Actually WU downloads an installer which then says "There's an update available to Internet Explorer. Do you wish to install it?" It's not a silent, in the background install like you seem to suggest, the user must choose to let it update. Of course users do blindly click yes...
Or, if you're any type of web designer you use both to check your sites work. Simply quoting download numbers is a completly bogus way of proving popularity. You'd think something like InformationWeek would know better than to report this pointless bit dick waving.
Considering MS already provides a tool that updates timezones, right back to NT4 all they're doing is not wanting to regression test on out of date systems.
So tell me, are Redhat producing updates for 10 year old linux installs?
Except he's right! Windows is good for office applications and games, professionals* shouldn't be using it for anything.
Oh please, use what's right for your environment. And frankly in the web space what's on the back end shouldn't matter one bit, it all pumps out HTML/XHTML/RSS/whatever. Unless of course he's saying that Ruby just sucks on Windows; in which case whose fault is that really?
Just to pick up on the laptop issue, it is possible, and indeed recommended by Microsoft to use non-expiring keys on laptops. They activate over the web to MS's central servers just once, just like a home license key does.
Indeed, but if you read the comments above everyone compares msn and yahoo's home page to google's when they perform very very different functions. It would be fairer to compare google to Live Search and Yahoo Search.
From a personal viewpoint I found the click wheel horrid. I ended up clicking when I didn't want to, getting frustrated as I scrolled down through 500 odd tracks or artists and I yearned for a simple up and down button combination where all I had to do is hold it, that's certainly simpler for users who are already used to cursor keys. Yet when the Zune arrived with, what I consider, a simpler set of buttons it was decried.
I guess they could do a ROM SD card with Windows on it but I doubt it
Why not? The general assumption seems to be that they'll put XP on the devices, but that simply makes no sense when they already have CE or Embedded, which are modular and manufacturers can build their own images by selecting the functionality they require. And that's designed to have the OS in read only storage. That makes way more sense. As for using something someone, offhand mentioned earlier as justification, come on, no-one here is working for MS. You simply can't take their, or my ideas as truth and then use it to build what you think MS's strategy will be! You're assuming LANs and centralisation and connectivity.
Not to mention it'll be attempted to make the OLPK devices just terminals to Microsofts Windows Terminal Server. IMO.
But OLPC is aimed at situations where there will be little to no connectivity, and what little there is won't be stable. So why on earth would MS attempt to make the devices thin clients which need an always on, stable connection? That simply makes no sense at all.
If Windows is installed on the OLPC laptops, then we'll have to also get antivirus, anti-spyware, anti-adware and perhaps a few system recovery apps. There will also have to be a Windows key on the keyboard, which in my view, may be a stopper right there.
Why? If they're using XP Embedded or CE then the OS is held in ROM/NVRAM. It's fixed, it can't be over written, so the only system recovery app needed is a full reset. OK sure, spyware and viruses could install, but they would be running in user space from the Startup folder just like they could do under Linux. The only thing that is not making this a stopper for the current OLPC is that no-one has written any yet.
Re:You're in public == you have no privacy
on
Windows Live and Privacy
·
· Score: 2, Informative
Model releases are different, as the model is the main focus of the photo. In the US and the UK members of the public have a very limited scope of privacy rights when
they are in public places. This is the key different, model releases come into play for studio shots. Basically, in public, anyone can be photographed without
their consent except when they have secluded themselves in places where
they have a reasonable expectation of privacy such as dressing rooms, restrooms, medical facilities, and inside their homes. See ThePhotographersRight.pdf for more details of the US situation; photoattorney.com has more of the same. You can find an overview of Australian law here
Finally the NYTimes covered a case where the subject of a photo in public sued because the photographer use it in an exhibit and was making money. The suit sought an injunction to halt sales and publication of the photograph, as well as $500,000 in compensatory damages and $1.5 million in punitive damages and was brought under the NY privacy laws. It failed because the photo was consider art.
Oh, and I assume you're talking about the TimeLine law suit? Actually that came about because TimeLine cancelled Microsoft's licensing agreement, which gave MS license to the patents. Unless you mean another law suit then please, stop trying to paint SQL Server as containing some sort of patent theft and Oracle as squeaky clean.
Just for historical purposes, i looked to the NVD stats page (http://nvd.nist.gov/statistics.cfm) listed in the article. If you search for Oracle DB server 10gR2 in 2006, you only see 3 vulnerabilities listed. I can't see how the numbers can be accurate...
If you were going to compare you should have also looked up Microsoft SQL server for 2006 when there were 0. You should note that MS SQL Server isn't broken down by versions either.
Google, however, is setting the pace in many ways, and has a boggling number of development efforts in the works that are still ahead of most other companies.
But they're not goggle developments. Look at all their recent releases, pretty much all acquisitions. Google aren't on the cutting edge, they're simply buying it and that's going to be a big problem; they aren't keeping up at all with their own developments and the more they buy the more trouble there will be integrating.
