pointing out the obvious--operating systems are as secure as their admins/makers The recent exploit is a counter-example, unless you contend that Debian stayed secure because of the skill of its administrators.
It'd be nice if the community showed a little humility While I have no claim to represent the community, I fully intend to use this episode to explain to management why Open Source is much more secure than Microsoft Windows. I've seen nothing in this to cause any humility in the Open Source Community. It took Microsoft three days after the outbreak of Code Red before a search of Microsoft.com for Code Red returned any results. I haven't seen any response yet about the Chinese posting of something like 7 exploits.
The "monoculture" makes it easier to be attacked and harder to defend. Methinks that even more damaging than the monoculture is the smart computer, dumb user syndrome that leads to "happily clicking on every "Yes, I will install this" box she saw". One reason that Linux does not get the wormage of Microsoft is that it fundamentally thinks that an informed user is a "good thing". Note this shows up in many small and subtle ways, but tends to ensure that malware does not get very far.
Blindly using Western norms to critique actions done in a Chinese cultural context seems dangerous at best. Certainly they are accustomed to taking a longer view of things and have a lot of experience using and dealing with bureaucracy. You inform the vendor if you want to be nice to the vendor. Of course, that gives the vendor the upper hand in how to spin it.
Of course if you actually want secure software, the best tactic is to publish the exploits first and inform the vendor later. Otherwise the tendency is to claim security but postpone doing anything about it until the last possible moment. If the vendors need to be informed first, you can be sure that it's not particularly secure, and extremely unlikely that its security will improve.
My box of 275+ backup CDs can attest to my annoyance..
For backups, it's not really Write-once, read-many, it's Write-once, read-seldom. The media does need to be re-readable, but the majority will never be accessed again.
Ideally, for backup, you want something like 10 times the storage for 10 percent of the cost.
There should be some way to implement a file system using a large WORM drive and a smaller R/W drive so that the WORM drive stores the unchanging stuff and the R/W drive stores the changing stuff. I imagine that running out of space would get pretty ugly though.
If you submitted a patch against the Linux 0.99 kernels, you'd probably be laughed off the mailing list.
If I submitted a patch against the Linux 2.4.23 kernel, I would get laughed off the mailing list. If I submitted a patch against the Linux 0.99 kernels, I might not get laughed off the mailing list.
use a GUI [and not something trivial like ice or fvwm] and are vulnerable
or Gnome which is unlikely to have the same vulnerabilities as KDE.
Since there seems to be some tendency for people to run Gnome programs on KDE and vice-versa, KDE should have one or two orders of magnitude fewer "integration vulnerabilities" than Microsoft Windows.
But separation leads to slowness, and Microsoft wants to be fast.
I believe you, but considering Moore's Law or whatever, that seems to be an incredibly bad allocation of resources. One reason I like Apache (at least the 1.13.x) is that it is possible to use buggy and leaky modules in a production environment. If Apache were 20% slower than IIS (I suspect that it's actually faster), Apache would still be much preferable.
level of integration between IE and the Windows operating system
A key difference is that third parties tend to code defensively whereas Microsoft does not. No amount of testing is enough to substitute for defensive coding.
So instead of the user working the computer, the computer should just work... YOU?
That seems to be the choice.
Although with a lot of work, good standards, etc., it is possible to kinda-sorta have both. Certainly it should be possible to do most simple things simply.
There are a lot of people who can make good use of a computer but have much better things to do than "learn how to use it". Hower, putting the computer in charge of the "user experience" seems to be inviting all sorts of malware.
I do. To stop Outlook, close Outlook. Then go to the Task Manager and KILL IT.
It gives some report of how much memory is used by what process. However, it seems that the bulk of the memory consumed is NOT identified by the task manager. Not entirely usesless, but not to be trusted. Seems like it comes with a rootkit preinstalled.
Methinks boxen is a legitimate term with a meaning distinct from boxes. Derivation is a parallel to vaxen as the plural of vax, probably paralleling vixen as the plural of fox since vaxes sounds rather ugly. It's not Anglo-Saxon, but comes from the '70s if I remember correctly. If it's just the plural of box, boxes is correct. Boxen implies some sort of cohesion so that the assemblage functions as one loosely coordinated entity.
