There is no "written for BSD code" in any Photoshop (as far as anyone can tell, it IS closed after all). GUI (Cocoa) apps for OSX are as different from Linux programs as different can be.
While the GUI code in Photoshop is tied to a particular platform the code which the GUI runs on top of is OS agnostic. The parts of Photoshop which do all the heavy lifting and image manipulation doesn't care which OS it runs on (since it runs on both OS X and Windows [and used to run on IRIX]). Porting the GUI portion of Photoshop to another OS isn't exactly rocket science compared to creating all the code which does all the image manipulation, layer handling, etc. Granted, the port is no small effort but many apps similar in complexity are cross platfrom. Maya is a perfect example of a platform agnostic app which is just as complex and just as powerful as Photoshop yet still manages to run on several different OSes in a very stable manner.
I'm a little surprised that Adobe hasn't ported Photoshop to Linux at this point since the 3DFX industry has rapidly standardized on Linux (not to mention that Disney is using Linux to some degree to create artwork). This is great news for Linux enthusiasts. A company like Adobe sniffing around Linux says alot about where Adobe (and the rest of the computer industry) thinks Linux is headed. It also adds some hope for the future prospects for a viable Linux desktop for the artistic community.
If you take it seriously, you'd also note that out of the 20+ patches released on "patch day" this month, only ONE was for XP-SP2.
We're talking about security and security bulletins of which there are "only" 10 this month. I'd love to move to XP SP2 but to be honest there is still some software we're waiting to become fully SP2 compatible and SP2 is still too wet behind the ears for us to deploy anyhow. That said we are testing XP SP2 ATM and are addressing several issues we've found with it in our environment.
http://www.microsoft.com/technet/security/curren t. aspx
All the rest were for legacy code written before the SWI program was in place.
Not true. 70% of these vulns listed 2003 Server as vulnerable which was released way after SWI.
Your first instinct would be wrong, at least when it comes to it being built by a separate team. The fact is, as hard to believe at it is, for the past year Microsoft has put in place for every product systematic development techniques that directly target the security of an application (Threat Modeling, Secure coding techniques). Furthermore, this kind of test is standard within Microsoft (feed random inputs to all possible input locations). And once all the coding is done, the source still has to pass inspection through a security group within Microsoft! You can read about this stuff at the secure windows initiative.
Your comment really burned me up since I have to deal with this crap every month in an enterprise environment. You can talk to me about "trend(s) per-product" all you want but how on Earth can you brag about the great job you're doing when this month you released 10 frigging hot fixes with 7 of those being critical? You should be keeping your head down this month trying not to attract attention to your miserable situation. Only Microsoft would think to brag about how well they're doing wrt to security during a month like this.
Look at the non-chalant way MS is handling the security vulns. In particular I'm thinking about MS04-028 (the JPEG vuln) which was just last month. On top of being one of the worst written security write-ups I've ever read, the tool you initially provided to detect the problem was worse than useless. Some random guy on the web managed to produce a useful tool by himself before MS did. With all the resources MS has and all the attention you're putting into security how can this be? Also, how could you release such a horrible, broken tool in the first place? Surely MS knew the tool was broken when they released it if they tested it at all! http://seclists.org/lists/bugtraq/2004/Sep/0 328.ht ml
If you want me to take MS seriously wrt security then do not attempt to spin how severe a vulnerability is (like you did with MS04-028). How is anyone supposed to take you seriously when MS says things like this: "Microsoft does not consider this a high risk to customers given the amount of user action required to execute the attack and is not currently aware of any significant customer impact". http://news.com.com/Security+researchers +say+JPEG+ virus+imminent/2100-7349_3-5387380.html
If MS04-028 is not a high security risk then why did MS mark it as critical??? It is one thing to say that you think the JPEG vuln was overhyped (which it was to an extent) but to say that it isn't "high risk" while marking something as "critical" stinks of spin.
Also, I found it hypocritical for MS to yell from the mountain tops about how security is a top priority and yet at the same time refusing to back port very important workstation security enhancements to non-XP OSes (about 1/2 your install base). Note that this also includes security enhancements to IE6. "We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows," the company said in a statement. "The most secure version of Windows today is Windows XP with SP2. We recommend that customers upgrade to XP and SP2 as quickly as possible." http://arstechnica.com/news.ars/post/20040923-42 24.html
Finally, security is a design decision. If security is not a design decision (hello... ActiveX) then you'll constantly be chasing your tail trying to plug holes in the dam. The hack you suggest in your sig to "solve" the spyware issue really underlines this point. RunAs is broken and doesn't work in many cases and the fast user switching does not work very well unless all one does is browse the web and get email. I won't even get into all the reasons why the fast user switching idea is a non-starter except to say that many applications *require* admin privledges to even run. Both Macs and Linux have had an elegant solution for some time (ask the user for the Admin/root password) in order to elevate privleges. Why is that so hard?
I wonder how many companies are now doing this so they can get price breaks or cheap long-term contracts from MS?
Here's the little secret which is obscured in the whole, "People are only talking about Linux to get concessions from Microsoft." debate.
Microsoft would not give concessions if the threat to switch from a MS to a Linux based desktop were't a credible one . Despite how much MS protests about how Linux is not ready for the corporate desktop their actions say something completely different. If Linux truly isn't ready for extensive corporate use then MS would tell AT&T / Corporate America to go take a flying leap when they get asked for price breaks.
I know one of the stumbling blocks for a linux client was always a decent sound library. The Ryzom devs despise OpenAL.
I noticed that recently Nevrax has added FMOD support in CVS to the windows client. This at least bodes well for a possibility of a Linux port as FMOD supports Linux.
Uh, garage bands that are successfull turn into standard RIAA bands. There's no way to win unless you eventually drop support for the band that USED to be a garage band.
