Claiming that merely having a superuser means UNIX is less secure is simply ridiculous.
I agree, which is why I didn't do it. Of course, it's nowhere near as stupid as the typical reasons given for calling Windows NT less secure.
A superuser, however, is a definable, measureable way in which NT has a more secure design than UNIX.
Privilege escalation has always been easier in Windows than UNIX.
Evidence ? UNIX's history has been rife with privilege escalation holes and its design (you need to be root to do most interesting things, hence hacks like SUID binaries and sudo) make them inherently more likely.
Windows has a System account which can be easily accessed. I have a utility called PowerPrompt which gives me System access and allows me to kill any process and delete any file.
The typical UNIX machine has a command like that, too. It's called 'sudo'. Further, given how difficult it is to configure sudo to be both secure *and* useful, the capability you describe is frequently available even when it is not intended.
Physical violence is often the best solution to a problem, within a very specific framework of ends being met.
Sure. If your goal is "exercise my inner Neadertal", or your environment is a schoolyard, then violence is, indeed, "often the best solution to a problem".
Physical violence is an appropriate response when you are being physically assaulted. It is a struggle to think of any other "framework" where it is either required, or justifiable. While there are certainly career paths where a physically threatening environment is expected, if not common, they are few and far between.
It is unsurprising, that your response, like the other, requires the example of a schoolyard to retain even a whiff of validity. Maybe you should revisit this topic when you've grown up enough to understand that a board meeting is not a playground and that physical assault is in no way a reasonable response to someone hurting your feelings.
It frequently "fixes" bullying. Why ? Because it is attention that bullies crave. Deny them that and they will move on.
and b) having everyone agree with you that getting beat up every day after school is wrong won't keep you from getting beat up after school.
Unless, of course, someone else decides to take the bully to task for being such a dickhead.
Violence is rarely a "good" solution to a problem, but that's not to say it can't solve problems, or that it never is a good solution to a problem.
Not something I've disagreed with. However, violence is most certainly not a solution to the argument of someone telling you your idea sucks, as previous posts advocated.
I guess I'm one of those silly folk who believe self-defense can be justified.
Punching someone in the face because they hurt your feelings is in no way, shape or form, "self defense", even for children. For adults, it's both stupid (since it's likely to get you sued (and justifiably so)) and immature (because, when you're an adult, reason is a far more viable alternative to take than violence).
I find it telling that the only two replies to my post have to resort to using schoolyard dynamics to justify opposing it.
Unfortunately, due to the monopoly position of Windows, even the Mac OS has been forced to go down this path of providing toolbars and contextual menus. One mitigating trend I've observed in some (not all) Macintosh software is the use of contextual menus to duplicate operations presented in the menu bar.
This is almost always true in Windows as well (I'd say always, but I'm sure you've got one or two counter-examples ready to whip out).
UI design needs to return to a single canonical location to find operations (the Menu Bar). If UI designers want to use Toolbars and contextual menus, use them only as shortcuts for operations that are already presented in the Menu Bar.
That's what they _are_ used for.
Or, at least, that's what the UI guidelines for all the major platforms say they should be used for. What developers actually implement is their own business. You can lead the horse to water, etc, etc.
There are a hell of a lot of people - particularly on Slashdot - who don't think it's any more "nuanced" than "Microsoft sucks", however.
What I'm getting at is that the correlation between the number of times a system is attacked and the number of times it is compromised is a factor of design, not popularity.
It's also a factor of popularity. Indeed, it's _usually_ a matter of popularity since most "exploits" are of the automated (or semi-automated) mass-infection type, where popularity is critical to nearly every aspect of an "attack".
It is not mere popularity that makes Windows the subject of more attacks, but rather that the attacker has a much higher expectation of success than with any other platform.
But this is also a function of "popularity", because the more popular platform will have far, far more users on it who are less technically capable, and thus more "exploitable".
Why would anyone attack Macs or Linux boxes when they can more easily obtain the low-hanging-fruit from a Windows box? Yes, popularity is a part of it, but the likelihood of success on the part of the attacker plays a more important role.
The likelihood of success is inextricably linked to "popularity". The more popular a platform, the more people who will be using it. The more people using it, the more security risks that platform has (since the user is usually the biggest security hole in any system).
The fact is, "popularity" is an inherent, fundamental and significant aspect of "security", in the contexts that the term is typically used (and in the other contexts - that of security features for restricting access, limiting damage, etc, or in terms od bugs and design issues, Windows is not significantly worse (or better) than its contemporaries).
For example, firewalls are pretty ubiquitous now. Linux and the other unixes have very sophisticated firewalling built in to the stock kernel. Microsoft has the Windows XP firewall.
