Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
They don't even support their current products properly.
For example, if they had to meet the same standards as new cars (check out the ne automobile lemon laws in your state) - they would lose money on every sale.
Its a sad state of affairs when consumers are so cowed that they accept as normal that something will break on a regular basis. Patching is NOT maintenance. Its fixing a design flaw. How many flaws are we up to?
If your car was 1/100 as bad, it would have been taken off the market permanently.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Extended support also means that any new features that break interoperability with the previously-compatible older version won't be back-ported, forcing people to upgrade machines that are in perfect working order.
Nice marketing gimmick.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Funny you should mention fridges. You shouldn't have a problem finding parts for a 20-year-old fridge. The aftermarket produces generic "one-size-fits-all" parts, so that if, for example, the timer goes on it, even if its 3 decades old, you can fix it (I've got one sitting here for just such a situation - the generic replacement part is much smaller, but it works just the same).
Ditto for most automotive parts.
As to buying Vista, I don't run Windows at home, so that's not going to happen unless its already included (and that's not going to happen unless its a laptop or on a box that is cheaper than what I can build myself:-)
Re:How can you vouch for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Would you take that from any other manufacturer of any other product? Like, say, your car? Or your fridge? Or your toilet?
Microsoft does nto "manufacture" Windows(tm). there are very big differences between physical products and computer code. duh!
...yeah, sure, like there is no code in your cell phone, car, elevator, tv, dvd, vcr, microwave, clock radio, printer, bios, stove, watch, calculator, remote control, synthesizer, effects pedals, etc.
... guess you didn't know that you CAN apply the same methodologies for product development and quality control to code that you do to the manufacture of physical products.
Look at some similarities to how cars and code are built
Design prototypes (cars and code)
Check that your design meets or exceeds all applicable standards (works for cars, works for code, except, for some reason, for Microsoft)
Test your prototype in typical as well as extreme use
Get feedback from focus groups, test users, etc (again, cars or software, its all the same)
Simplify the design so as to reduce costs (in cars, cost of parts, in code, cost of bugs from spaghetti, etc)
Collect metrics on flaws/failures
Institute training programs so that there are fewer flaws in the final product (you can train the guy on the shop floor at the assembly plant, just as you can train your coder to be more alert to buffer overruns)
Use pre-assembled, tested, rated components so as to reduce human error (sub-assemblies on a car, libraries in code)
Let the worker have the right to pull the chain if there is a problem (on the assembly line, the worker can halt the line - in coding, we should likewise give the coder the right to say "nope - this is NOT ready for public consumption")
Concrete targets for defect rates
There's a lot more similarity than you'd think at first glance.
There is no such thing as a "bug" in the code. It's not something that "crept in on its own". It's a manufactured error. You or someone else had to actually create that error. You made it. That's what "manufacture" means.
So, you manufacture (make) code, just as you manufacture (make) cars. And when you make errors in either, security sufers - both the car and the code can crash.
The only difference is that Microsoft hides behind a bogus eula to limit their liability. All it takes is one user to win consequential damages (as opposed to the greater of $5 or the cost of the program), and the jig is up.
Re: How can you vouch for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
How much security upgrade support can you get for 5-year-old builds of Linux? Or would the community give the response, "that vulnerability has been fixed, upgrade to a current build"?
I don't hear many people complaining that they can't get security updates for Win 3.1 -- at some point companies/communities have to stop supporting old builds and focus on newer builds and future builds. Not many Autozone stores carry Model-T parts...
If your app was written to run under an older version of linux, and runs fine, you can continue to distribute/sell copies of it, along with the old version of the OS. You can't do that with Windows. You HAVE to buy the newer version - they won't sell you more copies of the older one, and they won't let you dupe and distribute your copy along with your app.
That's one big difference. Built-in forced upgrades for everyone 4 EVAR!
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Actually, the original computer video displays were ALL vector graphics - at way more than a buck a byte (that's right, not kbyte, byte), it would have cost too much to have bitmapped graphics.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
... and you have to go by every users' desk when their.net app breaks, and let them log in as admin so they can grab the latest.net runtime patch... because when bozo recompiles his.net app with a code change and pushes out the update, it won't run.
Makes me long for the days of static linking.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Their whole revenue stream is based on coercing people to continue upgrading. How many times have you heard "Youneedtoupgradetothenextversiontofixthatproblem" ?
Its probably right after "Youneedtoformatandreinstalltofixthatproblem".
"Upgrade as bug fix" is NOT a bug fix. Its a money maker. If you can't see that, you're the type of customer Microsoft loves.
