The story was one guy willing to say anything just to get more people looking at a site. There are loads of people like that but somehow this one got noticed.
At least it makes a change from the pro-Microsoft tripe that appears in so many comments on Slashdot.
Actually, Mac users are generally about as stupid as Windows users. Linux users are only better because that OS is so damn fucking hard to use, you HAVE to be computer savvy just to get the shit to work (not that you can actually do anything useful with it as a desktop OS once its running though).
That's just so false it hurts. Ubuntu is easier, safer, and faster than any version of windows. It comes with all the software you would ever want and you don't even have to pay for it.
Bob would be an idiot on linux as well but there are still security benefits to a better designed OS.
The point is that Bob is an idiot, and should be more damn careful with his shit. If people would use some common sense, botnets wouldn't survive very well.
The obvious fact is that botnets do survive.
Bob may be an idiot, but there are many like him in very responsible positions.
Yes I agree there is a technical reason. The reason is that windows drivers are broken. The technical answer is to fix the drivers.
For the most part Microsoft knows who these driver writers are. They should be contacting them and working something out instead of pretending that it's an impossible task. They have had many years to fix this but choose to tell their customers it's impossible and they have to upgrade to 64bit.
8 Gig of ram and a motherboard that supports it is now within the budget of most employed people. Maybe some of those people have to use 32 bit windows. If windows can't support core system hardware like memory there really isn't much hope for it.
There are many, many few third-party, binary-only drivers for 32-bit Linux, and I'd be willing to bet that a number of them don't work properly on PAE systems.
It's not that you can't have 32-bit PAE systems with more than 4 GB of memory, it's that precompiled third-party Windows drivers crash on such systems.
For that matter, a process can only use 2 or 3 GB of memory, since the kernel shares address space with the process. And the system as a whole can't have a full 4 GB of memory -- it's restricted to 4 GB of address space, some of which is consumed by device memory.
Note that some versions of Windows 2000, Windows Server 2003, and Windows Server 2008 lift this fake limit, allowing you to use more than 4 GB physical memory on 32-bit systems (with PAE).
This is all covered in Windows System Internals. You can also read a bit about the driver issues here.
The system as a whole can't have more than 4GB of memory with PAE? What do you think PAE is for then? It's obvious that pointers are still 32 bit, you don't have to restate it.
The 32 bit/4 Gig system ram limit was fixed in hardware and in serious OS's a long time ago. Windows isn't keeping up with the basics.
However, PAE drivers have to use 64-bit physical addresses, or they won't work properly. In testing, Microsoft found that too many drivers crashed on PAE systems with more than 4 GB of memory, so they limited usable physical address space to 4 GB on PAE systems.
Drivers on 32 bit Linux with 8 gig of ram work fine.
People are either being unbelievably stupid, have only 1 gig of RAM installed, or this is FUD.
Just because you didn't hit a bug isn't proof that it doesn't exist. It's likely that something as big as windows 7 has various bugs that only show up under certain conditions.
I agree 100% with this article, I have 4 GB of Ram in my notebook and when I'm in WIndows 7 my memory consumption is somewhere around 3.5 GB, compared to Linux 2.6.32-r6 (Gentoo) which sits around the 512 MB mark. He's my question, what on earth does Windows need that much memory for? The OS should be taking up the least amount of memory possible to allow a user to run application that actually need the memory.
No. The OS should cache disk will all free memory because memory is fast and disk is slow.
You're right that not every vulnerability is equally serious. However, the reasoning "If it had serious flaws they would have come out by now." is incorrect. A serious flaw might be present, but it might expose itself only in very specific circumstances...
Of course. But it's safe to assume that it's less likely than finding another serious flaw in something which has a long history of serious flaws.
Want to take a bet? I bet you the next 'remote execution of arbitrary code' won't happen in OpenBSD.
Plan9 is in the Unix family, one secuirty alert in 15 years
I never mentioned it because I have no experience with it. But again it's proof that the argument isn't open source V closed source - It's people that do a good job V people that do a bad job.
Linux, BSD, Plan9, and so on believe in doing a good job. Microsoft believe in promising to fit it at the next upgrade.
OpenBSD has been exposed much less than, let's say, Linux. Shouldn't you use a metric like: n_vulnerabilities_detected / n_instance_hours_of_exposure?
I'd rather not. The number of vulnerabilities found per unit of time decreases after long exposures. Apart from that not all vulnerabilities are equal, you need some kind of points system for them.
OpenBSD is used all over the place though, it's had loads of exposure to the internet running all kinds of things. If it had serious flaws they would have come out by now.
