You won't be able to "put a stop to this this thing really fast" no matter what you do. M$/IIS is bloatware chocked full of undiscovered exploits. This is not the last of THIS TYPE of worm.
AND! yes it does say something about the character of the IIS admins, because it takes very little technical know how to get a IIS server running. ("I had IIS running? I had no idea") Like I said! Uninformed, ignorant, or lazy! PICK ONE!
I for one am glad. This is just the type of thing that can actually cause enough damage to the already tarnished track record of M$ commercial server market, to help see a real decline in there numbers.
IIS is a disease. Apache is the cure.
Dumbass, IIS wasn't exploited by Code Red. Index Server was.
If you were running APACHE and had it bound to Index Server (not that farfetched on Win2k), you'd STILL have had a rooted box.
There is a long held stigma that teenagers have no respect for their elders, teenagers think they're invincible, teenagers know everything...the list goes on. Not that it doesn't have some truth, but the fact is, this idea has been around long before everyone flooded the net
Indeed... Socrates made similar comments regarding teenagers in 400BC or so.
Furthermore, the biggest turnoff from XP is that it "calls home". Turn on Zone Alarm or Tiny Personal Firewall, and watch while screensavers try to connect to microsoft.com. Why? I don't know, presumably to send information about the system.
Go to http://www.systeminternals.com and download TDIMon (and the other TCPIP tool - can't remember it now).
Let's count the number of remote expoits for apache and IIS and decide which system is more secure
A pity that this won't actually give you any kind of realistic indication as to how insecure they actually are.
To do that you'd also need to know how many attempts to find exploits on each were made. It's more likely that Apache just hasn't been hammered on as much.
That's a bit disingenuous. JavasCrypt is enabled by default in all graphical browsers. 90% of people out there don't even know what it is, much less how to turn it off (turning it off in Netscape is fairly easy, but turning it off in IE is extremely non-obvious, even if you know you're looking to kill JavaScript).
In IE, it's under Security, which is the obvious place to have it. Particularly if you don't know *what* Javascript is; all you have to do is set your security to high - you don't have to worry about the details.
Good for you. Unfortunately, anecdotes are like assholes - everyone has 'em, and they're totally useless as a basis for debate. Would you like to bet on whether your "boatload" is typical or anomalous for those on H1B visas? If the latter, whose supposition would you say is flawed?
Which was my point entirely -- your argument is based entirely on anecdotal evidence. I've worked with a lot of H1B visa holders. None of them are hurting. The ones that excel get paid above and beyond the average for the industry in the area. The ones that are sub-par... get paid the industry average *for that location* because it's the law. So even a sucky programmer will make good money, if they manage to wangle an H1-B.
Where's your evidence that 'they're just cheaper'???
Is that H1B worker "the right person"? Will they be able to run through your little obstacle course any better than the local applicants you rejected? I doubt it. They're just cheaper. Suddenly it's not about skills after all, it's about dollars. It's also, IMO, often about hiring people who won't be threats to your own position or prestige.
I'm on an H1B. I earn a boatload of money doing it - more than a lot of the other engineers here. Methinks that your supposition is flawed.
Your app probaly doesn't do anything important enough to be imitated, or programmed against. I have no doubt there is anti lotus, netscape, realplayer, etc code lurking in the dark heart of that source code they desperately won't let you see.
Nah, there's enough shit code in RealPlayer (hey! It installs all this crap I asked it not to...) and Netscape (wow! look at it crash. AGAIN) without MS having to write any.
The technology he means is probably: email servers, cd burners, internet browsers, media players, database servers, email programs, and everything else important that MS HAS to control or they'll have a fuckin fit.
Nero works fine. Opera works fine. Realplayer works fine. Quicktime works fine. Eudora works fine. Netscape works fine. As for the DB servers, etc... well, I don't have them. Sorry.
So let's see... out of all your examples... I can testify over 60% of them working great. Would you care to give some examples? Or drop the FUD crusade?
Synching with atomic clocks - MacOS 8 had this. ClearType - For fucks sake, the Apple ][ had this one! Technologist Steve Gibson, a software developer and consultant whose claim to fame was inventing the light pen more than a decade ago, says he recognizes the technique as one used in the Apple II. He confirmed his suspicion by comparing notes with Apple cofounder Steve Wozniak, who developed a font-smoothing technique for the Apple II
Windows XP doesn't add new capabilities - it just informs the user of the capabilities they have always had.
