PDF has one characteristic that neither ODF or OOXML has. It's a PRESENTATION format, which means it's exactly what you said - a fancy photograph.
There are several places where a fancy photograph is critical, the biggest place is court filings - it's critical that everyone be working from exactly the same DISPLAY presentation.
Here they are: (4) Controlled by an open industry organization with a well-defined inclusive process for evolution of the standard
(b) Beginning on or after January 1, 2008, state agencies shall start to become equipped to accept all documents in an open, XML-based file format for office applications, and shall not adopt a file format used by only one entity.
(c) The department shall develop guidelines for state agencies to follow in determining whether existing electronic documents need to be converted to an open, XML-based file format. The department shall consider all of the following:
(1) The cost of converting electronic documents.
(2) The need for the documents to be publicly accessible.
(3) The expected storage life of the documents.
Does this mean that CA can no longer publish in PDF? That's not XML based, as far as I know.
What does that do to the CA courts, which currently publish exclusively in PDF format (afaik - every decision I've ever read was published in PDF).
I'd also love to know the results of 4.c.1. I suspect that it's significant (especially given this comment on a Microsoft blog).
Let's take a different example of two competing standards in the same area, since you're claiming that the 802.11x is just additional refinements on an existing standard (I disagree, but it's not important).
How about POP3 vs IMAP4.
Each standard has different goals, but they both describes interactions between a MUA and a email message store. You're saying that because POP3 exists, IMAP4 shouldn't be allowed to be standardized?
I suspect I could come up with other examples where multiple standards exist harmoneously in the same domain (including ones standardized by the same body).
I guess I don't see how choice in standards results in a loss to consumers. Many people have written email clients that talk both POP3 and IMAP4, the fact that there are multiple protocols doesn't change that, and the clients can hide almost all of the implementation details from the user.
That sucks, because it means that for wireless networking I'll lose all my choices. I can't chose between 802.11a, 802.11b, 802.11g, and 802.11n because the only the first standard wins.
I also don't get to chose cell phone providers because there's only one standard for cellular phones (so much for CDMA vs GSM).
AIUI, One of the other requirements of safe harbors is that they make no profit off of the content they host. Last I heard it, YouTube had advertisements on the same pages as the videos they host, which makes their claim of being a safe harbor somewhat suspect.
What he's said he's accomplished (with the use of a flag that disables PatchGuard) is to get code loaded into the operating system image that isn't associated with a driver.
That's it. From there, he extrapolates that he would be able to beat the protected media code in Windows.
But he's not actually done it. In fact, he's not played any hi-def content with his code loaded into the OS, neither has he used his code to pull the unencrypted samples from the video and audio drivers (this is NOT as easy as it sounds).
What he's saying is that IF the only thing that's done with PMP is to check the list of drivers, then it would be POSSIBLE to break the DRM system. But it relies on his technique to get code in the kernel, and that technique in turn relies on someone else breaking the PatchGuard system.
But it's a WAY better headline to say that DRM's been cracked, especially on the day of the Vista roll-out.
Personally, I'll wait until I see the proof-of-concept.
Actually, I WOULD be worried in that scenario. If you're watching porn with the speakers on while you're talking to your mother over Skype, then the microphone is highly likely to pick up the porn audio and send it to your mom.
But Leopard, or Vista, or whatever can't help you with that, it's your problem for watching porn while talking to your mom (yuck).
It depends on your heap allocator. IIRC, on the Windows XP heap (without service packs) an application could be owned with just a 1 byte heap overflow (if the phase of the moon was right). On XP SP2's heap it's WAY harder to exploit overflows, because the heap was hardened against this kind of attack. On Vista, it's even harder, the heap was hardened well beyond what was done in XP SP2.
I have no idea of how exploitable the various *nix or OSX heap implementations are - I'm sure that some are even more exploitable than XP's heap was (the original 4.2 BSD heap was very exploitable, IIRC), and I'm also sure that some of them are hardened as well as Vista's.
But heap hardening just makes exploitation harder (this is true of ALL defense-in-depth techniques). Even if your platform has a hardened heap and NX protection and stack canaries and ASLR, it's still possible to successfully exploit a vulnerability - it's many many orders of magnitude harder than if those features weren't present, but it's still possible to attack the system.
