There are ALWAYS options... Problem is that many times such options are too expensive. http://www.hughesnet.com/ Wi-Max doesn't work? Hmmm, you must live in a valley. To bad my friend.
Hey, I know what you are thinking, there isn't any other options.. But that may not be exactly true. Where I live, even if you remove the two wire based options for ISPs, there are multiple wireless ISP's which cover my area. Now I live just outside a top 10 city in the USA, but I can tell you that wireless options exist well out into areas that would take hours to commute from. The problem is exactly what Wheeler says, it's EXPENSIVE to get the equipment necessary to hook up to these services... ( Not that I think he has any good options to fix the problem. )
Of course, I haven't a clue if these options exist in the Pacific North West.
Just an election year ploy from a partisan appointee.
Put this Wheeler guy on ignore, unless you figure he's out slumming for more campaign cash and your are an ISP who hasn't ponied up yet for this round.
I work for an ISP. That's intentional. In fact, it's the only reason ISPs sitll offer email. It's a nightmare to maintain and has no other benefit to the ISP other than to make customers "sticky"
Got to admit that this has kept me with Verizon for years... Not that I have an issue, but my Wife would have one...
I don't run X on any "server" system I manage. Not for this reason, but for the general security concept that you don't run stuff you don't use. Good luck turning off the GUI on your windows box...
However, if you did have X running, it's only going to accept X client connections from the local machine (unless you've opened it up further). This means that any attack vector though X will have to be launched from the local box. Which means that the attacker will have to compromise the local box in some other way.
X should only be run by systems doing "desktop" duty, which if you are comparing apples to apples means you have to compare this to a Windows desktop OS. If you let somebody into your Windows desktop box, they can launch stuff that compromises your system too.
So, Nice try, not a problem that is unique to Unix/Linux when you look at similarly configured Windows systems.
Ok, I'll stop. Just one more question... Where do you think the designers of NT came up with that idea? Hmmmmm? Wouldn't have been Unix now would it?
DEC VAX?
The progression goes like this..
1. Unix was developed on the Digital Equipment Corp PDP-11 hardware in about 1970. Unix started as a multi-user system that supported memory segment protection between user processes and kernel space.
2. VMS followed on the next generation of DEC hardware the VAX-11780, which made it's appearance in the late 1970's. This system introduced Virtual Memory spaces for user processes. (Thus it's name Virtual Memory System) VMS was not first in being muti-user, commercially that was Unix.
3. Windows NT arrived in the late 80's, and not surprisingly ran on DEC VAX hardware as well as x86 based systems, as the chief engineer of NT came out of the VMS development team at DEC.
So NT got this idea from VMS which got it from Unix....
So NT came from VMS, no argument there, but where did VMS come from? Unix on the PDP-11.
Now this is before my time, but I seem to recall that Unix was developed for the PDP-11 as an effort to allow a common OS across multiple hardware platforms way back in 1969. Just so happens that Digital PDP-11 was the predecessor of the Digital VAX-11780 for which the initial VMS version was written for. VMS was initially released in 1977 (a full 7 years after Unix). Unix leads to VMS, which leads to NT.. So, when the primary developer of NT jumped ship at Digital and boarded the USS Microsoft he brought along his hate for all things VMS, but adopted many of the security concepts of VMS, which adopted them from Unix. Well Unix and the equivalent of the NSA's recommendations for things like ACL's and audit trails.
So, despite your scorn, I am right on the idea that multi-user came to Windows from Unix.
Windows NT can off the distribution media much less secure, not necessarily because the kernel was ill-conceived or implemented, but because it had to be "Windows" and had to work with existing network infrastructure which was already fielded. Infrastructure which was full of huge holes and required services that exposed the boxes to exploits we would consider atrocities today. But that's what Microsoft had to do to keep it's customer base buying their software. Once security became an issue they started to shore up things, but they've been hampered by the "it has to work with what's out there" requirement, so we where forced to live with the stupid security of Windows for decades.
