The ByteFX provider has been discontinued since early last year. MySQL hired the guy and he abandoned his original work to do the MySQL adapter, which like all of their stuff is 'free-licensed' under the GPL, so you're screwed if you want to do anything other than commercial and you happen to dislike having the GPL forced on your (equally free but not released under a viral license) code.
I started using the ByteFX provider, reporting bugs on sf.net and whatnot because it was licensed under the LGPL. Then all of the sudden it's MySQL or the highway babeee!
Heck, if he had continued working on the LGPL version I would have 'bought' a license from him or I'd have found some other way to throw some decent money his way. But MySQL? I wouldn't touch them. They've changed their licensing scheme once and they can do it again.
(actually, I would buy their provider if it wasn't written in managed code. it's too slow and consumes too much memory)
'Vendor lock-in' also means having a company do a 180 on the license and abandoning your branch of the product when you don't have time or expertise or interest to go in and fix someone else's code. I don't want code, I want a binary black box that works and support to go along. I don't want/need free. I don't want that social movement bullshit either. It's software. Sell it to me and support it. So far the two open source vendors (MySQL and RHN) we've worked with at that level suck much more than Microsoft, IBM or Sybase (IBM is especially great with their 3-year 'we won't support it anymore even for money' product cycles).
Call them 'smart clients' or 'fat clients' or whatever, but AJAX or not these babies are starting to make a comeback. The proliferation of web services and simple, secure client stacks to talk to them in whatever language one happens to use (C#, VB, Python, Perl, Ruby) simply make a far better solution than spankfangled 'rich' browser apps that are, for all their coolness, still difficult hacks. The desktop is still the best environment for creating useable apps. Give me a fast, stable widget library over crappy slow spaghetti JavaScript any day.
Now that you're done speculating about theoretical illegal hidden contracts and evil criminal intentions would you like to spend some time speculating also on the costs and problems of modifying your production processes to ship an operating system with your boxes that is going to have 1% the demand that the one you've been shipping for 20 years?
Also, explain to us how, if there is indeed this satanic compact between Microsoft and Dell, what exactly would be Dell's motivation to do this at all?
Finally, how much do you think an OEM license of XP Pro costs Dell? If you guessed $35 you're getting warm. How then do you explain you can get the same machine with XP for 'significantly less'? Because Dell wants to punish you? Or maybe, just maybe, because it simply costs them more to give you the box without an OS?
The terms of the settlement between Microsoft and the Justice Department that force Windows to be able to use another browser/email client have been in force for what, three years now? Four? And it took an OEM this long to do this?
Well, surely it wasn't because no one had shipped a free browser that didn't suck rocks and could actually match IE6. No, it was probably that monopoly/strong arming thing I keep hearing about.
Heh. Be careful with your examples or you might dig yourself a larger hole than you intended. If your logic is correct then Solaris (which was opened up only a few months ago) would have had a terrible security track - the problem of course is that it doesn't. It's about on par with the BSDs and Linux. Same goes for HP-UX and Xenix.
Also, by your calculations other 'propietary' operating systems like VMS and other 'old school' boxes that are outward-facing would be rooted every other day. Believe me, that's not the case.
It certainly seems to me that there are far more defacements and intrusions out there involving Unix-like OSes than Windows boxes. Of course Windows desktops are trapped in botnets and whatnot, but much of that can be traced back to user stupidity. The idea that a Windows computer cannot be successfully secured is a dear one to most open sores fanboys, but it's unfortunately not true.
Finally, all you need to do is to (theoretically at least) extrapolate the number of vulnerabilities Firefox (as an example of an 'open application') has had since it was first released and arrive at the conclusion that it will have a worse track record than IE. And isn't it interesting that the great majority of these vulnerabilities were discovered by people who were not looking at the source code? The same way vulns in IE are discovered. So if you are right we must have expected that Firefox should have shipped with zero bugs. None. But that's not quite the case, now is it?
And why doesn't IIS6 have more vulnerabilities than Apache 2?
