It used to happen. I remember back when Slashdot was new that readers had articles/essays posted on Slashdot. I think CmdrTaco and Hemos both had a few articles here and there, but I can't remember./. has just grown too big. Kuro5hin is much better for that though.
Exactly. Not only did Rob misspell the virus name (it's actually Simile--not Smile) but this article is not even satirical. When I think of satire I think of Dave Barry. These writers need to really work on their craft. As an example of how this could have gone:
Linux Catches a Cold
Linux anti-virus companies have been incredibly busy this past week. "Yessir... we have had to decrease our table tennis time by nearly 10 minutes to accomodate our customer's needs this week," says Roger, project manager at Linux Virus-Be-Gone. "We almost had to outsource our development because we were afraid that our main developer would not be out of school, er, free at that time, but in the end he pulled through," Roger added.
"It was a tough one to crack, I'll say that," Chris, main developer at Linux Virus-Be-Gone opined. "For the first ten minutes I didn't have a clue how to operate the virus," claims Chris. "Then I discovered that you had to login as root to start the magic It was all downhill from there."
I'm not a writer, but you get the idea. If it was funny I wouldn't gripe, but this just sounds like Linux bigotry.
Security is not only at the source code level, so that book you refer to is irrelavant. I was using the word "Object" to mean any generic "thing" which has security needs. A human has little physical properties which are like a computer, but human viruses work much the same as computer viruses work. If you want a person to defect (i.e. give classified information) you use a well-known (similar) psychological pattern to get him to defect. I never said moving a web server to a different port would make a system perfectly secure. What it will do is make it _different_ than other, typical systems. If you move the web server to a different port _and_ move your/etc/inetd.conf file to a different location you will have one more difference from the norm.
that's just an abnormal software configuration
You read way too much into what I was saying. I'm not telling you how to secure your system. I'm simply saying what makes a system secure--the differences between systems. If you could have every piece of software bug-free you would still have security issues because of _design_. Design is the big picture (and I'm not talking only software design), while source code is small parts of a design implemented. Think of it like this: Red Hat Linux is a system. Probably 90%+ of Red Hat Linux installations have perl installed. This is a property of Red Hat Linux and has nothing to do whatsoever about source code. I'm not implying any security issues w/ perl and Red Hat, I'm simply showing you what I mean when I say "similar."
You say that "this is security from script kiddies," but you fail to see that the professionals use this principle of similarity. Infact, buffer overflows and the like will most likely not be used by professionals because they can be discovered by paranoid system admins. Most likely some form of social manipulation will take place and the professional will obtain access to the system so that it looks exactly like a normal access and a normal operation. In other words, code-level security becomes irrelevant when the perpetrator has a key for the front door. If you really think that security can be placed into a _static_ program then you are delusional. Every security method present today is put there to keep out "script kiddies" (people who try to gain access to random servers with only a slight degree of care about being detected).
You (and plenty others) are paranoid about people other than "script kiddies," but there are so few of the professionals that it makes no sense to worry about it, really. Just keep in check with the script kiddies and forget any sort of security ideal. There is no security panecea, or silver bullet. Programs should be made bug-free, but there should be no attempt to guarantee security.. or give a false sense of it.
People like to throw around "secure" as if it is some sort of absolute.. like "my box is secure." Secure from whom.. or what? Could your own mother defect and obtain access to your box? What about your co-worker? People were shocked when denial-of-service came about. Admins figured it out, but then distributed-denial-of-service came around. Previously, no one thought that _giving_ information (superfluous/irrelavant or not) could cause a security problem. Now even *ix trademark programs such as finger, echo, ping, time, etc. had to be shut off. This is security after-the-fact. The damage has been done and now admins sit idly by securing their systems for _today's_ security issues while doing nothing for _tomorrow's_ security issues. And there really isn't much admins can do. You can't possibly consider every conceivable way of gaining access to a system. So what do admins, software developers, and system designers do? They focus on patterned attacks--the script kiddies. This book you mentioned focuses entirely on patterned ways of breaking into a system.
As an example, consider this: There is a building with a metal detector at the doorway. You want to have a gun inside the building but can't get it past the metal detector. The metal detector is there to prevent the most common way of bringing a gun into the building--the front door. What possible ways are there? Try tossing the gun onto the roof. Walk into the building, go to the roof. If the rent-a-cop doesn't spot you throwing the gun or going to the roof then you are probably home-free. Replace metal detector with "login" and rent-a-cop with "system admin" and you have the same security pattern going on.
this is a pretty flawed argument. Do these security experts actually look at "script kiddie" tools? If they cared to do a little homework they would see that many exploits and tools cover a wide array of software versions. Exploits for antique software are relatively easy to find. Now you could claim that _obscure_ software is more difficult to crack, and you would probably be right. But keep in mind that that software is obscure for a reason--it's probably junk. Just because you are running last generation's software does not mean the current cracker generation can not get to those exploits (or information needed for the software).
I believe there is a little bit of confusion in this article between obscurity in the sense of software not being widely used and obscurity in the sense of proprietary closed-source software. There is also the confusion of software _differences_, which the author of this article bungles together with software age. In any case, this article is seriously misguided. Let me explain:
There is an Object. It could be your physical hardware, your OS, or simply a version of a software package. Imagine two generic Objects, Object-A and Object-B, exact in every practical way. Now imagine an Exploit that works on Object-A (and a cracker has access to this object). It also works on Object-B (your object) because they are identical. Now imagine there is an Object-C. It is very similar to Object-A and B, but has a few slight differences. Now the Exploit will need to change to accomodate this. This is _security_. This is the same principle viruses (biological or computer) work on. The differences between objects makes them secure. The less difference, the less secure. Think of any *ix security measure. Passwords, for instance, are simply ~8 character differences (and a login name) between one *ix and the next. Attempting to break a password by trial-and-error is impractical. Crackers rely on this principle of _similarity_ of systems to break passwords. They download a system's password file and use a "word file" to crack passwords. This word file is merely commonly used passwords--again, the principle of similarity. Most *ix systems have a password file in a common format and there are common passwords. Common system properties (/etc/passwd, etc.) + common user psychology turns what is a very secure method (passwords) into a very insecure method. One small admin. change could make the difference between a system being cracked or not (such as moving daemons to a "strange" location or partition, etc.).
