Those who restrict themselves to "moral" methods cannot win large wars.
Perhaps winning large wars isn't in itself necessarily a good thing? If "winning" means duplicating the behaviour of those you're fighting against, and entrenching it as public policy, it sounds like just a synonym for "losing".
(Someone, please, write a virus in a System Management Interrupt handler. Then people will start caring about NOT HAVING GIANT SECURITY HOLES IN THEIR SYSTEMS IN THE FIRST PLACE).
What! Next you will be saying that the USB standard shouldn't auto-install random device drivers and that we should have some kind of removable media devices that would always be perfectly safe to plug in and read because they'd only be a filesystem, even if you found them in the bathroom stall at a LulzSec convention. That'd be madness!
How does one do a repair install if Windows 7 won't boot?
Boot off your recovery DVD? You did make one, right?
Actually I have no idea if 'recovery media' these days are even bootable. Back in the day, we used to get real Windows install disks with our computers. No lie! They just handed 'em out in the box like they were candy, or at least not radioactive contraband which mere users couldn't be trusted to touch.
And then comes the research grants and tenure from Rainbow Hug Community College, the book deal, the lecture circuits, it's all gravy.
I want to live in your world, where New Age community colleges have trillion dollar budgets comparable with oil companies. I think it would be fun there.
Nobody is completely able to understand everything about the operation of their computers.
Fixed for reality. If computer security depends on the user knowing every single detail of every program running on their computer at every instant, we're screwed.
But if it were possible for there to be some kind of, I dunno, "system which operates" the computer, and if that system could have some kind of tiny "nut-core" of trusted code which only allowed operations which were mathematically provable not to violate security expectations in strange and confusing ways, like with buffer overflows, the user could simply delegate their trust to the via some kind of "list of controlled accesses" and rely on it not to do things randomly like, eg, execute untrusted root-level code from USB sticks when all the user thought they were doing was reading a file, or have a JPEG image suddenly smash the stack and run i386 machine code. And if the system ever, ever violated these security expectations, and let an application program's attempt to smash the stack or pass random data to an API actually get root access, everyone on the design team would be fired and the company which sold it would be fined a billion dollars instantly, because it would be as unthinkable as a CPU adding 1+1 and getting 58734... nah, that kind of idea would never fly, it's crazy thinking. The only route to security is for everyone to take a 15-year multi-doctorate in low-level CPU design and compile all their machines from raw silicon. Anything else is laziness.
If you load before the OS, then you can load as the host, and run the 'real' OS as a guest operating system. You can then intercept all calls to the hardware. (kind of like how VMware can sit under windows, and tell it that it has an LSI SCSI drive, when it doesn't.) Instead of reporting the real MBR, you can tell the guest operating system that the MBR is exactly what it expects.
What if you boot off the CD-ROM created by your favourite virus scanner which bypasses Windows and the hard disk and the MBR entirely?
Kids these days do know that nothing on the hard disk has ever been trustworthy once you have the slightest suspicious of any kind of malware, and that you always boot right off trusted read-only media as soon as you even think of running an remedial anti-malware tool, right? and that this is not some new 2011 thing but was always the case, because MBR infectors were the first kind of virus that came out? You all remember that, right?
I think what this means is not that projects get necessarily disconnected. It means that users don't like change.
Right, because change means breakage and users like getting their work done without breakage.
If project developers think that their desire for ooh!shiny!breakage is more important to the user than the user's desire for it Already Just Works Quit Breaking It, then "disconnected" is exactly what those project developers are. They've stopped caring about the user. They've even stopped caring about the fact that they're no longer caring, and actively think (and now say out loud) that not caring about the user is a positive trait, because those awful boring users are holding the creative genius of developers back, and the users need to just shut up and let the developers break all their stuff.
The Internet's users treat change, sensibly, as the damage it is and attempt to route around it, and they should be celebrated for doing so, not ridiculed. The problem the Internet's developers have is that they've accepted the false idea that change in itself is a positive good to be forced upon people whether they like it or not.
Consider this: would a bridge need to be destroyed and rebuilt every six weeks unless it was catastrophically mis-designed every single time it was built? Then why should any critical piece of data-bearing infrastructure need to be replaced on such a rapid cycle?
Build things to be extended, not changed. Build them once, build them right, and stop messing with them once they're built right.
If the software industry has no actual way to tell whether something is ever "built right" -- then it's got catastrophic failure prebaked into everything that ships, and that can't be a good thing, can it?
so no I am completely oblivious to corporations that just want to use something for free and then come a complain and whine that something isn't supported anymore...
Heh.