Laptop + Dock at work
Laptop + Dock at home
Laptop + Extra Battery and adapter brick when travelling.
Wireless...
Seamless network usage through VPN... if I'm not mobile I must be dreaming then. The article is toast - did he have some usage scenario I'm not contemplating? My laptop works in the bathroom too!
Re:Its a matter of perspective
on
Pay vs. Happiness
·
· Score: 5, Funny
Board certified neurologist willing to relocate.
Good thing you're not in the IT industry...
- "So, you're a neurologist?"
- "Well, sorta. I play 'Operation' online all the time and I'm really good. I'm also halfway through the Wikipedia article on neurons. So... do I get the position?"
It's that simple. If you wake up every morning and think "wow, I'm pumped up to get to work because I love the stuff I do" then you'll always be happy. It doesn't matter if you're writing software or doing landscaping, and it doesn't matter how much money you make at it.
Of course you can love what you do and still burnout due to bad leadership, bad environments, crappy salary, etc. But when you already love what you do you know exactly what you want and you know what to shoot for. There are many people out there who don't even know what they want to do.
So the trick is just to find a good place to do what you really love. Everything else falls into place after that. The world is a big place. Unless your specialty is the study of the mating habits of the black-striped vampire burrowing ferret that only lives in a remote region of Mongolia, you usually have choices about jobs.
I'm sorry, but a lot of people are waiting for Perl6 and he has photoshopped James Bond, witty dialogue about nuclear weapons and faux videogame graphics. Parrot has been in alpha for what, 5 years now?
Perl can't continue to subsist solely on its established reputation of being the internet's 'glue'. An entire generation of developers have moved to other languages and frameworks. It looks more like Perl is going to end up as the next COBOL.
For that matter you could use something like YAML and get over your problem with the "koolaid". If web services are useless from your POV that's fine, but some of us use XML for stuff other than doing OOB requests in JavaScript.
You can move anything over HTTP, and as long as the receiving end understands you, you'll be OK. You can move INI files if you want. But some people prefer to use existing infrastructure (stable/tested parsers, WS-*, schema validation and so on) so as to avoid reinventing the wheel. Reinventing the wheel is expensive. So you take a small hit on the badwidth. Most people are not Google so they don't have to worry about measuring transport bandwidth overhead in terabytes and spending a year doing characterization testing.
Except that they haven't done this in a long time, but that would be an inconvenient fact to take into consideration, here. In any case, there are cases where Mozilla has sat on vulnerabilities for years as well (at least one, for three years). Nowadays they just "quarantine" vulnerability details until they can get a fix out. Of course that would be unacceptable if it were Microsoft.
blame them for making fundamentals errors in their design
That's nice, but unfortunately you can also get infected if you use something that has a "superior design" - or did you miss the topic of this article?
you have to admit that this is a good demonstration of how well an open source community project can respond.
You also have to admit that the speed with which a patch is released has nothing to do with how fast it is applied by a couple of million users. When Microsoft releases patches and people don't update their computers, Microsoft is to blame. When Microsoft releases patch for a vulnerability and then promptly reverse-engineered to create the exploit and people still get pwned, it's Microsoft's fault.
Te Firefox team made the mistake of making the auto-update feature too unobtrusive. It should get in your face by default whenever it detects a critical update is available.
Yay, Microsoft and Opera must have invented a really kewl propietary compression scheme because, well, IE and Opera 8 both use about 1/10th the memory Firefox does.
What is/was the argument against using the phrase "a malicious web page" in advisories?
Placing the blame on the user. If you word your vulnerability advisory with "you must be tricked into visiting a malicious web page" then you must be trying to skirt your responsibility and get away with blaming the user for getting pwned.
Which is ridiculous of course, but nonetheless used as yet-another-argument why "M$ is teh sux". When Mozilla does it however, it's perfectly OK. In general, any "flaw" (even user-facilitated attacks) in Microsoft software is Microsoft's fault, but if you use Linux or Firefox and you don't patch (for example) then it's your fault. It's the "poor user/stupid user" paradigm.
