Which is why many places have test machines to test windows updates.
So you're suggesting that with OSS it's not necessary to test and you can slap patches and updates onto production servers without trying them out first?
Just an example in case you don't know what I'm talking about: the IE share name buffer overflow has been public for almost 30 months. An exploit allows arbitrary code execution...
Yeah, I know. I never said I used IE myself;-)
I really like Firefox but, despite many, many rants from people like me, the support for corporate users is still pretty poor. I can perfectly understand if they are going after the domestic market first but, if they are, they can't really complain about a lack of enterprise takeup
> Three cheers for efficient open-source response to bugs.
Three cheers for rushing patches out quickly with proper regression testing to avoid having to re-release with bug fixes.
Perhaps people might have some understanding of why Microsoft don't release patches 2 days after someone tells them about a vulnerability. Frankly, if I was a corporate Firefox user that had started testing Firefox for deployment, I'd be a little pissed about having to start all over again with the new version.
...that when Longhorn is released, this scary feature doesn't work anything like this article said and (gasp! shock! horror!) slashdot editors are yet again posting up articles which seek to stir up anti-Microsoft sentiment...not that that's a difficult thing on slashdot;-)
Can you really see Microsoft telling the world - "hey, your DVI TFTs are all obsolete now" - when one of Microsoft's real strengths is the backwards compatibility of the Windows platform. From a purely commercial point of view, that's not likely, is it?
No, no, no! It should be part of the OS. If I buy an OS and it is vulnerable to viruses, it is a flaw in the OS's design. Why do I have to pay extra to make my machine usable?
No, it shouldn't. If Microsoft *did* bundle AV with Windows, everyone on slashdot would be jumping up and down saying "Microsoft are being anti-competitive yet again!!". Microsoft have been (rightly) burnt by the fair competition regulations often enough to know that they cannot just bundle this in and need to offer their product so that it can compete on the open market.
That said, many people will use it because it is easiest to take it from the same vendor as the O/S, even if it's not the best solution, technically.
My biggest concern is that MS will use non-disclosed APIs to support their AV, leaving the rest of the market to use the current selection of cludges to make their work. Obviously, this would be unfair and they should be shot if they are thinking it...
These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!
Yes, yes, very good.
Coming from a corporate background, however, I should point out that it's not enough that an update should be available quickly, but that the update should have been fully regression tested against all scenarios. If you ask Microsoft, it's this testing that invariably delays the releases of their patches and this is also one of the reasons why they've moved to the "patch Tuesday" model.
Remember that if you have a potential DOS vulnerability (as an example) that is patched with a dodgy patch that kills the application, you'll have just succeeded in doing what hundreds of script kiddies try and do all day...but all by yourself:-)
I'm not being an apologist for anyone, but do not underestimate the importance of testing and also the importance of knowing that a patch has been tested to the acceptance of Firefox in the wider corporate community, which has seen only small uptakes of Firefox to date...
Prehaps you should look at the correct report http://secunia.com/product/1438/ which shows 33% of Vulnerabilities are UNPATCHED and another 33% that you have to properly configure a workaround to fix... so ya I'd rather use the one that has all those patches that fix 86% of the issues.
Perhaps *you* should read the rest of the article. Yes, 33% of the current critical flaws are unpatched but this is (listening now?) *one* patch for an admin console that can be (and should be) disabled on a production server.
So, I reckon that's *zero* actually explotable critical flaws outstanding in IIS6. Perhaps you should RTA that you are posting before quoting it...especially when the parent already pointed this out for you;-)
Anyway, if you don't want to, here's the "solution" from the secunia site:
Solution:
Administration of sensitive web based systems should always be done from a system which you do not use to read email or browse untrusted sites. This limits the attack vectors.
If you do not need the Remote Administration Tool it should be disabled.
It's good to know that with this latest version of OSX, I would be able to sync my contacts with my phone and even (gasp!) use my phone to connect to the internet. Wow!
