
mug
I still think he is clearly wrongly counting the start point in Microsoft's favor, but saying that it used to take them 5 days (40 hrs) and now takes then 3 days (24 hrs) seems a whole lot more realistic than saying they fix a bug they received at 1pm by the next 1pm...
I've dealt with this problem since XP practically came out and still there is no solution (there are lots of suggestions, but little works).
This isn't a security issue, but still...
This has probably been covered in the previous 500 posts, but bears repeating: what about connecting to the f'ing internet with an "unpatched product" to get the patch & being compromised in under a minute?!
IN BIZARRO WORLD!
"And that may be why Linux hasn't been the breakout hit of user's desktop's everywhere -- because they're adding features that developers want, not regular users... "
And the minute that changes, all bets are off when it comes to the advantages Linux presently enjoys.
"Regular users" are to Linux, what stockholders and CEO's are to big business.
I believe that Bill is comparing the time it takes for MS to take a patch and put it online where it then gets pushed out to windows update. Starting with a certified patch, I could see this happening in 24 hrs.
I'm sure MS has some way of figuring the same time for linux that includes the development of the patch (under the rubric of not being able to differentiate the time) which could take a few weeks.
Of course, I doubt that the patches are comparable, either.
It would seem to me that, if a malicious coder were able to find a way to circumvent the normal security procedures, perhaps through a worm that spreads through an unknown (to Microsoft) vulnerability, the forced auto-update mechanism could be made to download even more malicious software. If Microsoft isn't taking every step possible and then some to prevent this, we could see the headline "Windows Longhorn Auto-Update Downloads Virus" in newspapers in a few years.
On vit, on code et puis on meurt.
It's quite obvious that he's talking about the rate at which they are finding vulnerabilities, not the rate at which they are fixing vulnerabilities.
Slackware, what else when it must be secure, stable, and easy?
Nah, he would be making more sense if he was stoned. Bill Gates should get stoned.
The reality is that no one can produce, however we have tried, a perfectly bugless software.
And there is no way we can be certain that our softwares don't have any unintentional vulnerability either.
Nobody likes software patches, but it is a necessity if we want to make our softwares work better.
The question is not how fast one makes the patch - although it's very important - the keypoint in making patches is how EASY we can make our patch-delivery system works.
No doubt that the Linux patches, at least most of them, come out way faster than those of the MS-Windows camp. But there is _one_ thing that we can learn from Microsoft - they have made their patch delivery system (aka www.windowsupdate.com) something that can be used by most users.
I am not saying that the Linux patching process is cumbersome, but we gotta admit that the average users (not sysadmins) just can't begin to understand how to patch their Linux boxes.
If we can come up with something that approach the ease of www.windowsupdate.com, perhaps Linux can be used by even more not-so-tech-savvy users.
I know, I know, there's a world of difference between MS-Windows and Linux, but what I am talking about is the deliverance of our software patches - and in this case, Microsoft has something that we can learn from.
Thank you for reading.
Muchas Gracias, Señor Edward Snowden !
In comparison, I've seen Linux fixes come out in less than 30 minutes. Likely having Linux hackers spanning all time zones helps a lot to improve bug fixing time. Report bug at 6pm, patch available 8am.
Engineering is the art of compromise.
I myself often wonder if the Open Source community has either been lying or are misinformed about their flagship-product. Namely Linux.
As a professional consultant for a major Fortune 500 software company, I am responsible for advising said company with regards to it's Information Technology deployments. Having recently completed rigorous research into this area let me share my thoughts with you, my fellow Slashdot.org readers.
Linux may be a fine Operating System for the more technically inclined members of society, but after a test roll-out of Linux 9.0 with the Kool Desktop Environment across several hundred employee's computers I can unequivocally state that Linux is NOT ready for the desktop.
Within the first hour of the test roll-out our Technology Support desk received over one hundred calls about various difficulties with the aforementioned Operating System, (9.0). The users complained about the lack of 'various system components' that they had come to depend on.
Various Microsoft Word documents would not work properly with our new Office Suite, (Open Office.org 1.1). Users could not properly surf our Company's intra-office website without resorting to strange hacks in the 'Preferences' section of the new browsers configuration area. Various pages were blocked or displayed improperly, which I must admit I did not expect after hearing about the superiority of the Mozilla Web-Browser that I had heard about on this site and elsewhere. Simple tasks such as the changing of a Desktop's screen-saver, or resolution had to accomplished via some sort of hack in the Konsole program. I won't even get into the difficulties presented by the seemingly-entirely-random setup of the Konqueror File-Browser.
There were dozens more issues besides these during the week-long roll-out, user dissatisfaction was clear in all cases though. It is obvious to all those involved that to roll-out Linux on the Desktop at this point would be a mistake. Our users do not have the time to learn the various arcane nuances of this Operating System that is seemingly designed by engineers, for engineers.
If it was not for our strong Technology Support department, (staffed entirely with the H1-B Visa workers that I hear so much bitching about on this site), we would have been lost. The one good thing to come out of all of this was a proper return on our investment into Technology Support, and proof that our H1-B Visa workers are more than up to the tasks that we present them with. At least that will be a positive point in the Power Point report on Linux that I will be presenting to my superiors next week. I expect the so-called "out-sourcing" trend to continue, as that is an area where we can be sure to decrease the Total Cost of Ownership in our Information Technology Division. Linux offers none of those assurances of lower Operating Costs.
Almost everything I see coming through in RedHat up2date seems to be for laboratory "potential" vulnerabilities. Am I wrong and the problems are grossly understated? What percentage of fixes are reactions to actual penetrations?
