Yeah, C is still too hard for everyone except maybe 5 people in the world? Just a single scerw up and "attacker can execute arbitrary code of his/her choice". If you write in a safe language if you screw up bad things still happen, but it takes extra effort to do the "arbitrary code thing" ( e.g. SQL injection is harder in a safe language with safe libs - since the easy method is a safe method: use prepared statements and bound variables).
What has amazed me is the x86 only has one stack that's used by many popular programming languages for both addresses AND data. It is bad "hygiene" to have data pushed onto the same stacks as addresses. They should be kept separate. Sure there'll still be heap overflow problems and problems when you intentionally copy data from the data stack into the address stack, but the data got clobbered.
The performance may not be that bad because the CPU will know that addresses are always in the address stack - it's never random data - so that may help lookahead and branch predictions.
If that can be done then CPU manufacturers could also look into hardware support for a "taint mode" (like in perl). So if you try to copy data from a tainted area and use it in critical areas without untainting, stuff stops working instead of being "exploited".
They are NOT at parity at all. You're getting it the other way round.
The C2Ds are definitely a lot faster, since the top X2 is still only as fast as a mid range C2D.
BECAUSE of that, AMD has little choice but to slash prices, just to become equivalent in price/performance.
Keep in mind: AMD's top chips are likely _cost_ much more to produce than Intel's mid range chips.
The CPU/Mem industry is a bad industry to be in - producing capital intensive commodities. In contrast in other markets if you're Number 2 (e.g. "Pepsi") you don't end up losing hundreds of millions unless you do something extremely wrong (poison your customers).
AMD is in big trouble, but they didn't really do anything wrong. Maybe they made a few suboptimal decisions, but in other industries they'd be making lots of money. The product is decent: reliable, cheap for what it does, and would be considered "top of the line" 2 years ago.
Y'know, I wish I could get a good chair for the same price as an AMD CPU or even a 7200 RPM HDD. The furniture market is so uncompetitive in comparison:).
"Native quad-core is better than dual-dual-core because more cores can exchange cache snoop data..."
That's not really important at all. As long as something works better in practice, that's the one I'd buy/recommend.
And from what I see, the Core 2 Duos are a LOT faster than the AMDs and in most cases the better choice.
2 years ago I'd recommend AMDs over Intel's P4/Netburst crap. But now the Core 2's are stomping all over AMD, and with the recent Intel price cuts, AMD is in for a very bad time unless Barcelona is more than 90-100% faster per core than current X2s. AMD's top of the line is only competitive with Intel's mid range. So AMD has to slash prices of their expensive "rarer" stuff. It actually looks like Intel has spare head room and they're just waiting for AMD to release Barcelona before they respond.
You auction "La Tamponade du Mystere" to the highest bidding vampire?
They should be able to afford high prices. Compound interest while in torpor for centuries should add up to quite a lot. But of course maybe a few of them forgot that banks tend to treat dead account holders differently and didn't make the necessary "arrangements".
Well babies are small and nowadays they often are strapped in a "baby seat" which gives them extra protection. So sure while they're more likely to bend than break, they are also less likely to have to.
The odds of an adult getting crushed/pierced "beyond repair" is higher than a baby in a decent seat.
They're expecting the programmers who came up with Firefox/Mozilla to write something lightweight? Haha.
I've been modded troll for saying the following, but I'm going to say it again because it's true:
At my office, I run suse. I also run windows xp on vmware on the same box. And you know what? Firefox too often ends up using more RAM then the entire vmware virtual machine running IE+Windows XP! It uses even MORE if you count the amount it bloats up X by (fortunately once you kill firefox, X frees up the mem). I've no probs with XP desktop virtual machines that have 256-384MB of "RAM" (only had probs on a 128MB one when I had too many browser windows with "will it blend" videos at the same time).
One of my ex-colleagues recently grumbled that his Firefox 2 used up 1GB when he left it overnight. At that rate, I'm sure not going to "upgrade" to Firefox 2 anytime soon.
Trouble is, a year or so back I had probs with Opera sucking similar amounts of RAM too (maybe it was the flash plugin), so I gave up on it. Maybe I'm strange to regularly have 30+ (50? I don't really count) tabs/windows open[1], but I do that with IE all the time at home on Win2K and rarely have problems (my taskbar is doubleheight so I don't normally need to scroll my taskbar;) ).
Sure IE sucks, but sadly firefox isn't that much better.
