Except that the console environment is much more controlled than a PC, because Microsoft has entire control on the hardware that goes in.
It's then really easy for them to set up a room with all existing cases of hardware.
Plus if they upgrade everybody to the latest software, that makes them in theory a single platform to support.
While if they put the patched DLLs on the games, that makes them x versions of software to support, plus that makes the game company responsible for the possible crashes that might happen.
Last but not least, how do you do if a fix is found after a game is released? You return the game CD to get a new one, with the upgraded patched DLLs?
Sounds like a DLL hell too!
See this move like firmware upgrades. There are many businesses that manage to work with that, e.g. http://www.kiss-technologies.net, so I don't see why it should be different in a console world, especially if the consoles are connected to the network.
Most analogies are incorrect by the way; it's almost impossible to find perfect analogies. So please stop trying to make some.
You say that the car and hammer have not been designed to kill even if they can:
Everything can kill. A chair if you fall from, a bath, if you get drown in, a fork if you fall on it. Everything. Try to find a single object that cannot be used to kill somebody either by accident or will.
What matters here is the tradeoff deliberately taken by Microsoft between security and cost. So there was a design decision. And it was made for cost concerns.
An instead of Saying "Windows is insecure by design" I would say "Windows was not designed to be secure from the ground up". That's different. To say "insecure by design" seems to imply that they wanted it to be insecure.
What about if they just didn't realize the security risks?
Sometimes incompetence is just sufficient. It doesn't have to be a highly thought decision, just something they didn't want to explore/think of.
If SCO goes after user, what about the other way around? Is it possible for users to group themselves and go after SCO? If any slashdot user gives 1 $ on average, that's 600000 $. Isn't that sufficient to make a trial? Or better, to pay^^^lobby a bunch of senators to shut the mouth of this company?
"I'm not too sure Linux would be any more secure than Windows because in windows you can also run as just a User."
and in Linux not? Appart from Lindows, tell me which Linux distribution uses root as a default login for its users?
Wait for a distrib combining SEL from NSA (included in 2.6), chrooting most critical processes and of course not using root as a default login. Give that to a home user, and let's see how many will run into trouble...
OK I can link that page from many weblogs, e.g. just adding it as my signature.
But how do you define 'highly-rated sites' outside a search result context? Is it just the number of pages searched? Or the number of pages that end up high in the ranks for any kind of search?
it's up to us to influence these results. I guess if all slashdotters search for your query, and then click on the same 'real' Shakespeare reference, then the clicked reference will go up in the ranking. E.g. click on this result (once if recovers from the hard time it is having).
With the SCO suit, there's been a shift of attention : non open source companies assume legal risks for you, while open source software do not, thus explaining the difference in costs between the 2 types of offering.
See also heated thread regarding Hibernate on www.theserverside.com.
[OT] actually I find HIV rebutal pretty scary. In some African countries, some people don't believe in HIV neither, and their contamination rate is 25%. And don't tell they are dying from medecine. They don't have the money to buy it.
Pretty scarry signature... [/OT]
Re:I'm sure it will do wonders for..
on
Swiping Out Cancer
·
· Score: 2, Interesting
[OffTopic] You should read the latest Eric Schlosser book, "Refeer Madness: Sex Drugs and Cheap Labour". He mentions differences between Canada drug strategies and USA ones, at least regarding marijunana. [/OffTopic]
Killing the 'cross platform' capabilities, isn't that what defines anti-concurential decisions? Wasn't that what happened earlier this century in the US when car manufacturers bought off all tramway companies to put them in the dust?
I like it if Microsoft makes their products more secure. I will probably be forced to use them for the forthcoming years there and there. But sometimes the means are more important than the goal...
1.x.1 releases are not the norm, they hopefuly should not happen in 1.4. 1.2.1 and 1.3.1 were made to fix important bugs that were not found/fixed before the expected release dates. These extra releases drain resources from development on the main branch. Help out identifying the important bugs by using 1.4b and
you will NOT have a 1.4.1 (and a better 1.4).