Regardless of how you may feel about taxes, it really isn't at issue. Here we have a company breaking the law, and using its influence to avoid the consequences, and to seek special treatment under the law.
More importantly they are getting away with it and we are not. Why? Because they are rich enough to have influence but we are not so I'm paying around 35%.
That's the way taxes always work. Find someone who can't fight back and steal as much as you can.
Excuse me, but how do you know that OpenBSD has the most secure kernel in the UNIX family?
It's been proved over many years of exposure to the internet. The kernel level exploits that work on most other systems both open and closed source have never worked on the OpenBSD kernel.
OpenBSD has a strong history and strong people behind it.
Open source gets more eyes on source cheaply, but it's not magic that makes everything better.
It is also easier to report open source bugs. I have never reported a bug in a proprietary app, but I have reported lots of Linux bugs (mostly distro level, or fixable at distro level) because I can follow what it happening, and I know what the (usually good) reaction to my individual report is.
Report a closed source bug and you get fobbed off by first line support who know less than you. You have little change of ever talking to someone who understands the problem.
Report a open source bug and you get told why you are wrong, or why they can't be bothered to fix it, or how unreasonable you are for demanding they fix your problems. But if you provide a patch you have a chance of being taken seriously.
Slashdot Mirror
The story was one guy willing to say anything just to get more people looking at a site. There are loads of people like that but somehow this one got noticed.
At least it makes a change from the pro-Microsoft tripe that appears in so many comments on Slashdot.
For once this story isn't about windows. It's about some guy who flat out lied to get a few more page impressions.
Journalists report shock not stories. They have always been willing to bend the truth to get more readers.
The wise man will always judge for himself.
The first property crime happened the day property was invented.
So what you're saying is, the solution to theft is communism?
The solution to theft is to remove the incentive to steal. If the people writing cracking tools are not making money out of it they will soon stop.
Getting vendors to fix their screwups will be a nice side effect.
Actually, Mac users are generally about as stupid as Windows users. Linux users are only better because that OS is so damn fucking hard to use, you HAVE to be computer savvy just to get the shit to work (not that you can actually do anything useful with it as a desktop OS once its running though).
That's just so false it hurts. Ubuntu is easier, safer, and faster than any version of windows. It comes with all the software you would ever want and you don't even have to pay for it.
Bob would be an idiot on linux as well but there are still security benefits to a better designed OS.
Bob isn't an idiot, he's a typical windows user.
So he is an idiot then.
The point is that Bob is an idiot, and should be more damn careful with his shit. If people would use some common sense, botnets wouldn't survive very well.
The obvious fact is that botnets do survive.
Bob may be an idiot, but there are many like him in very responsible positions.
Yes I agree there is a technical reason. The reason is that windows drivers are broken. The technical answer is to fix the drivers.
For the most part Microsoft knows who these driver writers are. They should be contacting them and working something out instead of pretending that it's an impossible task. They have had many years to fix this but choose to tell their customers it's impossible and they have to upgrade to 64bit.
8 Gig of ram and a motherboard that supports it is now within the budget of most employed people. Maybe some of those people have to use 32 bit windows. If windows can't support core system hardware like memory there really isn't much hope for it.
Linux has a very different driver ecosystem to windows.
Linux drivers work on 32 bit PAE, windows drivers don't.
32bit windows is a joke.
There are many, many few third-party, binary-only drivers for 32-bit Linux, and I'd be willing to bet that a number of them don't work properly on PAE systems.
It's not that you can't have 32-bit PAE systems with more than 4 GB of memory, it's that precompiled third-party Windows drivers crash on such systems.
For that matter, a process can only use 2 or 3 GB of memory, since the kernel shares address space with the process. And the system as a whole can't have a full 4 GB of memory -- it's restricted to 4 GB of address space, some of which is consumed by device memory.
Note that some versions of Windows 2000, Windows Server 2003, and Windows Server 2008 lift this fake limit, allowing you to use more than 4 GB physical memory on 32-bit systems (with PAE).
This is all covered in Windows System Internals. You can also read a bit about the driver issues here.
The system as a whole can't have more than 4GB of memory with PAE? What do you think PAE is for then? It's obvious that pointers are still 32 bit, you don't have to restate it.
The 32 bit/4 Gig system ram limit was fixed in hardware and in serious OS's a long time ago. Windows isn't keeping up with the basics.
However, PAE drivers have to use 64-bit physical addresses, or they won't work properly. In testing, Microsoft found that too many drivers crashed on PAE systems with more than 4 GB of memory, so they limited usable physical address space to 4 GB on PAE systems.
