The ACLU claims to have evidence of spying and wire tapping of people classed as "subversives" having nothing to do with fighting terror. Ie., Bush's personal enemies.
While it's true that the president can ignore any law he wants, it's not for the reason you suggest. The president is immune to prosecution, since he has the power to pardon anyone for anything. However, that doesn't mean he can't be prosecuted once he's removed from office (either by impeachment or his term expires).
Digg is a lot faster at this because it automatically promotes stories to the front page if it gets enough diggs (often in a short time). Slashdot, however, only posts a certain number of stories a day, and there is typically a queue of 2-3 days worth of stories ahead of anything new, unless it's REALLY important.
I'm not sure you can assume that IE is tied to OS releases. Often service packs and point releases have been made mid-cycle. XP SP2 and 2003 SP1 added a number of new features to IE, for instance.
Given the competitve landscape in browsers now, I think it's likely we'll see lots of improvements post-vista, though whether or not they call that IE8 or not is anyones guess.
I think we all know, as does he, that it's VERY difficult to get buy in from 100% of the developers, and it's always going to be a ongoing struggle to make sure everyone follows the policies and procedures. There are going to be rogue groups, and developers, and it may be hard to identify those people and groups until after the fact. Assuming the AC was correct, there's no evidence that what he describes is commonplace in all the teams and might just be limited to his group. *OR* maybe he was someone that worked at MS during the initial throes of the conversion and is assuming nothing has changed, and playing like he still works there.
Whatever, we (the readers of slashdot) can't assume that the comments of one person are representative of how the process is being implemented by the entire company, so unless there are others coming forward to give similar experiences, we should probably take the single anectdote with a grain of salt.
I know it's trendy to assume the worst about Microsoft given the slimmest evidence, but come on...
Considering that CSS3 isn't a ratified standard yet (and probably won't be by the time Vista ships), I think it's unfair to ding them for lack of support of an unfinished standard. ECMA 2 and E4X are valid arguments, though.
Frankly, given the amount of time the IE7 team has had, i think they've (and are) made (and making) tremendous progress. They just can't do everything they want to in the time alloted. That's no excuse for why they couldn't have started working on IE7 earlier of course, but that didn't happen, and they have to live with it (as do we).
My guess is that Microsoft doesn't release hotfixes for undisclosed vulnerabilities, and rolls them into other security updates and service packs. They only issue security notices for publicly disclosed flaws (those found by third parties).
While you might argue that this is simply PR motivated, and you'd probably be right, there is also another issue. It's clear that attackers have been reverse engineering patches to figure out how they work, and then exploit the vulnerabilities on unpatched machines. If you don't disclose a vulnerability you found, and then silently patch it, it's highly unlikely anyone will reverse engineer it and use it to attack others.
It's a dillemma, for sure. And i'm not entirely certain either camp is right on the issue.
To be fair, you might actually try not putting words in his mouth.
He didn't say they've been focused on security since NT. He said, they've been "thinking" about security for a long time, and it started when NT was designed. This is clear, since the NT security model is very strong and flexible. Security models, however, are not enough, and I think he does a good job of explaining that in several different ways.
One might say they thought about security a lot during the design of NT, but promptly stopped thinking much about it afterwards;)
I guess my point, though, is just that I see SO many people make comments about things that Microsoft or their employees never said, but rather what people want them to have said. For example, I see people all the time make comments about how Microsoft claimed XP was a total rewrite (nobody ever said that), or that MS claimed their current OS is the most secure OS ever (only that it was the most secure version of Windows to date, which at the time was certainly true, but security is not a binary condition).
I'm running off on a tangent now, but honestly, I think this was a far better set of responses than one might usually expect, and really was fairly candid. Apart from the way people seem to have misinterpreted his statements, I think he said a lot.
I was referring to a seldom rememberd TV show in the early 80's starring Andy Griffith called Salvage One, in which they built a spaceship from junk and went to the moon.
Prior to licensing BitKeeper to the kernel team, it was made very well known that the license was valid so long as nobody tried to reverse engineer it. He knew that. What's worse, is that he even AGREED to stop reverse engineering it while the matter was discussed, but failed to do so and kept up.
Indeed. The CMS market in general is very flooded, not just the Open Source CMS market. However, the *GOOD* CMS market is very small.
