Linux is more modular, the components are available with source code and the updated versions are both free and more likely to still be compatible with your existing hardware...
If you absolutely must keep an old version of linux running you have options - you can update the externally facing services yourself (eg nothing to stop you installing the latest openssh on an ancient linux kernel), you can patch and rebuild older source yourself, you can remove things you don't need to decrease the attack surface.
Upgrades being free, plus most software coming with source code decreases the number of instances where a system is stuck running an old version of linux, in fact most instances of old linux out there are in the form of embedded devices which generally have a stripped down attack surface anyway.
You are still dependent on third parties in most cases, but you have lots more competing third parties to choose from so you don't need to be a huge company or government before someone will be bothered to lift a finger for you.
If you can't tell the difference between paypal.com and päypal.com then perhaps you should be booking yourself in for an eye test... The cert is doing its job, it's your fault if you can't read properly.
And it was always easy to get an SSL cert, you just had to control the domain in question and be willing to pay for the cert, the process has been entirely automated with most registrars for years. Scammers would frequently buy certs using stolen cards too.
Which they do... The scammers genuinely do own and/or control these domains. It's down to the users to notice that these domains are different from the genuine paypal domain.
The problem is very few people are aware of the correct URLs, and simply put "paypal" into google and follow the first result that comes up, or click the paypal link on ebay or that arrives in an email for example... They never directly enter https://www.paypal.com/ into their browser address bar.
1) The high cost of fuel for the trip. Concorde used Re-heat all the time it was supersonic. This may have changed.
Concorde used reheat for takeoff and when passing mach 1, at all other times it wasn't used including cruising at mach 2... It wasn't needed, but punching through the sound barrier at mach 1 was quicker with reheat and actually used less fuel that way.
Paying for support doesn't mean you can hold them to account for bugs or that these bugs will ever get fixed either... You might get their assistance to implement some kludgy workaround, but that's usually all you'll get.
You can spend that much on developers, but why would you? He said spend the same as you would have on proprietary licenses... Same price, but probably much better results especially if others do the same.
When implementing many large proprietary applications (sap, sharepoint etc) its often necessary to hire developers anyway.
Exactly... Proprietary code could be all kinds of legacy cruft hacked together, and based on the code i've seen it usually is. Rewriting the code to current best practices is time consuming and costly, no commercial business will take that decision unless they have no other choice.
On the other hand, rewrites happen quite often with open source which may result in a better end product, but often causes significant delays or new versions coming out which lack features from the previous versions etc. Open source does not face the same pressures (ie to have a sellable version available to meet deadlines), but does face different pressures (the code is visible to all, and hacky kludged together code will be seen and cast a negative light on the individuals who created it).
Well all else being equal, the open choice is almost always the better one.. When both options are buggy, at least you have the chance to fix the source yourself, and you'll always be able to maintain it and migrate your data out of it if you need to use something else in the future. Companies often spend a LOT of money on acquiring, customising and managing closed source, why not spend some of that money on bugfixing open source and returning the fixes to the community? If everyone did that then software would rapidly improve.
Only there are multiple independent implementations of HTML5, so any exploit is only likely to affect one implementation at a time. Flash only really had one implementation, so any bug affected everyone.
X11 reads the monitor DPI too, and also scales fonts, as did SGI IRIX back in the day...
Windows as you rightly point out, doesn't bother, and because of this a lot of monitors don't actually supply the required information.
People now seem to think that the point measurement used for fonts relates to pixels on screen rather than any physical size, and it's a commonly held belief that a larger monitor just makes everything bigger rather than providing more space.
The Motorola Atrix did something similar... We've even had discussions on this very site about building devices almost identical to what apple proposes... And yet they will probably be granted this patent anyway.
If by "watched movies multiple times" you mean "taking a girl to see a movie" then sure, but watching the movie was not the primary goal of the exercise...
Because it's not a bug to fix, if they're checking the user agent string and explicitly throttling performance then this clearly must be intentional sabotage to try and make competing platforms look bad.
Is the movie somehow worse if it's viewed two months later?
Yes, as by then you're likely to have seen or heard spoilers... On the other hand, if a movie is over hyped garbage you're likely to have heard this from your friends and might not bother seeing it at all.
I always disliked how some countries got movies much later than others, as you'd end up reading all kinds of spoilers online before you could watch the movie yourself. This has actually improved a bit later - not for the benefit of consumers, but because the studios are greedy and know that word of a lousy movie soon gets out which results in very poor sales in those countries getting the movie later.
Another problem is the way in which legit companies do business... If legitimate companies communicate with their customers/suppliers insecurely, then it becomes easy for scammers to do so as well. The more difficult it is to identify the scams from real requests, the more likely people are to fall for the scams.
