P.S.: could someone get me out of this retirement home? This crazy "Mister! Mister!" lady keeps running after me. and this really mean dude resembling derek zoolander keeps offering me a "warm glass of shut the hell up" each time i want some milk.
Like most security-related rants, this article fails to first scope what it intends to mean by security.
I personally like to scope security as end-user security for someone using their computer as a client machine, NOT a server. Opening a shiny new box, plugging it on the network, and do very basic things most people do: check email and surf pr0n, sign-up for "free stuff".
Right now, by plugging a brand new installation of XP onto an unprotected network, you get owned by Sasser within seconds. There were many before Sasser, among a few that come to mind are CodeRed and Nimda.
How did those worms spread so fast? One easy answer: Services that users did not need were running on a default installation of the operating system. You woulda thought microsoft would have learned to turn all services off by default since 2001 for client machines. Nah. They've kept many open.
Apple has been smart about this. It provides two very distinct operating systems: An end-user operating system, the mainstream Mac OS X, and a server operating system, aka Mac OS X Server. Apple knows to be humble about the network services it offers, even if most of 'em are open-source and quite mature, and KEEP THEM TURNED OFF on end-user, client machines. That's what regular Mac OS X is for. You can buy a new end-user Mac, plug it in a network, run nmap against it, and you'll get zero hits. Not one. Not a single network service is running by default.
Virulent and devastating Worms and Viruses don't spread thru server machines, those tend to live in pretty-heavily firewalled networks. No. They spread thru END-USER machines.
SP2 had better do one thing and do it real well to the average end-user client machine: TURN OFF ALL SERVICES.
Beyond that, musing about security is mostly beating a very dead horse. Every single time you turn a network service on, you are opening yourself to infection risks. The OS architecture ought to mitigate those risks. A sysadmin with a clue or two will keep his server secure, regardless of what OS it runs, because that sysadmin knows security is about constant vigilance and works in many many layers.
Again, when talking about security, people should scope the discussion within the distinction of end-user usage and server usage.
Back a couple of months ago I wrote a review of earthlink's free toolbar with their scam blocker product.
it actually is pretty decent, and offers a pretty-good first line of defense, provided people clearly see it as just that: a line of defense. They oughta more clearly communicate that this will not protect them from all phishing scams.
a couple of thoughts on this paper ...
on
Securing Mac OS X
·
· Score: 2, Informative
... can be found in this blog entry.... I'll try and link to higher-modded comments to his post in comments on my blog. I think the more people cross-pollinate ideas about end-user operating system security, the better-off we could all be:)
Quite on the contrary, Mozilla is the entity that has created a new software development platform, in the form of XUL. Sure it was backed by Netscape, but XUL is very much alive. Microsoft fears XUL and their answer is XAML.
I agree with you to some extent, but check this: How have most windoz worms been spreading? thru services that 99.9% of all users had no need for, that were enabled on a default installation of windoz. Since 2001 and the heydays of CodeRed and Nimda Microsoft could have very well started to turn-off those services in XP, by default. Jump forward to 2004, and look at Sasser. Same frickin' thing. You can run nmap or whatever you want at a default installation of the consumer version of Mac OS X and you won't find a single port turned-on. Sure you can enable file sharing, web sharing, samba, ssh, ftp in OS X, they're just turned OFF by default.
As far as network services go, there's always a chance someone will uncover some kind of vulnerability, such as a buffer-overflow attack, and this goes for any operating system you run. But come-on, what kind of genius does it take to recognize that end-user machines ARE NOT MEANT TO BEHAVE LIKE SERVERS.
Linux boxes get cracked a lot (heck I had my up-to-date debian/woody box got totally owned some time back in last november), because the geeks who unleash them on networks like to run all kinds of services, barely know anything about security, and frankly, don't really care, as they're willing to take some risks so they can have some fun.
As soon as you turn your box into some kind of server, then all bets are off, but still, the vast majority of networked computers out there are simply client, end-user machines, whose owners do little more than chat, mail, web surfing, occasional gaming.
