Well, the actual purpose of this law is to stop stores from carrying 'M' rated games, much as they do not carry 'AO' rated games currently. They don't carry 'AO' games because if they do, they open themselves up to legal problems, and if this law sticks, retail stores in Illinois will stop carrying 'M' rated games.
I'm not sure that I follow you. This measure will not stop stores from carrying anything. It will require a label on certian games (similar to explicit lyrics labels on music) and it will require stores to check ID's to ensure that they're not selling games to kids. While I think it's a little excessive, it will not stop stores from doing anything other than selling to minors. If this is the beginning and end of the video game legislation, I'll be pretty content.
Stores who do not carry AO games are generally the same stores who do not carry NC-17 videos...like Walmart and Blockbuster who want to retain a middle-america 'family' image. Have you noticed the parallels between the ESRB and MPAA rating systems? They're practically identical, except that they have an EC rating (for Early Childhood). Their E (everyone) is synomous with G (General Audiences). E10+ is synomous with PG. T=PG-13, M=R, and AO=NC-17. The only difference (in this case) is that video games are a new enough media that legislators can beat up on them and issue legal mandates for the rating system (unlike the MPAA/movie industry, which is a self-imposed watchdog service) until a federal court case settles the legal and constitutional issues. In this case, IL is making a law which says that "R" rated games can't be sold to kids. Again, I think that it goes just a little too far (in not letting the industry regulate itself), but it's not the end of the world.
You have to be proven to have known that the goods were stolen, otherwise there is no crime.
Also remember that software piracy!=theft. Without making any judgement on the ethics of software piracy itself, they're simply not the same thing in the eyes of the law.
Most of this is designed to protect investors from companies cooking their books, but it holds company executives directly (criminally) responsible for their company's financial misdeeds (whether or not they were aware of them). It didn't really work against Healthsouth CEO Scrushy, which is a bummer (because the guy is a total crook)...but I believe that this was a case of an incompotent prosecutor rather than a poorly written law.
All I'm saying is that Unix (and its security model) is not a silver bullet for anything. The previous poster to whom I was responding made a few remarks which just didn't make any sense to me -- so I refuted them with specific examples of where Unix security hasn't been up to par...and again, not that I think dislike most Unix-ish OS'es - I never made that claim. This user clearly hadn't been using Unix (or Unix-like) systems for very long. I didn't say that I thought that Microsoft had done a particularly good job with their security -- their track record tends to prove otherwise.
In the case of malware, I am arguing that it will go to whatever the most the most widely used desktop platform is. It has very little to do with security, since the only concern is exploiting an account in userspace. My comments also had nothing to do with actual OS security and the OS with the most market share. We're not having a scientific discussion here. There is no data, because commercial malware is a relatively new phonomena. I think that we'll agree that it all comes down to the user. That was my original point: want better security, build a better user.
You are right, however, it is a tired argument. Where it ended up was not where I had intended to go.
To all of you long time decisive unix users, tally up all of the Unix exploits since it's existence. Then tally up all the Windows exploits since it's existence. If you are going to compare OS to OS then this must be a requirement.
I don't think that this tells us anything. To begin with, you're talking about a ~40 year old OS (which, at this point has become more of a concept than an OS -- with all of the varaints) and comparing the number of bugs to an OS family that's less than 20 years old. Also, are you just talking about the kernel, or the kernel and all of the associated applications and services? Microsoft tried to use these metrics to show that Microsoft's OS'es were more secure than Linux. It didn't convince me of anything then and it wouldn't if it 'showed' that Linux were more secure.
Not every OS was built with security as an after-thought.
Agreed, and it's a good point. This is sort of what I was talking about with privelege separation, and specifically differentiating between user space and kernel space. It's a good start, and is inherent to just about any true multi-user multitasking OS that has come since then (it's inherent to multi-user OS'es with lots of IPC...also critical to protected memory systems). However, remember that system security in the 60's was vastly different from today's landscape. Perhaps I should hone my original point to say that security was an afterthought in desktop systems and networking protocols (mainly because the networks weren't dangerous places), and TCP/IP itself (as well as the associated applications) was designed to be very trusting and didn't have much in the way of security.
Again, you're right -- OS'es like Multics were designed with security as more than an afterthought, but think about how much the concept of security has changed over the last ten years. With the exception of physical security, practically everything has needed some sort of overhauling.
They're also realizing they can't migrate and evolve (open-source technology) as much as they had thought. For example, U.S. company Flyi.com handles about 90 percent of travel reservations through their online portal, which they run on Linux and Apache.
The systems were running fine until the company had a huge spike in traffic, and there were all kinds of downtime issues. So they did the upgrades, added a few servers, some hardware, some memory and new technologies around the Web site to do more customer relationship database tracking. It was all very complex, and some of the seams of the Linux architecture were beginning to show.
