Seriously, in the same way that the auto insurance industry, (in MD at least) is forced to handle a portion of MAIF clients. I think the analogy holds both groups are money hungry greedy bastards.
Of course some people will complain about why this has taken so long while others will probably say "better late than never" but either way it should be noted that a code review/security audit on this scale is probably unprecedented in software development history.
Then again probably not, FreeBSD has had every line of code reviewed before, and if you count the fact that it has more functionality pound for pound.
Some may chime in about how Open Source is supposedly a constant large scale code review but I've previously written on the fallacy of this kind of thinking.
Oh well QE- fucking - D then, if YOU wrote on it we must be wrong. Let me clue you in, no developer, company, or whatever can prepare for every eventuality, once past a certain threshold no code can be 100% secure. There's always the possibility, that something will come along to break it. And when that thing comes, it's the OSS that gets fixed quicker, and better than any commercial offering.
And an absolutely ridiculous one at that. I'm thinking creative use of statistics. I've set up at least 100 (actually more) RH Linux boxes over the years. Not a single one has been rooted. I guess I'm just incredibly lucky.
That's not apples to apples. The GUI is not a part of an operating system: graphical USER interface. The kernel is all that's important. Linking the two is what causes MS software to be so buggy in the first place, but regardless, I'm willing to be that even is you do include USER apllications Windows is larger, and with less functionality that a basic Linux install. Not trying to bash MS here, right tool for right job, I use windows for gaming, Linux for coding, and Macs to laugh at (;) come on guys the new I-Mac is a joke)
Note to anyone else reading this thread, those links are NOT to a site that automatically installs comet cursor, they are however sites that talk about BHO's and explain that they can be downloaded and installed silently.
Jesus christ. I don't need proof about a specific application I know that it's possible and explained how. And I'm not going to go searching around for a place that's going to auto install comet cursor for me but if you're too slow to understand:
Comet Cursor is NOT a custom cursor created by a style sheet, it is a "helper" app otherwise known as a BHO that is downloaded and isntalled automatically. Precisely what the article mentions. You can disagree all you want, but is a persitent application that remains even after you visit the page with offending code, a style sheet doesn't persist beyond viewing the page.
Case in point Comet Cursor, uses an auto install procedure, no dialog at all. It is completely possible to bypass any MS security that exists, and for the most part it doesn't exist so it has nothing to bypass.
I have never seen this. At least I have never seen an antiviral program reporting this as a virus. This is irresponsible. Only way you can get some of these kinds of things is if your in a place you should not be (IMHO). Dosen't mean this can't happen. It sure as heck can.
That's because it's not a virus, but it does exist. I've had sites install programs that automatically pop up an IE window to asite when I log on. It's not a difficult thing to do. As far as being in a place you should not be, YHO or not, who are you to judge where someone should or should not be, or to assent to automatically d/led programs as punishment? You shouldn't be walking around a dangerous city at night, but if you do , that doesn't mean you deserve to get shot.
Re-read it. It does mention that some software DOES install automatically. I've seen it happen. Not that it's hard to realize that it can. It's common sense. The popup that asks if you want the software is just a simple yesno dialog, click yes and the javascript is called to handle the d/l, click no and it's not. There's nothing stopping the page to call the function without the popup, and nothing security wise that makes the pop-up an opt in, it's just a (psuedo) attempt at being nice to the user.
Yeah super granular would be nice to be able to set, as well as setting whitelists and black lists. Too bad I have too many other coding projects to take care of first.
...There is software to stop the pop-up downloads, including the ones that don't ask but go ahead with the install. Actually there are a good number of them, Linux, Solaris, FeeBSD...;)
And my bike, will run circles around you, so what. Everybody likes what they like, different vehichles for different applications. The right tool for the right job applies to vehichles as well as software.
Yes this discussion is entirely one-sided. Your completely fucking off base. Though I shouldn't be suprised, people always come along that think they know better than everyone else and have the right to tell them what to do. This is taking an movement that started so anyone can use software anyway they see fit, and trying to pervert it to fulfill someone's holier than thou attitude. It's just fucking wrong, not to mention impossible. Let me clue you in, the code is GPL, I have the source, or can force you to make it available to me. Want to talk about code forking? I'll start taking every piece of crippled software, removing this crap and re-distributing it. You want something like this, go create your own license, I promise you you'll fail.
Yes and when I'm on my bike you four-wheelers endanger my life on a regular basis, but I have no right to keep you off the road. It comes down to a question of ethics, you have no right to tell me what software to run, that's what we're fighting against with OSS, just as I can't tell you what to drive. That's not to say that you don't have a grievance if someone's negligence causes you trouble, but only after the incident occurs not before.
I said it earlier, it's un-implementable. If someone pulled this crap with their software, I or someone like me, would fix it and redistibute it with this crap coded out.
Well if you want to get technically everytime you go to a web page you download it. I think the difference you're looking for is running an install program of some sort.
Slashdot Mirror
s/expected/forced/
Seriously, in the same way that the auto insurance industry, (in MD at least) is forced to handle a portion of MAIF clients. I think the analogy holds both groups are money hungry greedy bastards.
