If you want me to addres you properly, then I want you to answer some questions.
Why do you put certain words in quotes or parentheses? WTF is up with that? E.G. your first line above, why is "go for it" in quotes?
Why do you cite work you allegedly have done, such as articles you wrote in various magazines, if you don't gives us a means to verify that information? Are you really hoping we will just take you at your word?
Likewise, why claim to have degrees or experience or whatever, if you don't give us a means to verify that information
Why do you bother mentioning that stuff at all? As an appeal to authority? If what you are saying has merit (which seems unlikely) it can stand on it's own. Your background is irrelevant to the point you are making.
Why have you been following around my posts insulting me linking back to this thread? It discredits you further, and makes you seem like you are a troll starved fro attention.
Why do you quote people in such a way? You get that it is completely redundant right? The name of the poster, post ID and time are all at the top of each post...adding it manually when you quote someone is just redundant, so why do you do this?
Why do you take 3 points (Kaminksy bug, Secunia hijack and Oliver Day's article) and misconstrue them? Do you not understand what they are actually about? Just because an article is about flaws in DNS, it does not automatically support your point.
If you have the courtesy to answer these questions, then I will address your main points as you ask.
I submitted this story yesterday, with a more positive spin pointing out that th new design is now faster and gives significantly more control privacy wise. What does Slashdot do? Wait a day and then get it wrong. Sigh.
Kid, you have no idea what you're talking about. Stop posting a link to this post behind every post I make...,really, do you have nothing better to do?
You are strongly misinformed on several points. I can't be bothered to respond to you, (i.e. feed the troll) because I don't think it would be worth my time. You're obsessed, and not interested in rational discussion. Please, stop following me.
Try to defend Linux security practices, which basically boil down to not disclosing bugs and relying on obscurity
Try to insist the word hacker has absolutly nothing to do with breaking computer security and all those people using it are wrong
I saw a previous discussion where he insulted a programmer by saying he should get a software engineer to explains things to him (which is a meaningless feelgood phrase).
Now he he says some sexist bullshit, which has no scientific backing at all.
Wrong again. The appeal confirmed the original judgment it only changed the sentence. It was NOT settled out of court in anyway shape or form. Check your facts.
Yes, you really should check your facts, because your flat out wrong. The apellate court confirmed the findings of fact, but completely reversed the ruling.
The EU judgment was delayed to give the U.S. the first go and when the DOJ went for a "slap on the wrist" after Bush (II) took power they took up the issue. If the U.S. had properly handled the issue the EU would have dropped it. Only because the U.S. dropped the ball did the EU carry on with it.
The EU case started long after the US one had finished, in January 2009, investigating IE integration of all things. ridiculous, and far, far too late.
Fair enough, I should not have said acquitted. However, they were not convicted of being a monopoly on their appeal, and then settled out of court. The funds were certainly not obtained illegally however, or they would have had to give them up. The EU conviction was bullshit, and about 10 years too late to be relevant.
Wow. That's straight tripping. Just a minor point, there was nothing illegal in what MS did, as they were aquitted by courts. Perhaps you can refer to the legislation that would highlight their illegal acts, if they have not yet been held accountable?
I love people who still try to claim that the word hacking is not intrinsically linked to security. To claim the common usage of the word is an error, and all those dictionaries and reporters and millions of people are WRONG WRONG WRONG!
Did you know that the word starve used to mean dying specifically from cold? That's what the word means truly, and everyone else is just using it wrong. The next time you see people who look like they could use a meal and say they are starving, just offer them a sweater. I mean, if they were hungry they would have used the correct word, right?
Am I surprised that you ignore evidence that hurts your worldview, and submit an insult from an AC as evidence that I am a troll, despite the fact I have excellent karma?
You're an idiot. Note, I'm not dismissing your argument because I believe you to be an idiot, just noting that you appear to be an idiot as a consequence.
There is NOT 100% disclosure with Linux. That, put simply, is bullshit.
What they actually state is that disclosure of security bugs should be mostly avoided so they can treat bugs as they want to, without being pressured by an exploit. No where do they state that all bugs are treated equally. So, here we have bugs that allow to compromise not being disclosed and maybe not being patched for a month(just like the last big Linux vulnerability).
On the Microsoft side we have people contacting microsoft, microsoft working on a fix and then publically releasing a patch. That's how proper full disclosure works, kiddo.