So he's saying that they reached the limitations of their hardware and it had to scale? Is Microsoft software somehow immune from the need to scale as the requirements grow? If this is the case, a Microsoft OS would be the better choice. I would hail all kinds of MS solutions if they could pull other magical abilities out of their hat. We all know that this is BS -- requirements change, demands on systems change, and hardware must be scaled, regardless of the platform. Until then, claims like that are simply FUD and double-talk. He's not actaully saying anything, he's just instilling a little fear in the back of managers minds.
What's funny is that many of these arguments are largely an attack on a licensing model, and it actually has very little to do with the quality of the products. Contrary to RMS' belief, I don't think that the license model necessarily dictates the quality of the software. There are plenty of excellent commercial, closed products out there in the marketplace. There alre also plenty of these products which are absolute garbage. The same goes for OSS, I've seen brilliant stuff and I've seen crappy stuff -- neither are a silver bullet.
Taylor does make at least one good point, however:
But at the end of the day, people want to deploy technology to solve business problems, be it Windows, Linux, BSD and so on.
In many circumstances, people like IT managers don't care about seeing the code. It's not everyone -- there are lots of groups who have a specific need for custom solutions...however I'm talking more about the small-mid size IT group. These IT managers are generally decision-makers, and don't want to ever touch the source code. Many don't even want to hire people to muck about the code...especially in small to mid sized companies. I'm not talking about the idealist hobbyists here, who will sit around and pour through source code all day long looking to understand it, modify it, or break it...or those who build all of their binaries from source, adding in every possible optimization for their target platform. With many of those professionals, it's not about the license model. It's about the solution in the end. Most people like this who I have worked with are generally platform agnostic, and will run whatever it takes to get the job done.
This is not about updates and exploits, it's about tricking users into running code that they otherwise wouldn't want to. It's not about code running in kernel space with the evil bit set. You can use a machine for a spam or DDoS zombie without ever touching kernel space. You can also destroy all user data in user space. I'll say it again, security is no better than your weakest link. In this case, its the user.
driving is a privilege not a right. there are certain things we trade to live in a free society, such as unlimited freedoms "I'll wherever, whenever, however" with basic safety. a traffic ticket is not a crime, it is a code violation, that's all.
Even citizens accused of civil citations (code violations, as you put it) deserve proper protection under the law.
Further, many traffic tickets are actaully crimes. In many states, speeding 20 MPH over the posted speed limit can be deemed reckless driving by the arresting officer...this is typically a misdemeanor. However, the evidence is still accepted as prima facie, and the driver is still preumed guilty until proven innocent. Sadly, this is widely abused across the country by many municipalities in order to enhance local revenue.
We(society) accept traffic cops and their patrolling of the streets to keep us safe. (This is not the same as "law enforcement though.) We must follow traffic laws or else we'll be unable to drive anywhere.
I sure don't accept many of their practices, including speed traps, DUI roadblocks, and red light cameras...particularly the latter, where the accused is not even given a chance to face their accusor.
FWIW, I agree that we live in a society where we seem to have a sense of entitlement. It's a bummer. However, I still think that much of our speed enforcement as well as the 'justice' system surrounding it is a freaking joke. Criminal justice of any kind should not be treated in the cavalier manner that it is in the traffic system.
Is Linux plagued by viruses and adware and popups, despite having more exposure to crackers than OS X? After all, people writing Windows malware for PCs are more likely to try exploiting Linux than an OS on an entirely different hardware platform.
It's not about the amount of exposure. It's not like there are teams of crackers working around the clock to write malware for alternative platforms and they just can't seem to figure out how to get in. I also want to point out to you that Linux has no known issues with spyware because there is very little (if any) commercial interest behind writing applications like this for an OS which is not widely used on the desktop (compared to the dominant OS). Furthermore, Linux is pretty architecture independant. Finally, the hardware platform has very little (if anything) to do with malware...unless malware can somehow only be written in x86 assembler (this is not the case).
Unix systems originated on worldwide networks, and have benefitted from a refined security model over decades of use.
My point is that Mac OS X and other Unix systems come from a mindset of not trusting outside information and not allowing unnecessary communications ports by default. Windows comes from a mentality of letting PCs work together without strong security in place. Security = the opposite of convenience.
Unix systems originated on worldwide networks, and have benefitted from a refined security model over decades of use.
