gee, that makes me feel so much better. Sounds like MS saying that there's no danger until they release a patch (mix a little truth in to make the main fallacy less obvious).
The difference is in the track record. I have no reason to doubt the security of FireFox (Mozilla). Microsoft on the other hand has quite a different reputation.
the point here would be whether one can bypass the normal install procedure to put a malicious... something (extensions come to mind) in the appropriate mozilla folder. Not proven yet does not mean not possible in general.
That's true. It is impossible for me to say that Mozilla is secure. However I can say that while there are several known and actively exploited holes in IE, there are no known or actively exploited holes in Mozilla.
I'm not making any predictions as to the future, I am refering to the state of things today.
Although if you want to try to predict the future a good first step is to look at the patterns that have emerged in the past. Given that, I think I can safely predict that there are plenty of undiscovered security holes in Microsoft IE. I have no real basis to expect this with Mozilla.
Nope, please actually follow this stuff if you are going to try to comment on it. The WHOLE issue here is that there are holes in IE that allow these trojens to be "silently installed"
No prompting of the user, no asking for permission, nada. The default settings of IE are grossly insecure and allow trojans to be installed without the user's knowledge.
There is no record of any such vulnerability in Firefox, it simply does not work that way.
At first it was.exe worms in email, then it was network-layer exploits, and then it was spyware, and now in the past week it seems that IE is totally unsafe for any purpose whatsoever.
What's amazing me is why Microsoft isn't *running* to provide patches, for at least XP and 2K, to mitigate this.
Microsoft has no real incentive to fix these problems. Despite outcry in the security and geek community the rest of the world just accepts these things as "part of using a computer" Microsoft's bottom line is not hurting because IE is not (and has never been) secure by any defination of the word, so why waste money fixing it? Everyone uses it anyway.
I'm willing to bet they spend significantly more money on FUD and funding think tank reports that claim Microsoft software is more secure than anything else than actually securing their software. And why not, the former works out better for them.
Still, speaking at a press conference here Monday, Gates told journalists that Microsoft's patching process compares well with competitors'. "You know, the time -- the average time -- to fix on an operating system other than Windows is typically ninety to a hundred days," said Gates.
(1) what planet is he living on?
(2) Isn't that an awfully narrow range? Nothing like being specific with the bull you spew.
Is it just me or has Gates becoming more and more "out there" lately? Is he even following the computer industry anymore?
You are right, I was thinking of Outlook (which is required to use Exchange, at least as Exchange was intended, I know it can do pop and webmail also). So yeah the server itself doesn't have bugs and security holes, but it forces the user to deal with arguably the worst email client in history.
(1) I'm willing to bet their user base is significantly less active than the students and faculty of a major research institution.
(2) Holy CRAP that is still a buttload of hardware. Especially compared to what it would take to do the same thing with open source solutions. I don't know anyone (even the most ardent MS advocate) who doesn't admit that Exchange is a massive bloated pig of a server.
Outlook keeps an RPC connection with the Exchange Server, which allows for instant new mail notification rather than polling every X minutes as with IMAP.
Yeah, I know all Microsoft's RPC protocol. It is the Open Group's DCE RCP, sans the security. They basically "embraced" it, and made it wire compatible, but for reasons I still do not understand pulled out the part that made it a secure, authenticated RPC (which was what made DCE RPC unique to begin with).
Frankly I think integration with Blackberries has been one of the primary selling point of Exchange lately, at least with the larger organizations I work with.
If you compare your sendmail/postfix/whatever server "equally" to Exchange you don't know what you are talking about.
Precisely why I specifically said "the email portion of Exchange". Go back and actually read it this time, I'll wait....
There are certainly other (and better) calendar, task, distributed filesystems, etc. However as you mention, they are not all in the same client. I suppose for some people it is worth the price in vendor lock in, buggy software, and security issues to have everything bundled like that. For many however it is not.
IMAP makes a nice replacement for the mail portion of exchange. Plus as an added bonus it scales nicely. Last I heard MS ran some 200-400 exchange servers for their company which is insignificant compared to the university I work at with 130,000+ users and 4-5 million emails a day. We tend to laugh at them when they try to tell us Exchange would be the way to go without actually realizing out infrastructure is larger than anything they know how to support effectivly.