Was NT as secure as Unix? Maybe the kernel was, but NT certainly was not more secure in the normally fielded form. We've come a long way since 1981, but because of it's legacy install base, Windows has lagged in being secure.
Look. I don't believe you. Nobody who works with Windows Server would say the OS is descended from Windows 3.1. It's not possible for that combination of expertise and ignorance to co-exist. You're lying to me about setting up a Windows Server. I'm not buying what you're selling, buddy.
So now we have "Windows" isn't "Windows" argument? Look, Microsoft has kept the basic features of "windows" including how the user interface operates all the way though from 3.1.1. They have brought along a lot of baggage in the process. People, users, administrators expect that the next version will work much like the current one. I remember the jump to NT, what a mess. But Microsoft had no choice but to break a lot of expected behavior though the years, many times for security reasons, but they bring a lot of the baggage along and are forced into compromises in security in the effort to keep their user base. They couldn't just make the changes they needed to, or a lot of folks would have bailed to Linux, which had the security, and wasn't in need of change.
What we really have is a disagreement on the security posture of Windows vrs Linux. My opinion is that Windows is not as secure "All things being equal" and I point to it's past history. You want to say it is the same level of security... I personally don't see how that's possible. The minimum install set of CentOS literally does NOTHING, has only one user and has nearly zero risk because there is nothing it can do until you load software on it. Windows comes with multiple users created and a whole raft of services loaded and ready to start that is risky (even if it is not running by default). Seems that a default windows install is more risky to me on it's face.
But I forget... I don't know anything about windows in your world because I don't agree with you... So we are down to comparing our credentials and seeing who has the right to win the argument on experience. Such debates are as useful as arguments about the size on one's manhood being bigger than the next guy.... No, I'm not sticking around while you pull your pants down... 8|=
Please stop repeating that, it stopped being true as of 10 years ago since Windows ME was the last OS based on DOS/Win 3.1.1 code.
XP, Vista, 7 and 8 are all based on the Windows NT family which was developed with security in mind and separate user accounts etc.
Ok, I'll stop. Just one more question... Where do you think the designers of NT came up with that idea? Hmmmmm? Wouldn't have been Unix now would it?
OK, OK, I'll stop rubbing it in that Microsoft has spent the last decade working on their security... Just stop debating at my assertion that Windows starts less secure and needs to have stuff added to it for security reasons....
I have decades experience with both windows and Linux and just happened to finish up an Windows Server 2008 R2 install for a customer delivery yesterday. No, I've not had the opportunity to play with Windows Server 2012 yet, but it's likely in my future.
Of course, all this "My Experience is better than yours" bluster amounts to nothing more than arguments about who has the biggest...... If you don't like what my 20+ years of experience says, feel free to ignore me. When you get into trouble, let me know, I'll help you when you are willing to listen. So get of my lawn, until you can talk nice to the old guy...;)
I just finished loading a Windows 2008 server running IIS yesterday, but I guess that means I don't have any experience with Windows... Hate to bust your assumptions here.
If I had to rate my Windows vrs Linux experience, I am much more comfortable with Unix variants than Windows, but I have decades of install, configuration and management experience on both. I may not be a Linux Guru but I can manage Linux systems on par with most. I am not as comfortable with Windows but I've literally installed and configured hundreds of machines starting with Windows 3.1.1 all the way though the current offerings in very strict and secure environments. I still find Linux easier to keep secure and much easier to understand than all the hokey GUI interfaces that so abound in Windows and only really prevent you from seeing what's really going on.
Now on one point, you are correct. I've not had any time with Windows server 2012, which is likely to disqualify me in your eyes I guess. But I'm making more of an historical argument, more of a a how it's designed argument. Windows developers have been struggling for years to sore up security in their products, security that existed from day one in Linux. You cannot change history. Which is the argument I'm making.
1. You keep talking about history. Nobody gives a shit which OS was more secure in 1986, we care which is more secure now. The question is, if I were standing up a server today, which OS would be the best choice?
