Yes, and on Linux i have a *CHOICE* of a dozen or more, i choose one and remove everything else because they're unnecessary and easily removed.
On windows i get the choice of having third party app(s) installed in additional to the ms ones, or just having the ms ones, i can't have third party apps instead of the ms ones.
> He explained that the files associated with those applications and features are not > actually deleted from the hard drive.
That is stupid... The idea of removing something, is to reduce clutter on your system and reduce the support burden... If something is installed but not being used it still needs security patches. If it's removed, you no longer have to worry about it at all.
Not only that, but having 2 apps to do the same thing is ridiculously wasteful and inefficient.... They are hoping that people will assume there's no point having 2 apps installed for the same purpose, and since one can't be removed they may as well keep it rather than having 2.
Oh, now that i think of it... Is it always going to be you following them, or do you think MS will actually accept input towards the spec from third parties? and potentially open up the development of the spec? Or will the future versions always be developed internally to MS and then released to the public before you even get the opportunity to start playing catch up?
And what leads you to believe that when MS come out with future versions they will continue to make the associated specs, codecs and test suites available?
There is always the risk that they won't, and based on past behavior i would suggest that's quite a likely proposition.
I believe there was only one point release of IE for OSX aswell, as it was one point release higher than the OS9 version... They may have announced they had stopped development quite late, but actual development stopped quite some time before.
Windows authentication (ie NTLM) is a server option... Firefox does support it, but doesn't send it automatically like IE does (IE will send your credentials automatically to a remote box that requests them which can be abused)..
NTLM is little better than sending basic auth over plain text, it does a challenge handshake but is weaker than md5 digest auth and can be cracked... basic auth over SSL is actually stronger than ntlm over http... and if using http md5 digest is still stronger.
also ntlm auth breaks the way http works since it requires you to send, receive, respond, receive in a single http connection when http is supposed to be request/receive, this makes it very difficult to use with a proxy.
all in all, ntlm over http is a horrible hack and is typical ms arrogance - create something new, proprietary and inferior, instead of using the existing standard digest auth.
Since OO is based on reverse engineering, it has a far more robust parser for the MS formats... Because they don't know what to expect, their parser is much better at handling unexpected data.. This is also why OO is often much better at opening damaged files.
There are bugs in MS products that have been there for years too, some of them are even security related...
Word had a bug since 97 whereby the macro function for counting lines ignored lines with bullet points on them, but when you came to insert to a particular line it counted bullet points and so would put stuff in the wrong place... They fixed it in 2007 with a security hotfix for word 2003 (wtf was a fix like this doing in a security hotfix?), but 2007 remained broken (may have been fixed by now, but i've not been forced to use it since then.
There is the SMB bug that was publicised recently, supposedly fixed a couple of months ago but the original bug was reported in 2001... This one was security related too!
Excel is known to get some complex calculations wrong (plenty of documentation on google for this)... If you are using it for financial accounting you are likely to be in violation of sarbanes-oxley requirements.
Most companies do, it is common for companies to send ms binary formats over the internet, eg via email, and blocking them would disrupt things...
But i agree, it is stupid to receive such files from the outside.. Filtering should be set up to only allow known documented formats, and then parse these formats to validate them against the spec, possibly opening and resaving them in the process to strip out anything malicious (doing this breaks the jpeg exploits that floated around a couple of years ago for instance)... Not foolproof, but will strip most things and make it much harder to get malicious code through.
The hardware may not fail, but can you really imagine MS giving a guarantee on windows? Haven't you read the license agreement which explicitly disclaims any liability?
Linux can do that, providing the hardware it's running on is capable of it.. Don't blame the OS for hardware failings. Linux can run on mainframes and has done for many years you know.
I've had NT running on IA64 and Alpha, but never worked out what type of MIPS or PPC machines are compatible (or how to acquire/emulate them), i thought it might be fun to install it just for laughs...
I drove a dodge charger (rental), it had a 2.7 liter engine, which was quite gutless in such a big car... A 2.7 in a small car might make a reasonably performing vehicle, at least if you don't care for comfort. I imagine the charger with the 6.1 liter v8 would be a much better drive.