Since The Linux devs would rather rely on security through obscurity, you have to rely on sites like xorl.wordpress.com or read bugtraq and hope that someone has a patch before the next kernel release. I'll give the point that at least people can patch it themselves if they need to.
Also, you have to stop with the Linux is more secure because of the many eyes bullshit. Just because everyone can read the code does not mean they are, and you still have the same small number of developers, most of which are not actively looking for security problems.
I really hope you try and look this stuff up, because your ignorance hurts, and I hate to think you will be spreading misinformation to other people.
It's an IE setting, that some apps choose to honour. I'm really only aware of MSN messenger that does though. Seriously, it's not an OS setting in any sense. Can you give a list of some popular programs that make use of those settings?
The linux devs don't openly disclose security bugs. They have said as much, giving the appalling reason they don't want them to take precedence, as they should.
I know this is hard for you to follow, but given the Linux devs attitude, we don't actually know that there are less vulnerabilities. If anything, Linux appears to have far more vulnerabilities than a given release of Windows. Of course, your ignorance and zealotry won't let you realize that.
Let's look at your behaviour in this discussion:
Failing to understand the importance of responsible disclosure
Defending the Linux dev's choice to hide and not disclose security vulnerability
Assuming that Windows is currently horribly insecure, because it once was, when Linux and OS X are now far worse
Worst of all, thinking that the lack of disclosed vulnerabilities is equivalent to a lack of vulnerabilities. This alone says a lot
Spreading FUD RE Microsoft - they acknowledge *every* vulnerability that a third party informs them of, and patch it accordingly -- unlike Linux
Resorting to insults and personal attacks due to the lack of an argument
It's a shame dude. Ignorant people like you are actually holding Linux back. I use and like Linux, but if retarded practices like ignoring security vulnerabilities because a scheduler is more interesting to work on don't get rectified, then it's going to continue going down the drain. Something that started after Greg K-H took over.
Wow, talk about blinders. Yes, the linux devs have a horrible security attitude. Given they don't disclose security bugs, it's hard to say if it is actually more secure than recent versions of Windows or not, since Microsoft does disclose Windows bugs.
I mean, your not the kind of idiot that just assumes are you? I'm sure your smart enough to that if a product does not disclose vulnerabilities that does not mean it is more secure than a product which does, right? You understand the absence of responsible disclosures does not equate to the absence of vulnerabilities?
I am not misrepresenting their position at all. In fact, the original quote essentially says that security bugs are not particular important, and then goes on to state that it doesn't make sense to disclose them, because it creates pressure to focus on them more than other bugs.
You don't seem to get it, but THIS IS WRONG
Security bugs are a much greater threat than other kind of bugs, and should be treated and given precedence accordingly.
I'm sorry, but bugs do have varying levels of important, and it's stupid to say otherwise. All the empirical evidence we have shows that developers rate bugs at different levels of importance, and that security bugs generally are generally deemed more important, for good reason.
There is NO empirical evidence that even suggests that treating bugs at different levels of priority lead to poor quality code. That is speculation on your part, and contrary to what you post unsupported by the evidence.
You also need to catch up with current times. Microsoft has had an excellent security record for the past few years, and Windows is now one of the more secure OS's. I'd say it actually beats Linux in a lot of areas, although that is another discussion.
Simply the fact the Linux developers think it is fine not to disclose critical security or treat them more importantly (in contradiction of many decades of developed good practices) says more about their attitude toward security than you care to admit.
You cannot seriously complain about a single flaw that wasn't fixed in a matter of weeks while simultaneously supporting a position that results in flaws that are identified but are not considered important enough to fix at all.
Nice Strawman.
I am maintaining that critical security bugs should be given precedence for patching, and disclosed and berating the Linux developers for not doing this. At no stage do I or have I supported a position that results in flaws that should not be fixed (hence your strawman).
The linux security attitude is atrocious, contrary to accept good practice, and puts people at risk. I don't know you would argue otherwise, unless it were due to zealotry.
Sorry, but no. I can even find the quotes where Linus or Greg K-H or whoever it was basically said that security bugs should not be treated any differently to normal bugs, don't need to be disclosed etc. That attitude is simply wrong, and it's hard to take Linux security seriously when the developers have such an approach.
At least with MS, or basically any other OS, security bugs are rightfully treated as more critical, and will be patched sooner. I mean, look at that last big Linux vulnerability...that was quite serious and known about for a few weeks in advance. Terrible.
