Slashdot Mirror
Microsoft a Weak Link In Possible Cyber War
climenole writes 'Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods,' says former White House advisor Richard Clarke in a recent book. Microsoft makes the list of risks because so many people have installed its software for critical systems.
Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods.
If he really said that I bet Microsoft execs are spewing their cornflakes as we speak!
Film at 11.
I mean, seriously, it's the most widely used OS on the planet. It's also the most likely target.
Lost at C:>. Found at C.
anyone could have told you this.
One of my computer science professors once stated, quite succinctly, that Microsoft was not in business to make a quality operating system (or quality product). They are in business to make money.
On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."
Why do I feel like Captain Obvious is being obvious here?
Microsoft is the Walmart of the software world. Cheap goods that a lot of people use. Of course they're the weak link.
Sent from your iPad.
If you look at any ecosystem, you'll find that there are pests trying to gain a foothold into that system by exploiting a weakness. If there is only one type of organism, the pests will adapt and exploit the weakness of that organism. This is why you need ever more powerful pesticides when cultivatign monoculture crops such as corn, wheat or even soybeans.
Same goes for ecosystems of comptuers. Given 90% are running Wintendo, you find that the pests (virus and other exploit authors) take adavantage of that monoculture. The weaknesses are then exploited and have to be "patched" in order to ensure survival of data and/or systems.
Given an ecosystem with multiple operating systems - Windows, Linux, Unix/OSX, zOS - you'll find a greater ability to defend against continual threats.
The Kai's Semi-Updated Website Thingy
For once, I RTFA. The summary seemed interesting. However, the FA was even more interesting, although it had little to do with all the money that Microsoft had in its back pocket, and how it's market dominance was based on low cost products.
The main thrust of the FA, for those of you who don't want to click the link, is that because the Windows OS is so prevalent in civilian and corporate usage, a Cyberattack could devastate the economy (and western civilization).
âoeAny society that would give up a little liberty to gain a little security will deserve neither and lose both.
I am not a Microsoft fan, but I believe the weak link has much more to do with the meat sitting in front of the computer than the software on the computer.
"I'm just here to regulate funkiness."
Boy, I just can't wait to have the web screwed up even more, by a series of "state secret" over-reactions and lies.
First the spying goes up
Then costs go up
Then some event happens
Then more BS is rolled out in response
It won't matter what the truth is.
Remember, he was the guy who warned Rice and President Cheney about an imminent Al Qaeda attack. Or depending how you view it, failed to convince them of it. Still, as ass covering goes, his was iron clad.
If you were blocking sigs, you wouldn't have to read this.
But then, to a large extent they helped popularize the PC which became ubiquitous and hence became worthy of attack. The PC also became a reasonably standard platform upon which Linux etc. could be developed and cheap enough that we can all afford to own one and join in the fun. It is by no means certain that this would have happened otherwise because I don't believe security is the enemy of profit, in fact I think we'll see a future where security tightens to the point where hardware will be locked to only run a certain OS - where will Linux be then ?
Nullius in verba
All of the money spent on lobbying the government against using Linux would have been much better spent on developing a reliable, secure operating system. The shortsightedness of large corporation never ceases to amaze me. Since they spent all of this money on lobbying, which ultimately was unsuccessful, they had to spend money on securing Windows anyway. So, Microsoft spent a large sum of money in total, when they could have just made a better product to being with.
Why do you people always say this? Windows is the Single-User system botched into a multi-user environment, not Unix.
I might argue that many operating systems would be wink links in the cyber warfare scheme. The most noteable exception would be OpenBSD. If I were in a decision-making capacity, I would reach out to Theo de Raadt, apologize for the way we previously treated him, and get him started immediately in developing a secure network. He and his team seem to have the understanding of security from the lowest level possible. The current en-vogue trend, end-point security, is useless if your web application leaks memory. Ostensibly, you would need a hole in the end-point to reach the application and that gets exploited opening the network wide open.
I feel I should point out once again that if Apple or Linux was the #1 most popular with like a 75%+ market share, they'd be the horribly insecure ones that are getting hacked all the time. It's not about the product quality, it's about what thousands of foreign programmers are targetting because they're going to find a security hole eventually no matter what system it is.
Foreign programmers? really? there are no american hackers? Damn', i was sure that there were hackers everywhere
I'm not the poster. Whoever marked this as troll is a fucking jackass. This was a succinct and excellent post.
There's nothing wrong with the newer rounds of MS software; the problem is the older stuff, which as time goes further back, tends to get less & less secure (all the way to Win98/95 which actually had no security at all).
Even now I occasionally run into boxen running thoroughly rooted Windows.....98. That's your problem.
throw new NoSignatureException();
a botnet?
Yours In L.A.,
Kilgore Trout
As such you would expect them to excel at security nowadays since it seems a very big concern amongst most users. Still their security efforts are pretty laid back and half assed. Microsoft dont take security seriously, its a pr problem for them at the most.
As a market leader one would expect Windows spanking Linux, BSD and Apples behinds but in reality Windows security sucks. Not because its more prevalent but because its a sitting duck. At Microsoft, features and ease of development has always stood higher than security on the priority lists. The only thing that can change that is monetary pressure like demand for accountability of their products. Until then, Microsoft security is a game of statistics, lies and damn statistics.
HTTP/1.1 400
What's Microsoft? Something I have to know? o_0
yup considering that more people use apache for servers that must mean that the targeting of home users has a vaule surpassing all the millions of creditcards on linux and apache servers?
OR is it jsut easier to target windows?
YUP film at 11
"It's not as if people didn't already know about Microsoft's abysmal security record." - by StuartHankins (1020819) on Thursday June 10, @11:16AM (#32523878)
Ok, let's take a peek at that statements & it's "anti-Microsoft" implications, & we'll do so, by simply using the stats of the "latest/greatest" from the "big 3" OS vendors/OS types out there today, from a respected security vulnerabilities reporting website, in SECUNIA.COM:
---
Linux 2.6x KERNEL SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
http://secunia.com/advisories/product/2719/?task=advisories
Unpatched 5% (11 of 217 Secunia advisories)
(Again, that's JUST THE KERNEL/CORE OF THE OS ALONE (so, I.E.-> How much more would be added by diff. distros & their softwares/shells (KDE/Gnome), etc.- et al?))
---
APPLE MacOS X SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
http://secunia.com/advisories/product/96/?task=advisories
Unpatched (approximately) 1% (8 of 1233 Secunia advisories)
(NOTE: I had to calculate the %, & I + others do NOT like how Apple & SECUNIA are reporting on the errors in security present in Apple's MacOS X there... see the comments below those stats, for an "example thereof"...)
---
MICROSOFT WINDOWS 7 SECURITY VULNERABILITIES CURRENTLY AS OF THIS DATE 06/10/2010:
---
http://secunia.com/advisories/product/27467/?task=advisories
Unpatched 13% (2 of 16 Secunia advisories)
REMEMBER/AGAIN: This is the ENTIRETY of Windows 7 being analyzed - not just its kernel, as is the case with Linux 2.6x above... & ONLY 2 security problems are present!
Top that off with the fact that 1 of them IS EASILY "worked-around" no less, in the AERO problem, simply by selecting the "Windows Classic" theme, or, shutting off the "Themes" service!
The other only deals in SSL, for those that run an IIS 6/7 server (which is FAR from everyone, especially desktop users)... so, for example, from the system I am posting on now during lunchtime @ home? I have no IIS running, & thus, I am "proof to it".
----
(Sure, now I am certain I will also see repliers here to my post here say
"but the 2 security vulnerabilities in Windows are 'remote' in nature"
Well, newsflash - ANY OF THESE SECURITY VULNERABILITIES REALLY "BOIL DOWN" TO BEING LOCAL, IN THAT SOONER OR LATER, THEY HAVE TO "TOUCH" THE LOCAL SYSTEM ANYHOW IN ORDER TO EXPLOIT THEM PERIOD! Javascript exploits being the MOST "prevalent" of this type, and where do they ACTUALLY RUN? LOCALLY, inside a webbrowser program's javascript processing engines... turn off javascript (on "every site under the sun", & use it only where you HAVE TO and where you can trust the website)? Problem solved!)
---
So, can Windows be secured far better than it comes "out of the box/oem-stock"? Absolutely. Heck, any OS usually can be... such as is shown here:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):
http://forums.theplanet.com/index.php?s=a3272f47031ff9e8939bf662e3a7b7fe&showtopic=89123
(Much of what's in it "principles-wise" (uses the concept of "layered security") & yes, tools-wise, can also be applied to LINUX (or other *NIX variants too like MacOS X (done via Apple's guide for this, no CIS Tool exists for MacOS X, sorry) + other BSD variants, Solaris, etc.) & e.g. -> There is a CIS Tool for them also (again, except MacOS X, but Apple's got a GREAT GUIDE for this too
There are a few things at work here..
In order to convince someone to fork over more money when the old version is adequate, the product must have better features (performance, stability, security, etc..). If a company's stock price and health is based upon how many products they sell, then they had better build in new features if they want to continue to sell that product.
On the same idea, if someone is considering two competing products, it is more likely that he will choose based on feature set rather than on suitability of purpose (with the idea that the more features a product has, the more suitable it can or will be to the task). When a market is saturated or close to saturation, the company then needs to add as many features as possible so that they can win over the niche buyers that are looking for very specific features. This is how products get bloated and MP3 players get added to word processors.
The alternative would be to use a subscription model. For some products that require periodic updates to remain useful (tax/business software affected by laws, zip code lookups, GPS, etc.) this is neutral to the customer. For other products it is essentially a lock-in, especially when a company that retains customers through proprietary formats or data enslavement rather than on quality and suitability.
I don't believe that Microsoft would purposefully build in bugs in order to drive their upgrade machine, but I do think that they will use new versions as an excuse not to update the old. They will also use proprietary formats, marginally legal business practices, deceptive advertising, tax loopholes, etc.. They are not unique though as this is how business operates.
On that note, they will also use cheaper support services. If everyone else in their "space" is saving money by outsourcing (at least initially) then the stock owners almost demand that they go that route, even if the quality suffers. Think of it like using a lawn cutting service... If you do a great job and charge $50 a cut you can probably gain a lot of customers. Pretty soon someone will see your prosperity and say, "Hey, I'll cut that lawn for $40." Some of your customers don't care so much about whether or not you sanitize your lawnmower blade before you cut their lawn, so they go to the new vendor. Maybe lots go. The lawn service guys then start competing on price rather than on quality, always looking for that group who are interested only in price. Pretty soon it's hard for you to charge $50 anymore and retain your customers.
From the headline: "Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods". That does not make any sense. WHO in their right minds would knowingly buy a low-quality good (unless they were broke, but then Micro$oft has not quite been known as a discount reseller)? There is no reasonable way any company would be "incredibly successful" and gain "market dominance" with crappy products unless some other stronger force was over riding good common sense and competing by the rules.
This really smacks of corruption, plain and simple.
The love of money is the root of all evil. (I timothy 6:10)
Thanks Micro$oft.
Not new to us, but I still find those who want to stand by their Microsoft, because they are uncomfortable with the unfamiliar alternatives. Microsoft is a weak link in every computer security issue because they continue to put wide-open holes into their system in order to be all encompassing. I believe that they just consider the few that get attacked and taken as being acceptable losses, and look at the masses of the herd (where they make their money). Someone at the higher levels of government making this public may have several effects: 1) Embarrass Microsoft to not stupidly repeat the same mistakes (maybe). 2) Start some agenda towards minimum standards for security. 3) Show that there are more secure alternatives, and make them more familiar.
[Windows] may be the most widely used desktop OS, but once you include servers and small devices, Linux beats it easily.
Compared to home desktop PCs, servers are more likely to be administered by someone with a clue about locking down and updating the system. Small mobile devices have only a sporadic connection to the Internet, much like home PCs in the dial-up era, and many use an executable whitelist managed by the device maker. So barring a security hole in something like a home router appliance, desktop PCs running Windows are likely the juiciest targets for establishing a botnet.
http://en.wikipedia.org/wiki/Warhol_worm
one of these days, some genius asshole is going to, just for the lulz, shut down the whole goddamn internet in 15 minutes. he or she is going to it with a worm that, of course, will be based on something in the microsoft constellation of oses/ products/ third party software. perhaps from our other security averse friend, adobe
i thought it was going to be code red or sql slammer, but no, these infections were content to zombify, not zombify and enslave the nonzombies (see below):
http://en.wikipedia.org/wiki/Code_Red_(computer_worm)
http://en.wikipedia.org/wiki/SQL_Slammer
enslave the nonzombies: of course there are other oses out there, but they are in the minority. so listen up genius asshole: whoever writes this worm will cleverly make sure that all compromised systems DDOS non-microsoft os ip addresses on purpose. sql slammer and code red just blindly reached out to all ips and latched on to any promiscuous microsoft bitches that proved to be receptive to getting fucked. but you, oh genius asshole, will take note of those ips which defy you and share this list dynamically and automatically in real time between your other pwn3d machines
if a machine does not respond to your rude advances to be fucked, or can otherwise be quickly and reliably sniffed out as a non-microsoft os ip, punish the defiant, hard and cruel
you leveraging your growing zombie horde of microsoft os monoculturalism to mount a directed attack on nonmicrosoft machines. DDOS the responsible and the vigilant. leverage the power of the insecure to take down the secure. if the bitch won't fuck you, slap that bitch. if they will not be defeated, then they will be enslaved in a deluge of requests until they succumb. none shall survive, all shall be zombified or enslaved
and therefore completely wipe out the whole goddamn internet. for the lulz, you see
i'm still waiting, and when it happens, even though my means of livelihood is based on the internet, i'll be clapping and eating popcorn, reveling in the sheer armageddon horror of it all. awesome dude!
so where are you, genius asshole? make it happen
please don't let it happen for some insipid mundane making-up-for-my-small-penis-through-nationalism reason like cyberwarfare between usa/ russia/ china/ iran. that would be boring. nationalism is fucking retarded
get it done FOR THE LULZ my genius asshole friend, where ever you are. i'm waiting to be adequately entertained by global internet meltdown. MAKE IT HAPPEN
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Try to install Windows on a powerpc. Thank you, thanks for playing. Retard. Since when is x86 all there is?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Once you get away from using popular applications and O/S's, the price rises incredibly quickly. Instead of spreading (say) a billion dollar development costs across 100 million product sales, you have maybe 10,000 customers who can be persuaded to pay for a product. This immediately means no-one will buy it unless forced to by law, or unless they can in turn, pass on the costs to their customers. The smaller market also means there will be fewer suppliers - probably just one. Which in turn will drive up costs due to lack of competition and decrease any incentives to fix problems or develop new wares in a timely fashion.