1.(x+1) release cycle starts BEFORE 1.x release is done. E.g. 1.4 will be frozen, then branched. When branching occurs, the main tree will be opened again for 1.5a checkins.
It's not a question of negative effects on his work. It's a question of principles and idea association.
If the Mafia was to give money with "no Strings attached" to a specific charity organization (except for the benefit of getting publicity for their action), would that be a good thing or not? In our world you don't give 2 million $ for nothing. You get publicity back, and the persons who receive the check can or cannot agree with this publicity even if they take the check, That's the deal.
Theo doesn't like money coming from organizations linked to the war even though this funding doesn't require him anything special on his work side. He has the right to say so. And I am particularly happy he does.
If a company was to give 2 million $ without getting anything back, they would not shout it everywhere.
[I agree on the argument that at least "his portion of DARPA's budget goes to something worthwhile and unobjectionable"]
Keeping old releases around is indeed necessary. It is not always feasible to rebuild a specific version of mozilla, especially when it takes hours to do so. And you need to have old builds in order to find when a regression occured. That allows to narrow down a problem to some specific checkins, and that helps a lot! In fact there are some who archive ALL old nightly builds in order to help with this process.
Then you didn't search well! Search advisories with Oracle keyword, voila!
http://www.securityfocus.com/advisories/4990
From the advisory: The vulnerability in Oracle's mod_dav module (VU#849993) has been as assigned CVE ID CAN-2002-0842. Which would mean the vulnerability was known in August last year. Another proof: http://cve.mitre.org/cgi-bin/cvename.cgi?n ame=CAN- 2002-0842
So the vulnerability was known a little bit over 6 months. I think the guy was right.
If we were living in a normal society I would guess the person who cracked the site would be held responsible ?! Sean Connery said in Rising Sun something along the lines:
"in Occident we spend our time trying to find someone to hold responsible for the problem. In Japan, they find the cause of the problem and fix it."
Second I never said the guy had a scientific proof. I just said he claimed it. I never said anything else about the guy, such as him being Pythagoras or somebody else, so as to make you think he had a proof.
One day, a guy came along and said: "The Earth is not flat, it is [mostly] a spere!"
So 1) this guy had an unbelievable claim (not flat Earth) and 2) the extremely knowledgeable scientific community, who has much experience with flat Earth, heard his saying and called it b*llsh*t.
Interesting: the guy says that "our typical customer uses 20X less capacity than the recommended usage level". Means that an average guy uses around 1.5 Go a month.
In Norway, the major state controled telco (who had a monopoly until not so long ago...) is also one of the major broadband companies.
About 6 months ago, they decided to set up a limit for their connection. Not a 1Go/day but 1Go a month.
You have to pay about 12 more if you want to get a better deal. Check the prices.
I always wondered what the average broadband user was using. Knowing that in Scandinavia, Internet is pretty well established, I guess that the average user uses at least 1.5 Go a month. Thus many users are in fact obliged to pay more than the well advertised entry level offer.
Their interest in putting a limit is not to solve a technical problem and they do not target the one percent of the users who create this problem. They target 50% of their users, they want to charge them as much as possible. Knowing that the persons who want more bandwidth are going to go to their competitors.
I think I understand very well their strategy. Norwegians do not complain. It's not in their way of living. The competitors, it they don't downgrade their offer to similar terms, will have on average people who use more their connections. Thus they will face higher infrastructure costs and lower revenues.
On the other side, Telenor gets on average better revenues, and no need to upgrade their lines as fast as their customers.
In the long run, I have top admit I think they are doing the right thing for their business (and I hate to admit it).
Slashdot Mirror
Sorry, wrong link. The link was of course: http://www.kiss-technology.com/
Except that the console environment is much more controlled than a PC, because Microsoft has entire control on the hardware that goes in.
It's then really easy for them to set up a room with all existing cases of hardware.
Plus if they upgrade everybody to the latest software, that makes them in theory a single platform to support.
While if they put the patched DLLs on the games, that makes them x versions of software to support, plus that makes the game company responsible for the possible crashes that might happen.