These are the tech-savvy users (scientists, engineers, hobbyists even) who do NOT want to EXPERIMENT with their computer system but be PRODUCTIVE with it, and they can certainly NOT afford to pay for the RHEL!!!
I agree completely. It should be possible to load something reasonable and then essentially forget about it. Get enough of it running around and methinks some sort of solution will pop up. I can hope, anyway.
figuring out what the heck is behind the various code names and acronyms I violently agree!
Maybe apocryphal, but one of my math profs told about a final exam. Six unsolved problems. Got something like three answers and a couple of partials from the class. The profs quip: "Amazing what graduate students can do under pressure".
It would be a superior human indeed that aced that test. However, methinks that grading that test probably would be a better test of intelligence than taking it. It is not at all clear even how one oculd determine if one answer is better than another.
I suspect that as computers become more and more "intelligent", it will become more and more a case of "Smart humans, dumb computers". Computers do not know what they do not know, and do not know that they do not know it. Humans sometimes get an inkling that there just might be something outside their own experience. Safety factors in engineering are one means of coping with the unknown.
Functionality is useless if you can't view your old files.
Looking forward, the functionality of future software is useless if you won't be able to view your current files. At some point you have to switch to something so that you will have in the future the ability to view what you have now. It seems that governments are beginning to realize that switching now will save a lot of pain in the future.
Re:Always "a couple years away"
on
Linux in 2004?
·
· Score: 1
When all this happens over the next couple years, I believe desktop Linux will turn from a stream to an avalanche.
Yep. The question now is "when" rather than "whether". You can jump in early and maybe have some effect on what the standards will be. You can jump in later when the standards have stabilized and save yourself some pain adjusting to the ultimate standards.
The governments jumping in now have an advantage in that whatever they do becomes a de facto standard as regards anyone the have dealings with.
Some corporations will jump in shortly to attempt to affect the standards so they will be friendlier to those corporations.
Others will follow as it becomes obvious which standards they have to follow.
Adobe Acrobat is proprietary. The pdf format is not. xpdf and some ghostview options and probably others. pdf will be readable and writable with or without Adobe. pdf is an excellent format for long-term storage.
Re:it still isnt gonna go mainstream
on
Linux in 2004?
·
· Score: 1
but, the #1 reason linux sin't going mainstream anytime soon is the community. its greatest strength is also its greatest weakness.
its been said before, and i'll say it again, until my mom and dad can run linux without calling me every day, and they can just install something or simply copy and paste from one app in X to another, linux is just gonna stay a hobbist/server OS.
There isn't a Linux community, there is a mess of Linux communities, with different interests and priorities. Whenever there is sufficient interest in Linux on the Desktop, Linux on the Desktop will have arrived. To some extent, with Lindows, it has arrived. With Sun's Desktop, with a bit of pushing and prodding, Linux on the Desktop will definitely have arrived.
I'd say that servers are mainstream, probably more mainstream than desktops. Servers tend to matter. Desktops, as long as they are suffient to the tasks, do not matter.
It amazes me that most of you really can't be constructive at all any time 'security' and 'microsoft' are uttered together.
A minor password incident at Debian and it's front-page news. Similar incidents at Microsoft, we'll never hear about it.
Security is only as good as the people who maintain the machines. There are many factors affecting security. The people maintaining them are one factor, and probably far from being the most important factor. Making a system inherently insecure and then blaming the people maintaing them does not make for credible security.
Slashdot Mirror
pointing out the obvious--operating systems are as secure as their admins/makers
The recent exploit is a counter-example, unless you contend that Debian stayed secure because of the skill of its administrators.
It'd be nice if the community showed a little humility
While I have no claim to represent the community, I fully intend to use this episode to explain to management why Open Source is much more secure than Microsoft Windows. I've seen nothing in this to cause any humility in the Open Source Community. It took Microsoft three days after the outbreak of Code Red before a search of Microsoft.com for Code Red returned any results. I haven't seen any response yet about the Chinese posting of something like 7 exploits.