Sadly, most of the open source CMS's are just variations on the same theme. Limited support, limited scalability, limited features, etc...
Some people don't want to use mySQL. Some people don't want to use PHP. Some people don't want a runtime CMS (where the pages are built dynamically from the database and when you database goes down, so does your web site).
What I want is a content agnostic (PHP, ASP, HTML, whatever), database agnostic, structure agnostic (i want XHTML dammit, and don't want to be dictated to as to how the site can be designed), non-runtime or so called "publish" model (possibly with a runtime option) and a powerful and flexible user contribution management system.
So many of these systems are just accidents waiting to happen.
Look, all things aside, Tridge was being an asshole. he's like the guy that shows up to a party and trashes the place, since, after all HE wasn't the one that agreed to pay the costs if there was any damage. he's perfectly in his rights, right?
Tridge knew the terms under which BitKeeper had been licensed to the kernel development team. And, even though he wasn't using it, and hadn't agreed to them, he knew what his actions would cause. He deliberately forced the issue, effectively making the decision for everyone.
I was merely pointing out that no, unlike what the person I was responding to claimed, Turion does not beat Pentium M or Core Duo (or probably Core Solo). Turion currently is the worst performing AND the highest power consumption.
All the statistics i'm seeing show that the Core Duo beats the Turion hands down by as much as 25%. Also, the Pentium M outperforms the Turion as well. For example:
You couldn't be more wrong. You've fallen for that hype. This bug is a month old, and has been know, but kept secret by the KDE team while they fixed it. Check the CVE date if you don't believe me.
Gibson admits he was wrong about the length=1 issue. His problem was that his test metafile only had one record, and Windows deliberately doesn't call SetAbortProc on the last record (in his case, the only record) because there's no reason to cancel a single record. His exploit only works by fooling Windows into thinking there are more records.
You mean, their goal is to make Linux as insecure as Windows?
Seriously, it would surprise the hell out of me if the Wine's team position on this was to favor compatibility over security. If that is indeed their position, then they should be keel hauled over it.
Not really. The infamous "meeting" between Microsoft and Netscape in which Microsoft offered to split the market with Netscape happened in June of 2005, roughly 7 months after Microsoft purchased the Spyglass Mosaic license, which happened in December of 2004.
Netscape and Microsoft's rivalry didn't start until late in 1995, until after Netscape went public and Microsoft clearly realized that Netscape was going to be big, and after Netscape rebuked them.
You have to remember, a LOT happened between 2004 and the end of 2005. Gates issued his "Internet Tidal Wave" memo in May of 1995. The decision to focus the company, and the products (including the OS) was made well before Netscape became "the enemy".
Every time I read or hear someone say this, it shows a huge degree if ignorance of the era. Yes, there are all these court documents about MS's fight with Netscape, but all this ignores that Microsoft had been planning to integrate IE much earlier than that.
As early as late 1994, when Microsoft first purchased Spyglass and Microsoft did their famous "about face" to become internet centric (Everyone forgets about that in these arguments), Microsoft had made plans for two successor versions of Windows 9x. The first was to be Windows 96 (code named Nashville) and the second was to be Windows 97 (code named Memphis). This was all part of their "road from Chicago to Cairo" (Note that Nashville and Memphis are both in Tn and that Cairo and Memphis are both in Egypt).
Windows 96 (Nashville) was the integration of IE into the shell. Originally intended to be a stand alone version of Windows 9x, but was later "componentized" into the shell team so that both NT and 9x could benefit.
This played right into Microsoft's plan to take on Netscape for sure, but it doesn't change the fact that Microsoft had designed this architecture long before their war with Netscape came up. There was no legal basis to their design, it was always planned to be that way.
The ACLU claims to have evidence of spying and wire tapping of people classed as "subversives" having nothing to do with fighting terror. Ie., Bush's personal enemies.
While it's true that the president can ignore any law he wants, it's not for the reason you suggest. The president is immune to prosecution, since he has the power to pardon anyone for anything. However, that doesn't mean he can't be prosecuted once he's removed from office (either by impeachment or his term expires).
