Or the users will just move to the browser that doesn't break things since they won't want breakage.
Yeah, It'd require some consensus between Mozilla, Google and Microsoft although the first two would probably be able to force the issue on their own. Note that Apple's already there with iOS. The future is smartphones and tablets and they're already plugin-free, we just need the desktop to catch up.
That's a vicious circle: things get implemented in Flash because the browser's too slow, browser features get a low priority because there's Flash to lean on,... Third party plugins are the bane of the modern open web maybe it's worth dealing with breakages for a year if it forces the issue.
apple's "security through scarcity" is starting to fade away as they gain marketshare. any popular OS will get viruses, malware, trojans, etc.
will mac os get a stonger walled garden as a result? i hope not as i was about to buy my first mac.
The next release of OS X (Mountain Lion) will warn people when trying to run unsigned apps. Apps sold through the Mac App Store will be signed and devs will be able to get their app signed by Apple for free without having to distribute through the App Store. Unsigned apps will also still run if you tell the system to do so. The fact that Apple are doing things shows they will not go full-on walled garden like with iOS but are still trying to get some of its advantages to their users by choosing this middle path.
I agree what they should have done is remove java entirely.
Java is not installed by default in Lion, the latest version os OSX. The users is prompted to install it the first time he opens a webpage containing an applet or the first time he invokes "java" on the CLI.
Don't know who modded this offtopic but the number of infected machines seems germane to the discussion. And AC's correct that the infection rate was dropping rapidly even before this tool hit :
"The number of Macs infected by the Flashback malware has gone down by more than half, from 550,000 to 600,000 computers last week to 270,000 in the last 24 hours, Symantec said Wednesday."
Now whether this is because of an overestimation of the original infection or due to the Apple community being energized and taking action (or a combination of the two) is up for discussion.
Belgium too. They even troll internet marketplaces, I got a mail from the bastards when trying to resell a foreign iPhone. This is why Belgium is also known locally as the Sicily of the North (no offense.)
I don't know about a book but I'd teach him Objective C or Java. Something you can use to create an app for a mobile device. There's nothing like being able to carry your work around with you in your pocket and showing it off to people. Personally I'd go for Objective C because making a UI in Xcode is quick and easy and you can then focus and the real coding.
A keyboard isn't going to have it's own hub unless it is made to be sold to Mac users. PC users simply are not used to plugging mice into their keyboard.
My Solaris workstation has USB ports on both the monitor and the keyboard. My company PC does not, mostly because it's a cheap POS.
Which would make physical security of your system somewhat more difficult to ensure. Server cages are going to need a finer mesh to ensure that no one can stick a cable into a machine they don't own.
If you've got untrusted personnel walking around in your server room a thunderbolt cable is the least of your worries.
That's the real head scratcher. Apple, the king of "you won't see a port that isn't absolutely essential" is the one championing Thunderbolt despite it being far less useful than one of the many display options they have thrown away in recent years (no VGA, use DVI-mini!, no DVI-mini, use DVI-micro!, no DVI-micro, use Mini-displayport!) As many others have noted, it is basically the second coming of Firewire; it tries to out-do something that is widely accepted with something that is slightly superior but much more expensive. While you would think that Apple of all companies would be able to pull that off, it just doesn't feel like it has any legs.
Apple plus a little company called Intel, you might have heard from them.
Yeah, and how hard is that? Is this about malware that magically attaches itself to existing executables, or does it just drop itself into a system directory and run itself?
"As with previous variants of the malware, the latest variant of the Flashback malware, called OSX/Flashback.I, works by modifying code within Web browsers that causes it to launch when the browsers are opened and result in modified Web pages being displayed." Removal instructions
Both are pretty bloody old problems and easily mitigated. How is it that OSX can be owned by a driveby exploit trojan that adds it to a botnet? I thought its underlying guts were Unix. How is it that Windows can't notice that something new has been installed and executed without the user's instigation?
What have Apple and Microsoft OS developers been spending their time on for the last decade? Surfing pr0n? Posting "you guys suck" on web forums? Making Clicky spin more gracefully?
Meanwhile, their users are unwittingly added to botnets and their machines run keyloggers that phone home to crackers. And they get to pay for these "privileges"?!? Gee, what a great deal.
$DEITY help them if their shareholders ever wise up.
Actually the problems ARE all solved in the latest versions of OSX. The attack vector is a Java applet displayed in the browser, Lion no longer includes Java by default, malware detection was added in Snow Leopard and starting in Lion processes are sandboxed. From what I've read the malware seems to target older computers and versions of OSX. As always the best protection is remaining up to date.