Do not mistake interface with capabilities. Similarly, do not mistake the requirements of one platform for the requirements of another - Windows probably doesn't *need* "sophisticated firewalling" (whatever you mean by that). It's a desktop OS, not a firewall/router.
Ipfwadm, Linux's first basic packet filter, was added to the mainline kernel in 1996. Microsoft didn't add their first simple packet filter until 5 years later in Windows XP... and it was less capable that the ipfwadm Linux had long since left behind in favor of netfilter (iptables).
Packet filtering in Windows has been built-in since *at least* Windows 2000, and probably longer (although I don't have any NT4 machines to check).
Further, it wasn't really a requirement in Windows until fairly recently (2000-ish), at which point the functionality was added. It was in Linux because (for reasons I have never been able to fathom) lots of people like to use Linux machines as firewalls and routers (why they don't use the orders-of-magnitude nicer FreeBSD+ipfw or ipfilter, or OpenBSD+ipfilter or pf, is beyond me).
Ipfwadm allowed you to, say, block inbound connection requests to TCP port 1434 from networks other than 127.0.0.0/8. Even after the service packs, the Windows XP firewall still does not offer that level of specificity.
I don't get down and dirty with Windows a whole lot these days, but even a few minutes worth of clicking around the Windows Firewall interface indicates this should be pretty easy. The Windows Firewall blocks every by default and you add exceptions to allow traffic. There's certainly the ability to add an exception for an arbitrary TCP port and an arbitrary network to allow traffic from (whether this is actually necessary in your specific example I don't know off the top of my head - Windows may treat the loopback adapter specially in the case of packet filtering, like Solaris does(/did)).
That Windows is less secure because it has more market share. Let's debunk this once and for all.
First you need to decide what you mean by "security":
* If you mean "security" in that feature X exists to prevent attack Y, then your "debunking" has the possibility of being valid (however, Windows is not lacking in security features, so your debunking would be wrong).
* If you mean "security" in that some platform has less exploits than Windows, then your debunking ins completely invalid, because marketshare is an inescapably significant aspect of how frequently a platform is exploited and the impact of those exploits.
But we know better: the reason why Windows has more security vulnerabilities [...]
Evidence that Windows has more vulnerabilities ?
[...] they are easily compromised, and the type of user who is lax with security typically stores important information - such as SSN's and credit card numbers - in unencrypted form on their hard drive.
Please clarify how this is relevant to the security capabilties of an OS.
But the fundamental difference between them is that at any one given time, there exist hundreds or thousands of exploits for every exploit available for a non-Windows system. Thus, a hacker is pretty much gauranteed that he can compromise a Windows machine, because even fully patched Windows machines have hundreds or thousands of yet-to-be-discovered vulnerabilities. Contrast this with a Linux box, where even unpatched machines typically possess no more than a handful of weaknesses.
Evidence ?
Because Windows is so poorly designed, it is a virtual certainty that it can be compromised.
Please expand more on how Windows is "so poorly designed".
And that is why it is attacked. It is not because of its popularity.
if you do not believe popularity is not a key influence on how frequently a platform is attacked, you are an idiot. That's not an ad hominem, it's a fact.
A simple application like the IE web browser is tightly integrated into the operating system in order to get around anti-trust laws. How dumb is that?
So dumb that every major platform (GNOME, KDE, OS X) has done it as well !
Perhaps Windows is attacked so much because it is the most popular operating system. However, those attacks succeed so frequently because the security architecture of Windows is so poor.
IBM most certainly did NOT open up the market for clones, it was ripped out from under them by Compaq. They even tried (unsuccessfully) to kill it with the PS/2.
That the IBM PC "Clone" even exists at all is a function of a) dumb luck (IBM using mostly off-the-shelf parts to build it) and b) Compaq very careful clean-room reverse-engineering the PC BIOS.
It has taken court rulings to get it so when you buy a new PC Microsoft where doesn't get a cut -- you know, that famous "Microsoft Tax".
It has always been possible to buy a PC without Windows (or DOS). Always.
By then, the damage had already been done. Everyone needed Word (when Wordperfect at the time was a vastly superior product because that was what everyone else had.
Your history here is way off as well. It took nearly a decade for Word to beatWordperfect and did so by being better.
The port of Wordpefect to Windows was crap because Microsoft programmed their own apps using APIs they wouldn't tell everyone else about -- so everyone else had slow, flaky software that didn't quite work as well as Word.
No, it was crap because it was a bad port of a DOS program (the first version didn't even use Windows's built-in printer support - if your printer wasn't supported by WP itself, *you couldn't print* !). It had nothing to do with the mythical "undocumented APIs".