Right.
The "monoculture" makes it easier to be attacked and harder to defend.
Methinks that even more damaging than the monoculture is the smart computer, dumb user syndrome that leads to "happily clicking on every "Yes, I will install this" box she saw". One reason that Linux does not get the wormage of Microsoft is that it fundamentally thinks that an informed user is a "good thing". Note this shows up in many small and subtle ways, but tends to ensure that malware does not get very far.
No. The plural of virus is Microsoft.
Blindly using Western norms to critique actions done in a Chinese cultural context seems dangerous at best. Certainly they are accustomed to taking a longer view of things and have a lot of experience using and dealing with bureaucracy. You inform the vendor if you want to be nice to the vendor. Of course, that gives the vendor the upper hand in how to spin it.
Of course if you actually want secure software, the best tactic is to publish the exploits first and inform the vendor later. Otherwise the tendency is to claim security but postpone doing anything about it until the last possible moment. If the vendors need to be informed first, you can be sure that it's not particularly secure, and extremely unlikely that its security will improve.
Will Slashdot report it if it does?
And miss such a wonderful opportunity for Microsoft bashing based on what the patches actually do?
It will be interesting to see how fast and how well Microsoft does handle this.
My box of 275+ backup CDs can attest to my annoyance..
For backups, it's not really Write-once, read-many, it's Write-once, read-seldom. The media does need to be re-readable, but the majority will never be accessed again.
Ideally, for backup, you want something like 10 times the storage for 10 percent of the cost.
There should be some way to implement a file system using a large WORM drive and a smaller R/W drive so that the WORM drive stores the unchanging stuff and the R/W drive stores the changing stuff. I imagine that running out of space would get pretty ugly though.
If you submitted a patch against the Linux 0.99 kernels, you'd probably be laughed off the mailing list.
If I submitted a patch against the Linux 2.4.23 kernel, I would get laughed off the mailing list.
If I submitted a patch against the Linux 0.99 kernels, I might not get laughed off the mailing list.
use a GUI [and not something trivial like ice or fvwm] and are vulnerable
or Gnome which is unlikely to have the same vulnerabilities as KDE.
Since there seems to be some tendency for people to run Gnome programs on KDE and vice-versa, KDE should have one or two orders of magnitude fewer "integration vulnerabilities" than Microsoft Windows.
But separation leads to slowness, and Microsoft wants to be fast.
I believe you, but considering Moore's Law or whatever, that seems to be an incredibly bad allocation of resources. One reason I like Apache (at least the 1.13.x) is that it is possible to use buggy and leaky modules in a production environment. If Apache were 20% slower than IIS (I suspect that it's actually faster), Apache would still be much preferable.
level of integration between IE and the Windows operating system
A key difference is that third parties tend to code defensively whereas Microsoft does not. No amount of testing is enough to substitute for defensive coding.
So instead of the user working the computer, the computer should just work... YOU?
That seems to be the choice.
Although with a lot of work, good standards, etc., it is possible to kinda-sorta have both. Certainly it should be possible to do most simple things simply.
There are a lot of people who can make good use of a computer but have much better things to do than "learn how to use it". Hower, putting the computer in charge of the "user experience" seems to be inviting all sorts of malware.
suggest you play with taskman once in a while :-)
I do. To stop Outlook, close Outlook. Then go to the Task Manager and KILL IT.
It gives some report of how much memory is used by what process. However, it seems that the bulk of the memory consumed is NOT identified by the task manager. Not entirely usesless, but not to be trusted. Seems like it comes with a rootkit preinstalled.
You're arguing that slashdot users don't practice group-think?
Not just one group think. Many diverse group thinks.
Posted from my unpatched NT Workstation (that doesn't run Microsoft Wormage so good anymore;)
Actually, for keeping up with what Microsoft is up to, Slashdot seems to be the only readily available unbiased source.
I didn't say Slashdot was unbiased. I said it was the only source for unbiased information.
Methinks boxen is a legitimate term with a meaning distinct from boxes.