From what I understand is that Apple up keeps it's own version of Java that runs on the Mac. So in fact they own the problems that come with allowing it on their systems. Here is a link about that pretty much says that http://www.nl-tech.com/apple-users-download-malware.html
Apple wants to get rid of Java. It's no longer installed by default from Lion onward. That also means that users on the latest version of the OS would not have been vulnerable using the OS as shipped.
This is strictly about helping non technical users that might be infected in an easy way. It's these users that were specifically targetted by the way since the malware targets old versions of Java and even checks for the existence of "power user" tools installed and doesn't install if they are :
"4. You do not have certain security tools installed on your Mac that Flashback checks for, including Little Snitch, Xcode, and a few anti-malware tools.'
if it was Linux based malware a patch would have been out within 24 to 48 hours, six months is enough time to create a new version of the entire operating system,
The vulnerability has been patched. This is about removing the malware from infected systems.
Europeans thinks that because in the US one needs insurance, that people without will not get treatment. That is not true. A hospital that received a sick patent in an ER is required to treat that patient, insurance or not. ERs in the US equals socialized health care, it is just that nobody, Dem or Republican, will admit to that. Will they get the very best treatment, probably not, but they will get significantly better treatment than a European on a waiting list for an operation that may or may not come before he dies..
I'd like so see you try to get a regular regimen of chemo treatments at an ER. Not all treatments are emergency one-offs and in most cases adequate care can prevent you ending up in the ER in the first place.
In the US, if you have insurance, which the vast majority of the US population actually does have, the treatment you will get is significantly better than in any country in the world.
That's false. The care is of the same standard, the difference is that in the US you can buy your way to the top of the list and that's why rich assholes from all over the world flock to you for their care.
Millions of people have Apple products *now* and lots of them knew who Steve Jobs was, a lot of people owned Commodore machines back in the day but it's been 20 years since they went belly up and even then most of those people probably didn't know who Tramiel was, even you spell his name wrong;-) You just can't expect this news to generate the same kind of interest.
Jobs built factories for both the original mac and NeXT in the US. Both were expensive and considered failures by many at the time. He learned his lesson after that.
Slashdot Mirror
Or the users will just move to the browser that doesn't break things since they won't want breakage.
Yeah, It'd require some consensus between Mozilla, Google and Microsoft although the first two would probably be able to force the issue on their own. Note that Apple's already there with iOS. The future is smartphones and tablets and they're already plugin-free, we just need the desktop to catch up.
Nukes, rockets and satellites aren't technical to you ?
That's a vicious circle: things get implemented in Flash because the browser's too slow, browser features get a low priority because there's Flash to lean on, ... Third party plugins are the bane of the modern open web maybe it's worth dealing with breakages for a year if it forces the issue.
Ban plugins, their time has come and gone. The web's a very different place from when they were introduced in the mid 90's.
Yeah, looks like he forgot to count smartphone and tablet users. Maybe he meant 99% of Firefox users ?
apple's "security through scarcity" is starting to fade away as they gain marketshare. any popular OS will get viruses, malware, trojans, etc.
will mac os get a stonger walled garden as a result? i hope not as i was about to buy my first mac.
The next release of OS X (Mountain Lion) will warn people when trying to run unsigned apps. Apps sold through the Mac App Store will be signed and devs will be able to get their app signed by Apple for free without having to distribute through the App Store. Unsigned apps will also still run if you tell the system to do so. The fact that Apple are doing things shows they will not go full-on walled garden like with iOS but are still trying to get some of its advantages to their users by choosing this middle path.
I agree what they should have done is remove java entirely.
Java is not installed by default in Lion, the latest version os OSX. The users is prompted to install it the first time he opens a webpage containing an applet or the first time he invokes "java" on the CLI.
Don't know who modded this offtopic but the number of infected machines seems germane to the discussion. And AC's correct that the infection rate was dropping rapidly even before this tool hit :
"The number of Macs infected by the Flashback malware has gone down by more than half, from 550,000 to 600,000 computers last week to 270,000 in the last 24 hours, Symantec said Wednesday."
Now whether this is because of an overestimation of the original infection or due to the Apple community being energized and taking action (or a combination of the two) is up for discussion.
Belgium too. They even troll internet marketplaces, I got a mail from the bastards when trying to resell a foreign iPhone. This is why Belgium is also known locally as the Sicily of the North (no offense.)
I don't know about a book but I'd teach him Objective C or Java. Something you can use to create an app for a mobile device. There's nothing like being able to carry your work around with you in your pocket and showing it off to people. Personally I'd go for Objective C because making a UI in Xcode is quick and easy and you can then focus and the real coding.
A keyboard isn't going to have it's own hub unless it is made to be sold to Mac users. PC users simply are not used to plugging mice into their keyboard.
My Solaris workstation has USB ports on both the monitor and the keyboard. My company PC does not, mostly because it's a cheap POS.
