It's also not really true. VAC and PunkBuster were indeed beaten, largely because the companies behind them weren't willing to put the required effort in (VAC went for long periods with no updates at all). Companies that put more effort in and know what they're doing, like Blizzard, have successfully fended off things like WoW!Sharp with anti-cheating software.
But more generally, it's very common for programs to use utility libraries that make network calls on their behalf. Simply shelling out to wget would bypass your absurdly simple check and doesn't have to be malicious. How much software is written these days that invokes BSD sockets directly? I wouldn't do it if I had a better library to wrap it, and usually I do.
If my grep does not find it, someone else will some day.
Your faith is remarkable but misguided. How many people do you think read the 10,000 line auto generated shell scripts we call "configure"? Not many. Probably none.
You need to distinguish exploiting the browser and what you do with that exploit, which you aren't doing currently.
There have been many cross-platform exploits available for Firefox in the past, largely around breaking JavaScript security and gaining chrome privileges. Once you have them you can do anything Firefox can, including downloading extra code and running it. Now you have taken control of the browser most attackers downloaded Windows malware and ran it, because MacOS X and Linux don't have enough market share to bother with. But that's not inherent to the Firefox bug. The exploit could easily have had an if (linux) conditional in it which downloaded and ran an equivalent trojan for Linux.
So the fact that most Firefox exploits are "Windows only" is true only because it's easier to write a good trojan in C++/Win32 than XPCOM based JavaScript. If somebody decided to write malware that didn't rely on Windows only code (perfectly possible) then it'd work on all platforms Firefox supports. Hence Firefox has had security problems.
All your arguments could have been said about Firefox as well, but they still wouldn't have held true. Go look up InputManager injectors and Leap-A. And it's not anywhere near 15% market share yet.
It's not so hard to write a Firefox hack that works on all platforms. But most hackers are interested in installing malware onto your system, and that tends to be written for Windows. But you've done a good job of missing my point - market share is what matters. I can guarantee you that if MacOS had 15% market share there'd be people out there attacking it, and succeeding. Deal with it.
While we are at it, what free, open source video format allows you the same DRM protection that is built in to WMP? I really hope you can answer this question, because you can bet that in the production of their content the BBC has entered in to some agreements that will require some form of DRM for redistribution online.
There aren't any. However, most US broadcasters seem happy to use IP geocoding restrictions as their form of DRM. For instance ABC does this. IP geocoding is not hard to circumvent for people who know what they are doing and have access to a proxy inside the restricted area, but most people don't have that. It's about as decent a form of protection as relying on the nature of radio waves is, so they might as well use it.
Also, aren't there already Linux applications that can play WMP content?
Not if it's encrypted. To read Slashdot you might believe that no DRM scheme lasts for more than five minutes, however, both the Microsoft and Apple DRM schemes are only broken occasionally and when they are broken, they are repaired extremely quickly. The last crack I heard of for Windows Media DRM was in February of last year, and it required you to own a license to the content to decrypt it. It also wasn't an algorithmic hack, it relied on a weakness in the way the key was stored in memory by the decryption engine. So you wouldn't be able to use it on Linux anytime soon.
Certain others, like Symbian, seem to do well too. I don't know of many Symbian compromises, in spite of the hundreds of millions of Symbian devices that spend 100% of their time connected to the network.
Are you kidding me? Try switching your phones Bluetooth on and walking around a city for a few days. You'll almost certainly be asked to receive a.sis file - this is a Symbian virus. The most common exploit in Symbian is actually not a buffer overflow from what I understand but a GUI modality exploit.... when receiving a SIS file you can't do anything else except say yes or no, and if you say no the sender is notified and can immediately ask again. So these viruses simply dos the GUI until you accept, at which point, your phone is infected. ActiveX had a similar problem but Microsoft fixed it with XP SP2
Who cares WHY I don't get my Mac house burgled as often as my neighbors Windows house.
Smart people would care.
The problem with your line of reasoning is that it is self defeating. Let's say I go around telling everybody that Macs are more secure than Windows PCs. This isn't true if you take security in the objective sense - Mac OS X is of the same design era as Windows and Linux, and has lots of vulnerabilities. What's more, Apple don't seem to have any equivalent to the Secure Development Lifecycle judging by the latest release of Safari.