Software age has nothing to do with security. The article really has many seperate issues tied together and it really is not a good idea to just use older software for security sake.
Be Inc. never had a good marketing plan. They tried to sell to Apple's market (hobbist multimedia) but forgot a tiny little detail--most of those people use _Apple_ computers, which will not run BeOS. The x86 is still considered an office workstation and not much more. Today you finally see big business considering x86 hardware for other things such as databases, rendering, etc. but x86 still has that office stigma. Netscape failed way before you even heard about them. They had no business plan. About the only idea going for them was to create their http server and sell it by adding Netscape proprietary extensions which only work with Navigator/Communicatior. Obviously, there were better http servers around at the time and Netscape could not hack it. That is how capitalism works. If a business can't hack it they fail. I really wouldn't go crying for them. They made out with billions from their IPO--even if they got extremely lazy and incoordinated and ran the business into the ground (which is what happened). I honestly can't get better software from SourceForge. Try obtaining a program that is equal in functionality to MS Office. What about MS Flight Sim? There is only one major open source flight sim that I know of and last time I tried it, it was seriously lacking.
For you to even think MS needs to be compared with them shows how backwards your position is.
That is exactly my point. There is no valid comparison between open source software and Microsoft. There have been plenty of amateurs hacking the Linux kernel that probably shouldn't have. Yet someone (many someones) always brings up how better open source is at security, bugs,etc. Just look in this article and you will see many, I'm sure.
None of these people should be expected to create a decent, bug-free program.
And you honestly think that open source hackers should be designing programs without specification? That is exactly what they do every day. The Linux kernel, GNOME, KDE, etc. You will probably hint at the GNOME design guildlines or what have you, but between me and you, those are 100% PR bullshit or masterbation. No one follows them and they don't cover design. The GTK+ manual was produced _after_ GTK+ was written. Most open source manuals come _after_ the software was written. It should be the first thing written, and software should follow _it_.
Now you will probably say "Well they aren't expected to make bug-free programs," and I will tell you that you do not give a damn about bug-free programs and you simply want to bash Microsoft. If you cared about it then you would have well payed professionals who _designed_ the software. Instead you are using software designed by hobbyists in their spare time which at any given moment could theoretically crash and burn and destroy your entire computer. You won't believe this is possible simply because you are so sold on the Linux hackers reputations of good, honest, giving people.
To gripe about bug-free programs and to be using software that was not designed, but hacked together is pure hypocrisy.
I've used it before. Not to dis the guy who made it (BitchX isn't too bad an effort), but it does seem a bit script kiddie-like.
Actually it is a horrible effort. It is an extremely hacked-up ircII (the original IRC client). Because of the layers upon layers of hacks almost nothing works consitently. There are antiquated features still present with new features simply thrown ontop. But this is my point. Microsoft is not simply one individual, nor are they one group. They have many different groups working independently. I'm sure they have varying degrees of skill level too.
What kind of dumbfuck would use sendmail or bind on their servers??? There are plenty of alternatives to those programs...
Many, many people would (and still do).
Microsoft won't even acknowledge the most horrid of bugs/exploits and will only release a patch if they are embarrassed into it.
This is FUD. MS released info on the Code Red worm way before Slashdot (and many others) got word. If I remember correctly, it was _months_ before Slashdot posted about it. There was no pressure to say anything about it.
This is fine and good, but could we please stop this needless bashing of MS? There are better places for security information than Slashdot. Perhaps show just a hint of optimism instead of negativity all the time.
Many Slashdot readers have a serious flaw in placing the blame on one entity known as "Microsoft." They forget that MS is divided into many project groups with many developers that most likely do not have contact with other group members. If you want to make a better comparison of MS vs open source then take 80-90% of _all_ open source programs and compare the number of flaws to MS' flaws. Take a simple program like "BitchX," an IRC client. It has had countless security issues, and IRC has been around since '89 or so. We like to conveniently forget about sendmail and bind and focus on the Linux kernel stability. Let's not forget that the Linux kernel has a very poor track record of stability and security. Remember the 2.0.3x series? Nearly every other kernel had a remote exploit. In conclusion: there is no equal or objective comparison between MS and "Linux" (or whatever you want to define as the yardstick of security.. which is typically "Linux" on/.) in terms of security. It is nonsense and articles like this tell me that Slashdot editors are more interested in emotionally attached flamewars to increase page hits and advertisment views than actual unbiased news.
The theme of this article is about selling. Everyone lives (in capitalism) by selling something. If you work a 9-5 job you are selling your time to a company (whether you know it or not). Jon Katz is selling himself by riding the bandwagon. He does this with Sept. 11, Columbine and the Open Source(TM) revolution. There is no revolution. There is one big fucking marketing campaign after another. The author of this book is selling his books by tearing down his former employer. Jon Katz is selling himself and this article by the Amazon.com one-click and/. anti-patent idealism connection (even if he never outright admits it). Before the one-click issue Amazon was generally fine by most people (/. had an Amazon-friendly attitude). Now that/. has an anti-Amazon attitude, Jon sells (markets) towards that.
Jon Katz is not a writer. He has no love of writing and it shows. He is a puppet.
"We waste our lives working at jobs we hate to buy shit we don't need!" --Fight Club
That is capitalism for you. You can fake love (musician, writer, etc.) but you are simply dancing for the man above you. Wal-Mart doesn't like what you have to say? Tough. No sales for you. Like the quote states, Jon Katz article is more shit we don't need. There is no meaning or message--merely an emotional expose. He is dancing for the stereotypical Slashdot crowd--the one which hates Amazon because of their one-click patent. And the Slashdot crowd that was consumed with dot-com euphoria which has now become jaded. They need someone to blame, might as well blame a public figure such as Jeff Bezos.
