There's a HUGE problem with tarballs. You lose the "automatic update" features of your distro.
I have never had "automatic update" features in my "distro". Or to give them their proper name, I turn off any "automatic package breaking tools" and do manual updates on my own schedule. The only exception is systems where I don't have the opportunity to control their security exposure by limiting the surface area exposed to the LAN, WAN, or the Internet.
What I did say is the Linux has its own issues that needs to be dealt with.
And I'm saying that you're not going to fix them by improving the tools you're using to hide the problem. Microsoft has way more resources to spend on that, and is able to push way more aggressive solutions on you, and they still screw it up.
The problem isn't going to be fixed by improving the dependency management.
It's going to be fixed by reducing the dependencies.
Another problem with metrics is that you can't "test in" security, and measuring security by the number of failures is really trying to do just that.
You need to look at what the actual failures are, whether the kinds of failures are changing or not, whether there's a common cause to some class of failures and how hard it would be to address that common cause, and whether different systems tend to suffer from different kinds of failures.
Buffer overflows, for example. Everyone gets hit by buffer overflows, there's a common cause, but some of the techniques you can use to address them are easier than others. Non-executable stacks, great. Easy to do, if the hardware supports it, and doesn't have much of an impact on the developers. Changing to a language where buffer overflows can't happen? That's hard.
Code injection by playing quoting games, using '%2E%2E' or some complex Unicode string instead of '..', or telling me your name is '%34;cat%20/etc/passwd;echo%20%34'. Different symptoms, sometimes you can systematically fix them, sometimes you can't. A lot of what people think they know about these kinds of attacks is wrong, and they fix them badly and someone with a name like "d'Artagnon" finds he's a hacker.
Sandboxes. Lots of bad information about these going around. Microsoft used to say sandboxes were a bad idea, too much overhead. I don't know if they still do, but they need to come up with a fully sandboxed inherently safe version of Internet Explorer... the sooner the better. Oh, and Firefox has been playing with fire here too... and Apple needs to quit trying to sandbox dashboard at all and just treat it as another application platform... before they end up with people depending on a sandbox that isn't really there.
But the bottom line is, all the metrics in the world won't tell you whether these problems are things that vendors should be held directly accountable for, or whether they're the user's responsibility for configuring their systems correctly, or whether it's a third party plugin/cgi/component vendor that's the real problem.
1. There's more desktop software for Windows, so you don't have to work as hard to find something that's easy to install?
Or:
2. There's fewer dependencies between Windows applications, because they cost money and so having a dependency on someone else's program costs you sales?
Or:
3. Windows applications typically ship with compies of the components they're dependent on, rather than expecting the user to find them?
Or:
4. All of the above?
For server software (which is what the original article seemed to be about), I find the opposite situation holds. At least for software that's been developed in the UNIX tradition, you tend to have software that has very robust and simple interfaces that you can glue together with scripts. In Windows, you either have a standalone program that only interoperates with specific programs the vendor supports, or you have to go out and buy a bunch of packages (database servers, etcetera) that your program depends on to share data with other programs... point "2" up there no longer holds.
The thing that I've found to be a big exception to this is any of those huge Java application server programs. Those are really not "Linux" or "UNIX" applications, they're a whole new operating environment and have to be dealt with on their own merits. If they have any.
Windows also suffers from dependency problems. We call them "DLL HELL". Microsoft "solves" them by fiat... by creating a system that forcibly overrides older versions of libraries when you install applications, which is why you sometimes find you need to (or ar at least strongly urged to) reboot Windows after installing programs.
I get the same problem as the one you're talking about in Windows regularly. Unlike UNIX where you can usually, with care, install both libraries intact (if the packaging system won't let you, you can go back to the original distribution)... Windows usually leaves me telling the user they need to upgrade the older program. There's no way around it.
The problem with packaging applications (either in Windows or UNIX... don't think you don't run into packaging problems on Windows) is that they encourage people to ignore complexity because they've shoved it under the rug.
I don't use packages nearly as much as many people seem to. I go for the original source tarball myself, and most of the time all I do is "make;make install". If there's too many dependencies, my first reaction is to look for another alternative... because even when the packaging system can hide the complexity it's still there waiting to bite you.
It can take half an hour or so to configure some packages, but once I've done that installing on the next machine is automatic.
If it wasn't for package management tools, people wouldn't build such delicate dependency trees nearly as often.