In the 90's, Windows was grossly incapable of doing anything involving a network without 3rd party stuff.
Windows was quite capable of networking with Windows and Netware. Which was about all you would expect it to do in the *early* 90s.
My point is, Microsoft has gotten where they are today not by ever having a better offering. But by managing to become the de-facto standard via exclusive licensing, strong-arming distributors, and using that great big whacking war chest they've built up from rolling out minor point releases and charging a fortune for them.
Bollocks. Microsoft have frequently "gotten where they are" by having the better product. Office (primarily Word and Excel) and IE are textbook examples of better products beating the alternatives.
When I first switched to Linux, a 0.99a Slackware was capable of doing a helluva lot more than Windows clean through until NT came out, and in less resources.
Slackware 0.99 was released about the same time as Windows NT 3.1. It was, relatively speaking, a pig - but it was also doing a lot more than Linux, so that is at least somewhat understandable.
In recent years - say, the last ten or 15 - UNIX has definitely been more secure than any version of Windows.
Up until fairly recently, UNIX had a superuser. Indeed, in the vast majority of UNIX installations, root still has all the power it always did.
That's a qualitative way UNIX is less secure than Windows NT.
A comparative analysis of the methods UNIX uses to defend itself - such as SELinux and App Armor - vs the nonsense Microsoft has added to Vista, for example, the stupid UAC, pretty much demonstrates where significant security lies.
In 2007 the expected level of information security is rather different. In 2007, Unix and Linux have adapted to the new requirements and excelled at meeting them while Windows works only moderately better than it did in 1995.
Or could anyone tell me why a user of the product would want DRM, [...]
So they can view/listen to media that is DRM-encumbered.
[...] or would want to have the parts of the system so intermingled that you can't replace or remove the parts you do not want or you want from a third party?
I'm not quite sure what you mean, but the advantages of top-to-bottom control over, and integration of, the software stack should be blatantly obvious. Look at ZFS, if you want a concrete example of the benefits.
Microsoft, like Apple, Sun, and dozens of others, aren't selling you a bunch of spare parts, a tool belt and some badly written written instructions on a coffe-stained napkin. If that's what you want, Microsoft don't have a lot of interest in you as a customer.
Yes and no. There's at least three kinds of email infections; there's the trojan, the virus, and the buffer overflow.
Via email you're basically looking mostly at trojans, with the occasional "virus" or "worm" thrown in (from buffer overflows, or other bugs).
We all know what trojans and viruses are, but consider that there have been numerous flaws that would allow execution of arbitrary code as the Admin or even in the NT kernel if you simply displayed an image.
For example ?
Displaying an image should not be a risky behavior! Being infected by viewing an image displayed by an OS API is solely the fault of the programmer[s] involved. It's not the user's fault.
Running at an unnecessarily elevated privilege level is, however, to some degree the user's fault. Most (if not all) of the "exploits" coming via email will only execute their code at the privilege level of the user.
Even in the case of trojans and viruses, there are things an application can do to reduce the risk to the user. For example, if Windows used a system of capabilities then an application asking for capabilities it doesn't need would raise a red flag.
If the end user can override them, it won't work.
If an application tries to modify (or create) an application, that is a time to display the "Cancel/Allow" dialog (unlike so many of the times it is displayed now.)
Which of the "Cancel/Allow" messages do you think are unreasonable ?
I don't know of any tools to help you manipulate them later though, without chowning them back. And on NT you can only take ownership, not give it. (Although you can explicitly set perms.)
Third party tools have allowed setting of ownership to arbitrary users for some time and Windows 2003 has it in the permissions dialog. Arguably being allowed to do this is a security risk, however, as it makes it easy to modify files without leaving any evidence of doing so.
In a world without copyright, opening ANY codebase is easy: just ask an employee (or a contractor, or a janitor, or...) to give you the code they have access to, or if you like pay them to give you the code. In a hypothetical world without copyright, code belongs to everybody, so this scenario would be entirely legal.
Unless said employees have contractual agreements not to do so. Or employees have no way of transporting the source code out of the premises.
So yes, it would be easy to close a codebase, but also easy to reopen it.
First you have to get your hands on the source code. In a world without copyright, access to source code would be tightly controlled. So bribing/threatening/cajoling someone into doing so *might* be easy, but just as likely might be extremely difficult.
To say the GPL doesn't need to exist if copyright does not is both a) making a *lot* of questionable assumptions (primarily with regards to access to source code and willingness of people to make it available) and b) ignoring the main reason the GPL exists (to generate more GPLed code).
Huh? Without copyright laws, there's no _need_ for the GPL or the BSD license.
Of course there is. Without copyright there is no way to enforce the "derivative code must be GPLed" aspect of the GPL - it's raison d'etre.
