So who will need to pay me if my Linux box get hacked.
This argument is retarded. Every single software company, Microsoft included, disclaims liability.
The only cases I heard of a company getting into actual legal trouble due to their software is with things like Sony where they knowingly made something that was actively malicious.
I've never heard of a single case of Microsoft or anybody else paying a single cent due to a vulnerability. If they did, MS would be bankrupt by now.
And yes a poorly configured/administrator Linux system can get hacked into, just as easily as a Windows system.
This argument reduces to "all OSes have equivalent security, the only difference is the admin", which is also retarded. Just compare the security of say, Win95 and Vista, and tell me which is more likely to get broken into when taken care of by a competent Windows admin. To start with, Win95 isn't supported anymore, so it has unpatched explots. An admin's only way of protecting it is completely denying access to it.
If you can get someone who know hows to use Linux they can normally keep a windows network secure too.
And so is this one. Theoretical knowledge of security doesn't equal instant knowledge of practical implications. Securing a Linux box is vastly different form securing a Windows one, and there are many people who know how to do one, but have no clue how to do the other. The services they run are different, the way the firewall is configured is different, the way accounts and permissions are setup is different, the pitfalls are different... things just don't translate well at all from one to the other.
It says that "No worries, it works just as well with tea."
This doesn't make sense from the picture. Coffee can be ground pretty fine for espresso, but any decent tea is in loose leaves, which would most likely completely clog the tiny head pictured. Coffee is also ground in a quite variable amount of sizes, fine for espresso, pretty large for the french press.
Not to mention the problem of figuring out how to get the tea/coffee stick to the paper.
You can probably still tell that it's somewhere on the inside and not the outside though. And narrow it down enough to only have to check a small area.
Isn't triangulation a very simple and quick thing? 3 towers ping the phone, report data to a central server. The ping time corresponds to the distance from the tower (assuming no data loss). Distance should be trivial to calculate. Draw a circle around each tower (with location precisely known) with a radius corresponding to the distance the phone's at, and the phone will be in the place where all 3 intersect.
I'd be surprised if the whole thing took more than a second.
Even in the case it for some reason takes a long time, phones talk to towers constantly, and not only while making a call (how could you receive calls otherwise?), often even while they seem to be off.
And why would a check be forced before allowing a call to go through? It seems much better to let the call go through, log it, then take the phone away, using the logs as a justification of bad behavior to add extra prison time.
Tabbed interfaces aren't really what's traditionally understood by MDI.
MDI is when you have windows inside a window, such as Photoshop, Opera, and various IDEs. If you can move the child windows only within the boundaries of the root window, then it's MDI.
IMO, MDI is a neutral thing in itself. Sometimes it fits well, like in IDEs, though most people tend to look at just one document at a time and have various sidebars on the sides. Sometimes it's very inconvenient, like when it prevents using more than one monitor for the application.
To see what I mean, compare Opera and Konqueror. When Opera gets a popup it can't help but de-maximize the currently maximized window, since in a MDI interface, maximization is incompatible with showing a second window as a popup. Konqueror has absolutely no problem in this case though, it just creates a new tabless window.
I use Linux exclusively on desktop, laptop and server. I have a couple VMs for the very rare times when I have to compile a windows app, which get booted maybe once a month for the only purpose of doing a build.
At work I have Windows on the computer, but all it gets used for is to start a VM with Linux in it. I turn it on, log in, start vmware, maximize, and do all the work in the VM. The only reason it's there at all is that I'm too busy to justify spending time on reformatting the box.
In my opinion, until Linux gets a unified interface
Will never happen. Ever. You can't go to thousands of people who aren't working for you and tell them "I decided that your project [insert toolkit here] is redundant and you should all go work on [insert other toolkit here]". They'll simply tell you to go take a hike.
This also assumes that Windows is consistent. But it isn't. MS Office has long been using new strange widgets. Even antiviruses seem to for some reason need to reinvent the GUI. Nearly almost any hardware device will come with applications that aren't standard looking.
I actually find that Linux is a lot more consistent looking than the typical Windows desktop.
a sane way of installing applications and dealing with dependancies
Like apt, for instance? Have you tried any recent distributions?
and manages some actual commercial support
Red Hat and SuSE will be happy to provide it. Though I don't know a single person who called MS tech support.
