First as a parent, (i'm not one) you should trust your children. The internet is like any public place, you can't be with your child 24/7. Maybe it's because I'm not a parent, but my parents always instilled the expected behavior from me and then let me choose what it is I was going to do. This has made me a better person in life as I've made my own mistakes and have learned that what they usually say is true. So I tend to listen and accept what they have to say not as rules but as life learning experience.
Point two; I dont want to sound demeaning but parents such as yourself who set rules on things they have little to no control over end up having children who lie to your face. They end up at Billy's house using the internet to talk to some pedophile. Something you could of had control over if it wasn't for the gestapo rules as it would of been in the open. So instead of saying listen, talking to X people over the internet isn't cool and having a positive discussion with your child. You simply have no idea what's going on. Your child ends up on the run with some pedophile in Mexico and you are wondering what happened.
With children I think that the best thing is to simply let them know is that just like anywhere else the Internet is a public place. Just like I will teach my child not to talk to strangers, I'll teach them not to talk to strangers on the internet. At least not in a personal non-academic way and when they are old enough to make the decision that they feel they can do what they want, then thats their choice. However rules like "keep the door open" while on the internet will do nothing for you. Your major mistake is believing that your rules will stop a curious child, they won't. Instead of being a rule gestapo, explain to your children the positives and negatives, tell them what they need to hear so that they can expect certain things and already be alert.
Lastly, be parents. I think the problem today is that alot of parents think that setting "rules" is all they need to do when in reality understanding their children and inquiring about their lives is what parenting is all about. Teach your children, rules mean nothing if they don't know how to handle life like situations. The internet isn't the mistake, public schools aren't the mistake, life situations aren't mistakes. Stop blaming society or the internet or whatever because simply, they are here and everything has problems. It's how your child conceptualizes the problems, issues and general life situations they will have to deal with on daily basis that will determine if you are a parent, or simply a care taker. That choice is truly the parents, and the behavior of the child is truly reflective upon them. My mom used to say, "the smartest children aren't just the ones that can win spelling bee's, or get straight A's. They are usually the ones who can tell if you're bullshitting or not and have toyed with you just to get to see you cards." I guarantee you, your kids can't call a bluff, you've never even explained to them what a bluff looks like.
Heh, I think i'll call my mom now and thank her. She really prepared me for life, not just tell me to follow rules.
Yes, I know how it works on Unix, I don't know how it works with NTFS. Is it that NTFS locks the file stream for usage and if you delete it, it stops writing or writes to whereever, or what? Does anyone know how it actually works or doesn't work under NTFS? I knew for a fact FAT can't do this, but I guess my impression that NTFS can do this was grossly off base.
For instance lets say Apache is running or you have whatever service running and it's logging to X file. You change the name of the logfile while it's running, in Unix it'll continue writing to the old inode space until you restart the service or I can't remember if Apache has routines to check for this or not, but it'll do the above. In NTFS I assumed it wrote to the previous inode space ala unix; if that's not the case where does it write to?
What do inodes have to do with anything?? I was under the impression that you could delete a file and replace it with a new one in windows even while a service was/is running. The inode system has absolutely nothing to do with it. The reason for rebooting I believe are because of changes to system files or registry entries that are only loaded at start. Surprisingly NTFS is an all around nice file system, so I don't believe that to be the problem.. However I could be wrong.. do inodes in NTFS work any differently?
C# makes it easy to reuse existing C and C++ libraries; in that, it is much like the relationship of C++ to C. If you already know Gnome, you can start using C# to develop Gnome applications much more easily than picking up Java and Swing (and the Mono/Gtk# applications will work better, too).
Wrong. This is just wrong, If you already know Gnome and write the majority of your code using gtk/gtkmm+gnome libs. It's not going to speed anything up over the use Java or Swing. Not even in the slightest. Not to mention even in such a case, unless you're doing something RAD oriented C# is useless. All that 100% functionality cross platform nonsense is a joke. If it's just about C# then fine, make it about the language; but as of today Java is more cross platform and widely available on more platforms than C# and will probably remain that way into the forseeable future.
The company to worry about is Sun: open source Java applications do use all-Sun APIs; interfacing with native libraries is just too much hassle, and that's no accident: Sun wants you to use their APIs and give up on the free, open source APIs. And, despite all the JCP mumbo-jumbo, Sun has a lot of control over the Java platform, through numerous patents, through owning key parts of the actual implementation of key parts of the Java platform (e.g., Swing), and through their ownership of the specification and the certification process.
I'd say wrong blantantly but thats more of an opinion; it is however highly misguided as you seemingly place your trust in Microsoft. Sun might have a stronger hold on Java than the whole world might like to think but as of today can you name any 5 platforms C# runs on besides Windows? Sun has a proven track record of interoperability infact some of the protocols in use today where designed and spec'd by Sun themselves. Name one protocol from Microsoft? Name anything providing interoperability from Microsoft. Why should a developer, any developer or any business who makes cross platform software buy into.net and MONO specifically? It makes no sense, if it's about the language. C#, then again, that's great the more languages the better; but Mono seems to be pushing this idea of cross platform and.NET does the same when in essence that's really not the truth.
So, if you are worried about Microsoft's ownership of.NET, just don't use.NET. In fact, I wouldn't touch.NET simply because I think it's technically not very good. But you can still use Mono, which is shaping up to be a great, general-purpose programming platform. And because existing open source libraries, like Gtk+, Gnome, expat, X11, etc., is so easily accessible, it's very easy to start using Mono--it's just a nicer version of C++.
I agree, but this is a conflicting statement, I don't normally like to read too much into these things but.NET and Mono language wise are generally one in the same albeit Mono with it's quirks and.NET with it's own (eg: gcc vs intel compilers). I have no problem with Mono until it starts pretending it's cross platform and Miguel always talks about cross platform and what if's etc etc. Part of the problem is that Miguel gives conflicting ideas, instead of one or the other you get it's about development and the language and then on the other you get this cross platform crap. If he wants people to take Mono/C# seriously in the unix world. He needs to decisively explain that it's about the language and point out what strengths it brings. That cross platform in general is unlikely on any major functional scale considering Microsoft's stance on standards and open specifications and that the developers of Mono plan to make development easier for large projects etc etc. As a developer when Miguel starts talking about cross platform and all this other crap it makes me thing he's drinking too much Microsft koolaid. No one wants to hear about that shit because it's fleeting.
Well, it's not their place to do that. The recordings are owned by the record companies.
Right, this is where civil disobedience makes a difference. No one told the artist to sign with the RIAA but then if they didn't would you have heard of the artist? Eventually but it's highly unlikely. So what does one do? The artists says "Listen my music is free for download, if you wanna download it, download it". The RIAA can then kiss my ass, as downloading would be my act of civil disobedience. Artist aren't doing that however, they are on the side of the RIAA and are actually making commercials saying "Downloading is bad, please don't do it.. I can't buy my new bentley of the week now.. I have to wait every 2 weeks just to get a new car". However, people still download their music and by doing so give the RIAA and artists leverage against p2p networks. If people didn't download the crap and stopped buying music.. that would make a statement.
