First modbombing and then bullshit. Sieg Heil Mozilla!
ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system.
Same with Mozilla XPI. Or do you really ignorant enough to think that there is any "sandbox"?
Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone
And what if you could "trick" Mozilla in a simlar fashion? XPI then becomes the same kind of liability as ActiveX. The plain fact is that if Mozilla was really designed for "security", it wouldn't have IE-ish features like auto-installing ANY remote code. So quit the fanboy insults and bullshit, read the post, and use your puny heads.
For example, the snarks on the Internet were going on about how ActiveX was such a terrible idea, Mozilla developers were thinking "ActiveX! What a great idea. Let's call our version XUL!" While people were bitching about spammy IE toolbars, Mozilla people thought that toolbars didn't go far enough and that you should be able to download an entire XUL "skin".
When Microsoft started betatesting XP SP2 with ActiveX blocking, the Mozilla people took a look and said "Oh Good idea! Let's put that in!" They even copied the UI nearly down to the pixel level.
Now, I'm not saying that Firefox is bad or more insecure than IE. Only that it was hardly designed with "secuirty in mind"; and that like IE, it's enormously extensible for developers, and most of the "security" is policy stuff that was tacked on long after the fact.
Hopefully Mozilla isn't believing their own PR about security.
Re:I forget if we're supposed to hate them
on
Netscape Turns 10
·
· Score: 0
When Moz went open source, it became distinct from Netscape/AOL
Mozilla went Open Source in 1999(?), but has only been independant from AOL for the last year or so.
Before then Mozilla.org wasn't really a "org" but more of a front for Netscape -- there wasn't much if any "open" decision-making going on and the product direction was almost entirely determined by Netscape employees. You may also note that Mozilla has been gaining in popularity over the last year.
Re:Still why not base AOL on Netscape?
on
Netscape Turns 10
·
· Score: 1
I would say that Mozilla still isn't very good (at least compared to typical Windows apps). Firefox validated the architecture by removing the bloat, highlighting the tech, and being as "IEish" as possible.
Blame Netscape Management for spending many years building a lot of fancy technology only to bury it under a bloated Communicator 4 clone.
I will give them that -- JavaScript is an excellent scripting language with a cool prototype-based object system. It's a shame that the opensource world embraced things like Perl (outside of its domains) and PHP (anywhere) when there's been an distributable JavaScript implementaiton for years.
(Although JS was based on a Sun language called... Self).
On the other hand, Netscape also gave us window.open() and netscape.com was the first site to use advertising popups.
Re:Still why not base AOL on Netscape?
on
Netscape Turns 10
·
· Score: 1
Strictly not true. "M$" paid them a lot for illegally destroying Netscape's marketshare. AOL got the same "right" to integrate IE into their application that anyone on the street has.
The fact was that AOL was not really making any movement to use Mozilla in their client software. Presumably this was because of technical criteria, as they'd invested quite a bit in Mozilla. (speed, memory use vs low-end AOL installed base?)
This works great for google because they have a stateless HTTP-based application.
Joe LAN Admin is usually dealing with fileserver and database applications that use long-lasting connections and lots of server state. (Even many HTTP apps make heavy use of server-side sessions.) There simply aren't cheap fail-over solutions for these apps. So it makes a lot more sense to buy a box that can maintain the uptime by itself.
I have an "obsolete" low-end server that I use for running FreeBSD. It has SMP, ECC RAM, SCSI disks, a boring but very reliable chipset...
Exactly! Ebay is your friend here -- you can get an old ~1Ghz Proliant or IBM server for about $500-$600, which is probably cheaper than a "desktop" box. You many need to expand the box, but the memory and old SCSI drives are also dirt cheap. These boxes will be 100% rock-solid with Windows/Linux/BSD.
Most server use (fileserving, SMTP/IMAP email, etc) does not require much CPU power -- there's simply no justification for putting a cheapassed machine just because it runs at 3Ghz or whatever.