You don't see this kind of problem so often in Windows because the environment is so hostile to running multiple services on a given machine that you set up separate machines for each job. Where a single UNIX box that's handling a dozen jobs might sit, you have half a rack of 1U servers or blades, each running a separate instance of Windows for a separate role.
In a way, it's the brittleness of Windows that makes it look good.
I don't know about "compatible" control keys, but I'd like more consistency in the command keys, and less dependence on click-key combos. I'd also like to be able to disable "click-and-hold" and "control-click" an force all applications to just use right-click when a multi-button mouse is available.
Finally, the appropriate solution would be to give the user the choice of setting up the toolbar (like Mail.app) with every possible leaf in the menu-tree. Why bicker about "save", when all the leaves in the menu should be allowable targets for the user to put into the toolbar?
Oh yes, I'd also like to be able to add any of these leaves to the contextual menu, too... in fact the toolbar configuration should be expanded to allow you to put any menu item, toolbar icon, or service into either the toolbar or the contextual menu. INCLUDING putting the whole menu in there if I want, so I don't have to go back to the top of the screen all the time.
(and before people start going on about Fitts Law, remember that there's five Fitts Law best-targets on the screen, and one is "where the mouse is")
Perhaps a mechanism to allow for user-specified sort routines, so the user can choose however they want.
Hell yes. And not just in Finder windows, let me sort by date in file open dialogs as well. Or better yet, give me a button in the file open dialog that'll open the corresponding Finder window and turn the dialog into a drag target.
The one feature that Microsoft Windows used to have (I haven't checked recently) is the ability to maneuver around the system without a mouse. I'm not talking about a gazillion shortcut keys, but rather the ability to actually Get Work Done when you have no mouse at all hooked up to the system (or the mouse is buried under a pile of paper and you just need to quickly do some otherwise GUI-based task).
They screwed it up a bit in Windows 9x with the task bar, but mostly this capability is still intact. The one big problem is that you can't cursor into most tooolbars any more, you're expected to use the menus for the corresponding actions... and this has become a problem because some applications no longer have menu actions for all toolbar actions.
Turning on Universal Keyboard Access helps some, but it's still nowhere near complete.
I'd be happy enough with the Amiga solution (Amiga-Arrow keys would move the mouse pointer, and Amiga-Return would send a mouse-click),
You already have this, pretty much. You can turn mouse keys on in Universal Access, and it sucks. It's NOT a viable alternative to Windows keyboard control.
A guy I'm doing some work for bought an Apple Pro keyboard and Apple Pro mouse for me to use while I'm at his office.
The next weekend I disappointed him by turning up with a Microsoft mouse and a used Dell keyboard. The Apple Pro mouse is just too finicky for me to use, and the keyboard just feels sloppy.
I just unpacked an ISDN router, and there was a prominent warning in the box that if I'm using an ISDN phone that 911 service can't be guaranteed in the face of a power failure.
I don't see why VoIP services should be required to do more than prominently display similar warnings.
Good point. I had to get a new keyboard when I Switched, because while I find the Windows key(s) really annoying and pointless under Windows without it you don't have a Command key on OSX.
What do you use it for on Windows, anyway? I've had this T23 for a couple of years now and I'd never noticed it was missing until you mentioned it.
Add in 512 ram, 60GB HDD, bluetooth, then compare the price. Only ~$300 in difference. Don't compare completely different machines.
Why not? I didn't say "it's $500 more and it's not worth it", I just said "it's $500 more". If you can't afford that $500, it doesn't matter what you get for it.
This is the mistake that people keep making over and over and over again. They go, "look, the Mac Mini costs more than an entry level PC, but you get firewire and this and that and something else". People with a limited budget don't operate that way, they buy what they can afford. And if what they can afford is a 12" iBook, then that's what they buy. The fact that they can get a bettermachine for $500 more is irrelevant.
--------- And someone who thinks a "-1 Flamebait" is too important to put his name on a posting... well, "Anonymous Coward" is too kind.
GOD that thing got on my -ing nerves the way it just blocked me from doing ANYTHING whenever a couple of applications were sitting there doing some kind of Alphonse-Gaston dithering deciding who was going to have the mouse and screen.
Why couldn't Apple have taken advantage of the 68000-PPC switch to get rid of that stinking excuse of a joke of an OS called "Mac OS".
Most people who are willing to purchase an Apple are not the kind of people who do things in half measures and would probably fork out the extra coinage for a Powerbook.
Do you know how many folks are sill using OS9 on a G3? I would guess 100's of thousands.
