So, you believe there is an interface in java where I can write quickly and read quickly to memory, with out needing any bounds checking to see if you are righting out side of it? Wouldn't this mean It isn't that hard to right a java app that can take control of somebodies computer because there is no security?
Hmmm. Okay, you are probably thinking unsigned Java applets. Those types of applications run in what is often called a "security sandbox" which limits their capabilities. While in these, Java is unable to use NIO APIs. But, as a standalone or signed (and accepted by end-user) applet Java can use these APIs and thus get full powered input/output control.
"C is actually a pretty portable language".
True. And C++ is pretty standard too. Its only when you use APIs like ATL or DirectX that you get into trouble with cross platform capabilities. Ofcourse, unlike Java, you have to have your code compiled into various binaries. No biggy in the PC world but a real headache with phones because of the variety of chipsets.
If all phones allowed C/C++ apps, I would definatly choose to avoid java for games.
Or, even better, just have a tool that compiles the Java bytecode to a target machine code. This is how they did it with SuperWaba. And there are many advantages for doing this. Another approach is Qualcomm's BREW.
If you say so, some peoples sence of humour may actually differe from you. Some people my clame there is right or wrong when it comes to taste but I dissagree.
Can this really provide fast buffer acess conpaired to C/C++?
Yes
Isn't it going to require bounds checking in the JVM?
No.
Otherwise it would be a security problem wouldn't it?
Yes. So is giving people your credit card number to people you don't know or running with scissors.
and the java is significantly less cache friendly,
That is your earlier assumption which, apprently, you have concluded is a fact. Must have been a real scientific endevour on your part.
Back on mobile phones, I think there are mostly arm processors, and C is actually a pretty portable language.
Oh, geez, mostly? We will ignore the likes of Motorola, MIPS, and Intel to name a few? And theres like, what, only one ARM processor out there with cellpones not including any third party chipsets (ASIC's)? Seems like your steering here. Right now I post from a computer that has the only RISC processor, with the one and only type of memory, running the one and only operating system, by using the one and only web browser.
How is doing java support for different screen sizes, colous, buttons, and memory different to a C API?
What is the name of this C API that goes across multiple chipsets and does these things? I take it it only supports ARM processors right (the one and only)? Might as well make use of your platform here and tell the world of this C API. I sure would like to check it out.
We called it write once run away code.
Thats a really bad joke. Does that actually get laughs where you come from?
There is no way to write and read from lots of memory quickly in java is there?
Yes, Java came out with Native I/O API (NIO).
All benchmarks that I have looked into that show that Java runs faster then C/C++ are extremly heavily biased towards making Java look good.
I've read similar reports of.NET being better than Java. Even newer reports show that Ruby is better than.NET. I guess Ruby is the best there is. Expect a Ruby port of Quake that runs faster than the original C version;)
Correct me if I am wrong, but in order to get towards the original C code, they have had to change the quake rendering code, and in doing so, have made Quake2 more optimal for modern video cards with modern drivers.
Yes, they optimised with vector arrays and how memory is allocated in some loops. Vector arrays meant Java sent fewer calls to OpenGL since one performance issue with Java to OpenGL is calling virtual functions (JNI). Its unlikely that using vector arrays in the original C port would do anything for performance. The memory allocation is a bit more tricky since Java works with memory differently than C and this may not be an improvement to the original C code. I haven't read the source code and have to take the developers word on all this.
But to be fair of Java, it has to go through an extra layer of interfaces to make the calls (On the other had this is always another argument why java is actually slow)
Most Java applications do not use JNI code which would make that argument rather rare in usage.
Is it true java needs more memory, does this therefore this can cause more cache thrashing?
No, the garbage collectors in Java do a pretty good job at making sure the cache is not thrashing. But, if you read some Trolls here on Slashdot they would state that Java not only ate all their computer memory but also kicked sand in their face at the beach and stole their lunch money. Depends if you WANT TO BELIEVE that Java takes 600 megs to run. It won't match reality but might make a "Java Hater" fan club member sleep easier at night.
I've actually had the experience of writing java games on mobile phones, its really sad that the performance of java has become hyped to the point where people think giving developers no other choice but java on these machines is a good idea.