(There would be no "need" for the BSDL license, I'll agree, except perhaps to avoid potential contractual disputes.)
Without copyright, the world works like pretty much like the GPL intends, and the BSDL is redundant since it grants nothing that isn't already allowed, whereas there's no "intellectual property" that can conceivably be subverted downstream.
Uh, no. You have that arse-about-face. Without copyright, the world operates like the *BSDL* intends and the GPL becomes irrelevant because its restrictions cannot be enforced.
It's the fact that the GPL gives the same result whether copyright laws exist or not that makes it such a solid foundation for software freedom (modulo minor bugs).
Except it doesn't. Closing a "GPLed" codebase while copyright exists is very difficult (if not impossible - Tivo kind of managed it). Closing a "GPLed" codebase without copyright is trivial.
The post to which you replied chose the word "use" very carefully. You are indeed welcome to make derivative works of a GPLd work.
Indeed you are. But your "derivative" works must then be GPLed.
Ie: the GPL restricts what you can "use" the code for, unless you don't consider "creating 'derivative' code" to be "using". The restriction is that the "derivate" work must be GPLed.
(Many would probably argue that a company that uses (ie: "distributes") GPL-derived software internally in binary form, should also provide the source code to any employee that requests it, at which point that software can subsequently be redistributed by said employee at their discretion - and that possibility *is* a valid concern for businesses.)
I don't. I'm using 3 open-source products right now. The Linux kernel, open-ssh, and Firefox. So let me ask you - am I making a derivative work of them right now?
Do you typically have big difficulties with the concept of a 1:many relationship ?
("Use" may have more one definition, is the point I'm making.)
Actually, speaking of the USA, how does "conservative french" relate to "conservative american". Is 'their right' our left? It appears conservatives there are pro-american, whereas conservatives here are anti-french (freedom fries?)
First you have to account for:
* The US political spectrum is skewed significantly to the Right.
* The French political spectrum is skewed significantly to the Left.
So while 'conservative' in France means relatively the same thing as it does in the US, by policies and attitudes a French 'conservative' probably sits somewhere noticably to the left of the Democrats (in general there will be specific counter-examples).
Compared to most of the western world, he's probably centrist.
I have worked for a boss like that. He would look at you with the cold dead snake eyes, and ask you a question. He has already decided in his mind what response he wanted, and if you did not give it, you were demoted or fired.
That is not at all "like" what appears to be Bill Gates's management style.
There's a vast gulf of difference between being aggressive to get people to aggressively defend their ideas and being aggressive because you want to be surrounded by yes-men.
I've not seen any evidence Bill Gates falls into the latter category, and numerous examples of how he falls into the first.
When you're going to give someone millions (probably tens of millions) of dollars to manage a project, they damn well better be able to defend it in the face of that sort of attitude. Because if they can't, either the product sucks or the product manager sucks, both of which will destroy the product as a viable business proposition.
Which is to say, after having worked with and seen plenty more international teams, that other cultures find dedication to excellence a shocking American practice and expectation. I have no idea why this is so, when every example of its absence results in mediocrity.
No, what other cultures find strange about Americans is the dedication to work at the expense of quality of life and what they find shocking is the ruthless and selfish attitudes in American working environments.
Like I was telling my daughter yesterday, the appropriate thing to do when you meet such a person is to drill them in the nose with your knuckles as hard as you can, unless they outweigh you by a significant margin, in which case you should hit them with a chair until they crumple to the ground.
Or you could take the civilized course of action and simply make such a compelling presentation of, and argument for, your product that your opponent is shown to be wrong.
The appropriate thing to do when confronted with a bully is to either a) ignore them, or b) make everyone else see how wrong they are. Physical violence is usually the worst way to achieve the latter, both in execution and outcome.
I think you can't see the forest for the trees. Of course the GPL is a technical document which exists within the conceptual framework of the copyright laws. But it's not there to enforce copyright, it's actually there to create a downstream channel where copyright is effectively nullified in practice. As long as you stay within the GPL channel, none of the copyright restrictions which always exist otherwise apply to the channel (if you try to leave the channel you run into difficulties however).
You're missing the point. Without copyright, the most important aspect of the GPL (it's "viral" nature) disappears because it cannot be enforced. The GPL *requires* copyright law to do its work.
Without copyright, the GPL becomes the BSDL (or equivalent).
Claiming that merely having a superuser means UNIX is less secure is simply ridiculous.
I agree, which is why I didn't do it. Of course, it's nowhere near as stupid as the typical reasons given for calling Windows NT less secure.
A superuser, however, is a definable, measureable way in which NT has a more secure design than UNIX.
