Um, if the OS has no concept of a "root user", then the point the grandparent post made is no longer applicable. You're comparing apples to oranges. The fact is that Windows and Linux _do_ have admin users and therefore cannot protect against malicious code running as admin. Sure, there are numerous other types of OSes that do things differently... but that's not the point the grandparent post was making.
1. This is a troll and not informative at all.
2. The rant is from 5 years ago. Quite a bit has changed. Ever use Office 2003? I use it every day. Works pretty darn good compared to how Office 98 did.
3. He was also probably running Win98 back then. WinXP is a much stabler OS and therefore the applications run with more reliability.
I don't consider 50 people dying from a 500-pound bomb to be "caught in the crossfire." Turn that into carpet bombing for "Shock and Awe" and you've got a good chunk of casualties on your hands. The US also dropped bombs on Abu Dhabi and Al Jazeera news stations in Baghdad even though the Pentagon had the coordinates. Sound like terrorist techniques to anyone?
Anyway, my main point is that no, there is no big different between the World Trace Center attacks and Iraqi civilian deaths. Both involved innocent people dying.
That refers to 1-2 physical processors. You're allowed as many logical processors as you want. That only applies to WinXP and later, though. Back in the Win2k days, they counted logical processors toward your limit. Sure, there's ways of getting around the Win2k limit (as others have said), but out of the box, that's how processor count behaves.
Linux is an open source system, you should be able to run a fully usable linux system using nothing but open source components.
And in a perfect world there would be no war or hunger.
That is a hard requirement for Linux success, in the past, now, and in the future.
No, that is a hard requirement that is going to further alienate the Linux community and make companies less likely to bother supporting their hardware on the platform. What this will result in is drivers made by the community that work, but don't have all the snazzy features you paid $$$ for.
That's also why I have just a SoundBlaster 16 PCI. It does the trick and sounds good, but it's also just about the only card you can buy and take advantage of all its features.
For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.
Like.... somewhere else where they... build cool 3D graphics cards... and have open source drivers... which would be.... who? I'm also assuming this company would care enough about the few hundred to few thousand Linux customers they might get versus the few million Windows customers?
For the record I do run nvidia binary driver today.
Yep, thought ya did. Why didn't you take your money elsewhere?
Personally, I think the Linux community needs to just deal. You can't have your cake and eat it, too. Maybe after Linux gains some significant user-base, you can demand things from product manufacturers. Until then, however, you should ease up a bit and just be happy that Linux is even supported.
Bah, you got me there! I realized it after I hit submit (yeah yeah) and figured they'd reject my story for it.;) Maybe next time I won't take those shots of Grey Goose before trying to submit a story.
No, I think he's calling it "implicit shading of news happening by use of different technology or explicit policy"... just like he said.
I think his point is that with competition, this type of news shading could potentially lessen because you've got the other guy than can demonstrate that there is a bias.
So, software that is years old is insecure. Not a big surprise. Install any Linux distro that is years old and you're going to find security holes as well.
Also, what software at Microsoft says it's secure? The only thing I can think of is MBSA and that pretty much just tells you if you have all patches installed. Notice how Exchange 2003 doesn't suffer from this problem. Also, it relies on a misconfigured server or a server that was previously infected from code red. This feature is off by default. IMHO, if your machine was infected from code red, it should have been re-installed.
Install an insecure CGI on your Apache server and watch what can happen.
Dude, you're the troll. Listen to yourself. You would make a terrible marketing person. Is this how you would respond to a real customer that is probably going to give reasons exactly like this? Maybe they are n00bs, but the fact of the matter is, MS has plenty of marketing people that is willing to work with the customer that has questions whereas the open-source community is willing to insult those that may not know as much. That's definitely not the best way to win over customers.
Maybe his comments mean he's a neophyte, but at least he posted his comments to see if anyone else found them helpful. All your comments did was show that you're an arrogant prick and nobody finds them helpful.
No, I'm realistic, not pathetic. If the shareholders bailed, then he would be out of a job or his lifestyle severely altered, anyway. I doubt he'll have trouble finding another job. He's a smart cookie. Besides, maybe he'll find somewhere that doesn't rely on MS so much and he can say what he thinks more freely.