That would depend on the country. Certainly as the main BBC and local BBC radio stations are on FM in the UK the likelihood is that they would be used. The Cleveland protocol came into force when the Buncefield oil storage depot exploded, and local radio, on FM was used to broadcast advice. The UK government's emergency web site recommends a battery powered or wind up radio. The spoof site is funnier though.
No. Scripting must always be enabled for XSS attacks to work. The key thing to remember is that the scripts will be running in the context of the loaded page. So an XSS attack that happens on slashdot will appear to be script on slashdot. Things like noscript don't help that much, because you will be trusting the site normally, especially the new ajax based ones.
Now you may think scripting isn't that bad, if you're using Firefox, after all it can't install spyware. But what it can do is lift cookies, and from there you can hijack a session. In the address bar type javascript:alert(document.cookie); and hit return. If scripts are enabled for the page you will see a bunch of stuff. Now consider that I can load an image with javascript which resides on a server I can control. I can also add parameters to the request, appending the cookie. So we get the entire cookie for your current session on that site. I can then handcraft a cookie to match the one I have just stolen and lo, depending on the site, I am now you.
But it really doesn't. The whole "idea" being XSS is to get it to act in the context of a trusted site, to take session cookies, hijack browsers, install spyware whatever. NoScript would stop a bare minimum of badly implemented XSS which loads a.js file from an external domain to the attacked site.
Bad assumption. If you're assuming everything is coming down correctly encoded you're a fool, all it takes is a bit of javascript that submits to your back end without encoding and *bang*
No it doesn't. Cross site scripting works by adding a script tag to the source page. For example, imagine you have allowed scripts from slashdot because you can't use the new comments system without it.
Now an evil hax0r manages to insert an XSS attack on slashdot what would happen is the attack would be embedded in a normal slashdot page, as a block. So the source would be from slashdot.org, and noscript would view it as being allowed.
It's not really a 2.0 problem (assuming you were being a little serious and not just going for +5 funny). Any web site that accepts user input should be checking, and that includes your company's brochure-ware site, slashdot's new (awful) reading interface, digg.com or bbc.co.uk.
What I do find worrying is that when I talk about this (and I do now and again, because I am a presenting whore) is that some people who are implementing ajax suddenly think because they're getting xml from an environment they set up they don't need to check. "Oh but the user can't write his own javascript and submit any calls" is something I hear very often.
And what else would you expect from someone who writes a book on the topic, a neutral point of view where both good and bad points are discussed and taken on board? No, that would be too useful for a technical news site, instead lets recycle old PR puffery.
But all or nothing is not just an XP problem. All methodologies say their way is best, if you deviate you are a heretic and if it all fails then it's your problem for not following the rules. The people that "invent" a methodology make their money from teaching people how to do it, why would they kill their cash cow by telling people they should just take the bits that work for them? Methodology advocates, like preachers cannot afford to have people think for themselves.
Slashdot Mirror
If that were the case then slashdot would loose half its stories from certain editors who are content to accept slashvertisements. Oh the horror!
Actually WU downloads an installer which then says "There's an update available to Internet Explorer. Do you wish to install it?" It's not a silent, in the background install like you seem to suggest, the user must choose to let it update. Of course users do blindly click yes...
Or, if you're any type of web designer you use both to check your sites work. Simply quoting download numbers is a completly bogus way of proving popularity. You'd think something like InformationWeek would know better than to report this pointless bit dick waving.
nefarious? If that's MS's plan then damnit they should be praised! Praised I tell you
Considering MS already provides a tool that updates timezones, right back to NT4 all they're doing is not wanting to regression test on out of date systems. So tell me, are Redhat producing updates for 10 year old linux installs?
Oh please, use what's right for your environment. And frankly in the web space what's on the back end shouldn't matter one bit, it all pumps out HTML/XHTML/RSS/whatever. Unless of course he's saying that Ruby just sucks on Windows; in which case whose fault is that really?
Just to pick up on the laptop issue, it is possible, and indeed recommended by Microsoft to use non-expiring keys on laptops. They activate over the web to MS's central servers just once, just like a home license key does.
Indeed, but if you read the comments above everyone compares msn and yahoo's home page to google's when they perform very very different functions. It would be fairer to compare google to Live Search and Yahoo Search.
From a personal viewpoint I found the click wheel horrid. I ended up clicking when I didn't want to, getting frustrated as I scrolled down through 500 odd tracks or artists and I yearned for a simple up and down button combination where all I had to do is hold it, that's certainly simpler for users who are already used to cursor keys. Yet when the Zune arrived with, what I consider, a simpler set of buttons it was decried.
Not everyone's idea of simpler is the same.
I guess they could do a ROM SD card with Windows on it but I doubt it
Why not? The general assumption seems to be that they'll put XP on the devices, but that simply makes no sense when they already have CE or Embedded, which are modular and manufacturers can build their own images by selecting the functionality they require. And that's designed to have the OS in read only storage. That makes way more sense. As for using something someone, offhand mentioned earlier as justification, come on, no-one here is working for MS. You simply can't take their, or my ideas as truth and then use it to build what you think MS's strategy will be! You're assuming LANs and centralisation and connectivity.