We know what a secure operating system for the year 2010 will look like. It will look like VMS from 1995, for all the reasons discussed above. Now, which are we prepared to pay for: Microsoft products on every store shelf, running the country or critical systems with the security, features, lack of connectivity from the mid-90s?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Of course they are the weak link in loss in the financial aspects of the "Cyber war", but that isn't the only aspect of the "Cyber War". There are many factors, from how secure the system is (read my blog post on how secure Microsoft really is), to what the settings of the machine are, to other issues, such as how many people use bittorrent softwares that enforce verification requirements. But yes, they have alot to lose, because 1. they're microsoft and 2. they cost money to get their software. Don't take it as a surprise. Linux is probibillly just as vulnerable. Its just that people haven't been able to find those vulnerabilities. But mark my words, they are there.
There's huge difference between the number of Windows 7 installs and total Windows systems installed. The security issues with XP are a bigger concern (there are a sh!tload of XP machines in the world), a good chuck of which are still on SP 2 and/or IE6. MS's current offerings are in pretty good shape but their install base is not. The responsibility of prior security weaknesses is still MS's no matter how hard they try to get people to upgrade out of XP (and earlier) deployments.
BTW, hell of a post.
"Maybe Microsoft will be shamed enough to take action and improve their products." - by StuartHankins (1020819) on Thursday June 10, @11:16AM (#32523878)
On top of the security vulnerabilities stats from SECUNIA.COM I noted here in another reply to you Stu -> http://it.slashdot.org/comments.pl?sid=1681772&cid=32524188
This time, in regards to this quote from you above? Well - Please take a peek @ this posting, where I did try to do that "approach" with one of MS' mgt. who posts here (Foredecker):
http://slashdot.org/comments.pl?sid=1630116&cid=31975424
It didn't work, so far @ least!
E.G.-> It's been over 6 months THIS YEAR, and some from last year as well, where I brought this to light for he to look over & get answers on it for myself & others (such as mvps.org as one of the more notable ones) to get an improvement on HOSTS files usage BACK INTO A WINDOWS SYSTEM, that still works on Windows 2000/XP/Server 2003 & had its start in Windows 2000 in a service pack, not the oem original release of Win2k (as it used to be faster & more efficient using 0 as a "blocking IP address", vs. the larger & slower 0.0.0.0 or worse still, the 127.0.0.1 "loopback adapter" also).
I get the STRONG impression (as do others I know who read that exchange) that he's "dodging me", because his posting rate here slowed down, TREMENDOUSLY... & he has not gotten back to me on issues regarding the HOSTS file, DNS ClientSide caching service, & yes more (A/B drive hardcodes + more).
APK
P.S.=> I don't LIKE doing it that way in trying to "pressure others" via 'embarassment', but others have tried to do things "the nice way", as regards PC & Server level security + vulnerabilities in them, & it rarely works out WITHOUT "applying some pressure" (& usually via the means & methods you extoll here Stu but as you can see above? Even THAT doesn't work out @ times apparently - as many folks in the media know 1 thing: People forget, & move on to the "latest/greatest 'LOOK HERE, DON'T PAY ATTENTION TO THAT ANYMORE'" type of media 'sleight-of-hand' trickery)... apk
That's horseshit. When someone makes a better OS than MS, I'll start believing these stories. ... while windows will run on pretty much any hardware.
Set the koolade down and step back. Microsoft Windows works on a much wider range of hardware than OSX, but it's still quite limited. I will concede that only Microsoft Windows excels at making use of a proprietary piece of crap like a Win-modem or a Win-printer.
Linux may have some technical merit, but is a mess where people without advanced computer skills are left in the dark.
My experience is that the average XP user is more baffled by Windows 7 than by Ubuntu. And don't even think of suggesting that Ubuntu can't be set up by someone knowledgeable.
Sure windows had bugs, but many of those aren't MS's fault, but rather vendors that write crap drivers.
Microsoft provides an ever-changing foundation of thick muck. And like you, they are quick to blame others for any problems.
My other car is a 1984 Nark Avenger.
Most intelligent and objective post I've ever seen on Slashdot about Windows.
Seriously, I think my 12 year old nephew has a greater handle of the computer software industry the DICK Clarke. For that matter I think Dick Clark has a better grasp of the computer industry then some trumpeting idiot who has no computer background other then what positions he was "appointed" to.
Only government agencies can afford to spend a year designing a bullet-proof system, then another year writing the software and a year or two more making sure that no-one can ever break in to it. Are yo prepared to slow down software development by a factor of 8, from 6-monthly release cycles to a new version every 4 years? It would be commercial suicide and far too expensive.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Microsoft has proven in the past that it was insecure.
When the source code to XP leaked, there soon were all kinds of worms and trojans. Microsoft relies on security through obscurity, which for some people isn't obscure at all.
If you have the reverse engineering tools, probably custom made, by some foreign investor, you could peak through the security measures. Also microsoft relies on fast patching for problems that are often circumvented sooner or later, because of security vulnerabilities in the patches. I don't need to say, that a patch is easier to reverse than an OS, and presumably quite revealing.
Linux 2.6x KERNEL SECURITY VULNERABILITIES
It doesn't make sense to compare a line of kernels dating back to 2003 to an operating system that came out last year. The 7 kernel is just a derivative of the Vista kernel, for example. And in '03, XP was still going strong. Furthermore, 2.6 or whatever is just a name. I am running 2.6.32. How does the NT 6.1 you are presumably running compare to that?
The soylentnews experiment has been a dismal failure.
"The security issues with XP are a bigger concern (there are a sh!tload of XP machines in the world), a good chuck of which are still on SP 2 and/or IE6." - by WrongSizeGlass (838941) on Thursday June 10, @12:06PM (#32524406)
Agreed, which is WHY I did the security guide posting in that same reply of mine you replied to... because it works (especially for Windows 2000/XP/Server 2003) on that shortcoming/issue, which I agree IS VALID in fact now.
(Especially in regards to IE, & not just IE6, but also IE7/8 in general - the thing's BAD on the public internet as far as security vulnerabilities issues, but it's great inside an INTRANET (I develop on it using ASP.NET is why & that's why I state that), & imo @ least? NOTHING touches it in the way of webbrowsers, especially for internal corporate network usage)).
Thank goodness we have alternatives to IE, & even to older Windows versions (which CAN be secured FAR BETTER than the default, but the same is true for MacOS X, & yes, LINUX too)... Windows 7's security track record so far has been pretty good (after all, see my last post for stats on that again).
---
"There's huge difference between the number of Windows 7 installs and total Windows systems installed." - by WrongSizeGlass (838941) on Thursday June 10, @12:06PM (#32524406)
Agree, & again: See my last reply above... again, it's the "why" of WHY I did the security guide I did (& you can see a TINY SAMPLING of the results users who used it, ranging from expert level techs to total NON techs (last one)) which is in my last post with testimonials of its efficacy for they thusfar to date (almost 3 yrs. now in fact).
---
"MS's current offerings are in pretty good shape but their install base is not." - by WrongSizeGlass (838941) on Thursday June 10, @12:06PM (#32524406)
Yes, I am using Windows 7 64-bit, fully hotfix patched as of yesterday (MS "patch tuesday" & all), & so far? It's been pretty good to me!
HOWEVER:
I have SOME 'reservations' on some things in it (new firewall design being said to be more easily "unhooked" than older builds in Windows XP/Server 2003 for example (rootkit.com is all over this in fact), HOSTS files issues (see url below), DNS clientside cache service, & more...). For more?
See here:
http://it.slashdot.org/comments.pl?sid=1681772&cid=32524432
(It's another reply here in this exchange to Stuart Hankins in fact... I was SO SURE that Foredecker (an MS senior level mgr. who posts here) was doing the right thing looking into that, but, to date (6 mo. to 1 yr.++ now in fact)? He has NOT!)
---
"The responsibility of prior security weaknesses is still MS's no matter how hard they try to get people to upgrade out of XP (and earlier) deployments." - by WrongSizeGlass (838941) on Thursday June 10, @12:06PM (#32524406)
WELL, imo @ least, on THIS part?
I feel that's a matter of "hard times in the land o' plenty" (U.S. economy is doing badly the past year or two now, & I don't think it's getting much better to be blunt about it), & of course, stockholders "screaming to mgt." MAKE ME MORE COINS/DEADPRESIDENTS OR YOU ARE GONE, etc./et al... pinching pennies is what's going on in businesses is why/in other words, imo @ least.
The ONLY way they fix things, security-wise, is if someone practically "busts the door down" in their company & then, they have to assume the liability and do something about it or get the life sued out of them in some "class action" lawsuit or the like...
APK
P.S.=>
"BTW, hell of a post." - by WrongSizeGlass (838941) on Thursday June 10, @12:06PM (#32524406)
Well, we "do aim to please" (most of the time here @ least)... glad you liked it! apk
Man, I know we all spend quite some time reading /. and replying. But dude! Your post goes beyond crazy!
Were you paid to write it at least?
Thats some great spiel, but I think the point is Windows has a much bigger marketshare and a greater percentage of unpatched machines, particularly in regards to 3rd party apps. Hence, the security record for Microsoft portraying itself as a greater danger in this so called "cyber war". As an aside, 2.6 came out in 2003 wheras Windows 7 came out in 2009. By comparing "latest/greatest" your misrepresenting the userbase pool in the real world, which is what counts. Also, by implying the number would be greater once you include KDE/FF etc. you must concede that if you were to do the same for Windows and include all popular apps the number would be substantial.
...yes, because we all know some buffer overflow is the same as worms that repeatedly bring down the internet or people's individual machines.
Cherry picked statistics can't quite compare to how systems actually behave in the wild.
This is why Lemmings cling to them so much.
A Pirate and a Puritan look the same on a balance sheet.
And Apache is the most widely used Web Server but its security record is far better than IIS. So what does that say. Also Unix/Linux far outnumber Windows Server in terms of presence on the Internet; however, they are more on the yet their track record is far better than Windows server.
I often see this wives tale but have yet to see any supporting data.
Yes, but wasn't Unix originally a word processor?
Right. Let's feed the troll, and spin it another way:
Look at the severity of the advisories (They are rated from 1-5). Neither windows nor Linux has any unpatched vulnerability rated higher than "less critical" (i.e., neither has anything unpatched that is 3 or higher). So for vulnerabilities >2/5, they both have a 100% patch rate. The difference is in "less critical" advisories, (1 or 2).
Window's 7, in its short life, has had 8 advisories rated "less critical" or lower. Of these 2 are unpatched. That means the patch rate for less pressing vulnerabilities is 75% (a full 25% are unpatched).
Linux (if I counted right) has had 191 advisories that were rated 1 or 2, since 2003, of these 11 remain unpatched, or ~5.8%.
The difference in the overall patch rate is due to the fact that far more of Window's vulnerabilities have been critical, >3/5, (specifically 12 of the 20) than linux's (26 of 217).
Also note that linux has never had a vulnerability rated 4 or 5, it's highest vulnerability has been a 3. But eight of Window's 20 advisories have been 4's and one was a 5.
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
Not sure I agree their attempts via lobbying were unsuccessful. Linux is used in a significant way in government/DoD systems, as noted in the article, Mr. Clarke surprised many by insisting on an evaluation of Linux in 2004 - and I remember how that study and its results ran into resistance across the boards, before the electronic ink was dry. Without lobbying efforts having tipped the playing field, Linux could very well have significantly more penetration in government infrastructure than it does today.
... the irrational resistance in federal circles to Linux desktops that prevails to this day is amazing.
And note that on the desktop front, Microsoft's strategy arguably has worked bizarrely well
"Ahh! I see you're in that indeterminate Schrodinger state where - oh, uh
It's a frequently used troll post. It has been completely debunked in the past several times. All of the critical bugs listed for the Linux kernel, for example, were local exploits only -- NONE were remote. In contrast, Microsoft's exploitable bugs are famously remote exploits meaning they can be done over a network connection. Mac OS X is another bag of worms... but thankfully, Apple controls and limits its users such that it will never be big or ubiquitous enough for large scale general use like Windows and will never likely get used in critical government or business operations.
They are low quality products. Microsoft owns the market share it does because business-wise, they entered a growing market at the right time, with the right sort of software that your average business needs. The operating system and software didn't have to work perfectly. It just has to work most of the time. That is good enough for most businesses ( and government ). It became so widely adopted early on that to change now becomes a matter of better the devil you know than the devil you don't in the eyes of many budget reviews. You don't have to make great software to be good at business.
"It doesn't make sense to compare a line of kernels dating back to 2003 to an operating system that came out last year." - by oakgrove (845019) on Thursday June 10, @12:24PM (#32524662)
I was comparing the "latest/greatest" from Apple, Microsoft, & the LINUX camp is all (& using SECUNIA.COM's data to do so).
Fact is? That's the latest that SECUNIA.COM has for LINUX (unless you can find me a more current one there) is all.
---
"And in '03, XP was still going strong." - by oakgrove (845019) on Thursday June 10, @12:24PM (#32524662)
Windows 7 is based off VISTA, which in turn, is based off Windows Server 2003 code, from the year 2003 (which is based off Windows XP code which is based off Windows 2000 code)).
Isn't LINUX the same? Doesn't it have its foundations on the preceeding members of its OS family before it? After all, the thing that really "Strikes this home" is that LINUX has been classified formally as a FORM OF UNIX (as is MacOS X, based off its BSD underpinnings).
(I am merely simply comparing known security vulnerabilties counts from what SHOULD BE THE "BEST" from ALL OS VENDORS in the "big 3" here is all, not older stuff they were based off of, nor the older stuff, period)(
APK
P.S.=>
"Furthermore, 2.6 or whatever is just a name. I am running 2.6.32. How does the NT 6.1 you are presumably running compare to that?" - by oakgrove (845019) on Thursday June 10, @12:24PM (#32524662)
See the above: It should answer that for you... apk
I went straight to the bookstore to buy it. I asked the lady where it was and she said "it's filed over there under F for fucking obvious".
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I doubt it. APK has a long history of posting this kind of crazy shit. Frankly I'm surprised he wasn't going on about HOSTS files like he normally does.
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
Tell me... What's so low quality about Microsoft's products these days? I'd love to hear it. This anti-MS fap fest is one of the worst I've seen in quite some time, and that's saying a lot for slashdot.
That's not a troll post. Slashdot users are just biased.
Even if his post is false, Windows is the most used operating system, therefore it's likely you will find the most vulnerabilities. The other OS's are niche markets, so clearly you will have less people attacking them.