But OK. Let's say that in practice it's true, because statistically they are attacked less often. Now what? Well, I guess a bunch of people will listen to me, and say "gosh, I should buy a Mac, all these IT guys tell me it's more secure than a Windows PC". So Apples marketshare goes up. The case of Firefox seems to show that around 10-12% market share is when you get interesting to attackers. Apple are some way off that mark yet, but if lots of people by Macs thinking they are safe from attackers, one day that will no longer be true. When it stops being true, it won't be their fault, it won't be that the hardware they bought changed - it'll be because they were fed fallacious reasoning by people they trusted.
I used to believe Firefox was more secure than Internet Explorer. Judging by the number of vulnerabilities it's had, I think this is hard to argue these days. I promote Firefox for other reasons, and you can promote Apple for other reasons, but please - don't mislead people by telling them obscurity is security.
Fuck the features. Does it get good reception and decent range? Can it survive being dropped, mishandled, weather etc? Does it actually last for more than 18 months? Can I hear you properly....?
Why? I like features! But OK, here are your answers. Yes it gets decent reception and range, at least, I've never had any problems with that when my friends didn't. Can it survive being dropped/mishandled/weather etc. Well I took my W800i through the Mexican jungle, have dropped it more times than I care to think and I've had it for about two years now yet it all still works. The only part I've had to replace is the external mini-jack adapter which doesn't seem to be too robust... if you let the cable catch on things eventually the wires inside will work loose and you'll have to buy another. The phone itself is pretty robust though.
the combination of a fast operating system and easy to use keyboard
It's worth repeating this point. The OS is not only fast and easy to use, it also looks gorgeous. Sony took the lessons from OS X to heart very quickly and have made all their phones beautiful with the sorts of slick animation and semi-transparency you'd expect from an Apple product.
The iPhone looks interesting and I'd like to play with one, but I pretty much already decided that my next phone would be the next generation of SE Walkman phones, as they have all the features of the iPhone and more as far as I can tell (for instance the TrackID feature which identifies what music is playing in the background).
It also has amazing battery life, is lightweight, stable and features like BlueTooth and Java actually work. In fact if you use them, Java apps/games run very fast on these phones as they use the AMD Jazelle hardware support for JVM opcodes.
You wouldn't do it over and over again because at some point the top 1% won't be using significantly more bandwidth than the next 1%. You want to chop off the spike at the end of the graph, eliminating the top 2% doesn't mean eliminating the next 2% frees up as much bandwidth, obviously.
Er, no. The fucking kiddies who decided to encrypt P2P traffic so they could get free tunes have unsurprisingly managed to degrade encrypted traffic for everyone, the LAST thing we want is for them to do the same for web traffic as well.
Now I'm not going to pretend companies like Rogers or Time Warner are misty eyed innocents in all of this, but I also don't believe they have sysadmins there cackling and rubbing their hands with evil glee at the prospect of throttling all encrypted traffic. A far simpler explanation is that it's the only way to avoid their network being overloaded by P2P traffic. If you must sit on torrents 24/7 then pony up the cash for a T3 to your house, don't start dicking around with the fundamentals of TCP/IP - the majority of people who aren't like you won't appreciate it.
Some programs go so far as to only remove the shortcuts and say "Uninstall Complete!", while others leave behind large swaths of registry entries and several MB of unnecessary files at C:\, Windows, Program Files, AppData, Local Data, Local Data\AppData (the other AppData, ugh) and anywhere else they please.
Your complaint boils down to "some people make bad packages", which occurs on Linux as well, and is just the nature of software to be imperfect. I cannot count the number of bugs or non-working setups I've tracked down to bad packages, and even better, in the Linux world fixing such a bug once doesn't make it go away - it'll be repeated in 3 months time by a different distribution.
But the real failure in Windows is a decent way to keep any number of applications up to date.
I'm sure it'll happen eventually, but it's curious that there are no viruses on the loose that target OS X
You need a certain critical mass of market share before people find it profitable to target a new platform. For Firefox the "break point" was around 12% market share. Apple is nowhere near approaching that level of market penetration worldwide, so I doubt there'll be any serious Mac virus outbreaks for some time unless their market share starts growing rapidly.