Best choice or most secure choice? I cannot answer the first question for you because there are reasons to use Windows and reasons to use Linux which have noting to do with security. Most secure choice? That too depends, but if you are talking about a situation where "all other things are equal" then a properly configured Linux box seems like a better choice to me. Of course, if you cannot manage a Linux box properly, then go with what you know that you can manage, but in that case we are not "all things being equal" anymore.
2. You're redefining "Linux" to mean whatever happens to make it best in any given situation. Saying OpenSSL isn't part of "Linux" is both technically correct, and extremely intellectually dishonest.
To be perfectly frank: the grandparent has an extremely good point that you're completely ignoring. In recent years, Linux server security has been measurably worse than Windows server security.
I think you are wrong on that. There has been an explosion of Linux based servers on the Web in the last decade. Many of these are not appropriately managed and suffer as a result, plus you also see a lot LESS Windows/IIS installs out there for a number of reasons (mostly due to cost and the past issues with IIS exploits) so the attack surface is much larger. Given the number of these servers which are not appropriately managed, there are a lot more systems compromised. If you don't keep your system up to date and watch the security posture of your system, it's going to eventually get hacked, I don't care what OS you run.
You see, I'm not claiming Linux is perfect, obviously it has had issues. I'm claiming that Windows has been playing catch up on security issues. Obviously they have made great strides. You want to claim windows is better... Ok, if that's what you can manage correctly, it's better for you. IMHO Linux is better, both historically (which even you cannot argue with apparently) and currently remains better. Your mileage may vary, past performance is no guarantee of future performance, and all such fine print you are accustom to reading..
So when Linux gets infected, it's the users fault but when Windows gets infected, it's Microsoft's fault?
Personally, I haven't said that here..
Microsoft chooses to install and activate a lot of risky stuff that most Linux distributions don't, but having a box compromised is not the vendor's fault. I'd never put a Windows freshly installed box on the network without first applying all service packs and locking the system down. However, a Linux box is not a risk (at least not the distributions I run) after a clean install so I don't have an issue drooping them on the net to pull patches and configure the software.
In both cases, if you mismanage their security, you get a bad result. It's just harder, in general, to get a secured Windows box, because you have to actively do something to secure things before it is safe, while a minimal Linux box starts out fairly safe and goes down hill from there. One comes off the install media in an unsafe configuration, the other is usually locked down.
So who's fault is it? Yours, if you put an unpatched unconfigured Windows box directly on the net right after you install it. It's also yours if you open up the holes in your Linux install.
You cannot seriously believe that windows started out better than Linux security wise?
Do you remember DOS? Windows 3.1.1? Security was woefully lacking, it wasn't even a concern. At the same time, Linux was being developed, with the security model it has today, mostly unchanged. Windows has gong though many revisions and changes in the security design from ZERO security and no such thing as having separate user accounts to where we are now. Linux started out, very similar to what it is now.
There are exploits on both Windows and Linux platforms, I'm not saying Linux is 100% secure, it's not. But, it starts from a better place than Windows does. If you refuse to actually manage, patch, and monitor systems you are not managing the risk, it doesn't matter what OS you use.
(and we do not even mention the OpenSSL fiasco)
So where are the widespread Windows Server compromises?
Seriously? OpenSSL was not a LINUX issue persay, it was a library that was used on multiple OS's INCLUDING Windows.
So you are claiming there where no widespread Windows Server compromises? I can see you are new here, never ran NT and IIS then? Shesh... Newbies..
There is a lot of room for improvement on both sides of this argument. I would support a "trusted" executable and shared library loader as being a vast improvement in Linux security, but the fact remains... Windows/Microsoft has been playing catch-up in security where Linux has been leading over the last decade. Microsoft has been gaining ground, but they are still running in second place in security (well, maybe third if you include Apple, Fourth if you include SCO Unix and fifth if we include Solaris).
What century do you live in? Since Windows Server 2008 (!) only the minimal set of services are turned on, and *no* network facing services until you configure them.
Let me see, last time I loaded Windows 8 pro, there was a raft of services turned on for me by default. Windows "Server" variants may be a bit more locked down, but they too come with open security holes I'm sure.