I've been a Unix advocate for years, however you seem to imply that Unix was designed inside and out with security in mind. This is simply untrue. Security was an afterthought in the Unix world the same way it was in the rest of the computing world. Sure, Unix was built with privelege separation, but this is only because it was a multi-user system. Network security was a joke back then. Unix was developed relatively long before there was any kind of global data networking (TCP/IP was backported to DEC's Unix on a PDP-11 long after the IMP's had been running ARPANET). In the early days it was really only privelege separation -- nobody thought much about security because security mostly came down to physical access. Contraty to your contention, Unix wasn't originally designed to be connected to a hostile network, there were no hostile networks back then. This is why there have been so many easily exploitable legacy suid applications over the years (wu-ftpd, sendmail, etc). With so many suid apps, perhaps the thinking wasn't as proactive as you assume.
Look, I'm a Unix user, and a former Unix SA. It has its advantages. However, your assumptions about Unix's origins are not consistent with history. Further, your assumption that Unix has a long history of not using certain TCP/UDP ports and services by default is also inconsistent with history. If you want to talk about historical SMB security, surely you can't ignore the (historical) total lack of NFS/NIS security, right? How many Unix systems ran the NFS daemon from the start until about 6 years ago? Perhaps it was a few years ahead of the Windows world, but this decades stuff is BS. If you want to talk about file permissions, don't forget to mention the superior ACL implementation that Windows has had since the original Windows NT (I think it was 3.5). Also remember that SSH is only 10 years old. Before 1995, most people were sending cleartext passwords around with telnet and rsh in order to connect to machines remotely. Unix machines were regularly owned by people with packet sniffers snagging root passwords from telnet and ftp sessions. So much for security in a hostile network. If you want to talk about Windows Messenger being a security risk, what about services like rtalk and ytalk, which provided similar services to terminal users. Like sendmail, rtalk had a history of remotely exploitable bugs...with this in mind, was Messenger really a security risk, or was that only an annoyance because it was exploited by commercial interests?
Finally, don't forget that with most desktop systems, the user still needs root-level access. MacOS is not an exception to this (in fact, Apple developed a convient way for non-superusers to provide a password to install software at a root level from the desktop). If the user is allowed to install software at a root level with a simple password entry, how much is does this security model really take away from the user? That means that a Mallory can still write whatever kind of malware and dupe people like my mom and pop into running the code (either at a user or superuser level). The problem is still a user one.
I really didn't want to compare this OS to that OS. I am a Unix user, and appreciate many things about the how it works, including its security. However, I'm under no illusion that I can run any code I find because the system is completely safe. A Mallory can (and will) write malicous code for any platform they choose. You've never heard of trojaned Unix code? Perhaps you haven't been working with Unix very long. This still has little to do with system security, and quite a bit to do with the user.
This will only ever be an issue if we ever reach a Mac-dominated monoculture, and I don't forsee that occuring.
Indeed, and in this case, perhaps my point was a moot one. I don't believe that Windows will be a dominant platform forever. I believe that the market will, however, tend to choose a platform. Also remember that before Windows was decisively dominant, there were viruses for most commercially availably desktop platforms (Apple, DOS, Amiga, Windows).
You make a very interesting point about homogenous platforms, however. Perhaps the superior automatic patching for non-windows os'es (although Microsoft has admittedly improved this) will help decrease the spread of internet viruses which use remote exploits in the future.
In closing, I'll point out that users can always be tricked into executing code, and for most commercial malware writers, user accounts are all they want. I know that we're talking about viruses here, but the only difference between the two is that most spyware/malware has an EULA attached.
I don't have the link, but that myth was shot down recently.
The quick way to prove it is to point out that Apple doesn't have 0% market share, but they do have 0% of the viruses.
It's not a myth. And there is likely no direct proportion between market share and virus percentage. I hadn't seen that claim made before -- it does sound a little silly. Taking the above into account, I think that your proof has some holes in its logic.
Viruses don't just create themselves. Do you believe that it is impossible to write malicious code for an Apple computer (even for a user account)? It's not impossible to crash a Unix machine from a user account. It's not impossible to install or run software from a user account on Mac OS X. When a virus writer feels like it, they will write a virus for whatever platform they choose -- it's as simple as that. It doesn't matter if it's Windows, MacOS, Linux, NetBSD, OS2, or BeOS. Unless there are incredibly restrictive user security policies set up (which the above don't tend to have out of the box), an unprivileged user can execute (non-superuser) code on the box. If a user can execute code that will compromise their account and data (which they can), the user can be tricked into obtaining and executing that code. This means that the user account (and that user's data) can be compromised provided that the user executes the code allowing this compromise.
I'll take it a step further: If Apple were the dominant PC platform, malware writers would see sufficient profit potential to write malware for the Apple. In this case, they'll use the Apple installer software, and the user will enter their superuser password and then who knows what it will do?
Apple's Macintosh is an excellent platform, don't get me wrong. It's just not so amazing that it magically defies logic. I'll say it again, because this is sort of the whole point: If a user can execute code that will compromise their account and data (which they can), the user can be tricked into obtaining and executing that code. The only way to avoid this is to build a smarter user. As far as I can see, this problem has yet to be overcome on any platform.