Still, there's no point in Mac users denying things - the platform is not secure nor better engineered than Windows is. And it never was. The collective denial over the Macs security problems have been around for a long time, and eventually the day will come when somebody finds a bot sucking bank account details out of Safari on their machine. It's only a matter of time.
By "the crime" you are referring to not a normal type of crime, you are referring to people who are about to kill themselves to make a political statement. Cameras clearly aren't going to bother these people at all, so why pretend they make or break the system?
The type of crime cameras are good at discouraging (obviously prevention isn't a realistic goal) are things like, if somebody insults me on the tube, and I had a bad day and am tempted to sock 'em one, or if I see somebody put down their briefcase and am tempted to grab it and run. These sorts of crimes are at very low levels historically, which makes sense - unless you have some way to hide your face, you run the risk of being identified by cameras. That's not really true if this is your first offence because it's hard to identify a random citizen from a grainy camera shot, but it's very much true if you've already committed crimes and are known to the police, so they know to look out for you. And of course if it's your first crime, but it's horrible enough, like kidnapping children or killing somebody, then your face will be put in papers and now moving around the country is much harder.
This of course meant that you, in turn, could observe them right back and if you felt like it, go up to them and ask them what their fucking problem was.
Chavs doing exactly that is the reason we have the cameras in the first place;)
Telephones, computers (in general), vehicles, helecopters, and remote controlled robots (depending on their application) don't infringe on people's rights. Cameras on every corner with the ability and threat of watching you even in your home do.
This is all based on a basic idea, which is that you have privacy when you are walking around in the street. I don't know where that idea comes from, maybe because the US is less densely populated in parts, but the idea of walking around an urban area without being seen by (gasp) live people is just ridiculous in England. Maybe if you're in the outskirts at 3am, you might avoid walking past somebody for 20 minutes or so, tops.
If I go out onto the street and walk around naked, well, that'd be a violation of the law and only an idiot would try and turn it into a privacy issue. By definition, if you aren't inside your house with the curtains drawn, people you don't know can probably see you. To pretend otherwise is fallacious.
One other thing I don't get. For some reason, bobbies on the beat don't cause privacy issues, but when technology is used, that magically makes it a privacy invasion.
I don't have any strong opinion on the police issue one way or another, but your argument makes no sense. For all you know the use of advanced technology stopped 10 bombings just like it. Remember they only have to win once, law enforcement has to win every time.
It's not your bet to make though. And actually, I saw a guy from a games studio (was it Ubisoft? I forget) work through exactly those formulas for a new video game they were producing. He produced all the figures. And in fact, they had figures on piracy levels for a previous generation of the game, and copy protection technology was a pretty good deal. That's why they were going to use it and why even though he was your regular game-coding, slashdot-reading drm-hating geek he wasn't going to bother arguing with management about it.... because they were basically right.
Now, when you just spent a few tens of millions of dollars making a movie, you're perfectly welcome to run the numbers and come to your own conclusions, but I suspect that not every movie studio is staffed entirely by financial idiots, so there's probably something to it.
It's kind of the whole point of universal search that you don't need to pick which web property you're on. It's all available from the same universal search box - the one on google.com. That said, what you reported sounds like a bug/feature regression.
I'm not sure why I'm arguing about this with you. You don't seem to read what I write. I'm also starting to think, WTF?
No it's not, there are about 4 packages you can make that will cover 99% of users: RPM, DEB, TGZ and source. Just configure your build script to make each one every time you build, it's a 1-time cost in effort for the author.
If you think it's actually that simple for software of any interesting complexity, I can only guess you've never done it before. Either that or you don't care about any kind of integration with anything. I spent 4 years distributing various programs on Linux and dealing with the problems it caused. Have you?
Only if your program is written to require the latest and greatest versions of dependent libraries, otherwise if Feisty has a binary compatible version of your dependency, you don't need to create a new package.
What binary compatibility? There are no guarantees on this, for any distro. Which is why I said, you can try, but it'll probably break somewhere in exotic ways.
You can create a single package that works with multiple incompatible versions of dependent libraries?
Actually, yes. Look up relaytool - it's a lot of work though.
That is only because WineHQ offers a repository for easy updating. They could just offer the.deb file for you to "just download and install".