Coda is NOT the sccessor to AFS, DFS (of Transarc fame) was, and it was really really good. Probably the best distributed filesystem out there. Unfortunatly setting up DCE (the environment that DFS ran in) was complicated and only really large institutions used it. Since it was not profitable IBM (the last major vendor supporting it) has discontinued it. And hampered the Open Group's attempts to open source it I might add.:(
But an F/OSS hacker has taken a company's proprietary work and made it available for free, even giving it a similar name.
Why is this a good thing?
Have they taken (ie stolen) the company's work? Or did they simply re-implement a commercial product's functionality from scratch? In the latter case I don't believe there is anything wrong with that (and seemingly neither do you, since you seem to be in support of Linux). In fact I consider that to be a very good thing. Complaining about that is like complaining that couples getting married and having sex out of love is hurting prostitution.
I play probably as much if not more PS1 games on my PS2. Why? They are cheaper, and they do not get any less fun because some new game comes out with less gameplay and more realistic cinematic scenes.
Seriously, There are only a couple of PS2 games I really like (GTA3, FFX, GT3, Splinter Cell, Metal Gear Solid 2, and oddly enough, Rygar). There are hundreds of good PS1 games out there, and you don't have to drop $50 to get them.
I think I can safely say I wouldn't have bought the PS2 if it did not play PS1 games (the DVD player was also a factor, since I dod not want to have to buy another DVD player for my room.
This architecture, it seems to me, will imply encryption throughout -- somehow, people are more concerned by the idea of their data passing through other individuals' devices (what if they look at it?!) than they are sending the data through the hands of a few mega-corporations. I would say this is a good thing...
I agree this is a good thing, but I want to point out that I really don't care if most of my stuff is encrypted. The stuff I do care about is pretty much all encrypted anyway. Someone wants to watch the bits while I pull up slashdot, or download a new kernel, they are welcome to it. I am REALLY concerned about the integrity of pretty much all my data though. So those packets better be signed in someway so I know there was no tampering.
well if you are going to call him out on the fact that "The jury is still out" in regards to their IP claims, then I'll call you out on the stock scams.
Fair enough.
I would submit though that there seem to be more people "in the know" questioning their stock ploys (Motley Fool, other market/industry publications. I'll dig up links if you really want me to) than seriously entertaining the idea that they might have a legit IP claim. Their actions simply do not indicate a company that has a strong case. Nor do the actions of their insiders inspire a large amount of confidence in the future of their company.
Linux is not their primary source of income, fucking teabagger.
I never claimed that it was their primary source of income, how silly of you to think I had. You must be awfully embarrassed.
What I DID mention was that they were making money off of it. Obviously Linux is a helping many companies either directly or indirectly and those companies are helping by supporting it (like IBM with a ton of money and hiring) or just by feeding back code to the community.
So why does everyone get their panties in a knot when they shout out "there hasn't been any successful company selling only linux!". Who said their had to be? What makes you think Linux can only succeed if someone can make money selling it?
It's open source people, the same market rules that apply to commercial software do NOT apply to it. Why is this so hard for people to understand. Right now many open source programmers are making a good living AND contributing to open source projects (either as part of their job or on the side). Sure not all of them are but then not every crappy commercial VB coder has income right now either. Linux and Cox don't seem to be in any immediate danger of starving, The Linux Kernel seems to be progressing nicely and commercial and non commercial distros alike are enjoying success. So where is the problem?
This might just be troll feeding, but what the heck.
The truth is that the/. community has maligned this legitimate, above the boards company just for trying to get restitution for code that they really did buy.
(1) I believe the jury is still out on their claims. I don't know what inside information you might have but nearly everyone covering this case (not just/.) seems to think SCO has nothing.
(2) Above the boards? With all the dirty legal tricks, stalling, and blatantly obvious stock scams they have been pulling I don't know if "above the boards" accurately describes them.
So they don't want to give their hard earned IP away.
So was it hard earned or did they buy it? (or, like nearly every other pundit, IP lawyer, company, etc believes, do they not actually have a claim on what they are suing over)
Sorry, but stuff that IBM developed INDEPENDENTLY of SCO is not SCO's hard earned property, and it looks very obviously like the case is going to be decided that way.
Look at the companies that have tried to make profit off linix.
