Piracy never killed the Amiga, that was merely an excuse... Commodore's incompetence killed the Amiga. I knew a lot of Amiga owners, of varying age ranges... Of those, typically the adults had a lot of legit games, while the kids (who couldn't afford many games anyway) had a few legit games, and tons of copies they got from school friends. The ability to trade games with people at school was quite often the deciding factor for buying an Amiga, and later became a significant factor for buying a PC.
And as you pointed out, microsoft have benefited hugely from piracy over the years, possibly moreso than anyone else.
Insane... I don't pay to receive sms, and i very rarely receive spam through them... If it's free to send but not to receive, then there's no incentive for spammers not to send them. A cost for sending makes spamming far less likely, as the costs soon add up over millions of messages especially as some will never be read.
Well, piracy can also make a platform... The original xbox got a lot of sales from people who modded them, a console where you can throw in a large HD and copy games to it is far more useful than juggling physical media, and projects like xbmc attracted users too... A lot of Amiga users bought the system because it was easy to copy the games onto blank floppies.. PC gaming owes a lot of it's success to piracy too.
How can carriers continue to justify the high cost of their apparent super-premium data transmission?"
How can Microsoft justify the high-cost of vista premium when all you get is a DVD that cost less than $0.25 to produce? They can't, which is why a large number of users run pirated copies, and an increasing number are looking towards free alternatives like linux.
How can phone companies charge more for international telephone calls than they do for international data transmission, like Skype, which transmits the same audio? They can't, people who know about the cheaper alternatives tend to use them, i haven't made an international call direct from my phone for years.
How can Apple justify factory macbook upgrades which cost more than doing the same upgrades yourself? They don't, very few people buy bare upgrades direct from apple, some buy them from an apple store because they perform the physical installation, and some people buy new machines with upgrades already installed for the same reason. And as was stated recently regarding the flash drive for the macbook air, apple's upgrade options aren't a massive markup.
How can air lines and train companies justify changing ticket prices for the same service closer to departure, when the cost of providing the service remains the same? Ticket prices go up closer to departure, because knowing passenger volume in advance does make the service cheaper... Many airlines will allocate a smaller aircraft if there are less passengers, they have to provide less in-flight food, and less cabin crew. Cheap last minute deals are usually due to cancellations, where they have already made some money from the cancellation fee, and have already reserved the necessary resources to carry them.
How can Intel make a bunch of Core 2 chips then justify charging a premium for the ones that remain stable at higher clock rates, when both fast and slow chips cost the same amount to make? Because the ones which don't remain stable are clearly inferior, and if they cost the same as the better ones then noone would ever buy them, leaving intel with a huge stack of unsellable inferior cpus.
The answer is: The companies can charge what they like for products, the cost of production doesn't have to factor into the price at all. Companies like to maximise profits, therefore they set their prices at a point where they will make the most profit - which usually means high enough to make a good profit per item, but low enough not to drive customers to competitors. Unfortunately true, there really should be a defined reasonable profit level, which companies are not allowed to go above. This will also discourage dumping, because it will be harder to use a successful product to gain a foothold for a poor one.
So you're saying that by spamming those email to sms gateways, the victims will actually have to pay to receive those spams? That's a system just asking to be abused.
Well, we learned wordperfect for dos at school, by the time we entered the workplace there was no wordperfect for dos to be seen. You really need to teach concepts in school, teach the kids what they're looking for rather than where specific apps keep those options. Whatever they learn in school today will be obsolete by the time they start work anyway.
Yes, doing binary diffs can determine what's been changed and why... But a lot of microsoft patches qre quite big and introduce other changes not related to the fix in question. Also, have you seen the reported size of vista sp1? Just think how many fixes can be slid in there without being noticed.... Who wants to trawl through that much code?
And yes, as you pointed out they often won't fix the holes... Or will wait for an opportunity to slide the fix in silently.. It's well known that newer products share a lot of code with older ones, and yet often holes have been found in older versions which don't affect current versions. Some of these are due to additional security features, but a lot are due to being silently patched in the new version.
