An extra $100 is an extra few hours a developer can spend adding a feature or polishing the program. Most commonly used commercial apps could be developed for less than $500,000 of developer time and many smaller apps even for under $50,000. For a $200 (retail price) program it doesn't take many user's donating to earn back that cost. 50,000 users donating $10 each could pretty easily pay for a replacement to the $500+ PhotoShop suite.
That's long been my opinion on opensource. If everyone that uses the programs, or would if the program had x feature they need, would contribute a little sponsorship money (and a list of desired functionality) then these programs could more quickly adapt to their needs. It's investing upfront in technology so that you can save money later. We'd all be wise to do that.
If you use an opensource program then please make an effort to contribute and get others to do likewise. $10/yr from each user would go a long way towards advancing most of these programs beyond their commercial rivals. What is that compared to the cost of buying the commercial rivals? $10 to Firefox, $10 to GIMP, $10 to OpenOffice, $10 to Gnome, $10 to XOrg, $10 to Linux, etc. Whichever programs you use. Of course these programmers should remember to distribute a portion to the programmers of libraries, command-line tools, etc that they make use of too.:) If we each donated $10 to 10 projects a year opensource would grow much faster.:)
Unfortunately most GUI apps are poorly designed such that the front-end and back-end code are tangled together. If programmers would create the back-end as a discrete entity GUI apps would be much more flexible and stable.
One thing I really hate is when you load a big file and the entire interface freezes while the file loads. Argh! ICQ always did that on my contact list. Horribly coded.
There is no reason why a well designed app shouldn't be portable to different UI's ranging from text based on up. Why not have a text-based version of GIMP or OpenOffice that lets you manipulate the files using command-line commands? Functionality should not be based on the UI.
I think that mgmt of companies that leave such holes gaping open should be charged equally as the hackers due to their neglect of security. It's one thing to get owned by an especially clever hacker that penetrates your well defended system but another if you get owned by some kid cus you have suck ass security. If you're neglect puts other people at risk then it should be as much a crime as taking advantage of that neglect.
I agree. I wouldn't like the search box at the top and I'd hate it to be a popup. I rarely look at it anyway. I just type and look at the results. I wish it was easier to suppress all popup dialogs. Everything should either open at the bottom of the page like the search box or as a new tab. I hate windows cluttering up my screen.
Of course IMO Windows/Mac-style desktops full of windows and desktop icons are outdated and will eventually be phased out. Tabbed task-based desktops are better. Working on adding that ability to Gnome.:)
My UI change of choice was to replace my keyboard with a second mouse. That way I can just spell things out with the mouse in my left hand. Is that a bad interface decision too?
Something like that although I'd like it to support multiple players playing together. The GPS could record where you've been, present you challenges (riddles, simulated battles, etc) as desired, and you could take or scan items from a geocache to prove you'd been there are claimed some prize that'd let you do something new in the game.
I think it'd be fun but challenging. But then I just walked 10 miles home from work because I didn't want to wait for a ride or take a bus so for people like me the challenge is part of the fun. It'd be a good way to get geeks and gamers to exercise and socialize in real life too. Bring back some of the face to face value of RPG.
It's a lot more innovative than your average lame ass 3D shooter game. That kind of lack of innovation is why I barely play anymore. So much effort is spent on the look of the games today that little is actually put into thinking of ways to make the games fun or interesting.
DDR and eye-cam type games are the only real innovation I've seen in a long time. At least the DS and games like this make an effort to innovate. Some innovations will work and some will flop but at least we'll get some new ideas out there. A touch screen virtual pet game is a great idea.
I'm teaching my dog to play with it's own virtual puppy. Unfortunately the touch screen doesn't respond well to slobber and being gripped in doggy teeth. Hrm. Time for a GB for dogs?
Actually, I keep experimenting with GPS-aware games that require the player to move around in real life and interact with their real enviroment. (Yes, I know.. we call that real life.. but I keep score and create adventures real life lacks.) Might be perfect for dog owners. You could take your dog on a walk as part of the game or even make items that are difficult to retrieve unless you have a dog that can fetch them.
I always wanted real life adventures so to me active games that use a quest system to nudge the player into going hiking, climbing, to unusual parts of the city, etc is pretty cool. There is just something about actually going some place for real that games just don't offer but at the same time games offer a plot that real life usually doesn't offer. Combine the two to great effect.:)
I used to have a virtual dog I wrote on a MUD (text based pooch!). It was pretty good at being neurotic and interesting. It'd try to randomly interact with players and objects and learn from feedback (pet, give treat, spank, ignore, etc) how to behave. It got to be pretty smart as far as knowing what objects could be used in which areas and with which players. Now and then it'd be lost or just bored though and start doing random stuff to try to get a response. Pretty realistic other than being text-based.;)
Any time you create interlinking learning, behavioral, and emotional models for bots it becomes interesting quickly. It's fun to watch them learn and develop personalities.