Linux on the other hand, has nothing by default. Yes the distribution may turn on some services, but most come pretty much bare bones, and have for decades. Linux distributions targeted at "servers" generally come w/o any services even installed by default. If you go to "desktop" installs, where Windows 8 Pro lives, Linux comes out of the normal distribution much more locked down and secure. I still cannot believe that the DEFAULT behavior of a Windows box is to have the main user be an Administrator. Linux is not like this, and most desktop distributions today don't allow you to login as root.
Neither OS is secure unless it's behind a firewall.
Unless you (or the distribution you use) configures it, Linux is 100% secure from network attacks when installed. Why? Because the network card driver won't be loaded and the network adapter will be unconfigured and ZERO services will be running. All three will need to be true, or nobody is getting into your system from the net.
So.. Unless you intend to protect your server from physical fires, you don't need a firewall on a bare Linux system...
However, both Windows and Linux have fine network firewall's these days. You might want to tweak them to your needs, but they exist. Where I would recommend not putting anything directly on the internet if you can avoid it, most firewall's are pretty useless unless you actually think about what you let in and out and configure the thing properly. In any case, I'd not be totally opposed to putting a Linux box on the Internet if necessary, but I'd never do that with a windows box. Just my opinion though.
Linux and Windows approach security in totally different ways. When you load a Linux kernel, it's secure, it starts that way. When you load windows, it's NOT secure, you have to load other stuff to make it secure.
So, if you have a Linux box that get's hacked, the admin really is a lot more responsible for this. He/she left the hole open for the attacker to get in. Sure, there are times when we don't know the hole exists, but the admin loaded the software.
Windows boxes? They come out of the install process wide open with a whole raft of dangerous services turned on. Not to mention they are starting from the security posture of Windows 3.1 and have been trying to put up defenses since. They have made a lot of progress, but it's still harder to shore up a bad design then it is to loosen up a secure design.
Well if they just had installed Linux.... Oh, damn.
Perhaps they should apply security patches too or perhaps actually TRY to configure their servers in a secure way? No, no other OS's have issues with this.
The people that have their servers compromised in this way are amateurs and shouldn't have put their servers on the web, EVER. This is roughly equivalent to fielding IIS from 2001 on windows XP and not keeping your patch set up to date. You are going to be hacked.
Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.
So this isn't a really fair comparison you are making. Linux is BY DEFAULT more secure than Windows, mainly by design. Microsoft has made great strides of late, but fundamentally they are starting from a weak position (remember Windows 3.1?) and you have to install components to make it more secure, where Linux starts secure and gets security downgrades when you install and configure stuff. Either way, if you don't manage your server, you will have problems.
I believe that the idea is to provide the different sizes on the server side, but that the browser (and user preferences) determines which version to download.
I get that but it means the server now has multiple URL's to get the picture and these URL's are defined by how the client will format the GET. I'm just pushing the whole page formatting issue to the server so you pull one URL and the server decides which image to give you. Then the server side is free to have the pictures already processed on disk or process them on the fly and is in total control of the formatting on the page. It also frees up network bandwidth and processing and memory requirements for less powerful platforms.
You either need a client side (the browser decides what image to fetch and how to display it) or a server side (the server decides what image to send) solution here. I suppose you could do a combination of both, but the problem here is who's going to get the resizing work?
Personally, I think this would be better done on the server side for the most part. That implies that the GET would somehow define for the server enough information about the display available. You are going to need colors supported, user pointer integration (type, minimum size), screen resolution of the user's view both in pixels and actual size. Then the server can decide what page format and image would best fit. All this has to be *independent* of the browser vendor or host platform.
But hey, good luck getting everybody to sign on to a working interface for this... We cannot get a consistent interface between browser vendors now...
There are ALWAYS options... Problem is that many times such options are too expensive. http://www.hughesnet.com/ Wi-Max doesn't work? Hmmm, you must live in a valley. To bad my friend.
And here I thought Metro was the BSOD... Silly me..