Ofcourse, holes which are known about internally but not fixed for fear of hackers reverse engineering the patch (usually out of desire not to admit having the issue, rather than a misguided attempt to protect the customers) are far more worrying, as blackhats may already be aware of them.
I believe an unpublished vulnerability in the asn.1 handling was fixed alongside the published vulnerability in the same patch... An exploit for that was reverse engineered from the patch.
Microsoft depend on backwards compatibility, a significant proportion of their users actively dislike their products but are forced to use them for compatibility with crufty old apps. If they were forced to forego that compatibility and/or run a virtual machine for their crufty old apps, they're likely to use the opportunity to break their dependence on microsoft.
Cleaner yes, because the original design wasn't so flawed and thus doesn't need as many "layers of hacks" as you put it.. Unix is not hugely different from how it was 20 years ago, windows is wildly different but still tries to maintain compatibility with it's crufty past. There's no reason a design can't continue to be useful for 20 or more years, if it was designed well in the first place. A lot of modern unix apps can be compiled on very old unixes with little or no difficulty, some people still maintain repositories of packages ported to platforms like AMIX (commodore amiga unix, the core os of which hasnt been updated since 1993).
Yes, VMS was a perfectly good design, as was NT to start with... It's all the cruft they tacked on afterwards that makes it the nasty over complicated mess that it is.
Yes, plenty of things that are old, but something just being old does not qualify it as cruft... By cruft, i mean something that is now deprecated because it was flawed, but is still maintained for backwards compatibility. I'm talking about things like lanman encryption, old versions of directx (i hear the latest versions include all the previous apis in addition to the new ones), and the multiple copies of winsock you get on windows nowadays. Unix has many things which are old, but are still actively used.
There are however a lot less people still using old open source systems, simply because the cost to upgrade is much lower and the performance doesn't suffer as much. A lot of modern linux distributions don't include the backwards compatibility libs required for running really old compiles, however you can still install them if you need them, just that the vast majority of people don't require them. Also, since most linux apps come with source code it's often easier to simply recompile the old app on a new system, the basic api's haven`t changed... I recently compiled an app i originally wrote in 1994 targeting sunos 4.x machines, on a modern linux system without issues.
Or just run ssh on a non standard port, the automated scripts aren't smart enough to scan for other ports running ssh, and it wouldnt be worth it for them to do so... People moving ssh ports are more likely to be tech savvy, and thus less likely to have weak passwords, plus the extra scanning time will severely impact the performance of the scanner.
All of the ssh brute forcing tools i've seen are based on libssh, and announce as much in their banner... It's a fairly trivial patch to make sshd do pattern matching on the connecting client, and drop connections from libssh based clients.
Exactly, a poor short sighted design in the first place, without any thought as to what might be needed in the future and how the design could be improved... You don't see any unix based os having so much cruft and other problems as windows has.
Because IBM's systems were implemented properly in the first place... Like someone else said, earlier versions of windows simply had no security whatsoever, and thus apps were written with that in mind, and now they're stuck having to support such apps.
And how many were patched silently without being publicly disclosed? Will microsoft be willing to disclose their internal changelogs (if they even exist) detailing exactly what changes were made to code and why? Vista SP1 looks to be huge, how many vulnerabilities known only to microsoft are going to silently get fixed without ever being disclosed to the public?
// Whichever OS is chosen, I believe most people will install the default set of components and use that.
Maybe on Linux, on windows they will find they can't actually do what they need to with the default set of components, and then have to install extra third party apps.
Yes, most distributions do ship with superfluous software that doesn't need to be there... They also ship with a package management tool that allows you to remove literally everything piece by piece. Windows lets you remove some of the basic default apps, but it doesn't let you remove frameworks like directx, the html rendering libs, the graphics layer, all sound support etc... I have linux webservers which have little more than a basic kernel with scsi/networking and serial console support, apache installed with the most basic set of tools to configure the network and start apache.