Bill Gates sent out Steve Ballmer to see what people thought of Microsoft Windows.
Steve asks the first person he meets "What do you think of Microsoft Windows?" The guy goes "Windows? Here's what I think!" and flips him the bird.
Steve asks the next person he meets "What do you think of Microsoft Windows?" This guy also goes "Windows?" and gives him the raised middle finger.
This goes on all day. Everyone has the same response.
So, at the end of the day, Gates says "What do people think of Microsoft Windows?" and Steve raises his middle finger and says "We're # 1!"
It gets laughs because its so true - everyone wants to give it the middle finger, and this would be typical Microsoft "get the facts" spin. Maybe its time you asked yourself why.
Grab a knoppix 4.01 dvd, or a suse live dvd. If you can't get either of these to run, there's a PEBKAC running loose:-)
Re:the C. P. Snow Divide of Sciences and Humanitie
on
Flash, Meet Sparkle
·
· Score: 2, Insightful
Lets review your claimsd:
Let me go over this, word by word:
viruses: fault of a sys/net-admin. It's no big deal installing a good antivirus, even network-wide.
So, how many viruses have hit macs or linuxes or bsds? And before you go on about the way that Windows is a target because of market share, remember that Apache has much more market share than IIS, and yet has fewer security fixes. Microsoft produces dreck.
downtime: redundancy. really. have multiple servers do the same thing. Our network here is 100% windows and has close to 99% uptime. More downtime? Ah, hire a (better) admin!
"Close to 99% uptime - that's TERRIBLE! 99% uptime would mean you're off for 88 hours a year! 15 minutes every day! And you put up with that shit? Maybe you should switch to one of the *nixes, where 15 minutes a YEAR is major, even without redundant boxes.
forced upgrades: does somebody from Microsoft stands behind you with a baseballbat, threatening to smack you silly if you don't upgrade? Anyways, we have upgrades all the time. The only persons who complain (if you can call it that) are the sysadmins, but that's just a select few compared to the normal users who should not notice these upgrades.
So, nobody had a problem upgrading their computers from 98 to XP? Or from one version of Office to another? They don't need a copy of OpenOffice to help "fix" the docs that got screwed up by the different versions of office?
the patch hell: what patch hell? Please explain. I've just patched a terminal server using windowsupdate. One reboot later and the server is back in production. Hell? Not more than applying a patch for any other OS.
See my previous comments about how you shouldn't be so proud of your "99% uptime".
Really, don't blame the system admins for something that is flawed by design and intent.
are you stupid or something? Flash is the only reliable way of delivering multimedia content via the web. You're obviously some kind of coding hermit who only wishes to diget information in text form.
Gee, Real Networks and Google will be surprised to hear that.
Re:How can you vouch for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Guess you didn't RTFA - Sparkle is NOT just for the web. It gives control to the whole UI of the host machine.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Breaking standards or requiring people to support / code around non-standard "features" takes time and resources - both of which could have instead been better applied to improving other areas of the product. This is particularly true of web apps - you know, the "next big thing" that is now "the big thing".
Its no longer something we can conveniently ignore. This is why breaking standards has a direct link to introducing insecurities. There are fewer resources to check/test against sql injection in scripts, for example, because the person who wants to devote more time to that was pulled off it to help fix the "browser sniffer" code or tweeking the css to work around the non-standards-compliant behaviour of IE.
I'm sure that, given more time and sufficient motivation, you could find some examples yourself.
As for the "potty mouth" - maybe it comes naturally to someone who has had to deal with the bullshit that Microsoft has been pushing for 20 years now. The lies (guess you don't remember the "Windows 95 is a 32-bit os - viruses won't run on it" - that was a real floater of a turd). The predatory practices ("DR DOS"). The fud, fud, fud.
I'm tired of it, and I've taken to calling a piece of shit a piece of shit, and now I find that it must be rubbing off on the people around me, because, more and more, I'm hearing others agree. Maybe we should sue Microsoft and claim that Windows causes Tourette's Syndrome.
Re:What sort of security vulnerabilities..
on
Flash, Meet Sparkle
·
· Score: 1
Vista will be able to script the whole GUI. Its not just a browser thingee, despite the misleading article title. It's going to have a lot more permissions than, say, javascript in a browser.
This means any application is free to mimic any other applications' appearance. Hello perfect Trojan Toolkit.
I mean, seriously, do you know anything about programming?
Yeah, I know a bit about coding. I've been writing code for a couple of decades. Including Windows programs in C without any of that MFC bullshit for people who couldn't figure out what was going on under the hood and needed their hands held - straight c and c++, my own framework, etc.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
NT5 (aka Windows 2000) is in extended support, not mainline any more. 5 years and you're the poor cousin with the hand-me-downs.