Almost as unlikely as it having any significant role in Microsoft's presumed decline.
You must have not been paying attention to the news. For a long time, "We're considering Linux" have been the magical words to get a nice discount from MS on a volume order. Without Linux, MS could be pretty sure that with Apple as the other possibility, not going with MS could well be more expensive. With Linux though, cost can be reduced to the internal cost of implementation, without any vendor getting a cent.
In Windows, IE has been shoved into places where there's really no good reason for it to be, other than for MS to be able to claim it can't be removed.
Why is an HTML rendering engine needed to access network shares? Why is it needed to access FTP? Why is it needed to get updates?
Even MS had to recognize that updates through ActiveX in a website have disadvantages and had to code an actual application (the systray update applet) to do things that they couldn't shoehorn IE into. But of course they had to stop one step short of making it fully functional, because if it was, the windows update site would look stupid, and one of the places it's not possible to remove IE from would no longer exist.
The right thing to do in this case is to comply with Warner's demand.
Then go find some unknown artist that makes good music they don't mind to be heard more widely, use their stuff, and of course link the artist's website with a recommendation to buy their music.
Except that for Linux, the situation is quite different.
First, the OS is open. Which means any user of it can make and submit a patch, which would quickly spread around. Distributions engage in some competition, and the patch would get copied around. There's no need for anybody to wait for a vendor to do it.
Second, there's much less backwards compatibility. If a library function is vulnerable, and fixing is impossible without breaking compatibility, a distribution can find all of the included software that uses it, and fix to work with the new version. You're not going to find libqt 1.0 in a modern distro either.
Third, the open nature of the OS leads to the possibility of patching the OS to mess with the adware, making it report complete crap to the server.
Fourth, there already are generic mechanisms such as SELinux to deal with such things. While they're not that widespread yet, a good attack or two of this sort would do a lot to help adoption.
It does. But it's easy, cheap, and color and separation are perfect.
An additional advantage is that no special hardware other than the monitor is needed. If the application produces the interlaced image, it works. No need to support specific cards or APIs or anything of the sort.
I've got a Zalman monitor that does precisely that.
It's great. Unlike anaglyph, it doesn't suffer from ghosting and color problems. Unlike shutter glasses it doesn't require any special support: If you have the monitor, and the glasses, all that's needed is to produce a correctly formatted image. So it can work with any video card without specific support, and you can view 3D photos by just opening the image in the web browser.
The only disadvantage is that horizontal resolution is halved. But it's still much better than the other options.
They can request it, and I'm free to ignore their request and fork.
I do Second Life development this way for instance. For something to do into the official viewer copyright assignment is required. But then I have a choice: I can assign the copyright for things I don't mind giving out (like crash fixes for instance), and don't for features I fully develop on my own.
It's no different under the BSD, anyway. If it was BSD licensed, I could make GPLd or proprietary patches which they'd simply refuse or be unable to integrate. Or I could make BSD licensed ones which they'd be able to merge at will.
My personal reason for using the GPL is that I like getting paid.
Which means that a no strings attached license like the BSD is completely out. It's not so much dislike of proprietary licenses as wanting to force companies to pay me if they want my code.
The problem is that since every Apple fan is going to sing the praises of every trivial trivial thing in every Apple product, it makes it impossible to tell whether it's indeed high quality or not. There are too many people according to who good design is whatever Apple does.
Back when their computers would come with mice with one button, every fan would extoll the superior and intuitive Apple design that didn't need the "confusing" second button. Of course now that Apple changed, that's just dandy too.
Then there's that every fault is ignored or swept under the rug.
But even without that, no, I don't consider Apple to be "high quality". It's shiny and polished, but always with unacceptable "features", such as DRM, non-replaceable batteries, lock-in and so on.
See, my point is that the number of Linux copies sold isn't a perfect indicator.
I paid for Windows copies because there was Linux support, but I bet that fact never got registered anywhere. They saw 4 sales, and one of them for Linux.
Now thanks to no Linux support, they lost another 4 sales, even though maybe only one of them would be for Linux.
For instance, I won't buy any product by Microsoft, Apple, Sony or Creative.
In my view, Apple is just as bad as Microsoft, they just lack the marketshare to pull off the truly nasty stuff, so I'm not going to give them any.
As far as "hating" them, not really. I don't spend the day trolling Apple forums and websites, or anything of the sort.