Honestly, if I could just give the musicians their cut of the sales I would do it, despite the fact that I don't have much money. But, I do not feel bad whatsoever for depriving the RIAA of its profits, regardless of whether it's defined as theft or not.
If you really like the artist but can't afford a large sum of money for their stuff. There are many ways I feel one can get over this hurdle, including getting a friend to purchase the cd or everyone chipping in and getting the CD or buying it used or going to one of the concerts during the summer or buying a poster, action figure or whatever else the artist has. Different streams of revenue go back to the artist, albeit small but it does reach the artist.
Also, if I could make a copy of a BMW I would gladly do it (although I'm not sure if lossy compression would be safe with a car).
You can make an exacting copy of a BMW with the manufacturers spec. You just have to own the same plant and robots as BMW... Kinda like you owning a computer to make an exacting copy of music. So once everyone owns a plant and robots do you think making exacting copies of BMW's will be legal?
All that being said, you do make a good argument, and I do understand where you are coming from, but I still believe theft is too harsh of a word, and another word should be used instead.
No, that's sematically incorrect. If you DEPRIEVE someone of something it's theft. You imply that making a virtual copy is the same as removing a physical object - it isn't.
What don't you understand? You're depriving the artist their right to gain monetary value for whatever intellectual property you have downloaded. It's the not same as removing a physical object because it's not a physical object,
The owner doesn't loose anything. The downloader usually wouldn't buy the song for various reasons if downloading wasn't available, so there's no loss of sale or anything else.
If the downloader usually wouldn't buy the song for various reasons if downloading wasn't available. They shouldn't download the song for those same reasons now that the song is available for download.
And the downloader doesn't profit in the monetary sense from his downloaded song. Sure he gains a cultural/emotional experience when listiening to it, but then so would he is he listened to it on the radio and that's free, so that doesn't apply.
It's free to listen to on the radio because it's assumed the listener will listen to the ads that companies have paid for to allow the listener to freely hear the song. Even if he/she happens to hear one ad that is enough. Do alot of people listen to ad's? Probably not I know I don't I switch the station. I do gain from the listening experience though otherwise I wouldn't listen. The art of appreciating ones music enough that you'd pay for it usually makes the difference between that artist making more music.
So theft is a most incorrect term to use for this. You might as well call it drunk driving or murder. The relation is about the same as theft to the actual offense being committed.
Yes, I might as well call murdering a human being in cold blood or drunk driving with a 2,000lb weapon, theft, as their relation is about the same. Right.
So the only thing I have deprived these artists of is a sale that wouldn't have happened anyways! Another note is many of these musicians would probably be happy that I enjoyed listening to their music even though they didn't make any money off of it.
If the sale wouldn't have happened then you're use of the intellectual property shouldn't have happened. You're depriving the artists the right to make a buck by using or enjoying their intellectual property without reimbursing them for that property. In other words, you're practicing theft. If the "muscians would probably be happy that you've enjoyed listening to their music even if they didn't make any money off of it" then they should explicitly state so. In which case you wouldn't be stealing because they gave you the right to listen to their music freely without reimbursement. There are other cases where you'll over hear a song or hear a tune on the radio or somewhere in a public/private area that you might like and swapping is going to happen regardless; that's ok. Outright downloading a song because you can't afford to pay for it is stealing. It's the same as you stealing a BMW off the manufacturers line because you can't afford to pay for it. In this case you deny the manufacturer the right to profit off the actual property.. just like you deny the muscians their right to profit off their intellectual property. Exact copy or not, you deny them that right and unless they grant you rights to use their intellectual property for free you are stealing and I still consider it theft. As I said before you person and others are free to call it whatever you want so long as we both agree that it deprives the artist/creator of the intellectual property a right to profit from it.
Listen, you're free to call it what you want. Taking something that does not belong to you is called theft. If you want to use another term, then so be it. I'll use theft because thats what it is regardless of it's form.. Again taken something that does not belong to you is THEFT. You are depriving the rightful owner of his or her rights to the property, whether it be intellectual, physical or whatever. To say that because you make an exact digital copy you're not depriving anyone means nothing as you would have to have access to the original in order to make an exacting copy. So you're still depriving one of their right to gain monetary value for their blood, sweat and tears in the form of intellectual property. What do you want to call it?? Stealing? Borrowing, what? People who inact this behavior and thieves; knowingly or not they are denying one the right to monetary gain of their intellectual property. Now there might be many reasons for this, the person who owns the intellectual property might be price gouging or whatever have you but two wrongs don't make a right. You can't have your cake and eat it too.
This is untrue, sure there will be people who don't won't to buy anything at all. They are called thieves. However people like me aren't jumping on the current services because they don't offer me anything I want. What I want is the right to play my music anywhere and to do anything with it in a standard format. If it's a special format, I won't deal with it and no avid music collector is either. It just puts their collection into jeopardy or so they think. I'm technically inclined enough to know there are certain round the corner tricks but your average music collector out there doesn't want to hear "special format" or "special client". These type of people also don't use p2p; and it has nothing to do with free. It has everything to do with the quality and clarity of tracks.
If Itunes for instance all of a sudden offered high quality tracks in a standard format like mp3 of an abundance of artists for 1 dollar a track including photos, cd art, bonus tracks you could download or movie downloads.. including a service where you'd pay 20 bucks a month or so to get everything put out by that artist that month or 50 bucks to get all the live shows recorded or any number of extras.. THEN.. I'd be jumping over people left and right to swipe my card. It's new, I get more stuff for my collection, it's a standard format I have now and it's high quality. By the way when I say standard I mean a format unencumbered by specifics and that is largely playable on almost anything ie MP3. I'd take ogg if it had more hardware players but that's been slow and it seems hardware manufacturers are playing flaky.
Right now Itunes offers nothing special to make people who haven't used p2p or the ones who have been downloading copyrighted music for free anything different. It's more of the same in a different fashion. Sure, people want to easily download their music but they also want quality, extras and new whizbang services they've never heard of. The same goes for TV shows.. I know at least 30 people who want the simpsons episodes on DVD etc etc.. The only TV show I know of that has been making stuff available is South Park. I've seen Beavis and Butthead but really who wants that shit on dvd?? It's like the MPAA and the RIAA and the media in general don't want to offer anything at all.. except the same exact music/movie packaged in an overpriced cd/dvd for our pleasure?? Been there done that.. I purchased one cd this year.. ONE.