Generally this is true but it is not always so. There are many artists who have taken a second way and are involved with labels which are not affiliated with the RIAA. I know of several artists who have created their own labels to distribute their music and are available in all the major retail stores, amazon, itunes, tower records, etc. Getting distribution using this method is difficult but it isn't impossible. If more people would take the DIY distribution approach we'd have a lot more diversity in music than we do now and the artists would be getting paid far more.
So from my mind, this is a Good Thing, and I'd like to see it on my OS X/Linux machines as well.
This is easy for Linux (and I assume something similar would need to be done on OSX since it is unix based). Linux has been able to do this for many many years.:-)
Edit/etc/fstab
Put this in your etc fstab and it ought to do the trick: dev/sda1/mnt/media/usb-storage vfat ro,noexec,noauto,users 0 0
All users can mount and read the usb drive (ipods etc) but not write to it, nor can they execute anything from the drive. Of course you'd want to create this entry a number of times in case the user plugs in more than one usb drive.;) Also there might be more types of usb drives than sda1 [not 100% sure] but you get the gist.
If you're particularly paranoid make all/dev/sda* devices mount to dev/null and no one can read their usb drives.
he didn't say that FireFox was his primary browser, he just said that he had to patch it because of a vulnerability.
I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.
What made this quote so striking isn't that he uses a competitor's product (he *should* be using their product). The point is that he *must* use a competing product because IE isn't secure in this case. To underline the matter both browsers were exposed to this vulnerability but Mozilla/Firefox had a patch out the same day the vuln was reported to them. We're all still waiting for a patch from MS closing in on two months later to fix this security hole. Surely, that is at least a little embarrasing considering all the noise out of Redmond lately about security being their top priority.
I do give Toulouse big points for mentioning that he had to use Firefox in this case. Honesty like that is refreshing! The software industry could do with a bit more candor like this.
Please name an application in which compositing gives a better user interface than tabs or just overlapping windows. Compositing makes it difficult to select elements or identify the source for screen objects. The supposed advantage (you can put more stuff on the screen at the same time) seems more like a disadvantage in most cases.
Any graphics editor which utilizes layers, print layout editors (layer blending), sound / movie editors (merging tracks), music sequencing (merging tracks) and to some extent word processors / HTML editors (think "invisible tags"). Being able to offload compositing onto the GPU in these would be a great help to these types of CPU hungry applications.
Yeah, the spyware problem is so bad that I refuse to connect to any Real stream because I'd have to use RealPlayer. If Real weren't so underhanded about the spyware stuff, I'd be a lot more sympathetic toward their argument. As it is, Apple good, Real bad, even if Real happens to be right.
If you're using a windows box you can get Real Alternative. Download Here
If you're using Linux there are w32 codec packages floating around for you to install which will allow you to play almost any media format. I'm not sure what is available for Macs since I don't own one.
Also, in this case shouldn't it be Apple bad, Real bad?
What are you talking about? NTFS has had journalling for over a decade. And Unicode. And ACLs. And streams. And reparse points (these are amazingly cool). And compression. And encryption. And... you get the point.
Now, MS doesn't use most of this good stuff, but it's all in there. Even three-letter file extensions on Windows are obsolete, since everything on NTFS can be an OLE server. There's nothing on Linux that comes close to the capabilities of NTFS. About the only major thing NTFS is missing is versionning, which VMS has.
While it is true that NTFS is a journalling file system its implementation is *very feature poor*. NTFS can save you from MFT corruption which would be fatal to something like FAT but little more. NTFS' current journalling capabilites cannot provide enough data to roll back incremental changes (WinFS is supposed to have this) like Reiser and all other journalled FSes that Linux can use. NTFS' crappy journaling implementation is the main reason everyone on a Windows box STILL has to sit through those LONG volume scans if a disk isn't unmounted cleanly. In more robust FS like ReiserFS, Ext3, XFS, etc. the OS can just replay the log and redo any transactions that didn't go as planned. You cannot do this with NTFS as I understand it.
This feature alone makes your claim that "There's nothing on Linux that comes close to the capabilities of NTFS" ring hollow in my ears at least.
Also, if a feature is not implemented it might as well not exist because the user cannot derive any benefit from it. If I can't use a feature who on earth cares that it exists?
How do you get them? All the RPC Worms which currently inflict unpatched Windows NT based OSes is how. These worms do network sweeps and will find a vulnerable machine anywhere from a few seconds to a few minutes depending on the size of your network.
I recall one particular instance at work where an outside laptop that was infected got plugged into the network (our network has about 2000 various boxes connected to it). Our security team got alerted by our intrusion detection systems was on the way to whack the offending user with a clue stick and unplug the laptop. Too late....
During that time I had just finished ghosting a machine with SP4 integrated into the build. In only a matter of a minute or two the new box I was working on became infected and started doing net sweeps of its own (the whole process of infection was done silently of course). I don't doubt the tales of machines becoming infected in a very short period of time given the rate of infection with RPC based worms because I have seen it. All it takes is one rogue machine to infect other boxes it can talk to.
How will you ever have a seamless, professional, sane desktop environment that doesn't even have an installation/uninstallation API? The very idea is so backwards and laughable, I fully expect Linux to take another 10 years to reach the level XP and OS X are at now.
Speaking from an enterprise perspective Windows package management royally sucks! Having a modern Linux distribution for desktops would make my patch management responsibilities SO much easier. Let me give just one example that I run into almost every single day at my job.
With windows if you want to roll out a patch or a program of some sort I need to make an install package that will auto install silently (time), QA test my installer (more time), QA test the patch (even more time), write an SMS job to deploy it or put it on a RIS server somewhere (I don't have time for all this!!!). THIS SUCKS!
With a Linux desktop I can setup an RPM repository(s) on our LAN (we'd use Novell or Red Hat]),create a workstation build that would point to our pricate RPM repository, fill the repository with patches QA tested by the vendor (we'd QA test in our own environment too of course) and let the client pull the patches each time they log on to our network. Each time the computer is turned on the distro pulls down the latest updates. Simple! FAR easier than rolling my own packages / installer / SMS job and doing all the testing myself. How MS has gotten away with putting all this work on their customers given their penchant for patching is beyond me.
