Slashdot Mirror
Google Reportedly Ditching Windows
Reader awyeah notes a Financial Times report that Google is ditching the use of Windows internally. Some blogs have picked up the FT piece but so far there isn't any other independent reporting of the claim, which is based on comments from anonymous Googlers. One indication of possibly hasty reporting is the note that Google "employs more than 10,000 workers internationally," whereas it's easy enough to find official word that the total exceeds 20,000. "The directive to move to other operating systems began in earnest in January, after Google's Chinese operations were hacked, and could effectively end the use of Windows at Google. ... 'We're not doing any more Windows. It is a security effort,' said one Google employee. ... New hires are now given the option of using Apple's Mac computers or PCs running the Linux operating system. 'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.' ... Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
'Linux is open source and we feel good about it,' said one employee. 'Microsoft we don't feel so good about.'
However, they feel pretty good about a closed-source implementation of an open source operating system on locked-in hardware? This sounds rather flamebaity and very light on facts.
I am curious if long term this will help security. Windows is the prime target for attackers, but I'm sure there are many 0-day exploits waiting in other operating systems. However, if administered right, Windows can be pretty secure.
Time will tell if this actually reduces compromises. I'm interested in seeing the results over the long term, just to be objective.
Probably the only reason Google used Windows to begin with was out of freedom of choice for their employees. Now that freedom of choice has turned into a liability, thanks to Microsoft's shoddy security record. No wonder they've finally decided to pull the plug.
The year of Linux on...
Never mind.
.....if Microsoft employees can ditch Google.
That will be the true test of Google's influence.
Fucking Eric Schmidt is a fucking pussy. I'm going to fucking bury that guy, I have done it before, and I will do it again. I'm going to fucking kill Google.
Your friend,
Steve Ballmer
I recently left IBM, but while I was there, there was considerable effort to eliminate M$ products. Symphony was being pushed out over MS Office, and Apple netbooks were an available option in some areas. Obviously IBM has a love for Linux, and the Linux folk there are doing everything they can to make it perfectly acceptable, and usable, to use Linux internally. For all of my 4 years at IBM I used Debian and then Ubuntu on my work thinkpad (but I kept a XP partition for Visio).
They probably use this one.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
I thought the next big thing to hit MS by Google actions was to make HTML5 the new YouTube installer(apart from the beta html5). This would represent the next most significant milestone over the inception of Google Search itself.
But this is up there. For Joe and Jane Public, google is hip, trustworthy, and useful everyday.
Perhaps more than any other effort, this may influence significantly the perception of school aged people and Operating Systems. When that tipping point comes, MS is in serious trouble.
In post Patriot Act America, the library books scan you.
Google makes its own mobile platform (Android) and is working on another for general computing (Google Web OS), so it only makes sense that they'd move away from a closed, proprietary platform like Windows. If there are any Mac OS X machines, I'd imagine those are being migrated to something else as well... though some people may get clearance for software like Photoshop or Final Cut Pro.
Even for testing/development, they can just run virtual machines.
http://www.tenjou.net/
I'm not as smart as most of you slashdotters, but this seems smart in that they can write their own security updates with Linux, as opposed to waiting for Microsoft to fix them.
Macs are only more susceptible to spearfishing because the monitor and body are one. Ram a spear through that and the whole machine is gone. With most windows machines, spearfishers go for the bright monitor but since the real guts of the machine is in a seperate body, it just requires replacing an ever-cheaper monitor.
Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
How could this be true? If the system is more secure, and the user is a constant, then it's no worse "when dealing with [...] targeted attacks".
Security updates are rare.
That's not an argument by itself. When's the last time you updated the walls of your house? If it ain't insecure, don't update it.
By the way, I'm no Apple fan. I just think your arguments are ridiculous.
--
On other news, RedHat announced it does not use Windows on its web servers and Apple announced that no employees use Windows Mobile phones.
Sorry if this is trollish, but Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
Well, you're entitled to your opinion, even if it has no connection to reality. "Spearphishing" (God that's a stupid term) is an attack on the user, not the machine; it has nothing to do with the OS.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
They're likely going to put the users on GooBunto... their secret-filled OS that they've been developing for their own purposes for a few years now. If you have a Linux-offshoot Android already, they most likely have the ability to fork Linux and do whatever they need from it... not to mention any security exploit would require knowledge of this employees-only OS, so it'll dramatically cut back on the number of suspects.
They've been using Linux for years.
--
If that had been named in the article, I'd say it was a damn good possibility that they were removing Windows from any machines in favour of that. The fact that it exists, and that name wasn't used, pretty much confirms for me that it's not a legit story at this time.
Canada: The US's more awesome sibling.
One indication of possibly hasty reporting is the note that Google "employs more than 10,000 workers internationally," whereas it's easy enough to find official word that the total exceeds 20,000.
Why yes, 20,000 is more than 10,000.
This post expresses my opinion, not that of my employer. And yes, IAAL.
They have their own internal distro, have for at least 2 years that I'm aware of.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Except OS X isn't more secure. That's why it's always the first gone at pwn2own competitions.
Canada: The US's more awesome sibling.
Are they going to go the way of Go for all of their other development activities?
Employees wanting to stay on Windows required clearance from 'quite senior levels,' one employee said. 'Getting a new Windows machine now requires CIO approval,' said another employee."
So what they'll do is get a new linux machine, and install Windows as a "guest" OS in a second partition. It's not that hard these days, and google is reputed to have lots of smart people.
Similarly, my wife telecommutes half time, and is required to run Windows XP at home. She talked to the nice folks at the Apple Store, who explained how to set her Mac up to run virtual OSs, and installed XP in a virtual partition. It works fine. She has since taught a few others at work to do the same, and they're all pretty happy with being able to run a real OS at home and only fire up the Windows that they all hate when they need to do some "work". She gave me her castoff Windows box, which is sitting in the corner running Debian linux and functioning as our firewall/gateway/server machine (and no doubt still listed as another sale to a satisfied Windows customer by MS's bean counters).
And all this is nothing at very new, as far as the computer industry is concerned. Back in 1980, I had a job at a company that mostly used their big IBM mainframe, while the engineers were playing around with unix on some of those funny new "minicomputers". I'd worked on both, so I had the fun of getting together with some Amdahl folks, who delivered their unix that ran on top of VM. We installed it (over a lot of dead IBMer bodies ;-), so that the engineering staff could run their stuff on the mainframe. After a while, the big 360 machine with VM was running at least 10 different OSs simultaneously, with each group using the OS that best fit their needs. Granted, there were lots of fanboys who thought their OS was the one that everyone else should be using, but we just ignored them and went about our jobs. Now it's 30 years later, and the "personal computer" part of the industry is discovering this fantastic new idea called "virtual" computing that lets you run more than one OS at the same time ...
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
All things considered i think the majority of google employees are software developers or artsy UI experts. They don't seem to have the laundry list of sales/marketing dudes and execs who drive the company to use MS because they are incapable of learning to use anything else. Given that their entire server architecture is based on linux i doubt many software developers have a problem with using it as their desktop and the mac fits the artsy niche.
Last time i was in the boston google office (several years ago) i don't recall seeing a single windows machine anyway, they were mostly linux workstations and a few macs here and there. Its not like they really transitioned 20,000 employees, i would guess more like 1,000.
Sorry if this is trollish, but Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
Why do you think this?
From an overall security standpoint, you have:
No open ports by default.
Users who do not run as admin to run any software
Now consider targeted attacks as you mentioned. You start out with a more secure base that makes it harder to infect the system beyond a simple cleaning. Now if you are really concerned about security, what do you do?
Simple, you access all email and do all browsing through Chrome.
Why do you think Google would not do this? They could say "don't use Safari or Mail,app" and then they base all the use of the computers that spearphishing could come in on, in a platform they control and that they can update every day if they like. I'm sure they use gmail internally so it's not like that's even a switch.
They key is basing that all on a subsystem more resistant to attack to add to the layers of security. And the simple reality is, that currently there just are not a million exploits in the wild showing you how to infect a Mac like there are for Windows today. That alone makes it REALISTICALLY more secure, even if the platform still has vulnerabilities (which it obviously does since all software does).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Something definitely seems wrong with the story. Remember, the system that was compromised at Google was an XP system running IE6 and logged in as administrator. IOW, they made no serious attempt to secure it. From this they jump all the way to banning Windows?
For the sort of targeted attack that hit Google an off-the-shelf Mac system is at least as vulnerable as an off-the-shelf Windows system. Surely Google knows this.
(My take: http://blogs.pcmag.com/securitywatch/2010/05/google_dropping_windows_for_in.php)
You have to remember, this isn't a general user that can rely on "OS is rare enough in the wild not to really be afraid of mass-reproducing viruses" which is the main reason why mac is considered "more secure" then windows.
Google's problems are with TARGETED malware, specifically tailored for them, not generic mass-reproducing stuff. For this, mac is arguably much worse choice then windows - it likely has similar total amount of critical flaws, being a large general-use PC OS, but amount of flaws that aren't patched/known to anyone but black market sellers is likely to be far higher then those on windows, as on windows, such flaws are profitable enough to exploit with large-scale infections, forcing microsoft to close them up on a regular basis as they come up. On mac OS, you can have similar flaws stay around for much longer time due to far smaller amount of general malware using these flaws. And to this date, the #1 way the flaws come out is through malware using them and getting snagged by honeypot machines on the net.
I would expect that when this rollout is complete, black market for mac OS zero-day flaws will get a whole lot more active then it is now, due to additional value of google likely having a mac machine in an important part of its infrastructure..
Therefore I find it rather strange that *strategic* choice landed of mac OS when switching from windows OS. Linux on the other hand makes much more sense, as google folks themselves can actually tailor the OS to their own needs, including simply sandboxing browsers and other software they deem "vulnerable". I can understand it as a kneejerk "anything but windows" reaction, but in the long run, it just doesn't make much sense.
That's because the hackers want a Mac, not some lame old Windows box.
Man who leaps off cliff jumps to conclusion.
Macs have been offered at Google all along - all that appears to have changed here is the elimination of Windows as an option.
Man who leaps off cliff jumps to conclusion.
It's first gone at pwn2own competitions because it's what people want to own. Duh!
Every OS reaches an end point, not necessarily driven by only one thing.
Apple reached the end with the Apple II, Mac OS9, and moved to UNIX.
How is Microsoft going to break the legacy trail?
They are going to throw a chair through all the Windows, maybe?
How do you get rid of entrenched dispersed foe that attacks everything you do from inside your own OS?
How many tens of millions of user hours are wasted every year on WinPCs just with the security stuff, which still is NEVER enough?
My Guess: Never. They will Bleed Windows until competitors take their market share as users make the choice to abandon Windows.
It is truly a strange situation where the dominant player is also the most attacked and yet in the last 5 years nothing in security seems to change.
Number of in the wild FAQ ready, click and load, virus options for Mac OS X - 0
Ex NSA workers with the skill and time to hack a Mac for the WIN - a few
Number of in the wild malware options for Mac OS X that need a user to input their pw - 100's ?
http://www.iantivirus.com/threats/
OS X has all the nice overflows, poor to no memory protection, problems with users ect that most consumer quality OS face.
Just after a set number of years nobody seems to have done much on the Mac in the wild.
Why? Lack of skill, lack of fame, hardware access per hacker, profit or the well coded protection of a Unix like OS?
Linux and Mac have a had a few non rushed, profit crazed, non time limited code reviews done to their basic building blocks over many years.
The only part MS sinks its time and cash into is security marketing.
Domestic spying is now "Benign Information Gathering"
I have no idea how moving to a Canadian cosmetic brand will eliminate security issues.
This is the Financial Times, not the New York Post, Mac OS Rumors, or some random blog. This reminds me of when the Wall Street Journal was reporting that Apple was going to Intel, and Slashdot said, "Never going to happen." Of course, it did happen. Folks, when a major newspaper like the FT, WSJ, or New York Times reports something, it's probably true. Which makes this very interesting. I think the most interesting aspect will probably be that feature parity for things like Google Chrome will probably benefit--no longer will Chrome, or Google Toolbar, or Google Earth lag behind on Linux and Mac, because Google employees are using Linux or Macs, because now Google employees will be using Linux and Macs.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
So Google employees don't use the client software they themselves produce, considering that a lot of it is still Windows-only?
I would be particularly curious about Google's own GTalk client...
If they locked Windows up securely, all their employees would change operating systems anyway.
You have to get pretty draconian to stop a targeted attack like the Chinese one.
I hear Googlers enjoy having a network cable connected to their computer.
Bender, is that you?!
Oh, yeah, it's not easy to pad these out to 120 characters.
Tell me... what IDE runs on ChromeOS? Where's the Emacs for Android? When I see that, we'll talk. Until then, I don't think that Google's going to be able to migrate it's most vital employees (engineers) to "eat their own dogfood." Might be interesting to migrate support staff, but that's not where the heart of Google is.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
Microsoft reportedly ditched internal use of Google in 2004.
I'm not going to argue over which is more secure, because, unlike everyone else here, I don't claim to know.
I just know when someone is making absolutely no sense.
--
Are they going to develop Google Talk for linux?
It's a company that is staffed mostly by tech guys, who use a webmail client for corporate mail/calendar, are pushing their own office product, and use mostly web-based internal apps. This "switching to Linux" on Google isn't as difficult as a "switching to Linux" on a non-tech corporation where most people use windows. All the guys I know over there already use Linux in both the desktop and laptop google computers.
Only a minority of their systems were running Windows anyway. They were half Mac and had significant Linux use also. With how Unix-based they are, I was surprised they had any Windows at all.
It is simply unprofessional to use Windows in 2010. There is no excuse. The switching costs on Mac or Linux are tiny compared to what you save in maintenance and training costs later and gain in enhanced productivity. The key is you have to let the user choose which one they want and then you can leave them be to work. A Mac is better than Windows for some users, and Linux is better for the others. Neither needs any significant training if they choose the right one. For some users, an iPad is all they need. I know a couple of business people who switched from XP to iPad and won't go back. They add WebEx and iWork and a Bluetooth keyboard and they're good to go. Ten iPad users can share a single Mac mini with 10 accounts on it for backup and OS updates.
I think we need a kind of certification that says "Windows free" so consumers can avoid companies that use Windows. If you give your personal data to a company that uses Windows you have basically given it to a botnet. Even in the Fortune 500 who have I-T staff and security add-ons they all have botnet infestations. They shouldn't be waiting until they get a class action lawsuit to switch to professional technology.
Probably windows in a VM I would assume.
OS X has all the nice overflows, poor to no memory protection, problems with users ect that most consumer quality OS face.
Actually not really. It's not as prone to buffer overruns as C++ or C would be, thanks to Objective-C used to write most apps.
Also with Snow Leopard, it has fairly good memory protection at this point.
And the users are more partitioned off, because there are no programs that demand you run as admin the way you find Windows programs that flake out... not to mention no open ports by default.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Just after a set number of years nobody seems to have done much on the Mac in the wild. Why?