But this brings me to another thing that annoys me about the way that windoz is set-up: ActiveX. Consider that right now, to upgrade windows, you point your web browser to windowsupdate.com, and watch your operating system being upgraded from within your web browser. This is WRONG, WRONG, WRONG. On one hand ISPs try to warn users to never "click yes" on "ActiveX security prompts" that come-up each time they're about to "download a free screen saver". On the other hand they're upgrading their system inside their web browser, so why the heck not click "yes" on that ActiveX prompt, which is cryptic in nature anyway. Sure you're giving the user a "choice", but that "choice" is highly uneducated. Why not keep the process of installing software and upgrading an operating system as entirely separate user experiences, instead of confining everything to the browser? OS X has a separate application that handles system updates, you clearly cannot confuse it with "harmless web browsing", because it has nothing to do with web browsing.
Beyond the user being uneducated, there have been many security flaws surrounding privilege escalation thru the ActiveX framework, and various other Internet Explorer security holes allowing arbitrary code to get executed, allowing malicious apps to escalate their privileges all-the-way up to core system components, things *NIX based systems are designed around preventing to at least limit some of the damage. OS X is one such system. Granted OS X had a recent vulnerability in its protocol handling that could have been exploited by a malicious web site to trigger the arbitrary execution of a malicious Application. It was very worrisome, and Apple sorta kept quiet. But they did finally release a patch within a couple of weeks. Even then, it would have been extremely difficult for such malicious application to compromise the system at low-levels, rendering it unusable, much like what Sasser does to windows today.
There's no such thing as security in absolute terms, but there are many layers you can put in place to improve your situation, and windows has consistently turned its back to even the simplest of all layers: be humble about the services you offer, turn them off by default if most users don't need'em.
Now, hopefully SP2 will do just that, at which point both behemoths will be playing on a more level field. Still on the "default services iss
u lie! All that pent-up angst betrays a serious case of DSB: Deadly Sperm Buildup. It messes with your mind, y'know, makes you wanna act all activist'n'stuff.
You came close to seeing the light in one of your other posts, but fell short. It has to do with priorities. You choose to make usage of PNGs an existential issue. Many other people don't. To you, money doesn't matter when building web-based applications and that's perfectly fine, other online destinations do need to maintain eyeballs for revenue, and won't cripple their site or resort to clumsy hacks, when they know they can easily get away with using transparent GIFs while it'll remain highly unlikely any legal actions will ever ensue. PNGs will evolve in their own time, sites you build will have a leg-up on that, and that's a Good Thing.
This specific issue really was not one to get your panties in a bunch over. Most critical cross-compatibility issues have already been addressed, and I'm speaking as a Mac OS X user since 10.1 / September 2001. I've been using Safari (and occasionally FireFox and other Mozilla derivatives) on OS X for everything I do online without a glitch, and that includes online banking. The meaningful standards wars have ALREADY been fought and mostly won for the greater good. A few battles remain around nitty-gritty aspects of DOM and CSS implementations, but if you're going that route, fairly clean workarounds are available in most cases.
The entire specific scope of this discussion, namely promoting usage of PNGs vs GIFs, is absolutely unrelated to "compromising one's intelligence or integrity", because in this specific discussion there is no absolute right or wrong course of action. Your rants formulate a very polarized opinion, and imply that anybody who doesn't align with your priorities is a corrupted dumbfsck, thru the pernicious usage of flawed analogies:
Repeat after me: Fighting for Civil Liberties, Good. Getting Bunched-Up Panties over PNG vs GIF debate, Bad.
All this rambling about OS X's lack of security is moot. Here is the only factor that matters:
A DEFAULT INSTALLATION OF THE CONSUMER-LEVEL VERSION OF MAC OS X (that ships with every mac) HAS ABSOLUTELY ZERO, ZILCH, NADA, NOTHING, NOT ONE NETWORK SERVICE ENABLED BY DEFAULT.
There's no way you can remotely own a default installation of Mac OS X.
Take a deep breath and re-run that sentence to yourself in your head.
Plug a default installation of XP (that ships with every PC) on any open network, you're owned within seconds. It's that simple.
Statistics are pointless when not scoped around what they really mean and their impact. So here's me doing everyone's job:
As a consumer-level operating system, Mac OS X, since day 1, and up until today, has always been, and remains FAR MORE SECURE than windows. Because the consumer-level version of Mac OS X, also known as "Mac OS X Client" does not unnecessarily enable by default any services, because the vast majority of users don't need'em, and the few who do can turn them on easily. Windows could have done that at least since 2001 and heydays of CodeRed and Nimda, yet never bothered to take this very very VERY simple measure. This is your first basic most simple, strongest line of security: if you don't need it, don't even turn it on. Be humble about the software you run, and understand that in may in fact be vulnerable, at the very least, to buffer overflows. APPLE HAS GROKKED THAT FROM DAY ONE, MICROSOFT NEVER DID, though i'm hoping SP2 will turn all that useless crap off. Saying that Apple has been lagging in releasing security updates is simply untrue. They've addressed all real ones very fast.