Don't be so proud of Windows package management. In many ways it is light years behind what can be done in a modern Linux distribution. There may not be one standard for package installs in Linux but you can't say that for windows either (EXEs, MSI installers, etc.).
You want a litmus test? The day someone can buy a printer that comes with a CD, stick the CD into the drive, a menu comes up to install the binary driver, and afterward the printer works. All done in a Linux desktop.
In a modern Linux distribution I can double click on an RPM file, be prompted for a password and happily install the package in question. One may say that entering a password is too large a burden to place on users but quite frankly I don't want my users installing hardware / software willy nilly. Users installing freeware / spyware / non-standard hardware generates a ton of support incidents that we don't need or want.
The home market is all well and good and is generally what most people think when they ask "Is Linux useable?" but practically speaking MS doesn't make NEAR the cash from the home market that they do from their business accounts. This is where most commercial Linux companies are rightly focusing their efforts and it is really starting to pay off.
Why? What's the benefit to them? Not a troll, just playing devils advocate.
The whole 3dfx industry is rapidly standardizing on Linux. This industry buy those "holy crap that's expensive" video cards which have such great margins for ATI.
Also, as the linux desktop gains more traction elsewhere ATI would be wise to have all their Linux ducks in a row. nVidia is just waiting to eat their lunch in that market. The level of linux support nVidia provides makes ATI look like a sick joke.
Show that it can work with Windows, easily, AND do it better. You attitude about file formats just shows them that Linux is neither.
I disagree strongly. Linux *does* need to provide an easy migration path from Office to StarOffice (Crossover Office is a great choice here) as well as many other critical apps. Linux does not need to do things any better than MS. At worst Linux just needs to be "as good" from a user standpoint.
Linux offers other large advantages that MS can never offer customers. The main one from a business oriented viewpoint is the lack of vendor choice that comes with picking MS. One of the first things business people try to avoid is getting tied to one vendor that is critical to the operations of their business. With Windows there is and only ever will be one vendor but with Linux you have your pick. That is a substantial risk which has been underlined with MS' recent stunts regarding licensing and not releasing an OS during said licensing period.
People in power at many large organizations are very aware of this risk. The city of Munich defection to Suse (now Novell) is a perfect example. Balmer cut his vacation short and personally flew out to Munich and offered the city a lower price than what Suse had quoted. Munich ended up with Suse for strategic reasons as they put it. Translated that means we don't want to risk our check book/infrastructure on MS' good will.
On top of that Linux is cheaper so it can afford to be "good enough." Ballmer said himself that MS cannot compete on price and they must try to convince people that MS software is a better value than Linux. This is a much harder sell for MS in the current spending averse environment we're currently in.
There are lots of other techincal administrative advantages we could discuss but that conversation has been beat into the dirt around here.
Not very many companies are making a killing on OSS right now. Some, like IBM, are subsidizing it from their HW sales. Others, like Novell, Red Hat, and Ximian, are still trying to figure it out. I'd say it's a bit early to call it won.
Red Hat has been able to rack up profitable quarterly results in a very spending averse environment. I'd say they're a bit past figuring out how to make money. Maybe a year or so ago I would've agreed with you but I can't say the same now. Also, circumstantial evidence points to the fact that SuSe was cash flow positive when they were purchased by Novell which further bolsters the case for making money in open source.
Just about every business model, not just software, depends on control. That's why businesses spend so much money getting IP protection laws passed.
Business models aren't (or shouldn't be) based around control they're based around providing value to customers. Sometimes control is a means by which companies use to try to keep other companies from providing value in the same way. But to base your business on control is a great way to the poor house (just look at IBM and the in the 80-90's).
Every business wants locked-in customers, it's a good revenue stream.
How about providing a better product than your competitor? This is what capitalism is based on after all. Providing a better product/service than your competition so consumers will give you money. Inevitably companies based on control lose that control and crumble into ash as their product isn't competitive without the old controls. I'm not saying that a collapse of that magnitude is getting ready to happen to MS but they do need to be careful.
When OSS companies start playing with the big boys (public investors), they're going to have to find a way to keep them happy.
I don't quite understand what you mean here by "playing with the big boys" since so many Linux companies are publicly traded.
Let's see. According to the latest FY2004 1st quarter results (ending on Sept 30, 2003), MSFT gets about 15% of their revenue from segments besides OS and Office sales.
Revenue is largely meaningless (as you point out with respect to Sun). It is better to talk about profit but anyway...
MSFT nets more profits on it's $30 billion of revenue than IBM does on it's $80 billion! The story is much the same with HP, though their profit is a even smaller 5%.
This is precisely why MS is ripe for the pickings. With these profit margins MS hasn't exactly made a lot of friends with it's customers. Linux will to a degree commoditize OSes which is really the natural progression in free markets. Product / service offerings become mature, areas of opportunity for differentiation are exhausted by the market and they become increasingly commoditized. This type of environment is antithetical to the insane profit margins that MS is used to. Just look at all the deals and discounts that MS is offering to keep people from switching. That should tell you what's coming down the road. MS wouldn't offer these deep discounts unless they felt they had to because of competition.
I think it's safe to say that MSFT's non-software revenue is quite healthy, and ever growing.
Certainly MS' revenue is very large but ever growing? This is certainly not true and easily disproved. If you look at MS's 10-Q for 4Q 04 you'll see that last quarter their software revenues were flat. The only thing that gave them a positive earnings growth this quarter was their investments department. Why do you think MS has started offering a (small) dividend? Their investors demanded it for two reasons: because of the great amount of cash MS has on hand and the realization by investors that MS is no longer the high growth company it once was. How do you maintain high revenue growth rates when your OS and office suite comes shipped with just about every computer sold? The answer is you cannot unless y
I feel the same way. The lack of Dreamweaver was one thing that kept me on windows for longer than I wanted. Ever since I finally made the move I have been searching freshmeat, hoping that somewhere there was that miracle program that would do what I needed, but no such luck. Dreamweaver is by far the best WYSIWYG HTML editor, and for those who claim notepad (emacs), I can only assume you have never used dreamweaver.