Because virus/malware writers do it for attention, to show what they can do. When faced with this situation you look at it and go "Do I aim for the Mac/Linux which will effect less then 1 out of every 10 computer users which will have little notice? Or do I aim for Windows that will effect 9 out of every 10 computer users?" If you want attention, you aim for the 9 out of every 10 users. Pwn2Own keeps showing that Macs aren't secure. The hackers don't aim for the Macs to win it since the $10,000 price money would buy a top of the line Mac where the one used isn't the top of the line model, the aim for the Mac because it's the easy target.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
I just spent most of my three day weekend cleaning up some "Antivirus Soft" http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft that took over my Windows 7 installation. My antivirus software didn't detect it, and I was in Chrome 5 just reading news sites when it took over. After hours of booting into safemode, and scanning every piece of media I had with 3 different antivirus software. I discovered I had 5 different trojans and 2 different keyloggers. This forced me to change 50+ passwords. I don't consider myself an average user who easily falls for downloading malicious stuff. I have been in IT since 1994. I got everything cleaned up, but was left wondering how the hell this happened? So I finally gave up and I am done with windows forever. I have been dual booting for a while, but now I have decided to go all the way. I am doing this in spite that I don't think Linux is as nice on the desktop. Its just not worth it if I am going to do everything I can to be a secure user, and still get infected. So I sympathize with Google on this one. Its so utterly frustrating, that I damn well want to swear off technology period. Una-bomber style.
It has always surprised me how few companies run linux on the desktop. I have personal converted about 30 in the last 10 years, all of which were mom and pop places with less than 100 seats. Google using Chrome would not surprise me. 90% of the office desktop users dont need more than a browser, office platform, and maybe e-mail assuming the company does not have a web based e-mail. I have heard many geeks say it is not ready for the desktop based on a list of reasons but the general office user has such a small software need that it fits nicely..
The last company I migrated over to linux was a rush job. They needed it done in a short window before the inspection of there licences. I set up 1 server with home directory shares in both NFS and Samba, ldap, dns, printers, and DHCP. There were 3 desktop configs, 1) for users that had with firefox, OpenOffice, and google chat. 2) for managers that had that plus planner, and Dia. 3) was for upper management that had everything from the first two plus a few specialized things that one VP seemed to think he needed like bit torrent and an RSS feed reader.
Everyone got the basics like a calculator, archive manager, Notepad, etc.
All in all they run smooth, easy access to pen drives etc. Windows Laptops could be pointed at the server and after logging in would get the users home directory allowing them to easily move data between there laptop and the desktop. The remote home directories and ldap logins meant that users could login at any desktop and do there work. All the desktops were the same for a given group so if one failed it was simply replaced and a new image installed (Totalling about 45 min install time) Top this off with no viruses, spy ware, or bot software and the desktops were locked down with only a couple of open ports. So far every company I have done this for has loved the setup.
Probably the best indication that they are serious about it is that they won't use a specific (or to be more clear, single) distribution. Maybe for non techies they could standarize a bit, or even give a few choices, but for most will be a matter of choice.
Comment removed based on user account deletion
While your assessment of MS is wildly inaccurate for the better part of the last decade it seems like you fail to realize that a lot of issues with OS X don't even require exploits. SMB authentication uses plaintext by default instance despite the fact that it supports IPSec. Course with each release of OS X SMB support has gotten worse and worse. It still works, random disconnects and thumbnails placed all over my network but it still works.
Also, keep in mind that while Linux as a base can be secure it is often not deployed in a manner which is safe. Look at Apache, there is a high frequency of Apache breaches with website defacing due to poor passwords than there were IIS breaches albeit back in the days of IIS 4 things were pretty bad for Microsoft. With process isolation and a number of new security features IIS 7.5 is pretty rock solid however.
Back to OS X, the base OS is mostly secure but again, it's the applications that aren't. iTunes is a nightmare for security on both Windows and OS X. Sorry, Apple products aren't secure, look at the poor security implemented with the iPhone and the newest release of Ubuntu bypassing the pin. This doesn't happen with either my Android or Windows Mobile phones and I know it doesn't happen with Blackberry phones either.
The bottom line is that platforms are only as secure as management cares to make them. Security and productivity are often at odds in corporate America whereas consumer level products just outright don't care about security to make things "Just Work."
Google's approach makes a lot of sense, they'll have 20,000ish beta testers if they can get them all on ChromeOS. I'm not sure why they gave users the option of OS X given the hardcore lock-in that ensues. Seems like they are just making it harder on themselves. If they don't think ChromeOS is ready the go with a distro that will be similar so you can practice deployment skills and be ready when Chrome is. Instead they'll develop two different deployment strategies to handle both Apple and Linux. There are certainly products that do both but now you have two sets of patches to test and deploy.
I have no idea how moving to a Canadian cosmetic brand will eliminate security issues.
MAC cosmetics are very difficult to hack. Actually, moving to any platform that doesn't run ANYTHING as a super user is inherently more secure. It's been years since I moved from Windows to a small ham and swiss on rye sandwich, and I no longer have ANY security issues to worry about.
Best decision I ever made.
Actually us googlers don't use traditional network cables anymore.
Ever since we've had the google cloud/brain interfaces installed we
My friend likes Macs. He got his grandpa to use a Mac. So his grandpa went to a website, that clearly looked like Windows, that told him he had a virus! So he tried to download and run the EXE, you know, to fix the virus. Yea, so anyway, his point was something about Windows being insecure.
Enlightenment is the elimination of that which is unnecessary.
I assume Google is going to continue to produce software for Windows (Google Earth, Chrome, Google Talk etc) Windows is still the largest single operating system and not producing clients for it would mean losing a huge segment of the software market. So how exactly do they plan on developing, testing and releasing Windows software when there is not a single Windows system in their entire company? Do they plan to compile the binaries to win32 or win64 binaries and then release them completely untested and hope that they actually work as expected on their native platform?
I'm guessing in a Virtual System that has little to no internet access, just enough to test the programs and only running in a virtual session as long as needed so the main system can't be compromised.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
This old myth has never been true.
Apache is more popular than the Windows web server, yet gets hacked less, which completely debunks the idea that being a market leader is the only reason Microsoft products are so shockingly vulnerable to attacks.
OS X is a GUI shell on a BSD layer on a Mach engine. Like any flavor of *nix, it was designed from the ground up to live safely in networked, multi-user environments.
It's an order of magnitude harder to hack than a Windows box, because of superior design. This has been demonstrated over and over for nearly a decade now, yet the MS fanboys continue with the silly drumbeat that Macs are only enjoying security via obscurity.
Information wants to be anthropomorphized.
I wonder what Google uses for an accounting package?
Very hard to find accounting programs that do not require Windows OS.
That doesn't really make sense. We are just reaching a point in time when Google realizes that Apple is a bigger threat to their business then Windows ever was (Windows users have the option of installing alternate codecs, browser, toolbars, etc), and Windows has finally got its security act together, and NOW Google is going to switch from Windows to Mac?
Yeah, seriously. Not to mention testing all their web applications in IE6, IE7, IE8, ...
I suppose they could either run Windows in a VM, or bravely try and do some testing using Wine, but, uh, realistically, if they're continuing to develop software for Windows (and Windows is definitely the lead SKU for most of their desktop apps,) then they're going to need a whole bunch of Windows installs lying around. Maybe they're not counting virtualized copies of Windows?
It was not too long ago that the swap file on OS X was world readable.
Good thinking, but a Mac mini is even safer from spear attacks than a PC tower, especially if you rack-mount it, leaving only a 2" by 5" target made of hard metal.
Although if your machine is at all in danger of getting hit by a fisherman's spear, you probably have even bigger problems due to water damage.
Information wants to be anthropomorphized.
However, I kind of view this like an article about "Redhat reportedly ditching Windows".. they use Linux extensively, they should have done this a long time ago.
Meanwhile Redhat came out with this RHEV stuff, manager for their new virtualization platform... WTH.. you make an OS, and your management platform from your OS needs a copy of this foreign Windows junk? :)
Isn't it amazing that Google is ahead of Redhat.
Does this mean there will be a stable Linux version of Chrome coming out soon?
When I was doing some contract work at Sun, about two years ago, Sun was also eating their own dog food, SunRays everywhere. I wonder if Oracle could ditch windows internally?
I suppose Apple has already ditched windows.
I think somebody posted that IBM was going that way. I think it would be a good idea.
Redhat maybe?
Who else?
This makes me curious from a desktop administration perspective. Windows, for all its problems, has a great ecosystem of enterprise management tools for things like software installation and inventory, hardware inventory, health monitoring and more. All the stuff you need to effectively manage a large fleet of workstations with a few techs is available.
Most developers I know make poor system administrators, so it's hard to believe they take a completely laissez-faire approach to desktop management. Also, Google Docs seems like a really poor substitute for file shares on an enterprise NOS and directory service -- it's the "cloud" equivalent of a peer-to-peer LAN network when it comes to security structures.
This is very true.
Microsoft know that the end for them is coming. Once game developers move full time to Mac (and therefore Linux with SDL), Microsoft will die.
We're all looking forward to it.
No, you've got it backwards. It is Microsoft who are on a jihad against all things non-MS.
Embrace, extend, extinguish... remember?
Do what thou wilt shall be the whole of the Law
I dunno, I think this whole "internet" thing is kind of overhyped, at this point. It's clearly peaked in the marketplace, and public opinion is already starting to turn against it. This time next year, your precious little Internet darling is gonna be so irrelevant that it'll make Vanilla Ice look like Joel Spolsky.
And yet the Pwn2Own competitions keep showing that Macs aren't hard to hack...
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
"It is simply unprofessional to use Windows in 2010"
I have watched the dev shop where I work transform from a Windows/OSX/Linux shop to mostly OSX or linux running on macbooks. Having the good hardware + the powerful CLI makes using Windows running on some janky hardware seem like a joke.
Now, there are no more fusses when someone has to go into a conference room and demonstrate something on a projector. Plug the projector into the mac and it works. We can remotely pair program via Coda/Bonjour. We can all have full control over our PC without having to worry about always running as admin like you have to in Windows (because on a real OS you can use sudo for sensitive things). The things run forever (I am at about 40 days uptime) with no need to constantly futz around with the OS like you do with windows.
Working there is my first experience with a Mac, and it's nice. I get the power and flexibility I loved about Linux, but I get some of the niceties of a commercial OS (like playing media out of the box, polished UI). My next computer will be a Mac. Having to develop on Windows again would seem, well, as you put it: unprofessional.
blah blah blah
Macs are IMO a WORSE security risk than Windows when dealing with spearphishing and other forms of targeted attacks.
How could this be true? If the system is more secure, and the user is a constant, then it's no worse "when dealing with [...] targeted attacks".
I'd guess - and im not necessarily saying this is correct - that most Mac users have a false sense of security, the sort of 'Macs don't have viruses therefore Macs can't get viruses.'
It never ends well. Sun tried weaning themselves off IBM accounting hardware at one stage - I never read a press release saying they'd accomplished it.
A million personal assistants at Google will all turn frosty pretty quickly if you try to tear MS Word out of their white knuckled little fists.
Perhaps it's easier to find a exploit for a Mac then Windows, there just aren't enough Mac's in the world to make developing one worthwhile outside a competition.
Calling someone a "hater" only means you can not rationally rebut their argument.
I have spoken with 4 Google employees, all who have given the same information.
They are moving to Mac or Linux, employee's option.
Exceptions are only given on a case-by-case basis.
Bullshit. I do a great deal of C/C++, R, C# development on XP and very, very rarely need to run anything as administrator. I can't even remember the last time I had to runas Admin other than installing software.
I had something similar to that - and then an electrical engineer moonlighting as a developer wrote a dotnet crap inventory flat file single user "database". It wrote a file to the root of "C:" drive that told you who had the "database" open so that you could ring them and ask them to close it - thus many had to move back to WinXP with full Admin rights for a bit of incompentently written crapware.
That's the real problem - legacy crapware written from a single user MSDOS mindset that was obsolete before MSDOS existed.
Asus developed the solution to this, a monitor that was impervious to crossbow bolts thanks to a layer of crystal sapphire: http://hothardware.com/Articles/ASUS-LS201-20-LCD-Monitor/
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Let them eat their own dog food. I wish Google the best of luck. I would love to see an open, nearly free version of all of the popular MS applications that make running a business easier. It would be great to have equivalents of Office, and Project and Exchange.
Apache is more popular than the Windows web server, yet gets hacked less
That is a myth, actually. Go ahead, open Secunia, compare Apache and IIS side by side (just be sure to check release dates to compare apples to apples...), and see the vulnerability count & severity for yourself. Apache has had more known exploits.
All security is through obscurity to some extent. Encryption, passwords etc.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Did you actually read the interviews with pwn2own winners, where they explain the technical reasons as to why it's harder to pwn a Vista box than it was to pwn an OS X box?
Ever think about the possibility that what Google is using internally is a custom spin? It would be logical that they would have a standard set of packages (no flame wars please) to support their business.
Since you are looking at 10K or more systems, no business in their right mind would use only the recommended packages from any one vendor. Add to that the support requirements and you are looking at a sophisticated configuration.
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
That's because the hackers want a Mac, not some lame old Windows box.
Sorry, but the contestants do not decide the order in which they attack the target computers. They are allocated timeslots randomly to each system. The Mac fails first because they haven't implemented some of the basic security precautions that the other operating systems have.
How is the above post a Troll?
Calling someone a "hater" only means you can not rationally rebut their argument.
If Google ditches Windows, it will pressure them to back and/or develop a viable alternative, by which I mean an operating system that will run ALMOST ALL the applications (or equivalents) that I use on Windows. Today, I'm stuck with Windows unless I want to give up some of the software that I use regularly. There are a lot of reasons that more Windows competition is good for PC users, and this may be a giant step in that direction.
No fair modding my comment as Troll.
My point is that when you're developing stuff for the web (as Google most definitely do), you really do need access to various browser platforms to test against.
The most important platforms to test against are Windows/IE because:
Being denied access to Windows is therefore a major PITA for anyone doing web development.
As a network/systems administrator, Windows has little to no use left on the desktop any longer.
Compared to alternatives (and there are many!) common Windows machines on the desktops are costly and relatively expensive to maintain (in terms of manpower and infrastructure): you've got complex SUS arrangements (due to in-house app compatibility, usually), AD (same reasons, as well as work flow) and malware contentions - just for starters. Compare that to pointing all workstations at (say) a local Ubuntu LTS repository cache or updating from Apple. A lot can be said about Windows ACLs and its other underpinnings, but keeping things secure while allowing users to work is not one of them.
Additionally, the time and (domain) knowledge required to roll a minimalist Linux distro vs. a minimalist, locked-down Windows install (ie a 'thinclient image') is significantly different. With one, you've got a maintainable minimalist system that uses negligible resources to update; the other is pretty much a custom hack which will require significant efforts to update. I'll let you figure which is which.
The average user uses no more than 3 or 4 applications in a large environment, from what I've seen. There aren't many people who multi-role: they've got their own world and aside from a web browser, might touch one or two apps on a given day. For these apps, you've got things like Citrix Presentation Server or Windows Server 2008 remote applications. Centralize the common stuff when you can, so it's easier to maintain, update, etc.
As for Google, my experience has been (with the technical crowd) that those actually developing for Open Source type environments, having your development environment be similar to your production environment is a wee bit helpful. Aside form things like Picasa, I can't see much of a need for Windows; indeed, there's likely not even a preference for Windows at Google, short of the occasional mathematician. The yuppie post-graduate degreed geek seems to prefer Apple.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Apache is more popular than the Windows web server, yet gets hacked less, which completely debunks the idea that being a market leader is the only reason Microsoft products are so shockingly vulnerable to attacks.
Even it were true (and it isn't), it doesn't demonstrate anything of the sort.
OS X is a GUI shell on a BSD layer on a Mach engine. Like any flavor of *nix, it was designed from the ground up to live safely in networked, multi-user environments.