Now, as a server-level operating system, as far as security goes, it's all in the hands of a systems administrator. All services that run natively to the operating system are, in theory, at the very least, vulnerable to buffer overflows. And this goes regardless of which operating system you use. But frankly, if I was to admin a server, I'd still go with OS X, because I'd know that pretty-much all network services it runs come from the open-source community, if Apple is too slow to release a patch, I'll have known way ahead of time by keeping on-top of advisories and reading workarounds and solutions from the open-source community. If I'm running windoz 2003, I'm at the mercy of microsoft.
errr... what did u try to do on garage band? i'm playing around with it right now on my 1.25Ghz AlBook, recording some silly shit and it's flowing just fine? Can u gimme more insight into what u tried to do?
I may not be a GarageBand expert but i do have extensive experience with all the iApps, especially when it comes to making movies from my 3-CCD video cam, all on this powerbook, and i have yet to run into performance issues. Previewing effects and transitions in-between clips on-the-fly is like, seamless, cut-edit-playback all in realtime, never a snag. Photoshop flies.
What is your extensive experience working on a G5? What is the basis for comparison against the fastest pentium? Have you actually tried to run some comparisons? Like using Photoshop? Video encoding? Sound mixing?
Hey, tell me, when that 64-bit PC comes out, what OS do you expect people to run on it? Longhorn? NOT. Linux 64Bit? Okay, today most linux users admit they'll dual-boot into windoz for certain apps that are not supported on linux... If you're guna go out and spend money on a 64Bit machine in the first place, chances are you'll be shelling out a decent amount dough, all that to find out you can't really run any OS that does everything you want.
Name one thing that linux can do and that OS X can't. Name one thing that windoz can do that OS X can't?
Back a few months ago, I had written a couple of personalthoughts about Michael Moore and his rhetoric.
The executive summary of all my nonsensical ranting is that I've always believed the Iraq situation is far from being the black and white portrait Moore attempts to paint with his rhetoric. While blaming everything on Bush would make things a whole lot easier, and has been serving Moore's book and movie sales very well, I believe this approach oversimplifies a set of very convoluted problems and sets us up for future failures in our foreign policies.
While it is important to acknowledge and reflect on Bush's failures, it is equally as important to look beyond the conspiracy theories, acknowledge the fact that regardless of what party you're looking at, regardless of which country, under-the-table deals and corporate interests always have and always will be a part of the picture, attempt to find what the right course of action is, pursue it and limit casualties on all sides.
The fact that the official democratic candidate, John Kerry, was one of the few to vote for the military intervention, should at least get people to think that maybe, just maybe, there were good reasons for it, even if the ones invoked by this administration (immediate threat, WMD) appear to have been wrong.
as of this writing i have 2 invites left, tho i've been getting new ones on a fairly regular basis. If you're interested in one, just add yourself to the queue by looking for the appropriate GMail related post on meh blog.
The phone company, yes is nationalized, it's France Telecom.
if you are a dial-up user, yes, you do get shafted, because you do pay per minute of communication there, on top of whichever ISP monthly fee. AOL's France division tried to absorb those monthly telco costs once, but failed as it was killing their profits and just wasn't a sustainable business model.
HOWEVER the BROADBAND internet access market is VERY diverse and competitive, and I've found the deals offered in france far better than deals offered in the US, at least, as far as DSL goes. You don't pay anything to the telco for your DSL service, you're not using-up "voice minutes". You just go thru one of the many broadband ISPs out there, they make a deal with your telco to send the DSL signal to your house, they give you a broadband "box", and off you go. While most U.S. ISPs give you 128Kbps for your DSL upstream on a basic $50-ish package, i've found 256K and 512K upstreams on various $40-$50ish French ISP packages to be fairly pervasive. Certain ISPs, such as free.fr, also build-in VoIP/multimedia capabilities in the "broadband boxes" they give their customers, so you get to somewhat stick it back to the telco. U.S. ISPs only give you a broadband modem.
So yeah, broadband internet in France is very nice.
GMail Invites: I've got a bunch
on
Gmail in the News
·
· Score: 2, Informative
hey all, i keep getting new invites on a fairly regular basis, if you just head-on over to my blog, find the "GMail Invites" post and add a comment with some info as to why u want a gmail account and a valid email address (feel free to use creative obfuscation to protect yourselves from spam crawler bots).