Also, I'll point out in advance that I am not commenting on the security of OS X, Windows, or any other platform. My comment has nothing to do with the canonical arguments about this OS versus that OS.
Apple is good enough at software design that they will probably provide users with a big red button marked "click this to get rid of viruses" and it will actually work. No more switching needed.
Considering that Apple didn't have this pre OS X, I doubt that they'd have it now...although I wouldn't be surprised to see AV software bundled in OS'es as a value-add. I think that MS is going to do this now.
Unix can execute code (malicious or otherwise) just as easily as any other OS can. I am aware that most people don't run their Mac desktops from superuser equivalent account (like most do with windows), but malware can run just fine in a user account.
...and the desire to escape the Windows virus epidemic.
If enough people switch, the viruses will come. I'm a firm believer that this is primarily a result of market share (yes, also helped by poor security...but not security is never any better than a user's clue level and vigilence). Does that mean that once viruses hit the Apples, that people will switch to Linux? What will be the next thing after that, a FreeBSD migration?
What kind of weird fantasy world do you live in? FOX isn't providing a service with Futurama. It's a product that is designed to make money. They'll do whatever they can to make the most money from it.
Semantics...but I'll bite. Broadcast networks are service providers, of a kind. They provide service to their viewers, and they also provide service to their advertisers. Yes, they own content, which isn't a service -- but they also distribute that content, which is a service. Yes, they will do whatever they can to make money from the content that they own, and the service that they provide is free over the air. They own the hardware (or local affiliates do), and they license the airwaves. You watch the ads and they collect the revenue. In the end, how is it any different from other service models?
...or did I somehow completely miss the point? (it wouldn't be the first time)
If a parent allows a child to play a game named "Grand Theft Auto" (a major crime)
That doesn't break any laws at all whatsoever. It is akin to a parent allowing a child to watch an R rated movie, which is completely legal...or were you being sarcastic?
I find it funny that whenever republicans do this, everyone starts talking about "THE RADICAL RIGHT," but when democrats lead the way, it's all about "the government" or "politicians" in general.
It works the same way with gun control: when republicans do it, it's "big government," when democrats do it, it's "the liberal's" fault.
What's the difference in this case? They're all assholes, right?;)
Seriously, though...the radical right and left both share a similar desire -- to control us. From a social standpoint, the far right seem to act as the moral elite, and those on the far left are the intellectual elite. They both want to ram their agenda down our throats at the expense of freedom (although they both claim to embrace freedom in their rhetoric).
I'm with you -- they're pretty much the same. I was expecting to see some fiscal conservatism in our recently elected republican government (executive branch, house, senate), but this didn't happen. Dominant parties always seem to spend enough to stay dominant. I guess that this makes them even more similar.
(I hope that I'm not too late in saying that IANAL.)
I read a while ago that the Australia system is so similar to Canada's they sometimes use canadian cases as precedents.
Interesting...and considering that we all seem to have legal systems rooted in English common law, it would make sense that we are able to draw opinion and interpretation from legal conclusions.
These decisions can take into some account rulings from other countries interpretations, but as always, each country has their own laws, legal systems, cultures, and interpretations. This being said, I would have a hard time believing that courts would ever actaully reference international decisions as legal precedent in a national case. (I could be totally wrong, since I know diddly squat about the Canadian and Australian legal systems.)
What is more likely is for legislators to develop law based on those from other countries, and then issue rulings that reference international caselaw interpretations of those (at best). We still tend to see quite a bit of fluctuation in how these are handled. For example, sharing music in Canada is less illegal than in the US, because of the tarriff on blank media. (Remember, the caselaw that we're talking about is American)
I'm amazed at how you can find shills on/. to support almost any form of sleazy behavior on the part of some corporation.
Um...do you always use corporation to mean unethical company? It's quickly become run of the mill agenda-speak. I'm amazed that how you can find shills on/. to reject almost any form of behavior by any business as 'evil' because it has to do with the word 'corporation' (which so many seem to have forgot the meaning of).
It's hardly the same as refusing to allow your OS to run on another company's processors. If you don't want your compiler to support AMD, engineer it that way and say so to your customers. Building in stealth methods of sabotaging performance on the CPU is hardly the way to go (if in fact that is what Intel did without good engineering reasons why.)
I haven't read all the legal complaint from AMD (TFA), and IANAL, so I can't speak definitively on this...but are you sure that Intel was acting in a nefarious way here, or just assuming it? If Intel's compiler simply disables propritary optimizations for non-Intel processors, there's nothing wrong with this. Intel shouldn't be under any obilgation to research their competitor's propritary optimizations and then support those with their compiler. There are other x86 compilers out there, right?