Only if there are no dependencies. Otherwise dpkg will make you resolve them yourself. Seriously, how can you not know this?
Yes, it is now (although usually not the latest version, actually). My reading of the article/summary - which hopefully is wrong - is that this won't be the case in future, because of how Mark S wants to 'position' Ubuntu. Let's say I'm right. What then?
Yeah. I really hope that's what was asked. I'm hoping I was too quick off the mark and the eWeek/slashdot article was very misleading. Shuttleworth is a practical guy so it's kind of hard to imagine this coming from him.
Nonetheless, I've seen software be left out in the cold before when it comes to this repositories system. That's why I'm paranoid about this. It's only a matter of time before it actually does happen, even if this article is wrong. You give people the power to choose what others can [easily] do with their hardware, and inevitably, they will choose. It's happened before, it'll happen again. Changing the system is the only way to avoid it.
Slashdot Mirror
I hereby declare the Real Mikes Law, a corollary to Ortegas Law.
As an online discussion progresses, the probability of blaming Bush correctly for something approaches one.
It's also not really true. VAC and PunkBuster were indeed beaten, largely because the companies behind them weren't willing to put the required effort in (VAC went for long periods with no updates at all). Companies that put more effort in and know what they're doing, like Blizzard, have successfully fended off things like WoW!Sharp with anti-cheating software.
void *fn = dlsym(NULL, ReverseString("tekcos"));
But more generally, it's very common for programs to use utility libraries that make network calls on their behalf. Simply shelling out to wget would bypass your absurdly simple check and doesn't have to be malicious. How much software is written these days that invokes BSD sockets directly? I wouldn't do it if I had a better library to wrap it, and usually I do.
Your faith is remarkable but misguided. How many people do you think read the 10,000 line auto generated shell scripts we call "configure"? Not many. Probably none.
You need to distinguish exploiting the browser and what you do with that exploit, which you aren't doing currently.
There have been many cross-platform exploits available for Firefox in the past, largely around breaking JavaScript security and gaining chrome privileges. Once you have them you can do anything Firefox can, including downloading extra code and running it. Now you have taken control of the browser most attackers downloaded Windows malware and ran it, because MacOS X and Linux don't have enough market share to bother with. But that's not inherent to the Firefox bug. The exploit could easily have had an if (linux) conditional in it which downloaded and ran an equivalent trojan for Linux.
So the fact that most Firefox exploits are "Windows only" is true only because it's easier to write a good trojan in C++/Win32 than XPCOM based JavaScript. If somebody decided to write malware that didn't rely on Windows only code (perfectly possible) then it'd work on all platforms Firefox supports. Hence Firefox has had security problems.
All your arguments could have been said about Firefox as well, but they still wouldn't have held true. Go look up InputManager injectors and Leap-A. And it's not anywhere near 15% market share yet.
It's not so hard to write a Firefox hack that works on all platforms. But most hackers are interested in installing malware onto your system, and that tends to be written for Windows. But you've done a good job of missing my point - market share is what matters. I can guarantee you that if MacOS had 15% market share there'd be people out there attacking it, and succeeding. Deal with it.
There aren't any. However, most US broadcasters seem happy to use IP geocoding restrictions as their form of DRM. For instance ABC does this. IP geocoding is not hard to circumvent for people who know what they are doing and have access to a proxy inside the restricted area, but most people don't have that. It's about as decent a form of protection as relying on the nature of radio waves is, so they might as well use it.
Not if it's encrypted. To read Slashdot you might believe that no DRM scheme lasts for more than five minutes, however, both the Microsoft and Apple DRM schemes are only broken occasionally and when they are broken, they are repaired extremely quickly. The last crack I heard of for Windows Media DRM was in February of last year, and it required you to own a license to the content to decrypt it. It also wasn't an algorithmic hack, it relied on a weakness in the way the key was stored in memory by the decryption engine. So you wouldn't be able to use it on Linux anytime soon.
Are you kidding me? Try switching your phones Bluetooth on and walking around a city for a few days. You'll almost certainly be asked to receive a .sis file - this is a Symbian virus. The most common exploit in Symbian is actually not a buffer overflow from what I understand but a GUI modality exploit .... when receiving a SIS file you can't do anything else except say yes or no, and if you say no the sender is notified and can immediately ask again. So these viruses simply dos the GUI until you accept, at which point, your phone is infected. ActiveX had a similar problem but Microsoft fixed it with XP SP2
Smart people would care.
