The major security issues with Windows just aren't there on a mac. It's much harder to create spyware on a mac.
The software community on a mac is different. Commercial vendors couldn't get away with shipping malware (it's happened, and was caught quickly). Shareware authors tend to build higher quality apps rather than the quick and dirty stuff you see on windows.
But, it's not impossible. Every so often, software needs root access to install all the components. There's nothing stopping it from installing some sort of spyware at the same time, pretending to be a safari extension or something similar. People see the password dialog often enough to trust it, even if it's fake. Very few mac users run some sort of anti-virus.
Viruses would be rare since their main use these days is to install malware or spam relays, rather than to disable the machine. But, I'm sure that sooner or later, we'll see bundled adware.
I was a tech in a secondary school so this may not completely apply...
1. Log everything. 2. Review your logs.
Logs are what allowed me to discover a student logging in to a restricted teacher area, a number of weird log entries (logins at 4AM) which lead me to a number of compromized machines, etc.
3. Imaging software is your friend. Ghost, Acronis, even dd if you have to. Machines will be compromized, messed up, or even residual files will be left over summer. I went as far as building the image to automatically ask for the machine name and I could reimage a lab of 30 workstations in under 30 minutes.
4. Disable downloads.
This is the only thing that kept me on IE - you can choose to disable downloads. We had to tweak it a bit by adding a number of sites to one of the zones (to allow downloads from intranet, etc) but it really cut down the support calls.
5. Ticketing system. This may or may not work (it didn't for me as problems were always phone calls or walk ins), but if you need to justify additional spending/resources, it's great to be able to say "I handle X calls a month. Give me $Y and I can reduce calls from X to Z". If you do a lot of site visits, write down what you do.
6. Each student signs an AUP. No AUP, no account. Most students won't be a problem, but a few will decide to "test" your network security and you need to be able to keep them off the computers.
7. Watch how your resources are used. Every friday I'd run a scan for files in home directories over 1MB. This caught most of the MP3's, games, etc while filtering out the word documents. My AUP (also posted in each lab) stated academic use only, so anyone with MP3's had to explain themselves.
8. Get the staff on your side. You can't be everywhere and they're the ones who will be in the labs - picking weak passwords, allowing locked-out students to "borrow" another account, etc. Administration will be dealing with problem students and they need to know why things are a problem. They're not techs.
At the end of the day, you're a support service. You exist to support staff and students. There might be better ways, but non-techs need to use it. Don't bore people with details (they don't need to know that you've migrated from NT4 domains to a samba server. It's just an upgrade) - but, samba needs to work if you do this. Gradual transitions - don't take word away and replace it with OpenOffice. Install both for the year.
Toronto did this 50 years ago, after Hurricane Hazel hit. Many areas were hit hard so it was after this that the flood plains were reclaimed. We now have parks and golf courses instead of houses. The water has somewhere to go with minimal damage.
On a few sites, I've been forced to block ads. Not because I don't like them, not because the javascript tags add the "interval" ads, but because they horribly slow down the page render! There are times when my browser has the rest of the content but can't render because it's "Waiting for servedby.advertising.com" or some other ad server. Blocking the ads renders the page quickly.
It depends on your experience. I had a Mot i60 (with the iDEN radio feature) that spent more time in repair than I actually had it. I suspected it was a bad SIM the whole time, but nobody wanted to listen. I gave up and lived with it resetting itself randomly, and crashing when I tried to answer a call.
The current phones could be just fine, but between the PPC mess and the i60 I don't see any reason to get a Motorola product again.
I did exactly that a few weeks ago, replacing my G4 powerbook with another one. Reasons?
- After 3 years, snapped hinges, required hw repairs (most recently firewire = new logic board), etc, it was time.
- It's out of applecare. That logic board is at least $700 to replace. New machine is under warranty
- The new powerbooks have many new features (to me anyways) - backlit keyboard, airport extreme, integrated bluetooth, etc.
- There's no way I'm buying Rev 1 intel anything. I think back to the Rev A iMacs that had a USB bug, my rev 1 G3 which doesn't support slave IDE devices, etc.
It will take time to work out the problems. In 2-3 years when that happens, I'll be ready to replace this machine.
Strangely enough, I find Apple has the worst password policy I've seen, in spite of their normal ease of use. Their system prevents using the same password for an entire year. My bank doesn't even go this far!