Why should anyone care what one disgruntled employee, who is clearly a little jealous that he didn't get his millions "promised," have to say? I sure don't. Amazon gets items purchased to my front door in 3-4 days using standard shipping. The items are perfect in quality and the price is great. It is extremely easy to shop there and I actually like their customer reviews and how they pick items I might be interested in and display those also. It has worked for me, why should I care if Amazon.com is not some dot-com Holy Grail or capitalism revolution?
The dot-com and idealism was yesterday's fad. Today's fad is common sense and pragmatism. Tomorrow will be mostly sunny with a slight chance of rain.
It's not really in the distribution companies' favor to adhere to standards. I am 100% positive that Red Hat will do everything in their power (when push comes to shove) to push standards in their favor. They will (subtle or not) try to become a dependency. RPM is one such dependency many people know about today. People get confused easily because it is all GPL software. They forget that copyrights are still held and software _is_ still owned, GPL or not. They assume that RPM can just be easily forked if Red Hat does something the "community" does not agree with. This is absurd and the reality is Red Hat will always define what that aspect of Red Hat Linux (RPM) is. And many distros and developers will continue to agree to this de facto standard simply for convenience. We forget that convenience is the sole reason people choose proprietary software (Windows, MacOS, etc.). They (the people who choose proprietary.. or Red Hat, etc. Linux) have no reason to uphold a community standard. It sounds so nice and sweet that we could have a community standard that people agree on, but that will never happen. LSB is a dead cause when business has a bottom line.
It is not a coincidence that RPM is widely used and that the easiest distribution (most friendly, anyhow) to use RPMs with is Red Hat Linux. Software architecture business is all about dependencies. Give away the razor, make money on the blades (or in this case, make money on ease-of-use and coherence of the entire system).
Standards are a pipe-dream. Today distributions might adhere to LSB and proudly state so. But they turn around and add many proprietary (i.e. non-LSB) features. These features in turn become depended on by developers simply because of convenience. These features then become de facto standards and then LSB becomes irrelavant. Today you might as well simply say Red Hat is the Linux standard. They have more momentum than the other distributions (especially in corporate America where it really counts). I use Slackware myself and it is very sad to see all the Red Hat-isms introduced. I used Slack 3.2 and then switched to 7. It was quite a shock to see RPM integrated into Slack. Think of it as Israel and Palestine calling a truce.
No Jon. This movie is out before 9/11. It's only May. Seriously, what in the fuck does 9/11 have to do with this movie? You are so into globalization yet you fail to see that this movie plays in countries other than America. So why do you feel it has to have pictures of New York in it or it has to be filmed no more than 50 yards distance of the WTC site? Hell, I live in NC. I haven't been affected by 9/11/01 at all (except for people's annoying ass flag waving.. which the fad has faded greatly now). I mean, the disaster was great entertainment for a day, but you can only watch jets fly into huge buildings so long before it gets old. Please stop using the hype of Nine-Eleven(TM) to push your trash that your are trying to pass up as a real movie article/comparison. In other words: NO ONE GIVES A DAMN ANYMORE. The only ones still giving a damn are people who actually knew someone who died or the media (i.e. your dumbass) who are hyping things by association.
Why didn't you use Columbine to pump up this trash? I mean, they use GODDAMN LIGHTSABERS AND LASERS in Starwars! What do 9/11 terrorists use? Friggen box cutters. How boring. Shotguns and explosives are way more interesting and almost-in-a-JonKatz-logic-type-way related to Starwars.
There is no connection. If Red Hat warned there is a flaw in say, zlib, then thousands of boxes remain flawed. Security after the fact is not security at all. Merely FUD from open source camp.
are unprofessional and completely asinine. The articles are completely unrelated. Did Michael even read the article he attached before his mindless masterbation about "yet another remote root hole?" Windows has no concept of "root." What in the fuck is he babbling about? The article he attached is about Microsoft alerting customers about a hole. The title is "Microsoft Warns of Critical Instant Messaging Flaw." There is absolutely no mention of integration with Microsoft's operating system. Why the hell does he insist on bashing needlessly?
Ummm. Wal-Mart moved probably less than 1/4th mile away into a Super Wal-Mart here, and now an Old Navy and other things are using the old Wal-Mart building. They were in the building almost as soon as the new Super Wal-Mart opened. I don't know where you come up with this stuff. Infact, the entire building had been remodeled to accomodate the new tenets (walls torn down, new ones put up, etc.).
I dunno... I think some people actually purchase cigarettes and sodas because _of_ the addictive ingredient. In other words, they genuinely _want_ whatever feeling that ingredient gives them. It isn't an invisible "power" which takes control over them. I've seen people quit smoking with almost a flick of a switch. I myself have tried cutting down on caffeine, but it just isn't worth it to me right now (even when I do know it messes with your sleep and various other things). The point of this is: people are gaining something from the product (it isn't merely "fraudulent" product which doesn't work as advertised). The good thing is people can easily get information on these substances and can determine health issues, if they are so inclined.
First, that the initial decision is usually made in youth, when wisdom is not generally a core part of our character. Second, that the (wise) decision to cease smoking is made more difficult by the addictive nature of nicotine, and that this in and of itself is out of bounds for a successful and fair free market
Hmm. I don't really believe in wisdom. Or, rather, wisdom is relative. Most people smoking have this motto of "you're going to die sometime." I don't see anything wrong with living by this philosophy, or "wisdom." You would think adults would generally know better than youths, but they don't. There is a great quote from American Beauty that just escapes me at the moment (something to do with how adults are still the same insecure and confused people they were when they were young). Watch the movie if you haven't already. You can see the mother (Carolyn?) and how see does certain things to look "cool," as a youth would with smoking. If the mother thought it would be cool to light-up a cigarette to impress the "King" (I forget his name..) then she would.
People do whatever is right for them at the moment. People smoke pot all the time because of the certain socially acceptable circles they get into. And there are no corporations out pandering pot to minors, either. Or the more deadly and addictive heroin and cocaine. Adults don't run around _not_ doing pot, etc. because they "know better." Many adults do smoke pot, etc. (and I wager that many did start after age 20) while knowing the illegality of it.