The problem with your line of reasoning is that it is self defeating. Let's say I go around telling everybody that Macs are more secure than Windows PCs. This isn't true if you take security in the objective sense - Mac OS X is of the same design era as Windows and Linux, and has lots of vulnerabilities. What's more, Apple don't seem to have any equivalent to the Secure Development Lifecycle judging by the latest release of Safari.
But OK. Let's say that in practice it's true, because statistically they are attacked less often. Now what? Well, I guess a bunch of people will listen to me, and say "gosh, I should buy a Mac, all these IT guys tell me it's more secure than a Windows PC". So Apples marketshare goes up. The case of Firefox seems to show that around 10-12% market share is when you get interesting to attackers. Apple are some way off that mark yet, but if lots of people by Macs thinking they are safe from attackers, one day that will no longer be true. When it stops being true, it won't be their fault, it won't be that the hardware they bought changed - it'll be because they were fed fallacious reasoning by people they trusted.
I used to believe Firefox was more secure than Internet Explorer. Judging by the number of vulnerabilities it's had, I think this is hard to argue these days. I promote Firefox for other reasons, and you can promote Apple for other reasons, but please - don't mislead people by telling them obscurity is security.
Why? I like features! But OK, here are your answers. Yes it gets decent reception and range, at least, I've never had any problems with that when my friends didn't. Can it survive being dropped/mishandled/weather etc. Well I took my W800i through the Mexican jungle, have dropped it more times than I care to think and I've had it for about two years now yet it all still works. The only part I've had to replace is the external mini-jack adapter which doesn't seem to be too robust ... if you let the cable catch on things eventually the wires inside will work loose and you'll have to buy another. The phone itself is pretty robust though.
It's worth repeating this point. The OS is not only fast and easy to use, it also looks gorgeous. Sony took the lessons from OS X to heart very quickly and have made all their phones beautiful with the sorts of slick animation and semi-transparency you'd expect from an Apple product.
The iPhone looks interesting and I'd like to play with one, but I pretty much already decided that my next phone would be the next generation of SE Walkman phones, as they have all the features of the iPhone and more as far as I can tell (for instance the TrackID feature which identifies what music is playing in the background).
It also has amazing battery life, is lightweight, stable and features like BlueTooth and Java actually work. In fact if you use them, Java apps/games run very fast on these phones as they use the AMD Jazelle hardware support for JVM opcodes.
You wouldn't do it over and over again because at some point the top 1% won't be using significantly more bandwidth than the next 1%. You want to chop off the spike at the end of the graph, eliminating the top 2% doesn't mean eliminating the next 2% frees up as much bandwidth, obviously.
Er, no. The fucking kiddies who decided to encrypt P2P traffic so they could get free tunes have unsurprisingly managed to degrade encrypted traffic for everyone, the LAST thing we want is for them to do the same for web traffic as well.
Now I'm not going to pretend companies like Rogers or Time Warner are misty eyed innocents in all of this, but I also don't believe they have sysadmins there cackling and rubbing their hands with evil glee at the prospect of throttling all encrypted traffic. A far simpler explanation is that it's the only way to avoid their network being overloaded by P2P traffic. If you must sit on torrents 24/7 then pony up the cash for a T3 to your house, don't start dicking around with the fundamentals of TCP/IP - the majority of people who aren't like you won't appreciate it.
Your complaint boils down to "some people make bad packages", which occurs on Linux as well, and is just the nature of software to be imperfect. I cannot count the number of bugs or non-working setups I've tracked down to bad packages, and even better, in the Linux world fixing such a bug once doesn't make it go away - it'll be repeated in 3 months time by a different distribution.
That would be nice, yes.
You need a certain critical mass of market share before people find it profitable to target a new platform. For Firefox the "break point" was around 12% market share. Apple is nowhere near approaching that level of market penetration worldwide, so I doubt there'll be any serious Mac virus outbreaks for some time unless their market share starts growing rapidly.