That's true, to a certain extent. If you talk to the developers, the SDTEs, the technical writers and all the folks in the trenches you can see they're as excited and motivated than I remember them in the mid-90s when the company could do no wrong. Microsoft has undergone significant changes (the blogs, Channel9, etc) in the past few years and people generally don't give them credit for these things and instead just cry doom because the company behaves like... well, a company. It's not a garage project anymore. It has shareholders and governability issues and the whole deal.
Having said that... the marketing folks (of whom the non-technical 'evangelists' are the worst) have been getting on my nerves lately. Microsoft seems to have hired quite a bad batch of them - or the problem comes from the top.
Either way, they have some issues to work out. But these 'is this the end for Microsoft!?' headline-grabbing 'reports' do get tiresome. Especially since they've been going on since 1999.
According to "the community", *all* IE bugs are critical. Even user-executed attachments. Even non-critical ones. Mozilla has begun publishing vuln advisories with the same "a malicious web page" verbiage that everyone berated Microsoft for in order to inflate the importance of every single IE bug. Or maybe you've forgotten the "IE Bug Of The Day" Slashdork articles back in 2003? This is not a valid argument simply because it cannot be applied equally to both browsers (anymore).
How fast where patches/new versions deployed
Aside from Mozilla simply disabling features and calling that a 'fix' (IDN comes to mind - twice), the speed with which patches are released has nothing to do with how quickly they are applied. And the 'automatic update' 'feature' of Firefox that insisted on downloading and reinstalling the entire browser all over again (and then leaving the previous entries in the Add/Remove programs applet) didn't really help. Microsoft has released patches that are then reverse engineered to create exploits - what does speed have to do with that?
How many days was the browser open to the exploit [...] Total number of days browser was exploitable - IE vs Firefox
Look at the 'Last Updated' date at the top and then look at the first comment. That's three years. All the "unpatched vulnerabilities" in IE that everyone parrots to prove Microsoft sucks are like this one. You can't take MS to task after this, now can you?
I bet you will find issues in IE that are not even patched yet, turnaround for more Firefox issues however? In most cases a solution within hours a patch within days
Again, irrelevant. And Microsoft has gotten a lot better at releasing patches quickly for at least quite a few years. This is no longer a valid argument, either.
Is IE insecure? Sure. It's a bit better now, but sure. That's not the point. Before it was "OMFG FIREFOX IS TEH SUPER" - now it's "well, it doesn't suck so much". The argument about Firefox being a better browser security-wise is no longer valid. Feature wise, sure. It blows IE out of the water and then some.
Definitely go for one of the Dell or HP dual Xeon workstations... they're worth every penny. Paired with 2GB of RAM, a 10K RPM SATA RAID setup and a decent 128MB+ nVidia Quadro FX PCI-E video card and two 19'-21' flat panel LCDs (Dell was selling a 20.1' FP for $500 this weekend) they're really good for running multiple background and application servers, compiling (ever run a 15 minute C++ build in the background while writing a spec document in Word?), instances of your IDE, etc.
Seriously, if you make $95K per year writing software it makes sense to drop $3K on the tool you use to make that money. Just my $0.02.
Oh come on. When you install SQL Server, you have to reboot.
Actually, you normally don't. If you have a reasonably up to date server or workstation and the SQL Server install doesn't need to update MDAC for example, then there is no reboot at all. This is true for W2KSP2+, WinXP (no SPs) and a default, off-CD install of Server 2003 (any flavor). SQL2K is a relatively 'clean' server product - unlike, say, BT2004 (though 2006 is a lot better). There are very few install scenarios for MS products nowadays that require a cold reboot. You can also add/remove server components (including IIS and MSMQ) without rebooting or even restarting a single service on the box.
To give you an idea, isntalling Visual Studio 2003 on a Windows 2000 SP3 box requires three (!) reboots (though granted, they can be automated). On Server 2003 (in the worstation role) it doesn't require a single reboot. It's really about what you have on the box to begin with, and what the product needs to update.