I can't guarantee you an invite but your chances should be pretty good. I'll favor in that order (mostly), people who have a blog on blogger.com, people who have at least bothered to register with blogger.com to place comments, people I've marked as/. friends, people who've marked me as their friend, unless i change my mind:)
if you're dealing with a desktop system in the first place, provided you have a clue or two about arranging your space, and choose some nicely stackable drives such as the ones offered by LaCie, you would avoid cluttering the guts of your G5. Hopefully you'd structure most of the disk usage around your external drives so THEY'll do most of the spinning while your internal drive remains cool, and your G5 fans don't run all the frickin' time. Long gone are the days of painful SCSI chains. Firewire is crazy easy via hubs or daisy-chain.
Yup that's the thing. Apple ships their operating system with absolutely all ports turned-off by DEFAULT. You absolutely cannot establish any connection to any port of a default OS X installation from any remote machine. Security works in layers, and this is one thick layer, a very important first line of defense. You would think that since the heydays of CodeRed and Nimda back in 2001 Microsoft would have learned to disable all listening network services on a default installation. No. They never did. Here we are today, you can plug a brand new PC onto an unprotected network and get reamed within seconds.
Microsoft apologists keep claiming that windows is so vulnerable because it is the most prominent operating system. I can tell you that today, if all classic end-user machines were running the consumer-edition (not server) of Mac OS X, none of the network-spread worms that have plagued windows for all those years would be an issue. Because if a machine is not accepting a network connection, you can't infect it over the network.
You need to look for holes in the next layer of security: application-level security and user-triggered exploits. In that area, there are issues surrounding protocol handling and application launching that Apple needs to address. And i'm getting to be impatient:(
heh, interesting point. In contrast, i first installed Mac OS X 10.1 in september 2001 on the first-generation titanium powerbook running at 400Mhz, have smoothly upgraded thru every dot dot release and major releases (jaguar, panther) without any snag (put new OS CD in, reboot machine from CD by holding C, click "upgrade", wait, reboot, done). Somewhere between jaguar and panther, i "cloned" my old powerbook 400mhz hard drive onto a brand new 1.2Ghz AlBook hard drive by booting the new powerbook in "target disk mode" over firewire. Ever since the day i got the 400Mhz machine in september 2001, my system has always been rock-solid stable, faster with each release, and painlessly upgraded. Looking forward to the next few years on this AlBook:)
read my submission, you silly misinformed being: toe-curling editorial analysis. I did state that it was indeed, an editorial, which by definition, reflects a personal opinion. I also mentioned analysis because, in his personal opinion, he attempts to offer his personal analysis of certain aspects of Microsoft's business. The article i linked to is clearly part of Seattle Weekly's "features", which is where editorials live. All news papers do this: they frequently report actual, factual News. They also have writers that post opinions in what is also known as "columns".
there is no confusion to anyone BUT YOU that this article clearly is a personal opinion, an editorial, a column. Because that's what columnists write.
ey, dude, steve won't exactly be "making money big time" on this, as you assert in your post. The whole point for this price structure is to ensure the continued longevity of an essentially free-for-most, not-for-profit service. get it? And yeah maybe that money will give them more resources to deal with fringe cases such as the one you're outlining. The fact is, at some point, an ISP gave that IP block to a spammer. And for some reason spamhaus doesn't seem to feel confident about de-listing that block, maybe there's a good reason for that, i'll give spamhaus the benefit of the doubt any day. Maybe that'll teach ISPs to more carefully scrutinize who they give blocks to, and be more mindful of what sort of traffic goes on there.
i never installed Paranoid Android or any other third party app to address this issue. A few minutes ago, I tested all the exploits in this post and confirmed they worked in 10.3.3.
Then I just ran the software update and installed 10.3.4 and went back to test those same exploits, and they still work: test.app does get launched, shows me a warning with t3h [suck] button, and places owned.txt in my home directory.
in conclusion: 10.3.4 does NOT fix those vulnerabilities.
Slashdot Mirror
*saw mention of low UID*
*pops head in*
*disappears mysteriously*
P.S.: could someone get me out of this retirement home? This crazy "Mister! Mister!" lady keeps running after me. and this really mean dude resembling derek zoolander keeps offering me a "warm glass of shut the hell up" each time i want some milk.