There's a "new" (it's based on Mozilla's HTML composer) program called Nvu that looks to provide the same WYSIWYG functionality as Dreamweaver and Frontpage. It's still really early in development but it's light years better than anything else that's currently available for Linux if you're looking for a Dreamweaver type program.
I suppose "lots of money" is a relative thing when we're talking about corporations but it looks like Disney paid $15,000 for their share of the work. An inconsequential amount for a company as large as Disney especially when considering the breadth and scope of Photoshop.
The question was how do you tailor an application...not write one.
You're arguing semantics here. Where you build an application suite from scratch or build on existing components you're still just trying to serve a need for someone. The how is really not very important in this case.
You just gave a textbook example of starting a business that could just as easily (and more profitably) be based on closed source.
Granted that this could very easily be a for profit venture, however. What happens when one of my clients has a specific need in which I cannot fill due to time/resources constraints? The types of corporations that this software would fill pertains to very large Fortune 500 type companies and ahve very large application dev divisions. With a closed model my customer suffers and has to wait for me to get around to adding said feature. In an OS model my customer adds the feature themselves and likely contributes said feature back to my codebase (they don't want to be stuck maintaining it).
Further, the closed source option gives you leverage, in that you can resell - for the same price - the solution that you develop for addressing the needs of that niche.
Perhaps I didn't make myself clear enough in the example. This software requires numerous and *timely* updates from the software vendor. These large fortune 500 companies aren't going to trust their business to second hand supported software. They will pay handsomely for support from whomever wrote the software. I can resell my software/support package year after year to the same customers all the while adding new customers. About 95% of the revenues in this business are based on the maintenance fees customers pay. Many software packages have similar stories where the support and maintenance of the software is much more important than the initial acquisition. When support is the main revenue stream and especially when the userbase is large or very technically competent OSS really outshines their proprietary counterparts due to the collaborative nature of such projects. Also, as an added bonus customers get a warm fuzzy in knowing that if I ever went under as a business they still have the code and could hire someone to continue development.
It is the leverage that is so extraordinarily powerful - and that is summarily rejected by the Open Source movement.
Again, when the business is more support oriented this doesn't matter. People will pay over and over to procure your product/support because they know when they get in a pinch they have the very best people possible (the people who wrote the software) working on their issues.
Certainly there are tons of places where proprietary software companies can and will do much better than OSS companies. But a support driven model is often very well suited to OSS since the user really cares about the support and purchasing the software package itself is seen as necessary to receive said support.
Does that involve programming? Maybe the "tailor" part, but how do I get into that again?
You're basically asking how do you start a business. It's like any other business. Find an unmet or poorly met need and write an application to meet that need.
Here's an example: The company I work for has to deal with government driven change which occurs *very* frequently. The software we use must conform with these very frequent changes. I could easily see someone writing some Open Source software which is continuously revised to keep up with these changes and charging the company I work for a yearly fee (we already pay a yearly fee [big bucks] to our current vendor). Companies would pay for you supporting and updating the code to conform with new gov't rules and regulations. Currently there is a proprietary software company filling this niche but I see no practical reason why an OSS product could not be created to replace the proprietary one.
In essence it's all about finding a niche and filling it. There are tons of niches out there, you just have to somehow find out about them.
We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.
Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.
Something similar to what you describe is already available via Sneakemail. The concept is that they create a sneakemail.com email aliases to your real email account. So you create a label for each company who requests your email. So you would create a label called "Amazon.com" would be a good example. Sneakemail generates a unique @sneakemail.com email address for you to give Amazon.com. Sneakmail will then forward all mail to your real email address unless you tell it not to. You can easily see who is sending you spam by looking at who an email is addressed to (the foo@sneakemail.com address). You can also block an email alias so the sender gets a bounce notice when they try to spam you. There are other more complex rules you can use but that's the basic idea.
I think it's primarily a difference in mentality and subculture. A lot of these design artists don't have an 'open-source community.' Why this is, and why the two communities are different, is left as an exercise to the reader.
I believe it is modern western culture which splits these two camps so starkly. Modern western culture teaches artists that their artwork is a special sacred thing that we dare not tamper with and it is heresy to allow anyone else to modify our works. This is of course a very recent invention of western societies. In Shakespeare's time for example many of his greatest plays were built in *substantial* portions from other people's stories. Musicians are less prone to this type of thinking because they are used to the concept of borrowing bits here and there from one another.
emedy should put their money where their mouth is if they are so pleased.
They should license WineX, throw it on a CD with Max Payne 2 and shrink wrap it. It should be sold at the same price as the Windows version. It's the least they could do for a company that is "broadening their reach to new audiences". In other words, helping Remedy sell more units.
If Remedy wanted support for Max Payne 2 on Linux then they should just pay Transgaming to support May Payne 2. It only cost Disney $15,000 to get Codeweavers to get Photoshop to working *very* well utilizing Wine. This is a very nominal expense that I would think gaming companies could recoup between $0-15,000 in sales easily while generating some goodwill/publicity in the Linux community at the same time.
"Windows E + M" is "Minimize all." Yes, there is a difference. The first will put everything in the background, while the second will only minimize windows that have the standard "minimize" control. Experiement with winamp open...
You can shorten both of these by droping the 'E' in each keystroke...
So "Win+D" shows the desktop and "Win+M" minimizes everything.
Slashdot Mirror
There is no "written for BSD code" in any Photoshop (as far as anyone can tell, it IS closed after all). GUI (Cocoa) apps for OSX are as different from Linux programs as different can be.