I'd say cyber war means the making of human-killing machines, and that I have no plans to design or buy game machines with approval from the war dept, thank you very much. I'm not into being fooled, my money isn't going to DOD research and equipment, and if you want safety, security, you just don't go around showing off how well your "toys" kill, looking for enemies, then worry about how secure your gates are, that always works temporarily, not forever. See Rome, Greece, Spain, USSR, England, Germany, Japan, etc.
Build your own energy sources from scratch. http://otherpower.com/
I was comparing the "latest/greatest" from Apple, Microsoft, & the LINUX camp
If you're including linux from 2003, you have an odd and erroneous definition of "latest/greatest". Not only that, Windows 7 is an OS, Linux is not. And, furthermore, if you are comparing kernels, you have to include the Vista kernel to the 7 kernel which you did not.
I'm not going to bother refuting the rest of your drivel since it all rests on this one blatant fabrication. If you want to attack Linux's security record, at least do it in good faith then people might be willing to listen to your arguments. Your original post is little more than noise and it just sets you up for ad hominems and derision as no one can really take you seriously.
The soylentnews experiment has been a dismal failure.
Microsoft's actually been pretty useful. The blame is on the people who have installed it in critical systems. Ever since I've read anything about medical systems and the like ,something they always repeat is not to install Windows or a similar desktop OS on the systems because it makes unauthorized access easier and the OS wasn't designed for such critical systems, so it might crash every now and then. Designers of critical systems know this, and if they are negligent and use Windows, then the blame for the consequences should fall on them.
That's not a troll post.
Even if his post is false,
It's a troll for one very simple reason. He's including 2.6 kernels from 2003 and comparing them to Windows 7 which uses the NT 6.1 kernel which is a derivative of the NT 6 kernel used in Vista. Intentionally distorting facts to support your argument is trolling. Furthermore, he's bringing up secunia stats as if that is the whole story without mentioning the relative severities. Of course, it's a red herring anyway as I've already pointed out.
The soylentnews experiment has been a dismal failure.
Considering you can't see the source I would say that it seems like remote vulns would be less easy to find.
While your statements are true for desktops you're completely wrong in the server space and those machines are far more valuable to own.
What is this "work" you speak of? We just want to sit on our bums and rake in the cash as it comes floating by. Just think of us as tunicates or sea anemones who have secured a really rich position in this market environment. We're permanently attached; it's why we don't need chairs to sit on, and can instead use them for projectile weaponry...
[/cynicism]
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
"The difference in the overall patch rate is due to the fact that far more of Window's vulnerabilities have been critical" - by quickOnTheUptake (1450889) on Thursday June 10, @01:02PM (#32525122)
Past stale data on your part? Please... what I want to know is, is IF the 11 security vulnerabilities on LINUX 2.6x (the "latest/greatest" shown on LINUX @ SECUNIA.COM, a respected site that acts as a clearing house for this type of data) are as EASILY WORKED-AROUND to secure them again, as are the 2 remaining (rated @ 2 each mind you, not severe @ all because of workarounds) on Windows 7?
(That's my MAIN question, per my subject-line above in fact...)
---
"But eight of Window's 20 advisories have been 4's and one was a 5." - by quickOnTheUptake (1450889) on Thursday June 10, @01:02PM (#32525122)
Your information is STALE, because that's currently not the case for Windows 7 (all it has is 2 rated @ "2" only, plus, they're EASILY "worked-around", see below)... & to this next quote of yours below?
---
"Also note that linux has never had a vulnerability rated 4 or 5, it's highest vulnerability has been a 3. - by quickOnTheUptake (1450889) on Thursday June 10, @01:02PM (#32525122)
That doesn't take away from the fact that LINUX 2.6x STILL has outstanding errors though (and, are they as EASILY WORKED-AROUND as the 2 remaining on Windows 7 are I wonder, & in ALL CASES for the 11 outstanding security issues in Linux's latest (kernel only again, I must STRESS that, as it's only really PART of the entirety of Linux that folks really use?))...
(That's 11 still security vulnerabilities present in the "latest/greatest" LINUX based OS and that? That's for the core ONLY, MIND YOU (which equates to NOT COUNTING ERRORS IN SECURITY THAT PROBABLY STILL EXIST TO COMPOUND THAT FURTHER in KDE or Gnome, BA$H or other tty terminal console shells & more that LINUX users have), and THAT'S NOT the "entirety of LINUX" either mind you (THAT'S IMPORTANT, because MacOS X &/or Windows 7 ARE JUDGED IN THEIR ENTIRETY, unlike Linux!)
APK
P.S.=> BOTTOM-LINE: So, again, I wonder: Can the same be said of LINUX 2.6x's outstanding security vulnerabilities I wonder? The 2 small ones Windows 7 has are EASILY worked around too, I wonder if the same can be said of the 11 outstanding issues on LINUX 2.6x??
E.G. #1 of 2:
AERO GLASS interface issue is simple to counter - don't use it, by selecting a "Windows Classic" desktop style theme (OR just turning off the "Themes" service)
E.G. #2 of 2:
The IIS 6/7 issues are easily enough to work around as well, as I don't have IIS installed here & I certainly do NOT see/have its services active either in services.msc (as most users won't typically, since it's a workstation class OS, not server class)...
So, it appears that NO AMOUNT of "spin" on your part is very effective vs. the above really, especially the STALE data you used... better luck next time! apk
OpenBSD 4.4 (they are up to 4.7 now)
http://secunia.com/advisories/product/19640/
Subject: OpenBSD 4.4
No posts yet
See subject.
if you defeat me, you get a live-action cutscene of me doing your mom
unless you won teh internets by traversing the far more difficult /b/tard PvP realm in the Retards and Trolls Comment Board (tm) expansion pack (beta)
in which case you get a hentai animated cutscene of rule 34 THAT NEVER ENDS AN ETERNAL HELL OF FURRIES GROUP SEX OH MY GOD MY EYES
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
FIRST: Per my subject line above? See this & the "#1 entry" (which is clearly about the /. trolls (usually fanboys of Linux, Open SORES (lol), & Firefox typically):
---
Six More Tech Cults:
http://hardware.slashdot.org/story/10/06/07/1518216/Six-More-Tech-Cults
"Pity the fool who wanders blithely into a discussion and says, "What's the big deal with Linux? Windows works just fine." His online remains will later be hauled away in Chinese takeout boxes."
Tech cult No. 1: The Slashdot Samurai /. (Where else?)
Established: 1997
Gathering of the tribes:
Major deities: Linus Torvalds, Neil Gaiman
---
Trouble is, as you can see with my post going from +1 INFORMATIVE, to +2 INTERESTING, & now down to 0 (but with the "good ratings upwards" still in place in INFORMATIVE for now @ least while I post this?) Those same "/. samurai" have to resort to what I call their "last weapon" in the effete & unjustified "mod down" (as usual with my posts like these)... they only prove this point for me, everytime, lol!
SECONDLY: Thank you for this:
"Most intelligent and objective post I've ever seen on Slashdot about Windows." - by AthleteMusicianNerd (1633805) on Thursday June 10, @12:18PM (#32524584)
Sincerest thanks,
APK
P.S.=> As per usual, however?
Well, you can see the ratings on my initial posting "WILDLY FLUCTUATING" because of the "cult of slashdot", which I noted from an INFOWORLD ARTICLE THIS WEEK no less (lol, they remind me of Dr. Who's DALEK "Cult of SKARO" in fact, as a sort of analogy here)?? They're going "wild" trying to "downmod" it, as per usual... to no avail, facts ARE FACTS, & that's that (they can't STAND that much, & all they have left as usual, is their "effete mod downs" & attempts @ putting "spins" on facts from a reputable security site in SECUNIA.COM's data)... apk
No. It was created to replace Multics. From the very foundation it was made to be portable, multi-user and multi-tasking. I think you're thinking of emacs... or possibly Linux, which was originally to be a terminal emulator.
"If you're including linux from 2003, you have an odd and erroneous definition of "latest/greatest". " - by oakgrove (845019) on Thursday June 10, @01:35PM (#32525512)
Like I said in my post you replied to? FIND US MORE CURRENT DATA ON WHATEVER BUILD OF LINUX YOU CAN FIND THERE... ok?? I'll be GLAD to see it in fact!
(You've still NOT ANSWERED MY QUESTION THOUGH: Can the 11 remaining security VULNERABILITIES PRESENT IN LINUX (core only, not counting security vulnerabilities in KDE or GNOME, BA$H, or other commonly used parts of LINUX that would make it "more on par" with what's being checked on in BOTH Windows 7 &/or MacOS X?) BE AS EASILY "WORKED-AROUND" as the 2 remaining security vulnerablities in Windows 7 (both rated 2 or less mind you, in terms of threat levels)?
Please answer that...
---
"Not only that, Windows 7 is an OS, Linux is not" - by oakgrove (845019) on Thursday June 10, @01:35PM (#32525512)
LOL, "ok"... funny, but I said that LINUX is ONLY BEING ANALYZED IN PART, per my question above no less, unlike Windows 7 &/or MacOS X in THEIR ENTIRETY (E.G./I.E.-> Window mgt. subsystems, shells, & more) whereas LINUX is ONLY THE CORE/KERNEL being reported on, NOT ITS ENTIRETY (with the bugs that would add to the 11 already present in Linux mind you, compounding that further).
---
"If you want to attack Linux's security record, at least do it in good faith then people might be willing to listen to your arguments." - by oakgrove (845019) on Thursday June 10, @01:35PM (#32525512)
I did so, by merely citing reported facts from a respected & noted security vulnerabilities tracking clearinghouse in SECUNIA.COM, with the "latest/greatest" versions of each OS I could find for Linux, Windows, & MacOS X! What more do you want?
---
"Your original post is little more than noise and it just sets you up for ad hominems and derision as no one can really take you seriously." - by oakgrove (845019) on Thursday June 10, @01:35PM (#32525512)
Ad hominem attacks are a logical fallacy & only show that when one has to use that? They are on "the ropes", losing badly... pretty simple!
APK
P.S.=>
"I'm not going to bother refuting the rest of your drivel since it all rests on this one blatant fabrication." - by oakgrove (845019) on Thursday June 10, @01:35PM (#32525512)
No, you're outright RUNNING from answering a simple question I asked before, in my last post which you replied to again, AND, here once more above... & as far as "fabrication"?
I merely reported facts & cited the workarounds possible for the 2 remaining security vulnerabilities in Windows 7 (vs. the "latest/greatest" from *NIX variants, in MacOS X &/or Linux kernel 2.6x)...
So, "do the math, & argue with the numbers" & facts (11 sec vulns on LINUX, 8 sec vulns on MacOS X, & only 2 on Windows 7), & SECUNIA.COM... apk
They might have broken into the US automobile (and motorcycle) market by selling at low prices, but quality was indeed part of their leverage. My dad remembers when Yamaha first started making motorcycle sales in Minnesota -- people actually started buying them instead of Vulcans or Indians because 1) they didn't shake themselves apart, and 2) they would actually start in the winter. And I can easily recall how crap the US cars were in the late 70s through the 80s, when Toyota and Honda really started eating Detroit's lunch. My folks went in for a Saab and a Honda. My first two cars were a Honda Civic and a Toyota Corolla. Ford stood for "fix or repair daily", something the Japanese automakers wouldn't stand for -- or more accurately, couldn't afford. Ford et al couldn't afford it either, in the long run, but too few people were looking at the long run.
So no, I don't think market share alone determines success or market control, not long-term. A monopolist or consortium can control a market to some degree, but if things get too far out of balance, if they stray out of bounds (set prices too high, allow quality to degrade too far, try to lead their customer base in a very different unliked direction, etc etc), the time is ripe for outsiders to bring in new products and new brands and dethrone the controlling interests. Detroit got cocky, and was undone by its own hubris; it kinda looks like Microsoft is heading down that same road.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
http://it.slashdot.org/comments.pl?sid=1681772&cid=32525870
"It's a troll for one very simple reason. He's including 2.6 kernels from 2003 and comparing them to Windows 7 which uses the NT 6.1 kernel which is a derivative of the NT 6 kernel used in Vista." - by oakgrove (845019) on Thursday June 10, @01:42PM (#32525588)
Argue with SECUNIA.COM then, because all I did, per the URL above (where you avoided a SIMPLE QUESTION from me, 2nd time in our exchange there no less), was report on facts from secunia, which is a respected & noted security vulnerabilities reporting clearinghouse... that's all!
---
"Intentionally distorting facts to support your argument is trolling." - by oakgrove (845019) on Thursday June 10, @01:42PM (#32525588)
LOL, ok... "sure"... then again, even the folks @ INFOWORLD THIS WEEK NO LESS, KNOW ABOUT THE "LINUX/OPENSORES/FIREFOX" fanboy fanatics & zealots around here too:
---
Six More Tech Cults:
http://hardware.slashdot.org/story/10/06/07/1518216/Six-More-Tech-Cults [slashdot.org]
"Pity the fool who wanders blithely into a discussion and says, "What's the big deal with Linux? Windows works just fine." His online remains will later be hauled away in Chinese takeout boxes."
Tech cult No. 1: The Slashdot Samurai /. (Where else?)
Established: 1997
Gathering of the tribes:
Major deities: Linus Torvalds, Neil Gaiman
---
Trouble is, as you can see with my post going from +1 INFORMATIVE, to +2 INTERESTING, & now down to 0 (but with the "good ratings upwards" still in place in INFORMATIVE for now @ least while I post this?) Those same "/. samurai" have to resort to what I call their "last weapon" in the effete & unjustified "mod down" (as usual with my posts like these)... they only prove this point for me, everytime, lol!
So, as far as "trolling" & trying to put a "spin on things"?
Well... it seems others are disagreeing with you, such as those you replied to now here (and please - don't avoid that question in the URL above... thanks!)
---
"Furthermore, he's bringing up secunia stats as if that is the whole story without mentioning the relative severities." - by oakgrove (845019) on Thursday June 10, @01:42PM (#32525588)
You're RIGHT - so, IF I was to add on the KNOWN SECURITY VULNERABILITIES in the remaining parts of LINUX not noted (such as KDE or GNOME, or even BA$H, to name only a FEW parts omitted in my fair analysis of the LINUX KERNEL/CORE ONLY mind you, vs. the rest of it that folks use regularly/usually, which DO GET ANALYZED IN WINDOWS 7 &/or MacOS X?)?
You'd see more than the 11 security vulnerabilities in Linux... my guess? Far more.
---
"Of course, it's a red herring anyway as I've already pointed out." - by oakgrove (845019) on Thursday June 10, @01:42PM (#32525588)
Well, seeing as how others here are disagreeing with you? I'd take a look at the paragraph above I just put up, and the facts therein, as well as you PLEASE answering the questions I asked you, here -> http://it.slashdot.org/comments.pl?sid=1681772&cid=32525870 also... thanks!