[1] It's not that hard to end up with lots of open tabs: One browser window for all the intranet tabs. One for search and search results for a particular task (looking up bug). One for search results for a different topic/task (downloading RPMs etc). One browser window for news (and slashdot) 1-3 browser windows for reference (RFCs, different pages of online documentation etc).
I don't see why I should waste time closing and reopening stuff. And I don't see why it should use up that much RAM, when I've done similar stuff on IE on Windows and it's not a problem. In fact, I actually successfully do this on firefox and it's not a problem immediately, it only seems to become a problem after a _while_.
"Warning! It is imperative that the rules in this section be followed exactly. When two user agents use different heuristics for content type detection, security problems can occur."
That's like having a requirement: "WARNING! It is imperative that browsers be secure" and NOT really doing much to _help_.
That's EXACTLY why my proposal is good, it actually helps make it easier (even if the browser people don't realize it at first).
With something like my proposal, even if a browser heuristically interprets things a certain way and treats something as Javascript, but it was told by the "tag" that javascript is disabled, it takes a really huge oversight by the programmers to have the browser still treat the stuff as javascript.
Requiring browser programmers to _interpret_ the rules _correctly_ AND implement the _rules_ in materially the _same_ AND _correct_ way, is rather ambitious. Sure maybe it can be done eventually, but by that time they'd have to do the same for HTML12 or whatever they think of next.
Sure they are trying to improve security. But really add a "brake pedal" already, instead of _just_ requiring drivers: 1)Stick to the right lane 2)avoid hitting obstacles 3)Be warned of potential dangers.... etc etc
What we need are tags to help _ensure_ that potentially unsafe content is disabled. This will help prevent stuff like that myspace worm.
For example: <shieldson lock="randomstring" allowed="keyword,keyword,keyword"/> non explicitly allowed material disabled <shieldsoff lock="randomstring"/>
Possible keywords: textonly = just text basic = basic formatting <em> <b> <i> <strong> tables = tables urls= plain <a href=""> no javascript etc images= plain images, no javascript etc. java=java javascript=javascript.
There are other ways to do it, but I hope you get the idea.
Naive people say that this is unnecessary and it should be done in html escaping libraries.
BUT, the reason why this is useful is because:
1) browsers behave differently, your library may successfully escape stuff for one browser but nasty stuff might sneak through to another due to some bug. In contrast if a browser is told that "only plain text allowed", it's a lot harder to screw that up and start allowing other stuff. 2) This takes care of new fancy tags/features introduced by the Browser people. Say you start checking your webmail with your new fancy browser and accidentally click on some malware spam. Even if the webmail app does not know how to disable the new "active feature", the spammer's stuff between the tags should be rendered a lot safer.
I've tried to get the browser and W3C people interested, but they seem to prefer making more "Go" buttons (as per the article), and prefer to not even make a single effective "Stop" button.
Maybe someone should replace the brake and other pedals from their cars one day with accelerator pedals. And then tell them the HTML way to stop is to make sure none of the pedals are pressed.
Sure it should be punished. BUT jail is too harsh in most cases.
Politicians cause far more harm daily and get away with reelection. How many people have _died_ because of the lies/half-truths they spout? And Diebold practically "trashed" the elections IMO. Sure, maybe the results were legit, but they're now tainted because of Diebold and that makes the elections worth a lot less.
Best to work on fixing that properly first.
In my opinion in modern times, physical imprisonment should be _mainly_ for people who have proven themselves to be dangerous. e.g. From their actions would likely be dangerous to allow them in the same room with at least 1 in X people out there (pick your threshold of choice).
This guy? He should be banned from the internet for a while (or at least under probation). If he's caught violating the terms, then if there are currently no viable and practical means to prevent him from using the internet without imprisoning him for a while, then too bad, prison time for him.
Actually when I say sandbox templates I don't mean SELinux.
It's the difference between "the ability to set fine grained controls" (SELinux) vs "default controls for various classes of apps" (sandbox templates).
Uh, then why not use plain HTML stuff that works with practically all browsers?
Doesn't anyone know HTML anymore? Must simple stuff like links, forms all require javascript and flash?
AFAIK a decent webapp team (of even just one;) ) should be able to write a UI that configures a modem with just text, links, and html forms. I think most browsers can handle tables and deal with optional images (not image map).
I bet the interface could actually still look quite good.
After all it's configuring modems we're talking about, not launch the "Blend the frog" applet.
Yeah, and you might have to stick with your distribution's officially suported hardware.
That sounds a bit like Apple eh?