Hello, folks, OS9 is dead. It died when Apple dropped the "G4 that still boots OS 9" from the Apple Store and nobody bitched about it. That's when Steve Jobs realised he could finally stake it through the heart like he wanted to do back in 1997. I'm running Jaguar on a 7500 and Panther on a Rev D iMac G3. Anyone with a Mac newer than those should be running OS X.
Some Mac vendors -first- OS X version of software just came out -this- year.
After using a Thinkpad with a 14 inch SXGA+ (1400x1050) and a Zaurus with 640x480 on a 3.7 inch display for a couple of years, the usual 15-in XGA seems positively clunky.
Yeh.
Oh yeh.
The Thinkpad is just generally a nicer computer to actually use, for all it doesn't have the cool deLoreon body.
I'll tell you what, Apple. You sell me a copy of OSX Intel I can run on my Thinkpad T23, I'll pay the $500 "Mac Tax" you'd have got by selling me a Powerbook straight into your pocket. I'd make do with a high-res PB, but what I really want is a Thinkpad running OS X.
Presumably they only have a limited number of images. The phisher can display one of the possible sitekey images at random. They will only catch at most 1/N victims, but they will have a better chance of catching the 1/N that they do match because that person will have seen the right sitekey.
That doesn't mean it wouldn't be nicer to have a system where all storage is fast, and the programmer doesn't have to worry about what is "important".
I've been programming for more than a quarter of a century now. Over this period, the memory hierarchy has gotten deeper, not shallower, and the difference in latency between the processor and storage has increased a millionfold. In the '60s some computers executed directly from rotating storage (cite: The Story of Mel). In the '70s the program and all data fit in physical RAM and the speed difference between registers and memory was small enough for memory-memory architectures to be realistic. Now you have registers mere nonseconds away, three levels of increasingly slower and larger cache, buffers in the RAM chips themselves, local disk, network file systems, and web-served files that can be seconds away. For a gighertz processor, a modest desktop computer in 2005, the ratio between the fastest and slowest storage is a billion to one.
I don't anticipate a system where "all storage is fast" any time soon.
I've unchecked "allow web sites to install software" and removed everything from the whitelist
Good call. That should eliminate a lot of attacks. There's still problems with URIs in places like the bookmark bar (in favicons, I believe, though they cought that one) being followed with "chrome" enabled. The only really critical extension for me is Flashblock, and luckily that works in Camino.
I'm surprised there isn't a better Gecko browser than that. What about KHTML? Is this actually a category where the Mac has more options available than Windows? We have IE, Firefox, Camino, Safari, Shiira, iCab, Opera, and Omniweb. Opera, IE, and iCab use their own engines, Omniweb used to use its own (it started on NeXT) but is now Webkit based, as are Safari and Shiira. Firefox and Camino obviously use Gecko.
As long as the browser allows some form of plug-in which can intercept URL requests... it's going to be vulnerable to spyware.
I'm sorry, I don't understand what the browser or the plugin has to do with this. You're describing a social engineering attack. Once someone has used social engineering to run code on your computer (whether by having you download and install an application, or by having you download and install a plugin, or by having you download and run a standaline application) that's "game over". They can do anything they want.
There's no "big gaping hole" in the browser that allows this, there's simply the fact that the user has the privileges necessary to, whether from the browser or from Windows Explorer or from the shell, run an unsandboxed application.
The security hole in Internet Explorer has nothing to do with the fact that you can install plugins in it, it has only to do with how you do it.
It has been possible to install plugins, or to download and install applications, or download and run scripts, on all personal computers running all operating systems since the very first primitive bulletin board systems went up in the '70s... mere moments after personal computers became available.
Up until the late '90s, though, it was pretty much impossible for someone to launch code on your computer without you explicitly downloading and requesting the execution of that code. Oh, there had been occasional exceptions, but they never lasted long and they were never the mechanism of choice for virus distribution. Social engineering and file sharing were. So long as you were aware of the possibility of social engineering, and didn't run files other people left for you, you were safe.
There used to be a joke about a virus that you could get by just reading an email. It was the "GOOD TIMES" virus. It was a joke because everyone knew that nobody would be so stupid as to write a mail program or bulletin board client (terminal program, browser, what have you) that let someone you didn't know run code on your computer. That was insane.
