The problem is, even though it has to be turned on, the EULA is still bad. However, the EULA is there because of MS's legal team being "over careful" about the feature. It's to protect themselves incase a user turns it on and sues them because they claim MS was spying on them. The real issue is that we live in the United Litigations of America. Do I like this section of the EULA? No - I don't want an EULA on any of my software. Nevertheless, I agree that the primary goal of this article was FUD, not an intelligent discussion of EULA's and why corporations keep taking them to the next level.
Windows Update has ALWAYS included other vendors.
on
Read the Fine Print
·
· Score: 2
Actually, "other Vendors" are already part of Windows Update. For example, if you have a 3Com 905-C and you are running an old driver, Windows Update will get the driver from 3Com for you.
If people want to spend 200% more and wait twice as long for new software to be released, then I'm all for increasing the development cycle for the sake of usability. The problem is, the market won't bear it.
Also, the comparison to the car is very poor because the level of functionality that the car gives to the user is very minimal. It's kind of like comparing the XBox's UI to Windows'.
These are all very good questions which support my final contention: "It is folly to even try to make any assertion regarding which code base is more likely to be secure based on it's Open or Closed source nature."
We can have our theories, but there are just way too many unknowns and counting the "potential number of eyeballs" looking at the source code is really trivializing the issue.
While we're at it, which community of application developers is more security-aware, Linux of Windows? Which OS makes it easier to write insecure applications?
Remember, the original assertion was regarding the "Open Source Nature" of Linux. The focus of a team is generally independant of it's Open or Closed source nature.
You are correct. The underlying platform is where a lot of the power lies, C# just exposes them.
I've been coding in C# for about 7 months, and have already been through one full development cycle. I think that C# is one of the most transparent languages I've ever used (although I only have 5 years of professional experience). I'm not the first to make comments like this either. I think about Java, and how people say how similar it is to C#. However, it's always those "little things" that make a big impact on the overall effectiveness of the language (or anything, for that matter). Java was very cool, but I personally didn't "flow" with it nearly the way I do with C#.
How many people are looking over the source code of Win 2K for bugs?
Let's focus on "Quality Man Hours". Really, how many people a) have the expertise to actually read the Linux source, b) have the time and energy to read through it, c) have the competence to identifiy security issues. We now have a _much_ smaller set of people. Of those people how many hours per day/week/month are they spending doing this? At Microsoft, they pay employees to work on multiple areas of Win2K full time.
We can theorize all we want about whethor Open Source can put more quality man hours towards security issues, but there is no way to quantify and compare it to the resources Microsoft invests in it's products.
Worms thrive on total volume, not specifically servers. The more systems infected, the more powerful it is. It is much more attractive to write a worm that can:
a) Exist on a platform that has millions of machines running a relatively similar configuration.
b) Get in as a trojan horse to an uneducated user (how many laymens install Linux?).
You make some great points. It sounds like he wants a relatively simple frontend. It's not like he needs excessive DirectX or OpenGL calls. Otherwise, I'd say you're correct. If you are trying to develop Quake4, half of the fun is the plumbing.
This is a bit Off Topic but there are some major advantages to going with C#. First, think of the advantages of using a GC'd platform like Java. Second, think about not using pointers unless it's absolutely necessary. Third, think about an incredibley intuitive and powerfull class library that allows you to focus less on the "plumbing" and more on the creation of cool software.
Yes, some of us love being plumbers (tweaking malloc calls or fine tuning a large loop in ASM), but for projects like this I think it is more appropriate to use a higher level language.
I can't imagine why you'd want to bet the farm on such an immature system.
It may be immature on the client machine, but it is a very mature platform. My company is currently running it's ecommerce site for it's flagship product line on the Beta 2 (!).NET platform (using C#, of course). Next week we are launching our next generation Customer Management Tools for the call center which is also all on.NET. Beta 2 is production level stable. This is also proven by a handful of high-profile sites mainly run by Microsoft (eg: MSN Shopping, office.microsoft.com) but other companies as well. For example, a huge portion of Verizon's "trouble ticketing" system was launched ~6 months ago on the.NET platform. Now we are testing the "Dot Oh" release of.NET (released in Jan), and I'm sure it'll be even more robust then the beta.