The windows way is where you have tons of different sorts of hardware with the corresponding crappy drivers/software that may or may not have security problems like these.
Linux will be somewhere in between, but as it gains in popularity, if the "desktop security" architecture isn't changed, these sort of things will happen on a more regular basis.
There's probably not much you can do with respect to drivers as they need system level access and it may be hard to predict what sort of access they need. BUT, for the other sort of 3rd party apps, I think it should be fairly easy to restrict the access they get to a few categories and thus have a manageable set of standard sandbox templates and standard installation APIs and procedures for running or installing random 3rd party apps reasonably safely.
For example: only certain types of apps need access to your microphone and network. And very few of those will require full read (or even write) access to your home directory, or even ~/Documents directory or ~/Maildir. At most they should only be sandboxed to ~/Programs/$Progname/ but able to be linked to the usual libs.
But I doubt a Linux distro could pull this off successfully.
Maybe Apple might be able to force developers to do that sort of thing. After all they've had great success over the years getting 3rd party devs to do things "The Apple Way".
Yep, the Mac fanboys don't understand that OSX and Windows XP are actually very similar in security.
As I've said before, it is _TRUE_ that Mac OSX is safer than Windows XP. But it is not true that Mac OSX has better security than Windows XP. It's like living in a house with no locked doors in a small and safe village vs living in an apartment in the ghetto in a dangerous city, even if you've got a metal grill in front of your door and planks over your windows, you're still not safer than the villager. Aunt May opens the door to let some "nice sales guy" in for a chat, and next thing she knows she's in trouble.
In OSX AFAIK there's no "user friendly" sandboxing of programs launched.
A modern Desktop OS should have easy to understand _standard_ sandbox templates that apps would request to be run under, and would be easier for users to get right.
Example #1: "Britney Screensaver" requests "Full System Install Privileges" (with nice ugly red backgrounds etc). Allow? Yes/No. Correct choice would be "No" of course.
Example #2: "Britney Screensaver" requests "Standard Screensaver Install privileges". (with the usual "safe" boring colours). Allow? "Yes" even if the screensaver was malware would be safe because done right there'd be nothing the screen saver app would be able to do extra - no eavesdropping using your microphone, no network comms, no reading of your documents. Only probable way out would be a bug in your video driver, or CPU.
But I guess I'm probably one of a very few who think this is a good idea. After all go look at Vista - they have so many billions to spend, so many smart people in their labs, but they chose to take a different approach with UAC.
Lastly given all the fun stuff built-in to OSX, the malware authors would have a field day if it ever became worthwhile to target OSX. Think of malware in perl or similar stuff for instance. Google for new code, run in eval "", repeat. You could churn out malware faster than people could come up with signatures that would have few false positives. That's why better sandboxing is needed.
InfoWorld? Is that an oxymoron or something? Can't remember the last time I bothered going there. OK, I just checked it out and yep it's confirmed I won't miss it at all. Maybe other people will be sorry if it vanishes but I won't.
Here's another tip to the other online media folk: you're redundant if most of your articles belong under a link "all 2078 news articles" on news.google.com. Or are just rehashed stuff from PR agencies or the likes of Reuters/AP.
If you vanish, there'll still be the other 2077 left. And if the 2077 aren't around to rehash the same old PR agency spin/announcements, I don't consider that a great loss.
Who'd I miss? I'd definitely miss theinquirer.net more than infoworld.com, sure they rehash stuff too but every now and then you do get an interesting industry scoop. I'd miss Dans Data, New Scientist, The Economist. And Anandtech and Tom's Hardware have some useful benchmarks from time to time. I'd also miss the usual journals like Nature.
I've seen explicit representations of the human body in scientific/medical articles and they're not considered porn.
;).
Maybe I'm not that open minded but it's pretty big stretch for me to think that goatse is porn
Yeah, C is still too hard for everyone except maybe 5 people in the world? Just a single scerw up and "attacker can execute arbitrary code of his/her choice". If you write in a safe language if you screw up bad things still happen, but it takes extra effort to do the "arbitrary code thing" ( e.g. SQL injection is harder in a safe language with safe libs - since the easy method is a safe method: use prepared statements and bound variables).
What has amazed me is the x86 only has one stack that's used by many popular programming languages for both addresses AND data. It is bad "hygiene" to have data pushed onto the same stacks as addresses. They should be kept separate. Sure there'll still be heap overflow problems and problems when you intentionally copy data from the data stack into the address stack, but the data got clobbered.
The performance may not be that bad because the CPU will know that addresses are always in the address stack - it's never random data - so that may help lookahead and branch predictions.