This reminds me of when I was writing PalmOS apps. I was writing them in C using a modified Cygwin compiler on Windows. Some time later I came across SuperWaba and dropped the C code in a heart beat. Main reason? It was cross platform. With SuperWaba I could support all types of PalmOS platforms AND Windows CE. Seems to be the #1 reason phone companies use it too. Theres just too many different types of phones out there with different chips, operating systems, memory sizes, screen resolutions+colors, buttons, etc. Seems smart to give developers the capability to hit more devices rather than fewer. C may give you sweet access to performance for a particular machine/device but it will also lock you to it.
JNI is likewise a feature of Java -- it doesn't mean it's fair game to just call native code because of this, though.
I did not scroll down far enough to see they had a managed version. Yes, I could see if Jake2 called C++ code using JNI outside just calling the OpenGL/OpenAL bindings to get performance than that would discount the comparison too. I will have to investigate this "fastjogl".
The managed.NET code, according to the developers, runs 85% the speed of the original C game. This seems to be approximately what the Jake2 project has achieved. 85% to me appears to be a win for both.NET and Java as "possible" game platforms.
Use of unmanaged C++ code inside the the.NET Quake engine makes a comparison a bit slippery. Sure, you could reason that since thats a feature of.NET, that it should count. But then again, they use it so much (C++) that it can barely be called.NET but rather a mere wrapper around a C++ engine.
I've ran Azureus for quite a bit, for days as a matter of fact. Haven't experienced the problem you speak of. I was using Sun's JRE 1.5 though so maybe you are using something else. But you shouldnt have since Azureus clearly states to use Sun's JRE 1.5 on their homepage. Change it and your problem will probably go away. If not, post your problem to the Azureus bug tracker and someone can probably help you deduce where your real problem is. Slashdot is not a good forum for airing your problems since it will be unlikely that it will get fixed since you will probably only be seen as someone who has an issue with the Java programming language rather than someone will a real problem. If it is that you just have a general problem with the Java programming language: get over it. Its just a programming language!
Typically if you are near (like 100 miles) from a large city you can count on high speed internet. There are also plenty of smallish towns and universities that have this same effect on their surrounding areas. The connection is often times better in these rural areas for several reasons:
1. Less people using the lines. And often times these lines, due to lack of customers and cheesy setup, are non-capped. So you can get some pretty amazing speeds.
2. When you need support, you call the local cable provider and they can often times assist you immediately. No four hour wait on the phone because your customer #4533 and the Indian tech support guy (#336544) is out to tea in downtown Bangladore.
IE6 has also been around much longer (since Feb 2003) than Firefox (Nov 2004).
The only problem with your logic is that you have forgotten, or simply were not aware of, the fact the Firefox code base comes from Mozilla. Mozilla's code base comes from Netscape's browser. Netscape was around before Internet Explorer. So, Firefox is older and more mature than Internet Explorer.
Most of Firefox's recent "severe" security issues are from oddball features rarely used. I actually think its good to see these exploits since they are just hardening out the kinks.
Better than that would be to put the "X" button on the tab itself. If you use Eclipse, or even Azureuz, it has this feature on the tabs. Ofcourse, this leads to another problem: those "X" buttons would make the tabs wider and thus make it harder to get multiple tabs within view.
Still, those "X" buttons would be nice on the tabs for those of us who only have a handful up at a time.
If Bush is all of the things you liberals purport, why then didn't Bush follow through with his evil lie?
Actually I'm an old school conservative who believes, unlike neo-cons like Bush Inc., that people and moral issues are important and greed is the road to evil. Boy, I remember when the GOP fought for civil liberties and values instead of trying so hard to destroy them.
And why should Bush Inc. spend the effort faking WMD? Why go through the effort if people, like yourself, will follow him no matter what he says or does? Hell, he could go on television tommorow and say "Screw you all" and people will still vote for him JUST because he's a so-called "Republican". Makes me sick.
Nah, planting evidence can turn into a scandel if found out. It's easier to just pump Fox news and talk radio with false information and act like liberals are just pointing fingers and playing a "blame game". I mean, we all know that liberals hate people of good moral standing and are not really true sheep...er...Americans.;-)
You told somebody you don't know that they were responsible for testing and QA failures. That person didn't identify themselves as being a beta tester or have any special connection with Mozilla.org - for all you know, they are an end user.
