Possibly, for sufficiently loose definitions of "much more".
Linux kernel 2.0-2.6: 279 Secunia advisories, 473 vulnerabilities
Windows 2000 Server + Windows Server 2003 Standard + Windows Server 2008: 472 Secunia advisories, 580 vulnerabilities
It's also worth noting that kernel 2.6 alone contains 186 advisories for 352 vulnerabilities with 6% unpatched. Windows Server 2008 contains 40 advisories for 82 vulnerabilities with 0% unpatched.
So there's the math. Keep in mind that's comparing an entire server OS with just the Linux kernel.
Surely you can link to a few examples of privilege escalation exploits for Windows coming out every two Sundays. I mean, we've had a lot of Sundays since Windows has been out.
Yes, I agree with that statement. I do not believe that it's possible to fix a bug without knowing about it. However, even if you don't know about the bug, it's still a bug.
And yes. If nobody knew it wasn't a security issue.
No, moron. If nobody knew then it's a security issue that nobody knew about. It's still a security issue. Unless your name happens to be Schrodinger, a thing is still a thing even if no one is looking at it.
If a tree falls in the forest, and no one's around...
No man, the OS is responsible for memory management. That's a major part of any OS, right up there with the scheduler. The memory management portion is responsible for allocating memory to an application and also for making sure that an application only accesses its own memory, or shared memory. So when an application tries to access a memory address you better believe that the OS is verifying that the application is allowed to do that. When an application tries to access memory that it doesn't own, that's one kind of general protection fault or page fault on Windows. The memory garbage collection routines definitely need to know which portions of memory are allocated to a certain process. Memory management is a major part of the Linux kernel. Here you go:
Buzz off, little worker bee, its simply not the case: this happens once every, say, couple to four years in Linux. Microsoft has one of this bugs every couple of sundays.
Yes, hardened windows is reasonably secure. After you spend an hour or two installing all the third party software and configuration settings you need to prevent being owned in under five minutes. Or you can just install Ubuntu.
Yes, Ubuntu. Which apparently you don't need to configure at all to get owned.
Seriously, in a story about how trivial it is to get code to execute as root you post a comment about how much more secure Ubuntu is than hardened Windows?
You can build an entire online banking or betting application, go through a year of security audits and certifications, and still come in at under $1mil easily. The price doesn't all of a sudden go up just because there's money involved in the application. Any online application should be secure, that doesn't change just because it's for a bank or bookmaker.
But the site in question isn't even dealing with people's money - it's just a lookup site to see where the money is going.
Seriously, I can't even imagine what the line item pricing table must look like. I've spent 2500-3000 hours developing a really complex web application over the past year and a half, and we've spent about $200k on development. An $18mil database lookup application would be a pretty sweet deal for any developer. The only thing that sucks about it is that it's taxpayer money.
I'll add Slash to the list. Not that when I think of a Les Paul I think of Slash, but when I think of Slash I do think of his black LP. Zakk Wylde has a spot in there also.
You may not realize this, but in this example, the GPL worked exactly the way the ExtJS developers intended it to.
Yeah, I know. I didn't say the GPL doesn't work, just that it doesn't work for business. We're a business, and it made more sense not to use the GPL. I guess you could also say that the GPL does work for business because it encourages business customers to pay for a different license instead of using the GPL.
This is exactly what you got in this example. You paid them for a different license to get the freedom that you wanted. You got your freedom, they get to keep their freedom, so what exactly are you complaining about?
I'm not complaining at all. I'm trying to illustrate why the GPL does not work for business purposes. Almost everyone who uses the GPL version of ExtJS does so on a private project or personal site, not for anything they intend to distribute to customers that pay for their work. Personally, I love ExtJS and plan to continue using it with anything I can. If it's a commercial project, I'll pay them again for another license. I have absolutely zero problem doing that, I would actually prefer to pay them for their work instead of taking it for free just because I think their work is of such high quality.
Are you complaining that the ExtJS devs *also* released under the GPL so that anyone willing to abide by its terms could use their stuff without paying? Is that not their *own* freedom to do so? Are you placing your own freedom over theirs? Is that fair?