(Especially since it seems you are AVOIDING what I asked you there in that URL just above...)
APK
You're RIGHT - so, IF I was to add on the KNOWN SECURITY VULNERABILITIES in the remaining parts of LINUX not noted (such as KDE or GNOME, or even BA$H, to name only a FEW parts omitted in my fair analysis of the LINUX KERNEL/CORE ONLY mind you, vs. the rest of it that folks use regularly/usually, which DO GET ANALYZED IN WINDOWS 7 &/or MacOS X?)?
Why don't we just compare apples to apples and see what the results are when Windows goes head to head against the most popular Linux distro with some of the best hackers in the world trying to break in.
Damn.
The soylentnews experiment has been a dismal failure.
http://it.slashdot.org/comments.pl?sid=1681772&cid=32525656
See that post, & answer the questions there (mainly the one regarding IF Linux's only PARTIAL LIST of kernel/core level errors only, 11 left (not counting ones probably present in LINUX 2.6x's Window managers, KDE/GNOME shells, &/or BA$H + other tty terminal consoles too possibly & more) are as easily "worked around" as those in Windows 7 are?)
APK
P.S.=>
"To whit, you have no idea what you are talking about and I'm not going to even bother wasting time arguing with you anymore." - by oakgrove (845019) on Thursday June 10, @02:16PM (#32525934)
Yea, ok... by the way, & I ORDINARILY WON'T/DON'T DO THIS? The correct phrase is "to wit" (not "to whit")!
Plus, you've already said that 2-3x or so, by now (that you were leaving & not responding here anymore, gee I wonder why (NOT)), while you avoid a SIMPLE QUESTION I ASKED OF YOU HERE 2-3x now too, see above...
LMAO, man... "too, Too, TOO EASY!"... just too easy! apk
The fact that microsoft makes poor quality goods is only a portion of the problem. Installing these poor quality goods in mission critical areas contributes to the problem. Microsofts growth has partly come from its market position, and many quality technology products have lost in the market because of microsofts abuse of its position, and probably the worst part of this problem is the role of illiterate pundits who don't even know what a quality product is (or anything about anyone elses products). Illiterate astroturfers pollute intellectual discussion. A quick summary of the statements they make indicate that they have no clue how computing technology works (often they have a superficial knowledge, and claim full knowledge, when in fact, they read a little, can't tell if the design of the product is good or not, can't compare one product with other vendor's products because they don't know about other vendors products, but still feel the urge to pollute the internet with their opinions, to the detriment of us all. Go ahead, softies, get all excited and upset, but I can I have administered operating systems in a professional manner for six different vendors (and with some vendors, multiple operating systems). Microsoft is one vendor. Have any of the softies administered a Sun operating system (sunos/solaris)? How about a DEC operating system (vms/ultrix). How about IBM (VM/CMS, System36, MVS/XA, OS400, OS/2). How about any of the BSD operating systems? FreeBSD, OpenBSD. How about Plan9? How do you know your are "better" if you have never looked at anything else? Are you all just the great unwashed without any real ability to compare and contrast because you only know one thing? I have also administered microsoft operating systems (and no, they are not as good, and when I say 'well you know how MVS (IBM's Multiple Virtual Storage operating system) handles print operations' people give me a blank stare, because they don't know any better. They can't compare because they don't know. Yet they rant and spew but have no clue.
the use of decompression chambers. Then again its because he DIED from caisson disease (decompression.)
But MANDATING the use of decompression chambers, just like the use of collapsible steering columns in cars which would stop you from resembling a bug in a Victorian collection, (pinned through the chest,) had to be enacted by someone who wasn't in it just for the money.
The accountants told GM, Ford and Chrysler: "This will cost share holders $ and upset the P&L Statements".
The government and a whole bunch of the American public read "Unsafe At Any Speed" and said "Screw YOU GM, Ford and Chrysler! I'll pay the extra $300 to not get skewered..."
SOMEBODY has to take the reins from "Laisser Faire" at some point because businesses are too short sighted to look up from the balance sheet.
(I'm convinced that HELL has a special section for accountants where balance sheets DON'T, nobody gives a shit about P&L Statements and Journals are maintained up to the microsecond...)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
So a political figure has had the epiphany that many figured out by common sense and experience a decade ago.... *sigh*
"I doubt it. APK has a long history of posting this kind of crazy shit. Frankly I'm surprised he wasn't going on about HOSTS files like he normally does." - by DocHoncho (1198543) * on Thursday June 10, @01:25PM (#32525394) Homepage
Sure, sure... The "cult of slashdot" (noted by INFOWORLD here no less this week, lol!):
Six More Tech Cults:
http://hardware.slashdot.org/story/10/06/07/1518216/Six-More-Tech-Cults
"Pity the fool who wanders blithely into a discussion and says, "What's the big deal with Linux? Windows works just fine." His online remains will later be hauled away in Chinese takeout boxes."
Tech cult No. 1: The Slashdot Samurai /. (Where else?)
Established: 1997
Gathering of the tribes:
Major deities: Linus Torvalds, Neil Gaiman
---
Everyone KNOWS THE SCORE HERE (rabid name calling & such is the responses of these zealots here, everytime in the end, once you put up data they have NO "spin" for... everytime! It's hilarious, and sad!)
Trouble is, as you can see with my post going from +1 INFORMATIVE, to +2 INTERESTING, & now down to 0 (but with the "good ratings upwards" still in place in INFORMATIVE for now @ least while I post this?) Those same "/. samurai" have to resort to what I call their "last weapon" in the effete & unjustified "mod down"And, the inevitable name tossing & other forms of ad hominem illogical attacks... they only prove this point for me, everytime, lol!
So, back on track here?
Well, when these "wannabe /. samurai" (lol, yea right, I'd like to see how many of my detractors here actually have CSC, CIS/MIS degrees, or even certifications like an MCSE or equivalent to their name, much less 16++ yrs. or better of well noted & published works in noted & respected books, magazines, newspapers, & more to their name/credit... so much for them being "CORRECT AUTHORITIES" (per LOGIC))?
When faced with data & facts they cannot overcome with facts & solid data, always resorts to 3 things:
---
1.) Ad hominem attacks (which you trolling post obviously is such an example thereof)
2.) Unjustified mod downs (or other technically erroneous FUD & what not put up in reply, along with name tossing ad hominem attacks)
3.) Taking things off topic (which you are also trying, lol, to no avail (as far as HOSTS files go? I'd debate their effectiveness vs. anyone on the PLANET, & as usual? I'd win... especially vs. fans of DNS servers, or AdBlock alone, for example)
---
Just as they have here, in addition to they avoiding SIMPLE QUESITONS I asked of they many times in this exchange already (such as oakgrove here -> http://it.slashdot.org/comments.pl?sid=1681772&cid=32526288 )
APK
P.S.=> Zealots/fanboys ("CULT OF /.", LOL): GIVE US A BREAK ALREADY, PLEASE... LOL! apk
I have checked various registries of accreditation and do not find Anonymous Coward in any of them. Perhaps you should start by revealing your identity and proving your assertions of credentials. Next, don't assume I have less experience and no accreditation. I have a degree. I have certifications and I have been in the industry since I was 16... I am 42 now. I have experience with everything from mainframes to the most obscure PCs and just about everything in between. I know the lay of the land. I know it too well. I was there for the birth of Unix (sort of... it coincides with my own birthday) and have followed the tech since then. It has been my life and obsession. Do not begin to believe that degrees and certifications even BEGIN to make someone qualified to understand what is really going on.
What you have is "product training" and little more.
"...yes, because we all know some buffer overflow is the same as worms that repeatedly bring down the internet or people's individual machines." - by jedidiah (1196) on Thursday June 10, @12:45PM (#32524926) Homepage
Show us that currently in Windows 7, won't you? The OS itself mind you... thanks!
(Linux, iirc, is largely written in C @ it's Core/Kernel... I wonder IF Linux uses sscanf in its sourcecode there?? If so, that's a problem of the nature you speak of in fact, in that the sscanf instruction for years has been known to be buffer overflowable!)
---
"Cherry picked statistics can't quite compare to how systems actually behave in the wild." - by jedidiah (1196) on Thursday June 10, @12:45PM (#32524926) Homepage
Well, as I noted to others here? Windows Server seems to be doing QUITE WELL "in the wild" (in actual REAL WORLD USE) per its having less security vulnerabilities than Linux does in its latest/greatest 2.6x core-kernel only @ SECUNIA (per the stats in my 1st post) & also for NASDAQ, where Windows Server is the OS for its "OFFICIAL TRADE DATA DISSEMINATION SYSTEM" & has run there without a hitch, 24x7, for years now no less, in a high tpm environs!
---
"This is why Lemmings cling to them so much." - by jedidiah (1196) on Thursday June 10, @12:45PM (#32524926) Homepage
I take it you're calling ME a "lemming"... ok, tell you what: When you can show you've done MORE THAN THIS, and from as long ago & up to presently today in respected publications (Windows IT Pro being my fav of the lot below no less), which I have & you were probably still in diapers I wager?
"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."
----
Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61
(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).
WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)
PC-WELT FEB 1998 - page 84, again, my work is featured there
WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there
PC-WELT FEB 1999 - page 83, again, my work is featured there
CHIP Magazine 7/99 - page 100, my work is there
GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it
HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!
Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...
Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3
----
What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):
"But by the grace of God I am what I am: and his grace which was bestowed upon me was not in vain; but I labored more abundantly than they all: yet not I, but the grace of God
They are low quality products [1]. Microsoft owns the market share it does because business-wise, they entered a growing market at the right time, with the right sort of software that your average business needs[2]. The operating system and software didn't have to work perfectly. It just has to work most of the time. That is good enough for most businesses ( and government ). It became so widely adopted early on that to change now becomes a matter of better the devil you know than the devil you don't in the eyes of many budget reviews. You don't have to make great software to be good at business.[3]
[1]: you've just convince me, GREAT argumentation!!!. [2]: "right software" for me means giving people what they want, which is good, and if they sucked, why everybody used them?. [3]: so, everybody bought their software, i imagine that they bought it because it sucks!!!. Maybe next time you should think before you post, or at least justify your opinion, "because i say so" is not valid.
Your assumption is that publicly acknowledged vulnerability count is an accurate indication of software quality, but this assumption is flawed. First, the software could have bug, but nobody knows about it because nobody looked for it nor observed it. You always have bugs that are unobserved. Even when the vendor has perfect knowledge of how many bugs they have in the software, their willingness to disclose it for public acknowledgement determines how many vulnerabilities are counted on Secunia.
Secunia shows bugs that are reported to the public, and by definition, all bugs in open source software are public information. The vulnerability count for Linux enjoys the most accurate disclosure. Mac OS X is partly closed source and partly open source. Even so, Apple voluntarily acknowledges the presence of vulnerabilities whenever it publishes software update. The unfixed vulnerabilities reported to the public all belong to the open sourced part of Mac OS X, which is public knowledge. If Apple decides to stop acknowledging vulnerabilities, at least the vulnerabilities in the open sourced part of Mac OS X is still public information, and they can be found through careful code review.
Last, we have Microsoft Windows, which is a closed source software, so nobody can see how the software is written except by reverse engineering the machine instructions, which violates the EULA. Any end user who purchased a version of Windows are automatically disqualified to find bugs, except when they stumble upon it by accident (software crash). Even so, the information you gain from a crash report is extremely limited. It doesn't even tell you how severe the bug is.
How then, do Windows vulnerabilities get published on Secunia? They're mostly found by independent third-party who stumbled upon a bug and decided to break the EULA to investigate the crash. Studying how the software works by reverse engineering is excruciating and time consuming. Unless you have an ulterior motive, you will not be doing that. If you are in the business to create 0-day exploit, you won't want to disclose the bug either.
So I argue that the reason Windows has lowest vulnerability count on Secunia is because of the near zero disclosure from Microsoft as well as third-parties, not because the software is well-written.
I once had a signature.
Plus, you've already said that 2-3x or so, by now (that you were leaving & not responding here anymore, gee I wonder why (NOT)), while you avoid a SIMPLE QUESTION I ASKED OF YOU HERE 2-3x now too, see above...
What can I say? I'm a sucker for a troll.
See that post, & answer the questions there (mainly the one regarding IF Linux's only PARTIAL LIST of kernel/core level errors only, 11 left (not counting ones probably present in LINUX 2.6x's Window managers, KDE/GNOME shells, &/or BA$H + other tty terminal consoles too possibly & more) are as easily "worked around" as those in Windows 7 are?)
I've already told you why your argument is too stupid to even respond to but, here. Now scurry back under your little bridge, little troll and chew on that for a while as that's about the best actual apples to apples comparison that I could find where Windows and Linux were in the same room.
The soylentnews experiment has been a dismal failure.
Windows is missing an integrated centralized package manager. This results in programs with redundant update mechanisms, often implemented in a poor or annoying way. Many programs seem to update themselves during startup, the most inconvenient time because that's when you actually want to use them. Or they annoy the user with popups in the system tray.
A centralized package management would instead rely on a list of package repositories to which vendors could add their own URLs. Of course packages would be secured with public key cryptography infrastructure to prevent man-in-the-middle attacks and ensure integrity, much like it is implemented in Debian GNU/{Linux|kFreeBSD}.
The package manager keeps track of all packages' files. That allows the administrator to clean up a system very easily, by listing all files that weren't installed intentionally and deciding what to keep & delete. How many programs leave crap in the Windows directories?
Packages could, optionally, share dependencies instead of using a dozen copies of the same DLLs. Shared dependencies save disk space, eventually RAM and can increase security. When a security problem emerges in a library, the system only needs to update that one package instead of every program that ships with a redundant copy.
These are the some of the problems that keep Windows away from my systems.
"I have checked various registries of accreditation and do not find Anonymous Coward in any of them. Perhaps you should start by revealing your identity and proving your assertions of credentials." - by erroneus (253617) on Thursday June 10, @02:59PM (#32526486) Homepage
Ok then, here we go (I expect the SAME from you though, and I would like the questions I asked of you answered as well here -> http://it.slashdot.org/comments.pl?sid=1681772&cid=32526288 which you repeatedly have avoided no less)
---
"Next, don't assume I have less experience and no accreditation. I have a degree. I have certifications and I have been in the industry since I was 16... I am 42 now." - by erroneus (253617) on Thursday June 10, @02:59PM (#32526486) Homepage
Oh, I assume NOTHING... & for another thing? I am YOUR SENIOR.
Ah, anyhow/anyways: Here are some things I have done in this art & science that are easily verified (partial small list only mind you, only my favs):
"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."
----
Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61
(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).
WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)
PC-WELT FEB 1998 - page 84, again, my work is featured there
WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there
PC-WELT FEB 1999 - page 83, again, my work is featured there
CHIP Magazine 7/99 - page 100, my work is there
GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it
HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!
Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...
Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3
----
What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):
"But by the grace of God I am what I am: and his grace which was bestowed upon me was not in vain; but I labored more abundantly than they all: yet not I, but the grace of God which was with me." - Corinthians Chapter 10, Verse 10
(And, because I got LUCKY to have been exposed to some really GREAT classmates, professors, & colleagues on the job over time as well)
NOW, as to education? Ok, proof of that here (where I was also a lettering NCAA starter for a many time NATIONAL CHAMPION in Div II no less, even runner up this & last year):
(See "K" section, & see my initials, & 1985)
http://www.lemoynedolphins.com/sports/mlax/history/mlaxletterwin
I know its popular to bash MS on product quality and security. In fact holding any other position besides MS sucks is foolish because it does not lead to improvement. Sucking is a realitive term and so when you say MS sucks the question becomes realitive to what? If you need high security for godsake don't use a general purpose operating system. If you need critical availability for godsake don't use a general purpose operating system or consumer grade hardware.
Richard clarke is an idiot. He blaims the use of Microsoft windows on the USS Yorktown incident as the reason for the problem. This is absurd. To date noone has provided any evidence of a defect in Windows being the root cause of the problem in this case. The problem was a classic divide by zero issue in the ships control software (NOT WRITTEN BY MICROSOFT) what difference would it have made if it had run on Linux, BSD, AIX or whatever? How do these platforms prevent divide by zero in userland code in a way that MS has failed to do in NT4? What kind of idiot would allow this sort of failure mode to even be possible in the first place?
Why is what happened in an ancient version of Windows more than a decade ago still realevent? I understand Richard clarke is pissed about MS of years ago and their in-your-face lobbying efforts to keep unfavorable legislation out of the picture. I do not accept the citation of ancient history as evidence of todays reality althought I agree with the sentiment that Microsoft sucks. But then again Linux sucks and MACs suck too.
Adobe sucks, firefox sucks... Every month I see Cert advisories for security hole after security hole. Its an endless cycle of nonsense. The number of security updates pushed out from various mainstream Linux package systems on a constant basis is nothing short of breathtaking.
To top it all off we have millions of gullable users who actually believe what they read on the computer screen and activly get suckered into joining massive botnets or sending their life savings to a Nigeran princess.
We have millions of "web developers" who couldn't write secure code if their life depended on it and it shows.
At some point even if it were possible to wave a magic wand and say Linux or Windows or whatever is 100% secure its not going to do much good.
Richard Clarke gets it.
See subject line above... lmao!
"Now scurry back under your little bridge, little troll and chew on that for a while" - by oakgrove (845019) on Thursday June 10, @03:16PM (#32526710)
Yea, "ok", sure... lol, see my P.S. below, and note you are reduced to an ad hominem attack... lol, as your "best reply"!
("too, Too, TOO EASY", as per usual)
APK
P.S.=> INFOWORLD IS RIGHT:
---
Six More Tech Cults:
http://hardware.slashdot.org/story/10/06/07/1518216/Six-More-Tech-Cults
"Pity the fool who wanders blithely into a discussion and says, "What's the big deal with Linux? Windows works just fine." His online remains will later be hauled away in Chinese takeout boxes."
Tech cult No. 1: The Slashdot Samurai /. (Where else?)
Established: 1997
Gathering of the tribes:
Major deities: Linus Torvalds, Neil Gaiman
---
Trouble is, as you can see with my post going from +1 INFORMATIVE, to +2 INTERESTING, & now down to 0 (but with the "good ratings upwards" still in place in INFORMATIVE for now @ least while I post this?) Those same "/. samurai" have to resort to what I call their "last weapon" in the effete & unjustified "mod down" (as usual with my posts like these)... they only prove this point for me, everytime, lol... apk
Try this on Google.com, slashdot microsoft works better on apple hardware".
Your information is STALE, because that's currently not the case for Windows 7
No, it isn't STALE. What I said was that "eight of Window's 20 advisories have been 4's and one was a 5", this is not stale. It's true, per the links above.
BTW, the verb I used, 'have been', has what's called "perfect aspect". In context it means that MS shipped Windows 7 with serious problems and patched them later.
The 2 small ones Windows 7 has are EASILY worked around too, I wonder if the same can be said of the 11 outstanding issues on LINUX 2.6x??
Yes, for the most part the same can be said:
The rest are classified as "not critical" because they only involve a local DoS.
Anyway, enough troll-feeding for me.
Mod points: Guaranteed to remove your sense of humor.
Side effects may include gullibility and temporary retardation
To my understanding, the argument of the "ex-white house" official only demonstrates that the government has been spending money in "poor quality goods". If microsoft got its money for its low quality software, then someone was not doing its homework.
Why blaming MS now, when their massive adoption and lack of alternatives boosted their millions? Why the government never supported linux or other systems?
I have been reading this exchange and all you have done so far is call others names and to make false implications, both of which have been directed against apk by yourself, indicative of your ad hominem attack illogical so called arguments here. You also have avoided his questions as to how many of Linux's 11 known security errors can be worked around as easily as the 2 that Windows 7 has. You, sir, have far from disproven and "debunked" apk's points. In fact while I have read through this here, it appeasr that all you have done is prove his points on the Linux zealots and fanboys around here that infoworld noted and apk put out as evidence thereof to that effect. Ordinarily I'd post under my registered account here, but as the infoworld article basically implied, you'd probably troll me that way until the end of time. No, you have failed here badly on all accounts.
So what, you are seriously comparing kernel 2.6 (released December 2003), all versions of Os X (server released in 99, desktop 2001) with Windows 7? I guess that could be a fair comparison in some dimension.
No, it isn't STALE. What I said was that "eight of Window's 20 advisories have been 4's and one was a 5", this is not stale by quickOnTheUptake (1450889) writes:
on Thursday June 10, @03:53PM (#32527180)
Beg to differ (learn to read please because he noted you are referring to long ago patched issues, thus, they are non sequitur).
Windows 7 currently only has 2 remaining known security vulnerabilities, and they are rated 2 (little threat) and they have easy work-arounds. Do the 11 remaining known security issues on Linux latest 2.6x kernel only have such easy work arounds for all of them?
I would have to say no, because of your avoiding that question here constantly along with others of your nature (the slashdot samurais referred to by infoworld this week as "tech cult #1", hilariously in fact).
Thus, so much for your information being current, because you are citing no longer exploitable security vulnerablities on Windows 7.
I also wonder why it is that everytime apk has asked others here if the remaining 11 known security problems on Linux can be as easily worked around as the 2 single ones on Windows 7 are?
I don't really have to ask, because it's obvious they must not have possible workarounds for each of them, as Windows 7 does.
Dude, don't argue with the apk. It just makes it stick around longer.
Dewey, what part of this looks like authorities should be involved?
So go on and ask your moderators if I am posting from the same ip addresses as apk is. As I stated here already I would post under my registered account here but I do not need the likes of yourself trolling me. Infoworld even alludes to that going on here, so that is good enough for me. Besides, I have been around here long enough to know that so far you and yours have done a very poor job of things in your ad hominem attacks on the ac apk and in your avoiding his simple questions also. Whenever he gets you to all start name calling or making other silly insinuations he has truly out thought and out smarted you all apparently. Once more, I'm not apk so get that out of your head. I just read and saw how poorly you and yours are doing here and decided to comment on it as is my right to do so. I will however ask if you have your PHD in Psychiatry (which I have seen apk ask of your kind here when they try to say someone needs mental help and what not no less and it's effective as I haven't seen anyone around here with a PHD posting in years), as is another standard tactic your kind resorts to along with name calling. Ha, I bet next thing will be is writing style critiques as your last resorts when you cannot disprove and debunk facts that apk and others like he use against your propoganda.
There was some government money (DARPA, I think) was was used to fund some development of OpenBSD. But then Theo, a Canadian, expressed his feelings about the invasion of Iraq. The money disappeared suddenly. (See http://en.wikipedia.org/wiki/Theo_de_Raadt and find the "DARPA funding cancellation' section.) The JASONs, it seems, have to answer to politicians. If you are more kind to the JASONs, you could note that the funding was yanked in April, 2003. The JASONs traditionally work in July, August, September, October and November so they only have to miss one semester. So in April, DARPA has all the bureaucrats and fewer JASONs.
Think global, act loco
That's the most current version of linux that secunia.com has data on, which is only part of linux in its entirety as to what composes what people really use in Linux since it is a GUI world really for most users of any Operating System. Since version 2.6xxx kernel is the most current shown at secunia as far as major builds it is obvious why the ac apk used it. He fairly compared both macos x and windows in their current builds and in their entirety inclusive of gui shells, command interpreters, and more (unlike linux only being shown with its kernel errors, not the rest of the ones in kde, gnome or bash as he noted here). So unless you can show us more current ones over at secunia.com for us to look at. I cannot find any but perhaps you can. Mind also what's been noted here and that's also only the Linux kernel-core only, again, which is not the entirety of what people use in Linux such as KDE or Gnome for example (or more in window manager subsystems or character mode terminals like BASH as well). By way of comparison though, windows 7 and macos X are analysed in their entirety and show less security vulnerability than does Linux's latest kernel-core in version 2.6xxx per what apk noted. Is this the best you people who champion Linux around here have in your rather flawed replies? This only further makes what infoworld said of your kind here all the more true, in that you are the fanboy fanatic and zealot Linux club and nothing more.
That could make the problem far worse... could be a lot of exploits to vulnerabilities that could not be announced nor reported as doing so would put in legal troubles.
And the desktop is a big trouble. I think it was desktop what was used in Google intrusion, same for this bank intrusion. The biggest vulnerabilty of any system is the people that works on it.
Microsoft isn't the weak link, bad admins are the weak link.
I know I shouldn't but it's so much fun watching him squirm.
The soylentnews experiment has been a dismal failure.
I like the article.
I agree that Windows is a major security problem, not just for end-users but the United States as a whole. Having a single dominant platform makes life much easier for hackers, since it allows them to focus their efforts much more narrowly. Switching completely over to Linux however, is not a panacea, since well just have the same problem - a single platform (yeah yeah, there are lots of distributions of Linux, but its Linux ffs). I completely disagree with Clarke's call for monitoring of net traffic for "malware", since I don't trust the federal government to define "malware" in the way a normal person would. Even if he is sincere in his claim that this monitoring would help, it would eventually devolve into an end-run around the 4th Amendment.
A better plan is to let the free market take its course, allowing a spectrum of operating systems to appear. Obviously, it will take a while since MS is so dominant, and people are generally scared of trying new things (like Linux), but eventually consumers will figure out that Microsoft's stuff is lower in quality-per-cost compared to other alternatives, and switch over.
As an aside, has anyone seen the prices on Microsoft's Office 2007 stuff? They were selling it for like, $400 at Office Depot a few days ago. And OpenOffice is free and has ~95% of the functionality o_O. I can only imagine how much money my local government (school board, etc.) would save by switching over to open-source programs.
White House advisor states a piece of software installed on almost every government desktop is a possible target for cyber war.
Can we start moderating submissions as flamebait?
Your post may be completely right, but your haphazard punctuation and aggressive boldfacing and capitalization have dissuaded me from actually reading it.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
WinCE that is used for the XBox is PPC
That is the most aptly name Windows version ever.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
You kind of ignore the fact that the best security exploits are the ones that have not been publicly declared. From any government's point of view when foreign powers have access to windows source and can search for exploitable faults and not declare the ones found but simply use them, it has to be a worry.
Whilst the same can be said of Linux source code, there is nothing stopping governments from securing Linux code for the own use whilst windows is being used by other governments in an unfixable state.
From a Linux point of view it is fairly difficult for someone to fix undeclared bugs and distribute the fixes without everyone else finding out about it and also making use of that fix. There is also nothing stopping them from finding all the bugs in windows and then using Linux to secure their own system. Especially non-US governments, as everyone knows due to lobbyists corruption and the M$ bank balance the US will continue to be forced to use it out into the foreseeable future.
Hell, the Republicans were even going to put Steve "Uncle Fester" Ballmer in charge of US government IT and let's guess what software he would have chosen and what price the US would have paid for it, how about the pharmaceuticals no discount for the feds option full tote retail (those guys don't even try to pretend about corrupt corporate political placements).
Chaos - everything, everywhere, everywhen
"If you don't know what a proxy server is, you aren't qualified to even be in this conversation." - by oakgrove (845019) on Thursday June 10, @05:27PM (#32528534)
You STILL here? Now, If you think that's some "special know-how"?? Please - all you're doing, is giving away how you yourself attempt to deceive others, and a NEWSFLASH FOR YOU:
In fact, I'll show others how outright lame you are in this which anyone here is FREE to try (it's NOT how I "beat" the unfair "10 posts per 24 hour limit" imposed on us AC's either so you know - I have a FAR faster & more efficient way of doing it in fact, only takes me 5-7 seconds in fact)... but, anyhow?
Well - Try to use a proxy here, especially a HIGHLY ANONYMOUS one... lol, see how far that gets you!
(As an aside: I'll give the /. people 1 thing: They've "countered" for that PUNY TRICK, years ago...)
So, please - Give us ALL a HUGE break, because I'm going to be as forthcoming as I can here: ALL YOU ARE, IS A USER (not a designer)... you're a TAKER (not a builder).
All guys like you do, is use what people like ME, create for those like YOU, to USE... & that's that!
(I am a multiply degreed (CSC & MIS) and many years programmer/analyst & later software engineer as to titles I hold (from roots in being a tech & later a network admin, so I KNOW that of which I speak, first hand in fact, because I was at "your level" many MANY years ago - it was the main "WHY" of why I moved onto the "ultimate evolution" of the computer person as a programmer - we create, others use... it was put that way to ME years ago by a then superior of mine is why, & it made sense and I took it to heart... albeit, I did something about it, & became a creator & designer, instead of a merely a "user"...)).
---
"So, uh, some people started a web site and said some stuff." - by oakgrove (845019) on Thursday June 10, @05:27PM (#32528534)
Yea, they did, & they're pretty known + respected... but, I'll let YOU take a read about it:
---
Six More Tech Cults:
http://hardware.slashdot.org/story/10/06/07/1518216/Six-More-Tech-Cults
"Pity the fool who wanders blithely into a discussion and says, "What's the big deal with Linux? Windows works just fine." His online remains will later be hauled away in Chinese takeout boxes."
Tech cult No. 1: The Slashdot Samurai /. (Where else?)