Well, I guess that CD burning built-in, automatic time synch with an atomic clock over NTP built-in, file-transfer wizard to help you migrate from an old computer, built-in firewall, task-bar cleaning, Network bridging/1394/USB networking, ClearType, massively improved Error Reporting, the whole Help and Support center and fast user switching (as a brief run-down) aren't new features then?
In that case, can you let me know where they were on Windows 2000?
As a CEO of netscape would you really pay money to develop a free product?
Well, given that Andreesen has stated that Netscape was always meant to be given away for free (they were selling servers - and this was the business plan that Barksdale signed up for).... Yes.
Besides - all the other browsers had been free as well. Remember Mosaic? Lynx?
Apple does not have a monopoly. Monopolies have restrictions on them that other businesses don't.
Not only is MS a monopoly they have been judged by a federal judge to criminally abused their monopoly to choke off competition. This came after they had already been reprimanded by the federal govt for their previous behaviours. Not only that but the appeals court upheld the guilty verdict of the first judge.
Wait a minute...
According to the findings of fact, Jackson rules that Microsoft had a monopoly on the "X86 based consumer desktop market"
Surely, by the same logic, Apple has a monopoly on the "Motorola-based consumer desktop market"????
He did not want it.
He was outraged that one has to pay $1000 for it.
As you said it is nothing for someone who makes a living writing and supporting MS or Win32 products and consequently one can conclude this guy never had been involved in this kind of professional work.
Ahhhh... okay... I guess my misunderstanding came about from the fact that I can't work out why someone would complain about the price, but not actually have a need for that thing, or want to use it;-)
And...MSDN costs HOW MUCH?! MSDN costs more per year than any of Microsoft's operating systems. So you've got the source, you aren't exactly free todo what you want with it, you can't legally modify it and give your friend a copy to try out.
If you didn't give away all your code for free, and were actually making money writing stuff, the cost of MSDN would actually be a DROP IN THE OCEAN to you.
MSDN doesn't cost much when you're raking in hundreds of thousands of dollars a year.
1. strcpy hasn't gone anywhere. Just use that.
2. StrCpy is included with StrCpyN in the shell api because - well - the shell guys were nuts. You don't have to use it. strcpy still works. The only advantage you get with using it is if you use StrCpyN, you can prevent buffer overflows.
Besides... for maximum portability between platforms, and for unicode/MBCS/ANSI portability, it should have used _tcscpy()
Oh... and just because the app you have to maintain was written by an idiot who didn't think before using an API call, doesn't mean that it's Microsoft's fault.
Murderers don't go walking around free during their appeal process, why should MS?
There's a big difference between murder and antitrust. If you can't see that, then please, please, please, crack a book.
Simon
OSDN has no more responsibility to be journalistic than MSDN, NARAL, or the NRA. It's a developer network for people who share a political perspective.
Uhh... there's less developer in OSDN than there is coffee in Java.
MSDN, by the way, is a developer resource site - including tutorials, examples, documentation, et al. It hasn't got anything to do with politics.
Except, with WinXP, they won't give out the theme API calls - leaving only favored OEM's with the ability to create new themes in XP.
The API is out there and can be looked at in MSDN.
As for creating your own themes, MS are working with a 3rd party company to come up with a good themes editor, so they're not documenting any of it yet...
Slashdot Mirror
Umm... WRONG!
You won't be able to "put a stop to this this thing really fast" no matter what you do. M$/IIS is bloatware chocked full of undiscovered exploits. This is not the last of THIS TYPE of worm.
AND! yes it does say something about the character of the IIS admins, because it takes very little technical know how to get a IIS server running. ("I had IIS running? I had no idea") Like I said! Uninformed, ignorant, or lazy! PICK ONE!
I for one am glad. This is just the type of thing that can actually cause enough damage to the already tarnished track record of M$ commercial server market, to help see a real decline in there numbers.
IIS is a disease. Apache is the cure.
Dumbass, IIS wasn't exploited by Code Red. Index Server was.
If you were running APACHE and had it bound to Index Server (not that farfetched on Win2k), you'd STILL have had a rooted box.