Privilege escalation has always been easier in Windows than UNIX.
Evidence ? UNIX's history has been rife with privilege escalation holes and its design (you need to be root to do most interesting things, hence hacks like SUID binaries and sudo) make them inherently more likely.
Windows has a System account which can be easily accessed. I have a utility called PowerPrompt which gives me System access and allows me to kill any process and delete any file.
The typical UNIX machine has a command like that, too. It's called 'sudo'. Further, given how difficult it is to configure sudo to be both secure *and* useful, the capability you describe is frequently available even when it is not intended.
Physical violence is often the best solution to a problem, within a very specific framework of ends being met.
Sure. If your goal is "exercise my inner Neadertal", or your environment is a schoolyard, then violence is, indeed, "often the best solution to a problem".
Physical violence is an appropriate response when you are being physically assaulted. It is a struggle to think of any other "framework" where it is either required, or justifiable. While there are certainly career paths where a physically threatening environment is expected, if not common, they are few and far between.
It is unsurprising, that your response, like the other, requires the example of a schoolyard to retain even a whiff of validity. Maybe you should revisit this topic when you've grown up enough to understand that a board meeting is not a playground and that physical assault is in no way a reasonable response to someone hurting your feelings.
Too bad a) ignoring things rarely fixes them;
It frequently "fixes" bullying. Why ? Because it is attention that bullies crave. Deny them that and they will move on.
and b) having everyone agree with you that getting beat up every day after school is wrong won't keep you from getting beat up after school.
Unless, of course, someone else decides to take the bully to task for being such a dickhead.
Violence is rarely a "good" solution to a problem, but that's not to say it can't solve problems, or that it never is a good solution to a problem.
Not something I've disagreed with. However, violence is most certainly not a solution to the argument of someone telling you your idea sucks, as previous posts advocated.
I guess I'm one of those silly folk who believe self-defense can be justified.
Punching someone in the face because they hurt your feelings is in no way, shape or form, "self defense", even for children. For adults, it's both stupid (since it's likely to get you sued (and justifiably so)) and immature (because, when you're an adult, reason is a far more viable alternative to take than violence).
I find it telling that the only two replies to my post have to resort to using schoolyard dynamics to justify opposing it.
Unfortunately, due to the monopoly position of Windows, even the Mac OS has been forced to go down this path of providing toolbars and contextual menus. One mitigating trend I've observed in some (not all) Macintosh software is the use of contextual menus to duplicate operations presented in the menu bar.
This is almost always true in Windows as well (I'd say always, but I'm sure you've got one or two counter-examples ready to whip out).
UI design needs to return to a single canonical location to find operations (the Menu Bar). If UI designers want to use Toolbars and contextual menus, use them only as shortcuts for operations that are already presented in the Menu Bar.
That's what they _are_ used for.
Or, at least, that's what the UI guidelines for all the major platforms say they should be used for. What developers actually implement is their own business. You can lead the horse to water, etc, etc.
It is more nuanced than merely being popular.
Of course it is. I've never argued otherwise.
There are a hell of a lot of people - particularly on Slashdot - who don't think it's any more "nuanced" than "Microsoft sucks", however.
What I'm getting at is that the correlation between the number of times a system is attacked and the number of times it is compromised is a factor of design, not popularity.
It's also a factor of popularity. Indeed, it's _usually_ a matter of popularity since most "exploits" are of the automated (or semi-automated) mass-infection type, where popularity is critical to nearly every aspect of an "attack".
It is not mere popularity that makes Windows the subject of more attacks, but rather that the attacker has a much higher expectation of success than with any other platform.
But this is also a function of "popularity", because the more popular platform will have far, far more users on it who are less technically capable, and thus more "exploitable".
Why would anyone attack Macs or Linux boxes when they can more easily obtain the low-hanging-fruit from a Windows box? Yes, popularity is a part of it, but the likelihood of success on the part of the attacker plays a more important role.
The likelihood of success is inextricably linked to "popularity". The more popular a platform, the more people who will be using it. The more people using it, the more security risks that platform has (since the user is usually the biggest security hole in any system).
The fact is, "popularity" is an inherent, fundamental and significant aspect of "security", in the contexts that the term is typically used (and in the other contexts - that of security features for restricting access, limiting damage, etc, or in terms od bugs and design issues, Windows is not significantly worse (or better) than its contemporaries).
For example, firewalls are pretty ubiquitous now. Linux and the other unixes have very sophisticated firewalling built in to the stock kernel. Microsoft has the Windows XP firewall.
Do not mistake interface with capabilities. Similarly, do not mistake the requirements of one platform for the requirements of another - Windows probably doesn't *need* "sophisticated firewalling" (whatever you mean by that). It's a desktop OS, not a firewall/router.