Like most security-related rants, this article fails to first scope what it intends to mean by security.
I personally like to scope security as end-user security for someone using their computer as a client machine, NOT a server. Opening a shiny new box, plugging it on the network, and do very basic things most people do: check email and surf pr0n, sign-up for "free stuff".
Right now, by plugging a brand new installation of XP onto an unprotected network, you get owned by Sasser within seconds. There were many before Sasser, among a few that come to mind are CodeRed and Nimda.
How did those worms spread so fast? One easy answer: Services that users did not need were running on a default installation of the operating system. You woulda thought microsoft would have learned to turn all services off by default since 2001 for client machines. Nah. They've kept many open.
Apple has been smart about this. It provides two very distinct operating systems: An end-user operating system, the mainstream Mac OS X, and a server operating system, aka Mac OS X Server. Apple knows to be humble about the network services it offers, even if most of 'em are open-source and quite mature, and KEEP THEM TURNED OFF on end-user, client machines. That's what regular Mac OS X is for. You can buy a new end-user Mac, plug it in a network, run nmap against it, and you'll get zero hits. Not one. Not a single network service is running by default.
Virulent and devastating Worms and Viruses don't spread thru server machines, those tend to live in pretty-heavily firewalled networks. No. They spread thru END-USER machines.
SP2 had better do one thing and do it real well to the average end-user client machine: TURN OFF ALL SERVICES.
Beyond that, musing about security is mostly beating a very dead horse. Every single time you turn a network service on, you are opening yourself to infection risks. The OS architecture ought to mitigate those risks. A sysadmin with a clue or two will keep his server secure, regardless of what OS it runs, because that sysadmin knows security is about constant vigilance and works in many many layers.
Again, when talking about security, people should scope the discussion within the distinction of end-user usage and server usage.
Back a couple of months ago I wrote a review of earthlink's free toolbar with their scam blocker product.
it actually is pretty decent, and offers a pretty-good first line of defense, provided people clearly see it as just that: a line of defense. They oughta more clearly communicate that this will not protect them from all phishing scams.
... can be found in this blog entry. ... I'll try and link to higher-modded comments to his post in comments on my blog. I think the more people cross-pollinate ideas about end-user operating system security, the better-off we could all be :)
Quite on the contrary, Mozilla is the entity that has created a new software development platform, in the form of XUL. Sure it was backed by Netscape, but XUL is very much alive. Microsoft fears XUL and their answer is XAML.
I agree with you to some extent, but check this: How have most windoz worms been spreading? thru services that 99.9% of all users had no need for, that were enabled on a default installation of windoz. Since 2001 and the heydays of CodeRed and Nimda Microsoft could have very well started to turn-off those services in XP, by default. Jump forward to 2004, and look at Sasser. Same frickin' thing. You can run nmap or whatever you want at a default installation of the consumer version of Mac OS X and you won't find a single port turned-on. Sure you can enable file sharing, web sharing, samba, ssh, ftp in OS X, they're just turned OFF by default.
As far as network services go, there's always a chance someone will uncover some kind of vulnerability, such as a buffer-overflow attack, and this goes for any operating system you run. But come-on, what kind of genius does it take to recognize that end-user machines ARE NOT MEANT TO BEHAVE LIKE SERVERS.
Linux boxes get cracked a lot (heck I had my up-to-date debian/woody box got totally owned some time back in last november), because the geeks who unleash them on networks like to run all kinds of services, barely know anything about security, and frankly, don't really care, as they're willing to take some risks so they can have some fun.
As soon as you turn your box into some kind of server, then all bets are off, but still, the vast majority of networked computers out there are simply client, end-user machines, whose owners do little more than chat, mail, web surfing, occasional gaming.
But this brings me to another thing that annoys me about the way that windoz is set-up: ActiveX. Consider that right now, to upgrade windows, you point your web browser to windowsupdate.com, and watch your operating system being upgraded from within your web browser. This is WRONG, WRONG, WRONG. On one hand ISPs try to warn users to never "click yes" on "ActiveX security prompts" that come-up each time they're about to "download a free screen saver". On the other hand they're upgrading their system inside their web browser, so why the heck not click "yes" on that ActiveX prompt, which is cryptic in nature anyway. Sure you're giving the user a "choice", but that "choice" is highly uneducated. Why not keep the process of installing software and upgrading an operating system as entirely separate user experiences, instead of confining everything to the browser? OS X has a separate application that handles system updates, you clearly cannot confuse it with "harmless web browsing", because it has nothing to do with web browsing.