That being said, if Intel's intentions were nefarious, and deliberately attempted to slow code on their competitor's chips, sobeit -- they deserve to be punished.
So -- what evidence do you have as to Intel's intent? Are you only citing the AMD complaint? It was quoted in the summary, but are you sure that performance is only degraded if "Authentic AMD" is detected, or will it not apply Intel optimizations to any chip without "Genuine Intel" the CPUID? AMD's claim sure sounds open to some interpretation...and we all know that lawyers love to stretch the truth as much as possible, even if it is just a semantic technicality (ie: a conditional looks for GenuineIntel under CPUID and doesn't find it...in this case, AuthenticAMD != GenuineIntel and thus doesn't get the optimizations. Is this deliberate and nefarious, or just a lack of support someone else's technology?).
I sure hope that you're not basing your entire judgement of Intel (and your subsequent judgement of anyone who poses any doubt to this) on AMD's legal claim, with absolutely no other supporting evidence. If this is the case, do you work for AMD, by any chance?
I'll say again, just so there's no misinterpretation...I do not know anything about Intel's motivation or actions. If they've used their position to act against AMD, they deserve to be punished. However, if you're just using AMD's complaint againt Intel as 'fact' for judgement, then I've got some beachfront property in Arizona to sell you...as well as a few bridges.
As benign as the crime may seem to you, it does cost billions of dollars to corporations.
Have you ever felt that these numbers are typically highly overinflated? What are they based on? As an IT professional, I know that in the companies that I've worked with, other legal types of malware tend to pose a significantly higher cost. Especially in terms of manpower.
Slashdot Mirror
I'm not sure that I follow you. This measure will not stop stores from carrying anything. It will require a label on certian games (similar to explicit lyrics labels on music) and it will require stores to check ID's to ensure that they're not selling games to kids. While I think it's a little excessive, it will not stop stores from doing anything other than selling to minors. If this is the beginning and end of the video game legislation, I'll be pretty content.
Stores who do not carry AO games are generally the same stores who do not carry NC-17 videos...like Walmart and Blockbuster who want to retain a middle-america 'family' image. Have you noticed the parallels between the ESRB and MPAA rating systems? They're practically identical, except that they have an EC rating (for Early Childhood). Their E (everyone) is synomous with G (General Audiences). E10+ is synomous with PG. T=PG-13, M=R, and AO=NC-17. The only difference (in this case) is that video games are a new enough media that legislators can beat up on them and issue legal mandates for the rating system (unlike the MPAA/movie industry, which is a self-imposed watchdog service) until a federal court case settles the legal and constitutional issues. In this case, IL is making a law which says that "R" rated games can't be sold to kids. Again, I think that it goes just a little too far (in not letting the industry regulate itself), but it's not the end of the world.
Pahahahaha. That's the funniest thing I've read all day.
Let the witch hunt begin!
Also remember that software piracy!=theft. Without making any judgement on the ethics of software piracy itself, they're simply not the same thing in the eyes of the law.
This is no longer correct, according to a 2002 law called Sarbanes-Oxley. Here is a page with links to information and analysis of the legislation.
Most of this is designed to protect investors from companies cooking their books, but it holds company executives directly (criminally) responsible for their company's financial misdeeds (whether or not they were aware of them). It didn't really work against Healthsouth CEO Scrushy, which is a bummer (because the guy is a total crook)...but I believe that this was a case of an incompotent prosecutor rather than a poorly written law.
All I'm saying is that Unix (and its security model) is not a silver bullet for anything. The previous poster to whom I was responding made a few remarks which just didn't make any sense to me -- so I refuted them with specific examples of where Unix security hasn't been up to par...and again, not that I think dislike most Unix-ish OS'es - I never made that claim. This user clearly hadn't been using Unix (or Unix-like) systems for very long. I didn't say that I thought that Microsoft had done a particularly good job with their security -- their track record tends to prove otherwise.
In the case of malware, I am arguing that it will go to whatever the most the most widely used desktop platform is. It has very little to do with security, since the only concern is exploiting an account in userspace. My comments also had nothing to do with actual OS security and the OS with the most market share. We're not having a scientific discussion here. There is no data, because commercial malware is a relatively new phonomena. I think that we'll agree that it all comes down to the user. That was my original point: want better security, build a better user.
You are right, however, it is a tired argument. Where it ended up was not where I had intended to go.
I don't think that this tells us anything. To begin with, you're talking about a ~40 year old OS (which, at this point has become more of a concept than an OS -- with all of the varaints) and comparing the number of bugs to an OS family that's less than 20 years old. Also, are you just talking about the kernel, or the kernel and all of the associated applications and services? Microsoft tried to use these metrics to show that Microsoft's OS'es were more secure than Linux. It didn't convince me of anything then and it wouldn't if it 'showed' that Linux were more secure.