I'm not sure if it's because I had access to various developer/sales resources over time, or if it's a standard for all accounts, but it's annoying. Whenever I need to enter my password, I find I need to reset it. Now, I use an extremely insecure password.
You could have got a totally clueless rep. It happens.
My ISP, when my modem was flashing an error code (something like No Line Sync), asked me to verify that I was set for DHCP and wanted to confirm that I really couldn't release/renew.
Don't even start me on call centres in India. (Dell, Netgear, Linksys & friends)
Bayesian filters are so good that one spammer trick is to try to make their spam look like valid mail, and increase false positives. If you can't beat them, join them.
You're assuming they'll manage the passwords properly. Why spend the effort when you can be lazy?
I know of field techs at numerous companies who use a password based on the serial or model number. One of my clients with a number of higher end printers/copiers has a password of "1111" or "0000". It's set that way so that all the techs know how to get in. In some cases, there isn't a password - only a key combination (like stop-*-1) Of course, many others quickly figure it out. I can get into maintenance menus of many photocopiers knowing this trick.
Instead, passwords should be based on something like a site number. Still accessable to the techs, but not to the random users.
Why is it dangerous to have a bad password? One tech told me a trick for free copies - either using the maint menu to "test" the machine, or going as far as to disable the pin menu or coin collector. Other machines now have many interesting options to play with - including watching an email address and printing automatically to things like LDAP lookups. Somebody could social engineer your network and get your company directory using the photocopier!
There are also dedicated firewire/av boxes. The canopus box works well from what I've heard.
Do not even think about using a dazzle hollywood. Unless they've fixed it, it likes to do things like switch randomly to PAL and in many cases won't capture properly, without something like a switcher upstream.
While I agree with you, some of their products aren't that great compared to others. Many people would be thinking twice if things were level.
I did a presentation this morning. Most people would use Powerpoint. I used Keynote. Keynote has a great feature called presentation view. I don't need to see exactly the same screen as the audience does. Presentation view shows your current slide (smaller), the upcoming slide, notes, timer and clock. I found it really kept the flow going as I knew what was coming up next. I could transition between slides during the slide transition on screen, rather than pausing between slides. A simple thing, but something microsoft should have had years ago.
And, microsoft wonders why people don't upgrade office.
Apple can move fast and change directions faster because they don't have an installed base that would hate them because they twist and turn. In PC land this can't happen because too much money is already invested in hardware and software.
In fact, it's the opposite. PC's are generally replaced every 18-36 months with something faster/cheaper/better.
Macs tend to stay running for 5 years before being replaced. So, Apple has a larger percentage of older hardware out there, and if anything more legacy hardware. Apple switched to USB in 1998, yet I can still run 10.3 on hardware with the legacy I/O.
Look at Tiger. It was released on DVD, for the convenience of not needing to swap CD's (10.3 was 3 cd's). Many macs which can run tiger don't have DVD drives. Apple felt that the change was worth it, even though many users would need to swap their DVD's for CD's.
Apple also makes transitions as easy as possible. Most recently carbon (apps run on OS 9 and OS X), previously 68K emmulation on PPC, and soon PPC emmulation on intel. Microsoft, rather than going to emmulation, builds their stuff on top of legacy stuff.
What do you think would happen to the world economy if Microsoft only would release longhorn for PPC? FWIW, NT was available for the PPC (and Alpha). And, the new xbox is powered by a PPC. It may not be that far off.
That's true, there is a header for that. But, IIRC it indicates what file types the browser supports (it won't tell you what version of CSS is supported)
It's use though isn't really encouraged. How many apps check if the user-agent contains Mozilla, and how many look at http-accept?
Not really. MS showed no sign of slowing IE down, and for a while Apple couldn't create a web browser.
As part of MS's "investment" in Apple stock (really a court settlement, and MS made a nice profit on it), there was a 5 year agreement in which Apple agreed not to make a web browser (remember CyberDog?). It produced such famous quotes as Steve saying "IE is my browser of choice" on stage after being booed.
That agreement expired, and I'm sure Apple felt that everything else fell short. Remember, Apple's goal is not to make computer products, it's to make the best possible computer products. When Apple does something, they're usually not the first, but the reaction is "Why didn't $otherguys do that?". MS's goal is total dominance ("Windows everywhere").