Simon
There is a long held stigma that teenagers have no respect for their elders, teenagers think they're invincible, teenagers know everything...the list goes on. Not that it doesn't have some truth, but the fact is, this idea has been around long before everyone flooded the net
Indeed... Socrates made similar comments regarding teenagers in 400BC or so.
Simon
Furthermore, the biggest turnoff from XP is that it "calls home". Turn on Zone Alarm or Tiny Personal Firewall, and watch while screensavers try to connect to microsoft.com. Why? I don't know, presumably to send information about the system.
Go to http://www.systeminternals.com and download TDIMon (and the other TCPIP tool - can't remember it now).
Run it, and see what apps do what.
There you go - problem solved.
Simon
Let's count the number of remote expoits for apache and IIS and decide which system is more secure
A pity that this won't actually give you any kind of realistic indication as to how insecure they actually are.
To do that you'd also need to know how many attempts to find exploits on each were made. It's more likely that Apache just hasn't been hammered on as much.
Simon
That's a bit disingenuous. JavasCrypt is enabled by default in all graphical browsers. 90% of people out there don't even know what it is, much less how to turn it off (turning it off in Netscape is fairly easy, but turning it off in IE is extremely non-obvious, even if you know you're looking to kill JavaScript).
In IE, it's under Security, which is the obvious place to have it. Particularly if you don't know *what* Javascript is; all you have to do is set your security to high - you don't have to worry about the details.
Simon
Good for you. Unfortunately, anecdotes are like assholes - everyone has 'em, and they're totally useless as a basis for debate. Would you like to bet on whether your "boatload" is typical or anomalous for those on H1B visas? If the latter, whose supposition would you say is flawed?
Which was my point entirely -- your argument is based entirely on anecdotal evidence. I've worked with a lot of H1B visa holders. None of them are hurting. The ones that excel get paid above and beyond the average for the industry in the area. The ones that are sub-par... get paid the industry average *for that location* because it's the law. So even a sucky programmer will make good money, if they manage to wangle an H1-B.
Where's your evidence that 'they're just cheaper'???
Simon
Is that H1B worker "the right person"? Will they be able to run through your little obstacle course any better than the local applicants you rejected? I doubt it. They're just cheaper. Suddenly it's not about skills after all, it's about dollars. It's also, IMO, often about hiring people who won't be threats to your own position or prestige.
I'm on an H1B. I earn a boatload of money doing it - more than a lot of the other engineers here. Methinks that your supposition is flawed.
Simon
Your app probaly doesn't do anything important enough to be imitated, or programmed against. I have no doubt there is anti lotus, netscape, realplayer, etc code lurking in the dark heart of that source code they desperately won't let you see.
Nah, there's enough shit code in RealPlayer (hey! It installs all this crap I asked it not to...) and Netscape (wow! look at it crash. AGAIN) without MS having to write any.
The technology he means is probably: email servers, cd burners, internet browsers, media players, database servers, email programs, and everything else important that MS HAS to control or they'll have a fuckin fit.
Nero works fine. Opera works fine. Realplayer works fine. Quicktime works fine. Eudora works fine. Netscape works fine. As for the DB servers, etc... well, I don't have them. Sorry.
So let's see... out of all your examples... I can testify over 60% of them working great. Would you care to give some examples? Or drop the FUD crusade?
Pick one.
Simon
Synching with atomic clocks - MacOS 8 had this. ClearType - For fucks sake, the Apple ][ had this one! Technologist Steve Gibson, a software developer and consultant whose claim to fame was inventing the light pen more than a decade ago, says he recognizes the technique as one used in the Apple II. He confirmed his suspicion by comparing notes with Apple cofounder Steve Wozniak, who developed a font-smoothing technique for the Apple II
Yes, and he's fucking wrong, but won't admit it.
Simon
"Surely, by the same logic, Apple has a monopoly on the "Motorola-based consumer desktop market"???? "
Not until a judge says so. That's the way our system works.
Therefore, either the US Legal System ignores logic, or the judge was illogical. Which is it?
Simon
Windows XP doesn't add new capabilities - it just informs the user of the capabilities they have always had.
Well, I guess that CD burning built-in, automatic time synch with an atomic clock over NTP built-in, file-transfer wizard to help you migrate from an old computer, built-in firewall, task-bar cleaning, Network bridging/1394/USB networking, ClearType, massively improved Error Reporting, the whole Help and Support center and fast user switching (as a brief run-down) aren't new features then?