Not really, it was never originally designed for Internet connectivity, it was supposed to be the internal groupware setup on a corporate lan... Support for talking to the outside world came later.
They won't drop Mac/Linux support until flash has been eliminated, by which point there will be no alternative... Developers will start using the newer versions of silverlight, and mac/linux users will be screwed and forced to use windows if they want to browse the web.
Adobe released the specs to flash, there is no reason why someone else couldn't create tools to create and play flash files... That would provide all the benefits of competition, while not harming the end users.
It hasn't come to pass yet. MS have demonstrated in the past that they are willing to play nice to gain marketshare, and then try to force users onto their platform later (see ie for solaris/hpux/mac).
Based on past behavior, I would say the chances of them doing it with.net are extremely high if it manages to attain a dominant position in it's market.
Other way round, MS stopped developing IE for mac so Apple began developing Safari as a replacement. IE for mac only saw one version for OSX which was extremely buggy, and a quick dirty port of the last version for OS9, it was never updated after that. Safari didn't ship with OSX until 10.3, by which point OSX itself was 3 years old, and yet had still only had a single release of IE.
Moonlight only exists because MS have disclosed most of the implementation details to them, it still lags a long way behind the MS implementation and isn't 100% compatible anyway.
When MS move to the extend phase of their plan, they will release new versions with no specs, meaning the moonlight devs will have to reverse engineer and thus be even further behind.
No, it's just the most likely outcome based on past experience...
When MS were trying to gain market share for IE they made versions for Mac, Solaris and HPUX... Once they had achieved a dominant market share and corrupted the market such that many things would only work with their browser, they ditched these versions in an attempt to force people to use windows.
Now they are trying to gain market share for silverlight, and they are making versions for other platforms. There is no reason to believe these versions will continue to be maintained once silverlight becomes a dependency.
Yes, and on Linux i have a *CHOICE* of a dozen or more, i choose one and remove everything else because they're unnecessary and easily removed.
On windows i get the choice of having third party app(s) installed in additional to the ms ones, or just having the ms ones, i can't have third party apps instead of the ms ones.
> He explained that the files associated with those applications and features are not
> actually deleted from the hard drive.
That is stupid... The idea of removing something, is to reduce clutter on your system and reduce the support burden... If something is installed but not being used it still needs security patches. If it's removed, you no longer have to worry about it at all.
Not only that, but having 2 apps to do the same thing is ridiculously wasteful and inefficient.... They are hoping that people will assume there's no point having 2 apps installed for the same purpose, and since one can't be removed they may as well keep it rather than having 2.
Oh, now that i think of it...
Is it always going to be you following them, or do you think MS will actually accept input towards the spec from third parties? and potentially open up the development of the spec? Or will the future versions always be developed internally to MS and then released to the public before you even get the opportunity to start playing catch up?
And what leads you to believe that when MS come out with future versions they will continue to make the associated specs, codecs and test suites available?
There is always the risk that they won't, and based on past behavior i would suggest that's quite a likely proposition.
Yes, a plugin which is not fully functional, ie it's inferior and probably intentionally so.
I believe there was only one point release of IE for OSX aswell, as it was one point release higher than the OS9 version...
They may have announced they had stopped development quite late, but actual development stopped quite some time before.
Windows authentication (ie NTLM) is a server option...
Firefox does support it, but doesn't send it automatically like IE does (IE will send your credentials automatically to a remote box that requests them which can be abused)..
NTLM is little better than sending basic auth over plain text, it does a challenge handshake but is weaker than md5 digest auth and can be cracked... basic auth over SSL is actually stronger than ntlm over http... and if using http md5 digest is still stronger.
also ntlm auth breaks the way http works since it requires you to send, receive, respond, receive in a single http connection when http is supposed to be request/receive, this makes it very difficult to use with a proxy.
all in all, ntlm over http is a horrible hack and is typical ms arrogance - create something new, proprietary and inferior, instead of using the existing standard digest auth.