Oh, hang on. On Monday I was able to connect to the internet using a clean build Dell Windows XP laptop and my SE Z600 phone over bluetooth with no third party software. This was done in a customer meeting, during a dull presentation without anyone else being aware that I was doing it... I had not done this before on this laptop so I had to setup the BT partnership, configure the connection setting and security. Even then it only took me a couple of mins to get an internet connection.
example : photoshop gimp
would you pay a couple 100's for somethign that is free and equally good (if not better, since a whole community is aiding with debugging and giving useful comments)?
Unfortunate example there. Gimp is not going to win over hoards of Photoshop users simply because it's too difficult to use, owing to its crazy user interface. There are other, cheaper solutions (like PSP) which are more likely alternatives than Gimp...
Awsome simply awsome the tighter they make their licensing the quicker the uptake for Linux. Hell I don't really know anyone other than some companies that buy legitimate copies of windows. Hopefully they will put a check in Office that will not let you run on a pirated system as well.
Actually, most Windows using corporates have large tie-ins with Microsoft that means they pay less per seat and can manage their licenses with more ease. If you are a large corporation and knowingly running lots of unlicensed seats of any software, you're pretty daft. It's holding your business wide open to litigation and financial loss which most shareholders won't stand for.
i don't suppose anyone on/. will mention it, but Microsoft have adopted SIP in the latest Windows Messenger client.
Note that this is *not* the same as the.NET Messenger client, which is designed for public Internet use. Windows Messenger is designed to work with a Live Communication Server, integrated into Active Directory and Microsoft Exchange. If you have the whole Microsoft suite, it actually works really well...
We use this for corporate IM, voice and video conferencing, as well as remote desktop support (using the "remote assistance" feature) and also for desktop application sharing.
6) VoIP will continue to shatter the telephone industry with the arrival of WiFi phones, which might finally be the killer app for hotspots. Eventually, all the backbone suppliers will figure out that VoIP is their salvation and will either start their own VoIP companies or ally with big VoIP players.
Hmmm, Bob clearly doesn't remember the dismal failure of Rabbit in the UK (http://news.bbc.co.uk/1/hi/technology/2175804.stm).
After all, who's going to want a phone that they can only use in certain places, when their mobile (cell) phone works near enough everywhere. Certainly there's work to do to make mobile phone calls cheaper, but their widespread coverage will make them difficult to un-seat.
Actually, pretty much all MS employees are admins on their own machines, and aren't particularly heavily restricted on what they can install, as long as it's legal and licenced.
P2P apps and their ilk are restricted, as well as most other stuff at the dodgy end of the spectrum, but no-one's formally restricted on what browser they can install. Except of course for the fact that intranet sites use windows integrated auth, and will tend to break in non-IE
Actually, integrated authentication works rather well in Firefox. Unfortunately, however, Firefox doesn't have the same concept of "zones" as IE, which is how IE decides which sites can use NTLM and which ones can't. Consequently, Firefox does not allow any sites to use it by default.
If you want to try it out, the settings are in about:config under network.automatic-ntlm-auth.trusted-uris
Sometime I am amazed by the people who post on here, many of which I'm sure work for software companies who make their money by selling software - hell, I do!
If I was one of the developers of Half Life 2, I'd be pretty riled to see scummy monkey-hangers downloading my hard work for free. Let's be honest, *anyone* can afford the £30 it costs to buy Half Life 2, especially if they have already invested several hundred quid on a PC to run it on! And if you can't afford, that *does not* automatically give you the right to take it.
You do make a good point about DRM though, and that needs to be addressed, but with the convicted monopolist refusing to license the current windoze media player codecs to any linux-friendly app vendor, we're at a bit of an impasse there.
Yup, I think it is far more likely that we will see DRM codecs being ported to other platforms than we will see non-DRM music download sites which are supported my the industry masses.
I suppose the reason the market likes Microsoft is that it is a single platform to support for and requries the least possible effort on their part to reach 90%+ of the market. If I was investing in the development of a new site, I'd make sure that this was the market I covered first and look to the emergin markets _only_ is the mainstream one proved lucrative enough.