It was "the community" that descended on their blog and posted a vertiable shitload of pointless flamebait "opinions" about how they felt about the browser and how the IE team should behave - without giving them the luxury of even getting started with the dialogue. Just go to the blog on MSDN and browse around.
the user very rarely cares WHERE it is located as they probably aren't clicking on it with the mouse
Wrong. Wrong, wrong. Given an option between the mouse and the keyboard, the average user will almost always go for the mouse. For example, I've been trying to convince people to use Win+E to open Explorer instead of right-clicking on the Start menu, clicking on 'Explore' and then drilling up to the root of the shell namespace. 3 seconds vs. half a minute. And yet they keep using the mouse. Click on Start, select 'Run' instead of Win+R. Right-click on the taskbar to bring up the task manager instead of hitting Ctrl+Shift+Esc. The list goes on, and that's only for the Windows shell. Let's not get started with productivity apps like Word or Excel. I'd guess billions of man hours are wasted per year just reaching for the darn mouse.
I hope the folks that actually design Moz/Fx don't share your misconceptions of the user base. The users that hit '/' or 'Ctrl+F' to search are probably always going to be the minority.
Slashdot Mirror
I started using the ByteFX provider, reporting bugs on sf.net and whatnot because it was licensed under the LGPL. Then all of the sudden it's MySQL or the highway babeee!
Heck, if he had continued working on the LGPL version I would have 'bought' a license from him or I'd have found some other way to throw some decent money his way. But MySQL? I wouldn't touch them. They've changed their licensing scheme once and they can do it again.
(actually, I would buy their provider if it wasn't written in managed code. it's too slow and consumes too much memory)
'Vendor lock-in' also means having a company do a 180 on the license and abandoning your branch of the product when you don't have time or expertise or interest to go in and fix someone else's code. I don't want code, I want a binary black box that works and support to go along. I don't want/need free. I don't want that social movement bullshit either. It's software. Sell it to me and support it. So far the two open source vendors (MySQL and RHN) we've worked with at that level suck much more than Microsoft, IBM or Sybase (IBM is especially great with their 3-year 'we won't support it anymore even for money' product cycles).
Anyway, rant over =)
He can always blame it on Microsoft again.
Call them 'smart clients' or 'fat clients' or whatever, but AJAX or not these babies are starting to make a comeback. The proliferation of web services and simple, secure client stacks to talk to them in whatever language one happens to use (C#, VB, Python, Perl, Ruby) simply make a far better solution than spankfangled 'rich' browser apps that are, for all their coolness, still difficult hacks. The desktop is still the best environment for creating useable apps. Give me a fast, stable widget library over crappy slow spaghetti JavaScript any day.
Also, explain to us how, if there is indeed this satanic compact between Microsoft and Dell, what exactly would be Dell's motivation to do this at all?
Finally, how much do you think an OEM license of XP Pro costs Dell? If you guessed $35 you're getting warm. How then do you explain you can get the same machine with XP for 'significantly less'? Because Dell wants to punish you? Or maybe, just maybe, because it simply costs them more to give you the box without an OS?
Well, surely it wasn't because no one had shipped a free browser that didn't suck rocks and could actually match IE6. No, it was probably that monopoly/strong arming thing I keep hearing about.
Also, by your calculations other 'propietary' operating systems like VMS and other 'old school' boxes that are outward-facing would be rooted every other day. Believe me, that's not the case.
It certainly seems to me that there are far more defacements and intrusions out there involving Unix-like OSes than Windows boxes. Of course Windows desktops are trapped in botnets and whatnot, but much of that can be traced back to user stupidity. The idea that a Windows computer cannot be successfully secured is a dear one to most open sores fanboys, but it's unfortunately not true.
Finally, all you need to do is to (theoretically at least) extrapolate the number of vulnerabilities Firefox (as an example of an 'open application') has had since it was first released and arrive at the conclusion that it will have a worse track record than IE. And isn't it interesting that the great majority of these vulnerabilities were discovered by people who were not looking at the source code? The same way vulns in IE are discovered. So if you are right we must have expected that Firefox should have shipped with zero bugs. None. But that's not quite the case, now is it?