I'll avoid most of my comments about your choice of language because most of it is of a political nature, rather than practical one; however, I really wouldn't suggest trying to make a massively multiplayer game with a language you're unfamiliar with.
This is very good insight. However, I think C# is a great choice and an exception for this situation. If you have a C++ or Java background, learning C# is extremely trivial. Plus, the networking libraries of the.NET Framework are very intuitive.
Caching the entire Kernal and commonly used DLL's is supported in WinXP (Pro, not sure about Home). I believe there is undocumented support in Win2K but I have not verified this. A friend of mine built a machine with 512MB of RAM and put XP on it and enabled this "cache" feature. Although the boot time was a little (barely noticeable) slower, the load time of apps and common tasks was incredible - almost as if you were using a solid-state device (a PDA, for example).
Deadlines are normally imposed by companies trying to earn a living through the development of software.
Then it would be a good idea to think that the Open Source community, not faced with deadlines, would be able to code the programs in a more ideal situation, leading to code that has a higher degree of elegance and security...
Deadlines affect both Open and Closed Source projects. Everything is market driven. Open Source software is almost always being written for a market. Just look at how the Linux GUI has evolved. When we saw the first light of KDE or Gnome, they where extremely unstable. But they where released because there was a deadline. The deadline was, "We need a GUI now to compete with Windows" (Yes, I know what Linus thinks about this).
At least the code in flux has a higher chance of adapting to it's environment and thus surviving over the slower to adapt Closed Source code.
First, how is "code in flux" secure? Second, how is Closed Source "slower to adapt to it's environment"? Here is one of many examples: IE4 (in late '97) almost fully implemented the W3C DOM recommendations while Mozilla (5 years later) is just now finishing them up. However, Opera - which by 2000 had good DOM support - has been able to compete at a great pace.
Let's see, Win2K was said to have about 60k bugs, right? So if they work every day of Feb, they need to fix roughly 2150 bugs per day.
1) It is a flase assumption that 65K+ records in their bug tracking database where all bugs. These are just reports and have not been independently verified or filtered for feature requests or duplicates. What "are" really bugs can also be a "specification bug", not a technical one. For example, you click the start button it's supposed to "fade in with speckles" but instead it displays with no effect. To the end user it still functions perfectly. To the product development team the feature wasn't implemented correctly.
2) You are assuming that over the past two years (when this ambiguous "65K" number got thrown around) that they have done nothing to resolve the bugs in Win2K. This obviously overlooks the fact that the NT5.0 codebase is much more mature thanks to ongoing development that has resulted in multiple service packs and WinXP.
3) The point of this month is to focus on bug fixing, not "let's fix all the bugs that we created 5 years ago". It's like me saying, "I'm going to take a week and do spring cleaning on my house" and assuming that means that I never cleaned my house on a regular basis.
4) If there really where 65K bugs, each programmer would be responsible for fixing 1.5bugs within the month (appx 40,000 programmers). Of course, this is severely trivializing the issue, but reminds us of the awesome resources MS has at it's disposal.
Also, Win95 is mainly relevant when discussing the GUI and DirectX. Most all of Win2K's technology is based on NT, which is an older codebase. (the first beta was in 1992 I believe)
They're just upset that people can use their service without them making ad revenues.
This is just like saying that they're just upset that people can take the goods out of their store without making revenues. It's stealing, even if you're not physically taking something.
If MS wants to force everyone to use proprietary software for THEIR service, then it is their right. There IS a cost - using their software and having screen realestate dedicated to ads. The same goes for AOL's IM.
Slashdot Mirror
Anyone who wants to develop for .NET needs to shell out at least $1,079
The Software Development Kit (all necessary dll's, compilers, etc.) is free. There are also a handful of free IDE's.
And what relevance does this pose?
Actually, most Christian theology concludes that the means never justify the end.
The problem is, even though it has to be turned on, the EULA is still bad. However, the EULA is there because of MS's legal team being "over careful" about the feature. It's to protect themselves incase a user turns it on and sues them because they claim MS was spying on them. The real issue is that we live in the United Litigations of America. Do I like this section of the EULA? No - I don't want an EULA on any of my software. Nevertheless, I agree that the primary goal of this article was FUD, not an intelligent discussion of EULA's and why corporations keep taking them to the next level.