Hey, I know what you are thinking, there isn't any other options.. But that may not be exactly true. Where I live, even if you remove the two wire based options for ISPs, there are multiple wireless ISP's which cover my area. Now I live just outside a top 10 city in the USA, but I can tell you that wireless options exist well out into areas that would take hours to commute from. The problem is exactly what Wheeler says, it's EXPENSIVE to get the equipment necessary to hook up to these services... ( Not that I think he has any good options to fix the problem. )
Of course, I haven't a clue if these options exist in the Pacific North West.
Just an election year ploy from a partisan appointee.
Put this Wheeler guy on ignore, unless you figure he's out slumming for more campaign cash and your are an ISP who hasn't ponied up yet for this round.
I work for an ISP. That's intentional. In fact, it's the only reason ISPs sitll offer email. It's a nightmare to maintain and has no other benefit to the ISP other than to make customers "sticky"
Got to admit that this has kept me with Verizon for years... Not that I have an issue, but my Wife would have one...
I don't run X on any "server" system I manage. Not for this reason, but for the general security concept that you don't run stuff you don't use. Good luck turning off the GUI on your windows box...
However, if you did have X running, it's only going to accept X client connections from the local machine (unless you've opened it up further). This means that any attack vector though X will have to be launched from the local box. Which means that the attacker will have to compromise the local box in some other way.
X should only be run by systems doing "desktop" duty, which if you are comparing apples to apples means you have to compare this to a Windows desktop OS. If you let somebody into your Windows desktop box, they can launch stuff that compromises your system too.
So, Nice try, not a problem that is unique to Unix/Linux when you look at similarly configured Windows systems.
Ok, I'll stop. Just one more question... Where do you think the designers of NT came up with that idea? Hmmmmm? Wouldn't have been Unix now would it? DEC VAX?
The progression goes like this..
1. Unix was developed on the Digital Equipment Corp PDP-11 hardware in about 1970. Unix started as a multi-user system that supported memory segment protection between user processes and kernel space.
2. VMS followed on the next generation of DEC hardware the VAX-11780, which made it's appearance in the late 1970's. This system introduced Virtual Memory spaces for user processes. (Thus it's name Virtual Memory System) VMS was not first in being muti-user, commercially that was Unix.
3. Windows NT arrived in the late 80's, and not surprisingly ran on DEC VAX hardware as well as x86 based systems, as the chief engineer of NT came out of the VMS development team at DEC.
So NT got this idea from VMS which got it from Unix....
So NT came from VMS, no argument there, but where did VMS come from? Unix on the PDP-11.
Now this is before my time, but I seem to recall that Unix was developed for the PDP-11 as an effort to allow a common OS across multiple hardware platforms way back in 1969. Just so happens that Digital PDP-11 was the predecessor of the Digital VAX-11780 for which the initial VMS version was written for. VMS was initially released in 1977 (a full 7 years after Unix). Unix leads to VMS, which leads to NT.. So, when the primary developer of NT jumped ship at Digital and boarded the USS Microsoft he brought along his hate for all things VMS, but adopted many of the security concepts of VMS, which adopted them from Unix. Well Unix and the equivalent of the NSA's recommendations for things like ACL's and audit trails.
So, despite your scorn, I am right on the idea that multi-user came to Windows from Unix.
Windows NT can off the distribution media much less secure, not necessarily because the kernel was ill-conceived or implemented, but because it had to be "Windows" and had to work with existing network infrastructure which was already fielded. Infrastructure which was full of huge holes and required services that exposed the boxes to exploits we would consider atrocities today. But that's what Microsoft had to do to keep it's customer base buying their software. Once security became an issue they started to shore up things, but they've been hampered by the "it has to work with what's out there" requirement, so we where forced to live with the stupid security of Windows for decades.
Was NT as secure as Unix? Maybe the kernel was, but NT certainly was not more secure in the normally fielded form. We've come a long way since 1981, but because of it's legacy install base, Windows has lagged in being secure.
