Nope. Remember that selling at a loss means they lose money on every sale. Sure they raked in $60k but it cost them more than that to manufacture and distribute each system. It would be better for Microsoft in that case to not sell at all.
Man, first Mac users, then I hear that Microsoft deploys newer technology too! Zowie!
Keeps Pace with New Technology
The open-source nature of Linux means that the company lacks a centralized strategy for keeping pace with emerging technologies and hardware. And that means Linux is typically much slower than Microsoft and Microsoft partners to consistently deliver the tools needed to stay current with new hardware requirements and new technologies.
I wondered in high school whether bullshitting could be a full time job. Perhaps I should work for Microsoft. Oh, just for fun type Unix or linux into Microsofts search engine to see what it comes up with.
The act of swaning randomn processes would probably be flagged down as suspicious since real non-malicious users don't randomly use commands.
There are patterns to what is normal and what is malicious in the same way that normal mail has different patterens than spam. Statistical evalution should yield high success rates.
After all, probing port looks different than fixing network problems, package manangement/installation looks different than maliciously deleting files, trying to find memory leaks looks different than trying to access another process's memory space. They all us similar commands/system resources, but it should be possibile by look at a few tens of instructions whether a user is try to be malicious or not.
These may not be the best examples but the general idea is that it should be possible to determine user's intent because the probability of a sequence of commands having both a normal and malicous role, should go quite down the more instructions the user executes.
Even false positives should be useful to admins by telling about inadvertant, i.e. acidentally typing rm -rf *,users as well.
IP patents lead to all sorts of problems. How different is different enough not to be sued? If I independently develop a similar, say, algorithm why shouldn't I be allowed to use it?
If I discover an optimal algorithm but then another makes the same discovery and patents it, how is this fair?
How can you tell the difference between an invention and a discovery? What if I use a different means to achieve the same specific end?
Sometimes when I think about pantent law, I say to myself, "Me, why does head feel like it being applied to sufficiently large cheese grater and vigorously shaken?" To which I answer, "You mindless grammar fiend! More brain washing for you!" and silenty look at the pretty blue colors at microsoft.com
I won't bash you like some of the other replies to your post, nor will I give you hope that you can advance past a limited set of jobs in the IT industry.
College (esp for computer engineering and CS) fundamentally teaches you:
1. How to solve problems
2. A toolset (ie math, algorithms) to go about solving those problems
True, you may not ever use calculus, but as a computer scientist you will use matrix theory because it is the best way to solve some problems.
This is not only for scientific/research either. If you try to write anything performance related, you'll have to use higher math. Computer science ain't easy.
Let me stress again that college teaches you about your subject matter and how to solve problems for it. You can come up with this stuff by yourself, in my experience only a tiny percent working without a college degree will ever accrue enough to offset what they missed in college.
It's nice to know that we have an overproduction/disposal problem with cell phones, but aren't the pounds and pounds of lead in monitors and cases much more of a hazard?
That's what grey is. It's white with some black. Or black with some white. By the same logic, if you are grey you are white, because of you're intentions. Grey do things blacks would never do, like doing the Right Thing (tm). Greys also do things whites would not do, i.e. disclosing information.
"Unless you are specifically asked by a company owner or software maker to exploit security holes, you shouldn't be doing it. "
I totally disagree. Then the only unauthorized people that find holes will use it against you. What happens if you are a company that can't afford to hire White Hats? What happens when you are a mega corporation and don't want your shoddy security reputation shot any further? You can't make security updates without saying that you made a mistake in the first place.
For every grey hat that discloses information there is probably at least one black hat that also finds it. If you are smart enough to find a hole, then somebody else is too.
If my company hires me to do network security and I happen to find a gapping hole in the 3rd party firewall software, you'd better bet that I'd tell my company. I'd also tell my collegues that consult for other companies. The best way to diseminate information is to make it public. I am more loyal to the company that pays me than I am to Microsoft.
How can you prevent black hat break ins? Find the holes first. Notify the software maker. Patch the holes if you can. If the software maker chooses to not budget the fix until next year, I'll go public. I'm also more loyal to security professionals whose jobs rely on software than to Microsoft et al. whose profits depend on software.