It isn't only a Windows problem but it is a Windows problem and it is a commercial software problem largely created by Microsoft. In many ways Microsoft created the software industry and the culture of creating software commercially and interfacing with users. Their bad habits have invested the entire industry.
Certainly there are many kinds of attacks and let there be no doubt that there will always be new attacks being invented. Expecting to avoid all of them, even before they've been invented, either by smart design or blacklisting is naive. Windows though encourages this behavior by having poor built-in security. IMO Unix/Linux-style security leaves much to be desired but it is just worlds stronger than that of Windows. Unix was around before Windows, and Microsoft had experience with it (Xenix) but they decided to throw out what they knew and just face the world with no security model in place. Foolish even in the days before everyone had Internet access.
Sendmail, and the whole fragmented fscked up concept of EMail as we know it, is a mess that also wasn't designed with security in mind and is a classic example of how patches can never fix a bad design. Email needs to be reinvented from the ground up to be fixed.
Apache has had problems but they are at a more reasonable level and most are in a module and not in Apache itself. Overall, it was designed well. My experience is that most opensource projects start off as poorly designed as their commercial counterparts. The difference being that all that poor design is exposed so that over time the programs get redesigned and evolve into solid code bases. Commercial software hides it's weaknesses and is consumed with the bottom line of making money - features and glitz over stability, flexibility, and security.
My experience is that most admins and programmers are clueless, lazy, and not nearly paranoid enough. Of course a lot of that is because of pressure put on them from management that doesn't want to invest the time in better solutions. I really hate hearing that doing it right takes to long and that it's good enough without decent security and a solid design. They'd rather worry about the problem, at much greater expense, only after it becomes a danger to them financially.
I think most of the points in the article can be used to point out why Windows is insecure starting with the big #1 of default permit. Default permit makes things easy for users because it doesn't require they know anything about what they are doing or to configure anything. The approach has the major downside though of making it equally easy to infect, hack, and otherwise mangle the system. Microsoft is really in a bind with this one ebcause even though they've figured out that this apprach is a really bad idea there isn't much they can do about it without damaging the percieved user-friendlyness of Windows and Microsoft software. THEY trained users to think this way and now they either have to just live with the way these users think or they have to take the risk of retraining users. Before Mac OS and Windows most users expected to need to know things to run the computer and they simply just did it. Now that is largely no longer true even of the same users.
Enumerating badness.. virus scanners and default permit firewalls.. these damn things are the bane of Windows. Instead of blocking unknowns or at least asking for permission Windows and Windows apps tend to rely on blacklists to tell them what is unsafe. With thousands of apps being released daily and probably thousands of hacks too that is a pretty tall order. IMO greylisting unknowns while blacklisting known threats is a good solution. That way the user can't easily screw up and allow through known threats and they're prompted before allowing possible threats through.
Penetrating and Patching is mostly only a problem in Windows because Microsoft and other companies release beta (or less) quality software as final releases and use paying customers to do the testing. Any program can have flaws and it is wise to test them and patch them. Sometimes those flaws are small errors in an otherwise good design and a patch will fix them. Other times those flaws are huge design errors that require whole features or even applications to be rewritten and then patching is useless. Either way it isn't a problem except when you've sold the broken useless crap to some unsuspecting consumer before doing the testing.
Hacking is cool. The guy is an idiot on this point. Knowing your enemy is a good lesson in security. So is knowing your own weaknesses. You learn those things by first copying your enemy and then by stepping ahead to guess what your enemy may do next. You're not a real engineer if you don't understand ways in which your creations can go wrong either by bad luck or by ill intent.
Educating users is a must. That doesn't mean you need to educate users on every single threat. It means that you don't dumb users down in the MacOS/Windows way and that you teach them basics of what is expected and unexpected behavior of their computer.
Inaction is cheaper than action but action can be a better defense so long as you're willing to keep changing as you find out more. Microsoft often takes the route of inaction which is cheaper. They wait to see what happens, again using customers as test subjects, and then buy or copy the strongest response. This has lead them to bad designs in general though. If they'd taken action they could have designed better software to begin with. They can afford to make early actions in defense of their customers so there is no excuse for them not to. On the other hand the customers may not have that kind of money so for them inactivity can be a better idea.. or would be if Microsoft was doing it's job.