RIAA/MPPA do yourselves a favor and get your head out of your asses and stop litigating and start selling people the stuff they obviously don't know they need yet.. Like a subscription to download all the live shows of a specific artist or all revisions of a certain song.. or ultra high quality audio THX 3d mastered.. etc etc on and on and on.. the MPAA has done an excellent job with dvd's, their problem has alot more to do with 12 dollar movie tickets for a film that's worth 5 bucks. If they would stop putting out shit movies or movie theatres charging obscene prices to see a fucking shitty ass film alot of people wouldn't feel the need to go to blockbuster and/or buy the bootleg. Fire your new execs and hire the people in hollywood who knew a good movie when they saw one. It seems you guys fucked up in that respect, if they've retired.. hire them back on as consultants or something. The new breed is turning hollywood into something I don't want, far less, want to watch.. I feel bad for good actors like Denzel who have to deal with shitty ass movies.
This is the dumbest reason to support HP and recommend their products. Indemnification has nothing to do with the technical merits of a system. They are banking on people like you to eat this up and why? Simply because it's pretty easy to do, low cost marketing. If you are using Linux now for your own business and aren't afraid of SCO what good does this do for you and why would you recommend HP based on something like this rather than their technical merits?
Stop being a lemming and start to think about things for yourself.
Torvalds resposne to SCO's open letter, which seems so very odd.
What's odd about asking where the infringing code is and trying to figure out what SCO is talking about? I don't think there is anything odd about saying to your accuser what is it that I have done. If SCO is telling the truth the simple fact is they can still receive damages. So not only will the infringing and stolen code be removed from the kernel but they will also receive damages from the person(s) who put it there.
We aren't hypocrites, it's a really simple thing. It doesn't have to be in the news or even go to court. SCO just has to say "line/number file.c" has infringing code please remove the code asap. Then they take their proof of infringing code and request damages. It'd also be alot quicker than the current way they are doing things.
I don't think you actually understand the situation. Obviously no offense but you should re-read the actual case vs IBM and then what SCO itself has said over the couple of months to entirely grasp the confusing "blather" coming from SCO.
I hate these type of arguments; Haven't spoken to a 12 yr old lately, have you? Recently I decided to ask my younger brother who is 14 if he downloads music. We don't live together and I haven't seen him in a while, he then proceeded to give me a lengthy response on Napster, Morpheus and then "moving on to Kazaa". He has a part-time job at Baskin Robbins which is why we've been seeing each other more often when I'm around; heh. Anyway he makes minmum wage which is on avg about 5.15 an hour. He works about 12-15 hours a week or so. So I asked him if he bought one CD a month (12 a year) would that hurt him financially and his response was quote "I have BET, MTV, MTV 2, whatever that fuse garbage is PLUS Kazaa. I don't have a car and the only time I listen to music is when I'm not in school, at soccer or working which sucks (went off on a tangent) etc etc taxes etc etc only 12 hours etc etc. ends with; I'm not dropping money on a cd like that". Then I asked if he owned must of the stuff he shares, he said no "but it's played on the above channels so much how is stealing, I download it because when I want to hear it I want to hear it." I then explained the whole idea of IP to him and he agreed that he was stealing of course he refuses to stop his behavior. I couldn't help but agree with his sentiment though, that if it's played on all those networks plus the radio in an almost constant loop is he really stealing? Infact he said some of the songs are played so much he gets sick of them (this in reference to Sean Paul). I asked him about Itunes and all that but he says 99 cents per track is still a waste of his money, he's just gonna delete most of the crap when he gets tired of it anyway. For the record, my brother buys alot of Vinyl stuff because he thinks he can DJ.
Can the RIAA really hold a 12 yr old responsible for stuff downloaded that they constantly play on MTV or MTV2 or BET or FUSE or VH1 or CMT or DirecTV Music Channels or the Public access Video channels OR on the Radio or, on many many stations Nation and WorldWide on a repeated basis day in and day out? They shove this crap down these kids throat in every little nuck and cranny possible. Kids, who aren't old enough to even work in most cases or find a job and really shouldn't even be working, which means they have no disposable income and/or assets in any respect to consistently drop an average of 17.95 nationwide per CD for the latest buzz song, so that "X" musician/actor/model/posterchild can buy a brand new bentley?
The law was broken by this 12 yr old, but being rational and being stupid are two different things. The RIAA is being stupid and the behavior of my brother who is only two years older shows that in a couple of years he will stop purchasing music all together, especially if he's one of the few penalized.
As for myself, I've stopped purchasing music because whatever is marketed thus far is pretty much not inline with what I like. I used to download alot of old stuff and I'm generally a oldschool hiphop head etc etc. The ability for me to download opened up new doors of music infact because of downloading it opened me up to Jazz, Reggae, Classical and oddly alot of oldschool Rock.. Not the new stuff minus that group ummm I forget the name and I think their metal. In any event, i'm African American and I've found that music seems to be stereotypically based (ie: all black dudes listen to hiphop). I bought alot of Etta James, Diana Krall, Bob Marley (including tshirts), Queen, on and on because of the idea of sharing. I've stopped downloading now because I don't want to commit an illegal act but at the same time I've stopped purchasing CD's.. In 2001 I bought approximately 32 cd's. In 2002 I bought 1 cd from Amel Larrieux (the girl from Groove Theory) which I payed a premium for an autographed copy directly from her website (another share artist I forgot existed and had no idea she had a cd; shes quiet). In 2003 I have yet to buy a cd; primarily because I don't want to deal with the whole mess and instead of finding an apprecia
No, a good admin knows a systems weaknesses and strengths. There is no perfect system for all jobs, it just isn't rational thinking. However for someone to argue a weakness as a strength; that is highly irrational behavior. It's akin to the Iraqi Information Minister telling everyone that the war is going great.
A good admin knows when you need to secure something or you need die-hard stability. You don't go to windows and for good reason. In similiar fashion when you want a desktop for the little kid across the street to play video games you don't give the kid an OpenBSD or VAX machine.
If you're a devoted Windows admin that has a little unix-like box laying around more power to you, nothing wrong with that. If you think windows security is bar-none you're wrong and people including myself will point that out. If you feel i'm some unix bigot that won't respect Windows security you would be wrong. I love unix in all it's flavors minus SCO and DEC but I don't detest the latest versions of Windows, Windows 2000 is useful, NTFS I like alot, especially encryption on the fly. You see, I simply make rational choices when it comes to the best tool for the job. Windows for security is not the best tool for the job in comparison to Unix. That's a fact. If you're an admin and don't realize that, then you aren't as good of an administrator as you thought.
there's no such thing as a system that can contain an arbitrary bug and still be secure.
think about that for a while, and then think about your whole argument.
To make sure i'm not insane, or just hallucinating about this thread. I've invited others to read it. What you just said, has no relevance to the discussion or even the statements that I've made. If that's the way you feel then fine, but making statements about a system not being secure because of some "arbitrary bug" is moot; actually, it's not only moot it's pointless.
So while I think about that for a while, whilst thinking about my whole argument. How about instead of speculation. We take this argument out of the confines of slashdot and bring it into research. I've offered a machine which I can make available to whoever takes me up on the offer to participate in the "Windows doesn't operate on the everyone is root notion" contest.