Why is the inventor of basic packet switching an expert witness against P2P Networks? Maybe he'll claim every P2P that has uses packet switching is his IP. Hell, go after the whole internet, he "invented" it didn't he?
He has a much stronger claim than Al Gore though:)
Just curious... what software product sounds like Mozilla? If your just refering to Godzilla, what's wrong with that (other than the current lawsuit)? Anyway, it would have made more sense to include Lindows in your list:)
What about proposed project documents, project presentations, planning documents, requirements documents, design documents, user manual, developers manual, maintainers manual, test plan documents, implementation reports, bug reports, bug fix reports, new features documents, retirement documents...
Sure other people can write some of these, and some might not be needed for small projects, but it is always better to have the person who wrote the code write all of the paperwork.
I've seen estimate that only 30% of your work should actually be spend coding. The rest documentation, testing, etc..
It's nice to know that the MS booth was not targeted for any pranks (AFAIK). This really gives a lot of credibility to Linux and the open source (and especially Slashdot) communities, by showing that we can play nicely even if we do refer to MS as the evil empire.
Evidently they got spent a lot of time thinking about who should represent them because the OSNews lady was quite impressed:
"Most interesting person: The main Microsoft guy. Wasn't that guy sharp or what?"
This is the best example I've seen to date about Microsoft taking *nix seriously
The potential is there for the Microsoft vendor to drastically undercut for services, to make up for the price of OS/Office licensing.
Great. Even thought I am a OSS/Linux proponent, I am a bigger proponent of paying less taxes. If Microsoft can undercut, I see no problem with that.
But even Microsoft (very quietly) admits that it can't beat Linux price wise. Now it's taking the stance that its products have more "value", and thus it is resonable to pay more for their product.
Furthermore, for Microsoft to undercut, say, RedHat , its service/support fees would have to be practically nill to offset the software fess
While I agree that open source shouldn't be shoved down anybody's throat, I wouldn't oppose legislation requiring the best price/performance ratio for software usage. It's required for the military (ie product competition) why not software?
If Microsoft can undercut Linux, then by all means, use it. But since it never will, I don't want my tax dollars wasted on a brand name, especially since you have a cheaper alternative with at least as much functionality.
Especially mathematical modelling of physical phenomena (ie. nuclear power plants
I can confirm this. I work for a very large nuclear services company and all of our base codes are still in FORTRAN. We use Java, C++, Perl, Xml nowadays, but only to encapsulate the numeric nuclear physics simulators that are written in FORTRAN.
AFAIK We don't have any plans to change and esp. not to C/C++ because of its lack of a primitive imaginary type.
This government has bowed to corporate interests at every turn.
I'd have to agree with you there. But whichever side this case goes to, the government is still bowing to corporate interests. Let's try and remember why this whole thing started.
Consumer's rights? No. But when you have Sun, IBM, Netscape (now part of that tiny upstart AOL) lobbying around Washington, then the Justice Department takes notice. This is less a battle of consumers against a corporation then a battle of Corportions against a corporation.
>The lead developer who is accepting patches >would notice code that has potential security risks.
How do you know that? What happens if a hacker enables an exploitation of a previously unknown security risk? If you don't know what to look for how can you prevent it? At least with micro$oft, you can be reasonably more sure that their code is not meant to hurt you.
I think the government should use oss. But my point is that the government should never use open source software unmodified. They should also not release their modified version. The necessity of a government auditing agency is exactly the point I am making. Also, does the infrastructure needed to verify oss offset its affordability?
Let me reiterate/clarify. I'm talking about the possibility of deliberately writing code that contains a vulnerability. How can you make sure that a code has no vulnerabilities?
This is, of course, also the case with proprietary software. With proprietary software you have a closed development team that you can more easily identify and hold accountable. Who is accountable for an anonymously written module? The head developers?
You could have a whole army of terrorists developing new exploitations that have never been seen in the wild that are also adaquately disquised.
The only way around this that I see is to have the government write its own security standard to which open source software can conform and then to write a closed source security solution.
Well this if only if the malicous hacker made his back door easly readible. If the reader didn't know about a certain type of vulerability i.e. buffer overflow. A malicous hacker can exploit his own program in ways that haven't been done before.
Even the closest examination of the source code can miss things. How can you make sure that this wasn't done?