Overall, Microsoft has again and again proved itself asleep at the wheel when it comes to security (and most other things). Fortunately they are starting to take action finally as they finally reached the point when customers were looking at better options. Smoke and mirrors works for a while (sometimes a long while) but eventually people get tired of always being victims. This is the situation Microsoft has put itself into and one that most other software venders are close to. With the industry maturing and customers becoming more savvy they'll finally have to start paying attention to these things. Five years ago customers thought I was weird for mentioning the security of the systems the were using. Now they ask about it. BIG DIFFERENCE.
Who has disk images for this? I have no idea where my original Window's discs are but would like to have a handy lil tool like this. Anyone have an image from the Flash Drive they produced this way?
A Flash Drive image for a dual-boot Linux/Windows system would be cool too!
I've long wondered why they don't add such touches to things like cell phones. If it slowly charged as carried around and had a photo-conductive skin that'd let it also slowly charge when left in the light then no more than I use my phone it'd probably always be charged. I carry it everywhere but only use it a few minutes a day.
Not that I need to charge my phone often. About once a week. Still it'd be nice to never have to charge it or for it to slowly recover if used til drained.
Probably be good for camera, MP3 player, GPS, etc but those things are gradually being merged into my phone anyway. (I think my phone is more powerful than my PC was 5 years ago.)
I never said POOR equaled STUPID. I came from a poor family but my parents were intelligent and I'm more intelligent than either of them. Being intelligent doesn't mean you give a damn about earning money.
Totally. Opensource isn't just fewer bugs. It's easier to find and fix bugs. The theory is just that eventually this process leads to fewer bugs because the bugs get found and fixed sooner rather than later.
I am attracted to female geeks. Smart, with a slightly off sense of humor, is sexy to me. Personality and intelligence is something a plastic surgeon can't supply.
Plastic girls aren't worth my time. Might as well have sex with a blow up doll.
Slashdot Mirror
An extra $100 is an extra few hours a developer can spend adding a feature or polishing the program. Most commonly used commercial apps could be developed for less than $500,000 of developer time and many smaller apps even for under $50,000. For a $200 (retail price) program it doesn't take many user's donating to earn back that cost. 50,000 users donating $10 each could pretty easily pay for a replacement to the $500+ PhotoShop suite.
That's long been my opinion on opensource. If everyone that uses the programs, or would if the program had x feature they need, would contribute a little sponsorship money (and a list of desired functionality) then these programs could more quickly adapt to their needs. It's investing upfront in technology so that you can save money later. We'd all be wise to do that.
:) If we each donated $10 to 10 projects a year opensource would grow much faster. :)
If you use an opensource program then please make an effort to contribute and get others to do likewise. $10/yr from each user would go a long way towards advancing most of these programs beyond their commercial rivals. What is that compared to the cost of buying the commercial rivals? $10 to Firefox, $10 to GIMP, $10 to OpenOffice, $10 to Gnome, $10 to XOrg, $10 to Linux, etc. Whichever programs you use. Of course these programmers should remember to distribute a portion to the programmers of libraries, command-line tools, etc that they make use of too.
Unfortunately most GUI apps are poorly designed such that the front-end and back-end code are tangled together. If programmers would create the back-end as a discrete entity GUI apps would be much more flexible and stable.
One thing I really hate is when you load a big file and the entire interface freezes while the file loads. Argh! ICQ always did that on my contact list. Horribly coded.
There is no reason why a well designed app shouldn't be portable to different UI's ranging from text based on up. Why not have a text-based version of GIMP or OpenOffice that lets you manipulate the files using command-line commands? Functionality should not be based on the UI.
I think that mgmt of companies that leave such holes gaping open should be charged equally as the hackers due to their neglect of security. It's one thing to get owned by an especially clever hacker that penetrates your well defended system but another if you get owned by some kid cus you have suck ass security. If you're neglect puts other people at risk then it should be as much a crime as taking advantage of that neglect.
;)
I did appreciate the Paris Hilton pics though.
I agree. I wouldn't like the search box at the top and I'd hate it to be a popup. I rarely look at it anyway. I just type and look at the results. I wish it was easier to suppress all popup dialogs. Everything should either open at the bottom of the page like the search box or as a new tab. I hate windows cluttering up my screen.
:)
Of course IMO Windows/Mac-style desktops full of windows and desktop icons are outdated and will eventually be phased out. Tabbed task-based desktops are better. Working on adding that ability to Gnome.