While the GUI code in Photoshop is tied to a particular platform the code which the GUI runs on top of is OS agnostic. The parts of Photoshop which do all the heavy lifting and image manipulation doesn't care which OS it runs on (since it runs on both OS X and Windows [and used to run on IRIX]). Porting the GUI portion of Photoshop to another OS isn't exactly rocket science compared to creating all the code which does all the image manipulation, layer handling, etc. Granted, the port is no small effort but many apps similar in complexity are cross platfrom. Maya is a perfect example of a platform agnostic app which is just as complex and just as powerful as Photoshop yet still manages to run on several different OSes in a very stable manner.
I'm a little surprised that Adobe hasn't ported Photoshop to Linux at this point since the 3DFX industry has rapidly standardized on Linux (not to mention that Disney is using Linux to some degree to create artwork). This is great news for Linux enthusiasts. A company like Adobe sniffing around Linux says alot about where Adobe (and the rest of the computer industry) thinks Linux is headed. It also adds some hope for the future prospects for a viable Linux desktop for the artistic community.
If you take it seriously, you'd also note that out of the 20+ patches released on "patch day" this month, only ONE was for XP-SP2.
n t. aspx
We're talking about security and security bulletins of which there are "only" 10 this month. I'd love to move to XP SP2 but to be honest there is still some software we're waiting to become fully SP2 compatible and SP2 is still too wet behind the ears for us to deploy anyhow. That said we are testing XP SP2 ATM and are addressing several issues we've found with it in our environment.
http://www.microsoft.com/technet/security/curre
All the rest were for legacy code written before the SWI program was in place.
Not true. 70% of these vulns listed 2003 Server as vulnerable which was released way after SWI.
Your first instinct would be wrong, at least when it comes to it being built by a separate team. The fact is, as hard to believe at it is, for the past year Microsoft has put in place for every product systematic development techniques that directly target the security of an application (Threat Modeling, Secure coding techniques). Furthermore, this kind of test is standard within Microsoft (feed random inputs to all possible input locations). And once all the coding is done, the source still has to pass inspection through a security group within Microsoft! You can read about this stuff at the secure windows initiative.
0 328.ht ml
s +say+JPEG+ virus+imminent/2100-7349_3-5387380.html
2 24 .html
Your comment really burned me up since I have to deal with this crap every month in an enterprise environment. You can talk to me about "trend(s) per-product" all you want but how on Earth can you brag about the great job you're doing when this month you released 10 frigging hot fixes with 7 of those being critical? You should be keeping your head down this month trying not to attract attention to your miserable situation. Only Microsoft would think to brag about how well they're doing wrt to security during a month like this.
Look at the non-chalant way MS is handling the security vulns. In particular I'm thinking about MS04-028 (the JPEG vuln) which was just last month. On top of being one of the worst written security write-ups I've ever read, the tool you initially provided to detect the problem was worse than useless. Some random guy on the web managed to produce a useful tool by himself before MS did. With all the resources MS has and all the attention you're putting into security how can this be? Also, how could you release such a horrible, broken tool in the first place? Surely MS knew the tool was broken when they released it if they tested it at all!
http://seclists.org/lists/bugtraq/2004/Sep/
If you want me to take MS seriously wrt security then do not attempt to spin how severe a vulnerability is (like you did with MS04-028). How is anyone supposed to take you seriously when MS says things like this:
"Microsoft does not consider this a high risk to customers given the amount of user action required to execute the attack and is not currently aware of any significant customer impact".
http://news.com.com/Security+researcher
If MS04-028 is not a high security risk then why did MS mark it as critical??? It is one thing to say that you think the JPEG vuln was overhyped (which it was to an extent) but to say that it isn't "high risk" while marking something as "critical" stinks of spin.
Also, I found it hypocritical for MS to yell from the mountain tops about how security is a top priority and yet at the same time refusing to back port very important workstation security enhancements to non-XP OSes (about 1/2 your install base). Note that this also includes security enhancements to IE6.
"We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows," the company said in a statement. "The most secure version of Windows today is Windows XP with SP2. We recommend that customers upgrade to XP and SP2 as quickly as possible."
http://arstechnica.com/news.ars/post/20040923-4
Finally, security is a design decision. If security is not a design decision (hello... ActiveX) then you'll constantly be chasing your tail trying to plug holes in the dam. The hack you suggest in your sig to "solve" the spyware issue really underlines this point. RunAs is broken and doesn't work in many cases and the fast user switching does not work very well unless all one does is browse the web and get email. I won't even get into all the reasons why the fast user switching idea is a non-starter except to say that many applications *require* admin privledges to even run. Both Macs and Linux have had an elegant solution for some time (ask the user for the Admin/root password) in order to elevate privleges. Why is that so hard?
I wonder how many companies are now doing this so they can get price breaks or cheap long-term contracts from MS?
Here's the little secret which is obscured in the whole, "People are only talking about Linux to get concessions from Microsoft." debate.
Microsoft would not give concessions if the threat to switch from a MS to a Linux based desktop were't a credible one . Despite how much MS protests about how Linux is not ready for the corporate desktop their actions say something completely different. If Linux truly isn't ready for extensive corporate use then MS would tell AT&T / Corporate America to go take a flying leap when they get asked for price breaks.
I know one of the stumbling blocks for a linux client was always a decent sound library. The Ryzom devs despise OpenAL.
I noticed that recently Nevrax has added FMOD support in CVS to the windows client. This at least bodes well for a possibility of a Linux port as FMOD supports Linux.
Uh, garage bands that are successfull turn into standard RIAA bands. There's no way to win unless you eventually drop support for the band that USED to be a garage band.
Generally this is true but it is not always so. There are many artists who have taken a second way and are involved with labels which are not affiliated with the RIAA. I know of several artists who have created their own labels to distribute their music and are available in all the major retail stores, amazon, itunes, tower records, etc. Getting distribution using this method is difficult but it isn't impossible. If more people would take the DIY distribution approach we'd have a lot more diversity in music than we do now and the artists would be getting paid far more.
So from my mind, this is a Good Thing, and I'd like to see it on my OS X/Linux machines as well.