He's comparing the response time of his muti-billion-dollar company, with thousands of paid programmers, to a global effort by thousands of volunteers, for the most part. Sure, Red Hat, SuSE, etc. pay their staff, but so many of these packages are completely maintained by volunteers.
You'd expect Microsoft to have a much better response time, even have a 24-hour-a-day emergency response team that has immediate access to all source and a large testbed and the ability to work on a problem and get it fixed immediately, if necessary... but it's the little guy with his little utility or driver for legacy hardware that stays up all night when he gets a single email showing a problem, out of personal pride.
Get off my launchpad!
Marketing? I think he is just stoned.
Are you suggesting that there's such thing as a sober marketer? My experiences with marketing suggest otherwise.... and I've generally felt the only way to get away from those unpleasant experiences was for me to get stoned...
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
Comment removed based on user account deletion
without OpenSSH, or any other alternative. I *cannot* build (legally) a Windoze without RPC, IIS (before 2003), WMS, etc.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
.. for Slashdot to publish distorted stories that paint Microsoft as evil, but if Bill Gates does it back he's suddenly commited a major no-no.
Let he without sin throw the first stone.
Amusingly enough, there probably is a justification for his 2-week average number. The perception could be wrong, but then again it's nothing that Slashdot isn't guilty of.
This old (Jan 2003) article has some relevant points to the Gates humor piece in The Register:
The Seven Warning Signs of Bogus Science
See, the wonderful thing about averages is that you can get a whole bunch of trivial sh*t that you classify as "bugs" that you patch in say .... 20 to 30 minutes... hell, you can even classify all changes you make as "bugfixes" and if they're released without a bug report, then you have a whole host of zero-time scores to pull your average 3-month gaping security hole cracker-to-fix time down to something that sounds reasonable.
I know at least five people who haven't thought that since at least 1991, if ever at all (at least one who never did ;-))
Comment removed based on user account deletion
If one runs CVS versions of everything, (which, unless I am mistaken, you Can't do under Windows) you could theoretically get a patch every day.
I have set up Linux and Windows workstations in production environments. Hell, most of the people who use my Linux terminals are oblivious to what's running underneath, save that it is windows. Is it a drop in replacement for Windows: hell no. Can it work on a large scale: hell yes. Do you realize that certain design assumptions built into windows are utterly assine: only if you did it right.
Your first sign of trouble is a "week long rollout." For god sakes, It's taken our organization 3 years to migrate to 2000. And that's only 300 workstations. We are installing Linux on our end-of-life machines and setting it up in a few public labs for people to beat on. I find out what people break (or percieve as broken) before I reformat one machine.
And for the record, if you are migrating to Linux to save money you missed the point.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Hmmmm... I don't see any Windows install fests giving out free software and help to the general public. I have to question Microsoft's motives if they aren't doing good for their fellow man. Of course, I suppose some people define "fellow man" as stockholders. Now that is a sad statement on our society.
Un-news
They get way more practice.
There's more to it than this.
Oh wait, you just did!
My bad.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Bill Gates is talking about average time for patches..Those 2000 hours is just for one patch!
"But apart from Photoshop, I can't think of desktop applications where you would need more than 4 gigabytes of physical memory, which is what you have to have in order to benefit from this technology. Right now, it is costly."
;-)
We've heard this one before
After all, they've had a whole lot of experience with fixing bugs...I mean, if you do something enough, you should get good at it, right?
social sciences can never use experience to verify their statemen
Hmmm. The India-Linux connection explained.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
since when is star office BIGGER then msoffice?
Since when is mozilla BIGGER than IE
how you looked at the filesize of IE's service pack lately?
Nice try Troll
even at the patch rate he quotes, it would take many years for MS to patch a significant percentage of the bugs in Windows.
With all the bugs Bill doesn't think are important, I don't know why he's suddenly bragging about how fast he thinks they can patch them.
I filed a bug in our product, and after about a couple of months, another person filed the same bug. The concerned developer marked my bug as a duplicate of the later bug. I didn't care -- until the numbers of "mean time between bug reporting and fixing" came up as a presentation during our product release.
S
Linux 9.1? KOOL Desktop Environment? The constant capitalization and consultant-words? A hack in the Mozilla preferences section and the Konsole program? H1-B visa workers being preferable to Linux? The generally over-displayed ignorance?
That post rolled quite a few various trolls into one. I'm surprised anyone fell for it.
YHBT
when a crit flaw/bug is found in linux you get everyone onit. just edit then recompile , all done in less then MS and there 20hours(3x7hour days + month or two to release it + all those wasted hours trying to find it on there site)
but still one of the best ways to fix a crit flaw/bug is to not put them in or have QC that works or even hire programmers that can programme
i still like it when i get a client whos heard that MS have discoverd some crit flaws and can't find the patch he needs, and thats why i live XP so much(if it works i would have no one to larf@)
is anyony counting how many crit/flaws/bugs in xp ? theres got to be alot by now
[sVen]
Actually 1999 was one of the worst years on record for Microsoft in terms of security, they issued 100 bulletins.
Let's see, since then...
- Introduction of Windows Update
- Reorg of development practices to focus on security
- Reorg of bulletin and patch release process
etc. etc. etc.
- Much much more publicity and attention paid to this issue.
While many in the security community continue to berate Microsoft and demand they do better, I am not aware of a single person who would claim Microsoft has not improved dramatically since 1999 in the speed and quality of their patch releases.
Don't you think Linux has also improved over that time period? I've certainly seen it.
The computing world is a moving target. 4 years is at least two generations. Get some updated facts.