Don't hold your breath. It's pretty unlikely to come because:
a) Contrary to what you hear on/. there simply aren't enough Linux desktop users out there to make developing and marketing such a service commercially viable at this time
and
b) The music industry has put *way* too much effort into DRM protected music to say "hey, let's let someone sell non-DRM music 'cos those crazy Linux guys won't share it with their mates, will they?"
Nothing personal you understand, but that's business (at least for them). I don't agree with it myself either, but that's the score today:-(
You do realise that just because a remote access vulnerability hasn't been reported does not mean it doesn't exist.
Yes, perhaps, but as things balance out, the number of vulnerabilities will probably give some level of indication as to the security of the product, even if, as you say, it will not allow a categorical statement.
I have to admit that these statistics rather took me by suprise - perhaps Microsoft really are making progress in security land...
Reading about this wonderful "patented tornado" which recirculates air, sounds like the Dyson vacuum cleaner, which uses the same technique to capture dust particles and hold them in the machine without having to use a filter-bag to catch them.
Slashdot Mirror
Shame on you MS.
...but if you offer me the same, I'll snap your hand off ;-)
Which is why many places have test machines to test windows updates.
So you're suggesting that with OSS it's not necessary to test and you can slap patches and updates onto production servers without trying them out first?
Just an example in case you don't know what I'm talking about: the IE share name buffer overflow has been public for almost 30 months. An exploit allows arbitrary code execution...
Yeah, I know. I never said I used IE myself ;-)
I really like Firefox but, despite many, many rants from people like me, the support for corporate users is still pretty poor. I can perfectly understand if they are going after the domestic market first but, if they are, they can't really complain about a lack of enterprise takeup
> Three cheers for efficient open-source response to bugs.
Three cheers for rushing patches out quickly with proper regression testing to avoid having to re-release with bug fixes.
Perhaps people might have some understanding of why Microsoft don't release patches 2 days after someone tells them about a vulnerability. Frankly, if I was a corporate Firefox user that had started testing Firefox for deployment, I'd be a little pissed about having to start all over again with the new version.
...that when Longhorn is released, this scary feature doesn't work anything like this article said and (gasp! shock! horror!) slashdot editors are yet again posting up articles which seek to stir up anti-Microsoft sentiment...not that that's a difficult thing on slashdot ;-)
Can you really see Microsoft telling the world - "hey, your DVI TFTs are all obsolete now" - when one of Microsoft's real strengths is the backwards compatibility of the Windows platform. From a purely commercial point of view, that's not likely, is it?
Daern
Is it just me...or does Windows not do any anti-aliasing?
It's optional. Windows *does* do text smoothing:
Right-click desktop, properties, appearance, effects, select "cleartype" from the options...
Works great here - have you got enough colours on your desktop?
Why would she stop at 7 books when making so much money? I find it hard to believe that she will just stop when she gets to 7.
Because sometimes it's not about the money, but I suppose many Americans may find that hard to believe... ;-)
No, no, no! It should be part of the OS. If I buy an OS and it is vulnerable to viruses, it is a flaw in the OS's design. Why do I have to pay extra to make my machine usable?
No, it shouldn't. If Microsoft *did* bundle AV with Windows, everyone on slashdot would be jumping up and down saying "Microsoft are being anti-competitive yet again!!". Microsoft have been (rightly) burnt by the fair competition regulations often enough to know that they cannot just bundle this in and need to offer their product so that it can compete on the open market.
That said, many people will use it because it is easiest to take it from the same vendor as the O/S, even if it's not the best solution, technically.
My biggest concern is that MS will use non-disclosed APIs to support their AV, leaving the rest of the market to use the current selection of cludges to make their work. Obviously, this would be unfair and they should be shot if they are thinking it...
These issues were announced on Monday, and now a security release is available. This shows how professional the Mozilla Foundation has become and how serious they take security issues. Good work! Security problems will inevitably appear from time to time in all kinds of software, how these issues are handled is to me just as important as the software itself. Good job!
Yes, yes, very good.