:-)
/etc/fstab
/mnt/media/usb-storage vfat ro,noexec,noauto,users 0 0
;) Also there might be more types of usb drives than sda1 [not 100% sure] but you get the gist.
/dev/sda* devices mount to dev/null and no one can read their usb drives.
This is easy for Linux (and I assume something similar would need to be done on OSX since it is unix based). Linux has been able to do this for many many years.
Edit
Put this in your etc fstab and it ought to do the trick:
dev/sda1
All users can mount and read the usb drive (ipods etc) but not write to it, nor can they execute anything from the drive. Of course you'd want to create this entry a number of times in case the user plugs in more than one usb drive.
If you're particularly paranoid make all
he didn't say that FireFox was his primary browser, he just said that he had to patch it because of a vulnerability.
I would hope that as a program manager he would have a copy of each of the competing browsers on his system, so that he can steal... ah, borrow, ideas from them.
What made this quote so striking isn't that he uses a competitor's product (he *should* be using their product). The point is that he *must* use a competing product because IE isn't secure in this case. To underline the matter both browsers were exposed to this vulnerability but Mozilla/Firefox had a patch out the same day the vuln was reported to them. We're all still waiting for a patch from MS closing in on two months later to fix this security hole. Surely, that is at least a little embarrasing considering all the noise out of Redmond lately about security being their top priority.
I do give Toulouse big points for mentioning that he had to use Firefox in this case. Honesty like that is refreshing! The software industry could do with a bit more candor like this.
Please name an application in which compositing gives a better user interface than tabs or just overlapping windows. Compositing makes it difficult to select elements or identify the source for screen objects. The supposed advantage (you can put more stuff on the screen at the same time) seems more like a disadvantage in most cases.
Any graphics editor which utilizes layers, print layout editors (layer blending), sound / movie editors (merging tracks), music sequencing (merging tracks) and to some extent word processors / HTML editors (think "invisible tags"). Being able to offload compositing onto the GPU in these would be a great help to these types of CPU hungry applications.
Yeah, the spyware problem is so bad that I refuse to connect to any Real stream because I'd have to use RealPlayer. If Real weren't so underhanded about the spyware stuff, I'd be a lot more sympathetic toward their argument. As it is, Apple good, Real bad, even if Real happens to be right.
If you're using a windows box you can get Real Alternative.
Download Here
If you're using Linux there are w32 codec packages floating around for you to install which will allow you to play almost any media format. I'm not sure what is available for Macs since I don't own one.
Also, in this case shouldn't it be Apple bad, Real bad?
What are you talking about? NTFS has had journalling for over a decade. And Unicode. And ACLs. And streams. And reparse points (these are amazingly cool). And compression. And encryption. And ... you get the point.
Now, MS doesn't use most of this good stuff, but it's all in there. Even three-letter file extensions on Windows are obsolete, since everything on NTFS can be an OLE server. There's nothing on Linux that comes close to the capabilities of NTFS. About the only major thing NTFS is missing is versionning, which VMS has.
While it is true that NTFS is a journalling file system its implementation is *very feature poor*. NTFS can save you from MFT corruption which would be fatal to something like FAT but little more. NTFS' current journalling capabilites cannot provide enough data to roll back incremental changes (WinFS is supposed to have this) like Reiser and all other journalled FSes that Linux can use. NTFS' crappy journaling implementation is the main reason everyone on a Windows box STILL has to sit through those LONG volume scans if a disk isn't unmounted cleanly. In more robust FS like ReiserFS, Ext3, XFS, etc. the OS can just replay the log and redo any transactions that didn't go as planned. You cannot do this with NTFS as I understand it.
This feature alone makes your claim that "There's nothing on Linux that comes close to the capabilities of NTFS" ring hollow in my ears at least.
Also, if a feature is not implemented it might as well not exist because the user cannot derive any benefit from it. If I can't use a feature who on earth cares that it exists?
How do you get them? All the RPC Worms which currently inflict unpatched Windows NT based OSes is how. These worms do network sweeps and will find a vulnerable machine anywhere from a few seconds to a few minutes depending on the size of your network.
I recall one particular instance at work where an outside laptop that was infected got plugged into the network (our network has about 2000 various boxes connected to it). Our security team got alerted by our intrusion detection systems was on the way to whack the offending user with a clue stick and unplug the laptop. Too late....
During that time I had just finished ghosting a machine with SP4 integrated into the build. In only a matter of a minute or two the new box I was working on became infected and started doing net sweeps of its own (the whole process of infection was done silently of course). I don't doubt the tales of machines becoming infected in a very short period of time given the rate of infection with RPC based worms because I have seen it. All it takes is one rogue machine to infect other boxes it can talk to.
321 Studios should have listed 123 Fake St. as their address. Then the subpeona wouldn't have reached them.
Rest assured boys, it would've taken a while but the cops would still have found them.
How will you ever have a seamless, professional, sane desktop environment that doesn't even have an installation/uninstallation API? The very idea is so backwards and laughable, I fully expect Linux to take another 10 years to reach the level XP and OS X are at now.
Speaking from an enterprise perspective Windows package management royally sucks! Having a modern Linux distribution for desktops would make my patch management responsibilities SO much easier. Let me give just one example that I run into almost every single day at my job.
With windows if you want to roll out a patch or a program of some sort I need to make an install package that will auto install silently (time), QA test my installer (more time), QA test the patch (even more time), write an SMS job to deploy it or put it on a RIS server somewhere (I don't have time for all this!!!). THIS SUCKS!
With a Linux desktop I can setup an RPM repository(s) on our LAN (we'd use Novell or Red Hat]),create a workstation build that would point to our pricate RPM repository, fill the repository with patches QA tested by the vendor (we'd QA test in our own environment too of course) and let the client pull the patches each time they log on to our network. Each time the computer is turned on the distro pulls down the latest updates. Simple! FAR easier than rolling my own packages / installer / SMS job and doing all the testing myself. How MS has gotten away with putting all this work on their customers given their penchant for patching is beyond me.