Let me know if you're in I've asked several other people and would be willing to allow a group effort sort of thing. The box will be virgin WinXP and I'll allow whatever security additions to be added; fully updated, no 3rd party programs or utilities. You can have a full 2 days before I touch the machine then I will try for "Administrator".
No, that is NOT true. The NT seccurity model does not allow you to do this (without correctly authenticating as a user that is a member of the Administrators group). You can only do that if you're exploiting a bug in the code. If you're exploiting bugs in code, then you're operating outside the design of the security model.
This is the silliest thing I've heard. "You can only do that if you're exploiting a bug in the code". Hello? "If you're exploting bugs in code then you're operating outside the design of the security model"?!?! I'm archiving this post, primarily because it's the funniest thing I've seen all year.
Listen, i'm not here to make fun of people, but don't ever go to a job or into any other discussion saying what you've said above. I think maybe I should explain because it sounds as if you genuinely don't understand what security is.
If I give you a key, to your server room and you use that key to get in but everyone else can't because they don't have a key. Then you would feel you are secure, however; your server room has a window. So people without a key just enter through the window. Well, then it's operating outside the design of the security model according to you and that's just exploiting a bug in the way the server room was built, but then you have to wonder if this room was to be so secure why was there a window with no lock in the first place? Not only that but how secure are you when people can just come through the window and take the stuff out of the server room. Does your analogy above make sense? No, it doesn't, the room isn't secure and no matter how good you think the design model is (via the key) it's obviously, blantantly; insecure.
I said this like 4 times in this single thread but bugs in code that gain you priviliges rights or in the analogy made, access to the server room is a security issue. You can call them bugs in the code or exploiting a bug in the code if it makes you feel better. However, it'a security issue.
From what you're aware of? You're apparently aware of nothing. If there's one thing that pisses me off, people being really arrogant about a topic that they obviously know nothing about really, really pisses me off.
Been there many a time, nothing new is there. Here's what.. again, like I've offered others PROVE IT TO ME. I'm a put up or shutup type of guy, if I'm wrong i'll retract my statement. Until i'm proven wrong it will remain fact to me. I'll even put up the WinXP box and all.
I'll make it like microsoft.kernelcode.com or something. Also jpmorgan, I don't care how pissed off you are. It's irrelevant to the discussion. As for me being arrogant, I just made a simple statement, again I've offered many people, close friends, a friend of mine who is a microsoft employee; a whole host of people who have said NT doesn't operate on that notion. Now I offer that to you.. Again.. I will put up the box and you can prove it to me. Let me know if that's what you want to do. I'll provide the necessary information and you can get to work. Otherwise; stop spouting off.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files. Not only that but because of the way Windows is designed where everything is mashed together, when one card falls so does the whole deck.
Not once did I say anything about windows not possessing the capability. That's not even the issue, the issue is that even with that everyone is still root and can make changes to system resource files. Also that because of the design and the inclusion of things like the web browser into the default desktop and other "vital" components to the operating system. When a flaw is found in an application process it can easily bring down the rest of windows. Nowadays it might be harder but clearly still capable as proven by the actual exploitation of these severe flaws.
How you misread it, I don't know. However, I stand by my statement and it's true until someone proves that without 3rd party programs Windows will not allow modification of any of it's system resource specification files, including that of the registry. Infact, I'm willing to setup a box for someone to prove it to me, if you're so inclined, put your money with your mouth is.
Why do people keep saying this? It's not even vaguely true.
If it's not true, get on a windows machine right now as a default user and try to get into C:\windows\system. Or install a program from the net that will install dll files into a system resource dir or add key entries into the registry.
If it wasn't true I wouldn't have said it. As for the poor implementation of groups; elaborate. All of you windows folk make complaints and don't back them up, at least i'd make an effort to fix the problem or address it. How is the implementation of groups poor? Which implementation or security controls are you speaking of? What flavor of Unix? Is it possible you can give a little detail rather than just saying poor implementation of groups, etc. That doesn't fly in a realworld discussion.
I don't think you are quite correct, although I respect your position. Windows is as secure as any Unix. The Blaster virus exploited a bug in the software, not the lack of security. For example, now that my system is patched, the Blaster virus can't penetrate my system.
This is an illustration of my point, trust me when I say I understand where you're coming from. Also I wasn't speaking of the MSBlaster virus, Code Red, Nimda etc. However, I respectfully disagree with the above and it's a typical ideology that is used to refute my argument. The problem with it is simply, you had to patch your system to prevent it's abuse; that's a security issue. I didn't, your system wasn't designed for security or windows would not allow scripts and macro's to be run. Now, let us subtract the application software faults all together, lets say those don't matter. You haven't mentioned the large amount of compromising situations that can be caused with turning everything off!! You don't even begin to break the surface, this is why Microsoft themselves has started to approach security differently, albeit slowly. Personally, I don't know anything about MFC, C#, Windows programming and whatever those security descriptors or guidelines are they aren't being used.
Another point, Mozilla could never have the capability of running something via a script and even if it did, it would have to be made executable to run in the first place. Still for all that the damage would be less than that of a Windows system if the user wasn't running as root. IE: The script would have to be made executable by the website somehow, it would be automatically run and try to rm -rf / and get denied. The most it could do is take out the users home dir. It's a practice in futility.
As for the Internet Worm incident, it was a networked worm that exploited fingerd and some other utils. There was an internet back in 1988 if I recall correctly, I was only 9 but played around with it briefly via an IBM engineer on a vax machine. What's disheartining is the fact that maybe someone out there is running such an old copy of Unix that they still run whatever version of fingerd and the other util programs waiting to be exploited. It'd be like someone running Windows 286 still; it's possible but I haven't heard of the Internet Worm of 88 infecting many Unix systems. Should look into that maybe.
Also a software bug, that is exploited to gains means and privileges on a system you wouldn't originally have privileges on is a security issue. You can just call it a software bug if it makes you feel better.
No, that is NOT true. The service can be running as any user on windows and you can still gain Administrator privileges; that is the problem. If you don't believe it, try it. Setup a windows box and then break into it.
I remember when SunOS shipped with a broken login but then I'm not speaking about any specific manufacturer I'm talking overall design.
Really? Do you have any of those versions of Windows connected to the internet? If so, would you like to give me your ip? From what I'm aware of after a little buffer overflow, or crashing of one of your server processes I'll be able to do what I want.
Also when you say comprehensive user security model can you elaborate? IE: ACL's, chroots, jails etc etc. I find it hard to believe that NT3.1 and every version of windows based on it has a such a model. I don't use windows in any serious manner so I wouldn't know but I'd like to read about the models 3.1 and up use for comprehensive user security.
Slashdot Mirror
They won't be rock-solid with SCO turns around and sues EV1.
Please, stop talking out of your ass.