What?! Okay, I can't figure out what you are trying to say. Two other people had a look at your posting and were equally confused. All we could figure (guess really) is that you are trying to say that there is confusion between what an end-user and a beta tester are. Typically, people who run beta versions of software know that they are running betas since there are notices throughout the download and installation that informs them of this. If they some how have completely missed all these warnings they clearly only have themselves to blame.
No I'm not. You said that Internet Explorer had more security holes - over the course of its lifetime, that might be true, but when you take a representative sample - i.e. a sampling over a specific period of time when they are both publically released - they are equal. Your claim that Internet Explorer has more holes is not true.
Again, an example of your lack of knowledge about Firefox. Firefox base code came from the Mozilla browser. Mozilla's browser base code came from the Netscape browser. Netscape browser was out before Internet Explorer. Add all security holes over the years of Netscape, Mozilla(both pre Firefox), and Firefox and you still have less security exploits than Internet Explorer despite the fact that much of the code that makes Firefox has been around longer.
Irrelevant.
Actually its very relevent since you were claiming Firefox had security holes that were going unfixed for long periods of time.
but this cavalier attitude to security and stability has me worried.
Oh my gawd I am soooo tired of hearing people whine about some programmers on an open source project being arrogant or snooty. Its like not liking a movie because you disagree with the way one of the actors behaves while he/she is offscreen. Firefox is a product. Get over it.
When the next version of Konqueror comes out, which will have its own version of Adblock, I'll probably switch.
Also, I can tell you who is responsible for testing and QA failures: you are.
That attitude is reminiscent of the infamous Bill Gates interview where he said that bugs was the end users' fault.
Not end users but beta testers. Thats why there are betas. Mozilla always requests for people to run the betas, find bugs, and report them. Heres the note for the 1.5 beta (Deer Park):
Note: This is not the final release of our Web browser, it has been made available for testing purposes only, with no end-user support. If that sounds scary, you'd probably be better off with the latest version of Firefox 1.0.
Since the release of Firefox 1.0, I believe there have been about the same number of vulnerabilities found in both browsers.
Your contradicting yourself. From you in the same post:
Mozilla and Firefox are pretty bad when it comes to security. Not as bad as Internet Explorer but still pretty damn bad.
So what is it? Are you saying its less, equal, or better security? Please make up your mind.
Remember that XUL spoofing vulnerability that was marked non-public in Bugzilla so it could linger for over two years without being fixed?
If I remember right, the XUL spoofing vulnerability was fixed prior to the public release of Firefox version 1.
But they don't design securely at all, and they certainly don't test securely.
You were probably deleted from the blog for FUD statements like that. I don't believe in censoring myself, but your asking really idiotic questions and making opinions while lacking the knowledge to be making them to begin with.
a very simple question in Ask Asa #17: Basically, who was responsible for the testing/QA failure that led to a security regression in Firefox 1.0.4
I think your first problem is is the way you ask questions. Your question is apparently an attempt to start a blame game. Also, I can tell you who is responsible for testing and QA failures: you are. Yep, you apparently missed that Mozilla puts out betas with the intent that people test and find the bugs. Did you not notice that it's an open source project? Because its open source there is no "team" of testers working round the clock to find problems. Oddly, Microsoft which has these types of teams never seems to find the large number of security holes in IE. Mozilla's strategy, with its far fewer security vulnerabilities, may be proving that its a better testing/QA model for security. Only time will tell I guess. So far I think Mozilla is easily winning in this game.
Asa isn't the funloving guy his blog projects, he can be a complete idiot too. Spread the word.
I have better things to do than spread FUD. I will instead spread copies of Firefox on peoples computers with the knowledge that it's still more stable and secure than IE. This seems to be more constructive than blasting people as "idiots" because I have some person problem with them.
The funny thing is his note: "As I previously reported, there is a remote kernel denial of serivce vulnerability with the Remote Desktop Services protocol which affects every verison of Microsoft Windows. "
Last time I check, RDP is not on older versions of Windows. Again, blown out of porportion for such a minor bug.
Tom Ferris has a history of reporting so-called exploits. This history includes not only Firefox but also Internet Explorer. In every case he usually makes a feeble attempt at contacting the right sources to inform them of the problem and then, all of a sudden, claims that they are not responding to him and he feels he has to post all security postings public to save our lives (and he contacts CNet too to get the word out).