Yeah, IBM is really hurting. So is Cisco/Linksys. Not to mention all the companies who use Linux to solve a problem. So what if it is hard to sell, nobody owns it, nobody has to sell it. And I don't know where you get that Redhat is floundering, they seem to be doing just fine. Operating Systems are becoming a commodity. Where it is written that a company has to be selling Linux for it to be successful? It seemed to grow just fine on it's own without corporate backing. Granted corporate backing has helped it quite a bit lately, but it is not like it was in danger of dying without it.
Sorry, but I'm not taking the results of someone who looks like they learned everything they know about c++ from reading the comics in "C++ for Dummies" very seriously. Get a real c++ coder in there who doesn't do stupid, wasteful things with pointers and then maybe there can be a decent comparison.
In other news, I can write a program in assembly that performs much worse than VBScript if I put my mind to it and make a bunch of stupid assembler mistakes.
Lucky for you, there's now spyware being packaged for Firebird. That means you get to do the same 'lockdown' shit you thought you were avoiding with IE.
On a slightly related note, x3270 rules. I have not found another 3270 client that handles [] brackets correctly. I CANNOT be the only one doing C developement on z/OS
Finkployd
Re:Problem: Newspapers need to discover the hyperl
on
Meet Joe Blog
·
· Score: 2, Insightful
That was the most insightful comment I have read so far. There was always something that bugged me about foxnews.com cnn.com bbc.co.uk, etc, but I could never put my finger on it. They don't link to any documents or sources. I guess they are more interested in keeping people on their site for the page hits than actually providing the news. Given that, why trust them over bloggers? Bloggers' motives might be pure (we may not know, but we DO know that corporate media's motives are not)
Slashdot Mirror
gee, that makes me feel so much better. Sounds like MS saying that there's no danger until they release a patch (mix a little truth in to make the main fallacy less obvious).
... something (extensions come to mind) in the appropriate mozilla folder. Not proven yet does not mean not possible in general.
The difference is in the track record. I have no reason to doubt the security of FireFox (Mozilla). Microsoft on the other hand has quite a different reputation.
the point here would be whether one can bypass the normal install procedure to put a malicious
That's true. It is impossible for me to say that Mozilla is secure. However I can say that while there are several known and actively exploited holes in IE, there are no known or actively exploited holes in Mozilla.
I'm not making any predictions as to the future, I am refering to the state of things today.
Although if you want to try to predict the future a good first step is to look at the patterns that have emerged in the past. Given that, I think I can safely predict that there are plenty of undiscovered security holes in Microsoft IE. I have no real basis to expect this with Mozilla.
Finkployd
And I assume you worked for a company that did all this for free like our government is expected to?
If only they thought to impose taxes so they wouldn't feel like they were serving ungrateful masses for free...
If the government is storing this data on computers that are unable to retrieve it, why bother storing it anyway?
Finkployd
Nope, please actually follow this stuff if you are going to try to comment on it. The WHOLE issue here is that there are holes in IE that allow these trojens to be "silently installed"
No prompting of the user, no asking for permission, nada. The default settings of IE are grossly insecure and allow trojans to be installed without the user's knowledge.
There is no record of any such vulnerability in Firefox, it simply does not work that way.
Finkployd
At first it was .exe worms in email, then it was network-layer exploits, and then it was spyware, and now in the past week it seems that IE is totally unsafe for any purpose whatsoever.
What's amazing me is why Microsoft isn't *running* to provide patches, for at least XP and 2K, to mitigate this.
Microsoft has no real incentive to fix these problems. Despite outcry in the security and geek community the rest of the world just accepts these things as "part of using a computer" Microsoft's bottom line is not hurting because IE is not (and has never been) secure by any defination of the word, so why waste money fixing it? Everyone uses it anyway.
I'm willing to bet they spend significantly more money on FUD and funding think tank reports that claim Microsoft software is more secure than anything else than actually securing their software. And why not, the former works out better for them.
Finkployd
Still, speaking at a press conference here Monday, Gates told journalists that Microsoft's patching process compares well with competitors'. "You know, the time -- the average time -- to fix on an operating system other than Windows is typically ninety to a hundred days," said Gates.
(1) what planet is he living on?
(2) Isn't that an awfully narrow range? Nothing like being specific with the bull you spew.
Is it just me or has Gates becoming more and more "out there" lately? Is he even following the computer industry anymore?