This wasn't done to help people, but to promote license churn.
As for the many versions of linux,
you can run as many copies of an older, non-maintained version as you like. Not the case with Windows. If you have a program that ran fine on low-end hardware under 95, you can't go out and deploy it on 100 machines tomorrow - unless you pirate copies of 95. Ditto 98. Ditto the extinct versions of NT.
Hell, Microshit is even trying to convince people that its illegal to transfer your license to a new white box when the old one dies (its not, btw, despite their fud).
Re:the C. P. Snow Divide of Sciences and Humanitie
on
Flash, Meet Sparkle
·
· Score: 1
Reality check time? Here's some reality for you.
No matter how much they say they hate Microsoft they still don't like anything else well enough to switch.
People bitch about their spouse, kids, friends, and how miserable their life is. But that doesn't mean the current situation is worse than a divorce. There is no glorious rainbow, pot of gold, or greener grass. If there were, they wouldn't be complaining.
A lot of them are hungry for an alternative, and want out of the monopoly. (more reality - you *do* know that Microsoft got where it was by illegal monopolistic tactics, don't you?)
A lot of the businesses I've talked to are hungry for information - when I tell them that I've got a beta program for their business that doesn't require Windows, their ears just perk right up.
So, yeah, Microsoft is dying, and I'm doing my little part to help it along.
Re:What sort of security vulnerabilities..
on
Flash, Meet Sparkle
·
· Score: 1
The only people I saw yesterday (at 35 different companies) who were actually happy with the stability of their computers were running DOS apps. And these were people who were in diapers when the apps were first written. Go figure.
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Sorry, but you're wrong. English has got a LOT of terms we swiped from the french (thanks to the Norman conquest, but "vouche" is NOT correct english. "Douche" is, but that's because we use a french term ("douche" == "shower") to be polite and obfuscate what we're talking about.
BTW, I'm not American - last I looked I was still living in the Commonwealth.
Re:Often programmers know very little...
on
Flash, Meet Sparkle
·
· Score: 1
Riiiight, so they'll know more and more about les and less, until they know nothing about anything.
The best specialists are also damn good in areas where they don't specialize. This gives their work context.
Your argument (unix toolchains - a bunch of small speciaalized tools) actually supports my argument better - those specialized tools are pretty useless by themselves. They don't do much by themselves. They're only truly useful when combined.
and analysts between all of them and the clients.
BTW - shoot those analysts. They haven't got a clue. They don't know code, or they'd write code, rather than bring back all sorts of stuff that looks like it was passed through "gizoogle for marketroids".
Re:How can you vouche for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
Fact is, IE7 is going to be far more standards compliant,
Microsoft has already stated they're not going for compatability with IE7. And they've been criticized for it. Here and elsewhere.
By the way, NT4 is 10 years old, not 5. We're talking Linux kernel 1.x here.
Nice flame, but NT 5 (aka windows 2000) is 5 years old. Businesses don't want to switch, and Microsoft is doing their best in forcing them to. You couldn't pick that up from the context - you're the type of customer Microsoft loves. Find out what "extended support" means - or, as the whore of Redmond would put it, "get the facts".
Re:What sort of security vulnerabilities..
on
Flash, Meet Sparkle
·
· Score: 1
This isn't just for browsers. And we all know how good Microsoft is at keeping stuff from the net from interfering with stuff on your computer.
Me, I'm glad they're doing this. The world was a better place before Windows, and it'll be a better place after it dies. Anything that hastens the process has my blessing.
Re:How can you vouch for the security of this?
on
Flash, Meet Sparkle
·
· Score: 1
(I got tired of seeing "vouch" mis-spelled as "vouche" - am I the only one?)
It's not that hard to write an app that can "skin" itself, or to write a second app that can "skin" an existing app, even a compiled binary. The need provide these facilities at the operating system level just doesn't exist, and opens up a whole new can of worms.
Also, with more and more applications being moved to the server and accessed through a browser, changing the appearance is done once - on the server. Microsoft is scared of this move to server apps, because it makes the underlying platform irrelevant, and this will kill their business model of forced upgrades. They originally thought Java was going to be the vehicle to do this, and this is why they worked so hard to kill Java. What they didn't count on was a combination of javascript, css, and high-speed networks to do the same job.