OK, then Microsoft had nothing to do with TerraServer, they got that from Ariel Images.
Actually, Microsoft licensed the imagery from Ariel Images (and the Russian Space Agency), but TerraServer was MS's alone. It was a SQL Server research project for Microsoft's "Scalability Day" dog&pony show back in 1997 (Gates discusses it about halfway down the page). The idea was to show a SQL server indexing and serving a terabyte of data (which was an insane amount of data back then). It turns out that satellite imagery was a good example of a useful, large-enough data set, so that's what they built it on.
No, Google should follow the same rules that apply to other companies that take out ads on themselves (for instance, when Time Warner runs ads on AOL, or when ESPN runs ABC ads).
So the business group that runs Google Office should be charged the cost of the ad placement for "word processor". Right now, Google is giving itself free advertising which doesn't show up on its bottom line, and that's just wrong.
Of course, the raving, avaricious lunatic could decide to remove all the Universal music titles from the iTunes Store tomorrow.
Which kinda gives him a bit of leverage.
Microsoft caved to his demands, now it's Apple's turn. Losing all the content licensed by Universal Music would hurt, but if Apple thinks they could go it without all the Motown, Mercury, and Polydor catalogs, they're welcome, but that's a lot of content.
which lists (in disgusting detail) the MS policy towards support.
Re:Integration has always been Apple's differentia
on
Leopard Vs. Vista
·
· Score: 1
That's not really true. Apple ACTS like it's a hardware company and the MacOS exists to sell more pieces of hardware.
If Apple was a hardware AND software company then they'd have never developed bootcamp. For a hardware company, bootcamp makes a HUGE amount of sense - it allows them to sell computers that run a competing OS, which is a win - every Mac running Windows is one more Mac sold. For a hardware/software company, however developing bootcamp makes no sense - releasing bootcamp reduces the value of the hardware/software combination.
Btw, if you look up the virus mentioned in the original article, you'll find out that this is exactly the case - it's just a program left on the hard disk.
Apple's really complaining that Microsoft Windows allows users to run (drumroll) programs (rimshot).
You're right, my bad. And I believe that once you account for Apple's costs (bandwidth ain't free), they make no profit off the service. iTS exists solely to provide content for iPods.
But that's NOT the iTS model. The iTS model is to provide content for iPods, thus increasing the value proposition of iPods, thus increasing the sales of iPods.
Apple receives no revenue from iTS. It's sort-of a backwards razors and razor blades model - instead of selling the razor below cost and making money on the blades, Apple sells the player for a huge amount of profit and gives away the content at cost to encourage further sales of the player.
Umm.. That's a different problem space. Medical devices and flight control systems don't hae to operate in a hostile environment (at least from a software standpoint). Windows (and Linux and OSX and whatever other OS you're running on the internet) does.
Also flight control systems and medical devices have to be RELIABLE.
Reliable != Secure.
They're different dimensions on a multi-dimension graph of software qualities.
Some of the dimensions on the graph:
Security (the ability of a system to prevent a hostile attacker from compromising the system)
Reliability (the ability of a system to ensure continued functioning, regardless of operating conditions)
Robustness (this one's interesting, because the word "robustness" has situational meaning)
Flexibility (the ability of a system to adopt to new environments).
There are tons of other dimensions.
Software can be evaluated against all of these criteria, depending on the needs of your organization.
One other thing: it's IMPOSSIBLE to have perfect security (well, you might get pretty good security on a black box that accepts no inputs and produces no outputs - a computer that's not powered and has no permanent storage is also moderately secure). Security is about risk analysis and mitigation.
You need to decide what level of risk is appropriate for your data and ensure that you have mitigations in place appropriate for that level of risk. For instance, if the bad guy has physical access to your computer, they own your computer. So if you have critical data on a computer, you need to make sure that the bad guy can't get access to the computer (lock it up in a machine room). The 10 immutable laws of security is worth reading.
Microsoft is actually one of the few companies out there that really DOES get security (yeah, you can laugh, but they really do). But it takes a LONG time to turn a ship around, and it's really hard to mitigate the mistakes ofthe past (every user running as an admin is one of those big ones).