Coming from a corporate background, however, I should point out that it's not enough that an update should be available quickly, but that the update should have been fully regression tested against all scenarios. If you ask Microsoft, it's this testing that invariably delays the releases of their patches and this is also one of the reasons why they've moved to the "patch Tuesday" model.
Remember that if you have a potential DOS vulnerability (as an example) that is patched with a dodgy patch that kills the application, you'll have just succeeded in doing what hundreds of script kiddies try and do all day...but all by yourself :-)
I'm not being an apologist for anyone, but do not underestimate the importance of testing and also the importance of knowing that a patch has been tested to the acceptance of Firefox in the wider corporate community, which has seen only small uptakes of Firefox to date...
BT terrible? It's an outrage!!
Just try NTL, then you'd know what terrible service really feels like...
The only problem with that idea is all the employees would probably quit their jobs to work for Red Hat.
Is that because Red Hat need the help more than Microsoft?
Prehaps you should look at the correct report http://secunia.com/product/1438/ which shows 33% of Vulnerabilities are UNPATCHED and another 33% that you have to properly configure a workaround to fix... so ya I'd rather use the one that has all those patches that fix 86% of the issues.
Perhaps *you* should read the rest of the article. Yes, 33% of the current critical flaws are unpatched but this is (listening now?) *one* patch for an admin console that can be (and should be) disabled on a production server.
So, I reckon that's *zero* actually explotable critical flaws outstanding in IIS6. Perhaps you should RTA that you are posting before quoting it...especially when the parent already pointed this out for you ;-)
Anyway, if you don't want to, here's the "solution" from the secunia site:
Solution:
Administration of sensitive web based systems should always be done from a system which you do not use to read email or browse untrusted sites. This limits the attack vectors. If you do not need the Remote Administration Tool it should be disabled.
http://secunia.com/advisories/9334/
It's good to know that with this latest version of OSX, I would be able to sync my contacts with my phone and even (gasp!) use my phone to connect to the internet. Wow!
Oh, hang on. On Monday I was able to connect to the internet using a clean build Dell Windows XP laptop and my SE Z600 phone over bluetooth with no third party software. This was done in a customer meeting, during a dull presentation without anyone else being aware that I was doing it... I had not done this before on this laptop so I had to setup the BT partnership, configure the connection setting and security. Even then it only took me a couple of mins to get an internet connection.
Anyway, as I said. Yey for Tiger! Macs rule!
example : photoshop gimp would you pay a couple 100's for somethign that is free and equally good (if not better, since a whole community is aiding with debugging and giving useful comments)?
Unfortunate example there. Gimp is not going to win over hoards of Photoshop users simply because it's too difficult to use, owing to its crazy user interface. There are other, cheaper solutions (like PSP) which are more likely alternatives than Gimp...
Awsome simply awsome the tighter they make their licensing the quicker the uptake for Linux. Hell I don't really know anyone other than some companies that buy legitimate copies of windows. Hopefully they will put a check in Office that will not let you run on a pirated system as well.
Actually, most Windows using corporates have large tie-ins with Microsoft that means they pay less per seat and can manage their licenses with more ease. If you are a large corporation and knowingly running lots of unlicensed seats of any software, you're pretty daft. It's holding your business wide open to litigation and financial loss which most shareholders won't stand for.
i don't suppose anyone on /. will mention it, but Microsoft have adopted SIP in the latest Windows Messenger client.
.NET Messenger client, which is designed for public Internet use. Windows Messenger is designed to work with a Live Communication Server, integrated into Active Directory and Microsoft Exchange. If you have the whole Microsoft suite, it actually works really well...
p pro/maintain/wmsgrfaq.mspx
Note that this is *not* the same as the
More info here... http://www.microsoft.com/technet/prodtechnol/winx
We use this for corporate IM, voice and video conferencing, as well as remote desktop support (using the "remote assistance" feature) and also for desktop application sharing.
6) VoIP will continue to shatter the telephone industry with the arrival of WiFi phones, which might finally be the killer app for hotspots. Eventually, all the backbone suppliers will figure out that VoIP is their salvation and will either start their own VoIP companies or ally with big VoIP players.
m ).