I'd also like to say that it would probably be a Good Thing if the government made every illegal drug, legal. Then they could regulate the safety issues. You don't really see people out today rolling their own cigarettes and smoking without a filter. And then there is the issue of alcohol being even worse than some illegal drugs (i.e. pot). Just doesn't make sense to me how the US has drug use setup the way it currently does.
Ha! That "classic" book originally came out in 1987. You call that classic? Lets try going back to Symbolics, eh? Lisp machines with Lisp operating systems (or, for the pedant in me: LISP as it was called back then). Every OS "technology" discussed in that book is at least a decade or two old and they are all about UNIX-based OSes. Get real.
Those operating systems are very much alike, in the functionality they provide to the user
Please. DOS is nothing like Linux and they are both CLIs. The functionality provided to the user is nothing alike. You are giving me strawmen and I am blowing them down. And you call me the kid? Ha! Run along and play with your toys now, son.
I like how you completely ignore the issue and at the same time talk about the issue in a side-stepping manner and resort to immature tactics like calling me "kid." Please, grow a fucking brain you dumbshit.
For one thing, I already stated that I know MS has been charged and determined guilty in anti-competitive behavior. That does not mean I agree with the judgement, nor do I believe in any possible resolution which will benefit consumers. I for one believe Microsoft is not a monopoly because of various reasons and this is why no remedy is possible. This is orthogonal to whatever the government has judged. I'm simply saying for a possible monopoly remedy there has to be a possible monopoly resource which the government can open up to competitors. This is not possible because the only resource involved in this "monopoly" is a direct result of Microsoft's labor and not a physical resource such as oil. What the government is not seeing is that Microsoft does not have a monopoly on a resource, but on a focal point or dependency. They also do not seem to understand that this focal point can shift and bring another "monopoly" into power because of the nature of applications, software, and the "desktop" market.
If they don't sell you Windows, the store owner is out of business.
This is simply not true. In a market, supply meets demand. No one is demanding anything other than Windows (typically.. demanding say Red Hat Linux would be very uncommon in Best Buy). It is probably cheaper for vendors to sign a Windows deal rather than purchase Windows on a per-demand basis.
In fact, even if Microsoft did hurt you, you will never have the
balls to go to court and speak against them.
This is garbage. I remember a few years ago a woman bought a coffee at McDonalds and spilled some on her and got burnt. She sued and got a massive amount in the settlement. It wasn't even McDonalds fault.
Do you recall how many software companies
that make Windows products had the guts to testify against Microsoft?
Perhaps only a few people were "hurt." The other companies such as Sun and Netscape were doing it in an anti-competitive nature by actually using the government as a business tool to strike at Microsoft.
Okay then. Describe exactly what consists of an operating system. Exactly. Then tell me who agrees to this definition and for what technical purposes. Then tell me why this definition of an operating system is the definition of one. Linux is nothing like DOS, and sure as hell is not like C64 BASIC. You conveniently ignore that issue.
Why shouldn't a Honda dealership be able to put a VW steering wheel on that Honda?
Perhaps because it is a Honda dealership? You can't get a Whopper at McDonalds, now can you?
Anyone _can_ get VW components and install them via a 3rd party (or VW garage). Just as you can get Netscape and install it on Windows.
Honda has no right to object or interfere.
Cars can be very proprietary. Honda can do whatever they want with their cars as long as they meet government regulations for the countries they ship to.
There's no good reason that Trumpet should not be able to build and market an alternative Winsock implmentation for WinDOS.
There is no reason Trumpet should not be able to build their own OS with their Winsock installed. There is also no reason Trumpet should not be able to proprietarize their OS so Microsoft could not build and install MS Winsock.
Good software should be modular and it's interfaces should be well defined. There is nothing that should limit the quality of what Microsoft produces. This is simply a scare tactic that Microsoft uses on the IGNORANT. Microsoft is merely attempting to take advantage of a generally poor knowledge of best engineering practices.
Please learn programming. Good software is modular to a certain degree. _There is no silver bullet._ Software dependency is a _serious_ issue and Microsoft is _serious_ when they say that software depends upon IE components. Just because they are modular does not mean you can simply go replace happy or completely remove them. You know how much documentation would be needed to do exactly what you propose? You know how laughable this is, even for "good" software such as, say, GNOME and KDE? THERE ARE NO BEST ENGINEERING PRACTICES IN SOFTWARE. Read The Mythical Man-Month. There are generally good tactics to build software, but no guarantees. OOP? Nope. eXtreme Programming? Nope. Patterns? Nope. There are tons upon tons of buzzwords for software engineering, but no proven methods.
Name one OS that is modular as you propose. Describe exactly in what way it is modular and how it guarantees this modularity. Then describe the documentation provided on this modularity.
Now, describe exactly what this operating system fully consists of (the core components).
Imagine this scenerio: User goes to install replacement IE component. Component becomes replaced, but other things running depend upon the old, removed component and they become unstable and crash. How does Microsoft guarantee stability in this situation? You can't simply muck around with dependencies while everything runs flawless.
You obviously do not understand points-of-view. Guess what? Linux doesn't do half the things I want my computer to do. Therefore, it is not an operating system from my point-of-view. Is Windows+IE an operating system from your point-of-view? Probably not. It's not my idea either. Neither is C64 BASIC operating system.
Thank you for implying I'm a troll. It makes it so much easier to win an anti-Microsoft argument that way. Why don't _you_ save me time and just say "Micro$oft $UX, L1nUx R00lz." At least then I won't mistake you for honestly wanting a discussion.
Programming is a profession? This is laughable. There are loose and many times vague standards adhered to. The term "operating system" is not set in concrete and can change. It _has_ changed. When MS made the jump from DOS CLI to Windows GUI it became a new OS. You wouldn't dare think that a GUI should be a seperate item nowadays, but this same thought pattern occured back in Win 3.x days as it is occuring today with Windows and IE.