Beyond the user being uneducated, there have been many security flaws surrounding privilege escalation thru the ActiveX framework, and various other Internet Explorer security holes allowing arbitrary code to get executed, allowing malicious apps to escalate their privileges all-the-way up to core system components, things *NIX based systems are designed around preventing to at least limit some of the damage. OS X is one such system. Granted OS X had a recent vulnerability in its protocol handling that could have been exploited by a malicious web site to trigger the arbitrary execution of a malicious Application. It was very worrisome, and Apple sorta kept quiet. But they did finally release a patch within a couple of weeks. Even then, it would have been extremely difficult for such malicious application to compromise the system at low-levels, rendering it unusable, much like what Sasser does to windows today.
There's no such thing as security in absolute terms, but there are many layers you can put in place to improve your situation, and windows has consistently turned its back to even the simplest of all layers: be humble about the services you offer, turn them off by default if most users don't need'em.
Now, hopefully SP2 will do just that, at which point both behemoths will be playing on a more level field. Still on the "default services iss
u lie! All that pent-up angst betrays a serious case of DSB: Deadly Sperm Buildup. It messes with your mind, y'know, makes you wanna act all activist'n'stuff.
You came close to seeing the light in one of your other posts, but fell short. It has to do with priorities. You choose to make usage of PNGs an existential issue. Many other people don't. To you, money doesn't matter when building web-based applications and that's perfectly fine, other online destinations do need to maintain eyeballs for revenue, and won't cripple their site or resort to clumsy hacks, when they know they can easily get away with using transparent GIFs while it'll remain highly unlikely any legal actions will ever ensue. PNGs will evolve in their own time, sites you build will have a leg-up on that, and that's a Good Thing.
This specific issue really was not one to get your panties in a bunch over. Most critical cross-compatibility issues have already been addressed, and I'm speaking as a Mac OS X user since 10.1 / September 2001. I've been using Safari (and occasionally FireFox and other Mozilla derivatives) on OS X for everything I do online without a glitch, and that includes online banking. The meaningful standards wars have ALREADY been fought and mostly won for the greater good. A few battles remain around nitty-gritty aspects of DOM and CSS implementations, but if you're going that route, fairly clean workarounds are available in most cases.
The entire specific scope of this discussion, namely promoting usage of PNGs vs GIFs, is absolutely unrelated to "compromising one's intelligence or integrity", because in this specific discussion there is no absolute right or wrong course of action. Your rants formulate a very polarized opinion, and imply that anybody who doesn't align with your priorities is a corrupted dumbfsck, thru the pernicious usage of flawed analogies:
Repeat after me: Fighting for Civil Liberties, Good. Getting Bunched-Up Panties over PNG vs GIF debate, Bad.
*looks at Karma dwindle*. *does a jig*.
eh ... dude ... when was the last time u got laid?
All this rambling about OS X's lack of security is moot. Here is the only factor that matters:
A DEFAULT INSTALLATION OF THE CONSUMER-LEVEL VERSION OF MAC OS X (that ships with every mac) HAS ABSOLUTELY ZERO, ZILCH, NADA, NOTHING, NOT ONE NETWORK SERVICE ENABLED BY DEFAULT.
There's no way you can remotely own a default installation of Mac OS X.
Take a deep breath and re-run that sentence to yourself in your head.
Plug a default installation of XP (that ships with every PC) on any open network, you're owned within seconds. It's that simple.
Statistics are pointless when not scoped around what they really mean and their impact. So here's me doing everyone's job:
As a consumer-level operating system, Mac OS X, since day 1, and up until today, has always been, and remains FAR MORE SECURE than windows. Because the consumer-level version of Mac OS X, also known as "Mac OS X Client" does not unnecessarily enable by default any services, because the vast majority of users don't need'em, and the few who do can turn them on easily. Windows could have done that at least since 2001 and heydays of CodeRed and Nimda, yet never bothered to take this very very VERY simple measure. This is your first basic most simple, strongest line of security: if you don't need it, don't even turn it on. Be humble about the software you run, and understand that in may in fact be vulnerable, at the very least, to buffer overflows. APPLE HAS GROKKED THAT FROM DAY ONE, MICROSOFT NEVER DID, though i'm hoping SP2 will turn all that useless crap off. Saying that Apple has been lagging in releasing security updates is simply untrue. They've addressed all real ones very fast.