Look. I don't believe you. Nobody who works with Windows Server would say the OS is descended from Windows 3.1. It's not possible for that combination of expertise and ignorance to co-exist. You're lying to me about setting up a Windows Server. I'm not buying what you're selling, buddy.
So now we have "Windows" isn't "Windows" argument? Look, Microsoft has kept the basic features of "windows" including how the user interface operates all the way though from 3.1.1. They have brought along a lot of baggage in the process. People, users, administrators expect that the next version will work much like the current one. I remember the jump to NT, what a mess. But Microsoft had no choice but to break a lot of expected behavior though the years, many times for security reasons, but they bring a lot of the baggage along and are forced into compromises in security in the effort to keep their user base. They couldn't just make the changes they needed to, or a lot of folks would have bailed to Linux, which had the security, and wasn't in need of change.
What we really have is a disagreement on the security posture of Windows vrs Linux. My opinion is that Windows is not as secure "All things being equal" and I point to it's past history. You want to say it is the same level of security... I personally don't see how that's possible. The minimum install set of CentOS literally does NOTHING, has only one user and has nearly zero risk because there is nothing it can do until you load software on it. Windows comes with multiple users created and a whole raft of services loaded and ready to start that is risky (even if it is not running by default). Seems that a default windows install is more risky to me on it's face.
But I forget... I don't know anything about windows in your world because I don't agree with you... So we are down to comparing our credentials and seeing who has the right to win the argument on experience. Such debates are as useful as arguments about the size on one's manhood being bigger than the next guy.... No, I'm not sticking around while you pull your pants down... 8|=
Please stop repeating that, it stopped being true as of 10 years ago since Windows ME was the last OS based on DOS/Win 3.1.1 code.
XP, Vista, 7 and 8 are all based on the Windows NT family which was developed with security in mind and separate user accounts etc.
Ok, I'll stop. Just one more question... Where do you think the designers of NT came up with that idea? Hmmmmm? Wouldn't have been Unix now would it?
OK, OK, I'll stop rubbing it in that Microsoft has spent the last decade working on their security... Just stop debating at my assertion that Windows starts less secure and needs to have stuff added to it for security reasons....
I think you are trollin now..
I have decades experience with both windows and Linux and just happened to finish up an Windows Server 2008 R2 install for a customer delivery yesterday. No, I've not had the opportunity to play with Windows Server 2012 yet, but it's likely in my future.
Of course, all this "My Experience is better than yours" bluster amounts to nothing more than arguments about who has the biggest...... If you don't like what my 20+ years of experience says, feel free to ignore me. When you get into trouble, let me know, I'll help you when you are willing to listen. So get of my lawn, until you can talk nice to the old guy... ;)
I just finished loading a Windows 2008 server running IIS yesterday, but I guess that means I don't have any experience with Windows... Hate to bust your assumptions here.
If I had to rate my Windows vrs Linux experience, I am much more comfortable with Unix variants than Windows, but I have decades of install, configuration and management experience on both. I may not be a Linux Guru but I can manage Linux systems on par with most. I am not as comfortable with Windows but I've literally installed and configured hundreds of machines starting with Windows 3.1.1 all the way though the current offerings in very strict and secure environments. I still find Linux easier to keep secure and much easier to understand than all the hokey GUI interfaces that so abound in Windows and only really prevent you from seeing what's really going on.
Now on one point, you are correct. I've not had any time with Windows server 2012, which is likely to disqualify me in your eyes I guess. But I'm making more of an historical argument, more of a a how it's designed argument. Windows developers have been struggling for years to sore up security in their products, security that existed from day one in Linux. You cannot change history. Which is the argument I'm making.
Ok your brain is broken in two ways here:
1. You keep talking about history. Nobody gives a shit which OS was more secure in 1986, we care which is more secure now. The question is, if I were standing up a server today, which OS would be the best choice?
