Oh, such a poor attempt at trolling. How would being a.net developer from beta to version 1.0 make me an expert in their platform's security? I have no idea what's going in the last few years with.net. And for what short time I did use it I didn't care much about security because it was only for intranet use.
You know, if you can think of a hole in 5 minutes, the.net team might just have covered in in the last 5 or so years.
Well, that's certainly not true of some of Microsoft's other offerings, so why would I automatically expect that from the.net team? For example, remember the hole in Passport that only required a simple URL to obtain any password? Microsoft has set people's security expectations extremely low.
When I have to deal with third party apps that aren't built to integrate well with web standards we set up some form of data communication between servers. The web interface remains standard while the backend communicates in any way necessary, from SOAP to raw data feeds, with other systems.
That's never been my experience. 99% of the time I can get things to look just about the same (or close enough) in every browser. For example, if the floating divs are acting different in each browser, use a table. There's nothing that's ever been requested of my company that requires ActiveX. Worst case we use Flash for a few things, and that works consistently for almost every visitor. Unless you're developing for an intranet there's no reason to use ActiveX or IE specific code.
I've written a fair amount of.net code to run within a private corporate network. I've never written anything to be run through the browser or "from the internet". But I was calling COM objects with no security limits. Does.net "off the internet" prevent COM or Win32 calls? Because if not a few lines of code can control the entire windowing system, and probably worse.
In my experience.net is just a poor copy of java. This discussion is like the mid-1990's all over again. Virtual machines, sandboxes... it wasn't popular last time. Why should this time be any different?
undermining their credibility and political support from their citizens and the community of nations
But why? To bring about change. In the end terrorists don't care if the citizens of the US lose support in their government. They want the support lost so the government changes its involvement in their territory. They want us to stop controlling their economy, altering their culture, and undermining their governments.
The intent of terrorists is to incite terror in order to bring about change. Terror can be spread without any actual attack. Just the fact that the government and companies are responding to a threat, plus the spread of this information through media, increases fear. Since we are listening the terrorists are successful to some extent, even without actually committing the cyber-attack.
The largest banks, plus the stock exchange, still use a wide array of platforms. The stock exchange web site, for example, is not directly hitting the actual stock exchange servers. Most of your bank transactions still go through mainframes. A typical setup is for central transaction servers to push data files to data warehouse servers for reporting purposes. Most systems then run off of these reporting servers.
Between the variety of systems and the layers of security between each it's very unlikely that a virus could bring down the stock exchanges. Or your bank. It's far more likely that their web sites and corporate desktops would go down. The "money" in the wires is far safer.
And on top of that we have political parties that try to bypass the inefficiencies to meet their own agendas. Imagine if every representative was independant of any organization. There would be real individual debates and discussion. Even if just the President was not affiliated with any party controlling Congress we'd be better off.
The only way Bill Gates would be highly efficient is if his party controlled both houses of Congress. And look at how well things went the last time that happened. No one person should have enough power to bypass the divided responsibilities of our parts of government.
The problem isn't your questions. It's your tone. You can politely ask, "What contract did you have? I'm curious because your story sounds very odd to me." But you chose to be a jackass. Hence your negative moderation.
I'm not hiding behind anything. I wasn't the DBA. Frankly I don't care if you believe my story. I'm sharing it and it's your choice to believe it. If you'd like more details I'd be happy to share what I remember. But since your attitude is so bluntly negative and accusatorial I won't bother.
You may also want to consider the fact that any one person's experiences may not be typical. That means my story may not be a lie and your positive experience may not be the same as anyone else's.
Because corporate-sponsored studies aren't editable by the public. People do raise an eyebrow with regards to Wikipedia, but any person with true knowledge can have a say in the content of an article. Plus there is clear public debate. No one can publicly debate or dispute a corporate study before it's published. Anyone can criticize it afterwards, but those disagreements never become an addendum to the study.
I realize you're trolling, but I'll respond anyway. At both companies the finance and legal departments managed the contracts, with the DBAs kept in the loop, so I don't know the details. I was told we had the highest level contract outside of government agencies.