..welcome to the Twilight Zone. No, I love the fact that anyone can use ExtJS without paying for it. I use it on several smaller projects under the GPL. I also love the fact that, as a business, I'm not required to use the GPL. Not being required to use the GPL is a good thing. Having the freedom to also use the GPL is also a good thing. Again, I'm not complaining about anything, I'm explaining why businesses do not use the GPL for things that they want to distribute and make money on. ExtJS recognized this fact and offered a proprietary license in addition to the GPL.
If you put yourself in the shoes of the ExtJS devs and thought about it from their perspective, maybe you'd begin to understand why some people use/prefer the GPL
Good god. Again, I use the GPL is non-commercial projects. Works great, I get other people's changes, other people get mine. For commercial projects on the other hand, the GPL doesn't work. This is the reason why ExtJS offers a proprietary license. If the GPL worked great for commercial products, ExtJS would not need to offer a proprietary license, would they? This isn't about being afraid of the GPL, it's about knowing when it works and when it doesn't.
There's nothing that says that licenses must be written in legalese, and anyone telling you otherwise is probably a lawyer and has something to gain from it.
If the concept of the GPL was simple enough to fit in 120 characters, then the GPL would be 120 characters. The reason the GPL is longer than 120 characters is not because someone decided it needed to be really wordy because of some arbitrary reason, it's because it's not simple enough to fit into 120 characters.
But that's what I do here.. I'm a lot like WNight, except I don't run Unix.
Possibly, for sufficiently loose definitions of "much more".
Linux kernel 2.0-2.6: 279 Secunia advisories, 473 vulnerabilities
Windows 2000 Server + Windows Server 2003 Standard + Windows Server 2008: 472 Secunia advisories, 580 vulnerabilities
It's also worth noting that kernel 2.6 alone contains 186 advisories for 352 vulnerabilities with 6% unpatched. Windows Server 2008 contains 40 advisories for 82 vulnerabilities with 0% unpatched.
So there's the math. Keep in mind that's comparing an entire server OS with just the Linux kernel.
We are now that picky...
This is Slashdot. We've always been that picky.
Indeed.. just in case Jake Busey decides to blow one of them up.
Surely you can link to a few examples of privilege escalation exploits for Windows coming out every two Sundays. I mean, we've had a lot of Sundays since Windows has been out.
That's right. It's a trivial local exploit. Those aren't mutually exclusive.
Did you just link me to a reference that I gave you?
Yes, I agree with that statement. I do not believe that it's possible to fix a bug without knowing about it. However, even if you don't know about the bug, it's still a bug.
And yes. If nobody knew it wasn't a security issue.
No, moron. If nobody knew then it's a security issue that nobody knew about. It's still a security issue. Unless your name happens to be Schrodinger, a thing is still a thing even if no one is looking at it.
If a tree falls in the forest, and no one's around...
sigh..
http://www.google.com/search?q=windows+hosting (36.4 million results)
http://www.google.com/search?q=linux+hosting (19.3 million results)
No man, the OS is responsible for memory management. That's a major part of any OS, right up there with the scheduler. The memory management portion is responsible for allocating memory to an application and also for making sure that an application only accesses its own memory, or shared memory. So when an application tries to access a memory address you better believe that the OS is verifying that the application is allowed to do that. When an application tries to access memory that it doesn't own, that's one kind of general protection fault or page fault on Windows. The memory garbage collection routines definitely need to know which portions of memory are allocated to a certain process. Memory management is a major part of the Linux kernel. Here you go:
http://linux-mm.org/
Buzz off, little worker bee, its simply not the case: this happens once every, say, couple to four years in Linux. Microsoft has one of this bugs every couple of sundays.
Citation needed.
Yes, hardened windows is reasonably secure. After you spend an hour or two installing all the third party software and configuration settings you need to prevent being owned in under five minutes. Or you can just install Ubuntu.
Yes, Ubuntu. Which apparently you don't need to configure at all to get owned.