Derivation is a parallel to vaxen as the plural of vax, probably paralleling vixen as the plural of fox since vaxes sounds rather ugly. It's not Anglo-Saxon, but comes from the '70s if I remember correctly.
If it's just the plural of box, boxes is correct. Boxen implies some sort of cohesion so that the assemblage functions as one loosely coordinated entity.
I think you are oversimplifying too much!
These are the tech-savvy users (scientists, engineers, hobbyists even) who do NOT want to EXPERIMENT with their computer system but be PRODUCTIVE with it, and they can certainly NOT afford to pay for the RHEL!!!
I agree completely. It should be possible to load something reasonable and then essentially forget about it. Get enough of it running around and methinks some sort of solution will pop up. I can hope, anyway.
figuring out what the heck is behind the various code names and acronyms
I violently agree!
Maybe apocryphal, but one of my math profs told about a final exam. Six unsolved problems. Got something like three answers and a couple of partials from the class.
The profs quip: "Amazing what graduate students can do under pressure".
Without DRM, you wouldn't even have the choice to buy it because it wouldn't even be available.
Now that's the best reason I've heard of yet to abolish DRM.
Return to the classics!
It would be a superior human indeed that aced that test.
However, methinks that grading that test probably would be a better test of intelligence than taking it. It is not at all clear even how one oculd determine if one answer is better than another.
I suspect that as computers become more and more "intelligent", it will become more and more a case of "Smart humans, dumb computers". Computers do not know what they do not know, and do not know that they do not know it. Humans sometimes get an inkling that there just might be something outside their own experience. Safety factors in engineering are one means of coping with the unknown.
Functionality is useless if you can't view your old files.
Looking forward, the functionality of future software is useless if you won't be able to view your current files. At some point you have to switch to something so that you will have in the future the ability to view what you have now. It seems that governments are beginning to realize that switching now will save a lot of pain in the future.
When all this happens over the next couple years, I believe desktop Linux will turn from a stream to an avalanche.
Yep. The question now is "when" rather than "whether".
You can jump in early and maybe have some effect on what the standards will be.
You can jump in later when the standards have stabilized and save yourself some pain adjusting to the ultimate standards.
The governments jumping in now have an advantage in that whatever they do becomes a de facto standard as regards anyone the have dealings with.
Some corporations will jump in shortly to attempt to affect the standards so they will be friendlier to those corporations.
Others will follow as it becomes obvious which standards they have to follow.
however, isn't pdf proprietary as well?
Adobe Acrobat is proprietary. The pdf format is not.
xpdf and some ghostview options and probably others.
pdf will be readable and writable with or without Adobe.
pdf is an excellent format for long-term storage.
but, the #1 reason linux sin't going mainstream anytime soon is the community. its greatest strength is also its greatest weakness.
its been said before, and i'll say it again, until my mom and dad can run linux without calling me every day, and they can just install something or simply copy and paste from one app in X to another, linux is just gonna stay a hobbist/server OS.
There isn't a Linux community, there is a mess of Linux communities, with different interests and priorities. Whenever there is sufficient interest in Linux on the Desktop, Linux on the Desktop will have arrived. To some extent, with Lindows, it has arrived. With Sun's Desktop, with a bit of pushing and prodding, Linux on the Desktop will definitely have arrived.
I'd say that servers are mainstream, probably more mainstream than desktops. Servers tend to matter. Desktops, as long as they are suffient to the tasks, do not matter.
It amazes me that most of you really can't be constructive at all any time 'security' and 'microsoft' are uttered together.
A minor password incident at Debian and it's front-page news.
Similar incidents at Microsoft, we'll never hear about it.
Security is only as good as the people who maintain the machines.
There are many factors affecting security. The people maintaining them are one factor, and probably far from being the most important factor. Making a system inherently insecure and then blaming the people maintaing them does not make for credible security.
but in the real world, standards are de facto, not de jure.
You mean that Yugo sets the standards for Ferraris?
Bad hardware, particularly limited quantities by sub-par manufacturers, does not set standards.
Um, in security, a potential compromise is a compromise.
All the unpatched (or rather, not completely patched) machines at Microsoft.
Microsoft is not that bad.