Just like Windows NT, you mean ?
It's an order of magnitude harder to hack than a Windows box, because of superior design. This has been demonstrated over and over for nearly a decade now, yet the MS fanboys continue with the silly drumbeat that Macs are only enjoying security via obscurity.
Please detail the "superior design". You might also want to comment on how OSX has consistently lost out to Windows (and everything else) in contests like pwn2own.
Google announced officially that they're in the process of dropping support for IE6. To me, this means "we're no longer going to consider IE6 in our products and will start notifying IE6 users to upgrade in our web properties as IE6 ceases to work".
Running Windows (for a development environment or otherwise), sandboxed from public networks completely (or even other internal networks, for that matter) makes a lot of sense to me. 802.1q ftw.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Re 1 out of every 10 computer users: Macs per OS X got malware and the Windows 7 ect. beta got malware too.
User land size did not seem to matter much.
If OS X is so easy to hack, where is the irc chatter, forum posts, easy and detailed how to guides, uncomment as needed code posts and ready made apps?
Pwn2Own keeps showing that Macs aren't secure from an ex NSA worker.
The USA pumps out many CS, maths, cryptography students. Have they all found gainful employment, never been bored or tempted by OS X?
Domestic spying is now "Benign Information Gathering"
This doesn't happen with either my ... Windows Mobile phones :) .. yet :)
"“mobile version of the classic Counter-Strike“, the pirated title contains hidden code which has been silently ringing numbers in the Antarctic block, the Dominican Republic, Somalia and other premium locations"
http://games.slashdot.org/article.pl?sid=10/06/01/0145232
Domestic spying is now "Benign Information Gathering"
A long time linux user, I sent in a resume to google HR in India and they
replied asking me to resend in MS Doc format!
They can spend money to fix security issues as they discover them, rather than having no options, monetary or otherwise, other than waiting it out until Microsoft gets off their collective asses and releases a patch.
Don't thank God, thank a doctor!
Unix was not design'd from the ground up with security in mind
It is a staggered rollout. They are not reinstalling current machines(although there may be a push later on for this), they are only not allowing newly purchased machines to have Windows on them.
Even Windows in a VM requires an exception - to the detriment of their support groups that HAVE to support customers on Windows infrastructure.
I'm gonna have to ask for a citation on this one. I just cannot believe that google doesn't do a huge amount of testing in VMs running all flavors of windows and IE. Or at least the versions that still have significant market share. It would be insane.
1 1 2 3 5 8 13 21 34 55 89 144 233 377 610 987 1597 2584 4181 6765
They always catch you unprepared. You'll get over it - or you won't. Damn the torpedos, full speed ahead!
Help stamp out iliturcy.
If Google really believes that switching from Windows to Linux is going to protect them from a targeted attack funded by a super power(the Chinese government), they're drinking more than the kool-aid up there.
Unplugging the server from the network won't buy you protection from that sort of thing.
When's the last time you updated the walls of your house?
Funny you should ask that...
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
Perhaps it's easier to find a exploit for a Mac then Windows, there just aren't enough Mac's in the world to make developing one worthwhile outside a competition.
Right. Because tens of millions of potential targets just aren't enough.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
But there are some web-based apps like Zimbra and Gmail which are pretty darned good and that's certainly the direction my organization is looking at as we expand.
There are many businesses with security requirements that make online apps run by a vendor externally a non-starter.
There are plenty of good mail clients but few good calendar programs. Outlook fills that void.
These posts express my own personal views, not those of my employer
I've got a local virtual XP instance (mostly for dealing with Exchange brokenness, which I haven't had to do for weeks, so I haven't even fired it up). My experience is that rdesktop to a remote host (usually a terminal server) gives better performance, and is useful for poorly-written, nonstandard enterprise/corporate applications (fortunately there are fewer of these with time in my experience). A server pool would allow for occasional access as needed, and Google could presumably work out licensing for CALs. Better than pigging out RAM and disk with a virtual instance. x86/AMD64 based virtual computing still hasn't hit the efficiencies the IBM 360 series boxes had, and GUI shells impose slightly more demanding resource/feedback requirements than something as elegant (coff) as TSO/ISPF.
What part of "gestalt" don't you understand?
Feel free to provide some kind of evidence for any of those huge assumptions whenever you can.
throw new NoSignatureException();
Very few Windows programs require admin privs to run after install. There are no open ports by default on Windows Vista +
Also, the certificates make it easier to know if anything wanting elevation is likely to be safe not; Windows will advise as appropriate.
Finally, Mac OS doesn't have a full ASLR implementation; and their NX implementation only works on 64 applications.
http://www.laconicsecurity.com/aslr-leopard-versus-vista.html
throw new NoSignatureException();
The one sticking point I've seen at any organization using Exchange (not "Outlook") is the integration between calendar and email. And yeah, you've got to use Outlook (or Entourage) to benefit from that.
Google's now attacked that with GMail + Google Calendar. One large company I know well is starting its transition this summer. And where most big IT changes are greeted with groans, this one took wild applause at an all-hands meeting. Calendars are already segregated (two different staff directories due to mergers), 150MB mailbox size limit, frequent mailbox f-ups, and the outrage and insult which is OWA.
News shows there are others making the step as well, particularly among educational institutions and younger (growth) companies. Yes, there's some back-and-forth, especially as Microsoft sweetens the pot (read: reduces its operating margins) to buy back business.
As someone who's eagerly waited for over a decade's worth of "The Year of Linux on the Desktop" articles has become mildly aware, shifting mass computing markets takes time and an overwhelmingly compelling argument. The tide for Microsoft has been going one way for over a decade, though, and as its key corporate strength -- monopoly control over the enterprise desktop suite -- is eroded, the chips will fall faster. And that strength is falling in several places: the corporation, the desktop, and the suite.
My only hope is that what replaces it will be a more diverse computing ecosystem. That might just happen.
What part of "gestalt" don't you understand?
Actually, since all platforms are hacked at the conference, it shows that the Mac is the biggest prize.
More to the point, the weakness exploited was in Safari (in all but one case) and required user intervention in all cases. For Windows, systems were compromised in ways requiring no user interaction.
So it does actually show that a Mac is harder to "pwn". It's not like the time of pwn2own means anything--the hackers have all prepared their exploits and practiced them for months in advance.
We'll see how long it takes Google to start frantically doing the back-stroke.
I don't think we will see Google doing a backstroke anytime soon. When you think about how badly Google was compromised, and what someone could do to them if they are every compromised like that again. What are their options.
1. Find a way to live without Microsoft and all the software that will ONLY run in a MS Environment.
or
2. Give to it, take the easy way, run MS software and just expect that you can survive any system breach no matter how badly you are compromised.
If it takes 5 years and a billion dollars, I am sure it will be worth it to Google in the long run. Also note. Google is not "talking" about switching. They are not trying to get a better price from Microsoft. They just quietly started to mandate that MS is not an option any longer.
vi +
Yes, it will be a gradual replacement. That's why it says that new machines will need authorization to run Windows.
The same way other companies do it...
We have no production windows systems, no windows systems which are used for day to day tasks...
What we do have, is a small handful of windows systems (mostly virtual machines) sitting in an isolated test network which are used purely for testing purposes and windows-specific development.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I'm pretty sure they aren't and cannot ban windows. How can you expect to develop windows software without windows?
n/t
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Linux is and always has been a very attractive target for hackers... Years ago, linux/unix is all people would target because the only windows machines online were typically end user systems connected to dialup lines, while servers connected to faster lines were typically unix of some kind.
Also unix has a usable CLI by default, whereas the windows cli is pretty poor... When you're breaking into a machine on the internet, and are relaying your connection through machines in multiple countries in order to cover your tracks, cli is really the only option as any form of gui would be unusably slow by this point.
However, the days of redhat 4 with buggy ftpd, imap, pop3, bind etc services running as root by default are gone... Modern unix systems are much harder to attack, run a lot less by default, and what does run has less privileges. People these days target buggy webapps and insecure passwords in order to get into unix machines.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Windows has a reasonably well designed (VMS based) kernel, with a lot of legacy cruft on top of it... Most of this stuff MS have added on top of the original vms-derived kernel have significantly weakened the intended security model... things like the networking protocols (google for the windows auth model is broken), the password hashing algorithms, the presence of multiple versions of various apis...
Some of the security features are implemented in userland and are trivial to bypass, one example being the function to "disable" the command prompt.
It also has an extremely complicated security model which is very much overkill for the vast majority of cases, and results in people simply ignoring it.
Not to mention all the additional complexity designed to work around the design flaws without breaking compatibility, like the transparent path/registry redirection thats designed to allow poorly written apps to think theyre able to write to arbitrary locations without actually letting them do so... The first principle of security is KEEP IT SIMPLE... The more complicated you make things, the harder it is to keep it secure. On the other hand, windows has always been extremely complex, and this seems to be by design to make it difficult to clone - after all, ms were not at all happy that dos got cloned.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The point's already been made that Google probably uses Enterprise level software but to the statement that windows dominates (pardon my paraphrasing) here's a useful list. Even in the Free/OSS category there are a number of mid-market offerings.
http://en.wikipedia.org/wiki/Comparison_of_accounting_software#Free_and_open_source_software
note that this wiki entry needs some eyes so it seemed worthwhile posting OT. ;)
The alleged supplier wasn't Nigeria, but Niger, a landlocked country to the North.
In the last few years, we've replaced every single Windows laptop or desktop with a Mac. We still run windows in the server room, and terminal servers for the apps that won't run on Mac OS (Quickbooks enterprise and our student information system).
Office runs just fine on Mac OS. Yes, entourage is a crappy replacement for Outlook, but it mostly does the job. The next version of Office for Mac OS is rumored to have a feature complete version of Outlook to replace entourage.
We still take security precautions like running real-time anti-virus, using good firewalls, VLANS, and web-content filtering.
Macs can replace Windows in many common office scenarios. Terminal server can also help bridge the application gap between Windows and Mac OS.
-ted
This is Google we're talking about here.
If they're forcing googles to ditch Outlook, Excel, etc and all the other crutches they've been using for business software, what do you think these guys are going to do?
THEY'RE GOING TO PROGRAM NEW SOLUTIONS! Come on, this is Google, a major software house, that you know, has the objective of creating a competitive online alternative to Office?
This move was probably done to force programmers and office staff to get used to Office alternatives and eventually come up with their own solutions. Foster creativity through adversity.
This would be a stupid move for say, a banking firm, but this is a major software engineering house. Sure , they'll go weeks, months, maybe even years running inefficient office software, but eventually one of their engineers will get sick of it and come up with something that works.
The Mac's default configuration was hacked. That was day 1.
Windows wasn't hacked until they added flash to the install..
Or you trying to be funny, or are you just hypnotized by the M$ eye-candy?
A few things you might try sometime in the future:
GMail
Zimbra
Evolution
GroupWise 8
Notes
Regards;
They used to do administration on Vaxes and development on UNIC workstations until PCs hardware and software got good enough to do that all on PCs. This switch happened in the mid-1990s.
Actually, that's half rubbish.
Windows is relatively secure with the correct corporate policies in place and proxies/firewalls to block access to sites where malware can be easily downloaded from - problems occur if malware gets brought in behind the firewall because of users taking corporate laptops onto their home network or plugging in their own infected USB hard disks and memory sticks.
But Linux security has *nothing* to do with the distribution you are using for precisely the same reason more corporations use their own Windows builds for PC rollouts rather than a standard installation CD.
Linux insecurity is not about viruses and malware, it's about brute force and buffer overflow attacks to get access onto a system. The way to counter those is to turn off unnecessary network daemons, updating them as soon as a known vulnerability is reported, and keeping a handle on user accounts so that users have strong passwords and password expiry set - and no distro in the world will have all that set optimally out of the box, hence the need for some customisation anyway.
Gentoo Linux - another day, another USE flag.
It's certainly not all that hard to disable the administrative shares, but it's alot harder than it should be, totally undocumented until it became a problem, and the pertinent point should be why the hell were they on in the first place???
Google's apps all target a web platform. As long as the browsers are sufficiently standards compliant, testing on windows could be limited to QA and to the browser developers.
*sigh* back to work...
not sure whom exactly this shill is 'turfing for, but pretty obviously astroturfing. By ignoring all of the nuances of the 'statistics' used, and pimping guides to follow steps to do what should be done by default, our friend here has tipped his hand. Poor attempt, want another try?
This is incorrect. Unix was not designed for security from the ground up. Unix predates the internet by decades. In the 70's and 80's, networking your unix machine meant networking it to other unix machines in the same building. Those other machines were used by people you knew and worked with. If they did something antisocial on the network, you could go knock on their door and politely ask them to stop. For this reason, unix has historically had very poor network security -- by modern standards. For instance, people were still using rlogin well into the 90's -- sending their passwords unencrypted over the network. There was a difference between how unix historically handled network security and how windows handled it, but it was definitely not a matter of ground-up design. Unix adapted more quickly and successfully to the internet. Also, a lot of the security problems on Windows are related to attempts to make it easy to use, whereas unix was never originally aimed at people who had minimal computing skills.
Find free books.
"turned into a liability"
Windows has always been a shoddy liability. Unfortunately MS has an incredibly good marketing team, that can literally sell fridges to Eskimos.
Really???!??
How much does Microsoft Fridge 2010 cost, and what's it's energy efficiency rating? :)
Agreed, how many Apache servers were 'hacked' due to being poorly set up or having insecure password.
Half of writing history is hiding the truth.
Google Reportedly Ditching Bing. "It's a security measure. We don't feel secure promoting a competitors product."
While the risks that you list are all true, GPO is not the ultimate solution you make it out to be. It's not all that difficult to completely circumvent domain level policies. It keeps the honest folks honest, but you still need monitoring, change management, network level security, and strict HR policies to really enforce security. And you're right; this isn't just an MS thing either. As much as I like linux it also needs the same sort of attention to keep workstations secure.
I don't believe in karma, I just call it like I see it.
The "eat your own dog food" concept worked just fine. I worked at Sun in the 90s and as far as I can remember I never used a spreadsheet there. We arranged our data in plain text files and sorted it with shell scripts, and we did this walking uphill in the snow both ways, sonny.
Seriously, there were word processing, Visio, and powerpoint equivalents in Solaris, and for apps that just had to run in a Windows environment, an emulation environment (name?) that sort-of worked, and I think a few people that really really needed them had Macs.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
Still in beta, I see...
I am an ACCA student. Got a query on Accountancy/Finance? Maybe I can help!
All security is through obscurity to some extent. Encryption, passwords etc.
No, passwords and keys are *secrets*. If you embed the secret with the "secured" payload, then you are doing security through obscurity -- e.g. DRM. However, if the secret is not part of (or transmitted with) the payload, then the payload is truly secured by the secret.
Three main reasons I use Windows:
1. Familiarity (I've been using it since I was a kid)
2. Video Games
3. It works. (I tried using Linux a few years ago but had difficulties in getting even small things to work.)
Now I'm halfway through college and will be using Ubuntu for research I am doing with a professor.
Favorite comment from http://linux.slashdot.org/story/10/04/18/1557220/Why-Linux-Is-Not-Attracting-Young-Developers
This attitude works if you are some joe blow user worried about being part of some zombie attack, but fails miserably if you are some high value target such as a bank or a military. You can't rely on reports of known malware because a real attack isn't going to be "known". OS X does have these issues. It is far from perfect and when you have a web browser that allows drive by downloads for two years, I really have a hard time trusting them with the security of the rest of the system.
