The pressure needs to be more direct, louder, more visible, and more political. An organized boycott isn't likely to do much good. Some advice from an old fart who hasn't cared about what was currently hot for the last 40 years. What you want is for the current generation "in" crowd to realize how dumb it is to pay for the privilige of being suckered into not owning what they've paid for. Don't worry about credit. Let them have all the credit they want. Loud discussions with sales clerks about what you can and cannot do can work wonders.
Ok, a poll: how many of you went into the source code today and fixed the vulnerability on your own? Come on, raise your hands... More to the point would be "How many of you *could* have gone into the source code and fixed the vulnerability (if someone else hadn't beaten you to it)?" The valid comparison for Open vs Closed Source is this number vs the very small handful with Closed Source. If I'm the only one running into a major problem, I *will* fix it, but 99.44% of the time, someone else has already fixed it. (far better than I would have;)
Better yet - do this on one machine. Your devel / test machine. Right. It gives a lot of added security for minimal effort. The idea is the same as quarantining new arrivals.
Information I really care about is not exposed via my passport. It is all safely locked up elsewhere. Not *yet*. The problem is that the information exposed via passport is monotonically increasing. Sooner or later the scope of passport includes this, includes that. You can hold out for awhile, but eventually all the information you really care about *will* be in passport. I don't particularly trust Sun or any of the other members of Liberty Alliance, but there are some heavywights who will not take kindly to other members using it as their private feeding ground.
However I do question the timing since newly discovered ssl flaw recently in IIS/IE is making headline news and CIO's nervous. Personally, I think the timing is just loverly. Not only is the hole patched pronto and openly, but the machinery is being put into place so that Apache on Solaris (and others of course) can actually be trusted. At this point I'd be extremely leery of the ultimate security of Microsoft software.
The thing is: Ultimately Sun and the rebels and a few others are on the same side. WE DON'T LIKE BAD SOFTWARE.
Re:Good for linux(?), probably not good for Sun
on
Sun To Sell Linux PCs
·
· Score: 2
Corporate desktops. Sun quality and support. Not to be confused with the WalMart $200 specials. Price and perceptions will to a surprising extent determine the value that the customers expect and will get from it. Even if they were functionally equivalent, a business will get more useful results from Star Office on Sun desktops than they would from Lindows running on WalMart computers. "I paid good money for the thing. Now make it work."
There's a difference. Right. Color is a property of area, not of a point. Just try seeing the exact shade of a tiny paint chip. Paint half a wall. Then try to exactly match the shade on the other half. Resolution has to do with where or how many. A 1000 dpi printer can draw 500 lines in one inch. A 200 ppi monitor can draw 100 lines in one inch. There are tricks that can be pulled on both sides, but translating between a 200ppi monitor and a 1000dpi printer loses in BOTH directions.
There's an important distinction in there somewhere. Seems like it has some similarity to tipping the headwaiter. Seems like something important gets lost when cost and value get too closely tied together.
Virtual Memory makes sense when real memory is significantly less than addressable memory. With a few caveats, virtual memory gives you the speed of real memory and the size and expense of disk. Sixteen-bit minicomputers have(had?) an 16-bit address space of 64k. Some have had their lives extended by using a VM in reverse to utilize more real memory than virtual memory. Multics is probably the only OS for which VM was intrinsic. Multics used virtual memory for permanent file storage! Otherwise, Operating Systems tend to act very much the same with or without VM. Obviously, the OS has to *do* something about it, but the only real difference is that the machine looks bigger than it is.
But is this more likely to happen than say a harddrive crash? I'd guess about 10 to 100 times more likely. A harddrive going out tends to have momentary glitches, unreadable areas, erratic behavior before it's completely unusable. The thing is that with a failing drive, you wnat to move all the information you can rescue to some other place. A difference in temperature or physical orientation may make the difference whether portions of the drive are readable or not.