Finkployd
You are right, I was thinking of Outlook (which is required to use Exchange, at least as Exchange was intended, I know it can do pop and webmail also). So yeah the server itself doesn't have bugs and security holes, but it forces the user to deal with arguably the worst email client in history.
Finkployd
(1) I'm willing to bet their user base is significantly less active than the students and faculty of a major research institution.
(2) Holy CRAP that is still a buttload of hardware. Especially compared to what it would take to do the same thing with open source solutions. I don't know anyone (even the most ardent MS advocate) who doesn't admit that Exchange is a massive bloated pig of a server.
Finkployd
Outlook keeps an RPC connection with the Exchange Server, which allows for instant new mail notification rather than polling every X minutes as with IMAP.
Yeah, I know all Microsoft's RPC protocol. It is the Open Group's DCE RCP, sans the security. They basically "embraced" it, and made it wire compatible, but for reasons I still do not understand pulled out the part that made it a secure, authenticated RPC (which was what made DCE RPC unique to begin with).
Frankly I think integration with Blackberries has been one of the primary selling point of Exchange lately, at least with the larger organizations I work with.
Finkployd
If you compare your sendmail/postfix/whatever server "equally" to Exchange you don't know what you are talking about.
...
Precisely why I specifically said "the email portion of Exchange". Go back and actually read it this time, I'll wait.
There are certainly other (and better) calendar, task, distributed filesystems, etc. However as you mention, they are not all in the same client. I suppose for some people it is worth the price in vendor lock in, buggy software, and security issues to have everything bundled like that. For many however it is not.
Finkployd
IMAP makes a nice replacement for the mail portion of exchange. Plus as an added bonus it scales nicely. Last I heard MS ran some 200-400 exchange servers for their company which is insignificant compared to the university I work at with 130,000+ users and 4-5 million emails a day. We tend to laugh at them when they try to tell us Exchange would be the way to go without actually realizing out infrastructure is larger than anything they know how to support effectivly.
Coda is NOT the sccessor to AFS, DFS (of Transarc fame) was, and it was really really good. Probably the best distributed filesystem out there. Unfortunatly setting up DCE (the environment that DFS ran in) was complicated and only really large institutions used it. Since it was not profitable IBM (the last major vendor supporting it) has discontinued it. And hampered the Open Group's attempts to open source it I might add. :(
Finkployd
But an F/OSS hacker has taken a company's proprietary work and made it available for free, even giving it a similar name.
Why is this a good thing?
Have they taken (ie stolen) the company's work? Or did they simply re-implement a commercial product's functionality from scratch? In the latter case I don't believe there is anything wrong with that (and seemingly neither do you, since you seem to be in support of Linux). In fact I consider that to be a very good thing. Complaining about that is like complaining that couples getting married and having sex out of love is hurting prostitution.
Finkployd
If I had a geekgirl..too bad I'm stuck with the average woman.
:)
I suspect that if she ever stumbles upon this comment you will not have her much longer
Finkployd
I play probably as much if not more PS1 games on my PS2. Why? They are cheaper, and they do not get any less fun because some new game comes out with less gameplay and more realistic cinematic scenes.
Seriously, There are only a couple of PS2 games I really like (GTA3, FFX, GT3, Splinter Cell, Metal Gear Solid 2, and oddly enough, Rygar). There are hundreds of good PS1 games out there, and you don't have to drop $50 to get them.
I think I can safely say I wouldn't have bought the PS2 if it did not play PS1 games (the DVD player was also a factor, since I dod not want to have to buy another DVD player for my room.
Finkployd
This architecture, it seems to me, will imply encryption throughout -- somehow, people are more concerned by the idea of their data passing through other individuals' devices (what if they look at it?!) than they are sending the data through the hands of a few mega-corporations. I would say this is a good thing...
I agree this is a good thing, but I want to point out that I really don't care if most of my stuff is encrypted. The stuff I do care about is pretty much all encrypted anyway. Someone wants to watch the bits while I pull up slashdot, or download a new kernel, they are welcome to it. I am REALLY concerned about the integrity of pretty much all my data though. So those packets better be signed in someway so I know there was no tampering.
Finkployd
Linux and Cox don't seem to be in any immediate danger of starving
s/Linux/Linus
Slashdot really needs some kind of preview function so this kind of thing doesn't keep happening to me.
well if you are going to call him out on the fact that "The jury is still out" in regards to their IP claims, then I'll call you out on the stock scams.