The kernel itself is simpler, the difference is drivers... Windows doesnt include many drivers, most are sourced from third parties. It also doesn't include many optional components, anything optional tends to come from third parties too.
Linux ships with a large set of hardware drivers in the kernel, although they can be turned off.. Windows comes with things like video support that can't be removed, and which needs third party drivers to work properly.
Better, but still flawed... Microsoft is in the best position to find flaws in vista, and when they do find them they get patched silently, because admitting to having a problem is bad for business. Linux vendors on the other hand, do report any issue regardless of where it was found, because their goal is to protect their users, and telling them there's a problem and encouraging them to fix it quickly is better than keeping it quiet until they can slip a patch through unnoticed. How many security holes will sp1 for vista close?
The point is that they are wasting money unnecessarily when they don't have that money to waste... Not spending this money on unnecessary computer purchases wouldn't save many jobs, but if they're willing to waste money so frivolously in one area then what about other areas?
And also, how many of these were patches for applications that vista doesn't ship with an equivalent of?
And how many of these patched flaws were discovered by the developers of those applications? Which in RH's case means the issue is published, but in MS's case would not be published.
Backwards compatibility going out the window is actually a good thing... Microsoft never had a proper overall design for windows, and it shows... Early versions were simply hacked together in completely haphazard ways, things were built quickly with no forethought. As a consequence, there is lots of kludgy legacy code kept around for backwards compatibility, including many duplications where an old method was considered fundamentally flawed and unfixable, and discouraged from being used by new apps, but is still kept round for backwards compatibility, one such example is the lanman password hashing.
If they completely ditch backwards compatibility, they could remove all this old cruft and start again with a proper clean design, but as usual they're taking a half-assed poorly thought out approach.
Again, a ridiculous comparison based on reported security holes...
Microsoft are in the best position to find holes in vista, having the source code. They have no incentive to report them, and will just fix them silently. OSX is in the same boat but to a lesser degree, and with ubuntu/redhat all the issues will make it into the public domain. The only vista issues which make it public, are ones discovered by third parties, which are probably less than the number found internally because internal developers have access to the source, access to the original devs and a more intimate knowledge of the inner workings.
Then you have to consider functionality, vista comes with one web fairly old web browser, one mail client, a rudimentary text editor, a single-protocol im client, a trivial drawing program, a simple media player with a small number of codecs and a few very simple games... Ubuntu/RHEL come with multi protocol im clients, a full office suite, a larger number of slightly less simple games, a larger and more capable set of networking tools, scanner software, fully capable drawing software, a much larger set of hardware drivers bundled by default, and lots more besides...
It's like trying to compare the rudimentary "peoples cars" produced in the former USSR, with only rudimentary features and a largely hidden safety record, to the luxury cars being produced in the west around the same time... Try comparing a Zaporozhet to something like an E-type Jaguar.
Piracy never killed the Amiga, that was merely an excuse...
Commodore's incompetence killed the Amiga.
I knew a lot of Amiga owners, of varying age ranges... Of those, typically the adults had a lot of legit games, while the kids (who couldn't afford many games anyway) had a few legit games, and tons of copies they got from school friends. The ability to trade games with people at school was quite often the deciding factor for buying an Amiga, and later became a significant factor for buying a PC.
And as you pointed out, microsoft have benefited hugely from piracy over the years, possibly moreso than anyone else.
Insane...
I don't pay to receive sms, and i very rarely receive spam through them...
If it's free to send but not to receive, then there's no incentive for spammers not to send them. A cost for sending makes spamming far less likely, as the costs soon add up over millions of messages especially as some will never be read.
Well, piracy can also make a platform...
The original xbox got a lot of sales from people who modded them, a console where you can throw in a large HD and copy games to it is far more useful than juggling physical media, and projects like xbmc attracted users too...