I know that open source software has a good security track record, but if governments start to run open source software to support their infrastructure doesn't it open a whole new can of worms?
Is open source robust enough to resist tampering by whole countries? Wouldn't you have to run security checks on the lead developers? Imagine all of the back doors you could put in if you really tried. I guess this isn't much of a concern now because there isn't a strong movement for it.
Wouldn't you have to have at some point a closed government modified/verified branch?
# cd / # mkdir life; cd life #./getLaid bash: command not found #./takeBath -time=now -soap=true #./getGirlFriend bash: command not found # cd/pub #./beer bash: Ahh #./findWomen proximity=10m Age Looks(1-10) Description 46 5 SugarMomma 23 7 Nice, but baggage central 35 2 Looks like uncle buck 28 3 Smells like hotdogs #./beer #./beer #./flirt search returned no hits #./beer #./beer #./beer #./findWomen -proximty=10m Age Looks(1-10) Description 46 8 Wow! 23 10 Hot! 35 8 Damn! 28 10 WooHa! #./buyBeer forWoman=4 #./getNumber fromWoman=4 bash: core dump #./getGirlFriend fromWoman=3 bash: are you sure? (y/n) y warning: process beer is making system unstable proceed? (y/n) y bash: Success! # cd/life #./getLaid bash: Success! #./sleep -until=morning
Ultraedit won me over last summer. Also, one of the only shareware programs I ever purchased (another one I bought, for those the want Windows multi-desktop check out Altdesk)
Anyway, it's also tremendously useful if you frequently modify text files over ftp. You can open, work, save all through FTP. I have never encountered anything better.
My favorite quote from the Nytimes article is:
"Many customers have yet to accept Microsoft's contention that computer software should be subscribed to as a Web-based service rather than purchased as a product they own and use, as most is today".
At least they are not beating around the bush about restricting consumer's rights.
Slashdot Mirror
Nope. Remember that selling at a loss means they lose money on every sale. Sure they raked in $60k but it cost them more than that to manufacture and distribute each system. It would be better for Microsoft in that case to not sell at all.
Man, first Mac users, then I hear that Microsoft deploys newer technology too! Zowie!
Keeps Pace with New Technology
The open-source nature of Linux means that the company lacks a centralized strategy for keeping pace with emerging technologies and hardware. And that means Linux is typically much slower than Microsoft and Microsoft partners to consistently deliver the tools needed to stay current with new hardware requirements and new technologies.
I wondered in high school whether bullshitting could be a full time job. Perhaps I should work for Microsoft. Oh, just for fun type Unix or linux into Microsofts search engine to see what it comes up with.
The act of swaning randomn processes would probably be flagged down as suspicious since real non-malicious users don't randomly use commands.
There are patterns to what is normal and what is malicious in the same way that normal mail has different patterens than spam. Statistical evalution should yield high success rates.
I posted a similar comment eariler.
My guess is that it wiil take a statistical look at commands a la Bayesian Spam Plan
After all, probing port looks different than fixing network problems, package manangement/installation looks different than maliciously deleting files, trying to find memory leaks looks different than trying to access another process's memory space. They all us similar commands/system resources, but it should be possibile by look at a few tens of instructions whether a user is try to be malicious or not.
These may not be the best examples but the general idea is that it should be possible to determine user's intent because the probability of a sequence of commands having both a normal and malicous role, should go quite down the more instructions the user executes.
Even false positives should be useful to admins by telling about inadvertant, i.e. acidentally typing rm -rf *,users as well.
IP patents lead to all sorts of problems. How different is different enough not to be sued? If I independently develop a similar, say, algorithm why shouldn't I be allowed to use it?
If I discover an optimal algorithm but then another makes the same discovery and patents it, how is this fair?
How can you tell the difference between an invention and a discovery? What if I use a different means to achieve the same specific end?
Sometimes when I think about pantent law, I say to myself, "Me, why does head feel like it being applied to sufficiently large cheese grater and vigorously shaken?" To which I answer, "You mindless grammar fiend! More brain washing for you!" and silenty look at the pretty blue colors at microsoft.com
I won't bash you like some of the other replies to your post, nor will I give you hope that you can advance past a limited set of jobs in the IT industry.