Digg is a lot faster at this because it automatically promotes stories to the front page if it gets enough diggs (often in a short time). Slashdot, however, only posts a certain number of stories a day, and there is typically a queue of 2-3 days worth of stories ahead of anything new, unless it's REALLY important.
I'm not sure you can assume that IE is tied to OS releases. Often service packs and point releases have been made mid-cycle. XP SP2 and 2003 SP1 added a number of new features to IE, for instance.
Given the competitve landscape in browsers now, I think it's likely we'll see lots of improvements post-vista, though whether or not they call that IE8 or not is anyones guess.
I think we all know, as does he, that it's VERY difficult to get buy in from 100% of the developers, and it's always going to be a ongoing struggle to make sure everyone follows the policies and procedures. There are going to be rogue groups, and developers, and it may be hard to identify those people and groups until after the fact. Assuming the AC was correct, there's no evidence that what he describes is commonplace in all the teams and might just be limited to his group. *OR* maybe he was someone that worked at MS during the initial throes of the conversion and is assuming nothing has changed, and playing like he still works there.
Whatever, we (the readers of slashdot) can't assume that the comments of one person are representative of how the process is being implemented by the entire company, so unless there are others coming forward to give similar experiences, we should probably take the single anectdote with a grain of salt.
I know it's trendy to assume the worst about Microsoft given the slimmest evidence, but come on...
Considering that CSS3 isn't a ratified standard yet (and probably won't be by the time Vista ships), I think it's unfair to ding them for lack of support of an unfinished standard. ECMA 2 and E4X are valid arguments, though.
Frankly, given the amount of time the IE7 team has had, i think they've (and are) made (and making) tremendous progress. They just can't do everything they want to in the time alloted. That's no excuse for why they couldn't have started working on IE7 earlier of course, but that didn't happen, and they have to live with it (as do we).
While the apps don't use konqueror, they *DO* use KHTML, the component of KDE that konqueror uses to render HTML, similar to IE's mshtml.
My guess is that Microsoft doesn't release hotfixes for undisclosed vulnerabilities, and rolls them into other security updates and service packs. They only issue security notices for publicly disclosed flaws (those found by third parties).
While you might argue that this is simply PR motivated, and you'd probably be right, there is also another issue. It's clear that attackers have been reverse engineering patches to figure out how they work, and then exploit the vulnerabilities on unpatched machines. If you don't disclose a vulnerability you found, and then silently patch it, it's highly unlikely anyone will reverse engineer it and use it to attack others.
It's a dillemma, for sure. And i'm not entirely certain either camp is right on the issue.
To be fair, you might actually try not putting words in his mouth.
;)
He didn't say they've been focused on security since NT. He said, they've been "thinking" about security for a long time, and it started when NT was designed. This is clear, since the NT security model is very strong and flexible. Security models, however, are not enough, and I think he does a good job of explaining that in several different ways.
One might say they thought about security a lot during the design of NT, but promptly stopped thinking much about it afterwards
I guess my point, though, is just that I see SO many people make comments about things that Microsoft or their employees never said, but rather what people want them to have said. For example, I see people all the time make comments about how Microsoft claimed XP was a total rewrite (nobody ever said that), or that MS claimed their current OS is the most secure OS ever (only that it was the most secure version of Windows to date, which at the time was certainly true, but security is not a binary condition).
I'm running off on a tangent now, but honestly, I think this was a far better set of responses than one might usually expect, and really was fairly candid. Apart from the way people seem to have misinterpreted his statements, I think he said a lot.
I was referring to a seldom rememberd TV show in the early 80's starring Andy Griffith called Salvage One, in which they built a spaceship from junk and went to the moon.
Prior to licensing BitKeeper to the kernel team, it was made very well known that the license was valid so long as nobody tried to reverse engineer it. He knew that. What's worse, is that he even AGREED to stop reverse engineering it while the matter was discussed, but failed to do so and kept up.
No, I think you mean THIS!
Indeed. The CMS market in general is very flooded, not just the Open Source CMS market. However, the *GOOD* CMS market is very small.
Sadly, most of the open source CMS's are just variations on the same theme. Limited support, limited scalability, limited features, etc...
Some people don't want to use mySQL. Some people don't want to use PHP. Some people don't want a runtime CMS (where the pages are built dynamically from the database and when you database goes down, so does your web site).