The Microsoft HTML control was the first program, ever, that I am aware of that contained a mechanism to launch unsandboxed applications (scripts or plugins) from a remote site. When I saw how IE and the desktop were being integrated, I went to our managers and I said 'this is a security problem. I don't know what's going to happen, but I know that this program is going to be used to break in to people's computers. I want to ban this program from our site'. They said 'OK'. now, I suspected that the first exploits would be through Active Desktop, I was wrong about that, but I wasn't wrong about it being bad.
We used Netscape and then Mozilla for years. We occasionally had someone social-engineered into downloading and running some piece of malware, whether through email or through the web, but it was rare. Almost all of the times that I was called out to disinfect or reinstall someone's computer, it was because someone had violated our policy and used Outlook, Outlook Express, or Internet Explorer.
Later, when our parent company forced us to cahnge that policy, things got worse. But still, while I occasionally had people come to me and say "I clicked OK again, Peter, I'm sorry"... I never had them say "I downloaded and ran/installed an application/plugin and it was infected" more than once. Because there is a HUGE difference between "clicking OK" and explicitly running a program.
THAT, my friend, is the "real world". In the real world, the distance between the Microsoft HTML control and any other component used in a browser, mail program, or other application used to view remote content is so huge that equating one to the other, even when there's problems in the other application as there are in Firefox, is simply ludicrous.
It's got nothing to do with one having more choices or features, it has to do with Internet Explorer and all other applications using the Microsoft HTML
I don't see why it makes any difference if the platform is a lame duck or not. A computer is not an investment, it's an expense: whatever machine you buy is going to have zero effective value in a few years. If you have a reason to want a Power PC running Linux, then whether it's going to have a slightly greater or lesser residual value when you get rid of it is irrelevant... if you're running Linux then Apple's marketing plans have no effect on you one way or the other.
Conversely... if you don't actually care what the CPU architecture is, and have plenty of x86 capability, then there's no point in buying a Power PC to run Linux on regardless of whether Apple's EOLed the model line or not.
From what I can gather you're asking the Mozilla team to change their current assumptions on how software should be install and how privileges work with the XPI system.
Yes, but by no means as great a degree as you seem to think.
I would like to address your first point. Where you stated that XPIs should not be initiated from a web page.
That's correct.
Which the point of this is to allow a cross platform installer.
It's not necessary to allow XPI to be installed by a remote web site to allow a cross-platform installer. You don't need to have files opened in a web page to have a cross-platform "open file". You don't need to have bookmarks opened in a web page to have a cross platform "install bookmarks". I'm not saying "don't use chrome and javascript to install a package", I'm saying "don't allow the installation process to be initiated from a webpage". Let the user select "install extension" from a menu, and then select the file they downloaded, and THEN the current installation mechanism can go forward.
Because if by whitelisting a site you grant webpages opened from that site additional rights (the rights to initiate an install, and whatever other steps are necessary to reach that point) you open yourself up to an exploit using those rights from that site, either by injection through a link (as in the recent security fix) or by simple HTML injection through any form on that site.
[I believe] the current rules in place by the Firefox developers are well minded and do a good job at keep malware base XPIs from getting into a system
I don't. Most of the fixes in the post-1.0 security releases would not have been necessary if the design of Firefox was inherently safe. It's very close, but it's not quite there. Getting it there would not be difficult, nor would it reduce the flexibility of the system, it's just a matter of arranging things so that the default state of any "eval" operation (whether from a 'trusted' script or not) is 'untrusted', and that the operation in which a script's rights are revoked is immutably one-way.
What is to stop a script from running that adds in malicious extensions or plugins to firefox?
Um, the fact that there's no mechanism in Firefox for a script to automatically install malicious extensions or plugins. The user has to:
1. Open a form and add the current web page to a white-list. 2. Request the same installation again. 3. Wait for a timer to count down to make sure that the user isn't automatically clicking "OK". 4. Click "OK".
I agree that this is really not stringent enough. The user should download the extension like any other file then explicitly install it. But compared to the IE experience --
1. Click "OK" on a routine jargon-filled dialog.
-- it's clear that while the Firefox installer is a bad design from a security standpoint, but it's bad like littering, not bad like grand theft auto.
There's a HUGE problem with tarballs. You lose the "automatic update" features of your distro.
I have never had "automatic update" features in my "distro". Or to give them their proper name, I turn off any "automatic package breaking tools" and do manual updates on my own schedule. The only exception is systems where I don't have the opportunity to control their security exposure by limiting the surface area exposed to the LAN, WAN, or the Internet.