Thank you.
First as a parent, (i'm not one) you should trust your children. The internet is like any public place, you can't be with your child 24/7. Maybe it's because I'm not a parent, but my parents always instilled the expected behavior from me and then let me choose what it is I was going to do. This has made me a better person in life as I've made my own mistakes and have learned that what they usually say is true. So I tend to listen and accept what they have to say not as rules but as life learning experience.
Point two; I dont want to sound demeaning but parents such as yourself who set rules on things they have little to no control over end up having children who lie to your face. They end up at Billy's house using the internet to talk to some pedophile. Something you could of had control over if it wasn't for the gestapo rules as it would of been in the open. So instead of saying listen, talking to X people over the internet isn't cool and having a positive discussion with your child. You simply have no idea what's going on. Your child ends up on the run with some pedophile in Mexico and you are wondering what happened.
With children I think that the best thing is to simply let them know is that just like anywhere else the Internet is a public place. Just like I will teach my child not to talk to strangers, I'll teach them not to talk to strangers on the internet. At least not in a personal non-academic way and when they are old enough to make the decision that they feel they can do what they want, then thats their choice. However rules like "keep the door open" while on the internet will do nothing for you. Your major mistake is believing that your rules will stop a curious child, they won't. Instead of being a rule gestapo, explain to your children the positives and negatives, tell them what they need to hear so that they can expect certain things and already be alert.
Lastly, be parents. I think the problem today is that alot of parents think that setting "rules" is all they need to do when in reality understanding their children and inquiring about their lives is what parenting is all about. Teach your children, rules mean nothing if they don't know how to handle life like situations. The internet isn't the mistake, public schools aren't the mistake, life situations aren't mistakes. Stop blaming society or the internet or whatever because simply, they are here and everything has problems. It's how your child conceptualizes the problems, issues and general life situations they will have to deal with on daily basis that will determine if you are a parent, or simply a care taker. That choice is truly the parents, and the behavior of the child is truly reflective upon them. My mom used to say, "the smartest children aren't just the ones that can win spelling bee's, or get straight A's. They are usually the ones who can tell if you're bullshitting or not and have toyed with you just to get to see you cards." I guarantee you, your kids can't call a bluff, you've never even explained to them what a bluff looks like.
Heh, I think i'll call my mom now and thank her. She really prepared me for life, not just tell me to follow rules.
Yes, I know how it works on Unix, I don't know how it works with NTFS. Is it that NTFS locks the file stream for usage and if you delete it, it stops writing or writes to whereever, or what? Does anyone know how it actually works or doesn't work under NTFS? I knew for a fact FAT can't do this, but I guess my impression that NTFS can do this was grossly off base.
For instance lets say Apache is running or you have whatever service running and it's logging to X file. You change the name of the logfile while it's running, in Unix it'll continue writing to the old inode space until you restart the service or I can't remember if Apache has routines to check for this or not, but it'll do the above. In NTFS I assumed it wrote to the previous inode space ala unix; if that's not the case where does it write to?
What do inodes have to do with anything?? I was under the impression that you could delete a file and replace it with a new one in windows even while a service was/is running. The inode system has absolutely nothing to do with it. The reason for rebooting I believe are because of changes to system files or registry entries that are only loaded at start. Surprisingly NTFS is an all around nice file system, so I don't believe that to be the problem.. However I could be wrong.. do inodes in NTFS work any differently?
C# makes it easy to reuse existing C and C++ libraries; in that, it is much like the relationship of C++ to C. If you already know Gnome, you can start using C# to develop Gnome applications much more easily than picking up Java and Swing (and the Mono/Gtk# applications will work better, too).
.net and MONO specifically? It makes no sense, if it's about the language. C#, then again, that's great the more languages the better; but Mono seems to be pushing this idea of cross platform and .NET does the same when in essence that's really not the truth.
.NET, just don't use .NET. In fact, I wouldn't touch .NET simply because I think it's technically not very good. But you can still use Mono, which is shaping up to be a great, general-purpose programming platform. And because existing open source libraries, like Gtk+, Gnome, expat, X11, etc., is so easily accessible, it's very easy to start using Mono--it's just a nicer version of C++.
.NET and Mono language wise are generally one in the same albeit Mono with it's quirks and .NET with it's own (eg: gcc vs intel compilers). I have no problem with Mono until it starts pretending it's cross platform and Miguel always talks about cross platform and what if's etc etc. Part of the problem is that Miguel gives conflicting ideas, instead of one or the other you get it's about development and the language and then on the other you get this cross platform crap. If he wants people to take Mono/C# seriously in the unix world. He needs to decisively explain that it's about the language and point out what strengths it brings. That cross platform in general is unlikely on any major functional scale considering Microsoft's stance on standards and open specifications and that the developers of Mono plan to make development easier for large projects etc etc. As a developer when Miguel starts talking about cross platform and all this other crap it makes me thing he's drinking too much Microsft koolaid. No one wants to hear about that shit because it's fleeting.
Wrong. This is just wrong, If you already know Gnome and write the majority of your code using gtk/gtkmm+gnome libs. It's not going to speed anything up over the use Java or Swing. Not even in the slightest. Not to mention even in such a case, unless you're doing something RAD oriented C# is useless. All that 100% functionality cross platform nonsense is a joke. If it's just about C# then fine, make it about the language; but as of today Java is more cross platform and widely available on more platforms than C# and will probably remain that way into the forseeable future.
The company to worry about is Sun: open source Java applications do use all-Sun APIs; interfacing with native libraries is just too much hassle, and that's no accident: Sun wants you to use their APIs and give up on the free, open source APIs. And, despite all the JCP mumbo-jumbo, Sun has a lot of control over the Java platform, through numerous patents, through owning key parts of the actual implementation of key parts of the Java platform (e.g., Swing), and through their ownership of the specification and the certification process.
I'd say wrong blantantly but thats more of an opinion; it is however highly misguided as you seemingly place your trust in Microsoft. Sun might have a stronger hold on Java than the whole world might like to think but as of today can you name any 5 platforms C# runs on besides Windows? Sun has a proven track record of interoperability infact some of the protocols in use today where designed and spec'd by Sun themselves. Name one protocol from Microsoft? Name anything providing interoperability from Microsoft. Why should a developer, any developer or any business who makes cross platform software buy into
So, if you are worried about Microsoft's ownership of
I agree, but this is a conflicting statement, I don't normally like to read too much into these things but
Well, it's not their place to do that. The recordings are owned by the record companies.
Right, this is where civil disobedience makes a difference. No one told the artist to sign with the RIAA but then if they didn't would you have heard of the artist? Eventually but it's highly unlikely. So what does one do? The artists says "Listen my music is free for download, if you wanna download it, download it". The RIAA can then kiss my ass, as downloading would be my act of civil disobedience. Artist aren't doing that however, they are on the side of the RIAA and are actually making commercials saying "Downloading is bad, please don't do it.. I can't buy my new bentley of the week now.. I have to wait every 2 weeks just to get a new car". However, people still download their music and by doing so give the RIAA and artists leverage against p2p networks. If people didn't download the crap and stopped buying music.. that would make a statement.