Then again probably not, FreeBSD has had every line of code reviewed before, and if you count the fact that it has more functionality pound for pound.
Some may chime in about how Open Source is supposedly a constant large scale code review but I've previously written on the fallacy of this kind of thinking
Oh well QE- fucking - D then, if YOU wrote on it we must be wrong. Let me clue you in, no developer, company, or whatever can prepare for every eventuality, once past a certain threshold no code can be 100% secure. There's always the possibility, that something will come along to break it. And when that thing comes, it's the OSS that gets fixed quicker, and better than any commercial offering.
Heh me too, they don't lead the industry in delivering ANY software. Unless you count bulk. Which I don't.
And an absolutely ridiculous one at that. I'm thinking creative use of statistics. I've set up at least 100 (actually more) RH Linux boxes over the years. Not a single one has been rooted. I guess I'm just incredibly lucky.
That's not apples to apples. The GUI is not a part of an operating system: graphical USER interface. The kernel is all that's important. Linking the two is what causes MS software to be so buggy in the first place, but regardless, I'm willing to be that even is you do include USER apllications Windows is larger, and with less functionality that a basic Linux install. Not trying to bash MS here, right tool for right job, I use windows for gaming, Linux for coding, and Macs to laugh at (;) come on guys the new I-Mac is a joke)
Yeah and dpes that mean I get to make a video with Pam Anderson now, when it's my turn of course ;)
Heh I'd have modded you up if you put the link to that documentary, /.'s search engine blows sometimes ;)
If you didn't care you wouldn't post about it. And for the record, I don't see it as a flame.
Note to anyone else reading this thread, those links are NOT to a site that automatically installs comet cursor, they are however sites that talk about BHO's and explain that they can be downloaded and installed silently.
here
and here
Comet Cursor is NOT a custom cursor created by a style sheet, it is a "helper" app otherwise known as a BHO that is downloaded and isntalled automatically. Precisely what the article mentions. You can disagree all you want, but is a persitent application that remains even after you visit the page with offending code, a style sheet doesn't persist beyond viewing the page.
Case in point Comet Cursor, uses an auto install procedure, no dialog at all. It is completely possible to bypass any MS security that exists, and for the most part it doesn't exist so it has nothing to bypass.
I have never seen this. At least I have never seen an antiviral program reporting this as a virus. This is irresponsible. Only way you can get some of these kinds of things is if your in a place you should not be (IMHO). Dosen't mean this can't happen. It sure as heck can.
That's because it's not a virus, but it does exist. I've had sites install programs that automatically pop up an IE window to asite when I log on. It's not a difficult thing to do. As far as being in a place you should not be, YHO or not, who are you to judge where someone should or should not be, or to assent to automatically d/led programs as punishment? You shouldn't be walking around a dangerous city at night, but if you do , that doesn't mean you deserve to get shot.
heh, more likely the victim, or the sucker ;)
Re-read it. It does mention that some software DOES install automatically. I've seen it happen. Not that it's hard to realize that it can. It's common sense. The popup that asks if you want the software is just a simple yesno dialog, click yes and the javascript is called to handle the d/l, click no and it's not. There's nothing stopping the page to call the function without the popup, and nothing security wise that makes the pop-up an opt in, it's just a (psuedo) attempt at being nice to the user.
Yeah super granular would be nice to be able to set, as well as setting whitelists and black lists. Too bad I have too many other coding projects to take care of first.
...There is software to stop the pop-up downloads, including the ones that don't ask but go ahead with the install. Actually there are a good number of them, Linux, Solaris, FeeBSD... ;)
Sorry obligatory joke.
Uh check again. Current issue of Cycle World although it may be off the stands now, Gixxer vs. Vette, conclusion Vette smoked, same with Viper.
And my bike, will run circles around you, so what. Everybody likes what they like, different vehichles for different applications. The right tool for the right job applies to vehichles as well as software.
Yeah I knew it ;) Couldn't tell you a single Celine song, except for the thing from Titanic, couldn't tell ya how it goes or the title though ;)
Yes this discussion is entirely one-sided. Your completely fucking off base. Though I shouldn't be suprised, people always come along that think they know better than everyone else and have the right to tell them what to do. This is taking an movement that started so anyone can use software anyway they see fit, and trying to pervert it to fulfill someone's holier than thou attitude. It's just fucking wrong, not to mention impossible. Let me clue you in, the code is GPL, I have the source, or can force you to make it available to me. Want to talk about code forking? I'll start taking every piece of crippled software, removing this crap and re-distributing it. You want something like this, go create your own license, I promise you you'll fail.
Are you so deluded to think that you can't write your own compiler, or here's a novel idea, gcc is the first thing you recompile without that option.
I said it earlier, it's un-implementable. If someone pulled this crap with their software, I or someone like me, would fix it and redistibute it with this crap coded out.
Well if you want to get technically everytime you go to a web page you download it. I think the difference you're looking for is running an install program of some sort.
Isn't that Whitney Houston?