Now, as a server-level operating system, as far as security goes, it's all in the hands of a systems administrator. All services that run natively to the operating system are, in theory, at the very least, vulnerable to buffer overflows. And this goes regardless of which operating system you use. But frankly, if I was to admin a server, I'd still go with OS X, because I'd know that pretty-much all network services it runs come from the open-source community, if Apple is too slow to release a patch, I'll have known way ahead of time by keeping on-top of advisories and reading workarounds and solutions from the open-source community. If I'm running windoz 2003, I'm at the mercy of microsoft.
errr ... what did u try to do on garage band? i'm playing around with it right now on my 1.25Ghz AlBook, recording some silly shit and it's flowing just fine? Can u gimme more insight into what u tried to do?
I may not be a GarageBand expert but i do have extensive experience with all the iApps, especially when it comes to making movies from my 3-CCD video cam, all on this powerbook, and i have yet to run into performance issues. Previewing effects and transitions in-between clips on-the-fly is like, seamless, cut-edit-playback all in realtime, never a snag. Photoshop flies.
What is your extensive experience working on a G5? What is the basis for comparison against the fastest pentium? Have you actually tried to run some comparisons? Like using Photoshop? Video encoding? Sound mixing?
Hey, tell me, when that 64-bit PC comes out, what OS do you expect people to run on it? Longhorn? NOT. Linux 64Bit? Okay, today most linux users admit they'll dual-boot into windoz for certain apps that are not supported on linux ... If you're guna go out and spend money on a 64Bit machine in the first place, chances are you'll be shelling out a decent amount dough, all that to find out you can't really run any OS that does everything you want.
Name one thing that linux can do and that OS X can't. Name one thing that windoz can do that OS X can't?
taking your idea one notch further, for pr0n surfing, i've heard from someone else that it's all about fast-user switching.
Jeff Jarvis, a well-respected and popular blogger, has put together the best review of Fahrenheit 9/11 I have seen so far.
Back a few months ago, I had written a couple of personal thoughts about Michael Moore and his rhetoric.
The executive summary of all my nonsensical ranting is that I've always believed the Iraq situation is far from being the black and white portrait Moore attempts to paint with his rhetoric. While blaming everything on Bush would make things a whole lot easier, and has been serving Moore's book and movie sales very well, I believe this approach oversimplifies a set of very convoluted problems and sets us up for future failures in our foreign policies.
While it is important to acknowledge and reflect on Bush's failures, it is equally as important to look beyond the conspiracy theories, acknowledge the fact that regardless of what party you're looking at, regardless of which country, under-the-table deals and corporate interests always have and always will be a part of the picture, attempt to find what the right course of action is, pursue it and limit casualties on all sides.
The fact that the official democratic candidate, John Kerry, was one of the few to vote for the military intervention, should at least get people to think that maybe, just maybe, there were good reasons for it, even if the ones invoked by this administration (immediate threat, WMD) appear to have been wrong.
as of this writing i have 2 invites left, tho i've been getting new ones on a fairly regular basis. If you're interested in one, just add yourself to the queue by looking for the appropriate GMail related post on meh blog.
You are incorrect, at least for France.
The phone company, yes is nationalized, it's France Telecom.
if you are a dial-up user, yes, you do get shafted, because you do pay per minute of communication there, on top of whichever ISP monthly fee. AOL's France division tried to absorb those monthly telco costs once, but failed as it was killing their profits and just wasn't a sustainable business model.
HOWEVER the BROADBAND internet access market is VERY diverse and competitive, and I've found the deals offered in france far better than deals offered in the US, at least, as far as DSL goes. You don't pay anything to the telco for your DSL service, you're not using-up "voice minutes". You just go thru one of the many broadband ISPs out there, they make a deal with your telco to send the DSL signal to your house, they give you a broadband "box", and off you go. While most U.S. ISPs give you 128Kbps for your DSL upstream on a basic $50-ish package, i've found 256K and 512K upstreams on various $40-$50ish French ISP packages to be fairly pervasive. Certain ISPs, such as free.fr, also build-in VoIP/multimedia capabilities in the "broadband boxes" they give their customers, so you get to somewhat stick it back to the telco. U.S. ISPs only give you a broadband modem.
So yeah, broadband internet in France is very nice.