Honestly, if I could just give the musicians their cut of the sales I would do it, despite the fact that I don't have much money. But, I do not feel bad whatsoever for depriving the RIAA of its profits, regardless of whether it's defined as theft or not.
If you really like the artist but can't afford a large sum of money for their stuff. There are many ways I feel one can get over this hurdle, including getting a friend to purchase the cd or everyone chipping in and getting the CD or buying it used or going to one of the concerts during the summer or buying a poster, action figure or whatever else the artist has. Different streams of revenue go back to the artist, albeit small but it does reach the artist.
Also, if I could make a copy of a BMW I would gladly do it (although I'm not sure if lossy compression would be safe with a car).
You can make an exacting copy of a BMW with the manufacturers spec. You just have to own the same plant and robots as BMW... Kinda like you owning a computer to make an exacting copy of music. So once everyone owns a plant and robots do you think making exacting copies of BMW's will be legal?
All that being said, you do make a good argument, and I do understand where you are coming from, but I still believe theft is too harsh of a word, and another word should be used instead.
So, what's this word?
No, that's sematically incorrect. If you DEPRIEVE someone of something it's theft. You imply that making a virtual copy is the same as removing a physical object - it isn't.
What don't you understand? You're depriving the artist their right to gain monetary value for whatever intellectual property you have downloaded. It's the not same as removing a physical object because it's not a physical object,
The owner doesn't loose anything. The downloader usually wouldn't buy the song for various reasons if downloading wasn't available, so there's no loss of sale or anything else.
If the downloader usually wouldn't buy the song for various reasons if downloading wasn't available. They shouldn't download the song for those same reasons now that the song is available for download.
And the downloader doesn't profit in the monetary sense from his downloaded song. Sure he gains a cultural/emotional experience when listiening to it, but then so would he is he listened to it on the radio and that's free, so that doesn't apply.
It's free to listen to on the radio because it's assumed the listener will listen to the ads that companies have paid for to allow the listener to freely hear the song. Even if he/she happens to hear one ad that is enough. Do alot of people listen to ad's? Probably not I know I don't I switch the station. I do gain from the listening experience though otherwise I wouldn't listen. The art of appreciating ones music enough that you'd pay for it usually makes the difference between that artist making more music.
So theft is a most incorrect term to use for this. You might as well call it drunk driving or murder. The relation is about the same as theft to the actual offense being committed.
Yes, I might as well call murdering a human being in cold blood or drunk driving with a 2,000lb weapon, theft, as their relation is about the same. Right.
So the only thing I have deprived these artists of is a sale that wouldn't have happened anyways! Another note is many of these musicians would probably be happy that I enjoyed listening to their music even though they didn't make any money off of it.
If the sale wouldn't have happened then you're use of the intellectual property shouldn't have happened. You're depriving the artists the right to make a buck by using or enjoying their intellectual property without reimbursing them for that property. In other words, you're practicing theft. If the "muscians would probably be happy that you've enjoyed listening to their music even if they didn't make any money off of it" then they should explicitly state so. In which case you wouldn't be stealing because they gave you the right to listen to their music freely without reimbursement. There are other cases where you'll over hear a song or hear a tune on the radio or somewhere in a public/private area that you might like and swapping is going to happen regardless; that's ok. Outright downloading a song because you can't afford to pay for it is stealing. It's the same as you stealing a BMW off the manufacturers line because you can't afford to pay for it. In this case you deny the manufacturer the right to profit off the actual property.. just like you deny the muscians their right to profit off their intellectual property. Exact copy or not, you deny them that right and unless they grant you rights to use their intellectual property for free you are stealing and I still consider it theft. As I said before you person and others are free to call it whatever you want so long as we both agree that it deprives the artist/creator of the intellectual property a right to profit from it.
Listen, you're free to call it what you want. Taking something that does not belong to you is called theft. If you want to use another term, then so be it. I'll use theft because thats what it is regardless of it's form.. Again taken something that does not belong to you is THEFT. You are depriving the rightful owner of his or her rights to the property, whether it be intellectual, physical or whatever. To say that because you make an exact digital copy you're not depriving anyone means nothing as you would have to have access to the original in order to make an exacting copy. So you're still depriving one of their right to gain monetary value for their blood, sweat and tears in the form of intellectual property. What do you want to call it?? Stealing? Borrowing, what? People who inact this behavior and thieves; knowingly or not they are denying one the right to monetary gain of their intellectual property. Now there might be many reasons for this, the person who owns the intellectual property might be price gouging or whatever have you but two wrongs don't make a right. You can't have your cake and eat it too.
This is untrue, sure there will be people who don't won't to buy anything at all. They are called thieves. However people like me aren't jumping on the current services because they don't offer me anything I want. What I want is the right to play my music anywhere and to do anything with it in a standard format. If it's a special format, I won't deal with it and no avid music collector is either. It just puts their collection into jeopardy or so they think. I'm technically inclined enough to know there are certain round the corner tricks but your average music collector out there doesn't want to hear "special format" or "special client". These type of people also don't use p2p; and it has nothing to do with free. It has everything to do with the quality and clarity of tracks.
If Itunes for instance all of a sudden offered high quality tracks in a standard format like mp3 of an abundance of artists for 1 dollar a track including photos, cd art, bonus tracks you could download or movie downloads.. including a service where you'd pay 20 bucks a month or so to get everything put out by that artist that month or 50 bucks to get all the live shows recorded or any number of extras.. THEN.. I'd be jumping over people left and right to swipe my card. It's new, I get more stuff for my collection, it's a standard format I have now and it's high quality. By the way when I say standard I mean a format unencumbered by specifics and that is largely playable on almost anything ie MP3. I'd take ogg if it had more hardware players but that's been slow and it seems hardware manufacturers are playing flaky.
Right now Itunes offers nothing special to make people who haven't used p2p or the ones who have been downloading copyrighted music for free anything different. It's more of the same in a different fashion. Sure, people want to easily download their music but they also want quality, extras and new whizbang services they've never heard of. The same goes for TV shows.. I know at least 30 people who want the simpsons episodes on DVD etc etc.. The only TV show I know of that has been making stuff available is South Park. I've seen Beavis and Butthead but really who wants that shit on dvd?? It's like the MPAA and the RIAA and the media in general don't want to offer anything at all.. except the same exact music/movie packaged in an overpriced cd/dvd for our pleasure?? Been there done that.. I purchased one cd this year.. ONE.