Steve Sheldon, Piled Higher and Deeper
Chief Super Hero, SodaBlue.ORG
I have heard that Gates never said this
He says that he never said it, I never saw any details of where and when he was supposed to have said it, and I cannot think of any reason why a guy as smart as Gates would say such a stupid thing. I don't think he ever said it. Actual evidence could change my mind, of course.
the IBM PC design dumped the video memory at the 640K location, thus splitting the memory and making the top third almost useless.
It's true that video memory was placed at the 640K location. However, I can easily forgive the hardware designers who made that decision.
You were supposed to use the BIOS to write all your software. All of your IO was supposed to be through the BIOS, and if a newer machine came out with more than 640K of RAM, there would be a newer BIOS that would handle it.
The problem was that IBM's BIOS sucked. There was no "write a string" command in the BIOS; there was only "write one character". (Later versions of the BIOS did fix this but it was too late.) Since there was overhead to calling the BIOS, and since those early PCs were dog-slow anyway, no one wanted to use the BIOS like you were supposed to; it was so much faster and easier to just detect the video, figure out the address of the character buffer, and blast the characters directly into the video card.
Because there were so many apps that hard-coded the address of the video card, it would have been very painful to have moved the video buffers higher in memory. Thus the 640K limit.
If only the BIOS had provided a call that returned the address of the video buffer, and all those applications had used that. Then later PCs could have moved the video card up and we could easily have run 800K DOS apps. Oh, well.
The true moral of the story: don't design an API that's so bad no one will use it. Or to quote Cooper's Law of Standards: "If it doesn't work, it won't stay standard."
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
Another lie Bill said towards the end of the article was, "We invented personal computing" What? So now copying the GUI from Apple accounts to and invention? What's next, Microsoft invented the internet? Oh, wait, Al Gore did that!
Bill Gates obviously hails from a different Universe, where some form of temporal compression occurs relative to our continuum.
Either that or he's smoking crack along with his pals at SCO.
The higher the technology, the sharper that two-edged sword.
Have your engineers been good enough to fix these ones yet?
Or should I continue to advise anyone who is doing any important statisical analyses (eg medical research, construction engineering or even any non-trivial finance) to on no account process their numbers with your number processing program
I call you for 9 years on crucial bugs in your most popular and best piece of software.
Gnumeric
OpenOffice.org
KSpread
windows typically waits to acknowledge a vulnerability until it's run rampant through the internet. so by the time they finally admit there's a problem, they already have a patch available.
boy, doesn't that make them look good to suit-types who only read Internet World and watch CNN?
nevermind that the suit's slick XP laptop has already been infected & 0wn3d by that 'anna kournikova' jpg.vbs that he's too ashamed to admit he double-clicked on.
www.pixelectric.com
...and that is that Windows is suffering security problems at an astounding frequency of occurrance much greater than that of Linux. It is no wonder that MS is suddenly pouring such huge volumes of resources at fixing those problems that they are now starting to get better and faster at plugging the holes.
They still need to address why Windows (acquired/continues to) acquire all these security hole to begin with.
"The Explorer is fully integrated with the operating system, take it away and the OS grinds to a halt."
Isn't this why they were found in violation of antitrust legislation in the first place? How in the hell can he get away with saying this to someone with a live mic in front of him? Should this not be considered noncompliance?
Sigs are for squares. Like pants!
I don't get why people troll that Microsoft requires so much patching, when a simple look at the link in my sig will show you that Linux distros have several patches released WEEKLY.
But you never see any of it reported on Slashdot except when it's something really, really bad like a filesystem-corrupting kernel release or an exploitable sendmail/ssh/whatever that they can't easily ignore. That's right, kiddies--Linux and its userland is just as hole-ridden as any other operating system, if not more so (Slashdot posted an article entitled "Linux Most Attacked Server?" that linked to a study showing Linux as the most breached server on the net).
This is an entire article based on a throwaway comment Bill Gates made buried somewhere in a speech he was giving. It is purely here to let everyone give their knee-jerk reactions to the fact that--surprise of surprises--Bill Gates believes Microsoft patches better than Linux.
Isn't it time for RobLimo to write another ridiculous "Week with Windows XP" in which he only writes about the first day and can't manipulate a Quick Launch toolbar?
"Sufferin' succotash."
Slashbots will search for *anything* to latch onto as flamebait. In this case, they'll take a quote out of context and pretend Bill Gates meant it to apply until the end of time.
"I can't think of desktop applications where you would need more than 4 gigabytes of physical memory"
He's right. Can you think of a desktop application that needs more than 4 gigabytes of physical memory?
"640K ought to be enough for anybody"
He never said that, and it's been proven countless times. Even if he did say it, in 1980, 640K *was* enough for anybody. What's the problem?
Next.
"Sufferin' succotash."
Compared to what?
Compared to a few months ago. Microsoft has really stepped up their patching of Windows. Who knows why they are now finding so many problems, but it's nice to see that the problems are being found in the first place.
Patching in 24 hours is as Obi Wan said "dependent on your point of view" Microsft is going to be announcing new vulnerabilities once a month and releasing the patches at the same time. So, I imagine this to be the announcemt:
Microsoft announced today a horrible buffer overflow that lets grandmothers running quickbooks take control of all your pr0n, but they also issued the patch already....yay M$.
"We have to. We invented personal computing. "
Apple must not have received that revisionist memo.
As they say, "Follow the money".
:)
Don't ask me who they are though
I remember when I worked on a VAX. Our company bought a license with a service level agreement (SLA). Upgrades were mandated and part of the license. The incentive for getting it right the first time from DEC's perspective was that a quality product meant no bug fixes which were covered by the SLA.