Are you a programmer? It sure doesn't seem it. Otherwise, maybe you need to learn about abstractions and metaphors.
You seem to be forgetting that I never said that MS was not convicted of being an abusive monopoly. Reading comprehension isn't one of your stronger qualities, eh?
Our laws are here to protect us from companies that behave like MS, and allow for penalties to prohibit them from continuing illegal behavior.
Tell me exactly how Microsoft has broken any law. Being a monopoly itself is not a crime, nor is it illegal. There may be one law ever broken by MS: they perhaps told the government to bugger off with the first anti-trust regulation placed on them. And I'm not even sure about that one, either.
Your analogy is also like a rapist defending his right to rape. "Why should the government be allowed to tell me what to do?" Well, maybe to protect society from the people breaking the law.
Tell me exactly how Microsoft has hurt you personally, as a consumer and not as a Linux zealot computer nerd. Tell me exactly how mom and pop have been hurt by Microsoft. Tell me exactly how mom and pop were completely oblivious to the Apple computers sitting right beside the Compaq they bought with Windows. Again, name the laws Microsoft has ever broken.
If you look close you will see the reasons for your belief in Microsoft's abusive monopoly. You believe they are a patterned "bad guy." You also probably believe that Sun and Netscape, etc. are "good, innocent, guys." They are simply defending themselves, right? Wrong. They are using the government as a business weapon against Microsoft. Keep MS busy long enough and Java might one day rule the operating system land. It all makes perfect sense. Use a third-party taxpayer funded entity, such as the government, to harrass Microsoft while Sun and AOL/Netscape play the "good guy" role to the open source crowd and any computer loving nerd who will listen. You think any corporation cares about your well-being? I'm not being cynical either. Mozilla being open source was very much a business tactic, and not some foolish "goodwill" that is typically thought of.
What should the government do, now that push has come to shove? They can do whatever they would like. I don't use Windows. I will tell you this: if the government fucks this up by letting vendors decide what consists of a "Windows" machine and thus fragments the x86 market, I will be thoroughly pissed if the demand for x86 drops like a rock and proprietary (e.g. Apple) computers become the norm. They may as well go ahead and prepare for anti-trust regulations against the next focal point of software dependency. Whether that is Apple, Gateway or someone else. There will be a singular controlling entity or there will be no "desktop" market again. I have a friendly suggestion: buy Apple stock now.
Thank you for defining what an operating system is. Would you also be kind enough to give me words to say, as you have taken my freedom of speech away.
You know what? I don't consider Linux an operating system. I don't consider Windows one either. MacOS X? Nope. TUNES? Perhaps.
Back when Commodore 64 was around, did you consider their BASIC loader to be an operating system? Think hard now. It was their operating system.
What about IBM PC? The original one that booted to, IIRC, a Microsoft flavor BASIC.
A system of operating is just that. Windows with IE integrated will still let the user operate their computer. Thus, it is still an operating system. It may not be your operating system. I'll be damned if you force your definition on me, though.
A "file system" is a metaphor. An abstraction. Their is no concrete attachment to any abstraction. Some file systems contain meta-data (IIRC, MacOS). Many do not. A "file system browser" is very much a part of the file system. You could not take, for instance, XTree for DOS and simply move it to MacOS. Or Midnight Commander. They are very tied to a particular filing system and do not play nice with others. In the case of MS' browser, other people depend upon it (or at least parts of it).
or some pretentious asshole from MIT (no offense to real engineers, and prof at MIT)
Notice your prejudice behavior. "no offense to real engineers." Oh, so we now have to abide by your definition of an "engineer," do we?
They define what a car consists of, you say? They tell GM to explicitly produce X product with Y features? Sure they have regulations on safety. But keep in mind that all car manufacturers must abide by them. Will Apple Computer have to abide by what the government defines as an "operating system" for Microsoft? Nope.
TUNES is not an operating system as the term is understood in established use. Windows is.
Uhm. Established use? You are truely scaring me now. Are the Thought Police going to force me to call what I create an "operating system" and then force me to change what I create to fit their vision of an "operating system?" I sure hope not. Yet this is what is happening to Microsoft. What they were originally charged with was OEM deals. Absolutely 100% legal. Coke or Pepsi has the same deal with Disney. Coke/Pepsi have the same deal with movie theaters.
MS would like to define Windows based on what is commercially and legally in their interest and not on what the true properties of the OS are.
And the Slashdot crowd yells "Microsoft doesn't innovate!" What hypocrisy. Of course they create what they want that benefits them! That is the entire point of capitalism.
Eg, cheating? I wasn't cheating on the exam. I was using innovative techniques in establishing my resourcefulness in problem solving. Surely you wouldn't want to punish innovation!
The end result of using a calculator, etc. is you don't understand the material. Therefore, your grade should reflect this.
Eg, hand grenade? That's not a hand grenade. That's a Personal Security Essence of Peace Soft and Cuddly Love Capsule. See? It says so right on the side there. Everyone should have security. It's a fundamental right!
The end result of using a grenade is people get killed.
Where is the end result of Microsoft defining their "operating system" however they want and where is the illegality or harm done to consumers?
If you search long and hard there is only a few individuals "hurt" in this matter: Sun, Netscape, etc. You also have the whiney Slashdot crowd who thinks it's their god-given right to have control of everything computer related (just because they are nerds and consider this their turf).
Slashdot Mirror
It used to happen. I remember back when Slashdot was new that readers had articles/essays posted on Slashdot. I think CmdrTaco and Hemos both had a few articles here and there, but I can't remember. /. has just grown too big. Kuro5hin is much better for that though.
You have a weird sense of humor if you thought the article was funny in any way. It's very dry and more preaching than humor.
You say that "this is security from script kiddies," but you fail to see that the professionals use this principle of similarity. Infact, buffer overflows and the like will most likely not be used by professionals because they can be discovered by paranoid system admins. Most likely some form of social manipulation will take place and the professional will obtain access to the system so that it looks exactly like a normal access and a normal operation. In other words, code-level security becomes irrelevant when the perpetrator has a key for the front door. If you really think that security can be placed into a _static_ program then you are delusional. Every security method present today is put there to keep out "script kiddies" (people who try to gain access to random servers with only a slight degree of care about being detected).