Sparkle isn't necessary for web apps. It's not necessary for games. Its not necessary for office suites. It's just more "shiny bauble thingee goodness" that doesn't address the issues people want addressed:
forced upgrade cycles
client access license ripoff schemes
patch hell
the stupidity also known as the registry
viruses, trojans, and their bastard cousin, spam
incompatabilities between versions
the non-compliant IE browser
Before trying to make Vista Sparkle, they should really fix these issues. Otherwise, its not so much Sparkle as it is Turd Polish:-)
Re:What sort of security vulnerabilities..
on
Flash, Meet Sparkle
·
· Score: 1
It requires at least read access to the file system, and read/write access to the registry, to save window positions, etc. It will also, apparently, have access to the windows api and data read/write capabilities.
Be afraid. Be very afraid.
Or switch to another OS.
Re:the C. P. Snow Divide of Sciences and Humanitie
on
Flash, Meet Sparkle
·
· Score: 5, Interesting
If people really think that Microsoft makes crappy products,
reality check time:
I've spent the last 2 days on the road talking with people at 53 companies. Dragged along an engineer as part of his training. I'll be out there again tomorrow, and I'm sure that it'll be the same.
Not one person said they liked using Windows. Not one! They hate Windows. They hate Microsofts Client Access Licensing schemes. They hate the viruses, the downtime, the forced upgrades, the patch hell, the crappy products - everything. And they also hate it when they go home.
They want OUT!
This is not a slashdot "talking-out-of-my-ass" opinion - this is the reality in the corporate world today. Pissed off doesn't begin to describe it. They feel they've been raped.
Like I said, I've expended the shoe leather, gotten the face time, and this is the reality. Microsoft makes crap. Everyone knows it. Nobody likes it.
There's no need for a "coming together." The world and Microsoft are heading for a divorce.
For example, if they had to meet the same standards as new cars (check out the ne automobile lemon laws in your state) - they would lose money on every sale.
Its a sad state of affairs when consumers are so cowed that they accept as normal that something will break on a regular basis. Patching is NOT maintenance. Its fixing a design flaw. How many flaws are we up to?
If your car was 1/100 as bad, it would have been taken off the market permanently.
Nice marketing gimmick.
Ditto for most automotive parts.
As to buying Vista, I don't run Windows at home, so that's not going to happen unless its already included (and that's not going to happen unless its a laptop or on a box that is cheaper than what I can build myself :-)
Look at some similarities to how cars and code are built
- Design prototypes (cars and code)
- Check that your design meets or exceeds all applicable standards (works for cars, works for code, except, for some reason, for Microsoft)
- Test your prototype in typical as well as extreme use
- Get feedback from focus groups, test users, etc (again, cars or software, its all the same)
- Simplify the design so as to reduce costs (in cars, cost of parts, in code, cost of bugs from spaghetti, etc)
- Collect metrics on flaws/failures
- Institute training programs so that there are fewer flaws in the final product (you can train the guy on the shop floor at the assembly plant, just as you can train your coder to be more alert to buffer overruns)
- Use pre-assembled, tested, rated components so as to reduce human error (sub-assemblies on a car, libraries in code)
- Let the worker have the right to pull the chain if there is a problem (on the assembly line, the worker can halt the line - in coding, we should likewise give the coder the right to say "nope - this is NOT ready for public consumption")
- Concrete targets for defect rates
There's a lot more similarity than you'd think at first glance.There is no such thing as a "bug" in the code. It's not something that "crept in on its own". It's a manufactured error. You or someone else had to actually create that error. You made it. That's what "manufacture" means.
So, you manufacture (make) code, just as you manufacture (make) cars. And when you make errors in either, security sufers - both the car and the code can crash.
The only difference is that Microsoft hides behind a bogus eula to limit their liability. All it takes is one user to win consequential damages (as opposed to the greater of $5 or the cost of the program), and the jig is up.
That's one big difference. Built-in forced upgrades for everyone 4 EVAR!
Actually, the original computer video displays were ALL vector graphics - at way more than a buck a byte (that's right, not kbyte, byte), it would have cost too much to have bitmapped graphics.
Makes me long for the days of static linking.
Its probably right after "Youneedtoformatandreinstalltofixthatproblem".
"Upgrade as bug fix" is NOT a bug fix. Its a money maker. If you can't see that, you're the type of customer Microsoft loves.
Grab a knoppix 4.01 dvd, or a suse live dvd. If you can't get either of these to run, there's a PEBKAC running loose :-)
Really, don't blame the system admins for something that is flawed by design and intent.
Guess you didn't RTFA - Sparkle is NOT just for the web. It gives control to the whole UI of the host machine.