I'm not being an apologist. I'm simply stating how the world is today. If you don't like it, buy a helmet.
And would you? Think about it. They have an awesome working relationship with Microsoft. They get to do exactly what they love to do (finding exploits) in code that is supposedly riddled with problems and get paid tons of money to do it. In addition, they help the world by helping MS identify and fix these bugs.
If they lost that relationship, that could cause the shareholders to bail out because the company would have to recoup that revenue from elsewhere.
@Stake is full of tons of smart people. I'm sure they'll survive.
While the firing was unecessary and I don't agreee with it in the slightest. (How can your participation be 'unauthorized'?)
It became unauthorized the moment he slapped "CTO, @Stake" to the end of his title. Being an executive of the corporation, he had the responsibility to realize that no matter what he says, people are going to feel that it's the company's standpoint as well. It doesn't matter if you agree with that or not, but it's the way people perceive things. If he wanted to do his own thing, he should've slapped "security expert with 30 years of experience" or something else by his name.
No, actually many users disable auto update because Microsoft has a history of releasing updates that break other functionality.
I think this is a situation where your argument doesn't quite fit the bill. Sure, this does happen, but the vast majority of business were protected by this worm because their IT groups saw the news and the severity, or Microsoft actually called them (if they have a support contract). At my company, we were given 3 days to install the patch after it was released or our internet port was shut off. This was just under a month before the worm hit. They knew and they applied it. This worm hit normal, usually untargeted home users, and it hit them hard.
Please send this to mswish [at] microsoft [dot] com. I know for a fact that they do get and route this information to the right people. Many features and tweaks have been implemented in this fashion.
Sure, and I can send you an email saying "No, don't worry. This _really_ isn't an e-mail virus." It doesn't do any good. The problem is education. People that don't know anything about computers get so scared by the media and other uneducated people about hackers and such that they think everything is a virus and therefore don't do what they need to do.
I've always wondered how useful that information would be to Microsoft. A lot of the crashes are due to non-Microsoft software. What good would that information do them?
Microsoft has a huge AppCompat lab that they run to test against thousands of applications whenever they release new versions of their software. If you send the non-Microsoft-software errors, it helps them see if maybe some new app is causing a problem. If it is, they may consider adding it to their AppCompat lab (although it does depend on the usage of the software). If they determine it's a Windows bug being surfaced by the app, they can work on fixing it. Otherwise, they can notify the vendor and say "Hey, your really popular program is crashing in these cases for this many people and here are the details we've gathered." It may also help them view trends like improper API usage and the like. That may help them improve the SDK docs so app developers have a better idea of how the APIs work.
Boom, instant feedback for application developers. This option is not available for Linux that I know of. It's the user's responsibility to find the right mailing list to join up to and try to debug the problem. They might even be told to submit a patch themselves before it'll be fixed.
I read the parent post as, "Because MS uses security through obscurity, many people think that Linux distros are inherently more secure than MS." I think he meant that security through obscurity doesn't work very well.
Security through obscurity works just fine as long as that's not your only defense. Security practices should always be done in-depth, with multiple tools to protect you. Let's say I have my gold in a safe in my house. Rather than just put my safe in the garage (where it's not obscured at all), I'm going to hide it somewhere obscure to make it harder for you to find it. Sure, you'll probably eventually find it, but combine the time to find it with the time to crack the safe and you've added more time for the police to show up. Of course, this assumes that I've already taken other measures (alarm system, etc) to complete the in-depth experience.:)
I've already explained the "Algebra" thing in a couple other posts.
As for the "Freedom Fries" crap, nobody complains because nobody cares. America is turning into an apathetic pile of fat and lazy bastards. The French actually want their language to remain more French than English. Who cares? We're supposed to be the melting pot, not them.
You said the key thing. We "corrupted" the word into algebra because it sounds and flows better in our language. Same thing the French are doing. They "corrupted" our "e-mail" into "courriel" to better fit in with their language.
You're missing my point. Either this word is not really arabic, or it _has_ been changed in pronunciation and/or spelling, which is essentially what the French have done:
Algebra: From al-jabr. Different spelling and pronunciation. Admiral: Probably the closest one, but this is mostly from Old French and Medieval Latin. Algorithm: From "algorism". Different spelling. Assassin: From "hassass", or "hashish user". It wasn't the present form until it passed through French and Italian, at which point it came into English. Arsenal: Actually italian "arsenale", which is from arabic "assina'a".