I have personally stumbled across at least a dozen undocumented bugs in MS SQL Server and VB. Most of the VB ones (which I didn't report) turned up in the "Knowledge Base" eventually. Every initial call to Microsoft support required the submission of a credit card number along with a contract number. The credit card was always charged and no reimbursements were ever made, even after confirmation of bug discovery.
I'm reporting personal experience. By definition it's not FUD. And msversus.org is my own site. It's not FUD either, because it's documentation of my own experiences and analysis.
I worked extensively with Oracle and SQL Server for 10 years at 2 companies. I ran into bugs with both systems. There was a vast difference between how each company responded to our bug reports.
We never contacted Microsoft with anything but the most severe bugs, and only those not documented on their web site. Even having the highest contract possible with Microsoft, they charged us for each phone call. Never once did the first 3 people we talked to have a clue. After going through 3 or 4 people we got to speak to a developer. For every bug except one, we were told to wait for the next official patch or Service Pack to fix our issue. One time we were fortunate enough to have a DLL updated by a developer and sent to us directly. Response by developers was very quick, but the other staff responded slow.
At the same time, Oracle was paying out $10,000 for each bug found. I thought I found the golden ticket. Turns out someone else had reported this extremely obscure bug I found earlier, but it wasn't yet published online anywhere. Every time we contacted Oracle we got to speak to a developer very quickly. On at least one occassion they sent a developer to our office to help investigate a bug. Every bug we reported got a patch very quickly.
The support from Oracle was far far superior to Microsoft. The bugs I ran into with Oracle were also far more obscure than those I found in Microsoft's SQL Server. I couldn't believe some of the things Microsoft left broken for months. Even if Oracle has a larger number of reported bugs I'd pick them over Microsoft any day.
Blogs, really, are nothing more than personal accounts.
More than personal accounts, many blogs are deeper analysis than mainstream media provides. Look at what Groklaw has done to educate the masses on some legal topics. Plus today some mainstream media supplement their news with blog posts from editors and reporters. That has the opportunity to offer more insight than just an news article.
And even if blogs are nothing more than personal accounts, who to better tell a story than a person who was there? I'd rather read blog posts from debating House Representatives than a news article that merely summarizes it. I sometimes read the blog of a former pharmaceutical CEO because his analysis of that industry and its political influence is far more informative than any news reporter.
"We will never make a 32-bit operating system, but I'll always love IBM."
"There are no significant bugs in our released software that any significant number of users want fixed."
"There are people who don't like capitalism, and people who don't like PCs. But there's no one who likes the PC who doesn't like Microsoft."
"We've done some good work, but all of these products become obsolete so fast....It will be some finite number of years, and I don't know the number -- before our doom comes."
While your facts might be right, it doesn't matter. What matters to companies is customer perception. If Microsoft becomes part of the Linux market (presumably by selling commercial software on top of it) they will automatically become the dominant force in the eyes of customers. Many businesses will look to them first for solutions, rather than going the FOSS route. And even if they held no patents to anything in Linux, many customers would still be scared and want indemnification.
It doesn't matter if Microsoft can't technically stifle openness and freedom. What matters if if companies think Microsoft is in control of the platform. That's what'll keep the money flowing to Microsoft.
You get a "special" lower price if you don't sell any competing products.
That's no longer the case with Microsoft. The reason computer sellers still put Windows on every computer is to keep their bulk OEM license price down. If they lower the number of Windows licenses they purchase the price goes up. That would then raise the price of their computers.
One of the few positive things to come out of the anti-trust case was the Microsoft "penalty" for selling competing produts.
OEM contract agreements clearly state that they must sell computers with Microsoft Windows installed. To get away with selling systems with Linux installed you pay what is commonly known as the "Microsoft Tax". In other words you are paying for Windows even though you're not really getting it. This "tax" is a reality. Microsoft has been at this for a long time.
That's not true at all any more. One outcome of the antitrust case was to block Microsoft from doing this. What does happen now, however, is that if a vendor purchases less Windows OEM licenses they're charged a higher price. So to keep computer prices low it's in their best interest to sell all of their computers with Windows.
Slashdot Mirror
Oh, such a poor attempt at trolling. How would being a .net developer from beta to version 1.0 make me an expert in their platform's security? I have no idea what's going in the last few years with .net. And for what short time I did use it I didn't care much about security because it was only for intranet use.