Fair enough.
I would submit though that there seem to be more people "in the know" questioning their stock ploys (Motley Fool, other market/industry publications. I'll dig up links if you really want me to) than seriously entertaining the idea that they might have a legit IP claim. Their actions simply do not indicate a company that has a strong case. Nor do the actions of their insiders inspire a large amount of confidence in the future of their company.
Finkployd
Linux is not their primary source of income, fucking teabagger.
I never claimed that it was their primary source of income, how silly of you to think I had. You must be awfully embarrassed.
What I DID mention was that they were making money off of it. Obviously Linux is a helping many companies either directly or indirectly and those companies are helping by supporting it (like IBM with a ton of money and hiring) or just by feeding back code to the community.
So why does everyone get their panties in a knot when they shout out "there hasn't been any successful company selling only linux!". Who said their had to be? What makes you think Linux can only succeed if someone can make money selling it?
It's open source people, the same market rules that apply to commercial software do NOT apply to it. Why is this so hard for people to understand. Right now many open source programmers are making a good living AND contributing to open source projects (either as part of their job or on the side). Sure not all of them are but then not every crappy commercial VB coder has income right now either. Linux and Cox don't seem to be in any immediate danger of starving, The Linux Kernel seems to be progressing nicely and commercial and non commercial distros alike are enjoying success. So where is the problem?
Finkployd
This might just be troll feeding, but what the heck.
/. community has maligned this legitimate, above the boards company just for trying to get restitution for code that they really did buy.
/.) seems to think SCO has nothing.
The truth is that the
(1) I believe the jury is still out on their claims. I don't know what inside information you might have but nearly everyone covering this case (not just
(2) Above the boards? With all the dirty legal tricks, stalling, and blatantly obvious stock scams they have been pulling I don't know if "above the boards" accurately describes them.
So they don't want to give their hard earned IP away.
So was it hard earned or did they buy it? (or, like nearly every other pundit, IP lawyer, company, etc believes, do they not actually have a claim on what they are suing over)
Sorry, but stuff that IBM developed INDEPENDENTLY of SCO is not SCO's hard earned property, and it looks very obviously like the case is going to be decided that way.
Look at the companies that have tried to make profit off linix.
Yeah, IBM is really hurting. So is Cisco/Linksys. Not to mention all the companies who use Linux to solve a problem. So what if it is hard to sell, nobody owns it, nobody has to sell it. And I don't know where you get that Redhat is floundering, they seem to be doing just fine. Operating Systems are becoming a commodity. Where it is written that a company has to be selling Linux for it to be successful? It seemed to grow just fine on it's own without corporate backing. Granted corporate backing has helped it quite a bit lately, but it is not like it was in danger of dying without it.
I'm not sure what that has to do with anything. A democrat signed the DMCA into law.
Bad laws that hurt consumers are certainly not the sole domain of either party, they are both bought and sold to their corporate masters.
Finkployd
Sorry, but I'm not taking the results of someone who looks like they learned everything they know about c++ from reading the comics in "C++ for Dummies" very seriously. Get a real c++ coder in there who doesn't do stupid, wasteful things with pointers and then maybe there can be a decent comparison.
In other news, I can write a program in assembly that performs much worse than VBScript if I put my mind to it and make a bunch of stupid assembler mistakes.
Finkployd
>>If you go to the main page [mozilla.org], you can see that 0.9 RC has been released.
>0.9 has NOT been released. Only the release candidate is available
If only RC stood for Release Candidate, the grandparent poster would have been right.
Speaking of, I could really go for a refreshing RC Cola right now.
Finkployd
Lucky for you, there's now spyware being packaged for Firebird. That means you get to do the same 'lockdown' shit you thought you were avoiding with IE.
Example?
On a slightly related note, x3270 rules. I have not found another 3270 client that handles [] brackets correctly. I CANNOT be the only one doing C developement on z/OS
Finkployd
That was the most insightful comment I have read so far. There was always something that bugged me about foxnews.com cnn.com bbc.co.uk, etc, but I could never put my finger on it. They don't link to any documents or sources. I guess they are more interested in keeping people on their site for the page hits than actually providing the news. Given that, why trust them over bloggers? Bloggers' motives might be pure (we may not know, but we DO know that corporate media's motives are not)
Finkployd