If that can be done then CPU manufacturers could also look into hardware support for a "taint mode" (like in perl). So if you try to copy data from a tainted area and use it in critical areas without untainting, stuff stops working instead of being "exploited".
Really? Where's the report from the UN weapons inspectors that the US is actually getting rid of the stuff? ;)
They are NOT at parity at all. You're getting it the other way round.
:).
The C2Ds are definitely a lot faster, since the top X2 is still only as fast as a mid range C2D.
BECAUSE of that, AMD has little choice but to slash prices, just to become equivalent in price/performance.
Keep in mind: AMD's top chips are likely _cost_ much more to produce than Intel's mid range chips.
The CPU/Mem industry is a bad industry to be in - producing capital intensive commodities. In contrast in other markets if you're Number 2 (e.g. "Pepsi") you don't end up losing hundreds of millions unless you do something extremely wrong (poison your customers).
AMD is in big trouble, but they didn't really do anything wrong. Maybe they made a few suboptimal decisions, but in other industries they'd be making lots of money. The product is decent: reliable, cheap for what it does, and would be considered "top of the line" 2 years ago.
Y'know, I wish I could get a good chair for the same price as an AMD CPU or even a 7200 RPM HDD. The furniture market is so uncompetitive in comparison
"Native quad-core is better than dual-dual-core because more cores can exchange cache snoop data..."
That's not really important at all. As long as something works better in practice, that's the one I'd buy/recommend.
And from what I see, the Core 2 Duos are a LOT faster than the AMDs and in most cases the better choice.
2 years ago I'd recommend AMDs over Intel's P4/Netburst crap. But now the Core 2's are stomping all over AMD, and with the recent Intel price cuts, AMD is in for a very bad time unless Barcelona is more than 90-100% faster per core than current X2s. AMD's top of the line is only competitive with Intel's mid range. So AMD has to slash prices of their expensive "rarer" stuff. It actually looks like Intel has spare head room and they're just waiting for AMD to release Barcelona before they respond.
Trainable? Nowadays you just need controllable:
5 01_020501_roborats.html
http://news.nationalgeographic.com/news/2002/05/0
Responds fairly predictably to pain/pleasure and various stimuli = controllable.
Nah, it's bitter almonds in cheek pouches.
I've seen porn and I've seen Goatse. Maybe it's just me, but I don't regard Goatse as porn.
You auction "La Tamponade du Mystere" to the highest bidding vampire?
They should be able to afford high prices. Compound interest while in torpor for centuries should add up to quite a lot. But of course maybe a few of them forgot that banks tend to treat dead account holders differently and didn't make the necessary "arrangements".
Well babies are small and nowadays they often are strapped in a "baby seat" which gives them extra protection. So sure while they're more likely to bend than break, they are also less likely to have to.
The odds of an adult getting crushed/pierced "beyond repair" is higher than a baby in a decent seat.
Don't the pilots get to date a lot of the hotties? ;).
A hospital "tent" in Iraq?
They're expecting the programmers who came up with Firefox/Mozilla to write something lightweight? Haha.
;) ).
I've been modded troll for saying the following, but I'm going to say it again because it's true:
At my office, I run suse. I also run windows xp on vmware on the same box. And you know what? Firefox too often ends up using more RAM then the entire vmware virtual machine running IE+Windows XP! It uses even MORE if you count the amount it bloats up X by (fortunately once you kill firefox, X frees up the mem). I've no probs with XP desktop virtual machines that have 256-384MB of "RAM" (only had probs on a 128MB one when I had too many browser windows with "will it blend" videos at the same time).
One of my ex-colleagues recently grumbled that his Firefox 2 used up 1GB when he left it overnight. At that rate, I'm sure not going to "upgrade" to Firefox 2 anytime soon.
Trouble is, a year or so back I had probs with Opera sucking similar amounts of RAM too (maybe it was the flash plugin), so I gave up on it. Maybe I'm strange to regularly have 30+ (50? I don't really count) tabs/windows open[1], but I do that with IE all the time at home on Win2K and rarely have problems (my taskbar is doubleheight so I don't normally need to scroll my taskbar
Sure IE sucks, but sadly firefox isn't that much better.
[1] It's not that hard to end up with lots of open tabs:
One browser window for all the intranet tabs.
One for search and search results for a particular task (looking up bug).
One for search results for a different topic/task (downloading RPMs etc).
One browser window for news (and slashdot)
1-3 browser windows for reference (RFCs, different pages of online documentation etc).