Drivers on 32 bit Linux with 8 gig of ram work fine.
I didn't believe it at first but it turns out you are totally right. Even my home ubuntu system has 8 gig of ram.
It turns out that every time I think 'even Microsoft can't be that bad.' I get proved wrong.
People are either being unbelievably stupid, have only 1 gig of RAM installed, or this is FUD.
Just because you didn't hit a bug isn't proof that it doesn't exist. It's likely that something as big as windows 7 has various bugs that only show up under certain conditions.
I agree 100% with this article, I have 4 GB of Ram in my notebook and when I'm in WIndows 7 my memory consumption is somewhere around 3.5 GB, compared to Linux 2.6.32-r6 (Gentoo) which sits around the 512 MB mark. He's my question, what on earth does Windows need that much memory for? The OS should be taking up the least amount of memory possible to allow a user to run application that actually need the memory.
No. The OS should cache disk will all free memory because memory is fast and disk is slow.
The 32 bit memory cap is per process, not per system. PAE has been on all 32bit intel and amd processors for a very long time.
Whatever happened to 'news for nerds, stuff that matters'?
Come on slashdot! Cut out the windows stories and give us something interesting.
Actually, yes, I want to take a bet for let's say 100 USD (or EUR if you prefer). Is the amount OK with you? How should we set this up?
You are crazy.
If you have money to give away give it to Haiti, or another charity of your choice.
You appear to be mentally ill. Given this it's unlikely you have 100USD to give away.
But I'll donate 100USD to the OpenBSD project after payday just for you.
Actually, yes, I want to take a bet for let's say 100 USD (or EUR if you prefer). Is the amount OK with you? How should we set this up?
You are crazy.
If you have money to give away give it to Haiti, or another charity of your choice.
You're right that not every vulnerability is equally serious. However, the reasoning "If it had serious flaws they would have come out by now." is incorrect. A serious flaw might be present, but it might expose itself only in very specific circumstances...
Of course. But it's safe to assume that it's less likely than finding another serious flaw in something which has a long history of serious flaws.
Want to take a bet? I bet you the next 'remote execution of arbitrary code' won't happen in OpenBSD.
Plan9 is in the Unix family, one secuirty alert in 15 years
I never mentioned it because I have no experience with it. But again it's proof that the argument isn't open source V closed source - It's people that do a good job V people that do a bad job.
Linux, BSD, Plan9, and so on believe in doing a good job.
Microsoft believe in promising to fit it at the next upgrade.
OpenBSD has been exposed much less than, let's say, Linux. Shouldn't you use a metric like: n_vulnerabilities_detected / n_instance_hours_of_exposure?
I'd rather not. The number of vulnerabilities found per unit of time decreases after long exposures. Apart from that not all vulnerabilities are equal, you need some kind of points system for them.
OpenBSD is used all over the place though, it's had loads of exposure to the internet running all kinds of things. If it had serious flaws they would have come out by now.
Regardless of how you may feel about taxes, it really isn't at issue. Here we have a company breaking the law, and using its influence to avoid the consequences, and to seek special treatment under the law.
More importantly they are getting away with it and we are not. Why? Because they are rich enough to have influence but we are not so I'm paying around 35%.
That's the way taxes always work. Find someone who can't fight back and steal as much as you can.
Excuse me, but how do you know that OpenBSD has the most secure kernel in the UNIX family?
It's been proved over many years of exposure to the internet. The kernel level exploits that work on most other systems both open and closed source have never worked on the OpenBSD kernel.
OpenBSD has a strong history and strong people behind it.
Open source gets more eyes on source cheaply, but it's not magic that makes everything better.
It is also easier to report open source bugs. I have never reported a bug in a proprietary app, but I have reported lots of Linux bugs (mostly distro level, or fixable at distro level) because I can follow what it happening, and I know what the (usually good) reaction to my individual report is.
Report a closed source bug and you get fobbed off by first line support who know less than you. You have little change of ever talking to someone who understands the problem.
Report a open source bug and you get told why you are wrong, or why they can't be bothered to fix it, or how unreasonable you are for demanding they fix your problems. But if you provide a patch you have a chance of being taken seriously.
It's not exactly easy either way around.
BTW, is there any secure kernel out there?
OpenBSD is the best you will get in the unix world. Developed mostly by people doing it as a hobby with some company support.
Wang unix was also highly thought of but wasn't used too much. That was developed by a company with little outside help.
VMS is also secure, again developed by one company with little outside help.
My point - Anti-Microsoft isn't always anti-closed source. Sometime it's anti low quality.