But even corporate behavior aside, the Apple fanboys are a turnoff. I want to feel like I'm making a good purchase, not buying an entry into a religious cult. I'm also completely uninterested in praises of Steve Jobs, Apple's UI design and such things. Though the same goes for all other companies.
If you fully randomize the URL, there are still things that say "this is an ad", such as the server it comes from, the fact that it's an image or flash, its size, etc. You could pretty safely block all large images, leaving the little ones used for the interface. Just blocking standard ad sizes goes a long way.
The advertiser could perhaps try splitting an ad into little bits. But that probably doesn't work for animated ads very well, and can be detected too.
The best anti-blocking method you could probably do is to check whether the ad has actually been downloaded. But there's a catch: you can't check whether it was actually shown. People will simply start downloading but not showing the ads, with the result of that you won't even know how many impressions there are, as a blocked ad will still count as an impression.
Somebody who truly hates your guts could also set up a distributed system to randomly load websites and click on ads without anybody seeing it, to screw with your statistics.
IMO, ads have better chances of working so long they don't resort to nasty methods. Because if you really push things, there are ways of counterattacking that will completely screw up all statistics, and the only reason people aren't doing it is because they're not annoyed enough yet.
Copies of NWN1 I paid for: 4. One for me, one for friends. I use the Linux version, some of the friends use Windows ones. But I woudln't have bought even one if it didn't work for me.
Copies of NWN2 I paid for: 0. No Linux support, didn't even look at it.
Copies of Lugaru I paid for: 1 so far, plus plugged it at every appropiate opportinity. Would have been 0 without Linux support. The next version looks good enough that I'll probably end up paying for more than one.
The assumption thus far (put forth by you) has been that some third party would be auditing the code, because its open source nature allowed them to.
Which holds for a quite good amount of it, actually. Take a look at how Linux distributions do packaging: Very often the distribution is applying their own patches. Large projects like the kernel, Firefox, or apache very rarely are delivered as pristine upstream source. Which means that yes, there are people reading that source code. They may not be reading 100% of it, but just that somebody completely unrelated and completely outside the developer's control could be watching makes sneaking in something nasty a lot harder.
Trust is required, in any real-world scenario that involves auditing source-code for an application of the type being discussed, regardless of whether said source code is open, closed, or something else.
Trust is not absolutely required. It may be often needed, but not required. The option not to trust and verify yourself is always there.
I read the source of proposed patches, small programs without a wide distribution (the Linux tool to control the OLED on Asus laptops for instance), startup scripts in multiple Linux distributions, parts of the kernel code, parts of the Second Life viewer code, and a few other things. That's a real-world scenario.
Some amount of trust is of course required as I can't audit the whole source of a Linux distribution. But I don't have to trust other people's opinion if I don't want to. If I have any doubts about any piece of software I can check the source myself.
This is a straw man.
So is what you say about the blogger in that case.
How does your conspiracy theory go if their client is the entity paying for the audit, rather than the entity that produced the source code ?
This doesn't happen in practice. Suppose I want to conduct an audit of the IE source code. The audit company would need access to the source, and why would MS give them the access? They'd have no reason to allow it.
Such things only happen when for instance company A wants to buy a product from company B, and hires company C to verify the quality of the code. In this case there is an incentive for B to allow access to the source: without access, there's no sale to A. But such things are internal, and have very little relevance for normal people.
Uh huh. How about the "powerful economic forces" that will devastate said profit if their code audit is shown to be worthless ?
Ever heard of TRUSTe? That seal is on many sites, yet it turns out the seal is effectively worse than worthless: "A survey conducted by Benjamin Edelman in January 2006 found that sites with TRUSTe certification were 50% more likely to violate privacy policies than uncertified sites.". Yet, TRUSTe still exists, and their seal is present on many sites like eBay's. Reports like the mentioned one seem to have done nothing to "devastate" them.
Of course, if they _don't_ publish, then the product isn't going to look as good as the one whose code audit *was* published.
Where are the audit reports on the Windows source code? And does anybody care if such things exist?
Which is going to look bad next to the one who requested 10 audits and published the results of all of them, no ?