However, compare that to Microsoft's business model. You don't buy a service license, you buy a version licenese. Microsoft admittedly produces unrealiable, buggy code because the expectation is that bugs are fixed in the next version upgrade.
Bill's not talking about a bug in the print driver that means your program prints wrong. He's really only talking about security problems in networking and more specifically Outlook and IE. Technically Outlook isn't even part of the OS although it is certainly patched with almost every security patch.
Microsoft is responding in 24 hours to *security* bugs because their traditional money making philosophy of fixing bugs in upgrades isn't making customers happy for security bugs. However, patches for non-security bugs are still realized by buying an upgrade.
I personally paid to upgrade to Windows 2000 professional because Windows ME which came on my Dell box was soooo buggy. There were never patches to fix the endless stream of bugs in ME except for the security bugs. Everyone I know says the best way to deal with the bugs in Windows ME is to upgrade. That is called Microsoft's golden goose. Create buggy software so people will pay for an upgrade not just for the new features, but to get rid of bugs.
Cheers!
Mybrid
I recently was in a Microsoft webinar regarding patch management. If you are interested, or a glutton for punishment, this was it. At one point they showed a histogram on the screen that was intended to show vulnerabilities in operating systems and how MS was beating everyone on the planet. Major Microsoft products were all broken down by release, e.g. Windows 20003, Windows XP, Windows 2000, Windows NT, etc.. Linux and BSD were categorized by distribution only, e.g. Redhat, Debian, BSD etc...
Windows 2003 appeared at the far left with only a few vulnerabilities. Windows 2003 was actually the "winner". It even "beat" BSD! Now think about that histogram for a minute. It created false divisions that did an apples to oranges comparison. The sum total of Debian vulnerabilites likely refer to all released versions of a Debian distribution with all possible packages installed while Win2003 likely refers to only a Win2003 retail box installed with the bare minimum options.
Marketing is a black art. I have some personal experience, but NDAs to bind me. It's an art of trying to create and/or shape ideas in the mind of your customers, critics and competitors. The most successful marketing is that which makes them believe they came to the ideas you wish them to hold of their own volition.
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
A major news source announce a hole, then you fix it, reactive.
A developer poking around the code finds a hole and you fixed it, proactive.
or
if you fix it before consumer demands, its proactive,
after it's reactive.
The Kruger Dunning explains most post on
This is the best joke ever. I'm going to have to tell it to my friends.
Sorry, I just don't believe it. Sure, he seems to spend lots of time talking to people inside his company, but it's not like he can have informal water cooler talks with people. If you have a company boss worth, what, $35bn, someone who can buy a medium sized country out of his own pocket, someone who inside his company has the reputation of a genius (no matter what the rest of the world may think), would you be too critical of his decisions or honest about your own shortcomings?
There are big inefficiencies in big companies; this is one of them. That's why companies like Microsoft need dirty tricks and patents to stay in business--otherwise, small competitors would be eating their lunch.
What's not to believe about it? Most regression testing is done with automated tools nowdays anyway. The testing tools hammer away at code, looking for obvious errors and overflows. Probably they run that stuff against a new piece of code, find a ton of mistakes, get developers to fix 'em, repeat ... and after they get it to where the automated stuff can't break anything else, and the developers themselves haven't stumbled on any more problems, it's proclaimed "good enough" and ships.
I can easily see that whole process taking several weeks (or more!), and yet all of this hardly means the product is really stable or "fairly bug-free".
I mean, look at a little tiny app written by basically one guy... For the sake of example, how about the mIRC Windows client for IRC chat? That thing has gone through an amazing number of revisions, and each time, the guy STILL manages to list at least a full page of bugs found and fixed. It's to the point now, I'm just amazed at the things that people find. It's so obscure most of the time, it's hard to fathom it ever got pinned down and reported by someone. Now, mIRC is an app I think most users of it would say is "incredibly solid/stable" - yet it STILL has all these bugs.
Granted, the developer also doesn't have an army of staff helping QA test and code it - but it's also magnitudes smaller than the average app s company the size of MS releases.
Combine free-standing holograph technology with Powerpoint, and there's a desktop app that'd likely require more than 4GiB of RAM.
Sure, it's all experimental at the moment, but it is being worked on.
Politas
Yes Bill, and Al Gore also invented the internet.
The Mr. Bill true subtext:
Once *I* decide something is going to be fixed I used to allow 40 hours before I fired someone. Now I only allow 24.
Oh, how long between bug report or exploit and that order?
By my preference, Microsoft doesn't patch anything until a MS copproate resource is compromised. That's just good policy...
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
"Slashdot: picketing the Matrix since 1997"
--------
Gates also doesn't seem to have a lot of faith in 64 bit technologies in the consumer space. "64 bit is coming to desktops, there is no doubt about that," he said. "But apart from Photoshop, I can't think of desktop applications where you would need more than 4 gigabytes of physical memory, which is what you have to have in order to benefit from this technology. Right now, it is costly."
---------
This coming from the same person who said 640kb is more then enough for anyone?
and this one
---------------
Gates is optimistic about meeting the challenge of the new security threats, he told reporters. "We have to. We invented personal computing. It is the best tool of empowerment there has ever been. If there is anything that clouds that picture, we need to fix it."
---------------
I thought apple invented personal computing?
Brielle
and they still are patching them. How many Years has it taken? MS is not done yet either. How is this faster than Linux? I don't understand the logic....
The new update system is getting on my nerves. I just woke up to the windows logout sound -- because the machine booted itself. I thought it was a new msblast or whatnot -- until I checked the event log and it told me that an update had requested the reboot within 5 minutes -- and the machine complied, without asking me.
A nuisance, if you ask me.
Anti-social? My code is just platform-specific.