Agreed, and it's a good point. This is sort of what I was talking about with privelege separation, and specifically differentiating between user space and kernel space. It's a good start, and is inherent to just about any true multi-user multitasking OS that has come since then (it's inherent to multi-user OS'es with lots of IPC...also critical to protected memory systems). However, remember that system security in the 60's was vastly different from today's landscape. Perhaps I should hone my original point to say that security was an afterthought in desktop systems and networking protocols (mainly because the networks weren't dangerous places), and TCP/IP itself (as well as the associated applications) was designed to be very trusting and didn't have much in the way of security.
Again, you're right -- OS'es like Multics were designed with security as more than an afterthought, but think about how much the concept of security has changed over the last ten years. With the exception of physical security, practically everything has needed some sort of overhauling.
From TFA:
So he's saying that they reached the limitations of their hardware and it had to scale? Is Microsoft software somehow immune from the need to scale as the requirements grow? If this is the case, a Microsoft OS would be the better choice. I would hail all kinds of MS solutions if they could pull other magical abilities out of their hat. We all know that this is BS -- requirements change, demands on systems change, and hardware must be scaled, regardless of the platform. Until then, claims like that are simply FUD and double-talk. He's not actaully saying anything, he's just instilling a little fear in the back of managers minds.What's funny is that many of these arguments are largely an attack on a licensing model, and it actually has very little to do with the quality of the products. Contrary to RMS' belief, I don't think that the license model necessarily dictates the quality of the software. There are plenty of excellent commercial, closed products out there in the marketplace. There alre also plenty of these products which are absolute garbage. The same goes for OSS, I've seen brilliant stuff and I've seen crappy stuff -- neither are a silver bullet.
Taylor does make at least one good point, however:
In many circumstances, people like IT managers don't care about seeing the code. It's not everyone -- there are lots of groups who have a specific need for custom solutions...however I'm talking more about the small-mid size IT group. These IT managers are generally decision-makers, and don't want to ever touch the source code. Many don't even want to hire people to muck about the code...especially in small to mid sized companies. I'm not talking about the idealist hobbyists here, who will sit around and pour through source code all day long looking to understand it, modify it, or break it...or those who build all of their binaries from source, adding in every possible optimization for their target platform. With many of those professionals, it's not about the license model. It's about the solution in the end. Most people like this who I have worked with are generally platform agnostic, and will run whatever it takes to get the job done.This is not about updates and exploits, it's about tricking users into running code that they otherwise wouldn't want to. It's not about code running in kernel space with the evil bit set. You can use a machine for a spam or DDoS zombie without ever touching kernel space. You can also destroy all user data in user space. I'll say it again, security is no better than your weakest link. In this case, its the user.
Perhaps changing police methods and practices would cause people to react differently to a police presence and thereby increase road safety.
Even citizens accused of civil citations (code violations, as you put it) deserve proper protection under the law.
Further, many traffic tickets are actaully crimes. In many states, speeding 20 MPH over the posted speed limit can be deemed reckless driving by the arresting officer...this is typically a misdemeanor. However, the evidence is still accepted as prima facie, and the driver is still preumed guilty until proven innocent. Sadly, this is widely abused across the country by many municipalities in order to enhance local revenue.
I sure don't accept many of their practices, including speed traps, DUI roadblocks, and red light cameras...particularly the latter, where the accused is not even given a chance to face their accusor.
FWIW, I agree that we live in a society where we seem to have a sense of entitlement. It's a bummer. However, I still think that much of our speed enforcement as well as the 'justice' system surrounding it is a freaking joke. Criminal justice of any kind should not be treated in the cavalier manner that it is in the traffic system.
It's not about the amount of exposure. It's not like there are teams of crackers working around the clock to write malware for alternative platforms and they just can't seem to figure out how to get in. I also want to point out to you that Linux has no known issues with spyware because there is very little (if any) commercial interest behind writing applications like this for an OS which is not widely used on the desktop (compared to the dominant OS). Furthermore, Linux is pretty architecture independant. Finally, the hardware platform has very little (if anything) to do with malware...unless malware can somehow only be written in x86 assembler (this is not the case).
I've been a Unix advocate for years, however you seem to imply that Unix was designed inside and out with security in mind. This is simply untrue. Security was an afterthought in the Unix world the same way it was in the rest of the computing world. Sure, Unix was built with privelege separation, but this is only because it was a multi-user system. Network security was a joke back then. Unix was developed relatively long before there was any kind of global data networking (TCP/IP was backported to DEC's Unix on a PDP-11 long after the IMP's had been running ARPANET). In the early days it was really only privelege separation -- nobody thought much about security because security mostly came down to physical access. Contraty to your contention, Unix wasn't originally designed to be connected to a hostile network, there were no hostile networks back then. This is why there have been so many easily exploitable legacy suid applications over the years (wu-ftpd, sendmail, etc). With so many suid apps, perhaps the thinking wasn't as proactive as you assume.