We're not 'whining' about Firefox. We're simply advising you that from today we're deleting it from our systems, en masse, across all of Corporate Earth. You and the Mozilla Corporation have made it perfectly clear that in return for us not paying you a cent (but giving you a whole lot of page views) you not only don't care about us at all but actively want us to stop using your free product.
So, fine, that's the way you think the world works, we'll oblige. We are paying Microsoft for their web browser, since it ships with Windows which costs us hundreds of thousands of dollars a year - so we'll use that instead.
Oh, did you want someone to actually use your free product, anywhere on Earth in future? No, I'm sure that's the exact opposite of what you just said. Well, thanks for the ride, it's been fun, but you've just kicked us out so we'll take our hat and leave.
Have fun with your future 0% install base! But all those lazy, greedy corporate hangers-on who write websites that use standards that your free browser might have wanted to adopt - we won't be troubling you further.
No, I'm not sure even Ubuntu know who their target market are any more. Like Mozilla, they want to be Apple, without understanding that some Apple products actually work (but not Quicktime on Windows. Brrrr.)
Much of the reason for the CCK is largely gone - default settings can be defined before ghosting a PC.
Not even close. We don't define things like default browser settings on the image - we have one image for our entire enterprise, and use SCCM, App-V, WSUS and Group Policy to apply nightly updates and fine-grained policy control based on application and business unit. Granted, we're an educational institution so we have slightly different (more challenging) configuration and lockdown requirements than mainstream businesses, but still. "Ghosting" is so 1997. We don't do that anymore, and it was never a good way to configure things in the first place.
Good luck in your future software development career, I guess, if you don't even understand the first thing about business manageability requirements. You'll need it. But please don't develop any software I have to install and support.
"paying attention to how your software interacts with the whole computing environment" is EXACTLY what software developers should be doing as basic job #1. Sadly too often this doesn't seem to be taught or is left as a footnote: "finally, after the program is all done, work out some way of installing it, but don't actually bother to put much thought into that part. Just assume that your shiny butterfly application, and only this one version of it, is the only thing which has ever run or ever will be run on the user's machine and that they have exactly the same hardware and software that you have, and you'll be fine."
Is it disturbing to have an open-source project say "here's a population of users; we unfortunately don't have the resources to address their special needs at this point"?
Yes, it's very disturbing to hear that if you are a business and the project states that it officially considers business users to be "special needs".
Basically it means your business can't consider that project, ever, until or unless that attittude changes. It just wouldn't make sense.
Is there a for-pay Firefox which does provide equivalent enterprise manageability as Internet Explorer does? And bear in mind that "equivalent" in this case really primarily means "provides security patches which can be centrally deployed without breaking functionality and without the users having to be administratators". Everything else (Group Policy lockdown, etc) is gravy on the side, but regular security patches NOT pushed out haphazardly by user-mode auto-updaters which may or may not have firewall access and desktop admin rights is a must-have, do-not-pass-go-or-you're-fired sort of requirement these days. It's a harsh Web out there and we need to be protected, and that means we need to use the standard enterprise tools for protecting ourselves. Not consumer-grade, sorta-maybe stuff which looks shiny but assumes a single-user, admin-level account.
Actually Firefox 4 hasn't been that bad for us for enterprise manageability. We're deploying it via App-V on Win 7, and it mostly plays very nicely with, eg, auto-detecting Java and Flash updates on the client, and even the config file settings are mostly tolerable though they're not GPO compatible and took some Googling to set up. Until this Firefox 5 stunt I was very positive about Firefox again, after having to abandon it for years due to lack of patchability.
But hearing official Mozilla spokespeople say "we don't care about the enterprise" is just really, really bad karma. It's one thing to not have them say anything. It's another again to have them say "enterprise users, please go elsewhere".
Because if you Firefox guys want all the entire planet's business community to stop using your product, we will. But I don't think actually really want that, if you stopped to consider the cost. Do you want all corporate websites from now on to be IE-only? Because that's what you'll get.
What, because they're the best alternative they should be REQUIRED to add all the various features and spend all their time working to please enterprise users?
No, because they don't want to add the required features to make their product usable by enterprises, they have resigned themselves to never being the best alternative in a business environment.
Which is sad because I don't want my business to be forced to run IE only - but it looks like Mozilla don't want us to run them at work. They want to be a toy browser not usable by serious people for serious work. They actually aspire to permanent silly-distraction status.
Thanks a lot, Asa.