Ipfwadm, Linux's first basic packet filter, was added to the mainline kernel in 1996. Microsoft didn't add their first simple packet filter until 5 years later in Windows XP... and it was less capable that the ipfwadm Linux had long since left behind in favor of netfilter (iptables).
Packet filtering in Windows has been built-in since *at least* Windows 2000, and probably longer (although I don't have any NT4 machines to check).
Further, it wasn't really a requirement in Windows until fairly recently (2000-ish), at which point the functionality was added. It was in Linux because (for reasons I have never been able to fathom) lots of people like to use Linux machines as firewalls and routers (why they don't use the orders-of-magnitude nicer FreeBSD+ipfw or ipfilter, or OpenBSD+ipfilter or pf, is beyond me).
Ipfwadm allowed you to, say, block inbound connection requests to TCP port 1434 from networks other than 127.0.0.0/8. Even after the service packs, the Windows XP firewall still does not offer that level of specificity.
I don't get down and dirty with Windows a whole lot these days, but even a few minutes worth of clicking around the Windows Firewall interface indicates this should be pretty easy. The Windows Firewall blocks every by default and you add exceptions to allow traffic. There's certainly the ability to add an exception for an arbitrary TCP port and an arbitrary network to allow traffic from (whether this is actually necessary in your specific example I don't know off the top of my head - Windows may treat the loopback adapter specially in the case of packet filtering, like Solaris does(/did)).
That Windows is less secure because it has more market share. Let's debunk this once and for all.
First you need to decide what you mean by "security":
* If you mean "security" in that feature X exists to prevent attack Y, then your "debunking" has the possibility of being valid (however, Windows is not lacking in security features, so your debunking would be wrong).
* If you mean "security" in that some platform has less exploits than Windows, then your debunking ins completely invalid, because marketshare is an inescapably significant aspect of how frequently a platform is exploited and the impact of those exploits.
But we know better: the reason why Windows has more security vulnerabilities [...]
Evidence that Windows has more vulnerabilities ?
[...] they are easily compromised, and the type of user who is lax with security typically stores important information - such as SSN's and credit card numbers - in unencrypted form on their hard drive.
Please clarify how this is relevant to the security capabilties of an OS.
But the fundamental difference between them is that at any one given time, there exist hundreds or thousands of exploits for every exploit available for a non-Windows system. Thus, a hacker is pretty much gauranteed that he can compromise a Windows machine, because even fully patched Windows machines have hundreds or thousands of yet-to-be-discovered vulnerabilities. Contrast this with a Linux box, where even unpatched machines typically possess no more than a handful of weaknesses.
Evidence ?
Because Windows is so poorly designed, it is a virtual certainty that it can be compromised.
Please expand more on how Windows is "so poorly designed".
And that is why it is attacked. It is not because of its popularity.
if you do not believe popularity is not a key influence on how frequently a platform is attacked, you are an idiot. That's not an ad hominem, it's a fact.
A simple application like the IE web browser is tightly integrated into the operating system in order to get around anti-trust laws. How dumb is that?
So dumb that every major platform (GNOME, KDE, OS X) has done it as well !
Perhaps Windows is attacked so much because it is the most popular operating system. However, those attacks succeed so frequently because the security architecture of Windows is so poor.
For example ?
IBM opened up the market for clones, [...]
IBM most certainly did NOT open up the market for clones, it was ripped out from under them by Compaq. They even tried (unsuccessfully) to kill it with the PS/2.
That the IBM PC "Clone" even exists at all is a function of a) dumb luck (IBM using mostly off-the-shelf parts to build it) and b) Compaq very careful clean-room reverse-engineering the PC BIOS.
It has taken court rulings to get it so when you buy a new PC Microsoft where doesn't get a cut -- you know, that famous "Microsoft Tax".
It has always been possible to buy a PC without Windows (or DOS). Always.
By then, the damage had already been done. Everyone needed Word (when Wordperfect at the time was a vastly superior product because that was what everyone else had.
Your history here is way off as well. It took nearly a decade for Word to beat Wordperfect and did so by being better.
The port of Wordpefect to Windows was crap because Microsoft programmed their own apps using APIs they wouldn't tell everyone else about -- so everyone else had slow, flaky software that didn't quite work as well as Word.
No, it was crap because it was a bad port of a DOS program (the first version didn't even use Windows's built-in printer support - if your printer wasn't supported by WP itself, *you couldn't print* !). It had nothing to do with the mythical "undocumented APIs".
In the 90's, Windows was grossly incapable of doing anything involving a network without 3rd party stuff.
Windows was quite capable of networking with Windows and Netware. Which was about all you would expect it to do in the *early* 90s.