Look, I'm a Unix user, and a former Unix SA. It has its advantages. However, your assumptions about Unix's origins are not consistent with history. Further, your assumption that Unix has a long history of not using certain TCP/UDP ports and services by default is also inconsistent with history. If you want to talk about historical SMB security, surely you can't ignore the (historical) total lack of NFS/NIS security, right? How many Unix systems ran the NFS daemon from the start until about 6 years ago? Perhaps it was a few years ahead of the Windows world, but this decades stuff is BS. If you want to talk about file permissions, don't forget to mention the superior ACL implementation that Windows has had since the original Windows NT (I think it was 3.5). Also remember that SSH is only 10 years old. Before 1995, most people were sending cleartext passwords around with telnet and rsh in order to connect to machines remotely. Unix machines were regularly owned by people with packet sniffers snagging root passwords from telnet and ftp sessions. So much for security in a hostile network. If you want to talk about Windows Messenger being a security risk, what about services like rtalk and ytalk, which provided similar services to terminal users. Like sendmail, rtalk had a history of remotely exploitable bugs...with this in mind, was Messenger really a security risk, or was that only an annoyance because it was exploited by commercial interests?
Finally, don't forget that with most desktop systems, the user still needs root-level access. MacOS is not an exception to this (in fact, Apple developed a convient way for non-superusers to provide a password to install software at a root level from the desktop). If the user is allowed to install software at a root level with a simple password entry, how much is does this security model really take away from the user? That means that a Mallory can still write whatever kind of malware and dupe people like my mom and pop into running the code (either at a user or superuser level). The problem is still a user one.
I really didn't want to compare this OS to that OS. I am a Unix user, and appreciate many things about the how it works, including its security. However, I'm under no illusion that I can run any code I find because the system is completely safe. A Mallory can (and will) write malicous code for any platform they choose. You've never heard of trojaned Unix code? Perhaps you haven't been working with Unix very long. This still has little to do with system security, and quite a bit to do with the user.
Indeed, and in this case, perhaps my point was a moot one. I don't believe that Windows will be a dominant platform forever. I believe that the market will, however, tend to choose a platform. Also remember that before Windows was decisively dominant, there were viruses for most commercially availably desktop platforms (Apple, DOS, Amiga, Windows).
You make a very interesting point about homogenous platforms, however. Perhaps the superior automatic patching for non-windows os'es (although Microsoft has admittedly improved this) will help decrease the spread of internet viruses which use remote exploits in the future.
In closing, I'll point out that users can always be tricked into executing code, and for most commercial malware writers, user accounts are all they want. I know that we're talking about viruses here, but the only difference between the two is that most spyware/malware has an EULA attached.
That was sort of my point. Security models are no better than their weakest link. In most cases, it's the user.
So is Windows. That doesn't mean that it's particularly secure.
It's not a myth. And there is likely no direct proportion between market share and virus percentage. I hadn't seen that claim made before -- it does sound a little silly. Taking the above into account, I think that your proof has some holes in its logic.
Viruses don't just create themselves. Do you believe that it is impossible to write malicious code for an Apple computer (even for a user account)? It's not impossible to crash a Unix machine from a user account. It's not impossible to install or run software from a user account on Mac OS X. When a virus writer feels like it, they will write a virus for whatever platform they choose -- it's as simple as that. It doesn't matter if it's Windows, MacOS, Linux, NetBSD, OS2, or BeOS. Unless there are incredibly restrictive user security policies set up (which the above don't tend to have out of the box), an unprivileged user can execute (non-superuser) code on the box. If a user can execute code that will compromise their account and data (which they can), the user can be tricked into obtaining and executing that code. This means that the user account (and that user's data) can be compromised provided that the user executes the code allowing this compromise.
I'll take it a step further: If Apple were the dominant PC platform, malware writers would see sufficient profit potential to write malware for the Apple. In this case, they'll use the Apple installer software, and the user will enter their superuser password and then who knows what it will do?
Apple's Macintosh is an excellent platform, don't get me wrong. It's just not so amazing that it magically defies logic. I'll say it again, because this is sort of the whole point: If a user can execute code that will compromise their account and data (which they can), the user can be tricked into obtaining and executing that code. The only way to avoid this is to build a smarter user. As far as I can see, this problem has yet to be overcome on any platform.
Also, I'll point out in advance that I am not commenting on the security of OS X, Windows, or any other platform. My comment has nothing to do with the canonical arguments about this OS versus that OS.