Actually, "other Vendors" are already part of Windows Update. For example, if you have a 3Com 905-C and you are running an old driver, Windows Update will get the driver from 3Com for you.
(2) Slashdot isn't a unitary entity.
But the vast majority is. Just see my journal of a little experiment I did not too long ago.
If people want to spend 200% more and wait twice as long for new software to be released, then I'm all for increasing the development cycle for the sake of usability. The problem is, the market won't bear it.
Also, the comparison to the car is very poor because the level of functionality that the car gives to the user is very minimal. It's kind of like comparing the XBox's UI to Windows'.
I'd place a bet that there are ways around C# security.
Yup, it's called C++.
Exactly. Ongoing space exploration is important, but why is it "de facto" that space research is the Ultimate Science(tm) that needs Billions(tm)?
Complacency leads to regression. If we aren't always striving to make things better, everything will deteriorate.
Are you suggesting that Windows has not improved over the last 10 years?
These are all very good questions which support my final contention: "It is folly to even try to make any assertion regarding which code base is more likely to be secure based on it's Open or Closed source nature."
We can have our theories, but there are just way too many unknowns and counting the "potential number of eyeballs" looking at the source code is really trivializing the issue.
While we're at it, which community of application developers is more security-aware, Linux of Windows? Which OS makes it easier to write insecure applications?
Remember, the original assertion was regarding the "Open Source Nature" of Linux. The focus of a team is generally independant of it's Open or Closed source nature.
You are correct. The underlying platform is where a lot of the power lies, C# just exposes them.
I've been coding in C# for about 7 months, and have already been through one full development cycle. I think that C# is one of the most transparent languages I've ever used (although I only have 5 years of professional experience). I'm not the first to make comments like this either. I think about Java, and how people say how similar it is to C#. However, it's always those "little things" that make a big impact on the overall effectiveness of the language (or anything, for that matter). Java was very cool, but I personally didn't "flow" with it nearly the way I do with C#.
How many people are looking over the source code of Win 2K for bugs?
Let's focus on "Quality Man Hours". Really, how many people a) have the expertise to actually read the Linux source, b) have the time and energy to read through it, c) have the competence to identifiy security issues. We now have a _much_ smaller set of people. Of those people how many hours per day/week/month are they spending doing this? At Microsoft, they pay employees to work on multiple areas of Win2K full time.
We can theorize all we want about whethor Open Source can put more quality man hours towards security issues, but there is no way to quantify and compare it to the resources Microsoft invests in it's products.
Worms thrive on total volume, not specifically servers. The more systems infected, the more powerful it is. It is much more attractive to write a worm that can:
a) Exist on a platform that has millions of machines running a relatively similar configuration.
b) Get in as a trojan horse to an uneducated user (how many laymens install Linux?).
You make some great points. It sounds like he wants a relatively simple frontend. It's not like he needs excessive DirectX or OpenGL calls. Otherwise, I'd say you're correct. If you are trying to develop Quake4, half of the fun is the plumbing.
This is a bit Off Topic but there are some major advantages to going with C#. First, think of the advantages of using a GC'd platform like Java. Second, think about not using pointers unless it's absolutely necessary. Third, think about an incredibley intuitive and powerfull class library that allows you to focus less on the "plumbing" and more on the creation of cool software.
.NET platform (using C#, of course). Next week we are launching our next generation Customer Management Tools for the call center which is also all on .NET. Beta 2 is production level stable. This is also proven by a handful of high-profile sites mainly run by Microsoft (eg: MSN Shopping, office.microsoft.com) but other companies as well. For example, a huge portion of Verizon's "trouble ticketing" system was launched ~6 months ago on the .NET platform. Now we are testing the "Dot Oh" release of .NET (released in Jan), and I'm sure it'll be even more robust then the beta.
Yes, some of us love being plumbers (tweaking malloc calls or fine tuning a large loop in ASM), but for projects like this I think it is more appropriate to use a higher level language.
I can't imagine why you'd want to bet the farm on such an immature system.
It may be immature on the client machine, but it is a very mature platform. My company is currently running it's ecommerce site for it's flagship product line on the Beta 2 (!)