You (and plenty others) are paranoid about people other than "script kiddies," but there are so few of the professionals that it makes no sense to worry about it, really. Just keep in check with the script kiddies and forget any sort of security ideal. There is no security panecea, or silver bullet. Programs should be made bug-free, but there should be no attempt to guarantee security.. or give a false sense of it.
People like to throw around "secure" as if it is some sort of absolute.. like "my box is secure." Secure from whom.. or what? Could your own mother defect and obtain access to your box? What about your co-worker? People were shocked when denial-of-service came about. Admins figured it out, but then distributed-denial-of-service came around. Previously, no one thought that _giving_ information (superfluous/irrelavant or not) could cause a security problem. Now even *ix trademark programs such as finger, echo, ping, time, etc. had to be shut off. This is security after-the-fact. The damage has been done and now admins sit idly by securing their systems for _today's_ security issues while doing nothing for _tomorrow's_ security issues. And there really isn't much admins can do. You can't possibly consider every conceivable way of gaining access to a system. So what do admins, software developers, and system designers do? They focus on patterned attacks--the script kiddies. This book you mentioned focuses entirely on patterned ways of breaking into a system.
As an example, consider this: There is a building with a metal detector at the doorway. You want to have a gun inside the building but can't get it past the metal detector. The metal detector is there to prevent the most common way of bringing a gun into the building--the front door. What possible ways are there? Try tossing the gun onto the roof. Walk into the building, go to the roof. If the rent-a-cop doesn't spot you throwing the gun or going to the roof then you are probably home-free. Replace metal detector with "login" and rent-a-cop with "system admin" and you have the same security pattern going on.
this is a pretty flawed argument. Do these security experts actually look at "script kiddie" tools? If they cared to do a little homework they would see that many exploits and tools cover a wide array of software versions. Exploits for antique software are relatively easy to find. Now you could claim that _obscure_ software is more difficult to crack, and you would probably be right. But keep in mind that that software is obscure for a reason--it's probably junk. Just because you are running last generation's software does not mean the current cracker generation can not get to those exploits (or information needed for the software).
I believe there is a little bit of confusion in this article between obscurity in the sense of software not being widely used and obscurity in the sense of proprietary closed-source software. There is also the confusion of software _differences_, which the author of this article bungles together with software age. In any case, this article is seriously misguided. Let me explain:
There is an Object. It could be your physical hardware, your OS, or simply a version of a software package. Imagine two generic Objects, Object-A and Object-B, exact in every practical way. Now imagine an Exploit that works on Object-A (and a cracker has access to this object). It also works on Object-B (your object) because they are identical. Now imagine there is an Object-C. It is very similar to Object-A and B, but has a few slight differences. Now the Exploit will need to change to accomodate this. This is _security_. This is the same principle viruses (biological or computer) work on. The differences between objects makes them secure. The less difference, the less secure. Think of any *ix security measure. Passwords, for instance, are simply ~8 character differences (and a login name) between one *ix and the next. Attempting to break a password by trial-and-error is impractical. Crackers rely on this principle of _similarity_ of systems to break passwords. They download a system's password file and use a "word file" to crack passwords. This word file is merely commonly used passwords--again, the principle of similarity. Most *ix systems have a password file in a common format and there are common passwords. Common system properties (/etc/passwd, etc.) + common user psychology turns what is a very secure method (passwords) into a very insecure method. One small admin. change could make the difference between a system being cracked or not (such as moving daemons to a "strange" location or partition, etc.).
Software age has nothing to do with security. The article really has many seperate issues tied together and it really is not a good idea to just use older software for security sake.
Nah.. then bit rot will get to you. Damned if you do, damned if you don't. Might as well just throw the computer out the window and call it a day.
Now you will probably say "Well they aren't expected to make bug-free programs," and I will tell you that you do not give a damn about bug-free programs and you simply want to bash Microsoft. If you cared about it then you would have well payed professionals who _designed_ the software. Instead you are using software designed by hobbyists in their spare time which at any given moment could theoretically crash and burn and destroy your entire computer. You won't believe this is possible simply because you are so sold on the Linux hackers reputations of good, honest, giving people.
To gripe about bug-free programs and to be using software that was not designed, but hacked together is pure hypocrisy. Actually it is a horrible effort. It is an extremely hacked-up ircII (the original IRC client). Because of the layers upon layers of hacks almost nothing works consitently. There are antiquated features still present with new features simply thrown ontop. But this is my point. Microsoft is not simply one individual, nor are they one group. They have many different groups working independently. I'm sure they have varying degrees of skill level too. Many, many people would (and still do). This is FUD. MS released info on the Code Red worm way before Slashdot (and many others) got word. If I remember correctly, it was _months_ before Slashdot posted about it. There was no pressure to say anything about it.
This is fine and good, but could we please stop this needless bashing of MS? There are better places for security information than Slashdot. Perhaps show just a hint of optimism instead of negativity all the time.
/.) in terms of security. It is nonsense and articles like this tell me that Slashdot editors are more interested in emotionally attached flamewars to increase page hits and advertisment views than actual unbiased news.
Many Slashdot readers have a serious flaw in placing the blame on one entity known as "Microsoft." They forget that MS is divided into many project groups with many developers that most likely do not have contact with other group members. If you want to make a better comparison of MS vs open source then take 80-90% of _all_ open source programs and compare the number of flaws to MS' flaws. Take a simple program like "BitchX," an IRC client. It has had countless security issues, and IRC has been around since '89 or so. We like to conveniently forget about sendmail and bind and focus on the Linux kernel stability. Let's not forget that the Linux kernel has a very poor track record of stability and security. Remember the 2.0.3x series? Nearly every other kernel had a remote exploit. In conclusion: there is no equal or objective comparison between MS and "Linux" (or whatever you want to define as the yardstick of security.. which is typically "Linux" on
The theme of this article is about selling. Everyone lives (in capitalism) by selling something. If you work a 9-5 job you are selling your time to a company (whether you know it or not). Jon Katz is selling himself by riding the bandwagon. He does this with Sept. 11, Columbine and the Open Source(TM) revolution. There is no revolution. There is one big fucking marketing campaign after another. The author of this book is selling his books by tearing down his former employer. Jon Katz is selling himself and this article by the Amazon.com one-click and /. anti-patent idealism connection (even if he never outright admits it). Before the one-click issue Amazon was generally fine by most people (/. had an Amazon-friendly attitude). Now that /. has an anti-Amazon attitude, Jon sells (markets) towards that.