Bleep happens regardless of the OS, sometimes due to hardware failure, user error, application bugs, cosmic rays, spilled Mtn.Dew, etc. What happens next is where it gets interesting. Microsoft Windows has one small glitch in reading a directory and helpfully makes the disk consistent by destroying all the contents of the directory it can't read. This is Microsoft's definition of "User Friendly".
Something about the "collective advance against the Evil Empire" bothers me. Too much like giving Microsoft only one single front to defend against. Linux world domination may wind up as OpenBSD desktops for all I know.
He works for a prepress house where they *do* care about what their work looks like. Most business users want to be able to throw stuff in and have it coming out looking halfway decent. Whether that's good or not is a different matter. For fun, watch someone with a bit of artistic sense try to get a Microsoft Word document to actually look decent.
Sure there is. You do things so that the attacker has to pass everybody's scrutiny to get to you at the same time you compartmentalize everything so as to minimize potential damage.
One cheap shot is to just download from a random mirror. From a different system. Another cheap shot is to NEVER blindly apply ANY purported patches. One uncrackable IBM system was cracked by leaving behind an official looking IBM patch tape. Yet another cheap shot is to never have just one vendor.
A well-known and useful tool is extremely unlikely to be targeted at you. Something claiming to be that tool is much more likely, particularly if you can be targeted to receive the "special package".
Slashdot Mirror
You lose a few smart frogs that way. For a while. Only.
The start of a slippery slope is not that bad. At first.
The pressure needs to be more direct, louder, more visible, and more political.
An organized boycott isn't likely to do much good.
Some advice from an old fart who hasn't cared about what was currently hot for the last 40 years. What you want is for the current generation "in" crowd to realize how dumb it is to pay for the privilige of being suckered into not owning what they've paid for. Don't worry about credit. Let them have all the credit they want. Loud discussions with sales clerks about what you can and cannot do can work wonders.
Ok, a poll: how many of you went into the source code today and fixed the vulnerability on your own? Come on, raise your hands...
More to the point would be "How many of you *could* have gone into the source code and fixed the vulnerability (if someone else hadn't beaten you to it)?"
The valid comparison for Open vs Closed Source is this number vs the very small handful with Closed Source.
If I'm the only one running into a major problem, I *will* fix it, but 99.44% of the time, someone else has already fixed it. (far better than I would have;)
Better yet - do this on one machine. Your devel / test machine.
Right. It gives a lot of added security for minimal effort.
The idea is the same as quarantining new arrivals.
Hehe. Ever wonder why someone would *pay* good money to RedHat, etc. for what they can get for free?
Information I really care about is not exposed via my passport. It is all safely locked up elsewhere.
Not *yet*. The problem is that the information exposed via passport is monotonically increasing. Sooner or later the scope of passport includes this, includes that. You can hold out for awhile, but eventually all the information you really care about *will* be in passport.
I don't particularly trust Sun or any of the other members of Liberty Alliance, but there are some heavywights who will not take kindly to other members using it as their private feeding ground.
Right. Further, anyone else who needs access to *any* gets access to *all*.
Something the PHBs should be aware of. /. rabble on the same side?
PHBs and
Irony in the choice of McDonald to compare to Microsoft.
McDonald was into computers (POS terminals) before there was a Microsoft.
However I do question the timing since newly discovered ssl flaw recently in IIS/IE is making headline news and CIO's nervous.
Personally, I think the timing is just loverly. Not only is the hole patched pronto and openly, but the machinery is being put into place so that Apache on Solaris (and others of course) can actually be trusted.
At this point I'd be extremely leery of the ultimate security of Microsoft software.
The thing is: Ultimately Sun and the rebels and a few others are on the same side.
WE DON'T LIKE BAD SOFTWARE.
Corporate desktops. Sun quality and support. Not to be confused with the WalMart $200 specials. Price and perceptions will to a surprising extent determine the value that the customers expect and will get from it. Even if they were functionally equivalent, a business will get more useful results from Star Office on Sun desktops than they would from Lindows running on WalMart computers. "I paid good money for the thing. Now make it work."