(And as for "chipsets being chipsets", it's patently false. Server machines use different chipsets.)
I don't understand your point. Either raw CPU speed matters for your workflow or it doesn't. If not, you can't really justify buying a high-spec G5 workstation. If an objectively slow G4 is working for you, you aren't exactly a "high-end" user and maybe shouldn't be spending top dollar for a new PowerMac.
The problem with your BMW comparision is the Yugo (eMac) sitting in the corner of the Apple Store. Apple does sell the $9000 auto. What we're talking about is a nice $25000 family sedan, which they don't sell.
BMW actually has a pretty compehensive model lineup and is trying to increase their marketshare. Therefore they don't compare well to Apple.
Actually, I think this brings up a problem for Apple. What you say USED to be correct -- graphic design needed a pretty high-end machine, but as time goes on there's less and less need for a top-end workstation in this market.
Without a "mid-level" Mac to sell to these people, they probably just go much longer between purchases. And if you are really crunching graphics files, I don't think there's much question that a generic 3.0Ghz Dell would be more suited than an old G4.
Yeah, but the point stands that you can get a good-performing, stable, and expandable x86 minitower for about $1000, and Apple simply does not have a model which compares.
Instead Apple customers are encouraged to spend $2000 for "workstation" machine. If one does not need dualprocs, PCI-X, or a crapload of RAM slots, it is a fair complaint that you shouldn't have to pay for them.
> It would allow me to use Windows and OSX on the same machine with a dual boot.
The "dual boot" crowd (meaning us) aren't a very good customer base. Mainly tech-hobbyists who install random OSes, play around with them for a while and then switch back to Windows as soon as its convienient to do so.
When you look at historical attempts to sell an OS to dualbooters, such as OS/2 Warp, BeOS, or various consumer Linux Distros, you see that the OS sells well at retail, but ends up with very few long-term committed users. I don't think that's Apple's game at all -- they sell primarily to hard-core repeat customers.
(Even though you say it's a joke, the moderators took you seriously.)
> but this is the GOOD THING FOR ALL
Single Vendor media Lock-in is not a good thing at all, it's a TERRIBLE thing, for both the record companies and the consumers. It's only a good thing if you are an Apple stockholder.
"Only Apple Propretary Crap can save us from higher prices" is bullshit. Common sense says just the opposite, that Apple's iPod installed base would allow them to charge more than other vendors with crappier players.
The also-ran online stores generally want to LOWER prices, not raise them. They want the record companies to take a smaller cut, not a larger one. Except that the price is basically fixed by the recording industry. If they wanted to sell songs at $2/copy, they could and Apple and everyone else would have little choice but to go along.
my knowledge the only program in Windows that uses CRLF is Notepad
Are you kidding? I think you'd have trouble finding a Windows program that does NOT use CRLF text files by default (including Visual Studio and other dev tools, HTML Editors, MS Office, etc). Most Windows text editors only support LF in a special "Unix" mode.
First of all, it's hard to imagine the skill-level of web developers getting much worse.:)
The nice thing about ASP.NET is that the output produced by a "less skilled" developer is still not that terrible. It might have maintainability problems like cut-n-paste code, but is far less likely to have SQL injection and cross-site-scripting problems or tons of HTML generation spagetti. I'll take crappy ASP.NET code over crappy ASP or PHP code any day. You actually have to fight the environment for many bad practices.
> handle security problems like this
This only seems to affect a certain class of applications that rely on password security. If your app is designed for the public interenet and handles its own logins, it doesn't seem like a problem.
Simple NNTP functionality makes sense because it can be used for "Groupware" type stuff like discussions, file libraries, "shared folders", etc.
Most dedicated newsreaders are overkill for average users, with extremely complicated and confusing GUIs, and features that corporate users would rather NOT have (scoring, leeching, etc).