Not to mention it'll be attempted to make the OLPK devices just terminals to Microsofts Windows Terminal Server. IMO.
But OLPC is aimed at situations where there will be little to no connectivity, and what little there is won't be stable. So why on earth would MS attempt to make the devices thin clients which need an always on, stable connection? That simply makes no sense at all.
If Windows is installed on the OLPC laptops, then we'll have to also get antivirus, anti-spyware, anti-adware and perhaps a few system recovery apps. There will also have to be a Windows key on the keyboard, which in my view, may be a stopper right there.
Why? If they're using XP Embedded or CE then the OS is held in ROM/NVRAM. It's fixed, it can't be over written, so the only system recovery app needed is a full reset. OK sure, spyware and viruses could install, but they would be running in user space from the Startup folder just like they could do under Linux. The only thing that is not making this a stopper for the current OLPC is that no-one has written any yet.
Model releases are different, as the model is the main focus of the photo. In the US and the UK members of the public have a very limited scope of privacy rights when they are in public places. This is the key different, model releases come into play for studio shots. Basically, in public, anyone can be photographed without their consent except when they have secluded themselves in places where they have a reasonable expectation of privacy such as dressing rooms, restrooms, medical facilities, and inside their homes. See ThePhotographersRight.pdf for more details of the US situation; photoattorney.com has more of the same. You can find an overview of Australian law here
Finally the NYTimes covered a case where the subject of a photo in public sued because the photographer use it in an exhibit and was making money. The suit sought an injunction to halt sales and publication of the photograph, as well as $500,000 in compensatory damages and $1.5 million in punitive damages and was brought under the NY privacy laws. It failed because the photo was consider art.
Oh, and I assume you're talking about the TimeLine law suit? Actually that came about because TimeLine cancelled Microsoft's licensing agreement, which gave MS license to the patents. Unless you mean another law suit then please, stop trying to paint SQL Server as containing some sort of patent theft and Oracle as squeaky clean.
If you were going to compare you should have also looked up Microsoft SQL server for 2006 when there were 0. You should note that MS SQL Server isn't broken down by versions either.
But they're not goggle developments. Look at all their recent releases, pretty much all acquisitions. Google aren't on the cutting edge, they're simply buying it and that's going to be a big problem; they aren't keeping up at all with their own developments and the more they buy the more trouble there will be integrating.
That's an example of what happens when slashdot no longer posts rumours as fact. *snicker*
That would depend on the country. Certainly as the main BBC and local BBC radio stations are on FM in the UK the likelihood is that they would be used. The Cleveland protocol came into force when the Buncefield oil storage depot exploded, and local radio, on FM was used to broadcast advice. The UK government's emergency web site recommends a battery powered or wind up radio. The spoof site is funnier though.
Now you may think scripting isn't that bad, if you're using Firefox, after all it can't install spyware. But what it can do is lift cookies, and from there you can hijack a session. In the address bar type javascript:alert(document.cookie); and hit return. If scripts are enabled for the page you will see a bunch of stuff. Now consider that I can load an image with javascript which resides on a server I can control. I can also add parameters to the request, appending the cookie. So we get the entire cookie for your current session on that site. I can then handcraft a cookie to match the one I have just stolen and lo, depending on the site, I am now you.
But it really doesn't. The whole "idea" being XSS is to get it to act in the context of a trusted site, to take session cookies, hijack browsers, install spyware whatever. NoScript would stop a bare minimum of badly implemented XSS which loads a .js file from an external domain to the attacked site.
I was talking generically; anyway the redirect is not an XSS attack at all.
Bad assumption. If you're assuming everything is coming down correctly encoded you're a fool, all it takes is a bit of javascript that submits to your back end without encoding and *bang*
Now an evil hax0r manages to insert an XSS attack on slashdot what would happen is the attack would be embedded in a normal slashdot page, as a block. So the source would be from slashdot.org, and noscript would view it as being allowed.
What I do find worrying is that when I talk about this (and I do now and again, because I am a presenting whore) is that some people who are implementing ajax suddenly think because they're getting xml from an environment they set up they don't need to check. "Oh but the user can't write his own javascript and submit any calls" is something I hear very often.
And what else would you expect from someone who writes a book on the topic, a neutral point of view where both good and bad points are discussed and taken on board? No, that would be too useful for a technical news site, instead lets recycle old PR puffery.
But all or nothing is not just an XP problem. All methodologies say their way is best, if you deviate you are a heretic and if it all fails then it's your problem for not following the rules. The people that "invent" a methodology make their money from teaching people how to do it, why would they kill their cash cow by telling people they should just take the bits that work for them? Methodology advocates, like preachers cannot afford to have people think for themselves.