Nobody will ever find out that in the first place. When requesting an audit, the company will first require the auditing company to sign a NDA, and as part of the contract there will be a stipulation that disclosing the results is up to the audited company. The successful audits will add an extra "seal" to the website, the unsuccesful ones will be quietly forgotten.
This is a common practice in the industry. See game reviews for instance. You really rip into a buggy gam
Slashdot Mirror
This argument is retarded. Every single software company, Microsoft included, disclaims liability.
The only cases I heard of a company getting into actual legal trouble due to their software is with things like Sony where they knowingly made something that was actively malicious.
I've never heard of a single case of Microsoft or anybody else paying a single cent due to a vulnerability. If they did, MS would be bankrupt by now.
This argument reduces to "all OSes have equivalent security, the only difference is the admin", which is also retarded. Just compare the security of say, Win95 and Vista, and tell me which is more likely to get broken into when taken care of by a competent Windows admin. To start with, Win95 isn't supported anymore, so it has unpatched explots. An admin's only way of protecting it is completely denying access to it.
And so is this one. Theoretical knowledge of security doesn't equal instant knowledge of practical implications. Securing a Linux box is vastly different form securing a Windows one, and there are many people who know how to do one, but have no clue how to do the other. The services they run are different, the way the firewall is configured is different, the way accounts and permissions are setup is different, the pitfalls are different... things just don't translate well at all from one to the other.
It says that "No worries, it works just as well with tea."
This doesn't make sense from the picture. Coffee can be ground pretty fine for espresso, but any decent tea is in loose leaves, which would most likely completely clog the tiny head pictured. Coffee is also ground in a quite variable amount of sizes, fine for espresso, pretty large for the french press.
Not to mention the problem of figuring out how to get the tea/coffee stick to the paper.
You can probably still tell that it's somewhere on the inside and not the outside though. And narrow it down enough to only have to check a small area.
Isn't triangulation a very simple and quick thing? 3 towers ping the phone, report data to a central server. The ping time corresponds to the distance from the tower (assuming no data loss). Distance should be trivial to calculate. Draw a circle around each tower (with location precisely known) with a radius corresponding to the distance the phone's at, and the phone will be in the place where all 3 intersect.
I'd be surprised if the whole thing took more than a second.
Even in the case it for some reason takes a long time, phones talk to towers constantly, and not only while making a call (how could you receive calls otherwise?), often even while they seem to be off.
And why would a check be forced before allowing a call to go through? It seems much better to let the call go through, log it, then take the phone away, using the logs as a justification of bad behavior to add extra prison time.
If you can triangulate, you can simply ignore anything outside the prison, and only check the authorization status for the phones inside it.
It won't block popups if you cause the popup by clicking on something.
Try going to urban dictionary and clicking an image.
Tabbed interfaces aren't really what's traditionally understood by MDI.
MDI is when you have windows inside a window, such as Photoshop, Opera, and various IDEs. If you can move the child windows only within the boundaries of the root window, then it's MDI.
IMO, MDI is a neutral thing in itself. Sometimes it fits well, like in IDEs, though most people tend to look at just one document at a time and have various sidebars on the sides. Sometimes it's very inconvenient, like when it prevents using more than one monitor for the application.
To see what I mean, compare Opera and Konqueror. When Opera gets a popup it can't help but de-maximize the currently maximized window, since in a MDI interface, maximization is incompatible with showing a second window as a popup. Konqueror has absolutely no problem in this case though, it just creates a new tabless window.
I use Linux exclusively on desktop, laptop and server. I have a couple VMs for the very rare times when I have to compile a windows app, which get booted maybe once a month for the only purpose of doing a build.
At work I have Windows on the computer, but all it gets used for is to start a VM with Linux in it. I turn it on, log in, start vmware, maximize, and do all the work in the VM. The only reason it's there at all is that I'm too busy to justify spending time on reformatting the box.
Will never happen. Ever. You can't go to thousands of people who aren't working for you and tell them "I decided that your project [insert toolkit here] is redundant and you should all go work on [insert other toolkit here]". They'll simply tell you to go take a hike.
This also assumes that Windows is consistent. But it isn't. MS Office has long been using new strange widgets. Even antiviruses seem to for some reason need to reinvent the GUI. Nearly almost any hardware device will come with applications that aren't standard looking.
I actually find that Linux is a lot more consistent looking than the typical Windows desktop.
Like apt, for instance? Have you tried any recent distributions?