My point is, Microsoft has gotten where they are today not by ever having a better offering. But by managing to become the de-facto standard via exclusive licensing, strong-arming distributors, and using that great big whacking war chest they've built up from rolling out minor point releases and charging a fortune for them.
Bollocks. Microsoft have frequently "gotten where they are" by having the better product. Office (primarily Word and Excel) and IE are textbook examples of better products beating the alternatives.
When I first switched to Linux, a 0.99a Slackware was capable of doing a helluva lot more than Windows clean through until NT came out, and in less resources.
Slackware 0.99 was released about the same time as Windows NT 3.1. It was, relatively speaking, a pig - but it was also doing a lot more than Linux, so that is at least somewhat understandable.
So why hasn't there been any persons up to the task?
What makes you think there hasn't ? Heck, there's been several stories on Slashdot alone about flaws and exploits in OS X.
Up until fairly recently, UNIX had a superuser. Indeed, in the vast majority of UNIX installations, root still has all the power it always did.
That's a qualitative way UNIX is less secure than Windows NT.
A comparative analysis of the methods UNIX uses to defend itself - such as SELinux and App Armor - vs the nonsense Microsoft has added to Vista, for example, the stupid UAC, pretty much demonstrates where significant security lies.
I see you like both apples and oranges...
In 2007 the expected level of information security is rather different. In 2007, Unix and Linux have adapted to the new requirements and excelled at meeting them while Windows works only moderately better than it did in 1995.
For example ?
Or could anyone tell me why a user of the product would want DRM, [...]
So they can view/listen to media that is DRM-encumbered.
[...] or would want to have the parts of the system so intermingled that you can't replace or remove the parts you do not want or you want from a third party?
I'm not quite sure what you mean, but the advantages of top-to-bottom control over, and integration of, the software stack should be blatantly obvious. Look at ZFS, if you want a concrete example of the benefits.
Microsoft, like Apple, Sun, and dozens of others, aren't selling you a bunch of spare parts, a tool belt and some badly written written instructions on a coffe-stained napkin. If that's what you want, Microsoft don't have a lot of interest in you as a customer.
Yes and no. There's at least three kinds of email infections; there's the trojan, the virus, and the buffer overflow.
Via email you're basically looking mostly at trojans, with the occasional "virus" or "worm" thrown in (from buffer overflows, or other bugs).
We all know what trojans and viruses are, but consider that there have been numerous flaws that would allow execution of arbitrary code as the Admin or even in the NT kernel if you simply displayed an image.
For example ?
Displaying an image should not be a risky behavior! Being infected by viewing an image displayed by an OS API is solely the fault of the programmer[s] involved. It's not the user's fault.
Running at an unnecessarily elevated privilege level is, however, to some degree the user's fault. Most (if not all) of the "exploits" coming via email will only execute their code at the privilege level of the user.
Even in the case of trojans and viruses, there are things an application can do to reduce the risk to the user. For example, if Windows used a system of capabilities then an application asking for capabilities it doesn't need would raise a red flag.
If the end user can override them, it won't work.
If an application tries to modify (or create) an application, that is a time to display the "Cancel/Allow" dialog (unlike so many of the times it is displayed now.)
Which of the "Cancel/Allow" messages do you think are unreasonable ?
I don't know of any tools to help you manipulate them later though, without chowning them back. And on NT you can only take ownership, not give it. (Although you can explicitly set perms.)
Third party tools have allowed setting of ownership to arbitrary users for some time and Windows 2003 has it in the permissions dialog. Arguably being allowed to do this is a security risk, however, as it makes it easy to modify files without leaving any evidence of doing so.
In a world without copyright, opening ANY codebase is easy: just ask an employee (or a contractor, or a janitor, or ...) to give you the code they have access to, or if you like pay them to give you the code. In a hypothetical world without copyright, code belongs to everybody, so this scenario would be entirely legal.
Unless said employees have contractual agreements not to do so. Or employees have no way of transporting the source code out of the premises.
So yes, it would be easy to close a codebase, but also easy to reopen it.
First you have to get your hands on the source code. In a world without copyright, access to source code would be tightly controlled. So bribing/threatening/cajoling someone into doing so *might* be easy, but just as likely might be extremely difficult.
To say the GPL doesn't need to exist if copyright does not is both a) making a *lot* of questionable assumptions (primarily with regards to access to source code and willingness of people to make it available) and b) ignoring the main reason the GPL exists (to generate more GPLed code).
Huh? Without copyright laws, there's no _need_ for the GPL or the BSD license.
Of course there is. Without copyright there is no way to enforce the "derivative code must be GPLed" aspect of the GPL - it's raison d'etre.