How is objective-c any less prone to a buffer overrun than C++?
Using all caps in such an arbitrary manner doesn't add emphasis to your post, it just makes you look unprofessional, and as if you can only get your point across by yelling louder than the other guy. The pen may be mightier than the sword, but using it with such force blunts the nib :)
Flaming respondants also makes you look idiotic. Sorry but there it is.
If you're so sure of your position, how about losing the anonymity.
How is objective-c any less prone to a buffer overrun than C++?
Because more strings are likely to be C null-terminated strings in a C++ program, where pretty much every string in an Objective-C application will be an NSString.
Yes I know C++ also has string collection classes, they just aren't used with as much consistency.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Cloud computing is definitely a big thing in today's IT market but i just cannot see running an entire PC off the cloud security and reliability being an issue plus bandwidth issues. Internally I could see Google just using MAC or linux but I doubt they will ever totally remove windows especially not with software venders that only make products for windows unless they are going to develop every app they need internally.
http://www.thetechnologygeek.org
You use an iPad in the music studio? I wasn't aware that there were apps that made it useful there.
I think you meant the Mac, which I have seen used extensively in studios due to the high quality of Logic Pro, and I've even seen iPods used as pocket drives, but the form factor of an iPad makes me suspect you got something wrong.
Using an iPad in a music studio feels like mixing paint with a phillips screwdriver: sure, you can do it, but it's not the intended use of the tool and there are other solutions that are much better.
I don't record on the iPad. It's more like a Swiss-Army peripheral device than anything else. When recording, it's a control surface. When rehearsing and learning new material, it saves me the trouble of printing charts on paper. When performing, it runs the board wirelessly, saving me the trouble of a cable snake and allowing the sound tech to sit ANYWHERE while having total control over our road rig. These are just a few of the uses I've found for it, and it seems like every week I find more.
Information wants to be anthropomorphized.
Where is this? Does Microsoft condone this I wonder, especially considering they no longer support XP?? I see that support for the current builds and service pack level for XP is done, again, as of 04/2009!
You misspelled "2014" (reference: the page you sent me).
Where is this? Does Microsoft condone this I wonder, especially considering they no longer support XP?? I see that support for the current builds and service pack level for XP is done, again, as of 04/2009!
You can buy a Dell Inspiron Mini 10, brand new, today, with XP Pro. We're not talking about Bob's Tires and Laptops. If you can get a Dell with XP, then I'd have to say XP is available to the public. The rest of your invalid reasoning can be similarly dismissed.
Dewey, what part of this looks like authorities should be involved?
The switching costs on Mac or Linux are tiny compared to what you save in maintenance and training costs later and gain in enhanced productivity.
For companies that don't run everything through Google/Cloud services there are very real software costs. What about backwards compatibility - applications that are more than 3 years old?
For some users, an iPad is all they need.
For some users, a calculator and a pad of paper is all they need.
Man blir trött av att gå och göra ingenting.
Once game developers move full time to Mac
Since OSX runs all the latest and greatest hardware and has a huge install base of users that love buying the latest games?
Man blir trött av att gå och göra ingenting.
offtopic indeed, sorry but i wasn't aware of an ontopic/offtopic police force around these parts.
I could take the original post of yours that I replied to and merrily dismantle it line by line, but why should I waste my time when it's a poorly written mess that doesn't really deserve proper reading? Not so much a wall of text as a wall of text thats had a dumptruck driven through it. If you want people to take your points seriously, write them in such a manner that people can actually follow the flow of your post easily.
I wasn't the one getting all shirty because people on slashdot can see straight through the bullshit you've posted there, and aren't bothered about your precious internet feelings. Nerdrage much?
Capitalising words puts the emphasis on how poorly you are doing at putting your point across, it does not add emphasis to the point you are making.
You couldn't enlighten me with a flaregun pal.
Only for unusually small values of "All". The following are a few examples of Google apps that are that (while in some cases they interact with the web) do not "target a web platform", but instead run on a desktop OS (usually, and in some cases exclusively, Microsoft Windows) or (in one case) the add-in environment (rather than the "web platform") of a browser (often, Microsoft Internet Explorer on Microsoft Windows):
Google Chrome
Google Desktop
Google Toolbar
Google Earth
Google SketchUp
You speak of vulnerabilities and percentages. You are speaking of the KNOWN ones. You think there are only 16 vulnerabilities in Windows 7?
Your Average Joe
One of the rules of moderation means you can't post on the same discussion. So of course the mods haven't posted their rationale. But I'll give you a hint:
"Open Sores" (lol)
That's how you started this conversation. Are you surprised you got downmodded? Oh, and people get downmodded for trolling about "M$", also.
It's not about technical justification, it's about playing nice. You're being a dick, so you got downmodded, whether or not you're right. Don't be a dick, it's not hard.
Don't thank God, thank a doctor!
Do I have to put a humour tag on everything now? yeesh.
Man who leaps off cliff jumps to conclusion.
if I have the sourcecode to an operating system, I have a FAR easier time of finding bugs in it than I would on a closed source OS, & for instance, using "fuzzers" (or worse, disassembly via debuggers) on it during pen testing...
Yes, that's pretty much exactly what I said. I also explained why this is a good thing.
You want to claim that this is somehow equally useful to good and bad people -- I respectfully disagree. See, even if I did try to find bugs in Windows, using all the tools you mention, I still have to go through Microsoft to get them patched, and it's Microsoft who will be doing the patching. And Microsoft has been known to sit on vulnerabilities for months without releasing a patch, or even acknowledging their existence until there's an embarrassing enough exploit.
By contrast, with Linux, I can provide the patch in the same post which discloses the vulnerability.
wouldn't you rather have a vulnerability found and fixed, or even found and marked "unpatched" on Securina, than found and exploited (hidden) elsewhere?
Microsoft has their regular "Patch Tuesday"
And what does that have to do with my question? Answer my question.
Workplace espionage happens man...
Not from a local DoS. Say it with me: Local. DoS.
It's still very not good. It still should be fixed. But it's not even in the same category as, say, remote escalation.
A security vulnerability is a security vulnerability.
Are you seriously implying all vulnerabilities are equally dangerous?
Local or not, you can take advantage of it, especially if a malware (or worse, a malscripted website's javascript does it, and that RUNS LOCALLY ON A USER'S MACHINE IN THEIR WEBBROWSER
Now you're just a moron.
No, JavaScript exploits would most likely be classified by Securina et al as remote exploits. It's local code, but it's sandboxed. Unless there's a vulnerability in the sandbox itself, JavaScript can't exploit local exploits.
Or just go read the exploits. Look, I did almost all the work for you. Most of them are fucking C system calls, which are about the farthest you can get from a sandboxed script.
Want proof? Go read the Windows Aero vulnerability. It was classified as a remote vulnerability, despite being techincally "local escalation", because an image viewed in a webpage could lead to said escalation.
Now, you note "local exploit". Think that doesn't happen in the workplace, on the same local area network?
Um, no, that's not what "local" means. "Local" means "on the same machine", which usually (though clearly not always) means physical access. Yes, it's still an issue, but having your webserver owned by someone who had a shell account is a lot easier to deal with than having it owned by some random bot over the Internet, and it's a lot less likely to happen.
And remember, we're talking about Google, and specifically, what people are running on their workstations. That makes all of these pretty much irrelevant -- from what I can tell, Google employees truly get to own and admin their own workstations, so they don't really have to share.
NOT ALL LINUX DISTROS USE SeLinux or AppArmor either
So what? I thought we were comparing the best and latest.
"Modifying video output could be very bad, but also very hard to exploit in a way to make it worse than rickrolling you. And again, local.
See my last paragraph in reply above - same ideas apply here too.
What? No they don't. You don't once explain how this is not very hard to exploit in a way that's worse than rickrolling you. Hint: That part has nothing to do with it being local.
Which are just like what you'd n
Don't thank God, thank a doctor!
I don't think you trolls who are downmodding me understand that I can bypassthe "10 posts per 24 hour" unjust/unfair limitation upon us AC's,
Yet more evidence of trollish behavior. Accounts are free, you deliberately sign your posts to allow yourself to be tracked, yet you refuse to sign up. Then you deliberately bypass limitations like this -- pretty obviously breaking the rules.
On top of it all, you abuse capslock and bold to draw attention to yourself (even as you cower behind anonymity), and you have tons of grammatical and spelling mistakes, making the overall quality of your posts pretty poor.
And again, you wonder why you're downmodded? There'd have to be truly brilliant technical insights in there for a mod to overlook how childish you are about posting them.
There's also this:
/.'s default is to HIDE AC posts as "hidden posts" when javascript is on
No, the default is to hide posts with low scores (including -1's from logged-in users), and even that is contextual. For instance, this post was not automatically hidden.
And that's the default. Mods are encouraged to browse at lower thresholds to look for AC abuse -- to downmod the Frist Psots and such.
Don't thank God, thank a doctor!
Windows has a reasonably well designed (VMS based) kernel, with a lot of legacy cruft on top of it... Most of this stuff MS have added on top of the original vms-derived kernel have significantly weakened the intended security model... things like the networking protocols (google for the windows auth model is broken), the password hashing algorithms, the presence of multiple versions of various apis...
As opposed to UNIX, which has been having "cruft" heaped upon it since the day it was conceived !?
Some of the security features are implemented in userland and are trivial to bypass, one example being the function to "disable" the command prompt.
I'm not sure what you're talking about, but I can't imagine it being seriously considered a security barrier by anyone.
It also has an extremely complicated security model which is very much overkill for the vast majority of cases, and results in people simply ignoring it.
So by your logic Windows 95 is better than UNIX because it has a simpler security model ?
Not to mention all the additional complexity designed to work around the design flaws without breaking compatibility, like the transparent path/registry redirection thats designed to allow poorly written apps to think theyre able to write to arbitrary locations without actually letting them do so... The first principle of security is KEEP IT SIMPLE... The more complicated you make things, the harder it is to keep it secure. On the other hand, windows has always been extremely complex, and this seems to be by design to make it difficult to clone - after all, ms were not at all happy that dos got cloned.
Or maybe it's just that complex problems demand complex solutions.
Thank you for realising my question was sincere. I was genuinely curious as to how you used it, and your answers have sparked my own imagination in how to use the device once I can get my hands on one.
Link?
'We're not doing any more Windows. It is a security effort,' said one Google employee
You know, for such a quote, I would have expected at least a position. If Google's janitor said that, it doesn't mean much, but if their CTO said that, it's another story.
The original story was:
http://blog.arcanum247.net/post/2009/09/15/OS-X-106-Snow-Leopard-fails-to-improve-ASLR-remains-easier-to-hack.aspx
Since then, Pwn2Own 2010 showed that ASLR in Vista/7 is not as good as it was thought, though still he says:
Windows 7 is slightly more difficult [than Snow Leopard] because it has full ASLR
and finally:
No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. The organizers don’t choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.
Google will lose track when some are not using Windows and Microsoft will lost trance when some are not using Google. It is smart to eat your own dog food, but if you only eat your own dog food you will not know where you are...
What 'trollish behavior' is this on my part?
Bypassing the written and unwritten (but obvious) rules of a community because you don't agree with how you're being moderated.
They come with a price: YOU are EASILY TRACKED
So are you, so long as you sign your posts. The only difference is that you can't even provide rudimentary assurance that you're the same person I was talking to yesterday.
I am the ONLY thing here that is FREE (Truly Free).
Do you realize how crazy that sounds? You're not the only AC, dude.
"elitist registered user account"
Quotation marks. So who are you quoting?
I can also collect up credits on my upwards mods this way too, by signing off on my posts - that way, nobody can say it was or wasn't me that was modded up
Sure I can, mostly because there's nothing stopping anyone else from signing their posts "APK".
I have been doing this for YEARS here, bypassing the 10 posts per 24 hour limit unfairly imposed on us registered users, so show me a "rules" that says I cannot do this...
Translation: "I don't understand how plurals work in the English language, and I think that getting away with something for years means it's OK."
I have asked others before to show me such a rule, EXPLICITLY WRITTEN,
It's filed under "Don't be a dick." Or did you think the limit was there for no reason?
Put another way: If you come across a weakly-secured WEP network, and you crack it, do you say "Show me a rule, EXPLICITLY WRITTEN, that I can't leech your Internet"?
As you point out, posting anonymously makes you immune from karma, friends/foes and bad reputations, which means, as you say, you're harder to track. There's a reason for making people easier to track -- it helps prevent abuse.
you don't possess the intellect
Throwing unwarranted insults tends to get you downmodded, but apparently you don't possess the intellect or social skills to understand that.
Don't thank God, thank a doctor!
LOL, what a piss poor reason for modding me down.
What, you don't think moderating for content is a good idea?
Put another way: If you and I met face to face, and you started insulting my clothes, laughing here and there for good measure, I wouldn't want to hang around you. You might insist that I know it's true, and that I should listen to you, you're a fashion designer, whatever, but if you start off with "That shirt looks like dog shit," I wouldn't be inclined to listen, and I would be inclined to tell people you're a dick.
That's how moderation works. That's why we have things like "troll" and "flamebait". Having technical content doesn't automatically mean you're not a troll.
Sure is, and I will be nice until it's time, to NOT be nice (such as when others start calling me names, and up until now, you didn't but, as usual?
As usual, you started that. Also, saying "You're being a dick" is not namecalling. It's a slightly ruder way of saying "you're being obnoxious", which is not even a personal insult. This, however, is: If you got out more, you might realize that people say "Don't be a dick" to each other often enough, without taking it personally.
Doesn't matter to me IF I get "downmodded"... especially for reasons like you are noting, lol, that I have basically "upset the ANTI-MICROSOFT, FireFox, + LINUX fanboys & zealots" around here.
Again: People who use terms like "M$" tend to get downmodded. People who create posts which are 50% inflammatory bullshit, 10% interesting, and the other 40% just a boring repeat of those 10% get downmodded on pretty much any topic.
As far as trying to tell me that others here actually favor Microsoft?
I didn't say that. Learn to read. Hint: It's right there above.
Extra hint: The mods are pretty good, most of the time, at moderating based on content -- on how you say what you're saying, and whether or not it's actually interesting, insightful, etc -- whether or not they personally agree with what you're saying.
I've seen people say things very pro-Microsoft and anti-Linux, which were modded +5 insightful, and I agreed with the mod. You write like an autistic 12-year-old boy, so even when I agree with you, I'd also downmod you.
Yet you seem to assume that every single moderation is "I agree" or "I don't agree". Nope, this isn't Digg.
Don't thank God, thank a doctor!
We have a custom student information system built on Access and SQL server. We run it on a Terminal Server farm. This allows Mac clients to run the software, and it also allows remote access via an SSL VPN appliance. Terminal server was built for stuff like this. Many medium to large firms use terminal server to reduce end-client support costs, this also has the side effect of making the migration to Mac clients easier. -ted
You really don't "get it", do you?
If I don't, repeating the same bullshit for the third time in a row won't change my mind. It'll just show where we actually disagree. (Hint: It is possible for two people to understand an issue and disagree.)
Do you write code (if so, I'd like to see an example as proof of it, and I don't mean scripts (equivalents to batch files)??
I do code. You'll have to define what you mean by "scripts" -- even Bash is Turing-complete.
I also have nothing to f to you, especially if you're too lazy to Google me.