Because legitimate companies conduct business in the exact same way - emailing invoices around and unexpected phonecalls chasing them up etc... Quite often larger companies have a high staff turnover so you're frequently dealing with different people each time so you'll get invoices from names you've never heard of... If people do their due diligence and try to verify each one then they end up behind on their work and get in trouble, especially if a payment is late and it ends up causing trouble.
Part of the reputation for things going wrong in luxury cars is due to there simply being a lot more *to* go wrong, as well as features being implemented in such cars while they were still cutting edge tech (by the time a feature makes it down into lowend cars its been refined over years)...
Another thing worth considering is cost/availability of parts... Jaguar parts are easy to source in the UK and relatively cheap, but in other countries they can be difficult to find and expensive for instance.
Perhaps ebay have become aware of a security flaw in the keyfob, and are thus trying to migrate users away from them?
Any keyfob that just displays a different code over time depends on the security of the initial seed value... If these values were compromised then so are all the tokens, and it wouldn't be the first time something like this has happened.
The trouble with saying "less secure" is that it's highly subjective, even if you're in full possession of the facts (which we may not be)...
A lack of transparency is a problem as always... These companies are a black box, and we the users/customers are expected to just accept what they tell us without having any idea of their internal processes or code etc.
But opening up the code doesn't put edge at a disadvantage, it only serves to level the playing field relative to its main competitors which are both open source.
You need to keep track of the work employees are doing, irrespective of where they're doing it... You assign them work and give them a deadline by which to complete it, and expect them to have either completed it or come up with a valid reason why not.
I've encountered office workers who did nothing all day, but always looked like they were working (they were browsing slashdot or similar, all day)...
I agree about the constant office distractions, seeing and hearing people constantly move around is extremely distracting, also them having the ability to disrupt your concentration at any time. There are the other factors, commuting is a colossal waste of time and energy, and offices tend to be located in the most inconvenient locations (lots of other offices nearby, but no affordable residential property - long commute and over congested travel routes).
I used to commute an hour each way on an over crowded train and sat in a large open plan office, i hated it, could never concentrate and always sought to leave at the earliest possible time. It was always either too cold or too hot, there was always noise and random movement, always people interrupting me.
Now i do a mix of working from home, and working in an office ~5 minutes away where i have my own room. My office is quiet and comfortable, people generally don't interrupt me unless it's urgent.
A well configured IM client won't pop up and bug you either, it will behave like email - sit in the background receiving messages until you go and read them.
Slashdot Mirror
Linux is more modular, the components are available with source code and the updated versions are both free and more likely to still be compatible with your existing hardware...
If you absolutely must keep an old version of linux running you have options - you can update the externally facing services yourself (eg nothing to stop you installing the latest openssh on an ancient linux kernel), you can patch and rebuild older source yourself, you can remove things you don't need to decrease the attack surface.
Upgrades being free, plus most software coming with source code decreases the number of instances where a system is stuck running an old version of linux, in fact most instances of old linux out there are in the form of embedded devices which generally have a stripped down attack surface anyway.
You are still dependent on third parties in most cases, but you have lots more competing third parties to choose from so you don't need to be a huge company or government before someone will be bothered to lift a finger for you.
If you can't tell the difference between paypal.com and päypal.com then perhaps you should be booking yourself in for an eye test... The cert is doing its job, it's your fault if you can't read properly.
And it was always easy to get an SSL cert, you just had to control the domain in question and be willing to pay for the cert, the process has been entirely automated with most registrars for years. Scammers would frequently buy certs using stolen cards too.
Which they do...
The scammers genuinely do own and/or control these domains. It's down to the users to notice that these domains are different from the genuine paypal domain.
Whats to stop a virus from dumping the autofill cache instead of capturing keystrokes? You've traded one problem for another.
The problem is very few people are aware of the correct URLs, and simply put "paypal" into google and follow the first result that comes up, or click the paypal link on ebay or that arrives in an email for example... They never directly enter https://www.paypal.com/ into their browser address bar.
1) The high cost of fuel for the trip. Concorde used Re-heat all the time it was supersonic. This may have changed.
Concorde used reheat for takeoff and when passing mach 1, at all other times it wasn't used including cruising at mach 2...
It wasn't needed, but punching through the sound barrier at mach 1 was quicker with reheat and actually used less fuel that way.
Paying for support doesn't mean you can hold them to account for bugs or that these bugs will ever get fixed either...
You might get their assistance to implement some kludgy workaround, but that's usually all you'll get.
You can spend that much on developers, but why would you? He said spend the same as you would have on proprietary licenses... Same price, but probably much better results especially if others do the same.
When implementing many large proprietary applications (sap, sharepoint etc) its often necessary to hire developers anyway.
Exactly... Proprietary code could be all kinds of legacy cruft hacked together, and based on the code i've seen it usually is. Rewriting the code to current best practices is time consuming and costly, no commercial business will take that decision unless they have no other choice.
On the other hand, rewrites happen quite often with open source which may result in a better end product, but often causes significant delays or new versions coming out which lack features from the previous versions etc.
