Iran's nucular plan despite pressures from western countries
Why is everyone so worried about Iran? Israel bombed Iraq in the early 80s for the same reasons, you think they will sit idle this time? Hell no. Let Israel take care of Iran. Their acting PM even said they will never allow Iran to go nuclear.
I's possible to upgrade a soldered chip...just takes a soldering iron, a little skill, and a lot of paitence.
(A commercial-grade desoldering tool is also useful.)
I haven't upgraded a CPU for like... ever. IMO ugprading is not worth it. Usually when I upgrade it's more than CPU only, I need new type of RAM, new stuff like USB 2.0. And at the end, new mobo + CPU = better choice than simply a bit faster CPU that would run in the old machine.
My good ole' 486 wasn't worth upgrading with Pentium Overdrive, my Athlon Thoroughbreed neither with a faster CPU, and so is my current Athlon 64 3000+ (939). I could upgrade my 939 3000+ with a dual core, but then again I don't need it now and when I would need it, probably early next year I would be better off with a AM2 socket (or whatever it's called) to get DDR2.
In other words: Macs are not perfect, but are pretty good. Same applies to *BSD, most Linux distros, Solaris, HP SUX, etc, etc... -- in other words, any major OS made by any company other than Microsoft.
IMO, there is more to the "*nix* is more secure side of the problem.
The problem is purely "economical". Most scumware writers are in for the money. Yes there are exceptions, but mostly it's about green pieces of paper with dead presidents on them. SPAM, phishing and scams work with volumes. If you, as a hacker, want to target as many potential victims as possible you need to attack the biggest possible group of people using the same platform, Windows. Why would a hacker spend time and resources trying to hack a Mac when only 3.some% of the world uses it when there is huge windows PC monoculture used by 95+% of the planet?
Second, Windows hardened is fairly secure. Problem is, out of the box, it's not secure. Everyone and his grandma is root. IE is deep in the OS. This gives an advantage to *nixes, not saying *nixes don't have security holes.
I would bet that if a Linux vendor would take 90% of the desktop market, it would be a big target for malware writers. And if this vendor would allow, and encourage people to use root accounts for their regular PC usage, it would be almost as bad as Windows.
I could see someone deliberatly doing this, maybe a contractor or a disgruntled employee. - How about a totally stupid idea that MS thought was good?
I mean MS has a long history of ignoring security for usability, lock in and whatnot. WMF dates back to close to 10 years, back when MS really didn't give a damn about security. Even after a the big Gates propaganda email and Trusted Computing Initiative and all the hoopla, XP SP2 allows blank passwords for administrators, the user created during installation is an administrator, again if password is blank no one gives a shit. Remote registry is on by default. RPC on by default. Administrative shares are on by default. Not to mention a plethora of completely useless services.
MS just doesn't understand security. This WMF example is nothing different. It's some ancient code that never got looked at. Add to that the fact everyone and his mother is root, AND that the OS is a big bowl of spaghetti (hi2u IE deep in kernel), you get another attack vector vs Windows systems.
Did someone maliciously implement this WMF "feature"? I doubt it. It looks like another regular MS security hole that shows that MS has no clue about security.
"Sorry," I said, "that's just Windows. It crashes. That's why I don't like it." I looked up the uptime on the Sun workstation where I was: 121 days. RHEL4 Server: 122 days. Oh yeah, I did patch those last summer, around Labor Day.
Computers don't crash: Windows does.
My dual BP6 Celeron 500 running on Windows XP sp1 crashed only when the ancient motherboard had some diodes that died. It ran my SSH server, IM client and Email client 24/h a day. Oh and it was my main download machine since it was on 24h a day. My longest uptime was something around 6 months, but I figured I rather install those 500000 patches waiting and I had to reboot it.
My current online 24h/day PC is pretty much same setup, current uptime: about 1.5 months, but I got some patches to install so I'll have to reboot it.
PS: Tell your wife to hit the save icon a few times per hour.
It's not entirely MS's fault that almost everyone abuses it; most of the blame lies squarely with the third party developers.
3d party developer? You mean silly things like: - The user created during XP install is an administrator. - The builtin administrator account can have blank password. - During installation the system doesn't warn you at all that you enter a blank password.
Yes let's blame the 3d party devs when the installation of Windows XP welcomes and encourages shitty shitty security.
note: I can too make fun of all antivirus companies. I run debian.