Which would make physical security of your system somewhat more difficult to ensure. Server cages are going to need a finer mesh to ensure that no one can stick a cable into a machine they don't own.
If you've got untrusted personnel walking around in your server room a thunderbolt cable is the least of your worries.
That's the real head scratcher. Apple, the king of "you won't see a port that isn't absolutely essential" is the one championing Thunderbolt despite it being far less useful than one of the many display options they have thrown away in recent years (no VGA, use DVI-mini!, no DVI-mini, use DVI-micro!, no DVI-micro, use Mini-displayport!) As many others have noted, it is basically the second coming of Firewire; it tries to out-do something that is widely accepted with something that is slightly superior but much more expensive. While you would think that Apple of all companies would be able to pull that off, it just doesn't feel like it has any legs.
Apple plus a little company called Intel, you might have heard from them.
the negative press has really been at minimum.
Probably a "Let He Who Is Without Sin Cast The First Stone" kind of thing.
Yeah, and how hard is that? Is this about malware that magically attaches itself to existing executables, or does it just drop itself into a system directory and run itself?
"As with previous variants of the malware, the latest variant of the Flashback malware, called OSX/Flashback.I, works by modifying code within Web browsers that causes it to launch when the browsers are opened and result in modified Web pages being displayed."
Removal instructions
Both are pretty bloody old problems and easily mitigated. How is it that OSX can be owned by a driveby exploit trojan that adds it to a botnet? I thought its underlying guts were Unix. How is it that Windows can't notice that something new has been installed and executed without the user's instigation?
What have Apple and Microsoft OS developers been spending their time on for the last decade? Surfing pr0n? Posting "you guys suck" on web forums? Making Clicky spin more gracefully?
Meanwhile, their users are unwittingly added to botnets and their machines run keyloggers that phone home to crackers. And they get to pay for these "privileges"?!? Gee, what a great deal.
$DEITY help them if their shareholders ever wise up.
Actually the problems ARE all solved in the latest versions of OSX. The attack vector is a Java applet displayed in the browser, Lion no longer includes Java by default, malware detection was added in Snow Leopard and starting in Lion processes are sandboxed. From what I've read the malware seems to target older computers and versions of OSX. As always the best protection is remaining up to date.
The fix was upgrading to Lion which doesn't have Java by default.
From what I understand is that Apple up keeps it's own version of Java that runs on the Mac. So in fact they own the problems that come with allowing it on their systems. Here is a link about that pretty much says that http://www.nl-tech.com/apple-users-download-malware.html
Apple wants to get rid of Java. It's no longer installed by default from Lion onward. That also means that users on the latest version of the OS would not have been vulnerable using the OS as shipped.
A) Vulnerability has been patched.
B) It's not that difficult to detect and remove.
This is strictly about helping non technical users that might be infected in an easy way. It's these users that were specifically targetted by the way since the malware targets old versions of Java and even checks for the existence of "power user" tools installed and doesn't install if they are :
"4. You do not have certain security tools installed on your Mac that Flashback checks for, including Little Snitch, Xcode, and a few anti-malware tools.'
if it was Linux based malware a patch would have been out within 24 to 48 hours, six months is enough time to create a new version of the entire operating system,
The vulnerability has been patched. This is about removing the malware from infected systems.
Europeans thinks that because in the US one needs insurance, that people without will not get treatment. That is not true. A hospital that received a sick patent in an ER is required to treat that patient, insurance or not. ERs in the US equals socialized health care, it is just that nobody, Dem or Republican, will admit to that. Will they get the very best treatment, probably not, but they will get significantly better treatment than a European on a waiting list for an operation that may or may not come before he dies..
I'd like so see you try to get a regular regimen of chemo treatments at an ER. Not all treatments are emergency one-offs and in most cases adequate care can prevent you ending up in the ER in the first place.
In the US, if you have insurance, which the vast majority of the US population actually does have, the treatment you will get is significantly better than in any country in the world.
That's false. The care is of the same standard, the difference is that in the US you can buy your way to the top of the list and that's why rich assholes from all over the world flock to you for their care.
Millions of people have Apple products *now* and lots of them knew who Steve Jobs was, a lot of people owned Commodore machines back in the day but it's been 20 years since they went belly up and even then most of those people probably didn't know who Tramiel was, even you spell his name wrong ;-) You just can't expect this news to generate the same kind of interest.
The kids all had their plastic cased commies. The serious folks ran CP/M on a Z80.
The C64's big brother, the C128, could run CP/M while still being backwards compatible with the C64.
There was such a thing as a Commodore 128 compable with the C64 and with, you guessed it, 128Kb of RAM released around the time of the Apple IIc.
Hey man, don't copy that floppy.
Jobs built factories for both the original mac and NeXT in the US. Both were expensive and considered failures by many at the time. He learned his lesson after that.