"I can't think of desktop applications where you would need more than 4 gigabytes of physical memory"
Hmm, this reminds me something about "640kb ought to be enough for anybody"... (
http://quote.wikipedia.org/wiki/Bill_Gates). So finally, he is not unlikely to say this kind of things...
In some ways I agree with you; certainly Linux distros have a lot of patches released for them.
However, I've seen several posts by you in this article, and all of them are basically you being an asshole. I've decided to be more proactive in use of my Slashdot foes list, so, on you go.
Or, in Usenet terms, *plonk*
Quidquid latine dictum sit, altum sonatur.
Speak for yourself.
It's a figure of speech. It's equivalent to saying "...the vast majority of computer users still thought Microsoft was the greatest thing going -- a majority that, just to be clear, did not include mobiGeek, who seems to take things too literally and get offended easily."
Hope that clears things up.
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
To sync the local package list against the remote server type
#apt-get update
Then, to resolve any dependencies, download and install updated packages type
#apt-get upgrade
It's the native debian package management tool that was ported on redhat too.
Get it at apt.freshrpms.net
Works fine on all my redhat boxes.
Particularly effective if it leaves your opponent speachless.
The ultimate answer lies in how quickly Microsoft contains the damage from the next Microsoft worm. And the next. And the next.
Imagine a bug that takes one year to fix. With the overwhelming market share of MS software it would be normal if there were another 350 bugs with the same root cause. When the original problem is understood all 350 duplicates can get closed.
Now management sees that 351 duplicates were closed in 365 days, so the average is less than 24h. Great! Every one of the 351 issues didn't get a fix for over a year though. The average is pointless, what counts is latency.
Taking Windows away from a bunch of users and trying to replace it with Linux is just ignorant. Do you honestly think any operating system can be a drop-in replacement for any other? How can you possibly expect several hundred people to throw their skills out the window, start from scratch with a new OS, and not expect to have "user-dissatisfaction?" BIG DUH!
http://www.ntk.net/ballmer/mirrors.html
Let's face it. Bill "The Devil" Gates knows he is lying. He knows that most people are too stupid to do anything but believe him. He is not in court. He is not going to pay for this lie. At worst, it would be publicly known that he lied. Even then, most people would still believe his lie. What does he have to lose? Nothing. What does he have to gain? More misplaced confidence in the "quality" of Windows.
Even if in some magical fantasy world justice came about and the majority of the computer users of the world came to know that he liked this time, MicroSuck's spin doctors would quickly convince the users that their mistrust was misplaced and that Mr. Gates had meant something else entirely.
This brings me to something that really irritates me about helping friends with Linux. This would be a good Ask Slashdot question: Why is it that when something gets messed up and one is running Linux, it is always blamed on Linux? But when something goes wrong and one is running Windows, it is just pawned off to the instability of computers in general? The general public sounds a lot like some girls I know: Every time they are lied to, they believe it, but every time they are told the truth, the think it is a lie (this is why jerks get all the girlfriends).
Maybe Linux needs a marketing department.
Then again, if we start lying, will we become as bad as MicroSuck?
All data is speech. All speech is Free.
I really don't give a s**t what BillG has said but MS is patching as fast anyone else. There's been holes in Unix, and Linux, that haven't been stopped until weeks after they were found.
May the MS be the big beast, but let's at least be honest.
It is also backed up with the way they fought against full-disclosure and bundling patches / advisories several years ago. A year later, the bundled patches were spun as a reduced number of vulnerabilities/advisories.
Everyone except the average stockholder knows it's over for Microsoft, especially as it's customers are figuring out that, despite bleatings from the marketing teams, Windows is not ready for the Internet. The bad reputation they've worked so hard to earn in the tech community is now starting to spread to the general public.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
All things in moderation; including moderation
"We invented personal computing". What did Hitler say about the Big Lie?
The Linux community claimed 90 minutes, when it was really two months.
They were right in their claims. The patch was available for download in 90 minutes.
And I don't bother when RedHat adopts patches, because I (and many other people) don't use that brand of Linux.
Lisp is the Tengwar of programming languages.
They have so much more experience at it :)
like audio,ethernet, and stuff like that
until nvidia via et all figure out they can PayPal
money to linux developers to speed up development,
MS can brag about "patching desktop drivers together"
"Oh, you meant security patches?"
We have nvidia k-2.6.0-test7 courtesy
http://www.minion.de/nvidia.html Hint:
A huge Paypal might get nvidia audio
for test7, if not, it's overdue anyway,
and it would inspire somebody to go
for the next gig on speculation.
If you count from the point where they acknowledge their existence. Hey, if they stop doing acknowledging the bugs, does that mean that they can fix them before they even exist? Spooooky.
If you were blocking sigs, you wouldn't have to read this.
Let's look at MS03-041, examine the Windows XP Gold patch.
/x" to extract the components.
Run "WindowsXP-KB823182-x86-ENU.exe
24 Jul 2003: date of most recent component file
25 Jul 2003: date of patch file (using wget to obtain timestamp).
14 Oct 2003: "Date published" according to Microsoft.
I make that 82 days to release.
Andrew Yeomans
Gates: "We also invented the light bulb, the internal combustion engine, the cotton gin, the steam locomotive, penicillin, the telephone, television, gunpowder and spaceflight. And we will soon have the patents to prove it. Prior art? Pah!"
[quote]We invented personal computing[/quote] A very arrogant man, to say the very least.
The difference is that savvy users can just compile their own code with the patch as soons as it is released, while in the MS world you have to wait for the binary.
.
Still don't see how we are deluding ourselves here . .
Sdelat' Ameriku velikoy Snova!