Last but not least, how do you do if a fix is found after a game is released? You return the game CD to get a new one, with the upgraded patched DLLs?
Sounds like a DLL hell too!
See this move like firmware upgrades. There are many businesses that manage to work with that, e.g. http://www.kiss-technologies.net, so I don't see why it should be different in a console world, especially if the consoles are connected to the network.
the analogies are completely incorrect.
Most analogies are incorrect by the way; it's almost impossible to find perfect analogies. So please stop trying to make some.
You say that the car and hammer have not been designed to kill even if they can:
Everything can kill. A chair if you fall from, a bath, if you get drown in, a fork if you fall on it.
Everything. Try to find a single object that cannot be used to kill somebody either by accident or will.
What matters here is the tradeoff deliberately taken by Microsoft between security and cost. So there was a design decision. And it was made for cost concerns.
An instead of Saying "Windows is insecure by design" I would say "Windows was not designed to be secure from the ground up".
That's different. To say "insecure by design" seems to imply that they wanted it to be insecure.
What about if they just didn't realize the security risks?
Sometimes incompetence is just sufficient. It doesn't have to be a highly thought decision, just something they didn't want to explore/think of.
If SCO goes after user, what about the other way around?
Is it possible for users to group themselves and go after SCO?
If any slashdot user gives 1 $ on average, that's 600000 $. Isn't that sufficient to make a trial?
Or better, to pay^^^lobby a bunch of senators to shut the mouth of this company?
Warning: I have absolutely no law background.
"I'm not too sure Linux would be any more secure than Windows because in windows you can also run as just a User."
and in Linux not?
Appart from Lindows, tell me which Linux distribution uses root as a default login for its users?
Wait for a distrib combining SEL from NSA (included in 2.6), chrooting most critical processes and of course not using root as a default login. Give that to a home user, and let's see how many will run into trouble...
OK I can link that page from many weblogs, e.g. just adding it as my signature.
But how do you define 'highly-rated sites' outside a search result context? Is it just the number of pages searched? Or the number of pages that end up high in the ranks for any kind of search?
it's up to us to influence these results.
I guess if all slashdotters search for your query, and then click on the same 'real' Shakespeare reference, then the clicked reference will go up in the ranking.
E.g. click on this result (once if recovers from the hard time it is having).
With the SCO suit, there's been a shift of attention : non open source companies assume legal risks for you, while open source software do not, thus explaining the difference in costs between the 2 types of offering.
See also heated thread regarding Hibernate on www.theserverside.com.
a fascist oranization fighting against anarchist who don't want to pay for their music :)
[OT]
actually I find HIV rebutal pretty scary.
In some African countries, some people don't believe in HIV neither, and their contamination rate is 25%.
And don't tell they are dying from medecine. They don't have the money to buy it.
Pretty scarry signature...
[/OT]
[OffTopic]
You should read the latest Eric Schlosser book, "Refeer Madness: Sex Drugs and Cheap Labour". He mentions differences between Canada drug strategies and USA ones, at least regarding marijunana.
[/OffTopic]
Killing the 'cross platform' capabilities, isn't that what defines anti-concurential decisions?
Wasn't that what happened earlier this century in the US when car manufacturers bought off all tramway companies to put them in the dust?
I like it if Microsoft makes their products more secure. I will probably be forced to use them for the forthcoming years there and there. But sometimes the means are more important than the goal...
- 1.x.1 releases are not the norm, they hopefuly should not happen in 1.4. 1.2.1 and 1.3.1 were made to fix important bugs that were not found/fixed before the expected release dates. These extra releases drain resources from development on the main branch. Help out identifying the important bugs by using 1.4b and
you will NOT have a 1.4.1 (and a better 1.4).
- 1.(x+1) release cycle starts BEFORE 1.x release is done. E.g. 1.4 will be frozen, then branched. When branching occurs, the main tree will be opened again for 1.5a checkins.
See the roadmap.It's not a question of negative effects on his work. It's a question of principles and idea association.
If the Mafia was to give money with "no Strings attached" to a specific charity organization (except for the benefit of getting publicity for their action), would that be a good thing or not?