Peek at my post history for more info, but I've still got a few to hand out and I'm getting more every day.
i still ain't ebaying'em.
hey all, i keep getting new invites on a fairly regular basis, if you just head-on over to my blog, find the "GMail Invites" post and add a comment with some info as to why u want a gmail account and a valid email address (feel free to use creative obfuscation to protect yourselves from spam crawler bots).
I can't guarantee you an invite but your chances should be pretty good. I'll favor in that order (mostly), people who have a blog on blogger.com, people who have at least bothered to register with blogger.com to place comments, people I've marked as /. friends, people who've marked me as their friend, unless i change my mind :)
if you're dealing with a desktop system in the first place, provided you have a clue or two about arranging your space, and choose some nicely stackable drives such as the ones offered by LaCie, you would avoid cluttering the guts of your G5. Hopefully you'd structure most of the disk usage around your external drives so THEY'll do most of the spinning while your internal drive remains cool, and your G5 fans don't run all the frickin' time. Long gone are the days of painful SCSI chains. Firewire is crazy easy via hubs or daisy-chain.
or something?
hahaha, read your journal, this owns :D say do we need to pay taxes on lawsuit settlements?
Shark-Bait HOO-HAH-HAH
Yup that's the thing. Apple ships their operating system with absolutely all ports turned-off by DEFAULT. You absolutely cannot establish any connection to any port of a default OS X installation from any remote machine. Security works in layers, and this is one thick layer, a very important first line of defense. You would think that since the heydays of CodeRed and Nimda back in 2001 Microsoft would have learned to disable all listening network services on a default installation. No. They never did. Here we are today, you can plug a brand new PC onto an unprotected network and get reamed within seconds.
Microsoft apologists keep claiming that windows is so vulnerable because it is the most prominent operating system. I can tell you that today, if all classic end-user machines were running the consumer-edition (not server) of Mac OS X, none of the network-spread worms that have plagued windows for all those years would be an issue. Because if a machine is not accepting a network connection, you can't infect it over the network.
You need to look for holes in the next layer of security: application-level security and user-triggered exploits. In that area, there are issues surrounding protocol handling and application launching that Apple needs to address. And i'm getting to be impatient :(
sadly enough, it didn't. u offering?
heh, interesting point. In contrast, i first installed Mac OS X 10.1 in september 2001 on the first-generation titanium powerbook running at 400Mhz, have smoothly upgraded thru every dot dot release and major releases (jaguar, panther) without any snag (put new OS CD in, reboot machine from CD by holding C, click "upgrade", wait, reboot, done). Somewhere between jaguar and panther, i "cloned" my old powerbook 400mhz hard drive onto a brand new 1.2Ghz AlBook hard drive by booting the new powerbook in "target disk mode" over firewire. Ever since the day i got the 400Mhz machine in september 2001, my system has always been rock-solid stable, faster with each release, and painlessly upgraded. Looking forward to the next few years on this AlBook :)
read my submission, you silly misinformed being: toe-curling editorial analysis. I did state that it was indeed, an editorial, which by definition, reflects a personal opinion. I also mentioned analysis because, in his personal opinion, he attempts to offer his personal analysis of certain aspects of Microsoft's business. The article i linked to is clearly part of Seattle Weekly's "features", which is where editorials live. All news papers do this: they frequently report actual, factual News. They also have writers that post opinions in what is also known as "columns".
there is no confusion to anyone BUT YOU that this article clearly is a personal opinion, an editorial, a column. Because that's what columnists write.
ey, dude, steve won't exactly be "making money big time" on this, as you assert in your post. The whole point for this price structure is to ensure the continued longevity of an essentially free-for-most, not-for-profit service. get it? And yeah maybe that money will give them more resources to deal with fringe cases such as the one you're outlining. The fact is, at some point, an ISP gave that IP block to a spammer. And for some reason spamhaus doesn't seem to feel confident about de-listing that block, maybe there's a good reason for that, i'll give spamhaus the benefit of the doubt any day. Maybe that'll teach ISPs to more carefully scrutinize who they give blocks to, and be more mindful of what sort of traffic goes on there.
i never installed Paranoid Android or any other third party app to address this issue. A few minutes ago, I tested all the exploits in this post and confirmed they worked in 10.3.3.
Then I just ran the software update and installed 10.3.4 and went back to test those same exploits, and they still work: test.app does get launched, shows me a warning with t3h [suck] button, and places owned.txt in my home directory.
in conclusion: 10.3.4 does NOT fix those vulnerabilities.
Has anybody heard from Apple on this?