Bill Gates should get stoned.
That one of you who never made a bug shall throw the first stone.
Do you care about the security of your wireless mouse?
This certainly qualifies as the biggest joke of the millenium. Bill check the stats b4 saying anything
This was a likely a foolish comment on the part of Mr. Gates. We know that security bugs sometime take weeks or months to fix once they are revealed privately to the vendor. Then the public revelation is often accompanied by the public release of the fix.
This comment will simply encourage more individuals and groups to release information about MS vulnerabilities publicly rather than go through channels. Apparently Gates thinks he's taking advantage of the fact that Linux doesn't have a PR department, and it will likely hurt MS shops in the long run.
MS acts much like an addict. "I don't have a problem, and it wouldn't be my fault if I did."
To pull their average turn around time on patches, they can release the patch BEFORE they do the announement, so they have a negative turn around time, that will really pull down their average -joe
I'm no Linux guru, but it's been simply enough to update the machine and go on with my life. Anytime I've got to patch a server, it means downtime. Why don't they address why every freakin' patch requires the machine to restart? How about not having a swiss-cheese web browser "integrated" into the operating system of a mission critical server? How about using freekin' text files for help and documentation?
Microsoft gets advanced notice, sometimes as much as 6 months. Only when does the vulnerability go public to they move it to production, often breaking things.
Linux has a better track record in security, quality and patch managment. Bill likely should get a Microsoft Linux 2005 system and try it himself so he has the experience to make such a statement.
Gates is optimistic about meeting the challenge of the new security threats, he told reporters. "We have to. We invented personal computing....
uhhh.... correct me if I'm wrong, but didn't IBM invent personal computing? MS may have enhanced it a bit or brought it to the masses (even that is debatable), but without IBM, there would not be a Microsoft.
It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.
But he's not crazy in the "looney tunes" sense of the word, more of a metaphysical fashion.
... Microsoft is the Roman Empire of software. Their kingdom is riddled with porn and virii. Untouched by platypi. And ultimately will fall to a similar fate. It is simply nature's way. They will crumble because they are trying to put the world in a box and make it run around a track. That is not how people really are. And while you can make it work for a while, it always fails. And Bill is insane for thinking otherwise.
No, seriously, hear me out.
We all know that chaos is the natural state of the universe. Humans have been trying to reign it in and control it and manipulate it for a long while now, and in some ways we've done extremely well. On the other hand, we still can't reliably get a pizza to our house in 30 minutes or less. That's why they had to drop that promise. But this has nothing to do with pizza. It was just a lure to get you to keep reading.
So here's Microsoft, trying to stem chaos in business by providing applications and operating systems that, for all intents and purposes, have created their own share of chaos through many means (switching systems, learning DOS, then windows, then patches and updates and incompatibilities and forced upgrades etc.). They are trying to stem chaos in their own organization in relation to releasing secure software out-of-the-box - and they are trying to stem the chaos of the encroaching open source model that is threatening the false and overbuilt sense of security and complacency that Windows has instilled upon the people of this computing world.
It is a battle they cannot win. Chaos consumes all. It just may take some time.
The open source model, however, embraces and uses the chaotic nature of the world and its computing inhabitants for furthering, extending, and assimilating itself slowly at first but exponentially. The group has no formal work structure or centralized location. They are relentless and dedicated. They operate at all hours and as a group and sometimes individually NEVER SLEEP. They are among the most intelligent minds on the planet, barring slashdot, obviously. And they all understand one thing: you cannot control the waves of chaos. But you can sure as hell catch one and ride that sucker to the beach, by cracky.
Bill's a great philanthropist, but to be honest, with that much money, he'd HAVE to be. Otherwise the masses would tear him limb from limb. Philanthropy deducted, the man still has more money than God after playing the stock market over the course of millennia with infinite knowledge of what was to come. Again, this has nothing to do with the topic at hand. It was another lure. Got you!
I guess what I'm trying to say is
Just fair warning.
I couldn't agree more with your point (Gandhi). I've found that to be true with most Open Source products nowadays. For example, a relative of mine told me about Open Office 1.1 and how great it was, yadadad. I have never been a big fan of Open Office, and the older Windows version (yes, I use windows) crashed frequently. So for grins, I tried out OO1.1, and was left dumbfounded on how clean and concise the interface was for all the tools. Scratch one Microsoft project. Then in the same week, I decided to try out Thunderbird on my company laptop, because MS Outlook was incredibly slow over VPN'ed IMAP. Scratch another Microsoft product. I've been using Firebird for a couple of months now, so I guess that counts too.
My point is, if the Open Source community continues to "chip" away at their code, cleaning it up and stabilizing it, users will begin to flock to it. As hard is it often is, the community just has to keep trying to make their software "idiot" proof. (Editing User.JS for thunderbird, is a tad intimidating for your average user). Linux itself is making the same strides.
Sig it.
"Marketing is a black art."
Lies are a black art.
If Microsoft knows anything about marketing, why do so many people hate the company?
The facts fit this theory better: Microsoft is a badly managed company that can stay in business because of having a virtual monopoly.
A significant portion of the linux user based could go get the source tree, recompile, and fix the bug. ANY distro could have produced a patch from that point forward. Some distros (like Gentoo) would have picked that up very quickly, possibly in a couple hours as has happened with soem of the recent SSH issues. With Windows, patching the sources does nothing for the user. It is only the final binary release that helps, and nothing before that. So if you are a competent Linux admin, and need the fix, it was there long before Windows. We already know Linux needs to grow some more for the average user.