Best choice or most secure choice? I cannot answer the first question for you because there are reasons to use Windows and reasons to use Linux which have noting to do with security. Most secure choice? That too depends, but if you are talking about a situation where "all other things are equal" then a properly configured Linux box seems like a better choice to me. Of course, if you cannot manage a Linux box properly, then go with what you know that you can manage, but in that case we are not "all things being equal" anymore.
2. You're redefining "Linux" to mean whatever happens to make it best in any given situation. Saying OpenSSL isn't part of "Linux" is both technically correct, and extremely intellectually dishonest.
To be perfectly frank: the grandparent has an extremely good point that you're completely ignoring. In recent years, Linux server security has been measurably worse than Windows server security.
I think you are wrong on that. There has been an explosion of Linux based servers on the Web in the last decade. Many of these are not appropriately managed and suffer as a result, plus you also see a lot LESS Windows/IIS installs out there for a number of reasons (mostly due to cost and the past issues with IIS exploits) so the attack surface is much larger. Given the number of these servers which are not appropriately managed, there are a lot more systems compromised. If you don't keep your system up to date and watch the security posture of your system, it's going to eventually get hacked, I don't care what OS you run.
You see, I'm not claiming Linux is perfect, obviously it has had issues. I'm claiming that Windows has been playing catch up on security issues. Obviously they have made great strides. You want to claim windows is better... Ok, if that's what you can manage correctly, it's better for you. IMHO Linux is better, both historically (which even you cannot argue with apparently) and currently remains better. Your mileage may vary, past performance is no guarantee of future performance, and all such fine print you are accustom to reading..
So when Linux gets infected, it's the users fault but when Windows gets infected, it's Microsoft's fault?
Personally, I haven't said that here..
Microsoft chooses to install and activate a lot of risky stuff that most Linux distributions don't, but having a box compromised is not the vendor's fault. I'd never put a Windows freshly installed box on the network without first applying all service packs and locking the system down. However, a Linux box is not a risk (at least not the distributions I run) after a clean install so I don't have an issue drooping them on the net to pull patches and configure the software.
In both cases, if you mismanage their security, you get a bad result. It's just harder, in general, to get a secured Windows box, because you have to actively do something to secure things before it is safe, while a minimal Linux box starts out fairly safe and goes down hill from there. One comes off the install media in an unsafe configuration, the other is usually locked down.
So who's fault is it? Yours, if you put an unpatched unconfigured Windows box directly on the net right after you install it. It's also yours if you open up the holes in your Linux install.
You cannot seriously believe that windows started out better than Linux security wise?
Do you remember DOS? Windows 3.1.1? Security was woefully lacking, it wasn't even a concern. At the same time, Linux was being developed, with the security model it has today, mostly unchanged. Windows has gong though many revisions and changes in the security design from ZERO security and no such thing as having separate user accounts to where we are now. Linux started out, very similar to what it is now.
There are exploits on both Windows and Linux platforms, I'm not saying Linux is 100% secure, it's not. But, it starts from a better place than Windows does. If you refuse to actually manage, patch, and monitor systems you are not managing the risk, it doesn't matter what OS you use.
(and we do not even mention the OpenSSL fiasco)
So where are the widespread Windows Server compromises?
Seriously? OpenSSL was not a LINUX issue persay, it was a library that was used on multiple OS's INCLUDING Windows.
So you are claiming there where no widespread Windows Server compromises? I can see you are new here, never ran NT and IIS then? Shesh... Newbies..
GET OFF MY LAWN!
No, you don't yet but arguing with you doesn't pay the bills... Have a nice day..
There is a lot of room for improvement on both sides of this argument. I would support a "trusted" executable and shared library loader as being a vast improvement in Linux security, but the fact remains... Windows/Microsoft has been playing catch-up in security where Linux has been leading over the last decade. Microsoft has been gaining ground, but they are still running in second place in security (well, maybe third if you include Apple, Fourth if you include SCO Unix and fifth if we include Solaris).
What century do you live in? Since Windows Server 2008 (!) only the minimal set of services are turned on, and *no* network facing services until you configure them.
Let me see, last time I loaded Windows 8 pro, there was a raft of services turned on for me by default. Windows "Server" variants may be a bit more locked down, but they too come with open security holes I'm sure.