In our world you don't give 2 million $ for nothing. You get publicity back, and the persons who receive the check can or cannot agree with this publicity even if they take the check, That's the deal.
Theo doesn't like money coming from organizations linked to the war even though this funding doesn't require him anything special on his work side. He has the right to say so. And I am particularly happy he does.
If a company was to give 2 million $ without getting anything back, they would not shout it everywhere.
[I agree on the argument that at least "his portion of DARPA's budget goes to something worthwhile and unobjectionable"]
Keeping old releases around is indeed necessary.
It is not always feasible to rebuild a specific version of mozilla, especially when it takes hours to do so.
And you need to have old builds in order to find when a regression occured. That allows to narrow down a problem to some specific checkins, and that helps a lot!
In fact there are some who archive ALL old nightly builds in order to help with this process.
This 'foot soldier' who got paid 18 M£ just solved the international terrorist business plan:
1- be a terrorist
2- ?
3- cash in
So 2- was not
2- terrorize the world and risk to dye as a martyr
but
2- tip the CIA
Simple enought. He didn't even have to share the cash with his fellow.
Then you didn't search well! Search advisories with Oracle keyword, voila!
n ame=CAN- 2002-0842
http://www.securityfocus.com/advisories/4990
From the advisory: The vulnerability in Oracle's mod_dav module (VU#849993) has been as assigned CVE ID CAN-2002-0842.
Which would mean the vulnerability was known in August last year.
Another proof:
http://cve.mitre.org/cgi-bin/cvename.cgi?
So the vulnerability was known a little bit over 6 months. I think the guy was right.
Sean Connery said in Rising Sun something along the lines:
First I just intended to be funny.
Second I never said the guy had a scientific proof. I just said he claimed it. I never said anything else about the guy, such as him being Pythagoras or somebody else, so as to make you think he had a proof.
Don't interprete my writing with your knowledge.
And for your knowledge, the flat Earth is a myth.
And finally, what is a f*ckw*t?
One day, a guy came along and said: "The Earth is not flat, it is [mostly] a spere!"
So 1) this guy had an unbelievable claim (not flat Earth) and 2) the extremely knowledgeable scientific community, who has much experience with flat Earth, heard his saying and called it b*llsh*t.
[And they burnt him alive for good measure]
The Earth is flat. Move along.
or there are many many horny people that have not been satisfied by the first 249 links :)
Read "as fast as their competitors." instead of " as fast as their customers."
Interesting: the guy says that "our typical customer uses 20X less capacity than the recommended usage level".
Means that an average guy uses around 1.5 Go a month.
In Norway, the major state controled telco (who had a monopoly until not so long ago...) is also one of the major broadband companies.
About 6 months ago, they decided to set up a limit for their connection. Not a 1Go/day but 1Go a month.
You have to pay about 12 more if you want to get a better deal. Check the prices.
I always wondered what the average broadband user was using. Knowing that in Scandinavia, Internet is pretty well established, I guess that the average user uses at least 1.5 Go a month. Thus many users are in fact obliged to pay more than the well advertised entry level offer.
Their interest in putting a limit is not to solve a technical problem and they do not target the one percent of the users who create this problem.
They target 50% of their users, they want to charge them as much as possible. Knowing that the persons who want more bandwidth are going to go to their competitors.
I think I understand very well their strategy. Norwegians do not complain. It's not in their way of living. The competitors, it they don't downgrade their offer to similar terms, will have on average people who use more their connections. Thus they will face higher infrastructure costs and lower revenues.
On the other side, Telenor gets on average better revenues, and no need to upgrade their lines as fast as their customers.
In the long run, I have top admit I think they are doing the right thing for their business (and I hate to admit it).
I use Debian and I run Gnome 2.2 (afaik gnome 2.1.90 a Gnome 2.2 release candidate).
I upgraded Saturday 1st 13h00 GMT. Perhaps do you use an outdated mirror?
Perhaps if you didn't have a mobile phone, a handheld and other eclectronic stuff on you, floppies would hold longer?