What I did say is the Linux has its own issues that needs to be dealt with.
And I'm saying that you're not going to fix them by improving the tools you're using to hide the problem. Microsoft has way more resources to spend on that, and is able to push way more aggressive solutions on you, and they still screw it up.
The problem isn't going to be fixed by improving the dependency management.
It's going to be fixed by reducing the dependencies.
Another problem with metrics is that you can't "test in" security, and measuring security by the number of failures is really trying to do just that.
You need to look at what the actual failures are, whether the kinds of failures are changing or not, whether there's a common cause to some class of failures and how hard it would be to address that common cause, and whether different systems tend to suffer from different kinds of failures.
Buffer overflows, for example. Everyone gets hit by buffer overflows, there's a common cause, but some of the techniques you can use to address them are easier than others. Non-executable stacks, great. Easy to do, if the hardware supports it, and doesn't have much of an impact on the developers. Changing to a language where buffer overflows can't happen? That's hard.
Code injection by playing quoting games, using '%2E%2E' or some complex Unicode string instead of '..', or telling me your name is '%34;cat%20/etc/passwd;echo%20%34'. Different symptoms, sometimes you can systematically fix them, sometimes you can't. A lot of what people think they know about these kinds of attacks is wrong, and they fix them badly and someone with a name like "d'Artagnon" finds he's a hacker.
Sandboxes. Lots of bad information about these going around. Microsoft used to say sandboxes were a bad idea, too much overhead. I don't know if they still do, but they need to come up with a fully sandboxed inherently safe version of Internet Explorer... the sooner the better. Oh, and Firefox has been playing with fire here too... and Apple needs to quit trying to sandbox dashboard at all and just treat it as another application platform... before they end up with people depending on a sandbox that isn't really there.
But the bottom line is, all the metrics in the world won't tell you whether these problems are things that vendors should be held directly accountable for, or whether they're the user's responsibility for configuring their systems correctly, or whether it's a third party plugin/cgi/component vendor that's the real problem.
In Windows you don't NEED source.
OK, are you talking about:
1. There's more desktop software for Windows, so you don't have to work as hard to find something that's easy to install?
Or:
2. There's fewer dependencies between Windows applications, because they cost money and so having a dependency on someone else's program costs you sales?
Or:
3. Windows applications typically ship with compies of the components they're dependent on, rather than expecting the user to find them?
Or:
4. All of the above?
For server software (which is what the original article seemed to be about), I find the opposite situation holds. At least for software that's been developed in the UNIX tradition, you tend to have software that has very robust and simple interfaces that you can glue together with scripts. In Windows, you either have a standalone program that only interoperates with specific programs the vendor supports, or you have to go out and buy a bunch of packages (database servers, etcetera) that your program depends on to share data with other programs... point "2" up there no longer holds.
The thing that I've found to be a big exception to this is any of those huge Java application server programs. Those are really not "Linux" or "UNIX" applications, they're a whole new operating environment and have to be dealt with on their own merits. If they have any.
Windows also suffers from dependency problems. We call them "DLL HELL". Microsoft "solves" them by fiat... by creating a system that forcibly overrides older versions of libraries when you install applications, which is why you sometimes find you need to (or ar at least strongly urged to) reboot Windows after installing programs.
I get the same problem as the one you're talking about in Windows regularly. Unlike UNIX where you can usually, with care, install both libraries intact (if the packaging system won't let you, you can go back to the original distribution)... Windows usually leaves me telling the user they need to upgrade the older program. There's no way around it.
The problem with packaging applications (either in Windows or UNIX... don't think you don't run into packaging problems on Windows) is that they encourage people to ignore complexity because they've shoved it under the rug.
I don't use packages nearly as much as many people seem to. I go for the original source tarball myself, and most of the time all I do is "make;make install". If there's too many dependencies, my first reaction is to look for another alternative... because even when the packaging system can hide the complexity it's still there waiting to bite you.
It can take half an hour or so to configure some packages, but once I've done that installing on the next machine is automatic.
If it wasn't for package management tools, people wouldn't build such delicate dependency trees nearly as often.
You don't see this kind of problem so often in Windows because the environment is so hostile to running multiple services on a given machine that you set up separate machines for each job. Where a single UNIX box that's handling a dozen jobs might sit, you have half a rack of 1U servers or blades, each running a separate instance of Windows for a separate role.
In a way, it's the brittleness of Windows that makes it look good.