Oddly, I have yet to see one of his found exploits actually work. At most, I have seen them as annoyances that can possibly cause browsers to crash IF the end-user follows the exploit instructions to the letter using the exact same browser on Windows (Tom never appears to find anything on Linux or Mac but always claims that his exploits work on all platforms without actually testing them).
Yes, the post mentioned offshoring. So did your post. Oh well.
Taking a quick look at your blog I can see the problem: your a complainer. Go outside and live a little. And try smiling. The weight of the world is not on your shoulders to worry over....
I find it sad at the sheer volume of apparent offshoring techies responding to this article with the intent to dismiss it.
Give it a break. I don't want your FUD.
The article was intended to be light humor in the fact that Microsoft had a virus of the non-computer type. It had nothing to do with offshoring. Its too bad too many of you can't see past your own problems to see the post for what it is.
When someone's life may depend on a call going through (911) I would say anything below 99.99 (repeating) is unacceptable.
Thats interesting. Most VOIP operations are using the same 911 services used by most cell phone providers. You advocating everyone returning cell phones too?
There is another problem with using VOIP. When the internet goes down your VOIP phone may go with it.
Lets see: I've been using the internet over a decade. I must admit that I haven't seen a hacker take down the internet yet. Maybe I just was not on during when that occured and they corrected the problem before I noticed. Have to go to bed some time!
We use VOIP phones at work and I recall a situation last year where a hacker brought our internet connection to its knees (hence no VOIP phones) and everyone was running around like a chicken with their head cut off trying to figure out how to make calls.
Wow. My last employer had the complete opposite problem. But the nemesis wasn't hackers, it was thunderstorms. Every year we could count on a storm knocking out the phone service. Storms seem a more common threat to communication technology as compared to hackers taking down the internet.
And if your using DSL to connect for VOIP, and your phone line goes down, aren't you SOL anyways?
Slashdot Mirror
So, you believe there is an interface in java where I can write quickly and read quickly to memory, with out needing any bounds checking to see if you are righting out side of it? Wouldn't this mean It isn't that hard to right a java app that can take control of somebodies computer because there is no security?
Hmmm. Okay, you are probably thinking unsigned Java applets. Those types of applications run in what is often called a "security sandbox" which limits their capabilities. While in these, Java is unable to use NIO APIs. But, as a standalone or signed (and accepted by end-user) applet Java can use these APIs and thus get full powered input/output control.
"C is actually a pretty portable language".
True. And C++ is pretty standard too. Its only when you use APIs like ATL or DirectX that you get into trouble with cross platform capabilities. Ofcourse, unlike Java, you have to have your code compiled into various binaries. No biggy in the PC world but a real headache with phones because of the variety of chipsets.
If all phones allowed C/C++ apps, I would definatly choose to avoid java for games.
Or, even better, just have a tool that compiles the Java bytecode to a target machine code. This is how they did it with SuperWaba. And there are many advantages for doing this. Another approach is Qualcomm's BREW.
If you say so, some peoples sence of humour may actually differe from you. Some people my clame there is right or wrong when it comes to taste but I dissagree.
Sorry, I was in a pissy mood yesterday.
Can this really provide fast buffer acess conpaired to C/C++?
Yes
Isn't it going to require bounds checking in the JVM?
No.
Otherwise it would be a security problem wouldn't it?
Yes. So is giving people your credit card number to people you don't know or running with scissors.
and the java is significantly less cache friendly,
That is your earlier assumption which, apprently, you have concluded is a fact. Must have been a real scientific endevour on your part.
Back on mobile phones, I think there are mostly arm processors, and C is actually a pretty portable language.
Oh, geez, mostly? We will ignore the likes of Motorola, MIPS, and Intel to name a few? And theres like, what, only one ARM processor out there with cellpones not including any third party chipsets (ASIC's)? Seems like your steering here. Right now I post from a computer that has the only RISC processor, with the one and only type of memory, running the one and only operating system, by using the one and only web browser.
How is doing java support for different screen sizes, colous, buttons, and memory different to a C API?
What is the name of this C API that goes across multiple chipsets and does these things? I take it it only supports ARM processors right (the one and only)? Might as well make use of your platform here and tell the world of this C API. I sure would like to check it out.
We called it write once run away code.
Thats a really bad joke. Does that actually get laughs where you come from?
There is no way to write and read from lots of memory quickly in java is there?
.NET being better than Java. Even newer reports show that Ruby is better than .NET. I guess Ruby is the best there is. Expect a Ruby port of Quake that runs faster than the original C version ;)
Yes, Java came out with Native I/O API (NIO).