You know, if you can think of a hole in 5 minutes, the .net team might just have covered in in the last 5 or so years.
.net team? For example, remember the hole in Passport that only required a simple URL to obtain any password? Microsoft has set people's security expectations extremely low.
Well, that's certainly not true of some of Microsoft's other offerings, so why would I automatically expect that from the
When I have to deal with third party apps that aren't built to integrate well with web standards we set up some form of data communication between servers. The web interface remains standard while the backend communicates in any way necessary, from SOAP to raw data feeds, with other systems.
Microsoft did start adhering to the standards. They just stopped long before they were done.
That's never been my experience. 99% of the time I can get things to look just about the same (or close enough) in every browser. For example, if the floating divs are acting different in each browser, use a table. There's nothing that's ever been requested of my company that requires ActiveX. Worst case we use Flash for a few things, and that works consistently for almost every visitor. Unless you're developing for an intranet there's no reason to use ActiveX or IE specific code.
I've written a fair amount of .net code to run within a private corporate network. I've never written anything to be run through the browser or "from the internet". But I was calling COM objects with no security limits. Does .net "off the internet" prevent COM or Win32 calls? Because if not a few lines of code can control the entire windowing system, and probably worse.
.net is just a poor copy of java. This discussion is like the mid-1990's all over again. Virtual machines, sandboxes... it wasn't popular last time. Why should this time be any different?
In my experience
undermining their credibility and political support from their citizens and the community of nations
But why? To bring about change. In the end terrorists don't care if the citizens of the US lose support in their government. They want the support lost so the government changes its involvement in their territory. They want us to stop controlling their economy, altering their culture, and undermining their governments.
The intent of terrorists is to incite terror in order to bring about change. Terror can be spread without any actual attack. Just the fact that the government and companies are responding to a threat, plus the spread of this information through media, increases fear. Since we are listening the terrorists are successful to some extent, even without actually committing the cyber-attack.
The largest banks, plus the stock exchange, still use a wide array of platforms. The stock exchange web site, for example, is not directly hitting the actual stock exchange servers. Most of your bank transactions still go through mainframes. A typical setup is for central transaction servers to push data files to data warehouse servers for reporting purposes. Most systems then run off of these reporting servers.
Between the variety of systems and the layers of security between each it's very unlikely that a virus could bring down the stock exchanges. Or your bank. It's far more likely that their web sites and corporate desktops would go down. The "money" in the wires is far safer.
And on top of that we have political parties that try to bypass the inefficiencies to meet their own agendas. Imagine if every representative was independant of any organization. There would be real individual debates and discussion. Even if just the President was not affiliated with any party controlling Congress we'd be better off.
The only way Bill Gates would be highly efficient is if his party controlled both houses of Congress. And look at how well things went the last time that happened. No one person should have enough power to bypass the divided responsibilities of our parts of government.
I am all for government inefficiency.
I think Bolonium is a much more appropriate holiday gift. After all, its atomic weight is deliciously snacktacular.
The problem isn't your questions. It's your tone. You can politely ask, "What contract did you have? I'm curious because your story sounds very odd to me." But you chose to be a jackass. Hence your negative moderation.
I'm not hiding behind anything. I wasn't the DBA. Frankly I don't care if you believe my story. I'm sharing it and it's your choice to believe it. If you'd like more details I'd be happy to share what I remember. But since your attitude is so bluntly negative and accusatorial I won't bother.
You may also want to consider the fact that any one person's experiences may not be typical. That means my story may not be a lie and your positive experience may not be the same as anyone else's.
Because corporate-sponsored studies aren't editable by the public. People do raise an eyebrow with regards to Wikipedia, but any person with true knowledge can have a say in the content of an article. Plus there is clear public debate. No one can publicly debate or dispute a corporate study before it's published. Anyone can criticize it afterwards, but those disagreements never become an addendum to the study.
I realize you're trolling, but I'll respond anyway. At both companies the finance and legal departments managed the contracts, with the DBAs kept in the loop, so I don't know the details. I was told we had the highest level contract outside of government agencies.
I have personally stumbled across at least a dozen undocumented bugs in MS SQL Server and VB. Most of the VB ones (which I didn't report) turned up in the "Knowledge Base" eventually. Every initial call to Microsoft support required the submission of a credit card number along with a contract number. The credit card was always charged and no reimbursements were ever made, even after confirmation of bug discovery.