Microsoft has adopted a process they call the Security Development Lifecycle. The SDL involves a bunch of different processes that ensure that over time security defects in the system are reduced. Other organizations (Oracle and Mozilla, for example) are also adopting similar methodologies. Microsoft did this because they recognised that Windows was a train wreck in progress and that if they didn't do SOMETHING they'd be in even worse trouble than they are today.
So far, SDL has paid off. Every release of Windows since 2002 has been progressively more secure than the last, as have each subsequent release of other Microsoft products.For instance, when was the last time you've heard of a new SQL server vulnerability?
It's not saying that Microsoft is perfect. It's not. But it's progressively getting harder and harder for the bad guys to attack Windows - that's why they're going after other easier pieces of the ecosystem. Vista will raise the bar several orders of magnitude higher.
Slashdot Mirror
PDF has one characteristic that neither ODF or OOXML has. It's a PRESENTATION format, which means it's exactly what you said - a fancy photograph.
There are several places where a fancy photograph is critical, the biggest place is court filings - it's critical that everyone be working from exactly the same DISPLAY presentation.
You left out large parts of section 4, btw.
Here they are:
(4) Controlled by an open industry organization with a well-defined inclusive process for evolution of the standard
(b) Beginning on or after January 1, 2008, state agencies shall start to become equipped to accept all documents in an open, XML-based file format for office applications, and shall not adopt a file format used by only one entity.
(c) The department shall develop guidelines for state agencies to follow in determining whether existing electronic documents need to be converted to an open, XML-based file format. The department shall consider all of the following:
(1) The cost of converting electronic documents.
(2) The need for the documents to be publicly accessible.
(3) The expected storage life of the documents.
Does this mean that CA can no longer publish in PDF? That's not XML based, as far as I know.
What does that do to the CA courts, which currently publish exclusively in PDF format (afaik - every decision I've ever read was published in PDF).
I'd also love to know the results of 4.c.1. I suspect that it's significant (especially given this comment on a Microsoft blog).
Let's take a different example of two competing standards in the same area, since you're claiming that the 802.11x is just additional refinements on an existing standard (I disagree, but it's not important).
How about POP3 vs IMAP4.
Each standard has different goals, but they both describes interactions between a MUA and a email message store. You're saying that because POP3 exists, IMAP4 shouldn't be allowed to be standardized?
I suspect I could come up with other examples where multiple standards exist harmoneously in the same domain (including ones standardized by the same body).
I guess I don't see how choice in standards results in a loss to consumers. Many people have written email clients that talk both POP3 and IMAP4, the fact that there are multiple protocols doesn't change that, and the clients can hide almost all of the implementation details from the user.
Damn. Choice in standards is bad.
That sucks, because it means that for wireless networking I'll lose all my choices. I can't chose between 802.11a, 802.11b, 802.11g, and 802.11n because the only the first standard wins.
I also don't get to chose cell phone providers because there's only one standard for cellular phones (so much for CDMA vs GSM).
You're always going to have choice in standards.
AIUI, One of the other requirements of safe harbors is that they make no profit off of the content they host. Last I heard it, YouTube had advertisements on the same pages as the videos they host, which makes their claim of being a safe harbor somewhat suspect.
Did ANYONE actually READ the article?
What he's said he's accomplished (with the use of a flag that disables PatchGuard) is to get code loaded into the operating system image that isn't associated with a driver.
That's it. From there, he extrapolates that he would be able to beat the protected media code in Windows.
But he's not actually done it. In fact, he's not played any hi-def content with his code loaded into the OS, neither has he used his code to pull the unencrypted samples from the video and audio drivers (this is NOT as easy as it sounds).
What he's saying is that IF the only thing that's done with PMP is to check the list of drivers, then it would be POSSIBLE to break the DRM system. But it relies on his technique to get code in the kernel, and that technique in turn relies on someone else breaking the PatchGuard system.
But it's a WAY better headline to say that DRM's been cracked, especially on the day of the Vista roll-out.
Personally, I'll wait until I see the proof-of-concept.