That is MUCH EASIER TO SPOT, in an app with its SOURCE OPENED
Easier to spot, and also easier to fix. When it's as easy to spot as you suggest, it's not going to survive long, particularly in a well-known open source application.
what on EARTH makes you think doing a LOCAL DOS is any more difficult OR DIFFERENT than a remotely done one?
It requires a local account. I can't believe you still don't understand this, especially since the website you linked to seems to have a pretty thorough understanding.
Say it with me: "Local" does not mean "LAN". It means LOCAL MACHINE.
I can still "suck up" connections from say, a webserver, and render it essentially inoperative & unable to field ANYONE's requests, from within a local network, same as I can remotely!
*facepalm*
Yes, remote exploits also work locally. That doesn't imply local exploits work remotely, which is what you're trying to illustrate.
Secondly, I don't use Wi-Fi
Not using an exploitable feature makes you secure! Who knew?
Most people use Wi-Fi, so this is relevant. Or does your guide tell people "Don't use Wi-Fi if you want Windows to be secure"?
You just described how easy it was to fix an exploit. I was describing how difficult it is to exploit something in the first place, whether or not it can be easily resolved. Those are completely orthogonal.
The point was that IF you have a workaround for a known exploit (such as AERO's)? You can secure yourself with said workaround... how hard is THAT to understand for you?
Ok, this is going to take some translation:
Me: It's hard to exploit X. ...
You: You can secure yourself against exploit Y.
Me: What? That had nothing to do with what I said.
You: How hard is it to understand? You can secure yourself against exploit Y.
Me:
Hmm, no, let me try again. Maybe this is what happened:
Me: It's hard to exploit IDE-CD.
You: Oh yeah? Well you can secure yourself against the AERO exploit, so the AERO exploit isn't worse than IDE-CD.
If I have to do that much work to understand you, you fail at communication. But sure, I'll bite: Even if I configure IDE-CD in its least secure mode, there are still two things which have to happen:
First, you have to get a local user account. IDE-CD isn't visible from the network, and webpages have no access to it, JavaScript or not.
Second, you have to get some blank media in the CD.
Third, you have to somehow burn something malicious onto said media.
And you have to do all that without the user noticing.
Oh, but it gets better. IDE-CD doesn't come that way out of the box -- the distros I've used restrict it to a "cdrom" group, which is also allowed to burn stuff. And it only works on a subset of hardware -- specifically, those with an IDE CD burner. I'm not even sure this particular driver is used on every system which has a CD burner plugged into IDE anyway.
Now, contrast this to Aero -- it can be exploited from within a browser, even with Javascript etc disabled, so it's easier to exploit when vulnerable. It's enabled by default, and it's a significant loss of functionality to disable it -- thu
Don't thank God, thank a doctor!
It's not, you "know my style" by now (I quote you, in bolds with quote marks etc. et al, & I 'sign off' on my posts, always...
I don't know you well enough to take you at your word for that.
YOU FINALLY NOW ADMIT THIS:
Only, you didn't (or rather, lol, WOULDN'T) admit it to me in our other exchanges here!
What is it you think I claimed?
You now, finally, admit that even a "remote classified exploit", such as let's say, a bogus DIV tag in a malscripted webpage with an invisible frame and bad code or a bad binary sent your way in it, can f' you up
Yeah, I never said a remote exploit couldn't happen. I also never said someone who'd used a remote exploit to gain local access couldn't cause havoc with a local exploit. Getting me to "admit" something obvious that I was never arguing against is not a victory for you.
Also, that's your strawman limit. Sorry, ignoring the rest of your post.
Don't thank God, thank a doctor!
Regarding the subject: That is true enough. However, a logical fallacy can only affect the argument in which it's employed, or any argument that uses it as a premise.
Let me give you an example of how an ad-hominem would work: "You don't know anything about security, THEREFORE what you said is wrong." You've strongly implied these, but I don't think you've outright said one yet.
I challenge you to find me committing this fallacy. You'd have to find somewhere I say "You're wrong because <insult>." It's not just me calling you <name>, it's me saying you're wrong because you're a <name>.
Now you're just a moron.
I don't think you're going to be able to successfully "double-talk" your way out of that!
That's not followed by any sort of "therefore."
It's interesting that you seem to have this idea of "double-talk" -- as if my attempts to be precise about language and terminology are trying to "get out" of something.
Put another way: If you and I met face to face, and you started insulting my clothes, laughing here and there for good measure, I wouldn't want to hang around you. You might insist that I know it's true, and that I should listen to you, you're a fashion designer, whatever, but if you start off with "That shirt looks like dog shit," I wouldn't be inclined to listen...
Well, then you had best "thicken your skin", because sometimes? Folks have opinions...
If you occasionally joked about my clothes, fine. (I use clothing as an example -- most of them, I really don't care.) If you merely had an opinion, like, "That shirt really doesn't look good on you," that'd be considered rude by most, but I'd probably be thankful for the advice. If you instead said "That shirt is dog shit," I'd be annoyed, but it's not like I'd run home crying.
But if you repeatedly say shit like that, snide little remarks all the time, then yeah, I'd be gone. There's having a thick skin, and then there's choosing to hang out with people who aren't assholes.
Also, interesting double-standard. You start with "open sores", and when I say "Don't be a dick," you suddenly get defensive and shout "Name-caller!" Thicken your own skin.
You know, you "busted my balls" for using the term "Open Sores", but they CAN be that...
Nope, it's still a pretty damned insulting analogy. Let me put it this way:
"Does this dress make me look fat?"
"*gulp* It's... maybe we should try another one."
vs:
"Does this dress make me look fat?"
"No, your ASS makes you look fat!"
Sometimes it's not what you say, but how you say it.
Where? I mean, fine & dandy YOU merely SAY that, but I'd like to see where I did so...
"Open sores" maybe? Sure, it's calling a thing a name, and not a person... But there's also this:
it doesn't sound as if you've had any professional experiences in "pen testing" based on your replies here.
No overt names being called, but both of those were unnecessary. I admit I may have exaggerated a bit -- I get frustrated by people who simply repeat the same arguments I've refuted multiple times, hoping that maybe this time I'll "get it".
Again: People who use terms like "M$" tend to get downmodded.
Whoosh, that's rather lame... after all, Microsoft IS A BUSINESS, and is ALL ABOUT making "$"... one of the wealthiest corporations on the planet, so I'd actually take THAT as a compliment!
I suppose it's about more than just the term. I can point you to posts like that, but the usual implication attached to it is that Microsoft is all about money, that they're otherwise evil and incompetent.
Beside the point, though. You're asserting that there's some massive mod bias, even conspiracy, that'll have you modded troll every time. Th
Don't thank God, thank a doctor!
Yes, as per usual from you? NO PROOF when it's requested...
You requested proof of a position I didn't hold, which is that there is an explicit, written rule that says exactly what you were suggesting. You also haven't addressed what I pointed out, which is that you're exploiting a weakness in a system obviously put in place to enforce something.
LOL, ok - but not 1/100th as easily as you are,
Still not terribly difficult.
Uhm, care to show me your PHD in psychology,
Are opinions on how crazy something sounds only valid if they come from a PHD? Appeal to authority.
Again, I use quotes as a form of emphasis is all, get used to it. Many others do as well...
Can you provide an example?
Using language incorrectly, and saying it's just your "style", doesn't make it correct.
Right, but, how many write as I do
How many have tried?
which you complain endlessly on, to the point of calling me names...
I was calling your style a name, and that's an important distinction. Even so, are you saying you're proud to write like an autistic 12-year-old boy?
LMAO - ah yes, the LAST RESORT OF THE DEFEATED TROLL, along with name tossing, now in your "grammar & spellcheck + writing style critique", lol... care to show us your PHD in English...
Another appeal to authority, along with a non-sequitur. You haven't even demonstrated that I'm a troll.
or that this is the "english grammar, spellcheck, and writing style section" of this forums?
I may actually be offtopic. First valid point you've made this post.
Is that the "best you've got"?
You know, it's more than a style thing, it's downright dishonest. A casual reader might be inclined to think you're quoting me -- that I somehow said somewhere that this was the best I've got.
I mean, hey - Your technical know how has been shatttered & destroyed by myself (and others too
If by "others" you mean "one other AC who may have been you," sure.
In fact, you've done similar things in the past, though I can't remember exactly when or where. I distinctly remember you posting something without signing it, and admitting later that it was you, just trying to see if a different writing style and lack of a signature provoked a different response.
While I was maybe a bit kinder towards the new person, my position on the technical issues didn't really change.
It was a similar situation, too -- an AC who posted on a thread that was buried and deep, the kind that is very rarely touched by anyone except me and the one other person I'm still talking to -- which makes it all the more likely that it's you. Yet I haven't assumed, I only asked the question.
Also interesting that this other AC hasn't been back at all, even to clear your name, not that it would really help.
Please... ask your "precious moderators" if that is an IP I use, ok?
Moderators can't see IPs.
YOUR TROLLING PERFORMANCE IS DOWN LATELY!
And now you seek to establish that not only have I trolled you here, but that I habitually troll people. Care to show any evidence of that?
Of course, this was never about truth to you. It was about winning:
I gotta say this too: "too, Too, TOO EASY", just too easy for me to do, as per usual, vs. yourself!
It really is that important that you win, that you be right, and that you show that I'm wrong about something, to the point where you blind yourself to the areas we agree.
Don't thank God, thank a doctor!
I think that at this point you can cease attempting to troll this anonymous coward akp because he has literally destroyed every argument you have tried on him
Bahahaha... you didn't even change your style much, APK. Same style of quoting me, only without the bold and the signature.
But of course:
It's obvious what you admitted in that your remote exploits you said were that only are indeed local ones.
Erm, what?
Here, maybe I can say something unambiguous even to your quote-mining, for once:
A remote exploit is an exploit which can be triggered remotely, without having access to an OS-level user account on the system being attacked.
A local exploit is an exploit which can give an OS-level user account the ability to do more than they should.
Based on the above definitions, if a hypothetical system had only local exploits, but no remote exploits, then no one could exploit the system unless they already had some sort of access.
And based on that, remote exploits are generally more severe than local exploits.
What about this is untrue, or inconsistent with my position throughout, or has been "destroyed"?
Don't thank God, thank a doctor!
So, erm, do you have anything to say of your own, or are you just a sock puppet for APK?
That entire run-on paragraph was pretty much a straight reiteration of what APK feels are his best arguments. Since about two or three posts in, neither he nor you, if you are indeed a separate person, have added anything to the discussion other than re-iterating your arguments and calling me stupid for not getting them.
Don't thank God, thank a doctor!
Since Linux has made itself a viable desktop alternative within the last 3-4 years and Apple has claimed roughly 8 percent of the desktop market, this was inevitable. No company or government entity wants to be at the mercy of another, they realize, they personally do not have the ability to make Windows safer, cheaply. Why recreate the wheel when you can just buy a new one, better yet one that's free!
Our company offers users a choice, internet connectivity with linux or a MS desktop without internet connectivity. What do you think that the result has been?
And, you don't quote others?
Most people don't quote others by adding a "-by" and a timestamp. In fact, I've never seen anyone but you do it.
Ok, now onto your contradicting your OWN words
You are really going to have to explain how these contradict.
All exploits eventually touch the local system, of course.
What about this contradicts the definitions I gave?
They do, and they ALL really "boil down" to being LOCAL in order to work, period.
Another failure at basic logic.
They all boil down to being local in order to work. However, that does not mean a local exploit "boils down" to being a remote exploit.
Basic composition fallacy on your part: All tigers are cats. That doesn't mean all cats are tigers.
You have not yet provided a shred of evidence or argument that local exploits are as bad as remote exploits. Please state whether you believe local exploits are just as bad as remote exploits.
You're hilarious at this point... one contradiction after another!
You just made a composition fallacy. Not even that -- composition fallacies are slightly more sophisticated than the mistake you made. Calling me self-contradictory after that is downright projection. I hereby dub you the NephilimFree of computer security.
Don't thank God, thank a doctor!
It seems you don't realize what they are, even though I've explained them to you at least once.
You're violating a basic tenet of it
Swing and a miss. Ad-hom is far from a logical axiom. It's not even always fallacious. When it is, it's a specific case of non-sequitur.
you cannot produce proof of your successes in the art & science of computing
There is a difference between "cannot" and "don't care." While we're on the topic of logical fallacies, half of what you say is an Argument from Authority.
Don't thank God, thank a doctor!
Yup, as I suspected (my "ESP" must be on HIGH setting, eh?) - you're just another "Script Kiddie" trying to play "expert" with me...
Do "Script Kiddies" generally know what "Turing-complete" means?
If you insist, I'll list the languages I have actual experience in. Just because I know MVS assembly doesn't mean I prefer low-level drudgery to high-level application development. Indeed, working at a higher level can improve security -- I actually cannot write a buffer overflow in the languages I use most often.
Before you say it: can improve security. If you're writing raw SQL by concatenating strings in the middle of an HTML template, you're Doing It Wrong. You can write COBOL in any language, just as you can write LISP in any language. I measure languages by how easy they make it to write secure, stable, maintainable code.
IF you were ANY GOOD? You'd have KNOWN
This isn't a logical fallacy, but it's something seriously limiting your personal growth. You assume that merely because someone disagrees with you, they're wrong and stupid.
Sure, sure... I only stated facts
Fact: I went from no knowledge about Chrome extension development to a working adblocker in only a few hours.
Fact: I am currently fluent in five separate programming languages, and decent at an additional eight. These aren't just Algol-derivatives -- it's everything from assembly to Lisp and Erlang.
Stating facts doesn't make the act less egotistical, which is why I didn't mention either of these except right now. I'm mentioning them now, not to show you how great I am, but to show you what bragging looks like. It looks just like your list of publications which you drop at every turn.
it's just as good as WIRED is
Ah, but now we're back to only your word for that. Kind of circular, isn't it? You're so knowledgeable because you were published in WELT, and WELT is so great because you say so?
Well, I don't toss names in Ad-hominem attacks as you do out of frustration
Actually, yeah, you do. You did in this very post:
probably while you were still in diapers I also strongly suspect
Not your worst, and I won't speculate as to your motive, but there you go.
As for things NOT "GOING MY WAY"? Well, this appears to the contrary once more in my favor
Are you going to claim you have a perfect life? If not, answer the question -- note that I qualified it with when.
Don't thank God, thank a doctor!
That's an ad hominem attack
You clearly didn't read my post, nor have you looked it up. You should know from our previous discussions that if you don't read my post, I don't read yours.
Don't thank God, thank a doctor!
Yeah, and that's not even counting all the volunteer sysadmins they get from running Windows all over the enterprise.
If you mod me down, I shall become more powerful than you could possibly imagine.
My understanding is that the Windows BSD based network TCP/IP stacks (as in the parts routing packets in the kernel rather than userland utilities) were written back in the Windows 3.11 and NT 3.1 days and were 3rd party addons. The core network stack shipped in the box has apparently not been BSD derived (and MS has claimed to have rewritten the stack several times since) - only the userland utilities so there are substantial differences and behaviour (perhaps that's why they fingerprint differently to tools like NMAP?).
Per my subject above? That's a logical fallacy in & of itself,
Already refuted this -- in fact, this specific thing. You know exactly where I did, because you posted something about "making excuses" without actually reading it. Hint: Ad-hominem takes the form of:
Premise: The person making this argument is a bad person of some sort.
Conclusion: The argument they are making is wrong.
It does not take the form of:
Premise: Person X is behaving badly.
Conclusion: Person X should behave better.