I don't know about "compatible" control keys, but I'd like more consistency in the command keys, and less dependence on click-key combos. I'd also like to be able to disable "click-and-hold" and "control-click" an force all applications to just use right-click when a multi-button mouse is available.
Definitely agree on the scroll mice.
Finally, the appropriate solution would be to give the user the choice of setting up the toolbar (like Mail.app) with every possible leaf in the menu-tree. Why bicker about "save", when all the leaves in the menu should be allowable targets for the user to put into the toolbar?
Oh yes, I'd also like to be able to add any of these leaves to the contextual menu, too... in fact the toolbar configuration should be expanded to allow you to put any menu item, toolbar icon, or service into either the toolbar or the contextual menu. INCLUDING putting the whole menu in there if I want, so I don't have to go back to the top of the screen all the time.
(and before people start going on about Fitts Law, remember that there's five Fitts Law best-targets on the screen, and one is "where the mouse is")
Perhaps a mechanism to allow for user-specified sort routines, so the user can choose however they want.
Hell yes. And not just in Finder windows, let me sort by date in file open dialogs as well. Or better yet, give me a button in the file open dialog that'll open the corresponding Finder window and turn the dialog into a drag target.
The one feature that Microsoft Windows used to have (I haven't checked recently) is the ability to maneuver around the system without a mouse. I'm not talking about a gazillion shortcut keys, but rather the ability to actually Get Work Done when you have no mouse at all hooked up to the system (or the mouse is buried under a pile of paper and you just need to quickly do some otherwise GUI-based task).
They screwed it up a bit in Windows 9x with the task bar, but mostly this capability is still intact. The one big problem is that you can't cursor into most tooolbars any more, you're expected to use the menus for the corresponding actions... and this has become a problem because some applications no longer have menu actions for all toolbar actions.
Turning on Universal Keyboard Access helps some, but it's still nowhere near complete.
I'd be happy enough with the Amiga solution (Amiga-Arrow keys would move the mouse pointer, and Amiga-Return would send a mouse-click),
You already have this, pretty much. You can turn mouse keys on in Universal Access, and it sucks. It's NOT a viable alternative to Windows keyboard control.
A guy I'm doing some work for bought an Apple Pro keyboard and Apple Pro mouse for me to use while I'm at his office.
The next weekend I disappointed him by turning up with a Microsoft mouse and a used Dell keyboard. The Apple Pro mouse is just too finicky for me to use, and the keyboard just feels sloppy.
I just unpacked an ISDN router, and there was a prominent warning in the box that if I'm using an ISDN phone that 911 service can't be guaranteed in the face of a power failure.
I don't see why VoIP services should be required to do more than prominently display similar warnings.
Where's your Windows key? :-P
Good point. I had to get a new keyboard when I Switched, because while I find the Windows key(s) really annoying and pointless under Windows without it you don't have a Command key on OSX.
What do you use it for on Windows, anyway? I've had this T23 for a couple of years now and I'd never noticed it was missing until you mentioned it.
Add in 512 ram, 60GB HDD, bluetooth, then compare the price. Only ~$300 in difference. Don't compare completely different machines.
Why not? I didn't say "it's $500 more and it's not worth it", I just said "it's $500 more". If you can't afford that $500, it doesn't matter what you get for it.
This is the mistake that people keep making over and over and over again. They go, "look, the Mac Mini costs more than an entry level PC, but you get firewire and this and that and something else". People with a limited budget don't operate that way, they buy what they can afford. And if what they can afford is a 12" iBook, then that's what they buy. The fact that they can get a bettermachine for $500 more is irrelevant.
---------
And someone who thinks a "-1 Flamebait" is too important to put his name on a posting... well, "Anonymous Coward" is too kind.
Clearly patience is a virtue you have in spades.
Not as much as someone who's running OS9.
GOD that thing got on my -ing nerves the way it just blocked me from doing ANYTHING whenever a couple of applications were sitting there doing some kind of Alphonse-Gaston dithering deciding who was going to have the mouse and screen.
Why couldn't Apple have taken advantage of the 68000-PPC switch to get rid of that stinking excuse of a joke of an OS called "Mac OS".
Most people who are willing to purchase an Apple are not the kind of people who do things in half measures and would probably fork out the extra coinage for a Powerbook.
Two words. Mac mini.
Note, selected models will feature the NEC V20, depending on availability and demand.
Will they include CP/M-80 emulation so we can finally run Microsoft M80 and L80 on a Mac?