And why doesn't IIS6 have more vulnerabilities than Apache 2?
Your logic seems leaky to me.
Laptop + Dock at work
Laptop + Dock at home
Laptop + Extra Battery and adapter brick when travelling.
Wireless... Seamless network usage through VPN... if I'm not mobile I must be dreaming then. The article is toast - did he have some usage scenario I'm not contemplating? My laptop works in the bathroom too!
Good thing you're not in the IT industry...
- "So, you're a neurologist?"
- "Well, sorta. I play 'Operation' online all the time and I'm really good. I'm also halfway through the Wikipedia article on neurons. So... do I get the position?"
Of course you can love what you do and still burnout due to bad leadership, bad environments, crappy salary, etc. But when you already love what you do you know exactly what you want and you know what to shoot for. There are many people out there who don't even know what they want to do.
So the trick is just to find a good place to do what you really love. Everything else falls into place after that. The world is a big place. Unless your specialty is the study of the mating habits of the black-striped vampire burrowing ferret that only lives in a remote region of Mongolia, you usually have choices about jobs.
Perl can't continue to subsist solely on its established reputation of being the internet's 'glue'. An entire generation of developers have moved to other languages and frameworks. It looks more like Perl is going to end up as the next COBOL.
The world is moving on.
You can move anything over HTTP, and as long as the receiving end understands you, you'll be OK. You can move INI files if you want. But some people prefer to use existing infrastructure (stable/tested parsers, WS-*, schema validation and so on) so as to avoid reinventing the wheel. Reinventing the wheel is expensive. So you take a small hit on the badwidth. Most people are not Google so they don't have to worry about measuring transport bandwidth overhead in terabytes and spending a year doing characterization testing.
Except that they haven't done this in a long time, but that would be an inconvenient fact to take into consideration, here. In any case, there are cases where Mozilla has sat on vulnerabilities for years as well (at least one, for three years). Nowadays they just "quarantine" vulnerability details until they can get a fix out. Of course that would be unacceptable if it were Microsoft.
blame them for making fundamentals errors in their design
That's nice, but unfortunately you can also get infected if you use something that has a "superior design" - or did you miss the topic of this article?
You also have to admit that the speed with which a patch is released has nothing to do with how fast it is applied by a couple of million users. When Microsoft releases patches and people don't update their computers, Microsoft is to blame. When Microsoft releases patch for a vulnerability and then promptly reverse-engineered to create the exploit and people still get pwned, it's Microsoft's fault.
Te Firefox team made the mistake of making the auto-update feature too unobtrusive. It should get in your face by default whenever it detects a critical update is available.
Apologetic fanboy.
Placing the blame on the user. If you word your vulnerability advisory with "you must be tricked into visiting a malicious web page" then you must be trying to skirt your responsibility and get away with blaming the user for getting pwned.
Which is ridiculous of course, but nonetheless used as yet-another-argument why "M$ is teh sux". When Mozilla does it however, it's perfectly OK. In general, any "flaw" (even user-facilitated attacks) in Microsoft software is Microsoft's fault, but if you use Linux or Firefox and you don't patch (for example) then it's your fault. It's the "poor user/stupid user" paradigm.
Having said that... the marketing folks (of whom the non-technical 'evangelists' are the worst) have been getting on my nerves lately. Microsoft seems to have hired quite a bad batch of them - or the problem comes from the top.
Either way, they have some issues to work out. But these 'is this the end for Microsoft!?' headline-grabbing 'reports' do get tiresome. Especially since they've been going on since 1999.
According to "the community", *all* IE bugs are critical. Even user-executed attachments. Even non-critical ones. Mozilla has begun publishing vuln advisories with the same "a malicious web page" verbiage that everyone berated Microsoft for in order to inflate the importance of every single IE bug. Or maybe you've forgotten the "IE Bug Of The Day" Slashdork articles back in 2003? This is not a valid argument simply because it cannot be applied equally to both browsers (anymore).