Seriously, in a story about how trivial it is to get code to execute as root you post a comment about how much more secure Ubuntu is than hardened Windows?
Aw, cheer up little guy. I thought it was a very nice comment.
Which page is the iron on?
Sounds like he really cut off his nose, despite his face.
That just goes to show and math can ruin any joke.
You can build an entire online banking or betting application, go through a year of security audits and certifications, and still come in at under $1mil easily. The price doesn't all of a sudden go up just because there's money involved in the application. Any online application should be secure, that doesn't change just because it's for a bank or bookmaker.
But the site in question isn't even dealing with people's money - it's just a lookup site to see where the money is going.
Seriously, I can't even imagine what the line item pricing table must look like. I've spent 2500-3000 hours developing a really complex web application over the past year and a half, and we've spent about $200k on development. An $18mil database lookup application would be a pretty sweet deal for any developer. The only thing that sucks about it is that it's taxpayer money.
Thanks for that thorough debunking.
"... and to the representative democracy, for which it stands ..."
I'll add Slash to the list. Not that when I think of a Les Paul I think of Slash, but when I think of Slash I do think of his black LP. Zakk Wylde has a spot in there also.
You may not realize this, but in this example, the GPL worked exactly the way the ExtJS developers intended it to.
Yeah, I know. I didn't say the GPL doesn't work, just that it doesn't work for business. We're a business, and it made more sense not to use the GPL. I guess you could also say that the GPL does work for business because it encourages business customers to pay for a different license instead of using the GPL.
This is exactly what you got in this example. You paid them for a different license to get the freedom that you wanted. You got your freedom, they get to keep their freedom, so what exactly are you complaining about?
I'm not complaining at all. I'm trying to illustrate why the GPL does not work for business purposes. Almost everyone who uses the GPL version of ExtJS does so on a private project or personal site, not for anything they intend to distribute to customers that pay for their work. Personally, I love ExtJS and plan to continue using it with anything I can. If it's a commercial project, I'll pay them again for another license. I have absolutely zero problem doing that, I would actually prefer to pay them for their work instead of taking it for free just because I think their work is of such high quality.
Are you complaining that the ExtJS devs *also* released under the GPL so that anyone willing to abide by its terms could use their stuff without paying? Is that not their *own* freedom to do so? Are you placing your own freedom over theirs? Is that fair?
..welcome to the Twilight Zone. No, I love the fact that anyone can use ExtJS without paying for it. I use it on several smaller projects under the GPL. I also love the fact that, as a business, I'm not required to use the GPL. Not being required to use the GPL is a good thing. Having the freedom to also use the GPL is also a good thing. Again, I'm not complaining about anything, I'm explaining why businesses do not use the GPL for things that they want to distribute and make money on. ExtJS recognized this fact and offered a proprietary license in addition to the GPL.
If you put yourself in the shoes of the ExtJS devs and thought about it from their perspective, maybe you'd begin to understand why some people use/prefer the GPL
Good god. Again, I use the GPL is non-commercial projects. Works great, I get other people's changes, other people get mine. For commercial projects on the other hand, the GPL doesn't work. This is the reason why ExtJS offers a proprietary license. If the GPL worked great for commercial products, ExtJS would not need to offer a proprietary license, would they? This isn't about being afraid of the GPL, it's about knowing when it works and when it doesn't.
He's clocking out now to return it to the store he bought it from and promised to be headed to Bestbuy to pick up an iPhone 3GS on the way back
Sweet. That's sort of like swapping a Sequoia Advantage for a Diebold AccuVote.
How's the weather way, way, way, way down under the sand?
There's nothing that says that licenses must be written in legalese, and anyone telling you otherwise is probably a lawyer and has something to gain from it.
If the concept of the GPL was simple enough to fit in 120 characters, then the GPL would be 120 characters. The reason the GPL is longer than 120 characters is not because someone decided it needed to be really wordy because of some arbitrary reason, it's because it's not simple enough to fit into 120 characters.
Right, I agree with all of that, which is why it still doesn't make sense for a business to use the GPL.