MS was fairly tolerant of Apple while they didn't represent a threat. Since the release of Safari, and Apple's resulting growth, MS has been trying t push things back their way. I look at their recent "It runs on windows" commercials. They don't really say anything other than "Buy Windows XP". Or, their other campaign "Use windows because it doesn't have the legal risks of linux". They don't really tell me why I should use windows. Apple's marketing is more like "Look at me! We have spotlight indexing and all these other great things (the other guys don't have)!"
And, the MS announcement came a few weeks after Safari. MS heard the news about safari at the same time as the rest of us, debated for a few weeks, then made their decision public. The announcement wasn't worded as a "we decided to stop IE, go find something else", it was more along the lines of "We're disappointed Apple chose to make their own product instead of using our obviously superior product. So, we're dropping it." The general reaction was that MS was ok if they were dominant, but were afraid of competition.
The Mozilla/5.0 string should also go. After all, every browser is pretending to be Netscape, and it's become redundant now.
What the string should should indicate is what version of the various standards it supports. Something along the lines of: HTML/4.0 CSS/2 PDF JPEG PNG etc.
Don't support CSS? You get the table layout. Don't support HTML 3? You get an upgrade message. Etc.
The string itself would need to be enforced by the W3C so we can't get something like MS's "we'll impliment what we want or make our own standard" attitude. Supporting CSS 2 means you support the spec entirely, and it's no indication that the browser is IE, Firefox or anything else, which means you can't code to one browser.
Once Apple released safari, microsoft stopped supporting IE on Mac. If they can't dominate, they take their toys and go home.
Many of my clients though associate WWW with IE so they still continue to use it. What Apple needs to do is recycle their "Browse the internet" app and stick that in the dock.
What happens if it's a known design flaw? What if the engine mounts are known to fail at highway speeds, the engine drops out, causes a 14-car collision? GM can't say "that car was stolen so it's not our fault". Security holes are basically design flaws.
Any compromized machine (Windows or otherwise) can seriously affect other computers and lead to a loss. I spent 5 hours yesterday cleaning up the mess from one infected laptop that an employee connected to the network. Nobody could work for the entire day, until I was able to isolate all the infected machines. If a security patch could prevent this attack, should the user not be entitled to it because Windows is pirated?
Your analogy is flawed btw. Unless you're stealing the car right from the factory, it's owned by (car dealership|end-user|GM leasing|someone other than GM). Not to mention that the car is actually owned, not "licensed" from GM.
The spammers are already filling MY inboxes with garbage. I pay for my email access. I pay for bandwidth. I pay for mobile email access. My hosting company pays for storage, filtering and bandwidth for spam (passing the charges on to me). My company pays to run a server, bandwidth, and storage. I add filters (taking me away from billable hours = a financial loss to me). They adapt and find ways around my filters, causing further time to adjust them. I've lost at least 3 email addresses due to spam. My main work address is now starting to receive spam. I can't lose this address without significantly affecting my business. Each message that comes in there takes me away from a billable task. I'm just waiting for my address to start showing up as the from: line in their spam, making my business look like a spammer, when it isn't. I will not be happy when that happens.
I own and promote a business. I pay for my advertising. There are many ways to promote a business without representing a cost to the end user. So, it's only fair that I recover those costs.
Ultimately these people represent a financial loss to me and my business that I have no way of recovering, and we're debating if it's legal to fill their forms with garbage? If I can't recover my costs the least I can do is increase theirs. Or, they can send me a cheque and I'll stop.
(Don't start me about the voicemail spammers. A few debt reduction organizations will be receiving an invoice shortly. I'm paying for my cell phone for my business, not so that they can advertise theirs at my expense)
My Beige G3 has been going since '98 or so. It's even running 10.3, and with a cheap G4 upgrade, it doesn't run too badly.
I added a powerbook in 2002, although I could have waited another year if I wanted to. The powerbook is now 3 years old, and I'm really not thinking replacement until next year. (whether I go with the last PPC powerbook or wait for the intel transition to sort itself out is another question)
Slashdot Mirror
The major security issues with Windows just aren't there on a mac. It's much harder to create spyware on a mac.
The software community on a mac is different. Commercial vendors couldn't get away with shipping malware (it's happened, and was caught quickly). Shareware authors tend to build higher quality apps rather than the quick and dirty stuff you see on windows.