Now, by itself, that's not a complete argument. It's based on the implicit premise that people should not behave badly. But it was also never intended to be a formal argument.
that 'Open Sores' rib of mine "sets you off" hugely - that's your problem, not mine
It is, however, a serious interpersonal problem you have -- and you don't even seem to care. Try this for a thought experiment: Next black person you see, make a comment about "Niggers" or "Porch monkeys" and try to tell them it's their problem if they take offense.
This isn't an English class, or a paper for a grade
You're right, it's not a paper for a grade, or a formal debate competition, so why are you so concerned with winning?
However, it is on topic when you start bitching about how you get moderated. This is precisely why. Your posts would be crap even if there was solid technical merit. If there is, you're not doing a very good job of extracting it, since you're more interested in finding something to disagree in what I have to say.
For example:
Are you trying to tell us that using debuggers' assembly language dumps/traces OR even fuzzers is easier and faster than looking for bad coding practices in actual sourcecode or faulty instructions like sscanf in C compilers is?
Nope. Never have. In fact, if this was the only thing that determined the security of a system, you'd have a point.
I've also given you more than enough opportunity to prove your intelligence -- to prove that you've earned the credentials you cite -- by making an effort to read and understand what I'm actually saying. The fact that you would ask this, even rhetorically, is evidence that you are not now and never were paying much attention to what I have to say, or worse, that you're incapable of understanding it.
Too bad, because we probably could have some interesting discussions.
But this isn't a discussion, is it? It's you shouting with your fingers in your ears.
Don't thank God, thank a doctor!
Each time you make a posting here? IT SAYS "BY [insert name here]".
I did notice that. Did you notice that it doesn't insert that after each quote? Again, I have never seen anyone else quote in the way you do.
I just highlite your name in the posted by section of your replies,
Then why is it that practically no one on Slashdot does that, except you and one random person who stumbles on your thread?
The funny part is that you then want to lecture me about keeping some dignity.
Others do the same obviously as it saves time
Care to provide an example? Again, I never see it.
cites who said what
Because clicking "parent" is too hard for people? Another common method, if it's much higher up the chain, is to link to the original post, or specify "grandparent" or whatever.
in order to show EXACTLY what point of theirs I am disputing AND DISPROVING
Takes more than a citation to do that. Look up quote-mining.
What's wrong with that?
Well, it's obnoxious and unnecessary, but that's not really wrong, that's a matter of personal preference. What's wrong is that you felt the need to post as someone else, lying about it then and now.
Ahem: "Yea, right"... did you say THIS below, or not?
All exploits eventually touch the local system, of course.
I did. You have yet to explain why this is inconsistent or even wrong, other than to strawman me by suggesting I held a position diametrically opposed to the one I actually hold.
You just made a composition fallacy.
Your REPEATED name calling is Ad-Hominem attack upon myself,
That's changing the subject, and I've already refuted the ad-hom charge. Please explain how it's not a composition fallacy.
someone that's taken & done fairly well in LOGIC
Then try employing some -- again, explain how what you said is not a composition fallacy. When you're done with that, either show me a source that defines Ad-Hominem other than how I've defined it, or explain how according to my definition, what I said is an ad-hom.
Don't thank God, thank a doctor!
Hmm, looks like I missed this:
It also proves I read your points and answer (and defeat & disprove) each one YOU MAKE
Proving that you can copy and paste doesn't show you actually understood what was said. Actually responding (rather than copying and pasting your earlier, failed arguments) would be a lot more helpful.
Don't thank God, thank a doctor!
Are you trying to tell us that using debuggers' assembly language dumps/traces OR even fuzzers is easier and faster than looking for bad coding practices in actual sourcecode or faulty instructions like sscanf in C compilers is?
Nope, and never have. I've answered this elsewhere.
ask their editors if you wish... You are also free to write Mr. Eric Dickman, CEO of SuperSpeed.com,
Will either of them personally go through your posts here? That's the point.
PC-WELT is the equivalent of the USA's "PC WORLD" magazine, & I never called them "great" - quit trying to put words into my mouth I never stated
"Look on my works and despair..." Or why include it in the list?
by now, it's obvious YOU have never done the same
Actually, it's not. I just don't care to spew my credentials over every page. Either my arguments speak for themselves, or they don't. Yours obviously need that Appeal to Authority.
I never said any of these mags was great, quit trying to put words into my mouth I never stated
You compared yourself to Ozymandeus, King of Kings. As I didn't quote you exactly, I'm only paraphrasing what I took you to say.
WTF? LOL, man... you are REALLY "reaching" now, aren't you?
Can you say "projection"? I knew you could.
So after the QUESTION you started off with, you're going to accuse me of putting words in your mouth?
By your reaction, I can assume you don't have a perfect life -- thus, things don't always go your way. So maybe now you can answer the question: When things don't go your way, do you blame God, just as you give him credit when things do go your way?
Don't thank God, thank a doctor!
Ok "google child"... listen: I don't have to look it up!I have actually TAKEN AND DID PRETTY WELL IN A FORMAL LOGIC COURSE DURING CSC DEGREE WORK... have you?
If that's true, you should realize that what you're doing here is an Appeal to Authority -- and yes, you're using it in a fallacious way.
NAMECALLING
Still can't tell the difference between calling you a name, and describing your behavior. It's subtle, but even with Intro to Philosophy (a fairly informal course), you should be able to see it.
Even if I was calling you a name, attacking the man is not automatically argumentum ad-hominem, which is still not automatically a fallacy.
I quote each point of yours, usually POINT BY POINT,
You didn't quote this one.
I am not sure you CAN read properly, and I am fairly certain at this point that you have NOT actually taken & passed logic in a formal collegiate environs,
One thing I do know from college is the purpose of citation. One purpose is so that a skeptic will take you seriously. It goes something like this:
Me: This is what an ad-hom is, this is why it's not always fallacious, and here's my source. (link)
You: No, ad-hom is something else!
Me: Ok, why is it something else?
You: That's evasive!
Me: Erm... do you have a source that it's something else?
You: I don't need a source, I have a degree!
Yeah, I start to wonder if you've got a degree when you waste this much time repeating your appeals to authority. Prove that degree is worth something and show me that you know something about logical fallacies.
Don't thank God, thank a doctor!
ADHOMINEM = YOU ARE "ATTACKING THE MAN", not his arguments, period.
Not a logical fallacy. The fallacy is when you attempt to advance attacks on the man as evidence that his arguments are fallacious.
The irony is, I haven't done this, while you do a special case of it all the time:
HAVE YOU EVEN TAKEN & PASSED A FORMAL LOGIC COURSE IN COLLEGE ENVIRONS BOY?
That is pretty much a textbook ad-hom.
Don't you mean that for yourself?
"I know you are but what am I?" may have been clever in kindergarten, but it's not a logical argument.
Just as I suspected, and now I know to be true: You have NOTHING like this very partial list of accomplishments in respected publications...
This isn't my resume. Which might not even be terribly hard for you to find, if you cared to look.
Again, note how I didn't come out and list the programming languages I know when you first demanded them. Wasn't that embarrassing, after calling me a "script kiddie", to find out how many "real" languages I know? Maybe you'll take a hint this time and go back to attacking my arguments, instead of my qualifications.
Don't thank God, thank a doctor!
SanityInAnarchy, I am not apk.
Then who are you?
also shows you performing a logical fallacy called ad hominem, which means attacking the person and not the topic at hand.
For it to be a fallacy, it must be more than that, as I've explained elsewhere. Since you're not APK, and haven't shown any credentials, surely you can show me where you're getting this from.
I posted as an anonymous coward so that you cannot harass myself as you are others
Another stylistic trait of APK is referring to himself as "myself," where "me" would work well -- something he does often, and something others do very rarely.
Really, APK's "voice" is pretty blatant, especially compared to most others here.
There's also the fact that your opinions match his so perfectly, and many are opinions I can't remember seeing often here -- for instance, the opinion that you don't want a Slashdot account, because you don't want to be "tracked" or "harassed".
About the only thing you're missing is his swagger.
Don't thank God, thank a doctor!
Sad.
No, not reading and responding to a post which has a fallacy -- one I've repeatedly pointed out to you -- in the subject.
Don't thank God, thank a doctor!
"The definition of insanity is doing the same thing over and over and expecting different results."
Why is it that you think repeating (or summarizing) the same arguments is going to accomplish anything? When you start making points again, I'll start countering them again.
Don't thank God, thank a doctor!
...then "PROVE" I don't have a PhD in Computer Science, with a minor in Math and Philosophy.
If you can't, then maybe this can stop being an argument about who has the better credentials, and start being an actual discussion. Remember, I didn't start pointing out your sock-puppeting until after you'd started your appeal-to-authority campaign.
Please, take THIS advice - Don't waste all your time here!
That's probably the most intelligent thing you've said, because you truly are a waste of valuable time, of which I have very little this week.
Don't thank God, thank a doctor!
This is the error of attacking the character or motives of a person who has stated an idea, rather than the idea itself.
Note that I do continue to attack your ideas. Furthermore, here's an explanation:
In reality, ad hominem is unrelated to sarcasm or personal abuse. Argumentum ad hominem is the logical fallacy of attempting to undermine a speaker's argument by attacking the speaker instead of addressing the argument.
Those "personal attacks" (to the extent that they were -- "don't be a dick" has never been a personal attack) were not attempts to undermine your argument -- I could do that well enough on my own.
However, you have been guilty of exactly this, haven't you? It seems every single claim I make, you counter with "Where's your degree that proves you have a right to say that?" You did it right here:
You're no expert in LOGIC, not in CSC/CIS/MIS, nor in English (per your 'grammar/spellcheck/writing style' forensics & critiques attempts, minus provable expertise in any of them yourself or degrees or licenses in them either), nor in Psychology (per your libel directed my way on that account also).
Show us degrees that show you are in those? I'll take it back... until then? LMAO!
In other words, "I'm not going to listen to anything you say unless you have a degree." How elitist and naive -- but it's also a perfect example of argumentum ad-hominem. Instead of addressing my argument, you attack my credentials, in an attempt to undermine my argument.
Another source, with its own citations:
Many people seem to think that any personal criticism, attack, or insult counts as an ad hominem fallacy...
People like you, apparently.
Each subfallacy listed on that page is explicit that it applies when such arguments are used as evidence against the position -- which again, I have not done, though you have.
Ad-hominem is described as the introduction of a red herring, which you commit often, which is described like this:
This is the most general fallacy of irrelevance. Any argument in which the premisses are logically unrelated to the conclusion commits this fallacy.
But I gave no conclusion about your arguments.
Finally, I'm not surprised you've forgotten:
when I brought up the fact that looking for faulty coding practices or risky compiler instructions like sscanf are easy to find... You were reduced to using ad hominem name calling
So you're implying that at this point, I had no argument, and all I did was ad-hom? Let's find out:
Linux always has more vulnerabilities publicly found and fixed due to it being open source, a process which leads to a more secure system -- wouldn't you rather have a vulnerability found and fixed, or even found and marked "unpatched" on Securina, than found and exploited (hidden) elsewhere?
Now, I'm not saying this in itself is an airtight argument, but it's also one that addresses your claim that merely having the source available naturally leads to a less secure system.
Revealing specific techniques for searching through source code, versus analyzing binary, are irrelevant. I never once claimed that vulnerabilities are harder to find in open source. My claim was that the fact that vulnerabilities are easy to find in open source makes it more secure in the long run.
Of course, that wasn't the post where I supposedly ad-hom'd you. Let's look at that one:
if I have the
Don't thank God, thank a doctor!
AD-HOMINEM ATTACK (a logical fallacy)
I've addressed that elsewhere. It'd be a lot more convenient if you could stick to a topic, so we didn't have five simultaneous threads on the same issue. Please stop copying and pasting like that.
Again, you're doing your usual "putting words in my mouth I never said", as you have before!
Oh, that'll be exciting. I suppose you'll show me where I said that you said something...
I never said it was the "only way"
And I never said you did! Fail.
No, I said you would have a point if it was the only way. Indeed, you dishonestly use quotes around "only way" despite that I didn't use those words. Here's what I said:
if this was the only thing that determined the security of a system, you'd have a point.
Since we both know it's not, you should realize that you must do more than show that vulnerabilities are easier to find. You must also show that there are just as many vulnerabilities as there are in proprietary software. Good luck, though, as there are likely many more vulnerabilities in proprietary software which have never been found (or fixed) -- since they are, as you said, hard to find.
You must have seen the link from LeMoyne where I was a lettermen...
There's still the part where you have to tie that to these posts. I could log on as AC and claim I'm Steve Jobs, but that's irrelevant unless I can prove I actually am. Proving Steve Jobs has credentials is beside the point.
Don't thank God, thank a doctor!
It's very easy to mistake any critical question for raw snark when it's written in text on a forum full of strangers, especially a place like Slashdot. I find that it's *usually* worth the effort to resist that impulse.
Information wants to be anthropomorphized.
Tu quoque is a subset of ad-hominem, meaning, again, it applies when one is using this instead of attacking the argument. Of course:
I attacked you ONLY AFTER you repeatedly performed an Ad Hominem attack on myself (in your outright blantantly calling me a moron, dick, & other "choice words"),
In other words, you're overly sensitive when constructive criticism is presented with vulgarity. Contrast to your use of "open sores", which is neither constructive nor actually criticism, but merely abuse -- exactly what am I meant to take away from that?
You've also refused to (or are unable to) make this fine distinction: My use of "dick" was a description of your behavior, not your character.
Tu quoque literally means "you too", which is something you've done pretty consistently, as above. (If you really want to play the "who started it" game, you said "open sores" long before I said "don't be a dick.") But that isn't what I've done -- I have pointed out your blind hypocrisy (to the point of projection) while defending my own position.
You acknowledge that you attacked me. I still have not attacked you -- see above for the distinction.
Don't thank God, thank a doctor!
My ideas are simple, and you don't even DENY the ones on "Open Sores" code being easier & faster to find errors
That's correct. Finally, you acknowledge this.
All I did was point that out,
And I responded.
All I did was point that out, and the fact that though many "Pro-*NIX" people rant "I have the sourcecode, I can fix it"...
In what way is this not true?
And why must it be me myself? When I say "I", I mean "Anyone with the time and skill." Windows can be fixed by anyone with the time, skill, and appropriate position at Microsoft -- or by people with several orders of magnitude more time and skill with a disassembler, in theory.
But as you say, it's far easier to work with source -- both to find and to fix vulnerabilities.
Can YOU, yourself, PROFICIENTLY code in C/C++?
I have. I don't, as a rule, but that's due to personal preference, not a lack of ability.
Also, for YOUR sources? Try to cite an educational institution, as I did, next time!
You didn't even address the content of my sources, did you? Ah, well...
I can also argue independently of them -- do you know what a non-sequitur is? Abuse which is used as a premise to an unrelated conclusion -- "You're stupid, so you must be wrong" -- is a fallacy. But abuse can easily be used to support a conclusion -- "Your writing sucks. People aren't often taken seriously when their writing sucks. You want people to take you seriously. Therefore, you should strive to improve your writing."
At this point, whether we call either "ad-hominem" is shifting the debate. Find the formal flaw in the above argument about your writing.
Oh please - you OUTRIGHT CALLED ME A MORON!
Again, you missed that all-important word being. Smart people can do stupid things.
The day you can produce as many decent accomplishments as I have in respected publications centered on Comp. Sci. as I have is the day you can call me that,
Again with the appeal to authority. Are you going to tell me why it's not? Are you even going to address it?