How fast where patches/new versions deployed
Aside from Mozilla simply disabling features and calling that a 'fix' (IDN comes to mind - twice), the speed with which patches are released has nothing to do with how quickly they are applied. And the 'automatic update' 'feature' of Firefox that insisted on downloading and reinstalling the entire browser all over again (and then leaving the previous entries in the Add/Remove programs applet) didn't really help. Microsoft has released patches that are then reverse engineered to create exploits - what does speed have to do with that?
How many days was the browser open to the exploit [...] Total number of days browser was exploitable - IE vs Firefox
https://bugzilla.mozilla.org/show_bug.cgi?id=69070
Look at the 'Last Updated' date at the top and then look at the first comment. That's three years. All the "unpatched vulnerabilities" in IE that everyone parrots to prove Microsoft sucks are like this one. You can't take MS to task after this, now can you?
I bet you will find issues in IE that are not even patched yet, turnaround for more Firefox issues however? In most cases a solution within hours a patch within days
Again, irrelevant. And Microsoft has gotten a lot better at releasing patches quickly for at least quite a few years. This is no longer a valid argument, either.
Is IE insecure? Sure. It's a bit better now, but sure. That's not the point. Before it was "OMFG FIREFOX IS TEH SUPER" - now it's "well, it doesn't suck so much". The argument about Firefox being a better browser security-wise is no longer valid. Feature wise, sure. It blows IE out of the water and then some.
Seriously, if you make $95K per year writing software it makes sense to drop $3K on the tool you use to make that money. Just my $0.02.
Actually, you normally don't. If you have a reasonably up to date server or workstation and the SQL Server install doesn't need to update MDAC for example, then there is no reboot at all. This is true for W2KSP2+, WinXP (no SPs) and a default, off-CD install of Server 2003 (any flavor). SQL2K is a relatively 'clean' server product - unlike, say, BT2004 (though 2006 is a lot better). There are very few install scenarios for MS products nowadays that require a cold reboot. You can also add/remove server components (including IIS and MSMQ) without rebooting or even restarting a single service on the box.
To give you an idea, isntalling Visual Studio 2003 on a Windows 2000 SP3 box requires three (!) reboots (though granted, they can be automated). On Server 2003 (in the worstation role) it doesn't require a single reboot. It's really about what you have on the box to begin with, and what the product needs to update.
It was "the community" that descended on their blog and posted a vertiable shitload of pointless flamebait "opinions" about how they felt about the browser and how the IE team should behave - without giving them the luxury of even getting started with the dialogue. Just go to the blog on MSDN and browse around.
If they produce a clone of Firefox then it's OMFG M$ IS TEH SUXX!!1! THEY NOTT INNOVATEING!! LOLOLOLOL!!!1!
If they don't then they're arrogant.
Uncanny.
Wrong. Wrong, wrong. Given an option between the mouse and the keyboard, the average user will almost always go for the mouse. For example, I've been trying to convince people to use Win+E to open Explorer instead of right-clicking on the Start menu, clicking on 'Explore' and then drilling up to the root of the shell namespace. 3 seconds vs. half a minute. And yet they keep using the mouse. Click on Start, select 'Run' instead of Win+R. Right-click on the taskbar to bring up the task manager instead of hitting Ctrl+Shift+Esc. The list goes on, and that's only for the Windows shell. Let's not get started with productivity apps like Word or Excel. I'd guess billions of man hours are wasted per year just reaching for the darn mouse.
I hope the folks that actually design Moz/Fx don't share your misconceptions of the user base. The users that hit '/' or 'Ctrl+F' to search are probably always going to be the minority.
Do the 'editors' ever actually read these submissions anymore?
Except when someone intentionally missquotes Torvalds or Stallman or Perens, in which case it's called 'FUD'
I'm waiting for the iPod Femto. I hear you'll be able to lodge it under a fingernail. They're just working out the headphone connector.