Jon Katz is not a writer. He has no love of writing and it shows. He is a puppet.
"We waste our lives working at jobs we hate to buy shit we don't need!" --Fight Club
That is capitalism for you. You can fake love (musician, writer, etc.) but you are simply dancing for the man above you. Wal-Mart doesn't like what you have to say? Tough. No sales for you. Like the quote states, Jon Katz article is more shit we don't need. There is no meaning or message--merely an emotional expose. He is dancing for the stereotypical Slashdot crowd--the one which hates Amazon because of their one-click patent. And the Slashdot crowd that was consumed with dot-com euphoria which has now become jaded. They need someone to blame, might as well blame a public figure such as Jeff Bezos.
Why should anyone care what one disgruntled employee, who is clearly a little jealous that he didn't get his millions "promised," have to say? I sure don't. Amazon gets items purchased to my front door in 3-4 days using standard shipping. The items are perfect in quality and the price is great. It is extremely easy to shop there and I actually like their customer reviews and how they pick items I might be interested in and display those also. It has worked for me, why should I care if Amazon.com is not some dot-com Holy Grail or capitalism revolution?
The dot-com and idealism was yesterday's fad. Today's fad is common sense and pragmatism. Tomorrow will be mostly sunny with a slight chance of rain.
It's not really in the distribution companies' favor to adhere to standards. I am 100% positive that Red Hat will do everything in their power (when push comes to shove) to push standards in their favor. They will (subtle or not) try to become a dependency. RPM is one such dependency many people know about today. People get confused easily because it is all GPL software. They forget that copyrights are still held and software _is_ still owned, GPL or not. They assume that RPM can just be easily forked if Red Hat does something the "community" does not agree with. This is absurd and the reality is Red Hat will always define what that aspect of Red Hat Linux (RPM) is. And many distros and developers will continue to agree to this de facto standard simply for convenience. We forget that convenience is the sole reason people choose proprietary software (Windows, MacOS, etc.). They (the people who choose proprietary.. or Red Hat, etc. Linux) have no reason to uphold a community standard. It sounds so nice and sweet that we could have a community standard that people agree on, but that will never happen. LSB is a dead cause when business has a bottom line.
It is not a coincidence that RPM is widely used and that the easiest distribution (most friendly, anyhow) to use RPMs with is Red Hat Linux. Software architecture business is all about dependencies. Give away the razor, make money on the blades (or in this case, make money on ease-of-use and coherence of the entire system).
Standards are a pipe-dream. Today distributions might adhere to LSB and proudly state so. But they turn around and add many proprietary (i.e. non-LSB) features. These features in turn become depended on by developers simply because of convenience. These features then become de facto standards and then LSB becomes irrelavant. Today you might as well simply say Red Hat is the Linux standard. They have more momentum than the other distributions (especially in corporate America where it really counts). I use Slackware myself and it is very sad to see all the Red Hat-isms introduced. I used Slack 3.2 and then switched to 7. It was quite a shock to see RPM integrated into Slack. Think of it as Israel and Palestine calling a truce.
No Jon. This movie is out before 9/11. It's only May. Seriously, what in the fuck does 9/11 have to do with this movie? You are so into globalization yet you fail to see that this movie plays in countries other than America. So why do you feel it has to have pictures of New York in it or it has to be filmed no more than 50 yards distance of the WTC site? Hell, I live in NC. I haven't been affected by 9/11/01 at all (except for people's annoying ass flag waving.. which the fad has faded greatly now). I mean, the disaster was great entertainment for a day, but you can only watch jets fly into huge buildings so long before it gets old. Please stop using the hype of Nine-Eleven(TM) to push your trash that your are trying to pass up as a real movie article/comparison. In other words: NO ONE GIVES A DAMN ANYMORE. The only ones still giving a damn are people who actually knew someone who died or the media (i.e. your dumbass) who are hyping things by association.
Why didn't you use Columbine to pump up this trash? I mean, they use GODDAMN LIGHTSABERS AND LASERS in Starwars! What do 9/11 terrorists use? Friggen box cutters. How boring. Shotguns and explosives are way more interesting and almost-in-a-JonKatz-logic-type-way related to Starwars.
There is no connection. If Red Hat warned there is a flaw in say, zlib, then thousands of boxes remain flawed. Security after the fact is not security at all. Merely FUD from open source camp.
are unprofessional and completely asinine. The articles are completely unrelated. Did Michael even read the article he attached before his mindless masterbation about "yet another remote root hole?" Windows has no concept of "root." What in the fuck is he babbling about? The article he attached is about Microsoft alerting customers about a hole. The title is "Microsoft Warns of Critical Instant Messaging Flaw." There is absolutely no mention of integration with Microsoft's operating system. Why the hell does he insist on bashing needlessly?
Ummm. Wal-Mart moved probably less than 1/4th mile away into a Super Wal-Mart here, and now an Old Navy and other things are using the old Wal-Mart building. They were in the building almost as soon as the new Super Wal-Mart opened. I don't know where you come up with this stuff. Infact, the entire building had been remodeled to accomodate the new tenets (walls torn down, new ones put up, etc.).
People do whatever is right for them at the moment. People smoke pot all the time because of the certain socially acceptable circles they get into. And there are no corporations out pandering pot to minors, either. Or the more deadly and addictive heroin and cocaine. Adults don't run around _not_ doing pot, etc. because they "know better." Many adults do smoke pot, etc. (and I wager that many did start after age 20) while knowing the illegality of it.