Anyway, I could go on and on. The point here is we've changed all of these words in some manner or another to fit into our language better. It flows better and sounds better. This is simply what the French are doing with their own choice of words.
Wow, talk about naive. French has a certain flow about it. The word "e-mail" just doesn't really fit in. Using their own words, they can keep the flow in a very beautiful language. Your statement is an example of American arrogance. Let's say an arab comes up with an arabic word for something new. Do you think we'd all start using the arabic word? Ignore the fact that there are different alphabets. Just think of the way the arabic word sounds. Again, do you think we'd use the word? Hell, no. Americans wouldn't stand for it. We'd come up with our own word and I wouldn't be surprised if the government came up with the new word and spread it like the plague, just like they have with other phrases during the war (you've seen them in other posts).
More recently, the company has been stepping up its efforts to convince potential European clients that they should steer away from Linux and towards its products. But even though Ballmer intervened in the attempt to win over the city of Munich, Linux won out.
This is very good for Linux, and I'm not trying to downplay it, but I just heard about this over at WinInformant:
Fun Fact About Those Linux PCs in Munich
And speaking about Linux stories you don't hear much from the Linux-loving mainstream press, consider the following. Remember that story about the city of Munich choosing Linux to power 14,000 desktop computers? One aspect of this story that most people don't know about is that up to 80 percent of those Linux desktops will be equipped with VMWare, a virtual machine emulator, under which they will run Windows and Windows applications. That's right, folks: The majority of those "Linux desktops" will be used to run... Windows. I'm not a big fan of Gartner, but they've issued a report, correctly titled, "Munich's Choice Doesn't Prove Linux OK for General Desktop Use," that raises some interesting issues. First, many of the Windows desktops they're migrated are very old Windows versions like Windows 3.1, making the switch to Linux less painful (it would be equally painful to switch to XP). Gartner says the cost of switching to Linux will cost 30 million Euros, or 3 million Euros more than it would cost to switch to XP, not including any steep discounts Microsoft would have no doubt provided. And finally, because most of the Linux machines will use VMWare to run Windows anyway, Linux is really being used as a hosting environment, and not as a replacement. In other words, this isn't exactly a good business case on which other companies can base a decision to migrate to Windows desktops. And, not coincidentally, that's why we're not reading about a lot of other high-profile Linux switchers.
Yes, this is probably a biased site, but Slashdot can be sometimes, too. You can also read the Gartner article for more information. What do people think about this? Has anyone read any other articles about the VMWare situation? Do you really think this affects how Linux people should feel about the deal?
Actually, HavenCo is no longer a safe haven. Ryan Lackey will be doing a talk about the events that transpired in 2002 at DEFCON 11. Here's the text from the DEFCON Speakers Page:
HavenCo: What Really Happened
HavenCo, an attempt at creating an offshore data haven, was launched in 2000 by a small team of cypherpunks and pro-liberty idealists.
During 2002, the Sealand Government decided they were uncomfortable with their legal and PR exposure due to HavenCo, particularly in the post-DMCA and post-911 world, and regulated, then took over the remains of the business, forcing the remaining founders out. While HavenCo continues to serve a small number of customers, it no longer is a data haven, and has exposed the ultimate flaw in relying on a single physical location in one's quest for privacy.
Ryan Lackey was with HavenCo from inception until late 2002, and will tell exactly what happened (not the PR-friendly whitewashed version) from day one until the end, what lessons were learned, and how similar goals can be achieved in the future by motivated individuals and groups.
And why should we believe the Free-X posting? That's what they were claiming, but they have not offered any of the actual correspondence to the public as evidence. I really doubt it went the way as they claim in their post. I think they probably had a snippy attitude and demanded a signed linux bootloader, instead of asking for one. After all, that was their true goal.
If you closely follow the wording the quote the parent posted, they would have agreed to signing an NDA about their discoveries, but then would have only asked, but not demanded, to have a signed Linux loader. Yeah, right!