Established: 1997
Gathering of the tribes:
Major deities: Linus Torvalds, Neil Gaiman
---
Trouble is, as you can see with my post going from +1 INFORMATIVE, to +2 INTERESTING, & now down to 0 (but with the "good ratings upwards" still in place in INFORMATIVE for now @ least while I post this?) Those same "/. samurai" have to resort to what I call their "last weapon" in the effete & unjustified "mod down" (as usual with my posts like these)... they only prove this point for me, everytime, lol!
In fact? I've yet to have one of you "wannabe slashdot samurai" ever get the better of me on technical issues here... but, then again?? The BULK of you are nothing more than users as I stated above... period!
(I.E.? You're NOT EVEN REMOTELY IN THE SAME LEAGUE! People like you, are like musicians that use TABLETURE... & that's about it, but you certainly do NOT "read music"... you only play "by rote" @ most/best!)
You may not LIKE that, but when it was put MY WAY, back in 1991 or so? I took it to heart & did something about it (it's called education).
---
"This is fallacious for several reasons, among them, 7 uses virtually the same kernel as Vista so why didn't he include the Vista number?" - by oakgrove (845019) on Thursday June 10, @05:27PM (#32528534)
How WEAK: The SAME CAN BE SAID FOR LINUX KERNELS... & your LAT
"I know I shouldn't but it's so much fun watching him squirm" - by oakgrove (845019) on Thursday June 10, @06:09PM (#32529070)
LMAO: You avoided my question on Linux's security vulnerabilities, all 11 of them, & in the LINUX kernel/core ONLY... not even counting those present in KDE or Gnome which would COMPOUND and escalate that number no less (whereas both Windows 7 &/or MacOS X are judged, in their ENTIRETY, not just their kernels & they have less security vulnerabilities than LINUX does mind you)...
So, in regards to the 11 sec vulns in Linux, again a question:
Are they as easily worked around & as effectively as the 2 low threat rated sec vulns on Windows 7 are?
(You'll avoid answering that, yet again, as per usual... In doing so? Well, you've shown us ALL, that if ANYONE here is "squirming"boy? LMAO - it's QUITE CLEARLY YOU!)
APK
P.S.=> Yes, as per usual for me? Well, so much for these "wannabe /. 'samurai'" lol... It's just "too, Too, TOO EASY" for me, too easy... apk
"Your post may be completely right, but your haphazard punctuation and aggressive boldfacing and capitalization have dissuaded me from actually reading it." - by fishexe (168879) on Thursday June 10, @08:10PM (#32530348) Homepage
Oh, I am on the technicals of this... & as to your "reading issues"? Others don't have them - see below (a quoted testimonial to that effect no less by others here, so "opinions vary").
So, as to your reading hassles? Well - I suppose I should suggest "hooked on phonics" or remedial reading classes for you, because others here made statements of this nature regarding my original posting, which I will requote for you here now:
---
"Most intelligent and objective post I've ever seen on Slashdot about Windows." - by AthleteMusicianNerd (1633805) on Thursday June 10, @12:18PM (#32524584)
---
Again - clearly vs. your opinion? Well, opinions here vary!
However, you're obviously another "troll", and before you try that on me? Is there a "grammar/spelling/writing style section" of this forums? Is this it?? No to both, and thus, you are BLATANTLY OFF TOPIC... for starters!
However, my fav. reply to those like you is this:
Is this my last will & testament or other form of legal documentation? No. Is this a paper in an english class for a grade?? No. Do you possess a PHD in English to your name that establishes YOU as some "authority" on how to write even (not that it matters here, it's only a tech forums)?? No I wager.
So much for that "trollish tactic"... it's worthless, & easy to blow away, everytime (w/ my "std. reply" above to you writing critique slinging trolls who obviously cannot read, nor are you PHD's in English either, lol!)
APK
P.S.=> I gotta say it, as usual: "too, Too, TOO EASY"... (just too easy)... apk
Shut the fuck up, you stupid nigger.
http://it.slashdot.org/comments.pl?sid=1681772&cid=32527684
LOL, hilarious... he took you to "the cleaners", with ease!
APK
P.S.=> This is "classic":
"Yes, for the most part the same can be said" - by quickOnTheUptake (1450889) on Thursday June 10, @03:53PM (#32527180)
LOL, but "ALL != FOR THE MOST PART", now does it? No, it does not... especially this "closing note" (of your doom):
"The rest are classified as "not critical" because they only involve a local DoS" - by quickOnTheUptake (1450889) on Thursday June 10, @03:53PM (#32527180)
Yup, they're STILL THERE, and unpatched and not work-around'able either... &, if you *THINK* that a local DOS is not serious? Then I suggest you look at what happened with GOOGLE and how they suspected what "went down" in CHINA was partially an "inside job"... because an attack IS AN ATTACK and a security vuln is a security vuln (period), end of story! As usual? Too easy... apk
I personally feel that this kind of information is a smokescreen for the fact that part of the reason why Microsoft isn't being just pushed around by the government to improve its product and that they are also avoiding it at the same time when they can is because they have enough people there who can at the ping of some bits, turn every MS-equipped computer in the world into their hostages. It's entirely plausible that they're using MS-based PCs used by foreign governments for SIGINT.
"You kind of ignore the fact that the best security exploits are the ones that have not been publicly declared." - by rtb61 (674572) on Thursday June 10, @10:57PM (#32531330) Homepage
You mean like the ones I could have gathered & put up about Linux that are in KDE or Gnome (or even tty terms like BA$H) that would have made the 11 kernel/core levels security vulnerabilities only go up even more (even though BOTH Windows 7 &/or MacOS X are judged with their window managers, GUI shells, & commandline charactermode tty term consoles also & more)b>?
I felt I was UNFAIR to both Windows 7 &/or MacOS X in that regards actually, & cutting Linux a "break" in fact, by my omitting what would have made those security vulnerabilities numbers go UP on Linux!
(However, you are correct: The MOST dangerous ones are the ones NOT known publicly... but, how am I supposed to know what those are? How are YOU supposed to know what those are as well?? Therein "lies the rub"...)
---
"Whilst the same can be said of Linux source code, there is nothing stopping governments from securing Linux code for the own use whilst windows is being used by other governments in an unfixable state." - by rtb61 (674572) on Thursday June 10, @10:57PM (#32531330) Homepage
This is how I know I am only speaking, @ best/most, to "techies" only here, because IF you were a coder (especially one that KNOWS how to ID bad coding practices like SQL parms in URLs during queries, vs. using stored procs, OR, sscanf (C instruction that's HUGELY faulty & "buffer overflowable", & what's LINUX largely written in @ THE CORE/KERNEL? Ah, yes... C!))?
You'd realize that FINDING SECURITY HOLES IN "OPEN SORES" CODE IS FAR, FAR SIMPLER & FASTER TO DO ON OPEN SOURCE CODE, THAN IT IS TRYING TO FIND THE SAME ON CLOSED SOURCE CODE USING A DEBUGGER/DISASSEMBLER or FUZZERS!
(By far)
APK
Impose tax on 'idle' cash reserves.
I'd like to buy homeland for our 10 million people. http://twitter.com/mahadiga
"Thats some great spiel" - by Simmeh (1320813) on Thursday June 10, @12:30PM (#32524734)
Thanks, & you'll love the "/. math" now too, lmao... they seem to think that Linux having 11 known unpatched security vulnerabilities is BETTER THAN MacOS X with only 8, & Windows 7 with only 2 (easily patched by a user too with decent directions on how to if need be @ MS no less)... lmao!
(Mathematics: The "Strong Suit" of the "/. samurai", lol... NOT!)
See, last time I CHECKED? Well... 11 known vulnerabilities that aren't patched > 8 known vulnerabilities that aren't patched > 2 known vulnerabilities that ARE PATCHED no less... !
(By the way, I really AM laughing as I do the "lol's" above - because the math & others as well here seem to go "my way" on this... alas, lmao, "much to the dismay" of "/. samurai" all over... lmao!)
---
"I think the point is Windows has a much bigger marketshare and a greater percentage of unpatched machines, particularly in regards to 3rd party apps." - by Simmeh (1320813) on Thursday June 10, @12:30PM (#32524734)
Hence why I wrote the security guide for Windows I was paid for no less (won a contest I had NO IDEA was going on in fact, was hilarious...), it's noted in that post, and I hope others use its points (in FULL if possible, because it actually works (you have to do more than patch though. "Perfection is not a road, it's a desintation" & part of its "user behavior modification" really...)).
Beem doing them since 1997-1998 in fact, all over forums, because it's the right thing to do & it's not hard to do either once you are turned on to a few tricks really... A "system of thought" & really, tricks & easy ones (really is ALL THEY ARE, because MS was smart enough to make their OS & other wares flexible & range reparameterizable).
----
"Hence, the security record for Microsoft portraying itself as a greater danger in this so called "cyber war"." - by Simmeh (1320813) on Thursday June 10, @12:30PM (#32524734)
Heh, actually, it's ANYONE"S FAULT that doesn't look into securing their OWN systems/networks I feel...
I.E.-> The users, in my estimation.
However, were I M$?
I'd ship systems such as those the US Military receives from MS (2004 & another later one, iirc, circa 2007?) that IS "security-hardened" with all "risky business" turned off... then, if the user/licensor of said OS or ware wants to do the "risky behavior"? Then, the liability is on them, but they CAN turn on, whatever it is they need to turn on (risky or not, let's use JAVASCRIPT as an example I suppose, then, you get my point!)
----
"As an aside, 2.6 came out in 2003 wheras Windows 7 came out in 2009. By comparing "latest/greatest" your misrepresenting the userbase pool in the real world, which is what counts. Also, by implying the number would be greater once you include KDE/FF etc. you must concede that if you were to do the same for Windows and include all popular apps the number would be substantial." - by Simmeh (1320813) on Thursday June 10, @12:30PM (#32524734)
The latest LINUX core is that though, 2.6x version based... yes? Answer = yes! Plus, that's the data I used from SECUNIA.COM, a respected site for security vulnerabilities oriented information, & quite respected & it's valid (AND, only LINUX in its kernel is being shown with 11 holes, again, which mind you is NOT "the OS entire" (KDE &/or Gnome would make that 11 grow more, as some examples thereof), and it still shows more unpatched issues than both MacOS X &/or Win7)...
Windows 7? Hey - come right down to it?? It's only really Windows 2000 codebased mostly, which grew into XP, then Server 2003 (& it's 2 descendants in the workstation/pro class, VISTA + Win7). There's new API calls (lots actually) in the "latest/greatest" that have a lot of security-oriented tokens based
LMAO, and do you want to know @ least, why? Well, because you TOLD THE TRUTH & HOW IT REALLY IS man...
(Are you laughing as hard as I am now? LOL! I hope so...)
APK
P.S.=> I mean, anyone is free to verify the #'s I used from a respected security vulnerabilities clearinghouse data in SECUNIA.COM, & on OS' in their MOST CURRENT VERSIONS BUILDS (not betas, solid cores) & what did the #'s say? Well, last time I checked @ least?? LOL, "read 'em & weep" to your naysayers, because 11 unpatched known security vulnerabilities on LINUX (kernel/core ONLY, not the rest of it that both MacOS X &/or Windows 7 do mind you)??? Man, last time I checked 11 > 8 on MacOS X > 2 on Windows 7 (which might as well be ZERO/0, because their workarounds which are easy, DO work!)... nuff said! I am laughing as I go to sleep while posting this, I hope you are also!
Personally, I look @ it this way: The /. editors/owners probably LOVE me, lol, because I just "stir up the sauce" with my formerly "Secret Ingredient" TRUTH (Which the "/. samurai" here, per INFOWORLD this week calling them somekind of cult, lol? They can't take it... now you too know the "secret ingredient" here and when you use it? Frying up some "/. samurai" (lol) here is just "too, Too, TOO EASY" (especially when you get them foaming @ the mouth rabid dog like and tossing names... hilarious!))... apk
"Shut the fuck up, you stupid nigger." - by Anonymous Coward on Friday June 11, @12:30AM (#32531822)
There you have it folks (per my subject-line above): /. samurai LIVE... absolutely live!
LMAO... you've set a NEW ALL_TIME "LOW", in your now being reduced to well, let's see:
---
1.) Profanities
2.) Racial slurs
3.) Ad hominem attacks
---
(Keep it up: You can't PAY for this kind of entertainment (& yes, "THAT'S RIGHT FOLKS" as again: It's "LIVE" on "/. T.V.", absolutely "live" (... lol!))
APK
P.S.=> Do us a favor though first, please (out of respect for your fellow trolls @ least): Wipe the foam & spittle off your lips before spraying us again, ok? How's that treatin' you so far?? LOL, "inquiring minds want to know"... (NOT)... apk
"as Flash vuln fells Vista "? Posted in Operating Systems, 29th March 2008 21:27 GMT??
A little old, and in case you hadn't noticed? We're talking STRICTLY about current builds of Windows 7 (not VISTA), MacOS X, & yes, LINUX (only it's core, & it shows more security vulnerabilities than both MacOS X &/or Win7 do in their current builds, period - do the math, 2 patched via workarounds FULLY no less & easily in Win7 we're talking about Windows 7 here (NOT VISTA), and FLASH? No thanks!
I recommend against using it in the guides I wrote to secure Windows (in all of its 32-bit forms in fact, since 64 bit for FLASH doesn't work anyhow in Windows 7 in IE, FireFox, Opera etc. afaik either (which is part of why I use Win7, plus ASRL & more that is better than all of its forebears, especially in 64 bit for security mostly)).
"Why don't we just compare apples to apples and see what the results are when Windows goes head to head against the most popular Linux distro with some of the best hackers in the world trying to break in.by oakgrove (845019) on Thursday June 10, @02:43PM (#32526252)
LMAO: Well, when you can realize that VISTA is NOT Windows 7? Yea, ok, "sure"... lol, see the above (rinse, lather, & repeat)... drink it in, & digest it! Consider it "food for thought", lol!
APK
P.S.=> THis guy can't even get the version of Windows I used right, & is telling ME to "compare apples to apples"?
(Please!)
Now - Were I to do that?
LINUX would have all the KDE &/or Gnome issues added to its already greater security vulnerabilities counts, since both Win7 &/or MacOS X are judged on their GUI shells, commandline interpreter tty terminal consoles in character mode and more? I am also being MORE THAN FAIR to Linux actually...
(& last time I checked? 2 solid effectively worked around essentially patched errors in Windows 7 is less than 11 unpatched in an OS core alone (minus other componentry others use while they utilize LINUX which I cover above which Win7 + MacOS X are judged upon & still show less problems in security than LINUX does))... apk
You're RIGHT - so, IF I was to add on the KNOWN SECURITY VULNERABILITIES in the remaining parts of LINUX not noted (such as KDE or GNOME, or even BA$H, to name only a FEW parts omitted in my fair analysis of the LINUX KERNEL/CORE ONLY mind you, vs. the rest of it that folks use regularly/usually, which DO GET ANALYZED IN WINDOWS 7 &/or MacOS X?)?