College (esp for computer engineering and CS) fundamentally teaches you:
1. How to solve problems
2. A toolset (ie math, algorithms) to go about solving those problems
True, you may not ever use calculus, but as a computer scientist you will use matrix theory because it is the best way to solve some problems.
This is not only for scientific/research either. If you try to write anything performance related, you'll have to use higher math. Computer science ain't easy.
Let me stress again that college teaches you about your subject matter and how to solve problems for it. You can come up with this stuff by yourself, in my experience only a tiny percent working without a college degree will ever accrue enough to offset what they missed in college.
Specs from article
Memory: 245216K total, 128880K free, (add type, clock here..)
Chipset: (add ID string here)
Male memory:
Memory: 245216K total, 128880K free, forgets birthdays, knows all Major legue baseball starting pitchers from '79-80
Female memory:
Memory: 245216K total, 128880K free, if-you-don't -know-i'm-not-telling-you
It's nice to know that we have an overproduction/disposal problem with cell phones, but aren't the pounds and pounds of lead in monitors and cases much more of a hazard?
That's what grey is. It's white with some black. Or black with some white. By the same logic, if you are grey you are white, because of you're intentions. Grey do things blacks would never do, like doing the Right Thing (tm). Greys also do things whites would not do, i.e. disclosing information.
"Unless you are specifically asked by a company owner or software maker to exploit security holes, you shouldn't be doing it. "
I totally disagree. Then the only unauthorized people that find holes will use it against you. What happens if you are a company that can't afford to hire White Hats? What happens when you are a mega corporation and don't want your shoddy security reputation shot any further? You can't make security updates without saying that you made a mistake in the first place.
For every grey hat that discloses information there is probably at least one black hat that also finds it. If you are smart enough to find a hole, then somebody else is too.
If my company hires me to do network security and I happen to find a gapping hole in the 3rd party firewall software, you'd better bet that I'd tell my company. I'd also tell my collegues that consult for other companies. The best way to diseminate information is to make it public. I am more loyal to the company that pays me than I am to Microsoft.
How can you prevent black hat break ins? Find the holes first. Notify the software maker. Patch the holes if you can. If the software maker chooses to not budget the fix until next year, I'll go public. I'm also more loyal to security professionals whose jobs rely on software than to Microsoft et al. whose profits depend on software.
Why is the inventor of basic packet switching an expert witness against P2P Networks? Maybe he'll claim every P2P that has uses packet switching is his IP. Hell, go after the whole internet, he "invented" it didn't he?
:)
He has a much stronger claim than Al Gore though
Just curious... what software product sounds like Mozilla? If your just refering to Godzilla, what's wrong with that (other than the current lawsuit)? Anyway, it would have made more sense to include Lindows in your list :)
What about proposed project documents, project presentations, planning documents, requirements documents, design documents, user manual, developers manual, maintainers manual, test plan documents, implementation reports, bug reports, bug fix reports, new features documents, retirement documents...
Sure other people can write some of these, and some might not be needed for small projects, but it is always better to have the person who wrote the code write all of the paperwork.
I've seen estimate that only 30% of your work should actually be spend coding. The rest documentation, testing, etc..
It's nice to know that the MS booth was not targeted for any pranks (AFAIK). This really gives a lot of credibility to Linux and the open source (and especially Slashdot) communities, by showing that we can play nicely even if we do refer to MS as the evil empire.
Evidently they got spent a lot of time thinking about who should represent them because the OSNews lady was quite impressed:
"Most interesting person: The main Microsoft guy. Wasn't that guy sharp or what?"
This is the best example I've seen to date about Microsoft taking *nix seriously
The potential is there for the Microsoft vendor to drastically undercut for services, to make up for the price of OS/Office licensing.
Great. Even thought I am a OSS/Linux proponent, I am a bigger proponent of paying less taxes. If Microsoft can undercut, I see no problem with that.
But even Microsoft (very quietly) admits that it can't beat Linux price wise. Now it's taking the stance that its products have more "value", and thus it is resonable to pay more for their product.
Furthermore, for Microsoft to undercut, say, RedHat , its service/support fees would have to be practically nill to offset the software fess
While I agree that open source shouldn't be shoved down anybody's throat, I wouldn't oppose legislation requiring the best price/performance ratio for software usage. It's required for the military (ie product competition) why not software?