Plus, what about Alpha-based models? We need dual-boot to either Tru64 or VMS, of course.
Do you know how many folks are sill using OS9 on a G3? I would guess 100's of thousands.
Hello, folks, OS9 is dead. It died when Apple dropped the "G4 that still boots OS 9" from the Apple Store and nobody bitched about it. That's when Steve Jobs realised he could finally stake it through the heart like he wanted to do back in 1997. I'm running Jaguar on a 7500 and Panther on a Rev D iMac G3. Anyone with a Mac newer than those should be running OS X.
Some Mac vendors -first- OS X version of software just came out -this- year.
Dino-bloody-sores.
After using a Thinkpad with a 14 inch SXGA+ (1400x1050) and a Zaurus with 640x480 on a 3.7 inch display for a couple of years, the usual 15-in XGA seems positively clunky.
Yeh.
Oh yeh.
The Thinkpad is just generally a nicer computer to actually use, for all it doesn't have the cool deLoreon body.
I'll tell you what, Apple. You sell me a copy of OSX Intel I can run on my Thinkpad T23, I'll pay the $500 "Mac Tax" you'd have got by selling me a Powerbook straight into your pocket. I'd make do with a high-res PB, but what I really want is a Thinkpad running OS X.
12" ... $1499 - $999 = $500 ... $1999 - $1499 = $500
15"
You pick your "sitekey" image from their website?
Presumably they only have a limited number of images. The phisher can display one of the possible sitekey images at random. They will only catch at most 1/N victims, but they will have a better chance of catching the 1/N that they do match because that person will have seen the right sitekey.
That doesn't mean it wouldn't be nicer to have a system where all storage is fast, and the programmer doesn't have to worry about what is "important".
I've been programming for more than a quarter of a century now. Over this period, the memory hierarchy has gotten deeper, not shallower, and the difference in latency between the processor and storage has increased a millionfold. In the '60s some computers executed directly from rotating storage (cite: The Story of Mel). In the '70s the program and all data fit in physical RAM and the speed difference between registers and memory was small enough for memory-memory architectures to be realistic. Now you have registers mere nonseconds away, three levels of increasingly slower and larger cache, buffers in the RAM chips themselves, local disk, network file systems, and web-served files that can be seconds away. For a gighertz processor, a modest desktop computer in 2005, the ratio between the fastest and slowest storage is a billion to one.
I don't anticipate a system where "all storage is fast" any time soon.
I've unchecked "allow web sites to install software" and removed everything from the whitelist
Good call. That should eliminate a lot of attacks. There's still problems with URIs in places like the bookmark bar (in favicons, I believe, though they cought that one) being followed with "chrome" enabled. The only really critical extension for me is Flashblock, and luckily that works in Camino.
What about a KHTML browser for Windows?
I'm surprised there isn't a better Gecko browser than that. What about KHTML? Is this actually a category where the Mac has more options available than Windows? We have IE, Firefox, Camino, Safari, Shiira, iCab, Opera, and Omniweb. Opera, IE, and iCab use their own engines, Omniweb used to use its own (it started on NeXT) but is now Webkit based, as are Safari and Shiira. Firefox and Camino obviously use Gecko.
As long as the browser allows some form of plug-in which can intercept URL requests... it's going to be vulnerable to spyware.
I'm sorry, I don't understand what the browser or the plugin has to do with this. You're describing a social engineering attack. Once someone has used social engineering to run code on your computer (whether by having you download and install an application, or by having you download and install a plugin, or by having you download and run a standaline application) that's "game over". They can do anything they want.
There's no "big gaping hole" in the browser that allows this, there's simply the fact that the user has the privileges necessary to, whether from the browser or from Windows Explorer or from the shell, run an unsandboxed application.
The security hole in Internet Explorer has nothing to do with the fact that you can install plugins in it, it has only to do with how you do it.
It has been possible to install plugins, or to download and install applications, or download and run scripts, on all personal computers running all operating systems since the very first primitive bulletin board systems went up in the '70s... mere moments after personal computers became available.
Up until the late '90s, though, it was pretty much impossible for someone to launch code on your computer without you explicitly downloading and requesting the execution of that code. Oh, there had been occasional exceptions, but they never lasted long and they were never the mechanism of choice for virus distribution. Social engineering and file sharing were. So long as you were aware of the possibility of social engineering, and didn't run files other people left for you, you were safe.