Slashdot Mirror
Um, if the OS has no concept of a "root user", then the point the grandparent post made is no longer applicable. You're comparing apples to oranges. The fact is that Windows and Linux _do_ have admin users and therefore cannot protect against malicious code running as admin. Sure, there are numerous other types of OSes that do things differently... but that's not the point the grandparent post was making.
Three things:
1. This is a troll and not informative at all.
2. The rant is from 5 years ago. Quite a bit has changed. Ever use Office 2003? I use it every day. Works pretty darn good compared to how Office 98 did.
3. He was also probably running Win98 back then. WinXP is a much stabler OS and therefore the applications run with more reliability.
I don't consider 50 people dying from a 500-pound bomb to be "caught in the crossfire." Turn that into carpet bombing for "Shock and Awe" and you've got a good chunk of casualties on your hands. The US also dropped bombs on Abu Dhabi and Al Jazeera news stations in Baghdad even though the Pentagon had the coordinates. Sound like terrorist techniques to anyone?
Anyway, my main point is that no, there is no big different between the World Trace Center attacks and Iraqi civilian deaths. Both involved innocent people dying.
That refers to 1-2 physical processors. You're allowed as many logical processors as you want. That only applies to WinXP and later, though. Back in the Win2k days, they counted logical processors toward your limit. Sure, there's ways of getting around the Win2k limit (as others have said), but out of the box, that's how processor count behaves.
Linux is an open source system, you should be able to run a fully usable linux system using nothing but open source components.
And in a perfect world there would be no war or hunger.
That is a hard requirement for Linux success, in the past, now, and in the future.
No, that is a hard requirement that is going to further alienate the Linux community and make companies less likely to bother supporting their hardware on the platform. What this will result in is drivers made by the community that work, but don't have all the snazzy features you paid $$$ for.
That's also why I have just a SoundBlaster 16 PCI. It does the trick and sounds good, but it's also just about the only card you can buy and take advantage of all its features.
For example if 3D desktops becomes the standard open source 3D driver will need to be developed, if the gfx companies don't like that we need to take our money someplace else.
Like.... somewhere else where they... build cool 3D graphics cards... and have open source drivers... which would be.... who? I'm also assuming this company would care enough about the few hundred to few thousand Linux customers they might get versus the few million Windows customers?
For the record I do run nvidia binary driver today.
Yep, thought ya did. Why didn't you take your money elsewhere?
Personally, I think the Linux community needs to just deal. You can't have your cake and eat it, too. Maybe after Linux gains some significant user-base, you can demand things from product manufacturers. Until then, however, you should ease up a bit and just be happy that Linux is even supported.
Bah, you got me there! I realized it after I hit submit (yeah yeah) and figured they'd reject my story for it. ;) Maybe next time I won't take those shots of Grey Goose before trying to submit a story.
Here's a link to the ad mentioned:
e _bra.mov
http://www.msboycott.com/media/microsoft_ad_offic
No, I think he's calling it "implicit shading of news happening by use of different technology or explicit policy"... just like he said.
I think his point is that with competition, this type of news shading could potentially lessen because you've got the other guy than can demonstrate that there is a bias.
So, software that is years old is insecure. Not a big surprise. Install any Linux distro that is years old and you're going to find security holes as well.
Also, what software at Microsoft says it's secure? The only thing I can think of is MBSA and that pretty much just tells you if you have all patches installed. Notice how Exchange 2003 doesn't suffer from this problem. Also, it relies on a misconfigured server or a server that was previously infected from code red. This feature is off by default. IMHO, if your machine was infected from code red, it should have been re-installed.
Install an insecure CGI on your Apache server and watch what can happen.
Woo woo, big news...
Dude, you're the troll. Listen to yourself. You would make a terrible marketing person. Is this how you would respond to a real customer that is probably going to give reasons exactly like this? Maybe they are n00bs, but the fact of the matter is, MS has plenty of marketing people that is willing to work with the customer that has questions whereas the open-source community is willing to insult those that may not know as much. That's definitely not the best way to win over customers.
Maybe his comments mean he's a neophyte, but at least he posted his comments to see if anyone else found them helpful. All your comments did was show that you're an arrogant prick and nobody finds them helpful.
No, I'm realistic, not pathetic. If the shareholders bailed, then he would be out of a job or his lifestyle severely altered, anyway. I doubt he'll have trouble finding another job. He's a smart cookie. Besides, maybe he'll find somewhere that doesn't rely on MS so much and he can say what he thinks more freely.