But, it's not impossible. Every so often, software needs root access to install all the components. There's nothing stopping it from installing some sort of spyware at the same time, pretending to be a safari extension or something similar. People see the password dialog often enough to trust it, even if it's fake. Very few mac users run some sort of anti-virus.
Viruses would be rare since their main use these days is to install malware or spam relays, rather than to disable the machine. But, I'm sure that sooner or later, we'll see bundled adware.
I was a tech in a secondary school so this may not completely apply...
1. Log everything.
2. Review your logs.
Logs are what allowed me to discover a student logging in to a restricted teacher area, a number of weird log entries (logins at 4AM) which lead me to a number of compromized machines, etc.
3. Imaging software is your friend. Ghost, Acronis, even dd if you have to. Machines will be compromized, messed up, or even residual files will be left over summer. I went as far as building the image to automatically ask for the machine name and I could reimage a lab of 30 workstations in under 30 minutes.
4. Disable downloads.
This is the only thing that kept me on IE - you can choose to disable downloads. We had to tweak it a bit by adding a number of sites to one of the zones (to allow downloads from intranet, etc) but it really cut down the support calls.
5. Ticketing system. This may or may not work (it didn't for me as problems were always phone calls or walk ins), but if you need to justify additional spending/resources, it's great to be able to say "I handle X calls a month. Give me $Y and I can reduce calls from X to Z". If you do a lot of site visits, write down what you do.
6. Each student signs an AUP. No AUP, no account. Most students won't be a problem, but a few will decide to "test" your network security and you need to be able to keep them off the computers.
7. Watch how your resources are used. Every friday I'd run a scan for files in home directories over 1MB. This caught most of the MP3's, games, etc while filtering out the word documents. My AUP (also posted in each lab) stated academic use only, so anyone with MP3's had to explain themselves.
8. Get the staff on your side. You can't be everywhere and they're the ones who will be in the labs - picking weak passwords, allowing locked-out students to "borrow" another account, etc. Administration will be dealing with problem students and they need to know why things are a problem. They're not techs.
At the end of the day, you're a support service. You exist to support staff and students. There might be better ways, but non-techs need to use it. Don't bore people with details (they don't need to know that you've migrated from NT4 domains to a samba server. It's just an upgrade) - but, samba needs to work if you do this. Gradual transitions - don't take word away and replace it with OpenOffice. Install both for the year.
Toronto did this 50 years ago, after Hurricane Hazel hit. Many areas were hit hard so it was after this that the flood plains were reclaimed. We now have parks and golf courses instead of houses. The water has somewhere to go with minimal damage.
That's why the cost is shared in the US: the caller pays for whatever is normally paid to call a landline phone, and you pay the difference.
So I pay the cost as part of my bill because the spammers can't look up a list of cell exchanges?
On a few sites, I've been forced to block ads. Not because I don't like them, not because the javascript tags add the "interval" ads, but because they horribly slow down the page render! There are times when my browser has the rest of the content but can't render because it's "Waiting for servedby.advertising.com" or some other ad server. Blocking the ads renders the page quickly.
My favorite these days... Bell mobility has started offering caller ring tunes. Even worse, it's now a free service on some plans.
(one of the many reasons I love my SE T616. The default ring sound is called "Old Phone")
It depends on your experience. I had a Mot i60 (with the iDEN radio feature) that spent more time in repair than I actually had it. I suspected it was a bad SIM the whole time, but nobody wanted to listen. I gave up and lived with it resetting itself randomly, and crashing when I tried to answer a call.
The current phones could be just fine, but between the PPC mess and the i60 I don't see any reason to get a Motorola product again.
I did exactly that a few weeks ago, replacing my G4 powerbook with another one. Reasons?
- After 3 years, snapped hinges, required hw repairs (most recently firewire = new logic board), etc, it was time.
- It's out of applecare. That logic board is at least $700 to replace. New machine is under warranty
- The new powerbooks have many new features (to me anyways) - backlit keyboard, airport extreme, integrated bluetooth, etc.
- There's no way I'm buying Rev 1 intel anything. I think back to the Rev A iMacs that had a USB bug, my rev 1 G3 which doesn't support slave IDE devices, etc.
It will take time to work out the problems. In 2-3 years when that happens, I'll be ready to replace this machine.
Strangely enough, I find Apple has the worst password policy I've seen, in spite of their normal ease of use. Their system prevents using the same password for an entire year. My bank doesn't even go this far!