RIAA/MPPA do yourselves a favor and get your head out of your asses and stop litigating and start selling people the stuff they obviously don't know they need yet.. Like a subscription to download all the live shows of a specific artist or all revisions of a certain song.. or ultra high quality audio THX 3d mastered.. etc etc on and on and on.. the MPAA has done an excellent job with dvd's, their problem has alot more to do with 12 dollar movie tickets for a film that's worth 5 bucks. If they would stop putting out shit movies or movie theatres charging obscene prices to see a fucking shitty ass film alot of people wouldn't feel the need to go to blockbuster and/or buy the bootleg. Fire your new execs and hire the people in hollywood who knew a good movie when they saw one. It seems you guys fucked up in that respect, if they've retired.. hire them back on as consultants or something. The new breed is turning hollywood into something I don't want, far less, want to watch.. I feel bad for good actors like Denzel who have to deal with shitty ass movies.
Done and done.
This is the dumbest reason to support HP and recommend their products. Indemnification has nothing to do with the technical merits of a system. They are banking on people like you to eat this up and why? Simply because it's pretty easy to do, low cost marketing. If you are using Linux now for your own business and aren't afraid of SCO what good does this do for you and why would you recommend HP based on something like this rather than their technical merits?
Stop being a lemming and start to think about things for yourself.
No, BIND was just a piece of shit from the start.
amen.
Torvalds resposne to SCO's open letter, which seems so very odd.
What's odd about asking where the infringing code is and trying to figure out what SCO is talking about? I don't think there is anything odd about saying to your accuser what is it that I have done. If SCO is telling the truth the simple fact is they can still receive damages. So not only will the infringing and stolen code be removed from the kernel but they will also receive damages from the person(s) who put it there.
We aren't hypocrites, it's a really simple thing. It doesn't have to be in the news or even go to court. SCO just has to say "line/number file.c" has infringing code please remove the code asap. Then they take their proof of infringing code and request damages. It'd also be alot quicker than the current way they are doing things.
I don't think you actually understand the situation. Obviously no offense but you should re-read the actual case vs IBM and then what SCO itself has said over the couple of months to entirely grasp the confusing "blather" coming from SCO.
I hate these type of arguments; Haven't spoken to a 12 yr old lately, have you? Recently I decided to ask my younger brother who is 14 if he downloads music. We don't live together and I haven't seen him in a while, he then proceeded to give me a lengthy response on Napster, Morpheus and then "moving on to Kazaa". He has a part-time job at Baskin Robbins which is why we've been seeing each other more often when I'm around; heh. Anyway he makes minmum wage which is on avg about 5.15 an hour. He works about 12-15 hours a week or so. So I asked him if he bought one CD a month (12 a year) would that hurt him financially and his response was quote "I have BET, MTV, MTV 2, whatever that fuse garbage is PLUS Kazaa. I don't have a car and the only time I listen to music is when I'm not in school, at soccer or working which sucks (went off on a tangent) etc etc taxes etc etc only 12 hours etc etc. ends with; I'm not dropping money on a cd like that". Then I asked if he owned must of the stuff he shares, he said no "but it's played on the above channels so much how is stealing, I download it because when I want to hear it I want to hear it." I then explained the whole idea of IP to him and he agreed that he was stealing of course he refuses to stop his behavior. I couldn't help but agree with his sentiment though, that if it's played on all those networks plus the radio in an almost constant loop is he really stealing? Infact he said some of the songs are played so much he gets sick of them (this in reference to Sean Paul). I asked him about Itunes and all that but he says 99 cents per track is still a waste of his money, he's just gonna delete most of the crap when he gets tired of it anyway. For the record, my brother buys alot of Vinyl stuff because he thinks he can DJ.
Can the RIAA really hold a 12 yr old responsible for stuff downloaded that they constantly play on MTV or MTV2 or BET or FUSE or VH1 or CMT or DirecTV Music Channels or the Public access Video channels OR on the Radio or, on many many stations Nation and WorldWide on a repeated basis day in and day out? They shove this crap down these kids throat in every little nuck and cranny possible. Kids, who aren't old enough to even work in most cases or find a job and really shouldn't even be working, which means they have no disposable income and/or assets in any respect to consistently drop an average of 17.95 nationwide per CD for the latest buzz song, so that "X" musician/actor/model/posterchild can buy a brand new bentley?
The law was broken by this 12 yr old, but being rational and being stupid are two different things. The RIAA is being stupid and the behavior of my brother who is only two years older shows that in a couple of years he will stop purchasing music all together, especially if he's one of the few penalized.
As for myself, I've stopped purchasing music because whatever is marketed thus far is pretty much not inline with what I like. I used to download alot of old stuff and I'm generally a oldschool hiphop head etc etc. The ability for me to download opened up new doors of music infact because of downloading it opened me up to Jazz, Reggae, Classical and oddly alot of oldschool Rock.. Not the new stuff minus that group ummm I forget the name and I think their metal. In any event, i'm African American and I've found that music seems to be stereotypically based (ie: all black dudes listen to hiphop). I bought alot of Etta James, Diana Krall, Bob Marley (including tshirts), Queen, on and on because of the idea of sharing. I've stopped downloading now because I don't want to commit an illegal act but at the same time I've stopped purchasing CD's.. In 2001 I bought approximately 32 cd's. In 2002 I bought 1 cd from Amel Larrieux (the girl from Groove Theory) which I payed a premium for an autographed copy directly from her website (another share artist I forgot existed and had no idea she had a cd; shes quiet). In 2003 I have yet to buy a cd; primarily because I don't want to deal with the whole mess and instead of finding an apprecia
No, a good admin knows a systems weaknesses and strengths. There is no perfect system for all jobs, it just isn't rational thinking. However for someone to argue a weakness as a strength; that is highly irrational behavior. It's akin to the Iraqi Information Minister telling everyone that the war is going great.
A good admin knows when you need to secure something or you need die-hard stability. You don't go to windows and for good reason. In similiar fashion when you want a desktop for the little kid across the street to play video games you don't give the kid an OpenBSD or VAX machine.
If you're a devoted Windows admin that has a little unix-like box laying around more power to you, nothing wrong with that. If you think windows security is bar-none you're wrong and people including myself will point that out. If you feel i'm some unix bigot that won't respect Windows security you would be wrong. I love unix in all it's flavors minus SCO and DEC but I don't detest the latest versions of Windows, Windows 2000 is useful, NTFS I like alot, especially encryption on the fly. You see, I simply make rational choices when it comes to the best tool for the job. Windows for security is not the best tool for the job in comparison to Unix. That's a fact. If you're an admin and don't realize that, then you aren't as good of an administrator as you thought.
there's no such thing as a system that can contain an arbitrary bug and still be secure.
think about that for a while, and then think about your whole argument.
To make sure i'm not insane, or just hallucinating about this thread. I've invited others to read it. What you just said, has no relevance to the discussion or even the statements that I've made. If that's the way you feel then fine, but making statements about a system not being secure because of some "arbitrary bug" is moot; actually, it's not only moot it's pointless.