(There would be no "need" for the BSDL license, I'll agree, except perhaps to avoid potential contractual disputes.)
Without copyright, the world works like pretty much like the GPL intends, and the BSDL is redundant since it grants nothing that isn't already allowed, whereas there's no "intellectual property" that can conceivably be subverted downstream.
Uh, no. You have that arse-about-face. Without copyright, the world operates like the *BSDL* intends and the GPL becomes irrelevant because its restrictions cannot be enforced.
It's the fact that the GPL gives the same result whether copyright laws exist or not that makes it such a solid foundation for software freedom (modulo minor bugs).
Except it doesn't. Closing a "GPLed" codebase while copyright exists is very difficult (if not impossible - Tivo kind of managed it). Closing a "GPLed" codebase without copyright is trivial.
The post to which you replied chose the word "use" very carefully. You are indeed welcome to make derivative works of a GPLd work.
Indeed you are. But your "derivative" works must then be GPLed.
Ie: the GPL restricts what you can "use" the code for, unless you don't consider "creating 'derivative' code" to be "using". The restriction is that the "derivate" work must be GPLed.
(Many would probably argue that a company that uses (ie: "distributes") GPL-derived software internally in binary form, should also provide the source code to any employee that requests it, at which point that software can subsequently be redistributed by said employee at their discretion - and that possibility *is* a valid concern for businesses.)
I don't. I'm using 3 open-source products right now. The Linux kernel, open-ssh, and Firefox. So let me ask you - am I making a derivative work of them right now?
Do you typically have big difficulties with the concept of a 1:many relationship ?
("Use" may have more one definition, is the point I'm making.)
Actually, speaking of the USA, how does "conservative french" relate to "conservative american". Is 'their right' our left? It appears conservatives there are pro-american, whereas conservatives here are anti-french (freedom fries?)
First you have to account for:
* The US political spectrum is skewed significantly to the Right.
* The French political spectrum is skewed significantly to the Left.
So while 'conservative' in France means relatively the same thing as it does in the US, by policies and attitudes a French 'conservative' probably sits somewhere noticably to the left of the Democrats (in general there will be specific counter-examples).
Compared to most of the western world, he's probably centrist.
I have worked for a boss like that. He would look at you with the cold dead snake eyes, and ask you a question. He has already decided in his mind what response he wanted, and if you did not give it, you were demoted or fired.
That is not at all "like" what appears to be Bill Gates's management style.
There's a vast gulf of difference between being aggressive to get people to aggressively defend their ideas and being aggressive because you want to be surrounded by yes-men.
I've not seen any evidence Bill Gates falls into the latter category, and numerous examples of how he falls into the first.
When you're going to give someone millions (probably tens of millions) of dollars to manage a project, they damn well better be able to defend it in the face of that sort of attitude. Because if they can't, either the product sucks or the product manager sucks, both of which will destroy the product as a viable business proposition.
Which is to say, after having worked with and seen plenty more international teams, that other cultures find dedication to excellence a shocking American practice and expectation. I have no idea why this is so, when every example of its absence results in mediocrity.
No, what other cultures find strange about Americans is the dedication to work at the expense of quality of life and what they find shocking is the ruthless and selfish attitudes in American working environments.
Yeah, that's pretty much what I told her. Also what I believe, and how I live, and how I succeed in the world.
Bloody hell, be careful. Swinging irony like that around could take someone's eye out.
Like I was telling my daughter yesterday, the appropriate thing to do when you meet such a person is to drill them in the nose with your knuckles as hard as you can, unless they outweigh you by a significant margin, in which case you should hit them with a chair until they crumple to the ground.
Or you could take the civilized course of action and simply make such a compelling presentation of, and argument for, your product that your opponent is shown to be wrong.
The appropriate thing to do when confronted with a bully is to either a) ignore them, or b) make everyone else see how wrong they are. Physical violence is usually the worst way to achieve the latter, both in execution and outcome.
Please show me where the GPL imposes any restrictions on use of the work.
"Derivative work" must be GPLed.
Unless you don't consider "deriving work" to be "using".
I think you can't see the forest for the trees. Of course the GPL is a technical document which exists within the conceptual framework of the copyright laws. But it's not there to enforce copyright, it's actually there to create a downstream channel where copyright is effectively nullified in practice. As long as you stay within the GPL channel, none of the copyright restrictions which always exist otherwise apply to the channel (if you try to leave the channel you run into difficulties however).
You're missing the point. Without copyright, the most important aspect of the GPL (it's "viral" nature) disappears because it cannot be enforced. The GPL *requires* copyright law to do its work.
Without copyright, the GPL becomes the BSDL (or equivalent).