Still, there's no point in Mac users denying things - the platform is not secure nor better engineered than Windows is. And it never was. The collective denial over the Macs security problems have been around for a long time, and eventually the day will come when somebody finds a bot sucking bank account details out of Safari on their machine. It's only a matter of time.
By "the crime" you are referring to not a normal type of crime, you are referring to people who are about to kill themselves to make a political statement. Cameras clearly aren't going to bother these people at all, so why pretend they make or break the system?
The type of crime cameras are good at discouraging (obviously prevention isn't a realistic goal) are things like, if somebody insults me on the tube, and I had a bad day and am tempted to sock 'em one, or if I see somebody put down their briefcase and am tempted to grab it and run. These sorts of crimes are at very low levels historically, which makes sense - unless you have some way to hide your face, you run the risk of being identified by cameras. That's not really true if this is your first offence because it's hard to identify a random citizen from a grainy camera shot, but it's very much true if you've already committed crimes and are known to the police, so they know to look out for you. And of course if it's your first crime, but it's horrible enough, like kidnapping children or killing somebody, then your face will be put in papers and now moving around the country is much harder.
Chavs doing exactly that is the reason we have the cameras in the first place ;)
This is all based on a basic idea, which is that you have privacy when you are walking around in the street. I don't know where that idea comes from, maybe because the US is less densely populated in parts, but the idea of walking around an urban area without being seen by (gasp) live people is just ridiculous in England. Maybe if you're in the outskirts at 3am, you might avoid walking past somebody for 20 minutes or so, tops.
If I go out onto the street and walk around naked, well, that'd be a violation of the law and only an idiot would try and turn it into a privacy issue. By definition, if you aren't inside your house with the curtains drawn, people you don't know can probably see you. To pretend otherwise is fallacious.
One other thing I don't get. For some reason, bobbies on the beat don't cause privacy issues, but when technology is used, that magically makes it a privacy invasion.
I don't have any strong opinion on the police issue one way or another, but your argument makes no sense. For all you know the use of advanced technology stopped 10 bombings just like it. Remember they only have to win once, law enforcement has to win every time.
Said like somebody who doesn't get paid to make content.
It's not your bet to make though. And actually, I saw a guy from a games studio (was it Ubisoft? I forget) work through exactly those formulas for a new video game they were producing. He produced all the figures. And in fact, they had figures on piracy levels for a previous generation of the game, and copy protection technology was a pretty good deal. That's why they were going to use it and why even though he was your regular game-coding, slashdot-reading drm-hating geek he wasn't going to bother arguing with management about it .... because they were basically right.
Now, when you just spent a few tens of millions of dollars making a movie, you're perfectly welcome to run the numbers and come to your own conclusions, but I suspect that not every movie studio is staffed entirely by financial idiots, so there's probably something to it.
It's kind of the whole point of universal search that you don't need to pick which web property you're on. It's all available from the same universal search box - the one on google.com. That said, what you reported sounds like a bug/feature regression.
I'm not sure why I'm arguing about this with you. You don't seem to read what I write. I'm also starting to think, WTF?
If you think it's actually that simple for software of any interesting complexity, I can only guess you've never done it before. Either that or you don't care about any kind of integration with anything. I spent 4 years distributing various programs on Linux and dealing with the problems it caused. Have you?
What binary compatibility? There are no guarantees on this, for any distro. Which is why I said, you can try, but it'll probably break somewhere in exotic ways.
Actually, yes. Look up relaytool - it's a lot of work though.
Only if there are no dependencies. Otherwise dpkg will make you resolve them yourself. Seriously, how can you not know this?
Yes, it is now (although usually not the latest version, actually). My reading of the article/summary - which hopefully is wrong - is that this won't be the case in future, because of how Mark S wants to 'position' Ubuntu. Let's say I'm right. What then?
Yeah. I really hope that's what was asked. I'm hoping I was too quick off the mark and the eWeek/slashdot article was very misleading. Shuttleworth is a practical guy so it's kind of hard to imagine this coming from him.
Nonetheless, I've seen software be left out in the cold before when it comes to this repositories system. That's why I'm paranoid about this. It's only a matter of time before it actually does happen, even if this article is wrong. You give people the power to choose what others can [easily] do with their hardware, and inevitably, they will choose. It's happened before, it'll happen again. Changing the system is the only way to avoid it.