I don't see why I should waste time closing and reopening stuff. And I don't see why it should use up that much RAM, when I've done similar stuff on IE on Windows and it's not a problem. In fact, I actually successfully do this on firefox and it's not a problem immediately, it only seems to become a problem after a _while_.
Huh? This is an _ADDITIONAL_ countermeasure. The server is supposed to escape stuff as well.
Where'd I say this would make escaping unnecessary? I said "help ensure".
If you're familiar with security or defense you'd have heard of the term "defense in depth".
This is what it is.
If you see my post, I do accept that physical imprisonment may be the only way given _current_ practical limitations and constraints.
To me someone who writes _computer_ viruses is not physically dangerous, but if physical imprisonment is the only way to stop that person, then sure.
"Warning! It is imperative that the rules in this section be followed exactly. When two user agents use different heuristics for content type detection, security problems can occur."
... etc etc
That's like having a requirement: "WARNING! It is imperative that browsers be secure" and NOT really doing much to _help_.
That's EXACTLY why my proposal is good, it actually helps make it easier (even if the browser people don't realize it at first).
With something like my proposal, even if a browser heuristically interprets things a certain way and treats something as Javascript, but it was told by the "tag" that javascript is disabled, it takes a really huge oversight by the programmers to have the browser still treat the stuff as javascript.
Requiring browser programmers to _interpret_ the rules _correctly_ AND implement the _rules_ in materially the _same_ AND _correct_ way, is rather ambitious. Sure maybe it can be done eventually, but by that time they'd have to do the same for HTML12 or whatever they think of next.
Sure they are trying to improve security. But really add a "brake pedal" already, instead of _just_ requiring drivers:
1)Stick to the right lane
2)avoid hitting obstacles
3)Be warned of potential dangers.
Still no brake pedal (tag) the last I checked.
Fun fun fun, that's all you guys care about.
How about some security for a change?
What we need are tags to help _ensure_ that potentially unsafe content is disabled. This will help prevent stuff like that myspace worm.
For example:
<shieldson lock="randomstring" allowed="keyword,keyword,keyword"
non explicitly allowed material disabled
<shieldsoff lock="randomstring"/>
Possible keywords:
textonly = just text
basic = basic formatting <em> <b> <i> <strong>
tables = tables
urls= plain <a href=""> no javascript etc
images= plain images, no javascript etc.
java=java
javascript=javascript.
There are other ways to do it, but I hope you get the idea.
Naive people say that this is unnecessary and it should be done in html escaping libraries.
BUT, the reason why this is useful is because:
1) browsers behave differently, your library may successfully escape stuff for one browser but nasty stuff might sneak through to another due to some bug. In contrast if a browser is told that "only plain text allowed", it's a lot harder to screw that up and start allowing other stuff.
2) This takes care of new fancy tags/features introduced by the Browser people. Say you start checking your webmail with your new fancy browser and accidentally click on some malware spam. Even if the webmail app does not know how to disable the new "active feature", the spammer's stuff between the tags should be rendered a lot safer.
I've tried to get the browser and W3C people interested, but they seem to prefer making more "Go" buttons (as per the article), and prefer to not even make a single effective "Stop" button.
Maybe someone should replace the brake and other pedals from their cars one day with accelerator pedals. And then tell them the HTML way to stop is to make sure none of the pedals are pressed.
Sheesh.
</rant>
Sure it should be punished. BUT jail is too harsh in most cases.
Politicians cause far more harm daily and get away with reelection. How many people have _died_ because of the lies/half-truths they spout? And Diebold practically "trashed" the elections IMO. Sure, maybe the results were legit, but they're now tainted because of Diebold and that makes the elections worth a lot less.
Best to work on fixing that properly first.
In my opinion in modern times, physical imprisonment should be _mainly_ for people who have proven themselves to be dangerous. e.g. From their actions would likely be dangerous to allow them in the same room with at least 1 in X people out there (pick your threshold of choice).
This guy? He should be banned from the internet for a while (or at least under probation). If he's caught violating the terms, then if there are currently no viable and practical means to prevent him from using the internet without imprisoning him for a while, then too bad, prison time for him.
"But, why not go cubic with the ponds?"
Because it makes it harder for you to get enough light into all of them.
Actually when I say sandbox templates I don't mean SELinux.
8 97861
It's the difference between "the ability to set fine grained controls" (SELinux) vs "default controls for various classes of apps" (sandbox templates).