My UI change of choice was to replace my keyboard with a second mouse. That way I can just spell things out with the mouse in my left hand. Is that a bad interface decision too?
Something like that although I'd like it to support multiple players playing together. The GPS could record where you've been, present you challenges (riddles, simulated battles, etc) as desired, and you could take or scan items from a geocache to prove you'd been there are claimed some prize that'd let you do something new in the game.
I think it'd be fun but challenging. But then I just walked 10 miles home from work because I didn't want to wait for a ride or take a bus so for people like me the challenge is part of the fun. It'd be a good way to get geeks and gamers to exercise and socialize in real life too. Bring back some of the face to face value of RPG.
and my monkey!
That is something that I'd actually buy a DS for. ;)
I'd think head-to-head competition and shared playing would be a major selling point. Everyone wants to show off their pet.
It's a lot more innovative than your average lame ass 3D shooter game. That kind of lack of innovation is why I barely play anymore. So much effort is spent on the look of the games today that little is actually put into thinking of ways to make the games fun or interesting.
DDR and eye-cam type games are the only real innovation I've seen in a long time. At least the DS and games like this make an effort to innovate. Some innovations will work and some will flop but at least we'll get some new ideas out there. A touch screen virtual pet game is a great idea.
I'm teaching my dog to play with it's own virtual puppy. Unfortunately the touch screen doesn't respond well to slobber and being gripped in doggy teeth. Hrm. Time for a GB for dogs?
:)
Actually, I keep experimenting with GPS-aware games that require the player to move around in real life and interact with their real enviroment. (Yes, I know.. we call that real life.. but I keep score and create adventures real life lacks.) Might be perfect for dog owners. You could take your dog on a walk as part of the game or even make items that are difficult to retrieve unless you have a dog that can fetch them.
I always wanted real life adventures so to me active games that use a quest system to nudge the player into going hiking, climbing, to unusual parts of the city, etc is pretty cool. There is just something about actually going some place for real that games just don't offer but at the same time games offer a plot that real life usually doesn't offer. Combine the two to great effect.
I used to have a virtual dog I wrote on a MUD (text based pooch!). It was pretty good at being neurotic and interesting. It'd try to randomly interact with players and objects and learn from feedback (pet, give treat, spank, ignore, etc) how to behave. It got to be pretty smart as far as knowing what objects could be used in which areas and with which players. Now and then it'd be lost or just bored though and start doing random stuff to try to get a response. Pretty realistic other than being text-based. ;)
Any time you create interlinking learning, behavioral, and emotional models for bots it becomes interesting quickly. It's fun to watch them learn and develop personalities.
Like they said.. third world.
It isn't only a Windows problem but it is a Windows problem and it is a commercial software problem largely created by Microsoft. In many ways Microsoft created the software industry and the culture of creating software commercially and interfacing with users. Their bad habits have invested the entire industry.
Certainly there are many kinds of attacks and let there be no doubt that there will always be new attacks being invented. Expecting to avoid all of them, even before they've been invented, either by smart design or blacklisting is naive. Windows though encourages this behavior by having poor built-in security. IMO Unix/Linux-style security leaves much to be desired but it is just worlds stronger than that of Windows. Unix was around before Windows, and Microsoft had experience with it (Xenix) but they decided to throw out what they knew and just face the world with no security model in place. Foolish even in the days before everyone had Internet access.
Sendmail, and the whole fragmented fscked up concept of EMail as we know it, is a mess that also wasn't designed with security in mind and is a classic example of how patches can never fix a bad design. Email needs to be reinvented from the ground up to be fixed.
Apache has had problems but they are at a more reasonable level and most are in a module and not in Apache itself. Overall, it was designed well. My experience is that most opensource projects start off as poorly designed as their commercial counterparts. The difference being that all that poor design is exposed so that over time the programs get redesigned and evolve into solid code bases. Commercial software hides it's weaknesses and is consumed with the bottom line of making money - features and glitz over stability, flexibility, and security.
My experience is that most admins and programmers are clueless, lazy, and not nearly paranoid enough. Of course a lot of that is because of pressure put on them from management that doesn't want to invest the time in better solutions. I really hate hearing that doing it right takes to long and that it's good enough without decent security and a solid design. They'd rather worry about the problem, at much greater expense, only after it becomes a danger to them financially.