What I want is a content agnostic (PHP, ASP, HTML, whatever), database agnostic, structure agnostic (i want XHTML dammit, and don't want to be dictated to as to how the site can be designed), non-runtime or so called "publish" model (possibly with a runtime option) and a powerful and flexible user contribution management system.
So many of these systems are just accidents waiting to happen.
Unless of course you're Andy Griffith, in which case you can do the whole thing in your back yard.
Look, all things aside, Tridge was being an asshole. he's like the guy that shows up to a party and trashes the place, since, after all HE wasn't the one that agreed to pay the costs if there was any damage. he's perfectly in his rights, right?
Tridge knew the terms under which BitKeeper had been licensed to the kernel development team. And, even though he wasn't using it, and hadn't agreed to them, he knew what his actions would cause. He deliberately forced the issue, effectively making the decision for everyone.
In his work on Samba and on a free software client for the proprietary version control system previously used by the Linux kernel hackers
So they're giving him an award for forcing the kernel developers off of their most productive environment and into months of chaos.
Wow.
I was merely pointing out that no, unlike what the person I was responding to claimed, Turion does not beat Pentium M or Core Duo (or probably Core Solo). Turion currently is the worst performing AND the highest power consumption.
All the statistics i'm seeing show that the Core Duo beats the Turion hands down by as much as 25%. Also, the Pentium M outperforms the Turion as well. For example:
d uo_notebooks_trade_battery_life_for_quicker_respon se/page16.html
http://www.tomshardware.com/2006/01/16/will_core_
You couldn't be more wrong. You've fallen for that hype. This bug is a month old, and has been know, but kept secret by the KDE team while they fixed it. Check the CVE date if you don't believe me.
Gibson admits he was wrong about the length=1 issue. His problem was that his test metafile only had one record, and Windows deliberately doesn't call SetAbortProc on the last record (in his case, the only record) because there's no reason to cancel a single record. His exploit only works by fooling Windows into thinking there are more records.
Actually, they did. No, Gibsons's original exploit didn't work, but he later modified it in a way that it did work. You can find the code here:
r c.news.feedback&item=60751&utag=
http://www.grc.com/x/news.exe?cmd=article&group=g
You mean, their goal is to make Linux as insecure as Windows?
Seriously, it would surprise the hell out of me if the Wine's team position on this was to favor compatibility over security. If that is indeed their position, then they should be keel hauled over it.
Not really. The infamous "meeting" between Microsoft and Netscape in which Microsoft offered to split the market with Netscape happened in June of 2005, roughly 7 months after Microsoft purchased the Spyglass Mosaic license, which happened in December of 2004.
Netscape and Microsoft's rivalry didn't start until late in 1995, until after Netscape went public and Microsoft clearly realized that Netscape was going to be big, and after Netscape rebuked them.
You have to remember, a LOT happened between 2004 and the end of 2005. Gates issued his "Internet Tidal Wave" memo in May of 1995. The decision to focus the company, and the products (including the OS) was made well before Netscape became "the enemy".
XP was not "redesigned from scratch". That's why it's Windows version 5.1, the .1 indicates a minor version over 5.0 (Windows 2000). You heard wrong.
Every time I read or hear someone say this, it shows a huge degree if ignorance of the era. Yes, there are all these court documents about MS's fight with Netscape, but all this ignores that Microsoft had been planning to integrate IE much earlier than that.
As early as late 1994, when Microsoft first purchased Spyglass and Microsoft did their famous "about face" to become internet centric (Everyone forgets about that in these arguments), Microsoft had made plans for two successor versions of Windows 9x. The first was to be Windows 96 (code named Nashville) and the second was to be Windows 97 (code named Memphis). This was all part of their "road from Chicago to Cairo" (Note that Nashville and Memphis are both in Tn and that Cairo and Memphis are both in Egypt).
Windows 96 (Nashville) was the integration of IE into the shell. Originally intended to be a stand alone version of Windows 9x, but was later "componentized" into the shell team so that both NT and 9x could benefit.
This played right into Microsoft's plan to take on Netscape for sure, but it doesn't change the fact that Microsoft had designed this architecture long before their war with Netscape came up. There was no legal basis to their design, it was always planned to be that way.