A lot of Amiga users bought the system because it was easy to copy the games onto blank floppies..
PC gaming owes a lot of it's success to piracy too.
So you're saying that by spamming those email to sms gateways, the victims will actually have to pay to receive those spams? That's a system just asking to be abused.
Well, we learned wordperfect for dos at school, by the time we entered the workplace there was no wordperfect for dos to be seen.
You really need to teach concepts in school, teach the kids what they're looking for rather than where specific apps keep those options. Whatever they learn in school today will be obsolete by the time they start work anyway.
Yes, doing binary diffs can determine what's been changed and why... But a lot of microsoft patches qre quite big and introduce other changes not related to the fix in question.
Also, have you seen the reported size of vista sp1? Just think how many fixes can be slid in there without being noticed.... Who wants to trawl through that much code?
And yes, as you pointed out they often won't fix the holes... Or will wait for an opportunity to slide the fix in silently.. It's well known that newer products share a lot of code with older ones, and yet often holes have been found in older versions which don't affect current versions. Some of these are due to additional security features, but a lot are due to being silently patched in the new version.
Ofcourse, holes which are known about internally but not fixed for fear of hackers reverse engineering the patch (usually out of desire not to admit having the issue, rather than a misguided attempt to protect the customers) are far more worrying, as blackhats may already be aware of them.
I believe an unpublished vulnerability in the asn.1 handling was fixed alongside the published vulnerability in the same patch... An exploit for that was reverse engineered from the patch.
Microsoft depend on backwards compatibility, a significant proportion of their users actively dislike their products but are forced to use them for compatibility with crufty old apps. If they were forced to forego that compatibility and/or run a virtual machine for their crufty old apps, they're likely to use the opportunity to break their dependence on microsoft.
Cleaner yes, because the original design wasn't so flawed and thus doesn't need as many "layers of hacks" as you put it..
Unix is not hugely different from how it was 20 years ago, windows is wildly different but still tries to maintain compatibility with it's crufty past.
There's no reason a design can't continue to be useful for 20 or more years, if it was designed well in the first place.
A lot of modern unix apps can be compiled on very old unixes with little or no difficulty, some people still maintain repositories of packages ported to platforms like AMIX (commodore amiga unix, the core os of which hasnt been updated since 1993).
Yes, VMS was a perfectly good design, as was NT to start with...
It's all the cruft they tacked on afterwards that makes it the nasty over complicated mess that it is.
Yes, plenty of things that are old, but something just being old does not qualify it as cruft...
By cruft, i mean something that is now deprecated because it was flawed, but is still maintained for backwards compatibility. I'm talking about things like lanman encryption, old versions of directx (i hear the latest versions include all the previous apis in addition to the new ones), and the multiple copies of winsock you get on windows nowadays.
Unix has many things which are old, but are still actively used.
There are however a lot less people still using old open source systems, simply because the cost to upgrade is much lower and the performance doesn't suffer as much.
A lot of modern linux distributions don't include the backwards compatibility libs required for running really old compiles, however you can still install them if you need them, just that the vast majority of people don't require them. Also, since most linux apps come with source code it's often easier to simply recompile the old app on a new system, the basic api's haven`t changed... I recently compiled an app i originally wrote in 1994 targeting sunos 4.x machines, on a modern linux system without issues.
Or just run ssh on a non standard port, the automated scripts aren't smart enough to scan for other ports running ssh, and it wouldnt be worth it for them to do so...
People moving ssh ports are more likely to be tech savvy, and thus less likely to have weak passwords, plus the extra scanning time will severely impact the performance of the scanner.
All of the ssh brute forcing tools i've seen are based on libssh, and announce as much in their banner...
It's a fairly trivial patch to make sshd do pattern matching on the connecting client, and drop connections from libssh based clients.
Exactly, a poor short sighted design in the first place, without any thought as to what might be needed in the future and how the design could be improved...
You don't see any unix based os having so much cruft and other problems as windows has.