All benchmarks that I have looked into that show that Java runs faster then C/C++ are extremly heavily biased towards making Java look good.
I've read similar reports of
Correct me if I am wrong, but in order to get towards the original C code, they have had to change the quake rendering code, and in doing so, have made Quake2 more optimal for modern video cards with modern drivers.
Yes, they optimised with vector arrays and how memory is allocated in some loops. Vector arrays meant Java sent fewer calls to OpenGL since one performance issue with Java to OpenGL is calling virtual functions (JNI). Its unlikely that using vector arrays in the original C port would do anything for performance. The memory allocation is a bit more tricky since Java works with memory differently than C and this may not be an improvement to the original C code. I haven't read the source code and have to take the developers word on all this.
But to be fair of Java, it has to go through an extra layer of interfaces to make the calls (On the other had this is always another argument why java is actually slow)
Most Java applications do not use JNI code which would make that argument rather rare in usage.
Is it true java needs more memory, does this therefore this can cause more cache thrashing?
No, the garbage collectors in Java do a pretty good job at making sure the cache is not thrashing. But, if you read some Trolls here on Slashdot they would state that Java not only ate all their computer memory but also kicked sand in their face at the beach and stole their lunch money. Depends if you WANT TO BELIEVE that Java takes 600 megs to run. It won't match reality but might make a "Java Hater" fan club member sleep easier at night.
I've actually had the experience of writing java games on mobile phones, its really sad that the performance of java has become hyped to the point where people think giving developers no other choice but java on these machines is a good idea.
This reminds me of when I was writing PalmOS apps. I was writing them in C using a modified Cygwin compiler on Windows. Some time later I came across SuperWaba and dropped the C code in a heart beat. Main reason? It was cross platform. With SuperWaba I could support all types of PalmOS platforms AND Windows CE. Seems to be the #1 reason phone companies use it too. Theres just too many different types of phones out there with different chips, operating systems, memory sizes, screen resolutions+colors, buttons, etc. Seems smart to give developers the capability to hit more devices rather than fewer. C may give you sweet access to performance for a particular machine/device but it will also lock you to it.
JNI is likewise a feature of Java -- it doesn't mean it's fair game to just call native code because of this, though.
.NET code, according to the developers, runs 85% the speed of the original C game. This seems to be approximately what the Jake2 project has achieved. 85% to me appears to be a win for both .NET and Java as "possible" game platforms.
I did not scroll down far enough to see they had a managed version. Yes, I could see if Jake2 called C++ code using JNI outside just calling the OpenGL/OpenAL bindings to get performance than that would discount the comparison too. I will have to investigate this "fastjogl".
The managed
Use of unmanaged C++ code inside the the .NET Quake engine makes a comparison a bit slippery. Sure, you could reason that since thats a feature of .NET, that it should count. But then again, they use it so much (C++) that it can barely be called .NET but rather a mere wrapper around a C++ engine.
I've ran Azureus for quite a bit, for days as a matter of fact. Haven't experienced the problem you speak of. I was using Sun's JRE 1.5 though so maybe you are using something else. But you shouldnt have since Azureus clearly states to use Sun's JRE 1.5 on their homepage. Change it and your problem will probably go away. If not, post your problem to the Azureus bug tracker and someone can probably help you deduce where your real problem is. Slashdot is not a good forum for airing your problems since it will be unlikely that it will get fixed since you will probably only be seen as someone who has an issue with the Java programming language rather than someone will a real problem. If it is that you just have a general problem with the Java programming language: get over it. Its just a programming language!
Typically if you are near (like 100 miles) from a large city you can count on high speed internet. There are also plenty of smallish towns and universities that have this same effect on their surrounding areas. The connection is often times better in these rural areas for several reasons:
1. Less people using the lines. And often times these lines, due to lack of customers and cheesy setup, are non-capped. So you can get some pretty amazing speeds.
2. When you need support, you call the local cable provider and they can often times assist you immediately. No four hour wait on the phone because your customer #4533 and the Indian tech support guy (#336544) is out to tea in downtown Bangladore.
Are you trying to tell me Bill O'Really does not speak for all Americans?
Yeah, and you probably can't uninstall Firefox now because of that.
Ghost has issues if the computers are not identical.