I'll avoid most of my comments about your choice of language because most of it is of a political nature, rather than practical one; however, I really wouldn't suggest trying to make a massively multiplayer game with a language you're unfamiliar with.
.NET Framework are very intuitive.
This is very good insight. However, I think C# is a great choice and an exception for this situation. If you have a C++ or Java background, learning C# is extremely trivial. Plus, the networking libraries of the
Caching the entire Kernal and commonly used DLL's is supported in WinXP (Pro, not sure about Home). I believe there is undocumented support in Win2K but I have not verified this. A friend of mine built a machine with 512MB of RAM and put XP on it and enabled this "cache" feature. Although the boot time was a little (barely noticeable) slower, the load time of apps and common tasks was incredible - almost as if you were using a solid-state device (a PDA, for example).
I am a genetic and legal laymen. So here is a "typical citizen" question: Can you patent scientific discovery?
Examples:
Could Albert Einstein patent the Theory of Relativity?
Could Galileo patent the stars he found?
How, again to a laymen, are these any different than discovering certain DNA sequences?
Deadlines are normally imposed by companies trying to earn a living through the development of software.
Then it would be a good idea to think that the Open Source community, not faced with deadlines, would be able to code the programs in a more ideal situation, leading to code that has a higher degree of elegance and security...
Deadlines affect both Open and Closed Source projects. Everything is market driven. Open Source software is almost always being written for a market. Just look at how the Linux GUI has evolved. When we saw the first light of KDE or Gnome, they where extremely unstable. But they where released because there was a deadline. The deadline was, "We need a GUI now to compete with Windows" (Yes, I know what Linus thinks about this).
At least the code in flux has a higher chance of adapting to it's environment and thus surviving over the slower to adapt Closed Source code.
First, how is "code in flux" secure? Second, how is Closed Source "slower to adapt to it's environment"? Here is one of many examples: IE4 (in late '97) almost fully implemented the W3C DOM recommendations while Mozilla (5 years later) is just now finishing them up. However, Opera - which by 2000 had good DOM support - has been able to compete at a great pace.
Let's see, Win2K was said to have about 60k bugs, right? So if they work every day of Feb, they need to fix roughly 2150 bugs per day.
1) It is a flase assumption that 65K+ records in their bug tracking database where all bugs. These are just reports and have not been independently verified or filtered for feature requests or duplicates. What "are" really bugs can also be a "specification bug", not a technical one. For example, you click the start button it's supposed to "fade in with speckles" but instead it displays with no effect. To the end user it still functions perfectly. To the product development team the feature wasn't implemented correctly.
2) You are assuming that over the past two years (when this ambiguous "65K" number got thrown around) that they have done nothing to resolve the bugs in Win2K. This obviously overlooks the fact that the NT5.0 codebase is much more mature thanks to ongoing development that has resulted in multiple service packs and WinXP.
3) The point of this month is to focus on bug fixing, not "let's fix all the bugs that we created 5 years ago". It's like me saying, "I'm going to take a week and do spring cleaning on my house" and assuming that means that I never cleaned my house on a regular basis.
4) If there really where 65K bugs, each programmer would be responsible for fixing 1.5bugs within the month (appx 40,000 programmers). Of course, this is severely trivializing the issue, but reminds us of the awesome resources MS has at it's disposal.
Also, Win95 is mainly relevant when discussing the GUI and DirectX. Most all of Win2K's technology is based on NT, which is an older codebase. (the first beta was in 1992 I believe)
They're just upset that people can use their service without them making ad revenues.
This is just like saying that they're just upset that people can take the goods out of their store without making revenues. It's stealing, even if you're not physically taking something.
If MS wants to force everyone to use proprietary software for THEIR service, then it is their right. There IS a cost - using their software and having screen realestate dedicated to ads. The same goes for AOL's IM.
Plans to use it involve that "real world" sites are aware that something like this exists.
They are, and they are using Wild Tangent. I don't know if that's a fair comparison, but it seems like WT already has a lot of momentum behind id.
This sounds great, but are there any "real world" sites using or planning on using this plugin? Or is it just another VRML experiment?
Crashing so soon?
What version of Linux w/Gnome is it running?
:-)