Red Hat and SuSE will be happy to provide it. Though I don't know a single person who called MS tech support.
You must have not been paying attention to the news. For a long time, "We're considering Linux" have been the magical words to get a nice discount from MS on a volume order. Without Linux, MS could be pretty sure that with Apple as the other possibility, not going with MS could well be more expensive. With Linux though, cost can be reduced to the internal cost of implementation, without any vendor getting a cent.
Well, precisely.
Why did they even have to bother with the website when they had to go and redo a lot of the work to do background updates anyway?
See, that's precisely the problem.
In Windows, IE has been shoved into places where there's really no good reason for it to be, other than for MS to be able to claim it can't be removed.
Why is an HTML rendering engine needed to access network shares? Why is it needed to access FTP? Why is it needed to get updates?
Even MS had to recognize that updates through ActiveX in a website have disadvantages and had to code an actual application (the systray update applet) to do things that they couldn't shoehorn IE into. But of course they had to stop one step short of making it fully functional, because if it was, the windows update site would look stupid, and one of the places it's not possible to remove IE from would no longer exist.
The right thing to do in this case is to comply with Warner's demand.
Then go find some unknown artist that makes good music they don't mind to be heard more widely, use their stuff, and of course link the artist's website with a recommendation to buy their music.
Except that for Linux, the situation is quite different.
First, the OS is open. Which means any user of it can make and submit a patch, which would quickly spread around. Distributions engage in some competition, and the patch would get copied around. There's no need for anybody to wait for a vendor to do it.
Second, there's much less backwards compatibility. If a library function is vulnerable, and fixing is impossible without breaking compatibility, a distribution can find all of the included software that uses it, and fix to work with the new version. You're not going to find libqt 1.0 in a modern distro either.
Third, the open nature of the OS leads to the possibility of patching the OS to mess with the adware, making it report complete crap to the server.
Fourth, there already are generic mechanisms such as SELinux to deal with such things. While they're not that widespread yet, a good attack or two of this sort would do a lot to help adoption.
It does. But it's easy, cheap, and color and separation are perfect.
An additional advantage is that no special hardware other than the monitor is needed. If the application produces the interlaced image, it works. No need to support specific cards or APIs or anything of the sort.
Zalman TRIMON ZM-M220W
I've got a Zalman monitor that does precisely that.
It's great. Unlike anaglyph, it doesn't suffer from ghosting and color problems. Unlike shutter glasses it doesn't require any special support: If you have the monitor, and the glasses, all that's needed is to produce a correctly formatted image. So it can work with any video card without specific support, and you can view 3D photos by just opening the image in the web browser.
The only disadvantage is that horizontal resolution is halved. But it's still much better than the other options.
They can request it, and I'm free to ignore their request and fork.
I do Second Life development this way for instance. For something to do into the official viewer copyright assignment is required. But then I have a choice: I can assign the copyright for things I don't mind giving out (like crash fixes for instance), and don't for features I fully develop on my own.
It's no different under the BSD, anyway. If it was BSD licensed, I could make GPLd or proprietary patches which they'd simply refuse or be unable to integrate. Or I could make BSD licensed ones which they'd be able to merge at will.
My personal reason for using the GPL is that I like getting paid.
Which means that a no strings attached license like the BSD is completely out. It's not so much dislike of proprietary licenses as wanting to force companies to pay me if they want my code.
The problem is that since every Apple fan is going to sing the praises of every trivial trivial thing in every Apple product, it makes it impossible to tell whether it's indeed high quality or not. There are too many people according to who good design is whatever Apple does.
Back when their computers would come with mice with one button, every fan would extoll the superior and intuitive Apple design that didn't need the "confusing" second button. Of course now that Apple changed, that's just dandy too.
Then there's that every fault is ignored or swept under the rug.
But even without that, no, I don't consider Apple to be "high quality". It's shiny and polished, but always with unacceptable "features", such as DRM, non-replaceable batteries, lock-in and so on.
See, my point is that the number of Linux copies sold isn't a perfect indicator.
I paid for Windows copies because there was Linux support, but I bet that fact never got registered anywhere. They saw 4 sales, and one of them for Linux.
Now thanks to no Linux support, they lost another 4 sales, even though maybe only one of them would be for Linux.