After all, who's going to want a phone that they can only use in certain places, when their mobile (cell) phone works near enough everywhere. Certainly there's work to do to make mobile phone calls cheaper, but their widespread coverage will make them difficult to un-seat.
Hmmm, Bob clearly doesn't remember the dismal failure of Rabbit in the UK (http://news.bbc.co.uk/1/hi/technology/2175804.st
Sorry Bob, you've got that one wrong...
Can anyone provide a http link of the wmv for those that don't want to spend all morning trying to jump through the mms:// hoop?
Unlikely to be available, as the mms stream will be hosted from a Windows Media Services server (or farm thereof).
That said, I can view the stream OK from here, but it's a bit sluggish to buffer.
Actually, pretty much all MS employees are admins on their own machines, and aren't particularly heavily restricted on what they can install, as long as it's legal and licenced. P2P apps and their ilk are restricted, as well as most other stuff at the dodgy end of the spectrum, but no-one's formally restricted on what browser they can install. Except of course for the fact that intranet sites use windows integrated auth, and will tend to break in non-IE
Actually, integrated authentication works rather well in Firefox. Unfortunately, however, Firefox doesn't have the same concept of "zones" as IE, which is how IE decides which sites can use NTLM and which ones can't. Consequently, Firefox does not allow any sites to use it by default.
If you want to try it out, the settings are in about:config under network.automatic-ntlm-auth.trusted-uris
Sometime I am amazed by the people who post on here, many of which I'm sure work for software companies who make their money by selling software - hell, I do!
If I was one of the developers of Half Life 2, I'd be pretty riled to see scummy monkey-hangers downloading my hard work for free. Let's be honest, *anyone* can afford the £30 it costs to buy Half Life 2, especially if they have already invested several hundred quid on a PC to run it on! And if you can't afford, that *does not* automatically give you the right to take it.
Grumble, grumble.
You do make a good point about DRM though, and that needs to be addressed, but with the convicted monopolist refusing to license the current windoze media player codecs to any linux-friendly app vendor, we're at a bit of an impasse there.
Yup, I think it is far more likely that we will see DRM codecs being ported to other platforms than we will see non-DRM music download sites which are supported my the industry masses.
I suppose the reason the market likes Microsoft is that it is a single platform to support for and requries the least possible effort on their part to reach 90%+ of the market. If I was investing in the development of a new site, I'd make sure that this was the market I covered first and look to the emergin markets _only_ is the mainstream one proved lucrative enough.
Common business sense really...
...It'll come...
/. there simply aren't enough Linux desktop users out there to make developing and marketing such a service commercially viable at this time
:-(
Don't hold your breath. It's pretty unlikely to come because:
a) Contrary to what you hear on
and
b) The music industry has put *way* too much effort into DRM protected music to say "hey, let's let someone sell non-DRM music 'cos those crazy Linux guys won't share it with their mates, will they?"
Nothing personal you understand, but that's business (at least for them). I don't agree with it myself either, but that's the score today
> Kindly allow me to run more than one copy of the browser, please!
;-)
Errr, what O/S are you using? I am using WinXP SP2 with a multi-head card and Firefox 1.0 and I see windows all over the shop...
In fact, I've been using multi-head way back since NT4 and *never* had a problem with any browser, even IE
You do realise that just because a remote access vulnerability hasn't been reported does not mean it doesn't exist.
Yes, perhaps, but as things balance out, the number of vulnerabilities will probably give some level of indication as to the security of the product, even if, as you say, it will not allow a categorical statement.
I have to admit that these statistics rather took me by suprise - perhaps Microsoft really are making progress in security land...
Reading about this wonderful "patented tornado" which recirculates air, sounds like the Dyson vacuum cleaner, which uses the same technique to capture dust particles and hold them in the machine without having to use a filter-bag to catch them.
O N/HIST/DUALCYC
http://www.dyson.co.uk/nav/inpageframe.asp?id=DYS
I *really* don't understand patents in the US...