If Microsoft can undercut Linux, then by all means, use it. But since it never will, I don't want my tax dollars wasted on a brand name, especially since you have a cheaper alternative with at least as much functionality.
All our base are belong to FORTRAN :)
I can confirm this. I work for a very large nuclear services company and all of our base codes are still in FORTRAN. We use Java, C++, Perl, Xml nowadays, but only to encapsulate the numeric nuclear physics simulators that are written in FORTRAN.
AFAIK We don't have any plans to change and esp. not to C/C++ because of its lack of a primitive imaginary type.
This government has bowed to corporate interests at every turn.
I'd have to agree with you there. But whichever side this case goes to, the government is still bowing to corporate interests. Let's try and remember why this whole thing started.
Consumer's rights? No. But when you have Sun, IBM, Netscape (now part of that tiny upstart AOL) lobbying around Washington, then the Justice Department takes notice. This is less a battle of consumers against a corporation then a battle of Corportions against a corporation.
Maybe I'm not getting my point across.
>The lead developer who is accepting patches
>would notice code that has potential security risks.
How do you know that? What happens if a hacker enables an exploitation of a previously unknown security risk? If you don't know what to look for how can you prevent it? At least with micro$oft, you can be reasonably more sure that their code is not meant to hurt you.
I think the government should use oss. But my point is that the government should never use open source software unmodified. They should also not release their modified version. The necessity of a government auditing agency is exactly the point I am making. Also, does the infrastructure needed to verify oss offset its affordability?
And yes I have a degree in comp. eng.
Let me reiterate/clarify. I'm talking about the possibility of deliberately writing code that contains a vulnerability. How can you make sure that a code has no vulnerabilities?
This is, of course, also the case with proprietary software. With proprietary software you have a closed development team that you can more easily identify and hold accountable. Who is accountable for an anonymously written module? The head developers?
You could have a whole army of terrorists developing new exploitations that have never been seen in the wild that are also adaquately disquised.
The only way around this that I see is to have the government write its own security standard to which open source software can conform and then to write a closed source security solution.
Well this if only if the malicous hacker made his back door easly readible. If the reader didn't know about a certain type of vulerability i.e. buffer overflow. A malicous hacker can exploit his own program in ways that haven't been done before.
Even the closest examination of the source code can miss things. How can you make sure that this wasn't done?
I know that open source software has a good security track record, but if governments start to run open source software to support their infrastructure doesn't it open a whole new can of worms?
Is open source robust enough to resist tampering by whole countries? Wouldn't you have to run security checks on the lead developers? Imagine all of the back doors you could put in if you really tried. I guess this isn't much of a concern now because there isn't a strong movement for it.
Wouldn't you have to have at some point a closed government modified/verified branch?
# cd / ./getLaid ./takeBath -time=now -soap=true ./getGirlFriend /pub ./beer ./findWomen proximity=10m ./beer ./beer ./flirt ./beer ./beer ./beer ./findWomen -proximty=10m ./buyBeer forWoman=4 ./getNumber fromWoman=4 ./getGirlFriend fromWoman=3 /life ./getLaid ./sleep -until=morning
# mkdir life; cd life
#
bash: command not found
#
#
bash: command not found
# cd
#
bash: Ahh
#
Age Looks(1-10) Description
46 5 SugarMomma
23 7 Nice, but baggage central
35 2 Looks like uncle buck
28 3 Smells like hotdogs
#
#
#
search returned no hits
#
#
#
#
Age Looks(1-10) Description
46 8 Wow!
23 10 Hot!
35 8 Damn!
28 10 WooHa!
#
#
bash: core dump
#
bash: are you sure? (y/n) y
warning: process beer is making system unstable proceed? (y/n) y
bash: Success!
# cd
#
bash: Success!
#
Ultraedit won me over last summer. Also, one of the only shareware programs I ever purchased (another one I bought, for those the want Windows multi-desktop check out Altdesk) Anyway, it's also tremendously useful if you frequently modify text files over ftp. You can open, work, save all through FTP. I have never encountered anything better.
My favorite quote from the Nytimes article is: "Many customers have yet to accept Microsoft's contention that computer software should be subscribed to as a Web-based service rather than purchased as a product they own and use, as most is today". At least they are not beating around the bush about restricting consumer's rights.