Or are you going to actually Tu Quoque me, by refusing to address any fallacies so long as you believe I've ever used any?
TU QUOQUE
Found a quote about it:
Tu Quoque is a very common fallacy in which one attempts to defend oneself or another from criticism by turning the critique back against the accuser.
As for this being "forum logic", this is also from Fallacy Files, which also cites various print sources. Again here, I am contrasting what you accuse me of (which turns out not to be a fallacy) with what you have done (which turns out to be a fallacy).
As usual, you have responded, not by actually responding to your own fallacies (appeal to authority being the most frequent), but by attempting to point out one of mine -- which is the classic tu quoque. In the same sentence in which you accuse me of tu quoque. Hilarious.
HAVE YOU EVEN TAKEN AND PASSED A FORMALLY ADMINISTERED LOGIC COURSE IN COLLEGIATE ACADEMIA? Obviously not...
Of course, this comes immediately after your accusation of fallacy. Hello? Appeal to authority? Is this thing on?
You can stop your usual "putting words into my mouth I never said"
Am I doing that here?
No, it leads to being able to find SECURITY VULNERABILITIES IN AN OPEN SOURCED APP (meaning having actual sourcecode, vs. only a binary executable for instance) FASTER THAN YOU CAN IN A CLOSED SOURCE EXECUTABLE
I never disputed that. You have yet to respond to these same vulnerabilities being faster to fix. Did you catch the vulnerability the Google engineer disclosed? He gave Microsoft five days,
Don't thank God, thank a doctor!
First of all: You DEFINITELY tried to imply it.
Nope.
Secondly: What EXACTLY were you implying?
What I said. Is it so hard to read what I actually said? In fact, I clarified it in the very next sentence from the one you quoted:
Since we both know it's not, you should realize that you must do more than show that vulnerabilities are easier to find. You must also show that there are just as many vulnerabilities as there are in proprietary software.
You didn't.
I came in here demonstrating WITH VERIFIABLE FACTS FROM A REPUTABLE SOURCE (in secunia.com security vulnerabilities data) that LINUX 2.6x, the "latest/greatest" from LINUX has more KNOWN security vulnerabilities...
Fixed that for you.
There's also quality over quantity -- the number of remote vs local exploits. You need a remote exploit first, before the local exploit matters.
I also submit & HAD YOU ADMIT TO IT NO LESS, that "Open SORES" code has a disadvantage
Yet you refuse to admit the corresponding advantage.
you asked for proofs of where I have been shown in publications of respected & some notoriety in this art & science of computing, & I told you who you could write in that regards AND how to research them...
You did not answer whether those people would be willing to review this particular Slashdot post -- and would you really want me to waste their time with that? That's the problem with being anonymous. It wouldn't be enough for them to say that APK did this, they'd have to confirm that this is APK.
You seem to have a remarkably bad track record for proving you are who you say you are.
Don't thank God, thank a doctor!
Read.
it is argued that a statement is correct because the statement is made by a person or source that is commonly regarded as authoritative.
Where in that does it say that this only applies to incorrect authority? It does not. In logical debate, sorry, but no amount of authority (earned or otherwise) excuses you from justifying your position.
From your ad hominem & tu quoque (ad hominem again) attacks directed my way? No way you could have,
From your failure to distinguish an ad-hominem from an entirely-aside comment on behavior (not intended as a red-herring at all), I could guess the same about you.
Or you could realize you're on some pretty bad epistemological grounds to make such a claim. Intro to Philosophy would've taught you that.
Don't thank God, thank a doctor!
You really like copying and pasting, don't you?
You clearly are capable of making points, as you seem to be trying to do elsewhere.
Again: I don't understand why you think "summarizing" (summary-by-copypasta?) will make anyone more likely to agree with you. If you don't think that, I don't understand what your motivation is.
Don't thank God, thank a doctor!
No no senor - the "burden of proof" is NOW upon you
You forgot the null hypothesis.
If you said "I don't know that you have a degree," the burden of proof would be on me. I have not said I do, but you continue to say I don't.
Since you are the only one making a positive claim about the existence of my degree, the burden of proof is on you.
Now, you started the dick-waving about degrees long before I pointed out your sock-puppeting. This was analogous -- I am not actually asking you to prove that.
Instead, I'm offering a simple deal: I'll drop it about your sock-puppeting (seriously, who says "judging by your bad performance" except you?) if you drop it about degrees.
However, those? Those are NOT as bad as your LOGIC blunders in:
Let me know if there was anything valuable in that. I don't read you when you copy and paste.
This only FURTHER proves it (SanityInAnarchy is giving up & crumbling...
Or you could take it at face value.
LOL, perhaps I've inspired him to earn a CSC/CIS/MIS degree finally? Doubt it... he strikes me as a big talking slacker actually!
About 3 hours of sleep per night for three nights in a row, and running full steam the rest of the time. Yep, I'm a slacker.
It occurs to me that I could offer you the proof you keep demanding, right now. I could show you what I've been doing this week. I could show you my real name. I could show you a very large software development community which seems to value my contributions, and I could show you how they did so.
But it wouldn't change a thing, would it?
If I met you in person and showed you a PhD, at the very best, it'd get you to shut up. But I can do that anyway, clearly, by simply ignoring the thread. Despite all your appeal to authority, if I showed you authority higher than yours which disagrees with you, it isn't as though you'd instantly reverse your position.
Am I right?
Prove me wrong. Go back to the original, technical topic. Stay focused. Write concise answers, and put them in one place, instead of copying and pasting them everywhere. Make it about finding out what's actually true, actually communicating, instead of just playing to win. ("performance"? Really?)
Or prove me right and paste your Ozymandias bit again. Do you know the rest of that sonnet?
I met a traveller from an antique land
Who said: Two vast and trunkless legs of stone
Stand in the desert. Near them, on the sand,
Half sunk, a shattered visage lies, whose frown
And wrinkled lip, and sneer of cold command
Tell that its sculptor well those passions read
Which yet survive, stamped on these lifeless things,
The hand that mocked them and the heart that fed.
And on the pedestal these words appear:
"My name is Ozymandias, king of kings:
Look on my works, ye Mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare
The lone and level sands stretch far away.
Wreck. Nice.
Don't thank God, thank a doctor!
per this article from TODAY NO LESS? So do others (in respected publications no less - take a read):
Fascinating:
Holy scriptures: The Lord of the Rings; Programming Perl (aka "The Camel Book")
Are you really taking this as a serious article? Seems like the majority of Slashdotters I meet hate Perl, for one...
Pity the fool who wanders blithely into a discussion and says, "What's the big deal with Linux? Windows works just fine." His online remains will later be hauled away in Chinese takeout boxes.
Without, of course, any reference or citation. This article certainly seems to have representation from both sides -- anti-Microsoft, and anti-Google.
I have seen pro-Microsoft comments modded to +5.
Of course, here you go:
How does one recognize a Slashdotter in public? One doesn't, says Malda, because they almost never leave the house.
So clearly, this was an article about humorous stereotypes, not about reality. (Do you really want to know where I've been this week?)
Don't thank God, thank a doctor!
I would normally defend the merits of Linux and free software, but I have to disagree with you on the importance of local DoS. A local DoS can become a remote DoS when combined with a network interfacing program that has exploitable buffer overflow.
I once had a signature.
Great. You copied and pasted from your other post as I'm replying to it.
Do yourself a favor: Unbind ctrl+c and ctrl+v for a day. It'll make you a lot more interesting to read.
DEFINITELY a name tossing ad hominem attack on myself...
No it wasn't. Do you really want to continue?
especially on technical issues here, and even though you are trying to "drag this further off topic"?
That's hilarious. You're the one who not only responded to the ad-hominem stuff in the appropriate thread, but dragged it (via copy-and-paste) into every other thread we had going, spending at least as much time on that as the technical stuff. And you're the one who dropped the technical discussion to respond to the discussion of logic, still ignoring the benefits of open source until recently.
And your attack on those benefits? One random person you selected is not contributing to the Linux kernel directly, therefore "many eyes" doesn't work? But go to the other thread, I've got a rebuttal there.
you could realize you're on some pretty bad epistemological grounds to make such a claim. Intro to Philosophy would've taught you that.
Oh, that's RICH: Coming from a no degree
*facepalm* And that's circular. Blindingly, obviously, circular. Another thing you should've learned in...
See how that works? You dismiss my argument because you haven't seen a degree. I point out that this dismissal is poor epistemology. You ignore that argument because you haven't seen a degree. But you see, if that argument is correct, you should listen to it and the previous regardless of degree.
First establish your epistemology is in any way correct, or at least reasonable. Then use it to disregard other things as untrue.
Oh, and you have the energy to copy and paste, and type prolifically for days at a time about how worthless I am without whatever credentials you think I should have, but you don't have the energy to look up my credentials?
Don't thank God, thank a doctor!
http://www.csun.edu/~dgw61315/fallacies.html
Find a URL without the tilde. Seriously -- at least Wikipedia cites sources, and has multiple contributors. That's just one person's assertion.
The topic here and this forums section, in case you had not noticed? It is comp. sci. related material, not logic,
Really?
Logic can be reduced to math. All programs can be reduced to math. And as you pointed out, you needed a Logic class for your degree.
Not that this is in any way relevant -- logical fallacies are fallacies in any field.
WTF? Who are you trying to fool here?? This, on your part???
Ah, right, the personal attack.
Still not a fallacy. You may well be a moron, but it doesn't automatically make you wrong in this case, and I didn't imply that. That is when ad-hominem is a fallacy, because that is when it's a non-sequitur. We've been over this.
Oh, that's RICH...
Want me to copy and paste my reply, too?
LOL, no no senor...
You don't get to dismiss one of the most important philosophical concepts of our time with "no no senor".
Again, you are making a positive claim that I don't have a degree. I am not and have not claimed anything about a degree. Burden's still on you -- it doesn't magically shift to me because you say so.
Pfah: I've shown you that much BY THE SCORE...
Who's keeping score? You again seem lost in your own little world -- of course you think you've won. So does NephilimFree. He also believes in a geocentric universe and a young earth. Do you think he's won?
from more respected sources than you are noting
Some random user's homepage is "respected" now?
you only have your evasions now + attempts @ doubletalk
I'm simply done playing the credentials game. I have no desire to make it any easier for you to find the real work I'm doing, the stuff I'm passionate about, and fling insults about it, troll the mailing lists and code reviews, and generally make life unpleasant for me.
Despite that, you actually have more than enough information to find what I'm talking about, but you don't seem to care, so I'm not making it easier for you.
you violate its logical debate tenets like MAD
Neither you nor your "easily found" tilde-prefixed homepage set the rules for logical debate.
Also, posting DAYS LATER on your part? Did you think I would just let YOU "skate away"
I did warn you I'd be busy this week. I did that in my last post to you before I disappeared. That's a giant hint as to some of the credentials I might have. What might I be fantastically busy with this week?
Don't thank God, thank a doctor!
"That's correct. Finally, you acknowledge this.
WTF? No, you had to CONCEDE that
Show me where I ever said anything other than that.
I never did. I always "admitted" it, always accepted it, and my initial arguments assumed it. You somehow missed this, and needed me to spell it out for you explicitly, multiple times, before we stopped talking past each other on that point.
You then go on to elaborate as to how I scrambled to completely shift my position... really? Were you paying attention at all? Have you even bothered to look at my earlier posts other than to whine about where I hurt your feelings?
This was only to show & expose you in the fact that you "talk a big game" but you have no degrees or certs to your credit,
What, because people with degrees and certs only program in C?
I have. I don't, as a rule, but that's due to personal preference, not a lack of ability.
Sure, sure: "WE BELIEVE YOU"
So what was the point in asking me, if you're going to outright call me a liar?
No, I just used actual educational institutions on the grounds of logic whereas you by way of comparison?
I just replied directly, using more basic logical axioms. I showed, directly, where and how ad-hominem is a fallacy.
You, as usual, ignored my arguments -- actual arguments, not just assertions -- and considered only sources.
Yea, sure... is that why You had to use WIKIPEDIA?
Because I'm lazy, and it's far easier to tell you to go educate yourself, and link to a resource on the topic, than to spell it out for you in painstaking detail, over and over again.
Uhm, lmao... those modules (classes, objects, units, headers, etc. et al)? They are ALL part of a system, & the parts make up the whole and they interact with one another... you can't avoid it
The entire field of software engineering is an effort to avoid it -- to allow the architects to make decisions about how the pieces interact with each other, but to make individual pieces isolated from each other.
Lisp, one of the oldest languages still in common use, is frequently run either compiled or interpreted, depending on which is desired at the moment.
you're just another "Script Kiddie" trying to play "expert" with me...
Is that really something any self-respecting comp sci major would say?
Are you even a graduate of a CSC or CIS/MIS degree? We'd like to know,
Who's "we"? It's just you and me here.
A quick reminder: Your entire reason for being skeptical that I have a degree is that I haven't shown you one, and you doubt the quality of what I'm saying.
By the same token, I doubt anyone with a comp sci degree wouldn't understand such a basic principle about programming language design.
I'm going to have to cut this short here, because you're repetitive and frankly quite boring. Yes, take that as an "ad-hom" if you like, it won't make the rest of this drivel any more interesting.
If you want to continue this discussion, stop making me repeat myself. Stop the dick-waving. Start addressing actual arguments.
Because it's no longer a matter of ad-hom or personal attacks -- several levels deep in this, you demonstrated a complete lack of understanding about the difference between a scripted and compiled language.
So go ahead -- type another response full of "authority" bullshit, and hope I don't notice while you scramble to try to put together some actual response. I won't be responding until you address this point, and I doubt I will then.
Debating you has been in every way more time-consuming, less intellectually stimulating, more frustrating, less productive, and overall a much worse experience than debati
Don't thank God, thank a doctor!
Yea, but I actually HELP the "Open SORES" crowd,
That's like saying "I help the Nigger community." Doesn't make it any less insulting or more productive.
I mean, do you think your "doubletalk" fools anyone?
You're the only one here. "Doubletalk" wasn't my intent -- trying to clarify terms is one of the basics of any philosophical discussion. It's clearly needed with you, as you came to the table with entirely different definitions of some fundamental things than me.
But go ahead, keep assuming malice. I'm sure it'll make you lots of friends.
Don't thank God, thank a doctor!
Let's talk about Jeremy Reimer, here are some FACTS:
Jereny Reimer got caught by his ISP, Shaw in Canada, for:
Actually, according to what I linked to, he not only didn't get "caught", he actually played you pretty amusingly for a long time, after you'd demonstrated trollish (and litigious!) behavior.
But go ahead, show me the evidence for this. It should be even easier than evidence that you are the same APK.
More AD HOMINEM attacks, from an "authority"?
Ah, I see. For about the past three posts, you've been under the assumption that I was ever trying to establish myself as an authority.
When I call you on appeal to authority, it doesn't mean I think I'm an authority. It means I think authority is irrelevant when you're as obviously wrong as you are.
That is what the Internet does, and Slashdot is an example -- it flattens things. If you're a good communicator, and what you say is valuable, you get modded up, people pay attention. If you suck, nobody cares, no matter how many degrees you have, or how many news organizations you run.
Yet you refuse to admit the corresponding advantage.
OH, really? In fact, I even HELP an open SORES
Doesn't change a thing. You've consistently refused to acknowledge the advantage of having security holes resolved more quickly, because they are easy to find. This is what I was referring to when I said corresponding advantage, because it's one that goes directly, hand in hand, with the "disadvantage" you point out.