In that case, can you let me know where they were on Windows 2000?
Simon
As a CEO of netscape would you really pay money to develop a free product?
Well, given that Andreesen has stated that Netscape was always meant to be given away for free (they were selling servers - and this was the business plan that Barksdale signed up for).... Yes.
Besides - all the other browsers had been free as well. Remember Mosaic? Lynx?
Simon
Apple does not have a monopoly. Monopolies have restrictions on them that other businesses don't.
Not only is MS a monopoly they have been judged by a federal judge to criminally abused their monopoly to choke off competition. This came after they had already been reprimanded by the federal govt for their previous behaviours. Not only that but the appeals court upheld the guilty verdict of the first judge.
Wait a minute...
According to the findings of fact, Jackson rules that Microsoft had a monopoly on the "X86 based consumer desktop market"
Surely, by the same logic, Apple has a monopoly on the "Motorola-based consumer desktop market"????
Simon
Once XP is released you can say good bye to any non MS technology running on windows
Sorry, but I have to call bullshit here.
My app runs *fine* on XP, and it's not written by Microsoft. So do several hundred thousand *other* apps.
So what is this technology you're speaking of that will miraculously drop dead?
Simon
I don't want to beta test. I use linux.
Isn't that an oxymoron?
Simon
He did not want it.
;-)
He was outraged that one has to pay $1000 for it.
As you said it is nothing for someone who makes a living writing and supporting MS or Win32 products and consequently one can conclude this guy never had been involved in this kind of professional work.
Ahhhh... okay... I guess my misunderstanding came about from the fact that I can't work out why someone would complain about the price, but not actually have a need for that thing, or want to use it
Si
Dude, you are not talking to a guy who earns his living writing software.
... I forgot... it's cheaper to get that than to get all the apps separately.
Then why would he want a Microsoft Developer Network subscription?
Oh
Simon
And...MSDN costs HOW MUCH?! MSDN costs more per year than any of Microsoft's operating systems. So you've got the source, you aren't exactly free todo what you want with it, you can't legally modify it and give your friend a copy to try out.
If you didn't give away all your code for free, and were actually making money writing stuff, the cost of MSDN would actually be a DROP IN THE OCEAN to you.
MSDN doesn't cost much when you're raking in hundreds of thousands of dollars a year.
You mean "the shell guys" reimplemented strncpy for no good reason as well as strcpy?
*cough* *cough* ahemm... er... yeah! Exactly!
Simon
(Doh!)
Microsoft's version of Java is left incomplete, slow, and broken.
Users blame Java and Sun for how much Microsofts Java sucks.
Actually, most people blamed Netscape for how much their version of Java sucked - which is what turned people off from it in the first place.
And Microsoft's implementation was the fastest of the bunch - which is why Sun ended up cheating on the CaffeineMark benchmarks.
Simon
1. strcpy hasn't gone anywhere. Just use that.
2. StrCpy is included with StrCpyN in the shell api because - well - the shell guys were nuts. You don't have to use it. strcpy still works. The only advantage you get with using it is if you use StrCpyN, you can prevent buffer overflows.
Besides... for maximum portability between platforms, and for unicode/MBCS/ANSI portability, it should have used _tcscpy()
Oh... and just because the app you have to maintain was written by an idiot who didn't think before using an API call, doesn't mean that it's Microsoft's fault.
Simon
Murderers don't go walking around free during their appeal process, why should MS? There's a big difference between murder and antitrust. If you can't see that, then please, please, please, crack a book. Simon
OSDN has no more responsibility to be journalistic than MSDN, NARAL, or the NRA. It's a developer network for people who share a political perspective.
Uhh... there's less developer in OSDN than there is coffee in Java.
MSDN, by the way, is a developer resource site - including tutorials, examples, documentation, et al. It hasn't got anything to do with politics.
Simon
Except, with WinXP, they won't give out the theme API calls - leaving only favored OEM's with the ability to create new themes in XP.
The API is out there and can be looked at in MSDN.
As for creating your own themes, MS are working with a 3rd party company to come up with a good themes editor, so they're not documenting any of it yet...
Simon
Instead you should be angry about the fact that the government has beaten down your wages by giving your job to a foreiger with a HB12 Visa
Actually, it's an H1-B Visa, and I'm really happy to have one - AND be earning a SHITLOAD more than you thankyouverymuch.
Simon