At least there's some competition, driving down prices and increasing usability, today.
Thats humorous. Wish I had some mod points for ya!
>>1) The vulnerabilities for Mozilla prior to Firefox
The vulnerabilities of IE5 are not included with IE6 in the Secunia database.
>>2) IE6 has been around since 2001.
Netscape 4, which Firefox is based from, has been around since 1996.
IE6 has also been around much longer (since Feb 2003) than Firefox (Nov 2004).
The only problem with your logic is that you have forgotten, or simply were not aware of, the fact the Firefox code base comes from Mozilla. Mozilla's code base comes from Netscape's browser. Netscape was around before Internet Explorer. So, Firefox is older and more mature than Internet Explorer.
Most of Firefox's recent "severe" security issues are from oddball features rarely used. I actually think its good to see these exploits since they are just hardening out the kinks.
Better than that would be to put the "X" button on the tab itself. If you use Eclipse, or even Azureuz, it has this feature on the tabs. Ofcourse, this leads to another problem: those "X" buttons would make the tabs wider and thus make it harder to get multiple tabs within view.
Still, those "X" buttons would be nice on the tabs for those of us who only have a handful up at a time.
If Bush is all of the things you liberals purport, why then didn't Bush follow through with his evil lie?
Actually I'm an old school conservative who believes, unlike neo-cons like Bush Inc., that people and moral issues are important and greed is the road to evil. Boy, I remember when the GOP fought for civil liberties and values instead of trying so hard to destroy them.
And why should Bush Inc. spend the effort faking WMD? Why go through the effort if people, like yourself, will follow him no matter what he says or does? Hell, he could go on television tommorow and say "Screw you all" and people will still vote for him JUST because he's a so-called "Republican". Makes me sick.
Nah, planting evidence can turn into a scandel if found out. It's easier to just pump Fox news and talk radio with false information and act like liberals are just pointing fingers and playing a "blame game". I mean, we all know that liberals hate people of good moral standing and are not really true sheep...er...Americans. ;-)
You told somebody you don't know that they were responsible for testing and QA failures. That person didn't identify themselves as being a beta tester or have any special connection with Mozilla.org - for all you know, they are an end user.
What?! Okay, I can't figure out what you are trying to say. Two other people had a look at your posting and were equally confused. All we could figure (guess really) is that you are trying to say that there is confusion between what an end-user and a beta tester are. Typically, people who run beta versions of software know that they are running betas since there are notices throughout the download and installation that informs them of this. If they some how have completely missed all these warnings they clearly only have themselves to blame.
No I'm not. You said that Internet Explorer had more security holes - over the course of its lifetime, that might be true, but when you take a representative sample - i.e. a sampling over a specific period of time when they are both publically released - they are equal. Your claim that Internet Explorer has more holes is not true.
Again, an example of your lack of knowledge about Firefox. Firefox base code came from the Mozilla browser. Mozilla's browser base code came from the Netscape browser. Netscape browser was out before Internet Explorer. Add all security holes over the years of Netscape, Mozilla(both pre Firefox), and Firefox and you still have less security exploits than Internet Explorer despite the fact that much of the code that makes Firefox has been around longer.
Irrelevant.
Actually its very relevent since you were claiming Firefox had security holes that were going unfixed for long periods of time.
but this cavalier attitude to security and stability has me worried.
Oh my gawd I am soooo tired of hearing people whine about some programmers on an open source project being arrogant or snooty. Its like not liking a movie because you disagree with the way one of the actors behaves while he/she is offscreen. Firefox is a product. Get over it.
When the next version of Konqueror comes out, which will have its own version of Adblock, I'll probably switch.
Good. Thats the power of choice.
Also, I can tell you who is responsible for testing and QA failures: you are.
That attitude is reminiscent of the infamous Bill Gates interview where he said that bugs was the end users' fault.
Not end users but beta testers. Thats why there are betas. Mozilla always requests for people to run the betas, find bugs, and report them. Heres the note for the 1.5 beta (Deer Park):
Note: This is not the final release of our Web browser, it has been made available for testing purposes only, with no end-user support. If that sounds scary, you'd probably be better off with the latest version of Firefox 1.0.
Since the release of Firefox 1.0, I believe there have been about the same number of vulnerabilities found in both browsers.
Your contradicting yourself. From you in the same post:
Mozilla and Firefox are pretty bad when it comes to security. Not as bad as Internet Explorer but still pretty damn bad.