(Actually, I blame Steve Jobs. He successfully resurrected Apple by betting the company on a silly-toy product - the music-only iPod - and won. So now everyone else thinks that chasing the toy consumer market and running away from business is the route to mega-success. But it's not. Some of us still have to do real work, and we don't all do it in Photoshop and iTunes.)
group policies, remotely configuring proxy, enterprise settings, locking down the browser, etc
That's a pretty good bullet list of the things that enterprises feel they need that aren't worth supporting in a decent browser. The more 'enterprisey' a piece of software, the less actual useful features that allow people to get work done and the more junk added just to support the things enterprises do to prevent employees from doing stuff.
I'm pretty harsh on the mania for centralized locked-down control by IT in big corporations
ORLY.
I'm guessing that you don't work professionally as a system administrator in business, which means that you don't actually understand the problem, and are therefore unqualified to make a critique of it.
No offence, but all these things are very useful and important to IT departments, and centrally managed IT is here to stay because business likes things to work properly whether or not you personally feel that as a delicate flower you are being oppressed by The Man.
As a system administrator myself, I'm very disappointed that a Mozilla spokesperson has come out and said publically what I and my colleagues have felt they've been thinking privately for the last few years. I mean I guess it's nice Asa's being honest, but sheesh. I'd rather not push all our employees further into the arms of Microsoft, but Mozilla are setting new records for Simply Not Getting Business at all.
At home I want stability.... and perhaps see how much money they have on their account.
And since I'd like the amount of money in my bank account to stay stable and not mysteriously disappear overnight into the Nigerian Mafia, I'd personally very much like my home browser to be secure.
Slashdot Mirror
Those who restrict themselves to "moral" methods cannot win large wars.
Perhaps winning large wars isn't in itself necessarily a good thing? If "winning" means duplicating the behaviour of those you're fighting against, and entrenching it as public policy, it sounds like just a synonym for "losing".
I call Inky, Blinky and Clyde in the corner pocket. Cherries are trumps.
When I hear the phrase "When I hear the phrase $x, I reach for my $y", I reach for my Quine.
SMI
(Someone, please, write a virus in a System Management Interrupt handler. Then people will start caring about NOT HAVING GIANT SECURITY HOLES IN THEIR SYSTEMS IN THE FIRST PLACE).
What! Next you will be saying that the USB standard shouldn't auto-install random device drivers and that we should have some kind of removable media devices that would always be perfectly safe to plug in and read because they'd only be a filesystem, even if you found them in the bathroom stall at a LulzSec convention. That'd be madness!
How does one do a repair install if Windows 7 won't boot?
Boot off your recovery DVD? You did make one, right?
Actually I have no idea if 'recovery media' these days are even bootable. Back in the day, we used to get real Windows install disks with our computers. No lie! They just handed 'em out in the box like they were candy, or at least not radioactive contraband which mere users couldn't be trusted to touch.
But the point is that if something's been around as long as flint arrows or boot sector viruses, we've usually come up with a good defense against it.
Yes, and in both cases, the best defence is still generally 'don't get hit with one'.
Never underestimate the power of primitive attacks to overcome sophisticated defences.
When we secure servers with fear and obscurity. Looks like no one is safe, they all have less than ideal set ups.
We secure our servers with fear! Fear and obscurity! Fear, obscurity and 512-bit RSA public-key biometric tokens... I'll come in again.
and for some reason I had thought that Brazil was a functioning democracy.
Heh. Yes, Brazilian democracy functions exactly as designed if you're rich and know the right people. If you live in a favela... maybe not so much.
And then comes the research grants and tenure from Rainbow Hug Community College, the book deal, the lecture circuits, it's all gravy.
I want to live in your world, where New Age community colleges have trillion dollar budgets comparable with oil companies. I think it would be fun there.
Nobody is completely able to understand everything about the operation of their computers.
Fixed for reality. If computer security depends on the user knowing every single detail of every program running on their computer at every instant, we're screwed.
But if it were possible for there to be some kind of, I dunno, "system which operates" the computer, and if that system could have some kind of tiny "nut-core" of trusted code which only allowed operations which were mathematically provable not to violate security expectations in strange and confusing ways, like with buffer overflows, the user could simply delegate their trust to the via some kind of "list of controlled accesses" and rely on it not to do things randomly like, eg, execute untrusted root-level code from USB sticks when all the user thought they were doing was reading a file, or have a JPEG image suddenly smash the stack and run i386 machine code. And if the system ever, ever violated these security expectations, and let an application program's attempt to smash the stack or pass random data to an API actually get root access, everyone on the design team would be fired and the company which sold it would be fined a billion dollars instantly, because it would be as unthinkable as a CPU adding 1+1 and getting 58734. .. nah, that kind of idea would never fly, it's crazy thinking. The only route to security is for everyone to take a 15-year multi-doctorate in low-level CPU design and compile all their machines from raw silicon. Anything else is laziness.