Don't be so proud of Windows package management. In many ways it is light years behind what can be done in a modern Linux distribution. There may not be one standard for package installs in Linux but you can't say that for windows either (EXEs, MSI installers, etc.).
You want a litmus test? The day someone can buy a printer that comes with a CD, stick the CD into the drive, a menu comes up to install the binary driver, and afterward the printer works. All done in a Linux desktop.
In a modern Linux distribution I can double click on an RPM file, be prompted for a password and happily install the package in question. One may say that entering a password is too large a burden to place on users but quite frankly I don't want my users installing hardware / software willy nilly. Users installing freeware / spyware / non-standard hardware generates a ton of support incidents that we don't need or want.
The home market is all well and good and is generally what most people think when they ask "Is Linux useable?" but practically speaking MS doesn't make NEAR the cash from the home market that they do from their business accounts. This is where most commercial Linux companies are rightly focusing their efforts and it is really starting to pay off.
Why? What's the benefit to them? Not a troll, just playing devils advocate.
The whole 3dfx industry is rapidly standardizing on Linux. This industry buy those "holy crap that's expensive" video cards which have such great margins for ATI.
Also, as the linux desktop gains more traction elsewhere ATI would be wise to have all their Linux ducks in a row. nVidia is just waiting to eat their lunch in that market. The level of linux support nVidia provides makes ATI look like a sick joke.
Show that it can work with Windows, easily, AND do it better. You attitude about file formats just shows them that Linux is neither.
I disagree strongly. Linux *does* need to provide an easy migration path from Office to StarOffice (Crossover Office is a great choice here) as well as many other critical apps. Linux does not need to do things any better than MS. At worst Linux just needs to be "as good" from a user standpoint.
Linux offers other large advantages that MS can never offer customers. The main one from a business oriented viewpoint is the lack of vendor choice that comes with picking MS. One of the first things business people try to avoid is getting tied to one vendor that is critical to the operations of their business. With Windows there is and only ever will be one vendor but with Linux you have your pick. That is a substantial risk which has been underlined with MS' recent stunts regarding licensing and not releasing an OS during said licensing period.
People in power at many large organizations are very aware of this risk. The city of Munich defection to Suse (now Novell) is a perfect example. Balmer cut his vacation short and personally flew out to Munich and offered the city a lower price than what Suse had quoted. Munich ended up with Suse for strategic reasons as they put it. Translated that means we don't want to risk our check book/infrastructure on MS' good will.
On top of that Linux is cheaper so it can afford to be "good enough." Ballmer said himself that MS cannot compete on price and they must try to convince people that MS software is a better value than Linux. This is a much harder sell for MS in the current spending averse environment we're currently in.
There are lots of other techincal administrative advantages we could discuss but that conversation has been beat into the dirt around here.
Not very many companies are making a killing on OSS right now. Some, like IBM, are subsidizing it from their HW sales. Others, like Novell, Red Hat, and Ximian, are still trying to figure it out. I'd say it's a bit early to call it won.
Red Hat has been able to rack up profitable quarterly results in a very spending averse environment. I'd say they're a bit past figuring out how to make money. Maybe a year or so ago I would've agreed with you but I can't say the same now. Also, circumstantial evidence points to the fact that SuSe was cash flow positive when they were purchased by Novell which further bolsters the case for making money in open source.
Just about every business model, not just software, depends on control. That's why businesses spend so much money getting IP protection laws passed.
Business models aren't (or shouldn't be) based around control they're based around providing value to customers. Sometimes control is a means by which companies use to try to keep other companies from providing value in the same way. But to base your business on control is a great way to the poor house (just look at IBM and the in the 80-90's).
Every business wants locked-in customers, it's a good revenue stream.
How about providing a better product than your competitor? This is what capitalism is based on after all. Providing a better product/service than your competition so consumers will give you money. Inevitably companies based on control lose that control and crumble into ash as their product isn't competitive without the old controls. I'm not saying that a collapse of that magnitude is getting ready to happen to MS but they do need to be careful.
When OSS companies start playing with the big boys (public investors), they're going to have to find a way to keep them happy.
I don't quite understand what you mean here by "playing with the big boys" since so many Linux companies are publicly traded.
Let's see. According to the latest FY2004 1st quarter results (ending on Sept 30, 2003), MSFT gets about 15% of their revenue from segments besides OS and Office sales.
Revenue is largely meaningless (as you point out with respect to Sun). It is better to talk about profit but anyway...
MSFT nets more profits on it's $30 billion of revenue than IBM does on it's $80 billion! The story is much the same with HP, though their profit is a even smaller 5%.
This is precisely why MS is ripe for the pickings. With these profit margins MS hasn't exactly made a lot of friends with it's customers. Linux will to a degree commoditize OSes which is really the natural progression in free markets. Product / service offerings become mature, areas of opportunity for differentiation are exhausted by the market and they become increasingly commoditized. This type of environment is antithetical to the insane profit margins that MS is used to. Just look at all the deals and discounts that MS is offering to keep people from switching. That should tell you what's coming down the road. MS wouldn't offer these deep discounts unless they felt they had to because of competition.
I think it's safe to say that MSFT's non-software revenue is quite healthy, and ever growing.
Certainly MS' revenue is very large but ever growing? This is certainly not true and easily disproved. If you look at MS's 10-Q for 4Q 04 you'll see that last quarter their software revenues were flat. The only thing that gave them a positive earnings growth this quarter was their investments department. Why do you think MS has started offering a (small) dividend? Their investors demanded it for two reasons: because of the great amount of cash MS has on hand and the realization by investors that MS is no longer the high growth company it once was. How do you maintain high revenue growth rates when your OS and office suite comes shipped with just about every computer sold? The answer is you cannot unless y
I feel the same way. The lack of Dreamweaver was one thing that kept me on windows for longer than I wanted. Ever since I finally made the move I have been searching freshmeat, hoping that somewhere there was that miracle program that would do what I needed, but no such luck. Dreamweaver is by far the best WYSIWYG HTML editor, and for those who claim notepad (emacs), I can only assume you have never used dreamweaver.