Apache always run more websites than IIS at any time, still IIS was infected more ofen at any time
This is because you don't have to "run a website" in order to get infected with Code Red. Windows 2000 server runs IIS by default, and that's millions of target boxes that don't show in marketshare surveys.
Likewise with MS-SQL, client-side tools were vulnerable to the worm, meaning there was a much larger base than your 12% number suggests.
I'm not arguing with the rest of your post, just pointing out how the Linux community wants to play down the "numbers game" aspect of these things. When/If Linux achives a larger installed base of machines, and the average quality of a Linux administrator sinks to MCSE-levels, I think you will be unpleasantly surprised when the 0-day worms start coming your way.
Yes, but its an old issue that's been around forever.
Users that used to be vulnerable to the entire Internet are now only vulnerable to their ISP subnet. And they can still share files at home. It's not supposed to be perfect security, only better than nothing..
It's also worth noting that most US broadband ISP block all Windows Filesharing traffic -- otherwise your network neighborhood becomes your real neighborhood. So this "issue" isn't likely to affect many users.
Except that Mozilla didn't kill any of those features. In fact they cloned that stuff in order to match IE feature-for-feature.
(ActiveX were reinvented as XPI, BHOs were reinvented as 'Extensions', Toolbars reinvented as XUL/Skins. Mozilla/Firefox is loaded with programming 'hooks' that could be exploited)
On an implementation and policy level Firefox will (probably) be more secure than IE has. But that's not due to a fundementally different philosophy -- both MS and Mozilla saw the browser as a 'platform' and not just a browser.
Instead of 1990, how about 1999? I don't think there's any question that businesses would have chosen RedHat 5/6 over Solaris if the latter was well supported on x86.
Of course there's the greater issue that Sun has talked a ton of shit about Microsoft but never lifted a finger to direclty do anything about them (X11 and CDE are basically unchanged from the Gorbachev era -- the lowend was conceeded by Sun).
Slashdot Mirror
First modbombing and then bullshit. Sieg Heil Mozilla!
ActiveX is native code, essentially, specially modified DLL's that run unsandboxed with the same permissions as the parent process. This opens up all kinds of fun things you can do to someones system.
Same with Mozilla XPI. Or do you really ignorant enough to think that there is any "sandbox"?
Unfortunately it is relatively easy to trick IE into thinking an ActiveX control is coming from a trusted zone
And what if you could "trick" Mozilla in a simlar fashion? XPI then becomes the same kind of liability as ActiveX. The plain fact is that if Mozilla was really designed for "security", it wouldn't have IE-ish features like auto-installing ANY remote code. So quit the fanboy insults and bullshit, read the post, and use your puny heads.
XPI is Mozilla's ActiveX clone.
None of this is really true of course.
For example, the snarks on the Internet were going on about how ActiveX was such a terrible idea, Mozilla developers were thinking "ActiveX! What a great idea. Let's call our version XUL!" While people were bitching about spammy IE toolbars, Mozilla people thought that toolbars didn't go far enough and that you should be able to download an entire XUL "skin".
When Microsoft started betatesting XP SP2 with ActiveX blocking, the Mozilla people took a look and said "Oh Good idea! Let's put that in!" They even copied the UI nearly down to the pixel level.
Now, I'm not saying that Firefox is bad or more insecure than IE. Only that it was hardly designed with "secuirty in mind"; and that like IE, it's enormously extensible for developers, and most of the "security" is policy stuff that was tacked on long after the fact.
Hopefully Mozilla isn't believing their own PR about security.
When Moz went open source, it became distinct from Netscape/AOL
Mozilla went Open Source in 1999(?), but has only been independant from AOL for the last year or so.
Before then Mozilla.org wasn't really a "org" but more of a front for Netscape -- there wasn't much if any "open" decision-making going on and the product direction was almost entirely determined by Netscape employees. You may also note that Mozilla has been gaining in popularity over the last year.