I'm reporting personal experience. By definition it's not FUD. And msversus.org is my own site. It's not FUD either, because it's documentation of my own experiences and analysis.
I worked extensively with Oracle and SQL Server for 10 years at 2 companies. I ran into bugs with both systems. There was a vast difference between how each company responded to our bug reports.
We never contacted Microsoft with anything but the most severe bugs, and only those not documented on their web site. Even having the highest contract possible with Microsoft, they charged us for each phone call. Never once did the first 3 people we talked to have a clue. After going through 3 or 4 people we got to speak to a developer. For every bug except one, we were told to wait for the next official patch or Service Pack to fix our issue. One time we were fortunate enough to have a DLL updated by a developer and sent to us directly. Response by developers was very quick, but the other staff responded slow.
At the same time, Oracle was paying out $10,000 for each bug found. I thought I found the golden ticket. Turns out someone else had reported this extremely obscure bug I found earlier, but it wasn't yet published online anywhere. Every time we contacted Oracle we got to speak to a developer very quickly. On at least one occassion they sent a developer to our office to help investigate a bug. Every bug we reported got a patch very quickly.
The support from Oracle was far far superior to Microsoft. The bugs I ran into with Oracle were also far more obscure than those I found in Microsoft's SQL Server. I couldn't believe some of the things Microsoft left broken for months. Even if Oracle has a larger number of reported bugs I'd pick them over Microsoft any day.
Which is scarier? The need for P2P privacy or this being posted by Bill Gates In A Bikini?
As a Ruby fan (and someone intensely hating the Python indentation stuff)...
If you don't indent your code (whatever the language), I hope it never makes it onto one of these laptops. Or any of my computers, for that matter.
A 2-minute-long, 125-GB movie... that must have been one super-high resolution chicken.
My mistake, he was a VP. But I just noticed he hasn't posted in months: http://www.huffingtonpost.com/dr-peter-rost/
Blogs, really, are nothing more than personal accounts.
More than personal accounts, many blogs are deeper analysis than mainstream media provides. Look at what Groklaw has done to educate the masses on some legal topics. Plus today some mainstream media supplement their news with blog posts from editors and reporters. That has the opportunity to offer more insight than just an news article.
And even if blogs are nothing more than personal accounts, who to better tell a story than a person who was there? I'd rather read blog posts from debating House Representatives than a news article that merely summarizes it. I sometimes read the blog of a former pharmaceutical CEO because his analysis of that industry and its political influence is far more informative than any news reporter.
"There's nobody getting rich (by) writing software"
"We will never make a 32-bit operating system, but I'll always love IBM."
"There are no significant bugs in our released software that any significant number of users want fixed."
"There are people who don't like capitalism, and people who don't like PCs. But there's no one who likes the PC who doesn't like Microsoft."
"We've done some good work, but all of these products become obsolete so fast....It will be some finite number of years, and I don't know the number -- before our doom comes."
While your facts might be right, it doesn't matter. What matters to companies is customer perception. If Microsoft becomes part of the Linux market (presumably by selling commercial software on top of it) they will automatically become the dominant force in the eyes of customers. Many businesses will look to them first for solutions, rather than going the FOSS route. And even if they held no patents to anything in Linux, many customers would still be scared and want indemnification.
It doesn't matter if Microsoft can't technically stifle openness and freedom. What matters if if companies think Microsoft is in control of the platform. That's what'll keep the money flowing to Microsoft.
Yeah, and how did he get those billions? He's not Robin Hood.
You get a "special" lower price if you don't sell any competing products.
That's no longer the case with Microsoft. The reason computer sellers still put Windows on every computer is to keep their bulk OEM license price down. If they lower the number of Windows licenses they purchase the price goes up. That would then raise the price of their computers.
One of the few positive things to come out of the anti-trust case was the Microsoft "penalty" for selling competing produts.
That's not true at all any more. One outcome of the antitrust case was to block Microsoft from doing this. What does happen now, however, is that if a vendor purchases less Windows OEM licenses they're charged a higher price. So to keep computer prices low it's in their best interest to sell all of their computers with Windows.