I'm not sure if it's because I had access to various developer/sales resources over time, or if it's a standard for all accounts, but it's annoying. Whenever I need to enter my password, I find I need to reset it. Now, I use an extremely insecure password.
You could have got a totally clueless rep. It happens.
My ISP, when my modem was flashing an error code (something like No Line Sync), asked me to verify that I was set for DHCP and wanted to confirm that I really couldn't release/renew.
Don't even start me on call centres in India. (Dell, Netgear, Linksys & friends)
Bayesian filters are so good that one spammer trick is to try to make their spam look like valid mail, and increase false positives. If you can't beat them, join them.
You're assuming they'll manage the passwords properly. Why spend the effort when you can be lazy?
I know of field techs at numerous companies who use a password based on the serial or model number. One of my clients with a number of higher end printers/copiers has a password of "1111" or "0000". It's set that way so that all the techs know how to get in. In some cases, there isn't a password - only a key combination (like stop-*-1)
Of course, many others quickly figure it out. I can get into maintenance menus of many photocopiers knowing this trick.
Instead, passwords should be based on something like a site number. Still accessable to the techs, but not to the random users.
Why is it dangerous to have a bad password? One tech told me a trick for free copies - either using the maint menu to "test" the machine, or going as far as to disable the pin menu or coin collector. Other machines now have many interesting options to play with - including watching an email address and printing automatically to things like LDAP lookups. Somebody could social engineer your network and get your company directory using the photocopier!
There are also dedicated firewire/av boxes. The canopus box works well from what I've heard.
Do not even think about using a dazzle hollywood. Unless they've fixed it, it likes to do things like switch randomly to PAL and in many cases won't capture properly, without something like a switcher upstream.
While I agree with you, some of their products aren't that great compared to others. Many people would be thinking twice if things were level.
I did a presentation this morning. Most people would use Powerpoint. I used Keynote. Keynote has a great feature called presentation view. I don't need to see exactly the same screen as the audience does. Presentation view shows your current slide (smaller), the upcoming slide, notes, timer and clock. I found it really kept the flow going as I knew what was coming up next. I could transition between slides during the slide transition on screen, rather than pausing between slides. A simple thing, but something microsoft should have had years ago.
And, microsoft wonders why people don't upgrade office.
Apple can move fast and change directions faster because they don't have an installed base that would hate them because they twist and turn. In PC land this can't happen because too much money is already invested in hardware and software.
In fact, it's the opposite. PC's are generally replaced every 18-36 months with something faster/cheaper/better.
Macs tend to stay running for 5 years before being replaced. So, Apple has a larger percentage of older hardware out there, and if anything more legacy hardware. Apple switched to USB in 1998, yet I can still run 10.3 on hardware with the legacy I/O.
Look at Tiger. It was released on DVD, for the convenience of not needing to swap CD's (10.3 was 3 cd's). Many macs which can run tiger don't have DVD drives. Apple felt that the change was worth it, even though many users would need to swap their DVD's for CD's.
Apple also makes transitions as easy as possible. Most recently carbon (apps run on OS 9 and OS X), previously 68K emmulation on PPC, and soon PPC emmulation on intel. Microsoft, rather than going to emmulation, builds their stuff on top of legacy stuff.
What do you think would happen to the world economy if Microsoft only would release longhorn for PPC?
FWIW, NT was available for the PPC (and Alpha). And, the new xbox is powered by a PPC. It may not be that far off.
That's true, there is a header for that. But, IIRC it indicates what file types the browser supports (it won't tell you what version of CSS is supported)
It's use though isn't really encouraged. How many apps check if the user-agent contains Mozilla, and how many look at http-accept?
Not really. MS showed no sign of slowing IE down, and for a while Apple couldn't create a web browser.
As part of MS's "investment" in Apple stock (really a court settlement, and MS made a nice profit on it), there was a 5 year agreement in which Apple agreed not to make a web browser (remember CyberDog?). It produced such famous quotes as Steve saying "IE is my browser of choice" on stage after being booed.
That agreement expired, and I'm sure Apple felt that everything else fell short. Remember, Apple's goal is not to make computer products, it's to make the best possible computer products. When Apple does something, they're usually not the first, but the reaction is "Why didn't $otherguys do that?". MS's goal is total dominance ("Windows everywhere").