Because IBM's systems were implemented properly in the first place...
Like someone else said, earlier versions of windows simply had no security whatsoever, and thus apps were written with that in mind, and now they're stuck having to support such apps.
And how many were patched silently without being publicly disclosed?
Will microsoft be willing to disclose their internal changelogs (if they even exist) detailing exactly what changes were made to code and why? Vista SP1 looks to be huge, how many vulnerabilities known only to microsoft are going to silently get fixed without ever being disclosed to the public?
// Whichever OS is chosen, I believe most people will install the default set of components and use that.
Maybe on Linux, on windows they will find they can't actually do what they need to with the default set of components, and then have to install extra third party apps.
Yes, most distributions do ship with superfluous software that doesn't need to be there...
They also ship with a package management tool that allows you to remove literally everything piece by piece.
Windows lets you remove some of the basic default apps, but it doesn't let you remove frameworks like directx, the html rendering libs, the graphics layer, all sound support etc... I have linux webservers which have little more than a basic kernel with scsi/networking and serial console support, apache installed with the most basic set of tools to configure the network and start apache.
The kernel itself is simpler, the difference is drivers...
Windows doesnt include many drivers, most are sourced from third parties.
It also doesn't include many optional components, anything optional tends to come from third parties too.
Linux ships with a large set of hardware drivers in the kernel, although they can be turned off.. Windows comes with things like video support that can't be removed, and which needs third party drivers to work properly.
Better, but still flawed...
Microsoft is in the best position to find flaws in vista, and when they do find them they get patched silently, because admitting to having a problem is bad for business. Linux vendors on the other hand, do report any issue regardless of where it was found, because their goal is to protect their users, and telling them there's a problem and encouraging them to fix it quickly is better than keeping it quiet until they can slip a patch through unnoticed.
How many security holes will sp1 for vista close?
The point is that they are wasting money unnecessarily when they don't have that money to waste...
Not spending this money on unnecessary computer purchases wouldn't save many jobs, but if they're willing to waste money so frivolously in one area then what about other areas?
And also, how many of these were patches for applications that vista doesn't ship with an equivalent of?
And how many of these patched flaws were discovered by the developers of those applications? Which in RH's case means the issue is published, but in MS's case would not be published.
Backwards compatibility going out the window is actually a good thing...
Microsoft never had a proper overall design for windows, and it shows... Early versions were simply hacked together in completely haphazard ways, things were built quickly with no forethought. As a consequence, there is lots of kludgy legacy code kept around for backwards compatibility, including many duplications where an old method was considered fundamentally flawed and unfixable, and discouraged from being used by new apps, but is still kept round for backwards compatibility, one such example is the lanman password hashing.
If they completely ditch backwards compatibility, they could remove all this old cruft and start again with a proper clean design, but as usual they're taking a half-assed poorly thought out approach.
Again, a ridiculous comparison based on reported security holes...
Microsoft are in the best position to find holes in vista, having the source code. They have no incentive to report them, and will just fix them silently. OSX is in the same boat but to a lesser degree, and with ubuntu/redhat all the issues will make it into the public domain. The only vista issues which make it public, are ones discovered by third parties, which are probably less than the number found internally because internal developers have access to the source, access to the original devs and a more intimate knowledge of the inner workings.
Then you have to consider functionality, vista comes with one web fairly old web browser, one mail client, a rudimentary text editor, a single-protocol im client, a trivial drawing program, a simple media player with a small number of codecs and a few very simple games... Ubuntu/RHEL come with multi protocol im clients, a full office suite, a larger number of slightly less simple games, a larger and more capable set of networking tools, scanner software, fully capable drawing software, a much larger set of hardware drivers bundled by default, and lots more besides...
It's like trying to compare the rudimentary "peoples cars" produced in the former USSR, with only rudimentary features and a largely hidden safety record, to the luxury cars being produced in the west around the same time... Try comparing a Zaporozhet to something like an E-type Jaguar.