Actually, you have the treatment of bugs per the Linux and Windows camps backwards. Windows development rightfully assigns security vulnerabilities as more important than a random bug that may cause a crash in some circumstances, while Linux development classifies security bugs as just another bug, and not worthy of disclosure or hastened patching.
Slashdot Mirror
If you want me to addres you properly, then I want you to answer some questions.
If you have the courtesy to answer these questions, then I will address your main points as you ask.
I submitted this story yesterday, with a more positive spin pointing out that th new design is now faster and gives significantly more control privacy wise. What does Slashdot do? Wait a day and then get it wrong. Sigh.
Kid, you have no idea what you're talking about. Stop posting a link to this post behind every post I make...,really, do you have nothing better to do?
You are strongly misinformed on several points. I can't be bothered to respond to you, (i.e. feed the troll) because I don't think it would be worth my time. You're obsessed, and not interested in rational discussion. Please, stop following me.
http://www.youtube.com/watch?v=yfypiLFvMyY
Looks interesting
Most people can safely ignore this guy.
In the last few days I have seen him:
Try to defend Linux security practices, which basically boil down to not disclosing bugs and relying on obscurity
Try to insist the word hacker has absolutly nothing to do with breaking computer security and all those people using it are wrong
I saw a previous discussion where he insulted a programmer by saying he should get a software engineer to explains things to him (which is a meaningless feelgood phrase).
Now he he says some sexist bullshit, which has no scientific backing at all.
My oh my how /. has fallen.
Oh, and yes they did settle out of court. From the wiki page:
On November 2, 2001, the DOJ reached an agreement with Microsoft to settle the case.
Wrong again. The appeal confirmed the original judgment it only changed the sentence. It was NOT settled out of court in anyway shape or form. Check your facts.
Yes, you really should check your facts, because your flat out wrong. The apellate court confirmed the findings of fact, but completely reversed the ruling.
The EU judgment was delayed to give the U.S. the first go and when the DOJ went for a "slap on the wrist" after Bush (II) took power they took up the issue. If the U.S. had properly handled the issue the EU would have dropped it. Only because the U.S. dropped the ball did the EU carry on with it.
The EU case started long after the US one had finished, in January 2009, investigating IE integration of all things. ridiculous, and far, far too late.
Wow APK, you sure take stuff personally.
No, it is an OS for your granny. Any power user wouldn't use such a buggy POS that actively tries to obscure stuff power users would want to use.
Fair enough, I should not have said acquitted. However, they were not convicted of being a monopoly on their appeal, and then settled out of court. The funds were certainly not obtained illegally however, or they would have had to give them up. The EU conviction was bullshit, and about 10 years too late to be relevant.
Wow. That's straight tripping. Just a minor point, there was nothing illegal in what MS did, as they were aquitted by courts. Perhaps you can refer to the legislation that would highlight their illegal acts, if they have not yet been held accountable?
I love people who still try to claim that the word hacking is not intrinsically linked to security. To claim the common usage of the word is an error, and all those dictionaries and reporters and millions of people are WRONG WRONG WRONG!
Did you know that the word starve used to mean dying specifically from cold? That's what the word means truly, and everyone else is just using it wrong. The next time you see people who look like they could use a meal and say they are starving, just offer them a sweater. I mean, if they were hungry they would have used the correct word, right?
Am I surprised that you ignore evidence that hurts your worldview, and submit an insult from an AC as evidence that I am a troll, despite the fact I have excellent karma?
No, no I am not. Zealotry FTW.
You're an idiot. Note, I'm not dismissing your argument because I believe you to be an idiot, just noting that you appear to be an idiot as a consequence.
There is NOT 100% disclosure with Linux. That, put simply, is bullshit.
What they actually state is that disclosure of security bugs should be mostly avoided so they can treat bugs as they want to, without being pressured by an exploit. No where do they state that all bugs are treated equally. So, here we have bugs that allow to compromise not being disclosed and maybe not being patched for a month(just like the last big Linux vulnerability).
On the Microsoft side we have people contacting microsoft, microsoft working on a fix and then publically releasing a patch. That's how proper full disclosure works, kiddo.
Since The Linux devs would rather rely on security through obscurity, you have to rely on sites like xorl.wordpress.com or read bugtraq and hope that someone has a patch before the next kernel release. I'll give the point that at least people can patch it themselves if they need to.