See more here: http://slashdot.org/comments.pl?sid=251671&cid=19
Uh, then why not use plain HTML stuff that works with practically all browsers?
;) ) should be able to write a UI that configures a modem with just text, links, and html forms. I think most browsers can handle tables and deal with optional images (not image map).
Doesn't anyone know HTML anymore? Must simple stuff like links, forms all require javascript and flash?
AFAIK a decent webapp team (of even just one
I bet the interface could actually still look quite good.
After all it's configuring modems we're talking about, not launch the "Blend the frog" applet.
Uh. Run Linux?
The more ambitious ones will want a beowulf cluster of robot maids.
Think about it: Robot maid clustering with high performance interconnects and NUMA[1]...
[1] Non Uniformed Maid Access?
Erm, shower time...
Yeah, and you might have to stick with your distribution's officially suported hardware.
That sounds a bit like Apple eh?
The windows way is where you have tons of different sorts of hardware with the corresponding crappy drivers/software that may or may not have security problems like these.
Linux will be somewhere in between, but as it gains in popularity, if the "desktop security" architecture isn't changed, these sort of things will happen on a more regular basis.
There's probably not much you can do with respect to drivers as they need system level access and it may be hard to predict what sort of access they need. BUT, for the other sort of 3rd party apps, I think it should be fairly easy to restrict the access they get to a few categories and thus have a manageable set of standard sandbox templates and standard installation APIs and procedures for running or installing random 3rd party apps reasonably safely.
For example: only certain types of apps need access to your microphone and network. And very few of those will require full read (or even write) access to your home directory, or even ~/Documents directory or ~/Maildir. At most they should only be sandboxed to ~/Programs/$Progname/ but able to be linked to the usual libs.
But I doubt a Linux distro could pull this off successfully.
Maybe Apple might be able to force developers to do that sort of thing. After all they've had great success over the years getting 3rd party devs to do things "The Apple Way".
Yep, the Mac fanboys don't understand that OSX and Windows XP are actually very similar in security.
As I've said before, it is _TRUE_ that Mac OSX is safer than Windows XP. But it is not true that Mac OSX has better security than Windows XP. It's like living in a house with no locked doors in a small and safe village vs living in an apartment in the ghetto in a dangerous city, even if you've got a metal grill in front of your door and planks over your windows, you're still not safer than the villager. Aunt May opens the door to let some "nice sales guy" in for a chat, and next thing she knows she's in trouble.
In OSX AFAIK there's no "user friendly" sandboxing of programs launched.
A modern Desktop OS should have easy to understand _standard_ sandbox templates that apps would request to be run under, and would be easier for users to get right.
Example #1:
"Britney Screensaver" requests "Full System Install Privileges" (with nice ugly red backgrounds etc). Allow? Yes/No. Correct choice would be "No" of course.
Example #2:
"Britney Screensaver" requests "Standard Screensaver Install privileges". (with the usual "safe" boring colours).
Allow? "Yes" even if the screensaver was malware would be safe because done right there'd be nothing the screen saver app would be able to do extra - no eavesdropping using your microphone, no network comms, no reading of your documents. Only probable way out would be a bug in your video driver, or CPU.
But I guess I'm probably one of a very few who think this is a good idea. After all go look at Vista - they have so many billions to spend, so many smart people in their labs, but they chose to take a different approach with UAC.
Lastly given all the fun stuff built-in to OSX, the malware authors would have a field day if it ever became worthwhile to target OSX. Think of malware in perl or similar stuff for instance. Google for new code, run in eval "", repeat. You could churn out malware faster than people could come up with signatures that would have few false positives. That's why better sandboxing is needed.
InfoWorld? Is that an oxymoron or something? Can't remember the last time I bothered going there. OK, I just checked it out and yep it's confirmed I won't miss it at all. Maybe other people will be sorry if it vanishes but I won't.
Here's another tip to the other online media folk: you're redundant if most of your articles belong under a link "all 2078 news articles" on news.google.com. Or are just rehashed stuff from PR agencies or the likes of Reuters/AP.
If you vanish, there'll still be the other 2077 left. And if the 2077 aren't around to rehash the same old PR agency spin/announcements, I don't consider that a great loss.
Who'd I miss? I'd definitely miss theinquirer.net more than infoworld.com, sure they rehash stuff too but every now and then you do get an interesting industry scoop. I'd miss Dans Data, New Scientist, The Economist. And Anandtech and Tom's Hardware have some useful benchmarks from time to time. I'd also miss the usual journals like Nature.