Linux on the other hand, has nothing by default. Yes the distribution may turn on some services, but most come pretty much bare bones, and have for decades. Linux distributions targeted at "servers" generally come w/o any services even installed by default. If you go to "desktop" installs, where Windows 8 Pro lives, Linux comes out of the normal distribution much more locked down and secure. I still cannot believe that the DEFAULT behavior of a Windows box is to have the main user be an Administrator. Linux is not like this, and most desktop distributions today don't allow you to login as root.
So do you get the difference yet?
Neither OS is secure unless it's behind a firewall.
Unless you (or the distribution you use) configures it, Linux is 100% secure from network attacks when installed. Why? Because the network card driver won't be loaded and the network adapter will be unconfigured and ZERO services will be running. All three will need to be true, or nobody is getting into your system from the net.
So.. Unless you intend to protect your server from physical fires, you don't need a firewall on a bare Linux system...
However, both Windows and Linux have fine network firewall's these days. You might want to tweak them to your needs, but they exist. Where I would recommend not putting anything directly on the internet if you can avoid it, most firewall's are pretty useless unless you actually think about what you let in and out and configure the thing properly. In any case, I'd not be totally opposed to putting a Linux box on the Internet if necessary, but I'd never do that with a windows box. Just my opinion though.
Yes, but there is a logical reason for this.
Linux and Windows approach security in totally different ways. When you load a Linux kernel, it's secure, it starts that way. When you load windows, it's NOT secure, you have to load other stuff to make it secure.
So, if you have a Linux box that get's hacked, the admin really is a lot more responsible for this. He/she left the hole open for the attacker to get in. Sure, there are times when we don't know the hole exists, but the admin loaded the software.
Windows boxes? They come out of the install process wide open with a whole raft of dangerous services turned on. Not to mention they are starting from the security posture of Windows 3.1 and have been trying to put up defenses since. They have made a lot of progress, but it's still harder to shore up a bad design then it is to loosen up a secure design.
Well if they just had installed Linux.... Oh, damn.
Perhaps they should apply security patches too or perhaps actually TRY to configure their servers in a secure way? No, no other OS's have issues with this.
The people that have their servers compromised in this way are amateurs and shouldn't have put their servers on the web, EVER. This is roughly equivalent to fielding IIS from 2001 on windows XP and not keeping your patch set up to date. You are going to be hacked.
Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.
So this isn't a really fair comparison you are making. Linux is BY DEFAULT more secure than Windows, mainly by design. Microsoft has made great strides of late, but fundamentally they are starting from a weak position (remember Windows 3.1?) and you have to install components to make it more secure, where Linux starts secure and gets security downgrades when you install and configure stuff. Either way, if you don't manage your server, you will have problems.
It certainly was this time... Drowns his phone and gripe because it takes too long to replace it? I want my 5 min back...
I believe that the idea is to provide the different sizes on the server side, but that the browser (and user preferences) determines which version to download.
I get that but it means the server now has multiple URL's to get the picture and these URL's are defined by how the client will format the GET. I'm just pushing the whole page formatting issue to the server so you pull one URL and the server decides which image to give you. Then the server side is free to have the pictures already processed on disk or process them on the fly and is in total control of the formatting on the page. It also frees up network bandwidth and processing and memory requirements for less powerful platforms.
I'm not sure how this fixes the problem.
You either need a client side (the browser decides what image to fetch and how to display it) or a server side (the server decides what image to send) solution here. I suppose you could do a combination of both, but the problem here is who's going to get the resizing work?
Personally, I think this would be better done on the server side for the most part. That implies that the GET would somehow define for the server enough information about the display available. You are going to need colors supported, user pointer integration (type, minimum size), screen resolution of the user's view both in pixels and actual size. Then the server can decide what page format and image would best fit. All this has to be *independent* of the browser vendor or host platform.
But hey, good luck getting everybody to sign on to a working interface for this... We cannot get a consistent interface between browser vendors now...