In the past 15 years, I've personally dealt with more rooted Linux boxes than rooted Windows servers. Sure, the Linux boxes are probably more exposed to teh internet, but to claim that if you run/deal with Linux you're never likely to experience malware is a bit of a reach.
Microsoft is already trying to kill win32 themselves. As far as MS going away in the age of the cloud, they already have their own cloud infrastructure (azure), sell a rapidly improving x64 hypervisor (hyper-V) and are pretty heavily entrenched in most companies with active directory.
Microsoft aren't going anywhere, even if we were to ditch all of our desktops for tablets and store everything in the cloud.
Your assumption is that there is no use case for document review and minor edits whilst in transit. Given the demand I am seeing for office on iPad in my company (we're piloting VMware View for this exact reason), I believe your assumption is incorrect.
No, you are not going to write a 500 page document on an iPad or other tablet). But you may very well be proof-reading whilst in transit to a meeting/conference/etc and discover an easily correctable error that you could fix.
Actually, he's right. I'm currently trying to run an iPad as a VDI client for view, and you know what? It sucks. Bluetooth keyboard support is abysmal (various key combinations including many used in passwords simply do not reliably get sent through the VDI client and into windows), mouse support is non-existent and performance on current generation iPad hardware is "meh" (I have a 4 and a mini on my desk right now for eval).
Apple / VMware need to pull their finger out to solve those problems (not sure where the issue is exactly), or microsoft will eat their lunch.
And I say that as a massive apple fan (check my post history). Right now, iPad for VDI just doesn't work well enough.
Should yes. But if your input validation code has an error (as this does), the safest thing you can do is terminate. The input validation failed. Yes, it should have caught this. No it didn't and rather than continue on, the only safe thing the app can do is terminate.
Of course it is better more return an error - if the programmer has put logic in to handle the situation. However this logic is mixing or broken and the only safe thing to do for the program at is point in the absence of such logic is to terminate. This is a bug, yes. However terminating at this point rather than continuing to attempt to process data that is an unexpected state it extremely dangerous as far as security goes. This is actually good programming practice. Bug happen. Terminating like this prevents them from being exploitable.
Your apache example is bogus. This is terminating because the program hit a state where data is invalid in a way that the code does not know how to handle. Apache could just throw an error. Yes this is a bug and the code SHOULD handle it. But it doesn't. So the only safe thing to do is terminate because "something is wrong" - we don't know what, and it could be catastrophic for all we know. Continuing to run is dangerous from this point...
If it it an assert thats the entire point. You can't trust the data in ram, you can't trust any file handles you have open, you can't trust anything. So no you should NOT be writing to disk in that situation. The only safe thing to do is terminate.
And this is where they're going to get their ass kicked by the app store on Apple TV. 125 bucks for an apple TV plus a couple of dollars for some really original games = Nintendo, Sony and Microsoft are going to get their lunch eaten. Yes, there's no doubt a market for the "hard core" gamer whatever that is, but there are far more gamers out there who just want to fire up the device and play for a half hour at a time.
So if I am only installing from a market, what's the advantage again? Other than me fact that the android market has had a heap more malware found on it?
More to the point, the latest douche-baggery is that when you install the latest java security updates, they actually go back into your browser and re-enable java in there so that you can verify that java works when it directs your browser to a "Test page" that requires java enabled in the browser to operate. Dick move, oracle.
Slashdot Mirror
And so you should be cursing oracle. If the software wasn't so hideously insecure, it wouldn't be on the blacklist.
I'd go so far as to suggest not believing ANYTHING you read about apple posted on slashdot until you have verified the facts yourself.
I think you're extremely misguided with regards to how xprotect works.
Also, they shit-canned opensolaris. So, on balance, they've gone backwards in free-ness with the software they acquired from Sun.
In the past 15 years, I've personally dealt with more rooted Linux boxes than rooted Windows servers. Sure, the Linux boxes are probably more exposed to teh internet, but to claim that if you run/deal with Linux you're never likely to experience malware is a bit of a reach.