MS was fairly tolerant of Apple while they didn't represent a threat. Since the release of Safari, and Apple's resulting growth, MS has been trying t push things back their way. I look at their recent "It runs on windows" commercials. They don't really say anything other than "Buy Windows XP". Or, their other campaign "Use windows because it doesn't have the legal risks of linux". They don't really tell me why I should use windows. Apple's marketing is more like "Look at me! We have spotlight indexing and all these other great things (the other guys don't have)!"
And, the MS announcement came a few weeks after Safari. MS heard the news about safari at the same time as the rest of us, debated for a few weeks, then made their decision public. The announcement wasn't worded as a "we decided to stop IE, go find something else", it was more along the lines of "We're disappointed Apple chose to make their own product instead of using our obviously superior product. So, we're dropping it." The general reaction was that MS was ok if they were dominant, but were afraid of competition.
The Mozilla/5.0 string should also go. After all, every browser is pretending to be Netscape, and it's become redundant now.
What the string should should indicate is what version of the various standards it supports. Something along the lines of:
HTML/4.0 CSS/2 PDF JPEG PNG etc.
Don't support CSS? You get the table layout. Don't support HTML 3? You get an upgrade message. Etc.
The string itself would need to be enforced by the W3C so we can't get something like MS's "we'll impliment what we want or make our own standard" attitude. Supporting CSS 2 means you support the spec entirely, and it's no indication that the browser is IE, Firefox or anything else, which means you can't code to one browser.
Once Apple released safari, microsoft stopped supporting IE on Mac. If they can't dominate, they take their toys and go home.
Many of my clients though associate WWW with IE so they still continue to use it. What Apple needs to do is recycle their "Browse the internet" app and stick that in the dock.
One of the major banks decomissioned servers which eventually wound up on ebay. The person who bought them discovered that all data was still intact.
My personal favorite is changing the minimum password length to 64 unique characters.
This happens every so often on a Mac as well, just that your only option is to click and reboot immediately. You can't say "No, restart later".
Unless, of course, you force-quit the installer.
What happens if it's a known design flaw? What if the engine mounts are known to fail at highway speeds, the engine drops out, causes a 14-car collision? GM can't say "that car was stolen so it's not our fault". Security holes are basically design flaws.
Any compromized machine (Windows or otherwise) can seriously affect other computers and lead to a loss. I spent 5 hours yesterday cleaning up the mess from one infected laptop that an employee connected to the network. Nobody could work for the entire day, until I was able to isolate all the infected machines. If a security patch could prevent this attack, should the user not be entitled to it because Windows is pirated?
Your analogy is flawed btw. Unless you're stealing the car right from the factory, it's owned by (car dealership|end-user|GM leasing|someone other than GM). Not to mention that the car is actually owned, not "licensed" from GM.
The spammers are already filling MY inboxes with garbage. I pay for my email access. I pay for bandwidth. I pay for mobile email access. My hosting company pays for storage, filtering and bandwidth for spam (passing the charges on to me). My company pays to run a server, bandwidth, and storage. I add filters (taking me away from billable hours = a financial loss to me). They adapt and find ways around my filters, causing further time to adjust them. I've lost at least 3 email addresses due to spam. My main work address is now starting to receive spam. I can't lose this address without significantly affecting my business. Each message that comes in there takes me away from a billable task. I'm just waiting for my address to start showing up as the from: line in their spam, making my business look like a spammer, when it isn't. I will not be happy when that happens.
I own and promote a business. I pay for my advertising. There are many ways to promote a business without representing a cost to the end user. So, it's only fair that I recover those costs.
Ultimately these people represent a financial loss to me and my business that I have no way of recovering, and we're debating if it's legal to fill their forms with garbage? If I can't recover my costs the least I can do is increase theirs. Or, they can send me a cheque and I'll stop.
(Don't start me about the voicemail spammers. A few debt reduction organizations will be receiving an invoice shortly. I'm paying for my cell phone for my business, not so that they can advertise theirs at my expense)
My Beige G3 has been going since '98 or so. It's even running 10.3, and with a cheap G4 upgrade, it doesn't run too badly.
I added a powerbook in 2002, although I could have waited another year if I wanted to. The powerbook is now 3 years old, and I'm really not thinking replacement until next year. (whether I go with the last PPC powerbook or wait for the intel transition to sort itself out is another question)