I haven't installed an anti-virus software on my home PC and laptop for over 3 years now (both running Windows). Never had any problems either. I just follow a few paranoid steps: - Firewall the machines router + laptop has software firewall. - Avoid IE like the plague. - Avoid Outlook Express like the plague. - Try as much as possible using a limited rights account instead of root. For some games and apps it doesn't work but for most mundane tasks like browsing, video, mp3 playback it works great. - VMware or VirtualPC is your friend if you want to run code from ugh *cough* warez sites *cough*, but as a general step, I refuse to open any email attachment that isn't an image, video or hyperlink from a trusted source (ie: someone emailing a funny image to group of friends). I treat every email attachement that I receive on my home PC as a virus. I then lower the severity of it based on file type. - Firefox + Adblock = golden.
Is it perfect? Nope but paranoid surfing habits as in don't click on "OMG YOUR PC IS SLOW SPEED IT UP" flashing crap helps, or when you get to a pr0n site and it offers you a plugin.exe it might also be a bad idea to execute it.
Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?
I doubt it's only AOL. How many non AOL average Joes use a firewall, antivirus and antispamware? The vast majority of home computer users don't give a damn about or are totally clueless about computer security.
That and everyone and his mother running with a root account so once you get a user clicking on a "OMG COOL PICTURE HERE CHECK IT OUT" spam, their PC is a newborn zombie.
Right. So once it goes live, they're going to introduce a bunch of untested stuff? I find that hard to believe.
Unfortunately MMOG makers often release untested stuff. WoW had major class overhauls a few weeks before release, EQ had shipped unfinished zones (far worse than untested) for ages with their expansions. It's nothing new.
You obviously don't support Windows systems for laymen.
In every instance that I've replaced someone's Windows-only system with a dual-boot Windows/Linux install, they've thanked me.
I didn't install Linux to computer illiterate family members but I did install Windows XP without any problems and they have no viruses, spyware, scumware, whatnot, to this day.
I usually have a "nazi" checklist like this: - I am admin on the machine. No one else is. Yes it's a very severe limitation but it's worth gold. Before switching to these "nazi" rules, every month or two I had to clean up myriads of spywares and viruses. For the last 2 years, not one single virus, adware or spyware. - Only root has execute rights on iexplore.exe. - Firefox is default browser (thank $DEITY$ my mom's and sisters' banking sites support it well). - Thunderbird is default mail client. - OO.org installed (so far no complaints!) - Autoplay disabled. - SSH installed. - Router used as firewall.
There are limitations like installing software, but I can connect remote to the machine and do maintenance and/or installs if needed. There was no antivirus nor antispyware installed, and for shits and giggles I did install one of each and no scumware was found on the machines.
And referring to BSODs, I yet have to see Windows BSOD on about 7+ PCs in my family that wasn't related to some goddamn piece of shit ATI video driver. The only other BSOD I had on one of our PCs was because of a bad memory stick.
My experience with Kubuntu 10.5 on a Compaq Presario 905US laptop (about 3 year old) are far from being "user friendly". As a Linux novice I had many problems. I tried installing Linux before but kernel kept panicing on install. Last year I decided to give it another go.
First problem, wireless. For some reason the Kubuntu GUI won't let me change the settings. Re-install OS... now I can change the settings. Weird. Still not fixed, it still won't automatically start it. Fiddle with/etc/network/interfaces and iwconfig and I got it up and running. I can consider myself lucky and I had a sort-of-linux-supported driver: atheros. My friend was more unlucky and he had to use ndiswrapper.
Second problem: sound. First install, sound is detected and driver loaded properly. Second install... no sound. Third install... sound works again! I have no logical explanation.
OS installed, I connect to my file server, load up Mp3s in Amarok... and... well, it can't recognize them. Look around on the web, I have download "illegal" libraries. So be it. Problem is, the package manager won't let me install them because it "Breaks install" whatever that is. Fiddling around with different players and libraries I findally got one running.
Next problem: video, same problem as sound.
Finally, Install Firefox. Worked great except under KDE it was beyond fugly. Thank $DEITY$ I had some CSS knowledge and were able to change the interface in some hidden folder and definitely not userfriendly way of hacking a CSS file.