Its no longer something we can conveniently ignore. This is why breaking standards has a direct link to introducing insecurities. There are fewer resources to check/test against sql injection in scripts, for example, because the person who wants to devote more time to that was pulled off it to help fix the "browser sniffer" code or tweeking the css to work around the non-standards-compliant behaviour of IE.
I'm sure that, given more time and sufficient motivation, you could find some examples yourself.
As for the "potty mouth" - maybe it comes naturally to someone who has had to deal with the bullshit that Microsoft has been pushing for 20 years now. The lies (guess you don't remember the "Windows 95 is a 32-bit os - viruses won't run on it" - that was a real floater of a turd). The predatory practices ("DR DOS"). The fud, fud, fud.
I'm tired of it, and I've taken to calling a piece of shit a piece of shit, and now I find that it must be rubbing off on the people around me, because, more and more, I'm hearing others agree. Maybe we should sue Microsoft and claim that Windows causes Tourette's Syndrome.
This means any application is free to mimic any other applications' appearance. Hello perfect Trojan Toolkit.
Yeah, I know a bit about coding. I've been writing code for a couple of decades. Including Windows programs in C without any of that MFC bullshit for people who couldn't figure out what was going on under the hood and needed their hands held - straight c and c++, my own framework, etc.This wasn't done to help people, but to promote license churn.
As for the many versions of linux, you can run as many copies of an older, non-maintained version as you like. Not the case with Windows. If you have a program that ran fine on low-end hardware under 95, you can't go out and deploy it on 100 machines tomorrow - unless you pirate copies of 95. Ditto 98. Ditto the extinct versions of NT.
Hell, Microshit is even trying to convince people that its illegal to transfer your license to a new white box when the old one dies (its not, btw, despite their fud).
A lot of the businesses I've talked to are hungry for information - when I tell them that I've got a beta program for their business that doesn't require Windows, their ears just perk right up.
So, yeah, Microsoft is dying, and I'm doing my little part to help it along.
The only people I saw yesterday (at 35 different companies) who were actually happy with the stability of their computers were running DOS apps. And these were people who were in diapers when the apps were first written. Go figure.
BTW, I'm not American - last I looked I was still living in the Commonwealth.
The best specialists are also damn good in areas where they don't specialize. This gives their work context.
Your argument (unix toolchains - a bunch of small speciaalized tools) actually supports my argument better - those specialized tools are pretty useless by themselves. They don't do much by themselves. They're only truly useful when combined.
BTW - shoot those analysts. They haven't got a clue. They don't know code, or they'd write code, rather than bring back all sorts of stuff that looks like it was passed through "gizoogle for marketroids".
Me, I'm glad they're doing this. The world was a better place before Windows, and it'll be a better place after it dies. Anything that hastens the process has my blessing.
It's not that hard to write an app that can "skin" itself, or to write a second app that can "skin" an existing app, even a compiled binary. The need provide these facilities at the operating system level just doesn't exist, and opens up a whole new can of worms.
Also, with more and more applications being moved to the server and accessed through a browser, changing the appearance is done once - on the server. Microsoft is scared of this move to server apps, because it makes the underlying platform irrelevant, and this will kill their business model of forced upgrades. They originally thought Java was going to be the vehicle to do this, and this is why they worked so hard to kill Java. What they didn't count on was a combination of javascript, css, and high-speed networks to do the same job.
Sparkle isn't necessary for web apps. It's not necessary for games. Its not necessary for office suites. It's just more "shiny bauble thingee goodness" that doesn't address the issues people want addressed:
- forced upgrade cycles
- client access license ripoff schemes
- patch hell
- the stupidity also known as the registry
- viruses, trojans, and their bastard cousin, spam
- incompatabilities between versions
- the non-compliant IE browser
Before trying to make Vista Sparkle, they should really fix these issues. Otherwise, its not so much Sparkle as it is Turd PolishBe afraid. Be very afraid.
Or switch to another OS.
I've spent the last 2 days on the road talking with people at 53 companies. Dragged along an engineer as part of his training. I'll be out there again tomorrow, and I'm sure that it'll be the same.
Not one person said they liked using Windows. Not one! They hate Windows. They hate Microsofts Client Access Licensing schemes. They hate the viruses, the downtime, the forced upgrades, the patch hell, the crappy products - everything. And they also hate it when they go home. They want OUT!
This is not a slashdot "talking-out-of-my-ass" opinion - this is the reality in the corporate world today. Pissed off doesn't begin to describe it. They feel they've been raped.
Like I said, I've expended the shoe leather, gotten the face time, and this is the reality. Microsoft makes crap. Everyone knows it. Nobody likes it.
There's no need for a "coming together." The world and Microsoft are heading for a divorce.