They are good, but the constant preaching about how everything Apple makes is the best thing since sliced bread is what turns me off.
Depends on what you mean by "apple hater".
For instance, I won't buy any product by Microsoft, Apple, Sony or Creative.
In my view, Apple is just as bad as Microsoft, they just lack the marketshare to pull off the truly nasty stuff, so I'm not going to give them any.
As far as "hating" them, not really. I don't spend the day trolling Apple forums and websites, or anything of the sort.
But even corporate behavior aside, the Apple fanboys are a turnoff. I want to feel like I'm making a good purchase, not buying an entry into a religious cult. I'm also completely uninterested in praises of Steve Jobs, Apple's UI design and such things. Though the same goes for all other companies.
It's always possible to work around it.
If you fully randomize the URL, there are still things that say "this is an ad", such as the server it comes from, the fact that it's an image or flash, its size, etc. You could pretty safely block all large images, leaving the little ones used for the interface. Just blocking standard ad sizes goes a long way.
The advertiser could perhaps try splitting an ad into little bits. But that probably doesn't work for animated ads very well, and can be detected too.
The best anti-blocking method you could probably do is to check whether the ad has actually been downloaded. But there's a catch: you can't check whether it was actually shown. People will simply start downloading but not showing the ads, with the result of that you won't even know how many impressions there are, as a blocked ad will still count as an impression.
Somebody who truly hates your guts could also set up a distributed system to randomly load websites and click on ads without anybody seeing it, to screw with your statistics.
IMO, ads have better chances of working so long they don't resort to nasty methods. Because if you really push things, there are ways of counterattacking that will completely screw up all statistics, and the only reason people aren't doing it is because they're not annoyed enough yet.
Copies of NWN1 I paid for: 4. One for me, one for friends. I use the Linux version, some of the friends use Windows ones. But I woudln't have bought even one if it didn't work for me.
Copies of NWN2 I paid for: 0. No Linux support, didn't even look at it.
Copies of Lugaru I paid for: 1 so far, plus plugged it at every appropiate opportinity. Would have been 0 without Linux support. The next version looks good enough that I'll probably end up paying for more than one.
"Less than three music" is a nice radio station
Which holds for a quite good amount of it, actually. Take a look at how Linux distributions do packaging: Very often the distribution is applying their own patches. Large projects like the kernel, Firefox, or apache very rarely are delivered as pristine upstream source. Which means that yes, there are people reading that source code. They may not be reading 100% of it, but just that somebody completely unrelated and completely outside the developer's control could be watching makes sneaking in something nasty a lot harder.
Trust is not absolutely required. It may be often needed, but not required. The option not to trust and verify yourself is always there.
I read the source of proposed patches, small programs without a wide distribution (the Linux tool to control the OLED on Asus laptops for instance), startup scripts in multiple Linux distributions, parts of the kernel code, parts of the Second Life viewer code, and a few other things. That's a real-world scenario.
Some amount of trust is of course required as I can't audit the whole source of a Linux distribution. But I don't have to trust other people's opinion if I don't want to. If I have any doubts about any piece of software I can check the source myself.
So is what you say about the blogger in that case.
This doesn't happen in practice. Suppose I want to conduct an audit of the IE source code. The audit company would need access to the source, and why would MS give them the access? They'd have no reason to allow it.
Such things only happen when for instance company A wants to buy a product from company B, and hires company C to verify the quality of the code. In this case there is an incentive for B to allow access to the source: without access, there's no sale to A. But such things are internal, and have very little relevance for normal people.
Ever heard of TRUSTe? That seal is on many sites, yet it turns out the seal is effectively worse than worthless: "A survey conducted by Benjamin Edelman in January 2006 found that sites with TRUSTe certification were 50% more likely to violate privacy policies than uncertified sites.". Yet, TRUSTe still exists, and their seal is present on many sites like eBay's. Reports like the mentioned one seem to have done nothing to "devastate" them.
Where are the audit reports on the Windows source code? And does anybody care if such things exist?
Nobody will ever find out that in the first place. When requesting an audit, the company will first require the auditing company to sign a NDA, and as part of the contract there will be a stipulation that disclosing the results is up to the audited company. The successful audits will add an extra "seal" to the website, the unsuccesful ones will be quietly forgotten.
This is a common practice in the industry. See game reviews for instance. You really rip into a buggy gam