If you're reformatting your machine once a year, then the upgrade edition isn't for you.
The upgrade edition is for people who are UPGRADING their machines. That's why it's less expensive than the full edition.
If you're too cheap to pony up the cash for the full product (which allows clean installs), then you should switch to *nix.
Actually, Microsoft HASN'T said that Vista has "high impact" issues.
What Microsoft said is that Vista's SP1 is going to focus on high impact issues.
In other words, the only issues that are going to be addressed are the ones with broad customer impact, other issues won't be addressed.
If there are no high impact issues, then SP1 won't have many fixes, if there are tons of high impact fixes, then SP1 will have tons of fixes.
Just because the focus is on high impact issues doesn't imply that there ARE high impact issues.
MSNBC is just aggregating info from the Financial Times - you can see that if you RTFA.
/., why would I ever expect that people read the FA.
But this is
Actually, I WOULD be worried in that scenario. If you're watching porn with the speakers on while you're talking to your mother over Skype, then the microphone is highly likely to pick up the porn audio and send it to your mom.
But Leopard, or Vista, or whatever can't help you with that, it's your problem for watching porn while talking to your mom (yuck).
And in a previous life worked as an Apple fellow - he's responsible for many of the design principals embodied in the Mac's OS.
It depends on your heap allocator. IIRC, on the Windows XP heap (without service packs) an application could be owned with just a 1 byte heap overflow (if the phase of the moon was right). On XP SP2's heap it's WAY harder to exploit overflows, because the heap was hardened against this kind of attack. On Vista, it's even harder, the heap was hardened well beyond what was done in XP SP2.
I have no idea of how exploitable the various *nix or OSX heap implementations are - I'm sure that some are even more exploitable than XP's heap was (the original 4.2 BSD heap was very exploitable, IIRC), and I'm also sure that some of them are hardened as well as Vista's.
But heap hardening just makes exploitation harder (this is true of ALL defense-in-depth techniques). Even if your platform has a hardened heap and NX protection and stack canaries and ASLR, it's still possible to successfully exploit a vulnerability - it's many many orders of magnitude harder than if those features weren't present, but it's still possible to attack the system.
Actually, Microsoft licensed the imagery from Ariel Images (and the Russian Space Agency), but TerraServer was MS's alone. It was a SQL Server research project for Microsoft's "Scalability Day" dog&pony show back in 1997 (Gates discusses it about halfway down the page). The idea was to show a SQL server indexing and serving a terabyte of data (which was an insane amount of data back then). It turns out that satellite imagery was a good example of a useful, large-enough data set, so that's what they built it on.
No, Google should follow the same rules that apply to other companies that take out ads on themselves (for instance, when Time Warner runs ads on AOL, or when ESPN runs ABC ads).
So the business group that runs Google Office should be charged the cost of the ad placement for "word processor". Right now, Google is giving itself free advertising which doesn't show up on its bottom line, and that's just wrong.
By that logic, Microsoft wasn't a monopoly either - MacOS, OSX, Linux, etc etc made up a significant part of the OS market.
Actually the difference is that a geek bites the heads off chickens.
Of course, the raving, avaricious lunatic could decide to remove all the Universal music titles from the iTunes Store tomorrow.
Which kinda gives him a bit of leverage.
Microsoft caved to his demands, now it's Apple's turn. Losing all the content licensed by Universal Music would hurt, but if Apple thinks they could go it without all the Motown, Mercury, and Polydor catalogs, they're welcome, but that's a lot of content.
Search for "Microsoft Product Support Lifecycle" and you'll find:
http://support.microsoft.com/gp/lifecycle
which lists (in disgusting detail) the MS policy towards support.
That's not really true. Apple ACTS like it's a hardware company and the MacOS exists to sell more pieces of hardware.
If Apple was a hardware AND software company then they'd have never developed bootcamp. For a hardware company, bootcamp makes a HUGE amount of sense - it allows them to sell computers that run a competing OS, which is a win - every Mac running Windows is one more Mac sold. For a hardware/software company, however developing bootcamp makes no sense - releasing bootcamp reduces the value of the hardware/software combination.