There's a "new" (it's based on Mozilla's HTML composer) program called Nvu that looks to provide the same WYSIWYG functionality as Dreamweaver and Frontpage. It's still really early in development but it's light years better than anything else that's currently available for Linux if you're looking for a Dreamweaver type program.
-Pato
I suppose "lots of money" is a relative thing when we're talking about corporations but it looks like Disney paid $15,000 for their share of the work. An inconsequential amount for a company as large as Disney especially when considering the breadth and scope of Photoshop.
-Pato
The question was how do you tailor an application...not write one.
You're arguing semantics here. Where you build an application suite from scratch or build on existing components you're still just trying to serve a need for someone. The how is really not very important in this case.
You just gave a textbook example of starting a business that could just as easily (and more profitably) be based on closed source.
Granted that this could very easily be a for profit venture, however. What happens when one of my clients has a specific need in which I cannot fill due to time/resources constraints? The types of corporations that this software would fill pertains to very large Fortune 500 type companies and ahve very large application dev divisions. With a closed model my customer suffers and has to wait for me to get around to adding said feature. In an OS model my customer adds the feature themselves and likely contributes said feature back to my codebase (they don't want to be stuck maintaining it).
Further, the closed source option gives you leverage, in that you can resell - for the same price - the solution that you develop for addressing the needs of that niche.
Perhaps I didn't make myself clear enough in the example. This software requires numerous and *timely* updates from the software vendor. These large fortune 500 companies aren't going to trust their business to second hand supported software. They will pay handsomely for support from whomever wrote the software. I can resell my software/support package year after year to the same customers all the while adding new customers. About 95% of the revenues in this business are based on the maintenance fees customers pay. Many software packages have similar stories where the support and maintenance of the software is much more important than the initial acquisition. When support is the main revenue stream and especially when the userbase is large or very technically competent OSS really outshines their proprietary counterparts due to the collaborative nature of such projects. Also, as an added bonus customers get a warm fuzzy in knowing that if I ever went under as a business they still have the code and could hire someone to continue development.
It is the leverage that is so extraordinarily powerful - and that is summarily rejected by the Open Source movement.
Again, when the business is more support oriented this doesn't matter. People will pay over and over to procure your product/support because they know when they get in a pinch they have the very best people possible (the people who wrote the software) working on their issues.
Certainly there are tons of places where proprietary software companies can and will do much better than OSS companies. But a support driven model is often very well suited to OSS since the user really cares about the support and purchasing the software package itself is seen as necessary to receive said support.
Does that involve programming? Maybe the "tailor" part, but how do I get into that again?
You're basically asking how do you start a business. It's like any other business. Find an unmet or poorly met need and write an application to meet that need.
Here's an example:
The company I work for has to deal with government driven change which occurs *very* frequently. The software we use must conform with these very frequent changes. I could easily see someone writing some Open Source software which is continuously revised to keep up with these changes and charging the company I work for a yearly fee (we already pay a yearly fee [big bucks] to our current vendor). Companies would pay for you supporting and updating the code to conform with new gov't rules and regulations. Currently there is a proprietary software company filling this niche but I see no practical reason why an OSS product could not be created to replace the proprietary one.
In essence it's all about finding a niche and filling it. There are tons of niches out there, you just have to somehow find out about them.
We all know the practice of creating an email account, leaving it hidden online somewhere or posting it and telling people not to use it in an effort to get email we are sure is not legitimate. If this works, let's take it a step farther.
Mastercard, wait, even better AmEx issues a card with the same idea. The card is used once in response to a single spam. The card is then cut up but not cancelled. Hand the card numbers and the billing address over on a platter.
Something similar to what you describe is already available via Sneakemail. The concept is that they create a sneakemail.com email aliases to your real email account. So you create a label for each company who requests your email. So you would create a label called "Amazon.com" would be a good example. Sneakemail generates a unique @sneakemail.com email address for you to give Amazon.com. Sneakmail will then forward all mail to your real email address unless you tell it not to. You can easily see who is sending you spam by looking at who an email is addressed to (the foo@sneakemail.com address). You can also block an email alias so the sender gets a bounce notice when they try to spam you. There are other more complex rules you can use but that's the basic idea.
-Pato
I think it's primarily a difference in mentality and subculture. A lot of these design artists don't have an 'open-source community.' Why this is, and why the two communities are different, is left as an exercise to the reader.
I believe it is modern western culture which splits these two camps so starkly. Modern western culture teaches artists that their artwork is a special sacred thing that we dare not tamper with and it is heresy to allow anyone else to modify our works. This is of course a very recent invention of western societies. In Shakespeare's time for example many of his greatest plays were built in *substantial* portions from other people's stories. Musicians are less prone to this type of thinking because they are used to the concept of borrowing bits here and there from one another.
emedy should put their money where their mouth is if they are so pleased.
They should license WineX, throw it on a CD with Max Payne 2 and shrink wrap it. It should be sold at the same price as the Windows version. It's the least they could do for a company that is "broadening their reach to new audiences". In other words, helping Remedy sell more units.
If Remedy wanted support for Max Payne 2 on Linux then they should just pay Transgaming to support May Payne 2. It only cost Disney $15,000 to get Codeweavers to get Photoshop to working *very* well utilizing Wine. This is a very nominal expense that I would think gaming companies could recoup between $0-15,000 in sales easily while generating some goodwill/publicity in the Linux community at the same time.
-Jason
Actually, "Windows E + D" is "Show Desktop."
"Windows E + M" is "Minimize all." Yes, there is a difference. The first will put everything in the background, while the second will only minimize windows that have the standard "minimize" control. Experiement with winamp open...
You can shorten both of these by droping the 'E' in each keystroke...
So "Win+D" shows the desktop and "Win+M" minimizes everything.