Or we could, you know, just use more secure operating systems.
A technological solution to a technological problem? Surely you jest!
If you load before the OS, then you can load as the host, and run the 'real' OS as a guest operating system. You can then intercept all calls to the hardware. (kind of like how VMware can sit under windows, and tell it that it has an LSI SCSI drive, when it doesn't.) Instead of reporting the real MBR, you can tell the guest operating system that the MBR is exactly what it expects.
What if you boot off the CD-ROM created by your favourite virus scanner which bypasses Windows and the hard disk and the MBR entirely?
Kids these days do know that nothing on the hard disk has ever been trustworthy once you have the slightest suspicious of any kind of malware, and that you always boot right off trusted read-only media as soon as you even think of running an remedial anti-malware tool, right? and that this is not some new 2011 thing but was always the case, because MBR infectors were the first kind of virus that came out? You all remember that, right?
right?
And what's a farmville?
Farmville is the world that has been pulled over your eyes, to turn a human being into
(holds up a cow with a spring-powered clicker attached. ka-click, moo!)
one of these.
I'm with the Mozilla People's Liberation Front myself.
"It's better than a sharp stick in the eye, walking on hot coals and being eaten alive by a Burmese Python of unusual size ... just."
"But it's a whole heckuva lot better than running Firefox 5!"
I think what this means is not that projects get necessarily disconnected. It means that users don't like change.
Right, because change means breakage and users like getting their work done without breakage.
If project developers think that their desire for ooh!shiny!breakage is more important to the user than the user's desire for it Already Just Works Quit Breaking It, then "disconnected" is exactly what those project developers are. They've stopped caring about the user. They've even stopped caring about the fact that they're no longer caring, and actively think (and now say out loud) that not caring about the user is a positive trait, because those awful boring users are holding the creative genius of developers back, and the users need to just shut up and let the developers break all their stuff.
The Internet's users treat change, sensibly, as the damage it is and attempt to route around it, and they should be celebrated for doing so, not ridiculed. The problem the Internet's developers have is that they've accepted the false idea that change in itself is a positive good to be forced upon people whether they like it or not.
Consider this: would a bridge need to be destroyed and rebuilt every six weeks unless it was catastrophically mis-designed every single time it was built? Then why should any critical piece of data-bearing infrastructure need to be replaced on such a rapid cycle?
Build things to be extended, not changed. Build them once, build them right, and stop messing with them once they're built right.
If the software industry has no actual way to tell whether something is ever "built right" -- then it's got catastrophic failure prebaked into everything that ships, and that can't be a good thing, can it?
Who exactly is putting a gun to your head and forcing you to upgrade?
LulzSec, for one.
so no I am completely oblivious to corporations that just want to use something for free and then come a complain and whine that something isn't supported anymore...
Heh.
We're not 'whining' about Firefox. We're simply advising you that from today we're deleting it from our systems, en masse, across all of Corporate Earth. You and the Mozilla Corporation have made it perfectly clear that in return for us not paying you a cent (but giving you a whole lot of page views) you not only don't care about us at all but actively want us to stop using your free product.
So, fine, that's the way you think the world works, we'll oblige. We are paying Microsoft for their web browser, since it ships with Windows which costs us hundreds of thousands of dollars a year - so we'll use that instead.
Oh, did you want someone to actually use your free product, anywhere on Earth in future? No, I'm sure that's the exact opposite of what you just said. Well, thanks for the ride, it's been fun, but you've just kicked us out so we'll take our hat and leave.
Have fun with your future 0% install base! But all those lazy, greedy corporate hangers-on who write websites that use standards that your free browser might have wanted to adopt - we won't be troubling you further.
Sincerely, The Enterprise.
Ubuntu at least knows who butters its bread.
*cough* Unity *cough*
No, I'm not sure even Ubuntu know who their target market are any more. Like Mozilla, they want to be Apple, without understanding that some Apple products actually work (but not Quicktime on Windows. Brrrr.)
Much of the reason for the CCK is largely gone - default settings can be defined before ghosting a PC.
Not even close. We don't define things like default browser settings on the image - we have one image for our entire enterprise, and use SCCM, App-V, WSUS and Group Policy to apply nightly updates and fine-grained policy control based on application and business unit. Granted, we're an educational institution so we have slightly different (more challenging) configuration and lockdown requirements than mainstream businesses, but still. "Ghosting" is so 1997. We don't do that anymore, and it was never a good way to configure things in the first place.