Since OO is based on reverse engineering, it has a far more robust parser for the MS formats... Because they don't know what to expect, their parser is much better at handling unexpected data.. This is also why OO is often much better at opening damaged files.
There are bugs in MS products that have been there for years too, some of them are even security related...
Word had a bug since 97 whereby the macro function for counting lines ignored lines with bullet points on them, but when you came to insert to a particular line it counted bullet points and so would put stuff in the wrong place... They fixed it in 2007 with a security hotfix for word 2003 (wtf was a fix like this doing in a security hotfix?), but 2007 remained broken (may have been fixed by now, but i've not been forced to use it since then.
There is the SMB bug that was publicised recently, supposedly fixed a couple of months ago but the original bug was reported in 2001... This one was security related too!
Excel is known to get some complex calculations wrong (plenty of documentation on google for this)... If you are using it for financial accounting you are likely to be in violation of sarbanes-oxley requirements.
Most companies do, it is common for companies to send ms binary formats over the internet, eg via email, and blocking them would disrupt things...
But i agree, it is stupid to receive such files from the outside.. Filtering should be set up to only allow known documented formats, and then parse these formats to validate them against the spec, possibly opening and resaving them in the process to strip out anything malicious (doing this breaks the jpeg exploits that floated around a couple of years ago for instance)...
Not foolproof, but will strip most things and make it much harder to get malicious code through.
The hardware may not fail, but can you really imagine MS giving a guarantee on windows?
Haven't you read the license agreement which explicitly disclaims any liability?
Blackhats...
Linux can do that, providing the hardware it's running on is capable of it.. Don't blame the OS for hardware failings.
Linux can run on mainframes and has done for many years you know.
I've had NT running on IA64 and Alpha, but never worked out what type of MIPS or PPC machines are compatible (or how to acquire/emulate them), i thought it might be fun to install it just for laughs...
Charging for CPU cycles is actually a good idea, it might actually make people care about efficient code...
I drove a dodge charger (rental), it had a 2.7 liter engine, which was quite gutless in such a big car... A 2.7 in a small car might make a reasonably performing vehicle, at least if you don't care for comfort.
I imagine the charger with the 6.1 liter v8 would be a much better drive.
Not really, it was never originally designed for Internet connectivity, it was supposed to be the internal groupware setup on a corporate lan... Support for talking to the outside world came later.
They won't drop Mac/Linux support until flash has been eliminated, by which point there will be no alternative...
Developers will start using the newer versions of silverlight, and mac/linux users will be screwed and forced to use windows if they want to browse the web.
Adobe released the specs to flash, there is no reason why someone else couldn't create tools to create and play flash files... That would provide all the benefits of competition, while not harming the end users.
It hasn't come to pass yet.
MS have demonstrated in the past that they are willing to play nice to gain marketshare, and then try to force users onto their platform later (see ie for solaris/hpux/mac).
Based on past behavior, I would say the chances of them doing it with .net are extremely high if it manages to attain a dominant position in it's market.
Other way round, MS stopped developing IE for mac so Apple began developing Safari as a replacement.
IE for mac only saw one version for OSX which was extremely buggy, and a quick dirty port of the last version for OS9, it was never updated after that.
Safari didn't ship with OSX until 10.3, by which point OSX itself was 3 years old, and yet had still only had a single release of IE.
WMP was ditched, flip4mac is a third party implementation that is not 100% functional (it doesn't support the drm for instance)...
Moonlight only exists because MS have disclosed most of the implementation details to them, it still lags a long way behind the MS implementation and isn't 100% compatible anyway.
When MS move to the extend phase of their plan, they will release new versions with no specs, meaning the moonlight devs will have to reverse engineer and thus be even further behind.
No, it's just the most likely outcome based on past experience...
When MS were trying to gain market share for IE they made versions for Mac, Solaris and HPUX... Once they had achieved a dominant market share and corrupted the market such that many things would only work with their browser, they ditched these versions in an attempt to force people to use windows.
Now they are trying to gain market share for silverlight, and they are making versions for other platforms. There is no reason to believe these versions will continue to be maintained once silverlight becomes a dependency.
Those who ignore history are doomed to repeat it.