The heights of genius are only measurable by the depths of stupidity
"Need 4GB of physical memory before 64-bit is relevant"? Either he thinks he's telling the truth or he knows he isn't: either is pretty scary.
For the record: the major reason for wanting 64-bit addressing is that you can then map all your data files into memory space and let wonderful Windows deal with caching, paging, flushing, and all the rest of it. With 32-bit Windows you're effectively limited to small files (1GB) so you have to keep all your handrolled open/read/buffer/write/close code around in case a user makes a file that's bigger than that.
Not so relevant for Photoshop but pretty important for databases.
What? Have you ever used Red Hat's up2date tool? It is easier then windows update.
Good point - but Linux != RedHat. Not to mentiont hat RedHat has to issue the patch before you can update it. IMO, the original poster's comments still stand.
My beliefs do not require that you agree with them.
Oh no, he's absolutely right. I mean, just look at Internet Explorer. Microsoft does an amazing job of patching that up nice and quick. Like CSS. Boy am I ever glad they fixed that whole CSS problem that we've been begging them to fix for years. Ho boy.
http://mediagoblin.org/
Microsoft has TONS of practice! They do patches all the time.
With Linux, on the other hand, it happens so rarely that people have to *remember* what was the patching process about...
That was good for Ghandi, but I am planning to achieve my own immortality by simply not dying.
If tits were wings it'd be flying around.
I doubt Microsoft will match many Linux users' "write directly to product maintainer, get patch same day" experience, but there's another important metric here: how long does it take to get the patch into users' hands? IIRC Microsoft just announced that they're in effect going to give the black hats free hits for up to a month before releasing new security patches.
(And I seriously doubt we'll ever see Microsoft duplicate the "see problem, find cause in source, write patch, send to maintainer, see it in next release" experience that I recall fondly from my days as a DEC customer. One of the attractions of Linux for me is that it gives that same feeling that I'm *part of the team*, not some outsider to be placated or even defended against.)
You have to smile when the big guy is trolled out to reiterate MS's position on the very topic that they thought their were going to re-intrench their monopoly... a.k.a. Trusted Computing.
I wish the media would stop biting on these absolutely useless PR stunts that MS is saying are real information sessions or interviews.
The media is just as much to blame as MS is for spreading the FUD!
I myself often wonder if the Open Source community has either been lying or are misinformed about their flagship-product. Namely Linux.
They do not lie.... Just fail to realize the ulitimate stupidity of most computer users ("Where is the configuration area?")
Cheers!
perhaps mr. gates is doing what any other company would do, making comparisons between things that arent exactly on par with one another. for example, he may be saying MS averages 24 hours to fix bugs (bugs in this sense may mean, the computer crashed kind of bugs), while Linux developers take weeks to get rid of some 'bugs', but remember that Linux folk call just about anything a bug, including feature requests. do you think mr. gates counts feature requests and plans and such as bugs? i doubt it.
Question
http://www.ironfroggy.com/
Once again the Slashdot community is spreading propaganda and misinformation. Longhorn IS NOT being designed to FORCE a user to patch automatically. It will be the DEFAULT option, which can be turned off. Much like the speed governor on a vehicle, this is for YOUR safety and can be removed (albeit I dont recommend removing the governor if you have one installed as it will void your warranty). It will also help to prevent NON-literate PC users from infecting the world.
I used to be a MS fan but then I was brainwashed. Now I see the Light. Mac OS X pwns u.
This again is misinformation. Across the Linux distros last year there were 3x as many security related patches than MS. Ya ya, you can say all you want about it being multiple distros, but then again if there was a standard among all the developers in Linux as there is in MS products then there would be nearly as many problems and patches! Point being, Linux comunity does no better at fixing bugs than MS and certainly programs no better than MS. MY last experience with Linux as a desktop ended with me re-installing XP due to the bugs in linux, most of them user interface and application crashes. Linux is great as a server but, unless things have changed dramatically in a year I will stick with my STABLE XP Pro.
I used to be a MS fan but then I was brainwashed. Now I see the Light. Mac OS X pwns u.
errrr, shoot myself in my own foot here :)
"if there was a standard among all the developers in Linux as there is in MS products then there would be nearly as many problems and patches!"
LOL, of course the ./ readers ARE educated enough to know that I intended to say WOULDN'T right? ;)
I used to be a MS fan but then I was brainwashed. Now I see the Light. Mac OS X pwns u.
"We've gone from little over 40 hours on average to 24 hours. With Linux, that would be a couple of weeks on average."
Is really simple. After the patch is written Microsoft only needs 24 hours to have the patch available on windows updates. Linux distributions normally take longer, in his opinion, to update their distribution. Now the problem is that he might be right here (although I credit security.debian.org awesome work there).
So what you see here is the typical M$ marketing answer which probably will work at the management level. The fact that you could download and manually install the Linux patch yourself, will not be told by M$.
The site where: "I'm right, as long as you ignore the things that prove me wrong", became a valid method of debate.
The patch was announced by the KDE team on August 18th
Debian had a patch available on August 21st
Mandrake had a patch out on September 9th
RedHat had an update available on December 4th
I was unable to find this particular bug in the security archives of Gentoo, SUSE or Slackware (either they were not vulnerable, or never patched). I was unable to locate any security info on TurboLinux' or Connectiva's sites.
On Microsoft's site, I was unable to locate any security bulletins older than one year.
So even *if* Linux patches took longer, Open Source allows developers around to world to tighten it up so it does not open up more "features." This is opposed to the 10 arrogant sloppy coders M$ might have work on it and push out 3 more flaws with one fixed while forgetting about browser holes years old coming back to haunt their users...ewpz!
An M$ patch is like using TNT to fix a leak in a dam.