There used to be a joke about a virus that you could get by just reading an email. It was the "GOOD TIMES" virus. It was a joke because everyone knew that nobody would be so stupid as to write a mail program or bulletin board client (terminal program, browser, what have you) that let someone you didn't know run code on your computer. That was insane.
The Microsoft HTML control was the first program, ever, that I am aware of that contained a mechanism to launch unsandboxed applications (scripts or plugins) from a remote site. When I saw how IE and the desktop were being integrated, I went to our managers and I said 'this is a security problem. I don't know what's going to happen, but I know that this program is going to be used to break in to people's computers. I want to ban this program from our site'. They said 'OK'. now, I suspected that the first exploits would be through Active Desktop, I was wrong about that, but I wasn't wrong about it being bad.
We used Netscape and then Mozilla for years. We occasionally had someone social-engineered into downloading and running some piece of malware, whether through email or through the web, but it was rare. Almost all of the times that I was called out to disinfect or reinstall someone's computer, it was because someone had violated our policy and used Outlook, Outlook Express, or Internet Explorer.
Later, when our parent company forced us to cahnge that policy, things got worse. But still, while I occasionally had people come to me and say "I clicked OK again, Peter, I'm sorry"... I never had them say "I downloaded and ran/installed an application/plugin and it was infected" more than once. Because there is a HUGE difference between "clicking OK" and explicitly running a program.
THAT, my friend, is the "real world". In the real world, the distance between the Microsoft HTML control and any other component used in a browser, mail program, or other application used to view remote content is so huge that equating one to the other, even when there's problems in the other application as there are in Firefox, is simply ludicrous.
It's got nothing to do with one having more choices or features, it has to do with Internet Explorer and all other applications using the Microsoft HTML
I don't see why it makes any difference if the platform is a lame duck or not. A computer is not an investment, it's an expense: whatever machine you buy is going to have zero effective value in a few years. If you have a reason to want a Power PC running Linux, then whether it's going to have a slightly greater or lesser residual value when you get rid of it is irrelevant... if you're running Linux then Apple's marketing plans have no effect on you one way or the other.
Conversely... if you don't actually care what the CPU architecture is, and have plenty of x86 capability, then there's no point in buying a Power PC to run Linux on regardless of whether Apple's EOLed the model line or not.
From what I can gather you're asking the Mozilla team to change their current assumptions on how software should be install and how privileges work with the XPI system.
Yes, but by no means as great a degree as you seem to think.
I would like to address your first point. Where you stated that XPIs should not be initiated from a web page.
That's correct.
Which the point of this is to allow a cross platform installer.
It's not necessary to allow XPI to be installed by a remote web site to allow a cross-platform installer. You don't need to have files opened in a web page to have a cross-platform "open file". You don't need to have bookmarks opened in a web page to have a cross platform "install bookmarks". I'm not saying "don't use chrome and javascript to install a package", I'm saying "don't allow the installation process to be initiated from a webpage". Let the user select "install extension" from a menu, and then select the file they downloaded, and THEN the current installation mechanism can go forward.
Because if by whitelisting a site you grant webpages opened from that site additional rights (the rights to initiate an install, and whatever other steps are necessary to reach that point) you open yourself up to an exploit using those rights from that site, either by injection through a link (as in the recent security fix) or by simple HTML injection through any form on that site.
[I believe] the current rules in place by the Firefox developers are well minded and do a good job at keep malware base XPIs from getting into a system
I don't. Most of the fixes in the post-1.0 security releases would not have been necessary if the design of Firefox was inherently safe. It's very close, but it's not quite there. Getting it there would not be difficult, nor would it reduce the flexibility of the system, it's just a matter of arranging things so that the default state of any "eval" operation (whether from a 'trusted' script or not) is 'untrusted', and that the operation in which a script's rights are revoked is immutably one-way.
What is to stop a script from running that adds in malicious extensions or plugins to firefox?
Um, the fact that there's no mechanism in Firefox for a script to automatically install malicious extensions or plugins. The user has to:
1. Open a form and add the current web page to a white-list.
2. Request the same installation again.
3. Wait for a timer to count down to make sure that the user isn't automatically clicking "OK".
4. Click "OK".
I agree that this is really not stringent enough. The user should download the extension like any other file then explicitly install it. But compared to the IE experience --
1. Click "OK" on a routine jargon-filled dialog.
-- it's clear that while the Firefox installer is a bad design from a security standpoint, but it's bad like littering, not bad like grand theft auto.