Considering that Apple didn't have this pre OS X, I doubt that they'd have it now...although I wouldn't be surprised to see AV software bundled in OS'es as a value-add. I think that MS is going to do this now.
Unix can execute code (malicious or otherwise) just as easily as any other OS can. I am aware that most people don't run their Mac desktops from superuser equivalent account (like most do with windows), but malware can run just fine in a user account.
If enough people switch, the viruses will come. I'm a firm believer that this is primarily a result of market share (yes, also helped by poor security...but not security is never any better than a user's clue level and vigilence). Does that mean that once viruses hit the Apples, that people will switch to Linux? What will be the next thing after that, a FreeBSD migration?
Semantics...but I'll bite. Broadcast networks are service providers, of a kind. They provide service to their viewers, and they also provide service to their advertisers. Yes, they own content, which isn't a service -- but they also distribute that content, which is a service. Yes, they will do whatever they can to make money from the content that they own, and the service that they provide is free over the air. They own the hardware (or local affiliates do), and they license the airwaves. You watch the ads and they collect the revenue. In the end, how is it any different from other service models?
That doesn't break any laws at all whatsoever. It is akin to a parent allowing a child to watch an R rated movie, which is completely legal...or were you being sarcastic?
What's the difference in this case? They're all assholes, right? ;)
Seriously, though...the radical right and left both share a similar desire -- to control us. From a social standpoint, the far right seem to act as the moral elite, and those on the far left are the intellectual elite. They both want to ram their agenda down our throats at the expense of freedom (although they both claim to embrace freedom in their rhetoric).
I'm with you -- they're pretty much the same. I was expecting to see some fiscal conservatism in our recently elected republican government (executive branch, house, senate), but this didn't happen. Dominant parties always seem to spend enough to stay dominant. I guess that this makes them even more similar.
(I hope that I'm not too late in saying that IANAL.)
Interesting...and considering that we all seem to have legal systems rooted in English common law, it would make sense that we are able to draw opinion and interpretation from legal conclusions.
These decisions can take into some account rulings from other countries interpretations, but as always, each country has their own laws, legal systems, cultures, and interpretations. This being said, I would have a hard time believing that courts would ever actaully reference international decisions as legal precedent in a national case. (I could be totally wrong, since I know diddly squat about the Canadian and Australian legal systems.)
What is more likely is for legislators to develop law based on those from other countries, and then issue rulings that reference international caselaw interpretations of those (at best). We still tend to see quite a bit of fluctuation in how these are handled. For example, sharing music in Canada is less illegal than in the US, because of the tarriff on blank media. (Remember, the caselaw that we're talking about is American)
Legal precedent in an American court has nothing to do with that of Aussie courts.
Um...do you always use corporation to mean unethical company? It's quickly become run of the mill agenda-speak. I'm amazed that how you can find shills on /. to reject almost any form of behavior by any business as 'evil' because it has to do with the word 'corporation' (which so many seem to have forgot the meaning of).
I haven't read all the legal complaint from AMD (TFA), and IANAL, so I can't speak definitively on this...but are you sure that Intel was acting in a nefarious way here, or just assuming it? If Intel's compiler simply disables propritary optimizations for non-Intel processors, there's nothing wrong with this. Intel shouldn't be under any obilgation to research their competitor's propritary optimizations and then support those with their compiler. There are other x86 compilers out there, right?
That being said, if Intel's intentions were nefarious, and deliberately attempted to slow code on their competitor's chips, sobeit -- they deserve to be punished.
So -- what evidence do you have as to Intel's intent? Are you only citing the AMD complaint? It was quoted in the summary, but are you sure that performance is only degraded if "Authentic AMD" is detected, or will it not apply Intel optimizations to any chip without "Genuine Intel" the CPUID? AMD's claim sure sounds open to some interpretation...and we all know that lawyers love to stretch the truth as much as possible, even if it is just a semantic technicality (ie: a conditional looks for GenuineIntel under CPUID and doesn't find it...in this case, AuthenticAMD != GenuineIntel and thus doesn't get the optimizations. Is this deliberate and nefarious, or just a lack of support someone else's technology?).
I sure hope that you're not basing your entire judgement of Intel (and your subsequent judgement of anyone who poses any doubt to this) on AMD's legal claim, with absolutely no other supporting evidence. If this is the case, do you work for AMD, by any chance?
I'll say again, just so there's no misinterpretation...I do not know anything about Intel's motivation or actions. If they've used their position to act against AMD, they deserve to be punished. However, if you're just using AMD's complaint againt Intel as 'fact' for judgement, then I've got some beachfront property in Arizona to sell you...as well as a few bridges.
Have you ever felt that these numbers are typically highly overinflated? What are they based on? As an IT professional, I know that in the companies that I've worked with, other legal types of malware tend to pose a significantly higher cost. Especially in terms of manpower.