And my father (a lawyer for 50+ years) once described Boies as "possibly the finest litigator of the time".
They're GOOD.
I'm confused. Here's the domain registration for wamucards.com:
Registrant:
Washington Mutual, Inc. (DOM-1398425)
1201 3rd Ave Seattle WA 98101 US
Domain Name: wamucards.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com/
Administrative Contact:
Administrative Contact (NIC-14324742) iFolio, Inc.
1201 3rd Ave, 40th Floor Seattle WA 98101 US
domains@ifolioinc.com +1.2063596677 Fax- -
Technical Contact, Zone Contact:
Technical Contact (NIC-14324922) iFolio, Inc.
1201 3rd Ave, 40th Floor Seattle WA 98101 US
domains@ifolioinc.com +1.2063596677 Fax- -
Created on..............: 2005-Aug-01.
Expires on..............: 2007-Aug-01.
Record last updated on..: 2006-May-17 11:10:55.
Domain servers in listed order:
MIA01.DIGEX.COM
MIA02.DIGEX.COM
Why do you believe it's a phishing site or otherwise fraudulent?
Btw, if you look up the virus mentioned in the original article, you'll find out that this is exactly the case - it's just a program left on the hard disk.
Apple's really complaining that Microsoft Windows allows users to run (drumroll) programs (rimshot).
You're right, my bad. And I believe that once you account for Apple's costs (bandwidth ain't free), they make no profit off the service. iTS exists solely to provide content for iPods.
But that's NOT the iTS model. The iTS model is to provide content for iPods, thus increasing the value proposition of iPods, thus increasing the sales of iPods.
Apple receives no revenue from iTS. It's sort-of a backwards razors and razor blades model - instead of selling the razor below cost and making money on the blades, Apple sells the player for a huge amount of profit and gives away the content at cost to encourage further sales of the player.
Umm.. That's a different problem space. Medical devices and flight control systems don't hae to operate in a hostile environment (at least from a software standpoint). Windows (and Linux and OSX and whatever other OS you're running on the internet) does.
Also flight control systems and medical devices have to be RELIABLE.
Reliable != Secure.
They're different dimensions on a multi-dimension graph of software qualities.
Some of the dimensions on the graph:
Security (the ability of a system to prevent a hostile attacker from compromising the system)
Reliability (the ability of a system to ensure continued functioning, regardless of operating conditions)
Robustness (this one's interesting, because the word "robustness" has situational meaning)
Flexibility (the ability of a system to adopt to new environments).
There are tons of other dimensions.
Software can be evaluated against all of these criteria, depending on the needs of your organization.
One other thing: it's IMPOSSIBLE to have perfect security (well, you might get pretty good security on a black box that accepts no inputs and produces no outputs - a computer that's not powered and has no permanent storage is also moderately secure). Security is about risk analysis and mitigation.
You need to decide what level of risk is appropriate for your data and ensure that you have mitigations in place appropriate for that level of risk. For instance, if the bad guy has physical access to your computer, they own your computer. So if you have critical data on a computer, you need to make sure that the bad guy can't get access to the computer (lock it up in a machine room). The 10 immutable laws of security is worth reading.
Microsoft is actually one of the few companies out there that really DOES get security (yeah, you can laugh, but they really do). But it takes a LONG time to turn a ship around, and it's really hard to mitigate the mistakes ofthe past (every user running as an admin is one of those big ones).
Microsoft has adopted a process they call the Security Development Lifecycle. The SDL involves a bunch of different processes that ensure that over time security defects in the system are reduced. Other organizations (Oracle and Mozilla, for example) are also adopting similar methodologies. Microsoft did this because they recognised that Windows was a train wreck in progress and that if they didn't do SOMETHING they'd be in even worse trouble than they are today.
So far, SDL has paid off. Every release of Windows since 2002 has been progressively more secure than the last, as have each subsequent release of other Microsoft products.For instance, when was the last time you've heard of a new SQL server vulnerability?
It's not saying that Microsoft is perfect. It's not. But it's progressively getting harder and harder for the bad guys to attack Windows - that's why they're going after other easier pieces of the ecosystem. Vista will raise the bar several orders of magnitude higher.