You'd see more than the 11 security vulnerabilities in Linux... my guess? Far more.
So all the stats you quoted do not really matter, and we are down to your guesswork...
Not impressive.
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
"If the source is available it is for the good and the bad guys. It the source isnt available and is protected by licenses, patents and so on, debugging, analyzing, reverse engineering,getting in black market portions and so on is not available for the good guys... but still is for the bad ones. That could make the problem far worse... could be a lot of exploits to vulnerabilities that could not be announced nor reported as doing so would put in legal troubles." - by gmuslera (3436) on Thursday June 10, @05:48PM (#32528792) Homepage
http://slashdot.org/comments.pl?sid=1681772&cid=32531912
See there, and you'll see that you see "Open Sores" as I do (even though I help projects of that nature, as I did others in the "freeware/shareware" circuit before that, such as UltraDefrag 64 here lately, here with ideas/approaches -> http://sourceforge.net/projects/ultradefrag/forums/forum/709672/topic/3369133 and here with code before that -> http://sourceforge.net/projects/ultradefrag/forums/forum/709672/topic/3690136 & more there (when I have FREE time that is, usually I don't or at least as much as I'd like perhaps)).
APK
P.S.=>
"And the desktop is a big trouble. I think it was desktop what was used in Google intrusion, same for this bank intrusion. The biggest vulnerabilty of any system is the people that works on it." - by gmuslera (3436) on Thursday June 10, @05:48PM (#32528792) Homepage
Right, & iirc, GOOGLE also suspected it was an "inside job", @ least in PART, also... and there's NO BIGGER "inside job" imo as a developer, than having open sores code, in actual code, because it's FAR EASIER to exploit (e.g.-> it's much easier & faster to look for things like, say, the sscanf instruction in C code (known to be buffer overflowable) using an editor like notepad.exe even, so you can exploit it, than it is going after closed source code using debuggers/disassemblers OR fuzzers to do the same thing (look for exploits to take advantage of))... apk
"Your assumption is that publicly acknowledged vulnerability count is an accurate indication of software quality" - by pikine (771084) on Thursday June 10, @03:15PM (#32526702)
No, that's not what I said... I only pointed out that there are MORE KNOWN security vulnerabilities in Linux (and even MacOS X, though not as many as LINUX has in its CORE/KERNEL ONLY (which is unfair to MacOS X &/or Windows, because they are judged in their entirety/all their parts people use, not just a kernel only)) is all.
IF the bug is known that is, because that's all that is shown @ SECUNIA.COM, my source, that's all... and besides: How on earth would one know of an UNKNOWN error, unless you discover it yourself first?
---
"but this assumption is flawed." - by pikine (771084) on Thursday June 10, @03:15PM (#32526702)
Is it? Secondly, You're only covering ground here that I did here last week (and MANY times before it, regarding Open SORES vs. closed source code... see below in fact for proof thereof).
---
"First, the software could have bug, but nobody knows about it because nobody looked for it nor observed it. You always have bugs that are unobserved.
Again, tell me something I don't know or that I have not noted here before you have, again, see below...
---
"Even when the vendor has perfect knowledge of how many bugs they have in the software, their willingness to disclose it for public acknowledgement determines how many vulnerabilities are counted on Secunia." - by pikine (771084) on Thursday June 10, @03:15PM (#32526702)
Uhm, WHY do you think I used the EXPLICIT TERM "KNOWN VULNERABLITIES" all throughout this exchange?
(It was because I am FULLY AWARE that there are more expoits possible (such as those that actually ADD TO LINUX 2.6x's CORE/KERNEL ONLY LIST OF 11 KNOWN ONES, which adding on the security vulnerablities in KDE or Gnome (or BA$H even) would add to & compound even more... my not adding those essentially also makes them "unknown" here, but they DO exist nevertheless))
Problem is, it's FAR EASIER to find them in "Open Sores" code than it is in a closed source system, because it's more time consuming and yes, difficult, to look for such exploits in closed source code like Windows or MacOS X using debuggers/disassemblers &/or fuzzers than it is with actual sourcecode which Open SORES gives the "bad guys" (because finding a potentially faulty instruction in C, which LINUX is largely written in (especially at kernel levels) such as sscanf which is buffer overflow exploitable no less, is much simpler & faster to do, when someone knows what to look for and they can actually code (hopefully well too))
Fact is, I went over this VERY POINT, with SanityInAnarchy last week & the week before it as well (on how it is easier to spot bugs in "Open Sores" code than it is using disassemblers & debuggers -> http://news.slashdot.org/comments.pl?sid=1670694&cid=32416552 )
---
"Secunia shows bugs that are reported to the public, and by definition, all bugs in open source software are public information." - by pikine (771084) on Thursday June 10, @03:15PM (#32526702)
This might help explain WHY Linux has the MOST KNOWN security vulnerabilities, per what I noted above (see last paragraph of this reply, because that "open sores sword", cuts BOTH ways)...
---
"The vulnerability count for Linux enjoys the most accurate disclosure." - by pikine (771084) on Thursday June 10, @03:15PM (#32526702)
Not really. If you look at HOW & WHAT is being checked on @ SECUNIA? It's ONLY the "Linux core" (kernel only with 11 known security vulnerabilities). Now, most anyone I know that uses LINUX for a desktop also uses either (u
"So all the stats you quoted do not really matter, and we are down to your guesswork..." - by Lundse (1036754)
on Friday June 11, @04:02AM (#32532690)
WTF? No, I merely showed that if one was to analyze LINUX, say any distro, with ALL OF ITS "moving parts included" such as desktop environs like KDE or Gnome? You'd see MORE than 11 security vulnerabilities in LINUX in its entirety (not just its kernel), which mind you, both MacOS X &/or Windows 7 DO HAVE THEIR ENTIRETY EXAMINED & exposed in vulnerabilities counts at SECUNIA.COM (my source I used).
Fact is, I am actually being UNFAIR to both Windows 7 &/or MacOS X, by citing ALL of their errors really, because all you have for the 11 security vulnerabilities in LINUX is ones from its kernel/core ONLY being shown from secunia by myself... which is still more than Windows 7 &/or MacOS X PUT TOGETHER no less & they again, are judged in their entirety (whereas LINUX 2.6x is only showing the parts that are erroneous from its core/kernel only (and a kernel alone, "doth not an OS make", especially as far as users are concerned usually))
---
"Not impressive." - by Lundse (1036754) on Friday June 11, @04:02AM (#32532690)
No... what's "not impressive" is you trying to "put words in my mouth" I never said...
APK
Two points to be made, one towards the original article, and one towards you and open source in general.
First point, the bad guys know more about Windows vulnerabilities than you and Secunia, possibly even more than Microsoft if they already found a way into their corporate repository and stole the source code. After all, Google is fairly security conscious, and even they suffered a breach. You don't know if Microsoft is similarly breached because they wouldn't admit it. You and everyone else lose if you use Windows, both short run and long run. If anyone gains, it is either Microsoft in the short run, or the bad guys in the long run.
Second point, in the case of open sources (e.g. Linux, *BSD, parts of Mac OS X, which you unkindly call open sores for no conceivable reason except to provoke nuisance), everyone has an equal opportunity to audit the code to find bugs and discover vulnerabilities. If you have the skill and the will of charity, your effort can benefit everyone. Linux users may appear to suffer more bugs right now, but as bugs get fixed, everyone wins in the long run—even you if at some point you decide that Linux suits your needs—all but except the bad guys. It looks like there is enough people to improve Linux right now, so that when the rainy day comes, you'll get an umbrella despite your antagonist attitude all along.
If I were the bad guys, I'd steal Windows source code and build up a list of exploitable vulnerabilities in secret. Then on the day I want to cause cyber warfare, I would unleash one exploit every month since I know Microsoft can't release patch faster than a monthly cycle. If I were to continue devastating the economy for 2 years, which is a long time for an economy to suffer permanent damage, I only need 24 exploits, which is not that many.
I once had a signature.
"The absence of better evidence does not make your "evidence" better" - by Lundse (1036754) on Friday June 11, @04:05AM (#32532708)
Ever heard the term above? It seems to work in courts of law or any efforts where proofs & having them is better than NONE AT ALL (any science demands it in fact). You have none.
APK
P.S.=>
"Or less skewed. And does not excuse comparing a 2003 kernel to a 2009 OS and going "I bet there are even more stuff wrong with all the 1000+ distros running the kernel"." - by Lundse (1036754) on Friday June 11, @04:05AM (#32532708)
Ah, once more, so it HOPEFULLY "sinks in" to you:
Show me more current data on Linux's 2.6xx series FINAL BUILD kernels/cores then!
I'd like to see them!
(Additionally, then also toss on the security vulnerabilities present in Linux's GUI shells like KDE/Gnome or even tty terms like BA$H too (watch those 11 known security vulnerabilities go "up, Up, UP & AWAY" lol, even more, on LINUX)
Heh, especially vs. both MacOS X &/or Windows 7 (which has solid effective & EASY workarounds to its 2 last known vulns shown @ SECUNIA, a respected site for that kind of data no less, & those workarounds work... are all the 11 in LINUX's core alone patchable thus?)!
MacOS X & Windows 7? Mind you, again, they ARE judged @ SECUNIA, in their entirety (not just core/kernel as Linux is) and they have less known problems than LINUX does, period (show us different in a finalized build of Linux, I'd actually like to see it from a valid & respected source actually)
Additionally?? Windows 7 &/or MacOS X? Those are CURRENT BUILDS (& finals of BOTH OS!)...
As to "shouting"? I am not shouting, I am writing & I use caps to emphasize points is all... is this what you are left with? Off topic trollish "writing style critiques"?? Apparently so.
QUESTION: Is this a forums on writing style? Does such as section exist here?? No, you are off topic now also because of that "tactic" being the "best you have @ this point" apparently... apk
See subject line above, and do the math... & then? Then tell us I "missed the point here"... lol, especially considering that's only LINUX's CORE/KERNEL with 11 known security vulnerabities that are unpatched (and that's ONLY its core, not the desktop shells like KDE or Gnome or even tty terms shells like BA$H too, ... whereas Windows 7 & MacOS X are judged with those things in place and counted!)
Plus, Windows 7? It only has 2 sec vulns and they have easy to implement effective workarounds until a final patch is issued!
Give us a break already - show us more current pertinent data on a FINAL core kernel build of linux then, and also show it can be as effectively and easily end user patched (work arounds) as Windows 7 is then... ok?
(Why do I get the feeling I will be waiting for THAT much, until "the 12th of never"? Perhaps because if you could have done so with that data, and yes I WOULD like to see it actually?? You'd have done so by now, and you have not!)
---
"Second point, in the case of open sources (e.g. Linux, *BSD, parts of Mac OS X, which you unkindly call open sores for no conceivable reason except to provoke nuisance), everyone has an equal opportunity to audit the code to find bugs and discover vulnerabilities" - by pikine (771084) on Friday June 11, @12:02PM (#32536578)
Which again for the 10th time here this week, can WORK AGAINST OPEN SORES TOO, because (& I know this from extensive professional experience here) using a debugger/disassembler or fuzzer vs. closed source code is a PAIN and time consuming as hell... wherease by way of conmparison? A malware maker/hacker-cracker with Open SORES code can look for things like SQL paramters passing in URL's (vs. using stored procs the safer way) or sscanf type buffer overflowable C instructions (and what's Linux's core written in? C largely!)...
---
"First point, the bad guys know more about Windows vulnerabilities than you and Secunia, possibly even more than Microsoft if they already found a way into their corporate repository and stole the source code." - by pikine (771084) on Friday June 11, @12:02PM (#32536578)
Do they? I don't think you know what levels of things I have accomplished over time in this field in the way of professional experience, degrees, & accomplishments... don't make that kind of jump until you are SURE of whom you are speaking with. Here is a SMALL sampling of that, a very partial list only, to my credit there in the art & sciences of computing:
"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."
----
Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61
(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row 2000-2002, in its HARDEST CATEGORY: SQLServer Performance Enhancement).
WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)
PC-WELT FEB 1998 - page 84, again, my work is featured there
WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there
PC-WELT FEB 1999 - page 83, again, my work is featured there
CHIP Magazine 7/99 - page 100, my work is there
GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it
HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!
Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in thi
See the start of his last posting and answer his question and show you can work around secure the 11 issues in Linux as he can with the 2 remaining low threat level rating in 2 security vulnerabilities Windows 7 has. He's stated what are effective and known work arounds that actually do work for a user of Windows 7. Can't you do the same on Linux 2.6xxx (core only, not the entire OS as he noted, which with KDE or Gnome security vulnerabilities would go up past 11 in the kernel alone which he is correct about as well I feel) and its 11 known kernel security issues? He puts up his answers in seconds. His detractpors here take days to do so and I, along with others here, are gravitating his direction rather than yours and your fellow registered penguins with your name calling and more but not answering questions on your part is poor.
Is that the best you can do doc, calling others names? Apparently so.That's what is called an ad hominem attack and quite invalid in debate. You've proven yourself to be nothing more than a name calling stooge. How do you like it being done to you? It's no one's fault but your own because you only provide the ammo to call you nothing more than the name calling online useless trash you are.
http://slashdot.org/comments.pl?sid=1681772&cid=32524584 ,versus your obvious and poorly veiled trolling.
http://slashdot.org/comments.pl?sid=1681772&cid=32526814 and you're running and unable to back up your bluster erroneus whereas your opponent here didn't and can back up what he stated. You chose your name well, it fits you and your erroneous bullshit. Why'd you run from answering the questions that made you look like the under qualified loud mouth and numb skull you are erroneus? Maybe because you have not done 1 tenth of what he had and you shot your big mouth off without being able to back up your crap with proofs of your statements? Obviously that's the case here. It is funny as anything seeing your mouth shut so easily.
"Still, impressive list of references." - by erroneus (253617) on Friday June 11, @06:46PM (#32543522) Homepage
Thank you, for once, but that? LOL, man... that's a VERY TINY PORTION of what I have done over time in the "art & science of computing"... very partial & small actually!
--
"The previous responder reveals himself as an accredited Windows person." - by erroneus (253617) on Friday June 11, @06:46PM (#32543522) Homepage
You had better learn to READ, because I have as much on the other environs as you do, but they're a waste of time imo & fading in many environs vs. client-server!