I would say that Mozilla still isn't very good (at least compared to typical Windows apps). Firefox validated the architecture by removing the bloat, highlighting the tech, and being as "IEish" as possible.
Blame Netscape Management for spending many years building a lot of fancy technology only to bury it under a bloated Communicator 4 clone.
I will give them that -- JavaScript is an excellent scripting language with a cool prototype-based object system. It's a shame that the opensource world embraced things like Perl (outside of its domains) and PHP (anywhere) when there's been an distributable JavaScript implementaiton for years.
... Self).
(Although JS was based on a Sun language called
On the other hand, Netscape also gave us window.open() and netscape.com was the first site to use advertising popups.
Strictly not true. "M$" paid them a lot for illegally destroying Netscape's marketshare. AOL got the same "right" to integrate IE into their application that anyone on the street has.
The fact was that AOL was not really making any movement to use Mozilla in their client software. Presumably this was because of technical criteria, as they'd invested quite a bit in Mozilla. (speed, memory use vs low-end AOL installed base?)
Nutscrape Sucks.
This works great for google because they have a stateless HTTP-based application.
Joe LAN Admin is usually dealing with fileserver and database applications that use long-lasting connections and lots of server state. (Even many HTTP apps make heavy use of server-side sessions.) There simply aren't cheap fail-over solutions for these apps. So it makes a lot more sense to buy a box that can maintain the uptime by itself.
I have an "obsolete" low-end server that I use for running FreeBSD. It has SMP, ECC RAM, SCSI disks, a boring but very reliable chipset ...
Exactly! Ebay is your friend here -- you can get an old ~1Ghz Proliant or IBM server for about $500-$600, which is probably cheaper than a "desktop" box. You many need to expand the box, but the memory and old SCSI drives are also dirt cheap. These boxes will be 100% rock-solid with Windows/Linux/BSD.
Most server use (fileserving, SMTP/IMAP email, etc) does not require much CPU power -- there's simply no justification for putting a cheapassed machine just because it runs at 3Ghz or whatever.
(And as for "chipsets being chipsets", it's patently false. Server machines use different chipsets.)
I don't understand your point. Either raw CPU speed matters for your workflow or it doesn't. If not, you can't really justify buying a high-spec G5 workstation. If an objectively slow G4 is working for you, you aren't exactly a "high-end" user and maybe shouldn't be spending top dollar for a new PowerMac.
The problem with your BMW comparision is the Yugo (eMac) sitting in the corner of the Apple Store. Apple does sell the $9000 auto. What we're talking about is a nice $25000 family sedan, which they don't sell.
BMW actually has a pretty compehensive model lineup and is trying to increase their marketshare. Therefore they don't compare well to Apple.
Actually, I think this brings up a problem for Apple. What you say USED to be correct -- graphic design needed a pretty high-end machine, but as time goes on there's less and less need for a top-end workstation in this market.
Without a "mid-level" Mac to sell to these people, they probably just go much longer between purchases. And if you are really crunching graphics files, I don't think there's much question that a generic 3.0Ghz Dell would be more suited than an old G4.
Yeah, but the point stands that you can get a good-performing, stable, and expandable x86 minitower for about $1000, and Apple simply does not have a model which compares.
Instead Apple customers are encouraged to spend $2000 for "workstation" machine. If one does not need dualprocs, PCI-X, or a crapload of RAM slots, it is a fair complaint that you shouldn't have to pay for them.
> It would allow me to use Windows and OSX on the same machine with a dual boot.
The "dual boot" crowd (meaning us) aren't a very good customer base. Mainly tech-hobbyists who install random OSes, play around with them for a while and then switch back to Windows as soon as its convienient to do so.
When you look at historical attempts to sell an OS to dualbooters, such as OS/2 Warp, BeOS, or various consumer Linux Distros, you see that the OS sells well at retail, but ends up with very few long-term committed users. I don't think that's Apple's game at all -- they sell primarily to hard-core repeat customers.