Microsoft is already trying to kill win32 themselves. As far as MS going away in the age of the cloud, they already have their own cloud infrastructure (azure), sell a rapidly improving x64 hypervisor (hyper-V) and are pretty heavily entrenched in most companies with active directory.
Microsoft aren't going anywhere, even if we were to ditch all of our desktops for tablets and store everything in the cloud.
Except currently, google docs is a bit of a bad joke. Never mind the issues with storing your data in somebody else's cloud.
Your assumption is that there is no use case for document review and minor edits whilst in transit. Given the demand I am seeing for office on iPad in my company (we're piloting VMware View for this exact reason), I believe your assumption is incorrect.
No, you are not going to write a 500 page document on an iPad or other tablet). But you may very well be proof-reading whilst in transit to a meeting/conference/etc and discover an easily correctable error that you could fix.
Have you heard of the term "trojan horse"?
Actually, he's right. I'm currently trying to run an iPad as a VDI client for view, and you know what? It sucks. Bluetooth keyboard support is abysmal (various key combinations including many used in passwords simply do not reliably get sent through the VDI client and into windows), mouse support is non-existent and performance on current generation iPad hardware is "meh" (I have a 4 and a mini on my desk right now for eval).
Apple / VMware need to pull their finger out to solve those problems (not sure where the issue is exactly), or microsoft will eat their lunch.
And I say that as a massive apple fan (check my post history). Right now, iPad for VDI just doesn't work well enough.
Looks like it's from 1995.
In slashdot groupthink, yes.
Complain to oracle...
Is to be commended. Unless, of course you are apple.
Should yes. But if your input validation code has an error (as this does), the safest thing you can do is terminate. The input validation failed. Yes, it should have caught this. No it didn't and rather than continue on, the only safe thing the app can do is terminate.
Crashing/teminating before you are exploited is acceptable, nay - preferable. Fucking amateur.
Gah. Autocorrect. Typing on a tablet with 3G because power is out :-/
Of course it is better more return an error - if the programmer has put logic in to handle the situation. However this logic is mixing or broken and the only safe thing to do for the program at is point in the absence of such logic is to terminate. This is a bug, yes. However terminating at this point rather than continuing to attempt to process data that is an unexpected state it extremely dangerous as far as security goes. This is actually good programming practice. Bug happen. Terminating like this prevents them from being exploitable.
Your apache example is bogus. This is terminating because the program hit a state where data is invalid in a way that the code does not know how to handle. Apache could just throw an error. Yes this is a bug and the code SHOULD handle it. But it doesn't. So the only safe thing to do is terminate because "something is wrong" - we don't know what, and it could be catastrophic for all we know. Continuing to run is dangerous from this point...
If it it an assert thats the entire point. You can't trust the data in ram, you can't trust any file handles you have open, you can't trust anything. So no you should NOT be writing to disk in that situation. The only safe thing to do is terminate.
And this is where they're going to get their ass kicked by the app store on Apple TV. 125 bucks for an apple TV plus a couple of dollars for some really original games = Nintendo, Sony and Microsoft are going to get their lunch eaten. Yes, there's no doubt a market for the "hard core" gamer whatever that is, but there are far more gamers out there who just want to fire up the device and play for a half hour at a time.
Why not stick 16 or 32 GB in it, if you use 8GB dimms it is cheap. Will be even cheaper by the time the thing is released.
So if I am only installing from a market, what's the advantage again? Other than me fact that the android market has had a heap more malware found on it?
Yeah I suspect he is. Steve jobs ran over his dog or something it would appear.
More to the point, the latest douche-baggery is that when you install the latest java security updates, they actually go back into your browser and re-enable java in there so that you can verify that java works when it directs your browser to a "Test page" that requires java enabled in the browser to operate. Dick move, oracle.