So what is it? Are you saying its less, equal, or better security? Please make up your mind.
Remember that XUL spoofing vulnerability that was marked non-public in Bugzilla so it could linger for over two years without being fixed?
If I remember right, the XUL spoofing vulnerability was fixed prior to the public release of Firefox version 1.
But they don't design securely at all, and they certainly don't test securely.
You were probably deleted from the blog for FUD statements like that. I don't believe in censoring myself, but your asking really idiotic questions and making opinions while lacking the knowledge to be making them to begin with.
a very simple question in Ask Asa #17: Basically, who was responsible for the testing/QA failure that led to a security regression in Firefox 1.0.4
I think your first problem is is the way you ask questions. Your question is apparently an attempt to start a blame game. Also, I can tell you who is responsible for testing and QA failures: you are. Yep, you apparently missed that Mozilla puts out betas with the intent that people test and find the bugs. Did you not notice that it's an open source project? Because its open source there is no "team" of testers working round the clock to find problems. Oddly, Microsoft which has these types of teams never seems to find the large number of security holes in IE. Mozilla's strategy, with its far fewer security vulnerabilities, may be proving that its a better testing/QA model for security. Only time will tell I guess. So far I think Mozilla is easily winning in this game.
Asa isn't the funloving guy his blog projects, he can be a complete idiot too. Spread the word.
I have better things to do than spread FUD. I will instead spread copies of Firefox on peoples computers with the knowledge that it's still more stable and secure than IE. This seems to be more constructive than blasting people as "idiots" because I have some person problem with them.
I take that back. I did find one of his recent exploits (actually its a DoS) that Microsoft actually made a patch for:
n /MS05-041.mspx
http://www.microsoft.com/technet/security/bulleti
The funny thing is his note: "As I previously reported, there is a remote kernel denial of serivce vulnerability with the Remote Desktop Services protocol which affects every verison of Microsoft Windows. "
Last time I check, RDP is not on older versions of Windows. Again, blown out of porportion for such a minor bug.
Tom Ferris has a history of reporting so-called exploits. This history includes not only Firefox but also Internet Explorer. In every case he usually makes a feeble attempt at contacting the right sources to inform them of the problem and then, all of a sudden, claims that they are not responding to him and he feels he has to post all security postings public to save our lives (and he contacts CNet too to get the word out).
Oddly, I have yet to see one of his found exploits actually work. At most, I have seen them as annoyances that can possibly cause browsers to crash IF the end-user follows the exploit instructions to the letter using the exact same browser on Windows (Tom never appears to find anything on Linux or Mac but always claims that his exploits work on all platforms without actually testing them).
Hmmm. FEMA is currently spending 50 million dollars a day. How much do experienced web developers go for these days?
Yes, the post mentioned offshoring. So did your post. Oh well.
Taking a quick look at your blog I can see the problem: your a complainer. Go outside and live a little. And try smiling. The weight of the world is not on your shoulders to worry over....
I find it sad at the sheer volume of apparent offshoring techies responding to this article with the intent to dismiss it.
Give it a break. I don't want your FUD.
The article was intended to be light humor in the fact that Microsoft had a virus of the non-computer type. It had nothing to do with offshoring. Its too bad too many of you can't see past your own problems to see the post for what it is.
When someone's life may depend on a call going through (911) I would say anything below 99.99 (repeating) is unacceptable.
Thats interesting. Most VOIP operations are using the same 911 services used by most cell phone providers. You advocating everyone returning cell phones too?
There is another problem with using VOIP. When the internet goes down your VOIP phone may go with it.
Lets see: I've been using the internet over a decade. I must admit that I haven't seen a hacker take down the internet yet. Maybe I just was not on during when that occured and they corrected the problem before I noticed. Have to go to bed some time!
We use VOIP phones at work and I recall a situation last year where a hacker brought our internet connection to its knees (hence no VOIP phones) and everyone was running around like a chicken with their head cut off trying to figure out how to make calls.
Wow. My last employer had the complete opposite problem. But the nemesis wasn't hackers, it was thunderstorms. Every year we could count on a storm knocking out the phone service. Storms seem a more common threat to communication technology as compared to hackers taking down the internet.
And if your using DSL to connect for VOIP, and your phone line goes down, aren't you SOL anyways?