I like your view. In order to do their filthy business, they are relying on the fact that the default setting is to accept cookies.
It does not matter if you can change those settings. The real problem is that most of the people don't know anything about it. This is the reality.
Frankly, I don't think this story brings anything new. It was obvious that conspiracy theories would start flowing after the announcement of the Microsoft stolen source-code.
I believe that no serious open-source developer would ever derive something from illegally acquired code. It seems obvious to me that they would think about it for 5 seconds before NOT doing it.
In a closed-source environment, some might do it because it's easier to hide.
Going back to k5...
So basically, you are saying that Apache Web Server rocks and that Mozilla sucks. Such a small sample does not yield a strong indicator on the software domains where open-source performs and the ones where it fails.
It is not possible to answer the What is better? question on a rational basis. Something more appropriate is What do you need. The commercial software is backed up by an army of marketing people ready to say anything to convince you and your boss that their products is better. This may involve many stategies like selective benchmarks, false claims, buzzword attacks, etc. How can this not lead to deception? With OSS, no such promotional effort is done. OSS has to proove itself in the concrete world which is a harder task. So it may seems that open-source is not good as commercial but it does not imply that this is always the case, it depends on your needs. Do you need a 24-hour support hotline? Do you need control over the software? Do you need Warranties? Can you afford to wait for the purchase order to be processedor do you need to be able to download it right away? Open-source, as well as commercial software both have their natural advantages. You have to take the better fit for your needs. This is not about choosing the one having the higher god-gifted index-of-software-goodness.
Mozilla is [one of] the most ambitious open-source project. It took a while to clean up the code (and I'm talking about the closed-source legacy). I'm impressed with all the features they have realized so far. You've got to admire this management complexity.
Also, I really think that Mozilla will soon be of great help on this corporate-controlled www. Contributors to the Mozilla project actually share our interests and they will surely protect them. IE or NS can never compete on this point.
The sysadmins who need to be able to identify the security level of each components will be exposed to the 45-day black period. IMO, it is way too long. Sometimes, just knowing the nature of a security hole is enough to find an appropriate workaround and this doesnt have to wait 6 weeks.
I don't understand why they have chosen that 45 days magic number. It depends so much on the security hole.
I (with others) maintain an open-source software (delivered without any warranties). However, if I find out a security problem in our software, as a responsible maintainer, I would announce it immediately on the mailing list/web site and fix it as soon as I can. Unfortunately, you cannot expect this behaviour from major vendors or else, they wouldn't have put pressure on the CERT to remain protected for this period.
Slashdot Mirror
I like your view. In order to do their filthy business, they are relying on the fact that the default setting is to accept cookies. It does not matter if you can change those settings. The real problem is that most of the people don't know anything about it. This is the reality.
Frankly, I don't think this story brings anything new. It was obvious that conspiracy theories would start flowing after the announcement of the Microsoft stolen source-code. I believe that no serious open-source developer would ever derive something from illegally acquired code. It seems obvious to me that they would think about it for 5 seconds before NOT doing it. In a closed-source environment, some might do it because it's easier to hide. Going back to k5...
So basically, you are saying that Apache Web Server rocks and that Mozilla sucks. Such a small sample does not yield a strong indicator on the software domains where open-source performs and the ones where it fails.
It is not possible to answer the What is better? question on a rational basis. Something more appropriate is What do you need. The commercial software is backed up by an army of marketing people ready to say anything to convince you and your boss that their products is better. This may involve many stategies like selective benchmarks, false claims, buzzword attacks, etc. How can this not lead to deception? With OSS, no such promotional effort is done. OSS has to proove itself in the concrete world which is a harder task. So it may seems that open-source is not good as commercial but it does not imply that this is always the case, it depends on your needs. Do you need a 24-hour support hotline? Do you need control over the software? Do you need Warranties? Can you afford to wait for the purchase order to be processedor do you need to be able to download it right away? Open-source, as well as commercial software both have their natural advantages. You have to take the better fit for your needs. This is not about choosing the one having the higher god-gifted index-of-software-goodness.
Mozilla is [one of] the most ambitious open-source project. It took a while to clean up the code (and I'm talking about the closed-source legacy). I'm impressed with all the features they have realized so far. You've got to admire this management complexity.
Also, I really think that Mozilla will soon be of great help on this corporate-controlled www. Contributors to the Mozilla project actually share our interests and they will surely protect them. IE or NS can never compete on this point.
The sysadmins who need to be able to identify the security level of each components will be exposed to the 45-day black period. IMO, it is way too long. Sometimes, just knowing the nature of a security hole is enough to find an appropriate workaround and this doesnt have to wait 6 weeks.
I don't understand why they have chosen that 45 days magic number. It depends so much on the security hole.
I (with others) maintain an open-source software (delivered without any warranties). However, if I find out a security problem in our software, as a responsible maintainer, I would announce it immediately on the mailing list/web site and fix it as soon as I can. Unfortunately, you cannot expect this behaviour from major vendors or else, they wouldn't have put pressure on the CERT to remain protected for this period.
So my point is: "protect people, not vendors".