There's a difference. Right.
Color is a property of area, not of a point. Just try seeing the exact shade of a tiny paint chip. Paint half a wall. Then try to exactly match the shade on the other half.
Resolution has to do with where or how many. A 1000 dpi printer can draw 500 lines in one inch. A 200 ppi monitor can draw 100 lines in one inch.
There are tricks that can be pulled on both sides, but translating between a 200ppi monitor and a 1000dpi printer loses in BOTH directions.
Would you count the American Petroleum Institute as a charity?
The Better Business Bureau?
While I wouldn't call it uncharitable, it seems more like a business arrangement due to common interests.
There's an important distinction in there somewhere.
Seems like it has some similarity to tipping the headwaiter.
Seems like something important gets lost when cost and value get too closely tied together.
Excellent read.
;)
Modern version of The Tortoise and the Hare.
Pyramid scheme -- of talent!
A few star performers is a good thing.
Everybody a star performer -- doesn't really work.
Risky business during boom times can be a good thing.
But this only works for a *few* people.
( The New Yorker, but the *mindset* is very consonant with slashdot
Virtual Memory makes sense when real memory is significantly less than addressable memory. With a few caveats, virtual memory gives you the speed of real memory and the size and expense of disk. Sixteen-bit minicomputers have(had?) an 16-bit address space of 64k. Some have had their lives extended by using a VM in reverse to utilize more real memory than virtual memory.
Multics is probably the only OS for which VM was intrinsic. Multics used virtual memory for permanent file storage! Otherwise, Operating Systems tend to act very much the same with or without VM. Obviously, the OS has to *do* something about it, but the only real difference is that the machine looks bigger than it is.
But is this more likely to happen than say a harddrive crash?
I'd guess about 10 to 100 times more likely. A harddrive going out tends to have momentary glitches, unreadable areas, erratic behavior before it's completely unusable. The thing is that with a failing drive, you wnat to move all the information you can rescue to some other place. A difference in temperature or physical orientation may make the difference whether portions of the drive are readable or not.
Look at the ads. You can fly.
Or with "one degree of separation" a dumkoff can come off looking smart.
"There's a sucker born every minute."
Bleep happens regardless of the OS, sometimes due to hardware failure, user error, application bugs, cosmic rays, spilled Mtn.Dew, etc.
What happens next is where it gets interesting. Microsoft Windows has one small glitch in reading a directory and helpfully makes the disk consistent by destroying all the contents of the directory it can't read. This is Microsoft's definition of "User Friendly".
Something about the "collective advance against the Evil Empire" bothers me. Too much like giving Microsoft only one single front to defend against. Linux world domination may wind up as OpenBSD desktops for all I know.
He works for a prepress house where they *do* care about what their work looks like. Most business users want to be able to throw stuff in and have it coming out looking halfway decent. Whether that's good or not is a different matter.
For fun, watch someone with a bit of artistic sense try to get a Microsoft Word document to actually look decent.
There is no security.
Sure there is. You do things so that the attacker has to pass everybody's scrutiny to get to you at the same time you compartmentalize everything so as to minimize potential damage.
One cheap shot is to just download from a random mirror. From a different system.
Another cheap shot is to NEVER blindly apply ANY purported patches. One uncrackable IBM system was cracked by leaving behind an official looking IBM patch tape.
Yet another cheap shot is to never have just one vendor.
A well-known and useful tool is extremely unlikely to be targeted at you. Something claiming to be that tool is much more likely, particularly if you can be targeted to receive the "special package".
One comment posted by that user id.
I would imagine that he or she is rather more anonymous than by just checking the anon box.
Why should the person with $100,000 has less of a say than a person with $10.00?
Shouldn't have less, but shouldn't have 10,000 times as much either.