I'm not being an apologist. I'm simply stating how the world is today. If you don't like it, buy a helmet.
And would you? Think about it. They have an awesome working relationship with Microsoft. They get to do exactly what they love to do (finding exploits) in code that is supposedly riddled with problems and get paid tons of money to do it. In addition, they help the world by helping MS identify and fix these bugs.
If they lost that relationship, that could cause the shareholders to bail out because the company would have to recoup that revenue from elsewhere.
@Stake is full of tons of smart people. I'm sure they'll survive.
While the firing was unecessary and I don't agreee with it in the slightest. (How can your participation be 'unauthorized'?)
It became unauthorized the moment he slapped "CTO, @Stake" to the end of his title. Being an executive of the corporation, he had the responsibility to realize that no matter what he says, people are going to feel that it's the company's standpoint as well. It doesn't matter if you agree with that or not, but it's the way people perceive things. If he wanted to do his own thing, he should've slapped "security expert with 30 years of experience" or something else by his name.
No, actually many users disable auto update because Microsoft has a history of releasing updates that break other functionality.
I think this is a situation where your argument doesn't quite fit the bill. Sure, this does happen, but the vast majority of business were protected by this worm because their IT groups saw the news and the severity, or Microsoft actually called them (if they have a support contract). At my company, we were given 3 days to install the patch after it was released or our internet port was shut off. This was just under a month before the worm hit. They knew and they applied it. This worm hit normal, usually untargeted home users, and it hit them hard.
Please send this to mswish [at] microsoft [dot] com. I know for a fact that they do get and route this information to the right people. Many features and tweaks have been implemented in this fashion.
Sure, and I can send you an email saying "No, don't worry. This _really_ isn't an e-mail virus." It doesn't do any good. The problem is education. People that don't know anything about computers get so scared by the media and other uneducated people about hackers and such that they think everything is a virus and therefore don't do what they need to do.
I've always wondered how useful that information would be to Microsoft. A lot of the crashes are due to non-Microsoft software. What good would that information do them?
Microsoft has a huge AppCompat lab that they run to test against thousands of applications whenever they release new versions of their software. If you send the non-Microsoft-software errors, it helps them see if maybe some new app is causing a problem. If it is, they may consider adding it to their AppCompat lab (although it does depend on the usage of the software). If they determine it's a Windows bug being surfaced by the app, they can work on fixing it. Otherwise, they can notify the vendor and say "Hey, your really popular program is crashing in these cases for this many people and here are the details we've gathered." It may also help them view trends like improper API usage and the like. That may help them improve the SDK docs so app developers have a better idea of how the APIs work.
Boom, instant feedback for application developers. This option is not available for Linux that I know of. It's the user's responsibility to find the right mailing list to join up to and try to debug the problem. They might even be told to submit a patch themselves before it'll be fixed.
I read the parent post as, "Because MS uses security through obscurity, many people think that Linux distros are inherently more secure than MS." I think he meant that security through obscurity doesn't work very well.
:)
Security through obscurity works just fine as long as that's not your only defense. Security practices should always be done in-depth, with multiple tools to protect you. Let's say I have my gold in a safe in my house. Rather than just put my safe in the garage (where it's not obscured at all), I'm going to hide it somewhere obscure to make it harder for you to find it. Sure, you'll probably eventually find it, but combine the time to find it with the time to crack the safe and you've added more time for the police to show up. Of course, this assumes that I've already taken other measures (alarm system, etc) to complete the in-depth experience.
I've already explained the "Algebra" thing in a couple other posts.
As for the "Freedom Fries" crap, nobody complains because nobody cares. America is turning into an apathetic pile of fat and lazy bastards. The French actually want their language to remain more French than English. Who cares? We're supposed to be the melting pot, not them.
You said the key thing. We "corrupted" the word into algebra because it sounds and flows better in our language. Same thing the French are doing. They "corrupted" our "e-mail" into "courriel" to better fit in with their language.
You're missing my point. Either this word is not really arabic, or it _has_ been changed in pronunciation and/or spelling, which is essentially what the French have done:
Algebra: From al-jabr. Different spelling and pronunciation.