(I know that bugs you, lol)
So you admit to doing something deliberately, because you know it bugs me. That's the definition of trolling.
Don't thank God, thank a doctor!
Wikipedia doens't have inaccurate information?
Never said that, but it is more reliable than some random person's opinion. Obviously, properly sourced, peer-reviewed stuff would be better.
Meaning "YOU DON'T HAVE ONE"
Are you incapable of understanding the null hypothesis?
Its from an .edu domain,
Do you know what a tilde in a URL usually signifies? That's something else I'd hope you'd have learned while earning your degree -- how to evaluate sources on the web. A .edu domain, no sources cited, no peer review, nothing but, well, the .edu domain? Worthless -- any student can do that.
Busy doing what?
Too lazy to find out for yourself? Typical.
And what have you been busy with this week, that you have time to respond in the middle of the day?
my being specific
Buys you nothing, if you just keep repeating the same specific, already-refuted arguments.
Don't thank God, thank a doctor!
Is that why you avoided answering to it like mad thru this exchange until now?
When "now"? Go read through the exchange. I never denied it, said it explicitly several times before you got it, and when you finally did, you interpreted it as somehow an admission of defeat.
You'd make a decent politician, if you weren't so unlikable.
No, I don't really care anymore. I did use logical arguments, and you ignored them where they didn't go right over your head.
I'd call that a SLACKER
Or too busy to deal with you anymore.
They have degrees too, you know -- from Patriot Bible University.
And you do not, end of discussion
Are you actually going to give any credence to a degree from Patriot Bible University? Y'know, this place?
I'd be offended if someone offered me an honorary degree from such a place.
Funny how you complimented me at first for addressing the technical issues. Now, when I give you a single technical issue to address, you instead make it all about authority.
Do you dispute what I said about compiled vs scripted, or do you really need me to hold your hand through the process of finding a source for that? Or maybe you have a counterexample, a "scripting language" you imagine I use which can never be compiled?
Don't thank God, thank a doctor!
Open "Sores" (which I help projects in no less & I produced proof of that as well here in UltraDefrag 64) is FAR from using racial slurs
It's an analogy. It's quantitatively different, but not qualitatively different. An insult directed at something you help, or are a member of, is still an insult.
Yea, well, who ever said I was here to "comfort you" or to "make friends"?
Never thought you were, but it makes me wonder why you are here. After all...
I am not here to make you happy OR to win a popularity contest after all.
But you are here to win something. You've made it all about keeping score and being competitive, and you've entirely lost the point of debate, discussion, and communication in the first place.
Don't thank God, thank a doctor!
LOL, from "Jeremy Reimer" a known troll online?
Known by whom? You?
Yes, some "authoritative source",
Never said he was.
FAKE like yourself
What have I pretended to be?
he can try to bring suit on me, ANYTIME,
According to him, it was you trying to bring suit against him.
you've been under the assumption that I was ever trying to establish myself as an authority.
Because you CANNOT do so
That's quite a leap. I can't do so, therefore I was trying to do so?
I was never trying to jump off a bridge, either. Does that mean I was trying to do so?
Who are you to even BEGIN to try to get the better of me??
What a sad person you are.
Here I was thinking this would be a technical discussion, maybe even a philosophical one, and instead, it was always about stroking your ego. It was always about you winning and proving how much better you are than me.
You're so desperate to win, you'll try anything other than actually communicating.
And I've been here the whole time.
your ad hominem name tossing quoted here
You know, I was going to complain about you fixating on that one sentence -- after however many thousands of words we've exchanged, that is still what you bring up in every fucking post?
But you prove it more true with every word, so go ahead and quote it. Ad-homs aren't sufficient to prove anything, but they also don't invalidate every single word your opponent says, especially when they're true.
Don't thank God, thank a doctor!
Which only proves your sources (like, LOL, Jeremy Reimer too), just are not absolutely VALID
He's a source of amusement. That's all I assume he's valid for. His experience comports with my own, however.
validity is important in LOGIC, period... especially absolute validity.
Huh. You clearly don't know what validity means in logic. Hint: It has nothing to do with the kind of validation you get by looking at that piece of paper you're so proud of. It's about the structure of an argument and the truth of its premises.
Why am I not surprised that, instead of attacking either of these, you continue to attack comments made alongside an argument?
Are you incapable of understanding the null hypothesis?
No,
Then prove it.
"Worthless -- any student can do that.
Students with degrees are better than those minus them
Your arrogance shines through -- students with degrees are not "better" people. Better sources? Maybe...
Of course, where's your evidence that this person has a degree? Again, students can post a tilde-URL, with or without degrees. The ones with degrees are generally smart enough to source their assertions.
(like you)
Now you assume I'm a student. Can you back that up?
That is the day you can even BEGIN to call me, lazy...
I gave you a simple task, to discover the truth, and you chose to continue in your assumptions instead. That's lazy.
Don't thank God, thank a doctor!
Funny how you keep trying to 'save face' here in you replying back though, eh?
Yeah, I've really been feeding the troll. I should stop.
But "save face"? Nah. If I was about image, I might have dropped my docs, as you did.
Clearly this is the "best you've got"
Nope, you haven't seen the best I've got, and better things were said, but they seemed to go right over your head. In one ear and out the other, through the empty space in your skull.
Question is, are you?
No.
You brought them up, not I...
Yes, I did, as an example of why a degree from a diploma mill is useless. Also as an example to illustrate the people (with degrees) who will happily criticize pretty much all of science, without understanding any of it.
Those people were much easier to reason with than you.
Of course, the beautiful irony here is that you're too dumb to follow the way in which I'm calling you dumb.
You don't have any "Authoritativeness"
Poor, sad aristocrat, still doesn't understand that this was never about "authoritativeness." It was about truth.
You wouldn't ACKNOWLEDGE IT when I stated it first was my point...
Let's find it:
if I have the sourcecode to an operating system, I have a FAR easier time of finding bugs in it than I would on a closed source OS, & for instance, using "fuzzers" (or worse, disassembly via debuggers) on it during pen testing...
Yes, that's pretty much exactly what I said. I also explained why this is a good thing.
So you're factually wrong again. Not only did I acknowledge it, it was in my original post, you just somehow missed it:
Linux always has more vulnerabilities publicly found and fixed due to it being open source,
Perhaps the word you're looking for is that those vulnerabilities are more easily found? Even if you assert that I wasn't clearly "admitting" it here, I would think I clarified sufficiently when I said "That's pretty much exactly what I said."
And then you kept hammering on that point for post after post, as if I didn't agree. It was maddening:
That is MUCH EASIER TO SPOT, in an app with its SOURCE OPENED
Easier to spot, and also easier to fix.
I was affirming your "easier to spot" comment, and in the same sentence, explaining why it doesn't matter. I expanded on it in the next sentence:
When it's as easy to spot as you suggest, it's not going to survive long, particularly in a well-known open source application.
Yet in the next post, you again ignored this:
IF you were ANY GOOD? You'd have KNOWN that "Open Sores" also works AGAINST security, because it is Open Source... just like the sscanf I noted, it's easy to spot
You know what? I'll just let the post you were replying to answer this:
Easier to spot, and also easier to fix.
And now you suddenly have amnesia about the whole thing.
This is why it's a waste of time to talk to you. You don't read. You don't listen. You don't communicate, and you certainly don't connect. You lecture via copy and paste, and you "play" to win.
Don't thank God, thank a doctor!
So now, in order to track this, I'd have to actually talk to his ISP. Of course, all you say here is, "we have added this evidence..."
Jeremy Reimer's nobody anyone respects or takes seriously period
Maybe. I never heard of him until I noticed what he'd done with you.
Don't thank God, thank a doctor!
I don't obey your orders boy, get it?
Well, let me put it this way...
You accuse me of something. You don't bother to find out if it's actually true. That's exactly the kind of behavior I mean by "don't be a dick."
If you don't want to bother to find out, don't throw accusations, it's that simple.
I mean, lol, who do you *THINK* you are??
Another human being. You clearly don't know how to treat other human beings.
Don't thank God, thank a doctor!
Good Lord, you finally had to ADMIT I was correct is more like it on that note...
Here it is again:
Linux always has more vulnerabilities publicly found and fixed due to it being open source,
Is that where I "admitted it"? Huh?
That was in my first post.
Clearly, that's not getting through your thick fucking skull, so here it is again:
THAT WAS IN MY FIRST POST.
you mean, AFTER I SAID IT
So, I said it in this post. You did not say it in this post. You, in fact, did not mention it until this post.
So where did you say it before me? Again: It was in my VERY FIRST reply to you. It was not hidden behind "doublespeak", it was right there. I even quoted it for you in my last post.
This is where you say "I'm sorry. I was wrong about that." But you won't. You'll whine about ad-hom -- if you acknowledge it at all. More likely, you'll find some twisted way to convince yourself, just so you don't have to admit defeat, because that is more important to you than truth or validity.
I feel sorry for you, dude.
Don't thank God, thank a doctor!
Fun fact: I haven't actually called you a moron since that moment, and even there, what was meant was, "Now you're being moronic."
You have dragged it up in nearly every post, and have continued to throw these accusations at me, as if they mean anything.
But hey, if you want to make it about being right, that's your loss.
Don't thank God, thank a doctor!
Yes, where you ONLY ADMITTED THE "UPSIDE" of "Open 'sores'" ONLY,
Oh really?
Linux always has more vulnerabilities publicly found and fixed due to it being open source,
That's not acknowledging that more vulnerabilities are found? What did you think I was saying here? ...Oh, I see:
You FAILED to note what I have been stating here ALL along though, which IS THE "DOWNSIDE" of "Open 'SORES'" (yes, I know: It offends you that I use that term,
Yeah, it does. Why do you keep using it?
You initially stated, & not even to me, what the "upside" of open sores is,
Wrong. I stated both -- the yin and the yang. Found and fixed.
You seem obsessed with separating these two. I presented their sum as a net positive. I did so repeatedly:
Yes, that's pretty much exactly what I said. I also explained why this is a good thing.
That was in reply to this:
if I have the sourcecode to an operating system, I have a FAR easier time of finding bugs in it
In other words, I was clarifying here that what you said (it's easier to find bugs) is pretty much what I said (it's easier to find and fix bugs) -- and that one naturally leads from the other. The "it works both ways" is both obvious and irrelevant -- the question is whether it's a net positive or negative, and since the finding of bugs naturally leads to fixing them, and since the fixing of them leads to an overall more secure system (including known and unknown bugs), I thought I'd sufficiently acknowledged and addressed your argument.
By contrast, you eventually tried to downplay the "easier to fix" part by asking whether I (a sample size of one) can fix the kernel myself. You also wasted both our time with a slew of posts trying to get me to "admit" something I acknowledged and addressed right away. It's a bit like if you said, "We never see a crocoduck," and I said, "And evolution never predicted one," and you said, "But we never see a crocoduck!" And then, when I finally say what you were looking for, you quotemine me -- "Yes, you're right, we never see a crocoduck, but..." and you say "See?! HE ADMITS IT!!!"
That's not just stupid. That's willful ignorance to the point of dishonesty.
But let's address the part where you actually lied:
First of all - that was not a reply to me, note that,
Erm, sorry, but when the truth is staring you in the face, what do you gain by lying?
This is where I said it. That was a reply to this post. What, was that a different APK?
Or were you talking about a different post of mine? Nope, it seems pretty clear:
"That's the important part. Linux always has more vulnerabilities publicly found and fixed due to it being open source, a process which leads to a more secure system" - by SanityInAnarchy (655584) on Tuesday June 01, @02:09AM (#32415160) Journal
First of all - that was not a reply to me
Looks pretty clear. You're still talking about this post, which is still a reply to this post, which is still pretty clear.
So yeah, I think I'm justified in calling you a moron here. For all your "accomplishments", you've just said something which is absolutely, undeniably, factually wrong, despite the truth being a mere click away from the page you wrote that lie on. Calling you a moron would certainly be more generous than calling you a liar -- which do you prefer?
Don't thank God, thank a doctor!
No, that's not going to wash now is it? Especially since your own words were quoted...
Are you saying you know what I meant better than me?
AND??
You also called me other derogatory things (like "dick" & more also).
Actually, I didn't. Go look for the quote. I know it's a fine distinction, maybe too fine for you to grasp, but it's there -- attacking your behavior is not the same as attacking you.
Oh, I proved right enough
Yep. Your loss. Oh well.
I mean...
Heh, you even provided me the ammo...
...you're still locked in this mindset that it has to be a competition, that it's all about winning. Has it occurred to you that it might be better to become right than to be right?
Don't thank God, thank a doctor!
Found yes, but, by WHOM is what matters, because malware makers &/or hacker-cracker types aren't going to use security vulnerabilities they find to HELP fix an OS
There's also those on the fence, who might go either way -- either help fix it (if they can), or release or even exploit it, out of frustration or to force the vendor to release a fix.
There's also the chance that more "good guys" are looking for them, and are likely to find them before the "bad guys" do.
So you're not going to accept this because I didn't explicitly say that others can find exploits? I mean, it's not enough that this is obvious in the language itself:
more vulnerabilities publicly found
I mean, was I either explicitly or implicitly saying that these are only ever found by people who would fix them? Maybe you could interpret this part:
found and fixed
Of course, they will eventually be fixed, no matter who finds them.
If you really want to claim that you had to force me to admit something against my will, when it was so clearly evident in the first post, you're going to need more than vagueness on my part. You're going to need evidence of me saying something contrary to that.
Oh, I use it as a "Term of endearment"
Would "fetid boils" be a "term of endearment" also?
So, on that note then: WHY DID YOU TOSS NAMES MY WAY HERE
I don't know, why did you toss "terms of endearment" my way?
And why are you still harping about this?
It's QUITE relevant to note that "Open 'SORES'" has a HUGE DOWNSIDE
It's evident in the same breath as mentioning the upside -- and it's not as huge as you paint it. Anything as obvious as you point out would obviously have been found and fixed already, or I would expect massively more exploits in the wild than we observe. Thus, we end up with (again, as I said) a more secure system overall than the proprietary software, in which you rely on security through obscurity to deal with the same sloppy programming techniques.
So again, I acknowledged the one fact you pointed out: more vulnerabilities are found, and they are more easily found, in open source software. I acknowledged it in my first post to you. I just disagree that it's a "HUGE DOWNSIDE" as you suggest.
Note: disagree. That doesn't mean I don't understand. It just means I disagree. But clearly, you need at least those two paragraphs (and possibly more) to explain a concept that most people (including the mods) understood in a single sentence.
Funny you cut off from the rest of the sentence in your quote:
The "it works both ways" is both obvious and irrelevant -- the question is whether it's a net positive or negative, and since the finding of bugs naturally leads to fixing them, and since the fixing of them leads to an overall more secure system (including known and unknown bugs), I thought I'd sufficiently acknowledged and addressed your argument.
You know, the one where I explain why it's irrelevant?
Either works to show you are guilty of illogic because they are ad hominem attacks,
On the contrary, they are both relevant to your near-constant appeals to authority -- if you are indeed a liar or a moron, you are also not an authority.
attacks here, near constantly directed MY way!
I know it seems that way when you quote one of the only things I said that could be construed that way in every post for five posts or more, but the fact is, I've said very little, compared to your constant "term of endearment" about open source, which you continue to use deliberately, knowing I don't like it, because I don't like it, which is pretty much the definition of trolling.
Of course, you've demonstrated
Don't thank God, thank a doctor!