So while I think about that for a while, whilst thinking about my whole argument. How about instead of speculation. We take this argument out of the confines of slashdot and bring it into research. I've offered a machine which I can make available to whoever takes me up on the offer to participate in the "Windows doesn't operate on the everyone is root notion" contest.
Let me know if you're in I've asked several other people and would be willing to allow a group effort sort of thing. The box will be virgin WinXP and I'll allow whatever security additions to be added; fully updated, no 3rd party programs or utilities. You can have a full 2 days before I touch the machine then I will try for "Administrator".
No, that is NOT true. The NT seccurity model does not allow you to do this (without correctly authenticating as a user that is a member of the Administrators group). You can only do that if you're exploiting a bug in the code. If you're exploiting bugs in code, then you're operating outside the design of the security model.
This is the silliest thing I've heard. "You can only do that if you're exploiting a bug in the code". Hello? "If you're exploting bugs in code then you're operating outside the design of the security model"?!?! I'm archiving this post, primarily because it's the funniest thing I've seen all year.
Listen, i'm not here to make fun of people, but don't ever go to a job or into any other discussion saying what you've said above. I think maybe I should explain because it sounds as if you genuinely don't understand what security is.
If I give you a key, to your server room and you use that key to get in but everyone else can't because they don't have a key. Then you would feel you are secure, however; your server room has a window. So people without a key just enter through the window. Well, then it's operating outside the design of the security model according to you and that's just exploiting a bug in the way the server room was built, but then you have to wonder if this room was to be so secure why was there a window with no lock in the first place? Not only that but how secure are you when people can just come through the window and take the stuff out of the server room. Does your analogy above make sense? No, it doesn't, the room isn't secure and no matter how good you think the design model is (via the key) it's obviously, blantantly; insecure.
I said this like 4 times in this single thread but bugs in code that gain you priviliges rights or in the analogy made, access to the server room is a security issue. You can call them bugs in the code or exploiting a bug in the code if it makes you feel better. However, it'a security issue.
From what you're aware of? You're apparently aware of nothing. If there's one thing that pisses me off, people being really arrogant about a topic that they obviously know nothing about really, really pisses me off.
Been there many a time, nothing new is there. Here's what.. again, like I've offered others PROVE IT TO ME. I'm a put up or shutup type of guy, if I'm wrong i'll retract my statement. Until i'm proven wrong it will remain fact to me. I'll even put up the WinXP box and all.
I'll make it like microsoft.kernelcode.com or something. Also jpmorgan, I don't care how pissed off you are. It's irrelevant to the discussion. As for me being arrogant, I just made a simple statement, again I've offered many people, close friends, a friend of mine who is a microsoft employee; a whole host of people who have said NT doesn't operate on that notion. Now I offer that to you.. Again.. I will put up the box and you can prove it to me. Let me know if that's what you want to do. I'll provide the necessary information and you can get to work. Otherwise; stop spouting off.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files. Not only that but because of the way Windows is designed where everything is mashed together, when one card falls so does the whole deck.
Not once did I say anything about windows not possessing the capability. That's not even the issue, the issue is that even with that everyone is still root and can make changes to system resource files. Also that because of the design and the inclusion of things like the web browser into the default desktop and other "vital" components to the operating system. When a flaw is found in an application process it can easily bring down the rest of windows. Nowadays it might be harder but clearly still capable as proven by the actual exploitation of these severe flaws.
How you misread it, I don't know. However, I stand by my statement and it's true until someone proves that without 3rd party programs Windows will not allow modification of any of it's system resource specification files, including that of the registry. Infact, I'm willing to setup a box for someone to prove it to me, if you're so inclined, put your money with your mouth is.
Why do people keep saying this? It's not even vaguely true.
If it's not true, get on a windows machine right now as a default user and try to get into C:\windows\system. Or install a program from the net that will install dll files into a system resource dir or add key entries into the registry.
If it wasn't true I wouldn't have said it. As for the poor implementation of groups; elaborate. All of you windows folk make complaints and don't back them up, at least i'd make an effort to fix the problem or address it. How is the implementation of groups poor? Which implementation or security controls are you speaking of? What flavor of Unix? Is it possible you can give a little detail rather than just saying poor implementation of groups, etc. That doesn't fly in a realworld discussion.
I don't think you are quite correct, although I respect your position. Windows is as secure as any Unix. The Blaster virus exploited a bug in the software, not the lack of security. For example, now that my system is patched, the Blaster virus can't penetrate my system.
This is an illustration of my point, trust me when I say I understand where you're coming from. Also I wasn't speaking of the MSBlaster virus, Code Red, Nimda etc. However, I respectfully disagree with the above and it's a typical ideology that is used to refute my argument. The problem with it is simply, you had to patch your system to prevent it's abuse; that's a security issue. I didn't, your system wasn't designed for security or windows would not allow scripts and macro's to be run. Now, let us subtract the application software faults all together, lets say those don't matter. You haven't mentioned the large amount of compromising situations that can be caused with turning everything off!! You don't even begin to break the surface, this is why Microsoft themselves has started to approach security differently, albeit slowly. Personally, I don't know anything about MFC, C#, Windows programming and whatever those security descriptors or guidelines are they aren't being used.
Another point, Mozilla could never have the capability of running something via a script and even if it did, it would have to be made executable to run in the first place. Still for all that the damage would be less than that of a Windows system if the user wasn't running as root. IE: The script would have to be made executable by the website somehow, it would be automatically run and try to rm -rf / and get denied. The most it could do is take out the users home dir. It's a practice in futility.
As for the Internet Worm incident, it was a networked worm that exploited fingerd and some other utils. There was an internet back in 1988 if I recall correctly, I was only 9 but played around with it briefly via an IBM engineer on a vax machine. What's disheartining is the fact that maybe someone out there is running such an old copy of Unix that they still run whatever version of fingerd and the other util programs waiting to be exploited. It'd be like someone running Windows 286 still; it's possible but I haven't heard of the Internet Worm of 88 infecting many Unix systems. Should look into that maybe.
Also a software bug, that is exploited to gains means and privileges on a system you wouldn't originally have privileges on is a security issue. You can just call it a software bug if it makes you feel better.
No, that is NOT true. The service can be running as any user on windows and you can still gain Administrator privileges; that is the problem. If you don't believe it, try it. Setup a windows box and then break into it.
I remember when SunOS shipped with a broken login but then I'm not speaking about any specific manufacturer I'm talking overall design.
Really? Do you have any of those versions of Windows connected to the internet? If so, would you like to give me your ip? From what I'm aware of after a little buffer overflow, or crashing of one of your server processes I'll be able to do what I want.
Also when you say comprehensive user security model can you elaborate? IE: ACL's, chroots, jails etc etc. I find it hard to believe that NT3.1 and every version of windows based on it has a such a model. I don't use windows in any serious manner so I wouldn't know but I'd like to read about the models 3.1 and up use for comprehensive user security.