Open source does not face the same pressures (ie to have a sellable version available to meet deadlines), but does face different pressures (the code is visible to all, and hacky kludged together code will be seen and cast a negative light on the individuals who created it).
Well all else being equal, the open choice is almost always the better one..
When both options are buggy, at least you have the chance to fix the source yourself, and you'll always be able to maintain it and migrate your data out of it if you need to use something else in the future.
Companies often spend a LOT of money on acquiring, customising and managing closed source, why not spend some of that money on bugfixing open source and returning the fixes to the community? If everyone did that then software would rapidly improve.
Only there are multiple independent implementations of HTML5, so any exploit is only likely to affect one implementation at a time.
Flash only really had one implementation, so any bug affected everyone.
X11 reads the monitor DPI too, and also scales fonts, as did SGI IRIX back in the day...
Windows as you rightly point out, doesn't bother, and because of this a lot of monitors don't actually supply the required information.
People now seem to think that the point measurement used for fonts relates to pixels on screen rather than any physical size, and it's a commonly held belief that a larger monitor just makes everything bigger rather than providing more space.
The Motorola Atrix did something similar...
We've even had discussions on this very site about building devices almost identical to what apple proposes...
And yet they will probably be granted this patent anyway.
If by "watched movies multiple times" you mean "taking a girl to see a movie" then sure, but watching the movie was not the primary goal of the exercise...
Because it's not a bug to fix, if they're checking the user agent string and explicitly throttling performance then this clearly must be intentional sabotage to try and make competing platforms look bad.
Is the movie somehow worse if it's viewed two months later?
Yes, as by then you're likely to have seen or heard spoilers... On the other hand, if a movie is over hyped garbage you're likely to have heard this from your friends and might not bother seeing it at all.
I always disliked how some countries got movies much later than others, as you'd end up reading all kinds of spoilers online before you could watch the movie yourself. This has actually improved a bit later - not for the benefit of consumers, but because the studios are greedy and know that word of a lousy movie soon gets out which results in very poor sales in those countries getting the movie later.
Another problem is the way in which legit companies do business... If legitimate companies communicate with their customers/suppliers insecurely, then it becomes easy for scammers to do so as well. The more difficult it is to identify the scams from real requests, the more likely people are to fall for the scams.
Because legitimate companies conduct business in the exact same way - emailing invoices around and unexpected phonecalls chasing them up etc...
Quite often larger companies have a high staff turnover so you're frequently dealing with different people each time so you'll get invoices from names you've never heard of...
If people do their due diligence and try to verify each one then they end up behind on their work and get in trouble, especially if a payment is late and it ends up causing trouble.
And so what? A mod invalidates the warranty so they get to profit from selling that replacement engine...
Part of the reputation for things going wrong in luxury cars is due to there simply being a lot more *to* go wrong, as well as features being implemented in such cars while they were still cutting edge tech (by the time a feature makes it down into lowend cars its been refined over years)...
Another thing worth considering is cost/availability of parts... Jaguar parts are easy to source in the UK and relatively cheap, but in other countries they can be difficult to find and expensive for instance.
Perhaps ebay have become aware of a security flaw in the keyfob, and are thus trying to migrate users away from them?
Any keyfob that just displays a different code over time depends on the security of the initial seed value... If these values were compromised then so are all the tokens, and it wouldn't be the first time something like this has happened.
The trouble with saying "less secure" is that it's highly subjective, even if you're in full possession of the facts (which we may not be)...
A lack of transparency is a problem as always... These companies are a black box, and we the users/customers are expected to just accept what they tell us without having any idea of their internal processes or code etc.
But opening up the code doesn't put edge at a disadvantage, it only serves to level the playing field relative to its main competitors which are both open source.
You need to keep track of the work employees are doing, irrespective of where they're doing it... You assign them work and give them a deadline by which to complete it, and expect them to have either completed it or come up with a valid reason why not.
I've encountered office workers who did nothing all day, but always looked like they were working (they were browsing slashdot or similar, all day)...
I agree about the constant office distractions, seeing and hearing people constantly move around is extremely distracting, also them having the ability to disrupt your concentration at any time.
There are the other factors, commuting is a colossal waste of time and energy, and offices tend to be located in the most inconvenient locations (lots of other offices nearby, but no affordable residential property - long commute and over congested travel routes).
I used to commute an hour each way on an over crowded train and sat in a large open plan office, i hated it, could never concentrate and always sought to leave at the earliest possible time. It was always either too cold or too hot, there was always noise and random movement, always people interrupting me.
Now i do a mix of working from home, and working in an office ~5 minutes away where i have my own room. My office is quiet and comfortable, people generally don't interrupt me unless it's urgent.
A well configured IM client won't pop up and bug you either, it will behave like email - sit in the background receiving messages until you go and read them.