Also, you have to stop with the Linux is more secure because of the many eyes bullshit. Just because everyone can read the code does not mean they are, and you still have the same small number of developers, most of which are not actively looking for security problems.
I really hope you try and look this stuff up, because your ignorance hurts, and I hate to think you will be spreading misinformation to other people.
Like what third party software? Cause, all the programs I use you have to set it manually, which is normal.
It's an IE setting, that some apps choose to honour. I'm really only aware of MSN messenger that does though. Seriously, it's not an OS setting in any sense. Can you give a list of some popular programs that make use of those settings?
I was right. You have extreme blinders on guy.
The linux devs don't openly disclose security bugs. They have said as much, giving the appalling reason they don't want them to take precedence, as they should.
I know this is hard for you to follow, but given the Linux devs attitude, we don't actually know that there are less vulnerabilities. If anything, Linux appears to have far more vulnerabilities than a given release of Windows. Of course, your ignorance and zealotry won't let you realize that.
Let's look at your behaviour in this discussion:
It's a shame dude. Ignorant people like you are actually holding Linux back. I use and like Linux, but if retarded practices like ignoring security vulnerabilities because a scheduler is more interesting to work on don't get rectified, then it's going to continue going down the drain. Something that started after Greg K-H took over.
Wow, talk about blinders. Yes, the linux devs have a horrible security attitude. Given they don't disclose security bugs, it's hard to say if it is actually more secure than recent versions of Windows or not, since Microsoft does disclose Windows bugs.
I mean, your not the kind of idiot that just assumes are you? I'm sure your smart enough to that if a product does not disclose vulnerabilities that does not mean it is more secure than a product which does, right? You understand the absence of responsible disclosures does not equate to the absence of vulnerabilities?
I am not misrepresenting their position at all. In fact, the original quote essentially says that security bugs are not particular important, and then goes on to state that it doesn't make sense to disclose them, because it creates pressure to focus on them more than other bugs.
You don't seem to get it, but THIS IS WRONG
Security bugs are a much greater threat than other kind of bugs, and should be treated and given precedence accordingly.
I'm sorry, but bugs do have varying levels of important, and it's stupid to say otherwise. All the empirical evidence we have shows that developers rate bugs at different levels of importance, and that security bugs generally are generally deemed more important, for good reason.
There is NO empirical evidence that even suggests that treating bugs at different levels of priority lead to poor quality code. That is speculation on your part, and contrary to what you post unsupported by the evidence.
You also need to catch up with current times. Microsoft has had an excellent security record for the past few years, and Windows is now one of the more secure OS's. I'd say it actually beats Linux in a lot of areas, although that is another discussion.
Simply the fact the Linux developers think it is fine not to disclose critical security or treat them more importantly (in contradiction of many decades of developed good practices) says more about their attitude toward security than you care to admit.
You cannot seriously complain about a single flaw that wasn't fixed in a matter of weeks while simultaneously supporting a position that results in flaws that are identified but are not considered important enough to fix at all.
Nice Strawman.
I am maintaining that critical security bugs should be given precedence for patching, and disclosed and berating the Linux developers for not doing this. At no stage do I or have I supported a position that results in flaws that should not be fixed (hence your strawman).
The linux security attitude is atrocious, contrary to accept good practice, and puts people at risk. I don't know you would argue otherwise, unless it were due to zealotry.
Sorry, but no. I can even find the quotes where Linus or Greg K-H or whoever it was basically said that security bugs should not be treated any differently to normal bugs, don't need to be disclosed etc. That attitude is simply wrong, and it's hard to take Linux security seriously when the developers have such an approach.
At least with MS, or basically any other OS, security bugs are rightfully treated as more critical, and will be patched sooner. I mean, look at that last big Linux vulnerability...that was quite serious and known about for a few weeks in advance. Terrible.
That ain't how it works kiddo. Early posts always get the most replies.
That would be Safari.
It isn't an OS setting, it's the Internet Explorer setting.
Actually, you have the treatment of bugs per the Linux and Windows camps backwards. Windows development rightfully assigns security vulnerabilities as more important than a random bug that may cause a crash in some circumstances, while Linux development classifies security bugs as just another bug, and not worthy of disclosure or hastened patching.
Just out of curiosity, what do you think of Hansen, Jones and Mann's refutations of such allegations?