(Even though you say it's a joke, the moderators took you seriously.)
> but this is the GOOD THING FOR ALL
Single Vendor media Lock-in is not a good thing at all, it's a TERRIBLE thing, for both the record companies and the consumers. It's only a good thing if you are an Apple stockholder.
"Only Apple Propretary Crap can save us from higher prices" is bullshit. Common sense says just the opposite, that Apple's iPod installed base would allow them to charge more than other vendors with crappier players.
The also-ran online stores generally want to LOWER prices, not raise them. They want the record companies to take a smaller cut, not a larger one. Except that the price is basically fixed by the recording industry. If they wanted to sell songs at $2/copy, they could and Apple and everyone else would have little choice but to go along.
my knowledge the only program in Windows that uses CRLF is Notepad
Are you kidding? I think you'd have trouble finding a Windows program that does NOT use CRLF text files by default (including Visual Studio and other dev tools, HTML Editors, MS Office, etc). Most Windows text editors only support LF in a special "Unix" mode.
First of all, it's hard to imagine the skill-level of web developers getting much worse. :)
The nice thing about ASP.NET is that the output produced by a "less skilled" developer is still not that terrible. It might have maintainability problems like cut-n-paste code, but is far less likely to have SQL injection and cross-site-scripting problems or tons of HTML generation spagetti. I'll take crappy ASP.NET code over crappy ASP or PHP code any day. You actually have to fight the environment for many bad practices.
> handle security problems like this
This only seems to affect a certain class of applications that rely on password security. If your app is designed for the public interenet and handles its own logins, it doesn't seem like a problem.
Simple NNTP functionality makes sense because it can be used for "Groupware" type stuff like discussions, file libraries, "shared folders", etc.
Most dedicated newsreaders are overkill for average users, with extremely complicated and confusing GUIs, and features that corporate users would rather NOT have (scoring, leeching, etc).
MSDE comes with certain versions of MS Office and with various developer tools (like the NET SDK).
Apache always run more websites than IIS at any time, still IIS was infected more ofen at any time
This is because you don't have to "run a website" in order to get infected with Code Red. Windows 2000 server runs IIS by default, and that's millions of target boxes that don't show in marketshare surveys.
Likewise with MS-SQL, client-side tools were vulnerable to the worm, meaning there was a much larger base than your 12% number suggests.
I'm not arguing with the rest of your post, just pointing out how the Linux community wants to play down the "numbers game" aspect of these things. When/If Linux achives a larger installed base of machines, and the average quality of a Linux administrator sinks to MCSE-levels, I think you will be unpleasantly surprised when the 0-day worms start coming your way.
Yes, but its an old issue that's been around forever.
Users that used to be vulnerable to the entire Internet are now only vulnerable to their ISP subnet. And they can still share files at home. It's not supposed to be perfect security, only better than nothing..
It's also worth noting that most US broadband ISP block all Windows Filesharing traffic -- otherwise your network neighborhood becomes your real neighborhood. So this "issue" isn't likely to affect many users.
this would involve killing a lot of "features"
Except that Mozilla didn't kill any of those features. In fact they cloned that stuff in order to match IE feature-for-feature.
(ActiveX were reinvented as XPI, BHOs were reinvented as 'Extensions', Toolbars reinvented as XUL/Skins. Mozilla/Firefox is loaded with programming 'hooks' that could be exploited)
On an implementation and policy level Firefox will (probably) be more secure than IE has. But that's not due to a fundementally different philosophy -- both MS and Mozilla saw the browser as a 'platform' and not just a browser.
Instead of 1990, how about 1999? I don't think there's any question that businesses would have chosen RedHat 5/6 over Solaris if the latter was well supported on x86.
Of course there's the greater issue that Sun has talked a ton of shit about Microsoft but never lifted a finger to direclty do anything about them (X11 and CDE are basically unchanged from the Gorbachev era -- the lowend was conceeded by Sun).