I think most of the points in the article can be used to point out why Windows is insecure starting with the big #1 of default permit. Default permit makes things easy for users because it doesn't require they know anything about what they are doing or to configure anything. The approach has the major downside though of making it equally easy to infect, hack, and otherwise mangle the system. Microsoft is really in a bind with this one ebcause even though they've figured out that this apprach is a really bad idea there isn't much they can do about it without damaging the percieved user-friendlyness of Windows and Microsoft software. THEY trained users to think this way and now they either have to just live with the way these users think or they have to take the risk of retraining users. Before Mac OS and Windows most users expected to need to know things to run the computer and they simply just did it. Now that is largely no longer true even of the same users.
Enumerating badness.. virus scanners and default permit firewalls.. these damn things are the bane of Windows. Instead of blocking unknowns or at least asking for permission Windows and Windows apps tend to rely on blacklists to tell them what is unsafe. With thousands of apps being released daily and probably thousands of hacks too that is a pretty tall order. IMO greylisting unknowns while blacklisting known threats is a good solution. That way the user can't easily screw up and allow through known threats and they're prompted before allowing possible threats through.
Penetrating and Patching is mostly only a problem in Windows because Microsoft and other companies release beta (or less) quality software as final releases and use paying customers to do the testing. Any program can have flaws and it is wise to test them and patch them. Sometimes those flaws are small errors in an otherwise good design and a patch will fix them. Other times those flaws are huge design errors that require whole features or even applications to be rewritten and then patching is useless. Either way it isn't a problem except when you've sold the broken useless crap to some unsuspecting consumer before doing the testing.
Hacking is cool. The guy is an idiot on this point. Knowing your enemy is a good lesson in security. So is knowing your own weaknesses. You learn those things by first copying your enemy and then by stepping ahead to guess what your enemy may do next. You're not a real engineer if you don't understand ways in which your creations can go wrong either by bad luck or by ill intent.
Educating users is a must. That doesn't mean you need to educate users on every single threat. It means that you don't dumb users down in the MacOS/Windows way and that you teach them basics of what is expected and unexpected behavior of their computer.
Inaction is cheaper than action but action can be a better defense so long as you're willing to keep changing as you find out more. Microsoft often takes the route of inaction which is cheaper. They wait to see what happens, again using customers as test subjects, and then buy or copy the strongest response. This has lead them to bad designs in general though. If they'd taken action they could have designed better software to begin with. They can afford to make early actions in defense of their customers so there is no excuse for them not to. On the other hand the customers may not have that kind of money so for them inactivity can be a better idea.. or would be if Microsoft was doing it's job.
Overall, Microsoft has again and again proved itself asleep at the wheel when it comes to security (and most other things). Fortunately they are starting to take action finally as they finally reached the point when customers were looking at better options. Smoke and mirrors works for a while (sometimes a long while) but eventually people get tired of always being victims. This is the situation Microsoft has put itself into and one that most other software venders are close to. With the industry maturing and customers becoming more savvy they'll finally have to start paying attention to these things. Five years ago customers thought I was weird for mentioning the security of the systems the were using. Now they ask about it. BIG DIFFERENCE.
Who has disk images for this? I have no idea where my original Window's discs are but would like to have a handy lil tool like this. Anyone have an image from the Flash Drive they produced this way?
A Flash Drive image for a dual-boot Linux/Windows system would be cool too!
I have both a HP and a Brother All-in-One and both work well (and have Linux support).
I've long wondered why they don't add such touches to things like cell phones. If it slowly charged as carried around and had a photo-conductive skin that'd let it also slowly charge when left in the light then no more than I use my phone it'd probably always be charged. I carry it everywhere but only use it a few minutes a day.
Not that I need to charge my phone often. About once a week. Still it'd be nice to never have to charge it or for it to slowly recover if used til drained.
Probably be good for camera, MP3 player, GPS, etc but those things are gradually being merged into my phone anyway. (I think my phone is more powerful than my PC was 5 years ago.)
So PalmOS is doomed to suck as much as their NetFront browser?
I like porn of freaky geeky girls. Yummy. Glasses, odd colored hair, and maybe some tats and piercings. Girls into anime and Linux. :)
I never said POOR equaled STUPID. I came from a poor family but my parents were intelligent and I'm more intelligent than either of them. Being intelligent doesn't mean you give a damn about earning money.
Totally. Opensource isn't just fewer bugs. It's easier to find and fix bugs. The theory is just that eventually this process leads to fewer bugs because the bugs get found and fixed sooner rather than later.
I am attracted to female geeks. Smart, with a slightly off sense of humor, is sexy to me. Personality and intelligence is something a plastic surgeon can't supply.
Plastic girls aren't worth my time. Might as well have sex with a blow up doll.
You have to do it before you're likely to even get an offer. Waiting until someone offers the exchange rarely works. Darn picky women!