(Especially since client server arrangements do the job as well (or BETTER really as they can support decent GUI front ends instead of greenscreens only (which yes, IBM stuff has a FANTASTIC "console mode" in greenscreen, but that's not what users want today and for decades now, but you can build PC gui fronts to that easily enough using middlewares) as midranges do on many things and for less cash outlay)
Batch processing's where the "relative strengths" of MOST midranges like IBM System 34/36/38 (overpowered calculators imo), & their "child" in OS400 on AS400 rigs DID make an improvement, especially in batch jobs in businesses - I will give it that, but they are JUST NOT AS VERSATILE AS THE PC IS, period... (and, you KNOW it too!)
Well, that's also assuming you're telling the truth from your end... Still a "wee bit strange" how you aren't willing to backup your mouth though, eh? Anyone can "talk a good game" though.
--
"I haven't checked all of the references, but it is easy to see that there's not much knowledge outside of the environment that Microsoft has provided." - by erroneus (253617) on Friday June 11, @06:46PM (#32543522) Homepage
There is IF you read the entire thing. I didn't "get good" at this stuff on midranges/mainframes. They were what I initially learned on 1982-1987 in highschool (DEC stuff via "wargames style" modems & boot jacks) & later in College (VAX 1180, doing COBOL) & RPG know-how came later circa 1988-1991 on IBM midrange stuff (System 34/36/38 & later As400 (OS400 OS)).
Before you MAKE ASSUMPTIONS (which you yourself gave me guff on no less)? You had best mellow out before you open your mouth man... because you're eating your words on this account now as well!
--
"People with a much more rounded range of experience, however see things differently." - by erroneus (253617) on Friday June 11, @06:46PM (#32543522) Homepage
What "differently" is this? LOL, man I have literally been on EVERY type of system you noted, and then some... and I can show I did VERY WELL AT THEM ALL, & with more than MS stuff only (Borland being "big in my book" as well as IBM tools also, not just MS stuff). I'm also not "limited" as you are, apparently, to programming alone... I'm also & have been a pretty fairly "proficient" network administrator over time (you have to be as a dev too largely many times, as I am sure you know (or, do you?)).
--
"It'd be interesting to see what would happen if he did something other than Microsoft." - by erroneus (253617) on Friday June 11, @06:46PM (#32543522) Homepage
I generally don't waste time with "less than the 'top dog'" anymore... I had a LOT of faith in BORLAND for instance, especially Delphi... MS did their usual, brain-drained them of talent like the likes of Delphi's maker in Mr. Anders Heijelsberg, for example & has drained the life & future out of Borland in dev. tools strength... too bad though!
--
"Most people like him are just a bit weary and afraid to go back to ground zero to learn something else." - by erroneus (253617) on Friday June 11, @06:46PM (#32543522) Homepage
What "something else" would that be I wonder? I have b
So you used to prosecute Christians, like apostle Paul?
You are Alexander Peter Kowalski. You wrote a couple of niche Windows freeware using Delphi, but you have a tendency to optimize code that doesn't benefit from optimization. You also like to post the same stuff over and over again to different people you run into online. You're an interesting character, but unfortunately I can't seem to find many positive things to say about you. Sorry.
I once had a signature.
"So you used to prosecute Christians, like apostle Paul?" - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
WTF? LOL, what on earth is THAT supposed to mean??
---
"You are Alexander Peter Kowalski." - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
That'd be me!
---
"You wrote a couple of niche Windows freeware using Delphi," - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
LOL, try like around, oh 50 or so over time since 1994 actually, in total, & iirc (been many of them now that I THINK about it, lol!)
See - I really USED TO like doing freeware/shareware because there used to be a bit of money in the shareware end!
(AND, it helps "keep the saw sharp" too, in practice PLUS it may or can take you to "diff. areas" of coding than say, what I usually do for a living (INFORMATION SYSTEMS CODING PRIMARILY - the "steady eddy" end where there is ALWAYS work, because no 2 corporate entities manage their info. absolutely the same, SO, it needs "custom programming" (reports, GUI fronts, entire client-server systems & FAR MORE)).
("Hard work is NEVER a complete waste" in other words/as the saying goes!)
Heck - since you seem to be trying to "lessen" that small partial list of mine in my earlier posts here in response to you?
One of those "niche Windows freewares" even led to my getting my code in a COMMERCIAL PRODUCT of "Enterprise Class" that's still sold by an MS partner in SuperSpeed.com no less, & made a nice buck off that & some measure of "notoriety"...
So, again: Have YOU done the same, & do you possess multiple degrees around CSC, CIS, or MIS??
(That small PARTIAL LIST OF MINE only, again? Hey - it's apparently more than YOU can show us you've done, eh??)
---
"but you have a tendency to optimize code that doesn't benefit from optimization" - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
This is funny: Coming from the guy that cannot show us he's done any coding of any note @ all? Yea, "ok" (
"You also like to post the same stuff over and over again to different people you run into online." - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
I write what works & has proven to do so for myself in debates @ least, and often I use the same tactics because they work, and they also tend to 'sieve out' the wannabes & trolls that try to attack me & such, vs. actual peers (very few of these I have met in forums over time to be blunt about it) in terms of coding or even the simpler task, network admin/tech work!
---
"You're an interesting character" - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
I am just an ordinary working stiff that likes computing is all... nothing more (but I do work hard as possible, and even do "side stuff" like you noted on top of jobs (well, that is, IF the job is not "too big" & time consuming (as in "what's a 40 hour workweek?" etc.))
---
"but unfortunately I can't seem to find many positive things to say about you. Sorry." - by pikine (771084) on Friday June 11, @09:22PM (#32545212)
Likewise, especially after your & other folks' "attacks" on myself, rather than SOLELY my points (which are, of course, evidences of ad hominem attacks, which is of course, the "last resort of the fallen troll", so-to-speak!)
APK
P.S.=> I've noticed something in my debates with trolls here today: Most of them here? Like 99%?? Lots of talk, nothing they've ever done of note and yet they have the gall to tell ME how to code (as shown above), and yet they cannot show anything of the sort as the lists I put up to THEIR credit/name (much less degrees in this science as well, which is another thing you've avoided here, lol, also)...
Lots of takers (but no builders). Lots of USERS (but rarely any designers). This? THIS IS SLASHDOT! apk
"OpenBSD 4.4 (they are up to 4.7 now)
http://secunia.com/advisories/product/19640/ - by Anonymous Coward on Thursday June 10, @01:50PM (#32525672)
Per my subject-line above: Kudos/congrats to Mr. Theo DeRaadt (a man after my own heart - as he takes NO CRAP from anyone online, does a good job of things, & knows his stuff too - today's RADICALLY OVERLY "Politically Correct" world needs more folks like him online, imo @ least) & the OpenBSD dev. teams!
(Yes - their crew over there for OpenBSD are generally "ontop of things" & BSD variants are WIDELY recognized for having the fastest & most efficient IP stack there is out there, bar none (so much so, MS "bit off their style", well, that of the BSD *NIX tree actually, & used their freely available IP stack code for Microsoft's IP stack in fact (probably same with the rest of them, but I am not 110% sure on THIS account though))).
APK
P.S.=> However, for the MOST part here, on the topic of security? Microsoft Windows 7 has consistently held a 0 threats rating for MOST OF THE TIME since it's been out (sure, it's had security vulnerabilities in that timeframe thusfar, but MS has been "ontop of it", issuing their monthly MS "patch tuesday" hotfixes on the 2nd Tues. of each month, and additionally doing "out-of-band" earlier updates than that, especially for IE issues, when needed (when the threat level is large enough & known exploits of said sec. vuln. are already "in-the-wild")...
AND?
Well, again: The 2 "remote security vulnerabilities" in Windows 7, which are BOTH rated VERY LOW THREAT LEVELS too mind you? They have valid, easily implemented, & effective work-arounds that secure them BOTH, so... essentially? Microsoft Windows 7 really IS already @ a "0 unpatched" level now, just like OpenBSD is! apk
"You are the person who started using your credential to justify your argument, i.e. Argument from authority, therefore Argumentum Ad Hominem is all you're going to get." - by pikine (771084)on Saturday June 12, @11:21PM (#32554306)
You sure you want to "take this train"? Because LOGIC is something I am pretty "proficient in", & it's quite likely I will run RINGS around you in it, especially in debate... I mean, have you even TAKEN & PASSED a formally administered LOGIC course in collegiate academia? I say no, based on your argument below (because you're what I call a "forums logic" user, and using this one in "appeal to authority" as I see fools on forums twist it to their needs?? Is WRONG on your end, as you don't really understand what it means, OR how it works & what it demands). Let's follow up on that now:
First of all, for that to be true in LOGIC??
You have to have an INCORRECT AUTHORITY being cited... that's what "Appeal to Authority" is about in LOGIC!
(E.G.-> Citing someone that isn't in fact, an expert, in a given area... since this one's computing? My possession of multiple degrees around it in fact DO ESTABLISH myself as "expert" in this arena... do you possess the same?? Evidently not)
Now, by way of comparison - Do you have to your name/credit:
**
1.) Over 16++ yrs. of professional experience on multiple grounds (e.g.-> programming &/or network administration) as I do in this area???
Evidently not.
2.) Have you done work of the nature I provided in my tiny partial list only that did as well & became commercial products that are still doing well over 14++ yrs. later????
Evidently not.
3.) Do you in fact possess degrees in CSC &/or CIS-MIS to your name/credit????
**
Evidently not.
I do, to ALL 3... & years of them.
(Thus, I have to wonder: Who is the "correct authority" here - myself in possession of all 3 areas above, or yourself, minus them?????)
--
"I, on the other hand, speak of objective arguments that don't depend on who says it. That's why I can afford to be an anonymous person, but you can't." - by pikine (771084)on Saturday June 12, @11:21PM (#32554306)
No, you just blow off my questions 1 by 1 & evade them... please note #1 thru #3 above, answer them please...
The citing of my credentials (in part only, a small fraction of what I COULD have put up) in CSC/CIS (in part only) is merely to establish the fact that I am the "correct authority" required in a LOGICALLY BASED DEBATE, & to show (because you evade proofs of the above constantly no less to your discredit mind you) I am a "correct authority" & you are showing via your evasions of answering my simple questions here, that you are NOT a 'correct authority' apparently on the subject material @ hand here (CSC related forums section AND post topic).
--
"Who in their right mind is going to write hand-optimized inline assembly for a CD alarm clock program that spends 99.999% the time idling, waiting for the timer to go off? You did. I think you're crazy." - by pikine (771084)on Saturday June 12, @11:21PM (#32554306)
I do, when it's required or makes things better, & mainly because it's mine and I want it to be done as well as is possible is all... it's called "hand craftsmenship".
--
"And finally, you read the bible (good for you), but you don't understand what it says." - by pikine (771084)on Saturday June 12, @11:21PM (#32554306)
Oh, really? Do you mean the quote I cited from Corinthians?? My interpretation of that is this:
Whatever we do in this life that is an 'achievement', we don't do "all by ourselves"... I do honestly feel that there IS a God, and he does "inspire us to greatness" @ times, & it's not just "us alone" doing it is all... which is largely what that quote from Corinthians is after all, ALL about.
APK
You have to admit, you actually have no evidence one way or another. I don't have to tell you anything about myself to win an argument.
I'm glad you at least humble yourself before God. I have the impression that you don't humble yourself before other men, so no matter what I say you won't listen. That's okay. Why don't you do a little research on your own about who wrote the books of Corinthians, and read at least Luke and Acts in entirety? That would give you enough context to understand where Paul was coming from. Then, go back to 1 Corinthians 15:9, the verse before the one you quoted. You really shouldn't take the bible out of its context. A lot of harm has been done that way.
I once had a signature.
"You have to admit, you actually have no evidence one way or another." - by pikine (771084) on Sunday June 13, @04:54PM (#32558774)
For myself as to evidences of decent accomplishments, professional experience, & academic degrees over time to my name/credit? I have it by the score...
(And, you don't, period!)
---
"I don't have to tell you anything about myself to win an argument." - by pikine (771084) on Sunday June 13, @04:54PM (#32558774)
You should provide it IF/WHEN asked (provided you have such academic degrees and years to decades of professional experience as well as decent accomplishments in them)... and, no:
You don't have remotely anywhere NEAR the same as I do per my last statement above, apparently, & that's WHY you failed to note them (to establish yourself as my peer here and as a "correct authority", per "Appeal to Authority" in LOGIC)...
(At this point? Hey - I'll go so far as to say you don't have any in fact, because you failed to provide a single evidence of any of the above, and you know it, and now?? So do we all reading!).
APK
P.S.=> As to "winning an argument"? Well...
You still haven't shown that all of the last remaining 11 security vulnerabiilties in Linux 2.6x (kernel ONLY, mind you) are as easily patched via work arounds or full blown patches as Windows 7 is on its 2 remaining LOW "2" RATED and fully "work-around'able" effectively sec. vulns are (and Windows 7 is an ENTIRE OS, not just the core/kernel part being judged on security vulnerabilities present, as LINUX 2.6x is shown here as ONLY (core/kernel only, not also counting the sec. vulns in KDE/Gnome, BA$H, or other "moving parts" typically used in a LINUX distro by users))... apk
Tl;DR
Ah good old APK, spamming his incredibly long boring posts again.
Shouldnt you be off hassling clone something or other as usual?
Avoiding disproving what was written here erroneus -> http://slashdot.org/comments.pl?sid=1681772&cid=32556164 vs. your ERRONEOUS data, & that URL completely disproves what YOU yourself wrote, erroneus?
(Apparently so, because what you wrote IS truly ERRONEOUS, and out-of-date/stale, per the latest OS' from MS (Windows 7 being the one noted here no less), and it is, just as I said it was... stale/out-of-date & thus ERRONEOUS, on your part!)
APK
P.S.=> You can request others "down rate" my post, but the fact remains that what you wrote ERRONEUS, is out of date & stale, and yes, ERRONEOUS... anyone can read the URL above in this reply of mine and see that much with ease... apk
See subject-line above, & whoever modded my post down (this one that blew away erroneus totally on the technical points here which he royally showed his inexperience on -> http://slashdot.org/comments.pl?sid=1681772&cid=32556164 ) to try to "bury it" from the view of others?
Heh, that mod down has only helped prove my point further... & that point?
That point is that erroneus is indeed, ERRONEOUS, & hugely so, see the URL above (as you don't see him replying to + his outright disproving said points beyond the shadow of a doubt (for all HIS "alleged experience" which is chock full of technical errors no less) in the post parent to this one I am making).
APK
P.S.=> Nuff said on MY part, & erroneus' lack of reply? Says the rest & says it ALL... & as per usual for myself vs. the "cult of /." (INFOWORLD) & it's trolls here? Ah, yes -> "too, Too, TOO EASY!" (just too easy)... because if ALL YOU HAVE is "mod downs", vs. the ability to disprove the technical points I used that threw Erroneus' ERRONEOUS comments into the recycle-bin? Well... you know! apk