I'd also like to say that it would probably be a Good Thing if the government made every illegal drug, legal. Then they could regulate the safety issues. You don't really see people out today rolling their own cigarettes and smoking without a filter. And then there is the issue of alcohol being even worse than some illegal drugs (i.e. pot). Just doesn't make sense to me how the US has drug use setup the way it currently does.
I like how you completely ignore the issue and at the same time talk about the issue in a side-stepping manner and resort to immature tactics like calling me "kid." Please, grow a fucking brain you dumbshit.
Okay then. Describe exactly what consists of an operating system. Exactly. Then tell me who agrees to this definition and for what technical purposes. Then tell me why this definition of an operating system is the definition of one. Linux is nothing like DOS, and sure as hell is not like C64 BASIC. You conveniently ignore that issue.
Anyone _can_ get VW components and install them via a 3rd party (or VW garage). Just as you can get Netscape and install it on Windows. Cars can be very proprietary. Honda can do whatever they want with their cars as long as they meet government regulations for the countries they ship to. There is no reason Trumpet should not be able to build their own OS with their Winsock installed. There is also no reason Trumpet should not be able to proprietarize their OS so Microsoft could not build and install MS Winsock. Please learn programming. Good software is modular to a certain degree. _There is no silver bullet._ Software dependency is a _serious_ issue and Microsoft is _serious_ when they say that software depends upon IE components. Just because they are modular does not mean you can simply go replace happy or completely remove them. You know how much documentation would be needed to do exactly what you propose? You know how laughable this is, even for "good" software such as, say, GNOME and KDE? THERE ARE NO BEST ENGINEERING PRACTICES IN SOFTWARE. Read The Mythical Man-Month. There are generally good tactics to build software, but no guarantees. OOP? Nope. eXtreme Programming? Nope. Patterns? Nope. There are tons upon tons of buzzwords for software engineering, but no proven methods.
Name one OS that is modular as you propose. Describe exactly in what way it is modular and how it guarantees this modularity. Then describe the documentation provided on this modularity.
Now, describe exactly what this operating system fully consists of (the core components).
Imagine this scenerio: User goes to install replacement IE component. Component becomes replaced, but other things running depend upon the old, removed component and they become unstable and crash. How does Microsoft guarantee stability in this situation? You can't simply muck around with dependencies while everything runs flawless.
You obviously do not understand points-of-view. Guess what? Linux doesn't do half the things I want my computer to do. Therefore, it is not an operating system from my point-of-view. Is Windows+IE an operating system from your point-of-view? Probably not. It's not my idea either. Neither is C64 BASIC operating system.
Thank you for implying I'm a troll. It makes it so much easier to win an anti-Microsoft argument that way. Why don't _you_ save me time and just say "Micro$oft $UX, L1nUx R00lz." At least then I won't mistake you for honestly wanting a discussion.
Programming is a profession? This is laughable. There are loose and many times vague standards adhered to. The term "operating system" is not set in concrete and can change. It _has_ changed. When MS made the jump from DOS CLI to Windows GUI it became a new OS. You wouldn't dare think that a GUI should be a seperate item nowadays, but this same thought pattern occured back in Win 3.x days as it is occuring today with Windows and IE.
Are you a programmer? It sure doesn't seem it. Otherwise, maybe you need to learn about abstractions and metaphors.
If you look close you will see the reasons for your belief in Microsoft's abusive monopoly. You believe they are a patterned "bad guy." You also probably believe that Sun and Netscape, etc. are "good, innocent, guys." They are simply defending themselves, right? Wrong. They are using the government as a business weapon against Microsoft. Keep MS busy long enough and Java might one day rule the operating system land. It all makes perfect sense. Use a third-party taxpayer funded entity, such as the government, to harrass Microsoft while Sun and AOL/Netscape play the "good guy" role to the open source crowd and any computer loving nerd who will listen. You think any corporation cares about your well-being? I'm not being cynical either. Mozilla being open source was very much a business tactic, and not some foolish "goodwill" that is typically thought of.
What should the government do, now that push has come to shove? They can do whatever they would like. I don't use Windows. I will tell you this: if the government fucks this up by letting vendors decide what consists of a "Windows" machine and thus fragments the x86 market, I will be thoroughly pissed if the demand for x86 drops like a rock and proprietary (e.g. Apple) computers become the norm. They may as well go ahead and prepare for anti-trust regulations against the next focal point of software dependency. Whether that is Apple, Gateway or someone else. There will be a singular controlling entity or there will be no "desktop" market again. I have a friendly suggestion: buy Apple stock now.
You know what? I don't consider Linux an operating system. I don't consider Windows one either. MacOS X? Nope. TUNES? Perhaps.
Back when Commodore 64 was around, did you consider their BASIC loader to be an operating system? Think hard now. It was their operating system.
What about IBM PC? The original one that booted to, IIRC, a Microsoft flavor BASIC.
A system of operating is just that. Windows with IE integrated will still let the user operate their computer. Thus, it is still an operating system. It may not be your operating system. I'll be damned if you force your definition on me, though.
A "file system" is a metaphor. An abstraction. Their is no concrete attachment to any abstraction. Some file systems contain meta-data (IIRC, MacOS). Many do not. A "file system browser" is very much a part of the file system. You could not take, for instance, XTree for DOS and simply move it to MacOS. Or Midnight Commander. They are very tied to a particular filing system and do not play nice with others. In the case of MS' browser, other people depend upon it (or at least parts of it). Notice your prejudice behavior. "no offense to real engineers." Oh, so we now have to abide by your definition of an "engineer," do we?
Where is the end result of Microsoft defining their "operating system" however they want and where is the illegality or harm done to consumers?
If you search long and hard there is only a few individuals "hurt" in this matter: Sun, Netscape, etc. You also have the whiney Slashdot crowd who thinks it's their god-given right to have control of everything computer related (just because they are nerds and consider this their turf).