Admiral: Probably the closest one, but this is mostly from Old French and Medieval Latin.
Algorithm: From "algorism". Different spelling.
Assassin: From "hassass", or "hashish user". It wasn't the present form until it passed through French and Italian, at which point it came into English.
Arsenal: Actually italian "arsenale", which is from arabic "assina'a".
Anyway, I could go on and on. The point here is we've changed all of these words in some manner or another to fit into our language better. It flows better and sounds better. This is simply what the French are doing with their own choice of words.
Wow, talk about naive. French has a certain flow about it. The word "e-mail" just doesn't really fit in. Using their own words, they can keep the flow in a very beautiful language. Your statement is an example of American arrogance. Let's say an arab comes up with an arabic word for something new. Do you think we'd all start using the arabic word? Ignore the fact that there are different alphabets. Just think of the way the arabic word sounds. Again, do you think we'd use the word? Hell, no. Americans wouldn't stand for it. We'd come up with our own word and I wouldn't be surprised if the government came up with the new word and spread it like the plague, just like they have with other phrases during the war (you've seen them in other posts).
More recently, the company has been stepping up its efforts to convince potential European clients that they should steer away from Linux and towards its products. But even though Ballmer intervened in the attempt to win over the city of Munich, Linux won out.
... Windows. I'm not a big fan of Gartner, but they've issued a report, correctly titled, "Munich's Choice Doesn't Prove Linux OK for General Desktop Use," that raises some interesting issues. First, many of the Windows desktops they're migrated are very old Windows versions like Windows 3.1, making the switch to Linux less painful (it would be equally painful to switch to XP). Gartner says the cost of switching to Linux will cost 30 million Euros, or 3 million Euros more than it would cost to switch to XP, not including any steep discounts Microsoft would have no doubt provided. And finally, because most of the Linux machines will use VMWare to run Windows anyway, Linux is really being used as a hosting environment, and not as a replacement. In other words, this isn't exactly a good business case on which other companies can base a decision to migrate to Windows desktops. And, not coincidentally, that's why we're not reading about a lot of other high-profile Linux switchers.
This is very good for Linux, and I'm not trying to downplay it, but I just heard about this over at WinInformant:
Fun Fact About Those Linux PCs in Munich
And speaking about Linux stories you don't hear much from the Linux-loving mainstream press, consider the following. Remember that story about the city of Munich choosing Linux to power 14,000 desktop computers? One aspect of this story that most people don't know about is that up to 80 percent of those Linux desktops will be equipped with VMWare, a virtual machine emulator, under which they will run Windows and Windows applications. That's right, folks: The majority of those "Linux desktops" will be used to run
Yes, this is probably a biased site, but Slashdot can be sometimes, too. You can also read the Gartner article for more information. What do people think about this? Has anyone read any other articles about the VMWare situation? Do you really think this affects how Linux people should feel about the deal?
Actually, HavenCo is no longer a safe haven. Ryan Lackey will be doing a talk about the events that transpired in 2002 at DEFCON 11. Here's the text from the DEFCON Speakers Page:
HavenCo: What Really Happened
HavenCo, an attempt at creating an offshore data haven, was launched in 2000 by a small team of cypherpunks and pro-liberty idealists.
During 2002, the Sealand Government decided they were uncomfortable with their legal and PR exposure due to HavenCo, particularly in the post-DMCA and post-911 world, and regulated, then took over the remains of the business, forcing the remaining founders out. While HavenCo continues to serve a small number of customers, it no longer is a data haven, and has exposed the ultimate flaw in relying on a single physical location in one's quest for privacy.
Ryan Lackey was with HavenCo from inception until late 2002, and will tell exactly what happened (not the PR-friendly whitewashed version) from day one until the end, what lessons were learned, and how similar goals can be achieved in the future by motivated individuals and groups.
And why should we believe the Free-X posting? That's what they were claiming, but they have not offered any of the actual correspondence to the public as evidence. I really doubt it went the way as they claim in their post. I think they probably had a snippy attitude and demanded a signed linux bootloader, instead of asking for one. After all, that was their true goal.
If you closely follow the wording the quote the parent posted, they would have agreed to signing an NDA about their discoveries, but then would have only asked, but not demanded, to have a signed Linux loader. Yeah, right!