"several generations" the IBM PC (5150) had a minimal of 16k RAM up to 64K memory. On the other hand the 5160 (PC/XT) had a minimum of 64K increasing the bottom end. Early batches had a max of 256K memory, and by 1986 (the end of the XT's production) they had boards that maxed out at 640K. There must have been some need for 640K, otherwise it wouldn't have been avalible. For the "256K" boards they made things such as the AST "6 pack plus" to allow expansion to 640K. The AT series machines had boards such as the "Orchid Blossom II" that allowed expansion to 24 megs in theory, in reality 16 was usually all you'd max out at, with the release in 1987. I'm not even gonna get into I386, I've NEVER seeen one with less then a meg of memory. from the PC to the XT to the AT to 386 there's maybe 4 generations and that's stretching it, even within 3 there was obviously some need for more RAM otherwise products such as the "6 pack plus" would have never come into existance, as well as the fact that they wouldn't have bothered adding the expanded capabilities to the 2 and 386 machines, and nowhere near "several generations." not debating wether or not he said the quote in debate, if he did he said "ever" not "for several generations" now didn't he?
Don't call my crazy, that's what they called me back in the home!
Of course they'd have to supply patches more quickly .... I mean, hell, when you consider the number of security holes there are in Winblows compared to Linux -- besides, Microsloth has paid employees whose job is to provide those patches .... I'd think it's fair to say that most of the Linux community has other jobs and contributes to the community as much as they are able to do so.
As usual, more MS propaganda to continue to misinform the masses.
First off, windowsupdate.com is a poor experience for any but the most basic users. Trying to download patch sets to apply to multiple machines isn't supported in it. The system can't even decide to only highlight one patch when it knows that that patch has to be installed exclusively. History of installed patches is sketchy at best and if you install a patch outside of that environment it is completely lost. (A new W2K build right now means to install W2K, install SP4, install IE 6 SP 1, download more patches, lather, rinse, repeat.)
The single biggest problem is that the complexity of MS's OS is out of control. IE, WMP, OE, and whatnot being welded in willy-nilly means that there's more to patch, more to potentially go wrong with a patch, and more to dilute the efforts of MS's coders.
Yes patching is a fact of life in the software world but it doesn't have to be as bad or as often as it is today.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Forcing users to download patches could be a major mistake. We have to thuroughly test patches to make sure they work with our internal software. Many of the changes they put in these HotFixes and Service Packs breaks our software written to Microsoft's own specs. I know of 2 service pack, 1 recommended update, and 2 critical updates that we are still warned not to use or the internal software will not run. Our software engineers cannot keep up to the changes. We are having to divert people from development to update our software to be compatable with the updates.
Can you name an application other than photoshop that runs on the desktop, and needs more than four gigs? No.
Note that he doesn't say 'never ever;' in fact, he specifically says, '*right now*, it is costly.'
In other words, yes, everything will eventually want/need 64 bit, but at the moment, it's not filling a need, it's filling a marketing checklist.
Vintage computer games and RPG books available. Email me if you're interested.
The BIOS in fact required *TWO* calls to draw a character on the screen. One call moved the cursor, and another call put a character under the cursor without moving it. This is twice as bad as the worst possible design I would have thought possible.
It seems difficult to believe that anybody smart enough to run an assember could design such a pessimissicly bad design, but those IBM engineers did it.
emoticon://sorry/
--- hello_world.c.old 2003-10-17 15:00:30.000000000 -0400
/* hello_world.c v1.0 (c)2003 Per Wigren */
+++ hello_world.c 2003-10-17 15:00:45.000000000 -0400
@@ -1,11 +1,11 @@
-/* Relesed under the GNU GPL v2 or higher. */
+/* Released under the GNU GPL v2 or higher. */
#include <stdio.h>
int main()
{
- char str[5];
+ char *str;
str = "hello world!";
printf("%s\n",str);
}
Gandhi's peaceful protests had very little impact. It was violent unrest in India that forced Britain to give up on governing it and hand it over to local political parties. Gandhi pretended to stay out of politics but actually maintained a lot of influence in the Congress party. His other interests were, frankly, pretty kooky.
that's because it's Windows 2000. obviously.
So for grins, I tried out OO1.1, and was left dumbfounded on how clean and concise the interface was for all the tools.
Well, all except for one. I'm still trying to figure out why in hell they changed the way that the tool palettes work - now, instead of popping up a temporary windoid allowing you to select the tool you want, it opens a completely new window, and it stays open after the tool is selected. Small, yes, but VERY annoying.
!= updates faster It only LOOKS that way. :-)
Bullshit.
/Content/8811.html
Lets take the recent MS RPCSS vulnerability published (not by MS with a patch in hand) on 10/10/03:
http://www.sarc.com/avcenter/security
There still is no patch (and its gone well past the 24 or 48 hr patch date) AND all this is considering MS "patched" RPC on July 16 (MS03-026 better known as Blaster) and RPCSS in 10/03 (MS03-039).
Now lets look at the OpenSSL vulnerability reported on 10/1/03:
http://www.cert.org/advisories/CA-2003 -24.html
Debian and Redhat had patches backported within 2 hours.
I think you mean that with Linux, end users can debug the code.
End users can QA the released Microsoft code as well. That's what that little "Send bug report to Microsoft" dialog box is for.
I've seen several posts by you in this article, and all of them are basically you being an asshole.
I noticed a long time ago, that Overly Critical Guy (663429) often behaves like an asshole. He knows what he is doing and probably enjoys doing so. How he manages to do so without getting modded down to -1 each time is a mystery to me. But trust me, this guys every move needs to be watched very closely.
Tell me more, tell me more