Good luck in your future software development career, I guess, if you don't even understand the first thing about business manageability requirements. You'll need it. But please don't develop any software I have to install and support.
+++ This.
"paying attention to how your software interacts with the whole computing environment" is EXACTLY what software developers should be doing as basic job #1. Sadly too often this doesn't seem to be taught or is left as a footnote: "finally, after the program is all done, work out some way of installing it, but don't actually bother to put much thought into that part. Just assume that your shiny butterfly application, and only this one version of it, is the only thing which has ever run or ever will be run on the user's machine and that they have exactly the same hardware and software that you have, and you'll be fine."
Is it disturbing to have an open-source project say "here's a population of users; we unfortunately don't have the resources to address their special needs at this point"?
Yes, it's very disturbing to hear that if you are a business and the project states that it officially considers business users to be "special needs".
Basically it means your business can't consider that project, ever, until or unless that attittude changes. It just wouldn't make sense.
Is there a for-pay Firefox which does provide equivalent enterprise manageability as Internet Explorer does? And bear in mind that "equivalent" in this case really primarily means "provides security patches which can be centrally deployed without breaking functionality and without the users having to be administratators". Everything else (Group Policy lockdown, etc) is gravy on the side, but regular security patches NOT pushed out haphazardly by user-mode auto-updaters which may or may not have firewall access and desktop admin rights is a must-have, do-not-pass-go-or-you're-fired sort of requirement these days. It's a harsh Web out there and we need to be protected, and that means we need to use the standard enterprise tools for protecting ourselves. Not consumer-grade, sorta-maybe stuff which looks shiny but assumes a single-user, admin-level account.
Actually Firefox 4 hasn't been that bad for us for enterprise manageability. We're deploying it via App-V on Win 7, and it mostly plays very nicely with, eg, auto-detecting Java and Flash updates on the client, and even the config file settings are mostly tolerable though they're not GPO compatible and took some Googling to set up. Until this Firefox 5 stunt I was very positive about Firefox again, after having to abandon it for years due to lack of patchability.
But hearing official Mozilla spokespeople say "we don't care about the enterprise" is just really, really bad karma. It's one thing to not have them say anything. It's another again to have them say "enterprise users, please go elsewhere".
Because if you Firefox guys want all the entire planet's business community to stop using your product, we will. But I don't think actually really want that, if you stopped to consider the cost. Do you want all corporate websites from now on to be IE-only? Because that's what you'll get.
What, because they're the best alternative they should be REQUIRED to add all the various features and spend all their time working to please enterprise users?
No, because they don't want to add the required features to make their product usable by enterprises, they have resigned themselves to never being the best alternative in a business environment.
Which is sad because I don't want my business to be forced to run IE only - but it looks like Mozilla don't want us to run them at work. They want to be a toy browser not usable by serious people for serious work. They actually aspire to permanent silly-distraction status.
Thanks a lot, Asa.
(Actually, I blame Steve Jobs. He successfully resurrected Apple by betting the company on a silly-toy product - the music-only iPod - and won. So now everyone else thinks that chasing the toy consumer market and running away from business is the route to mega-success. But it's not. Some of us still have to do real work, and we don't all do it in Photoshop and iTunes.)
group policies, remotely configuring proxy, enterprise settings, locking down the browser, etc
That's a pretty good bullet list of the things that enterprises feel they need that aren't worth supporting in a decent browser. The more 'enterprisey' a piece of software, the less actual useful features that allow people to get work done and the more junk added just to support the things enterprises do to prevent employees from doing stuff.
I'm pretty harsh on the mania for centralized locked-down control by IT in big corporations
ORLY.
I'm guessing that you don't work professionally as a system administrator in business, which means that you don't actually understand the problem, and are therefore unqualified to make a critique of it.
No offence, but all these things are very useful and important to IT departments, and centrally managed IT is here to stay because business likes things to work properly whether or not you personally feel that as a delicate flower you are being oppressed by The Man.
As a system administrator myself, I'm very disappointed that a Mozilla spokesperson has come out and said publically what I and my colleagues have felt they've been thinking privately for the last few years. I mean I guess it's nice Asa's being honest, but sheesh. I'd rather not push all our employees further into the arms of Microsoft, but Mozilla are setting new records for Simply Not Getting Business at all.
At home I want stability. ... and perhaps see how much money they have on their account.
And since I'd like the amount of money in my bank account to stay stable and not mysteriously disappear overnight into the Nigerian Mafia, I'd personally very much like my home browser to be secure.