I never had these kinds of problems on Windows. Don't get me wrong, I hate MS like the next geek here, but 2 days of hacking text files, downloading weird libraries just to get my laptop operational for simple tasks as: browsing web, listening to mp3s and watching videos IMO is way too much to ask. Not to mention, any person with limited knowledge would have given up on it.
Now I know the big part of the problem is that Linux lacks supported drivers but I don't see how that will change.
This spells the end for revolutions, for insurgents, freedom fighters whatever you want to call them.
How will this device stop a car full of exlosives ready to be detonated by distance? Roadside bombs? Suicidie bombers? A suicide bomber with a car full of explosives will drive his van to a checkpoint and blow it up. No need to see if "someone is hidden". Or when a bomber walks into a crowded place, same thing. And roadside bombs or mines are pretty much safe from this device.
Also let's suppose the US is doing a raid in some town against insurgets, how can they determine with this device that people in the house are evil up to no good or just law obiding citizens? They can't. They still have to go in. IMO, all this will allow is to conduct searches much faster. Instead of going to every house door by door, you scan the area and go inside where there are people. Problem is, you still have to go inside without first blowing the house up because you can't just afford killing everything that moves.
MS should have been all over this once the news hit. Why did it take them so long to get a patch out the door for this vulnerability? I suppose I could understand that it was the holiday, but even then, with 90%+ marketshare, you have an obligation to get that patched up ASAP.
I think that's a bit unfair. We got news of this zero day exploit the 27th of December? It's still only about 10 days to produce a patch and test it. It fixes multiple versions of Windows too. IMO it didn't take too long for MS to fix it compared to the 200+ day fixes you read about regulary on eEye's site. Of course the not so good design of Windows doesn't help either. Windows is not modular so fixing something like an image processing function can impact the entire kernel, it needs extra testing.
But shouldn't that be everybody's focus? We're seeing a lot of articles this week on coding practices, bugs, and vulnerabilities, and it all boils down to how hard every programmer is going to work to eliminate them. It's unrealistic to think that there will be no bugs in any piece of code, but if there are to be bugs/vulnerabilities, their impact should at least be minimized. And it's going to take teamwork; the day of the lone programmer capable of wiping out the bugs is long over.
Hey now, programmers aren't the only ones responsible. Yes programmers produce code with bugs, yes they do try to correct it until Mr.Manager comes in and tells them they need to ship yesterday. Right now finding and fixing elusive bugs and security issues is not even close to the top priority for the majority of the companies, it costs money and it doesn't produce any money. They rather ship the coding team to start cranking out a new project/version. Not to mention for desktop software, the vast majority of the users don't even know what the hell a security hole is. So they don't care, there is no pressure on companies to produce quality code and invest time and resources into finding and fixing bugs. Until there is no governement regulation about software security, sloppy and unsecure software will continue to exist in large numbers, especially for desktops.
We only see things like "Trusted Computing Initiative" and other BS propaganda like that when a company takes a LOT of bad mainstream press. The only time companies cave into pressure fixing their software when there is a huge outcry from the press. Of course that is all caused by no one in managmenet giving a fsck about quality, just to ship version X of the software ASAP and start working on version X+1.
Begging Bill's pardon, but Microsoft's attitudes and practices are their own biggest threat.
While that's true to an extent, I think it's open source and innovation. Google innovated with search engines, now it's a word. IPod is almost a word, a huge trend. Open Source is an ideology. You can't fight ideologies and words from dictionnary. Open Source + Microsoft's reluctance to change their business model + lack of innovation on their part will be it's ultimate undoing.
Then again, that won't change jack in the big scheme of things. Yesterday was IBM, the big Monopolistic Empire of Evil(tm), today is Microsoft, tommorow it will be (fill in the blanks).
IMO, Futurama failed on Fox because it's intellectual humor. How many Fox regulars would understand this joke?
Horse race announcer: "And the winner is... Number 3, in a quantum finish." Professor Farnsworth: "No fair! You changed the outcome by measuring it!"
There were plenty of geek humor in Futurama, like Bender's CPU being a 6502, church of Robotology: 10 SIN, 20 GOTO HELL, and so on. Unfortunately the average american person likes to watch people eat rats on TV (X Factor yay!) or some (insert retarded reality show) instead of quality TV.
Smart humor, geek humor has no place on mainstream TV. Even if Fox had aired Futurama 24h/day it would have failed.
Groening should have forseen this and approached a niche channel for it, Discovery Channel or Comedy Central. Definitely not Fox.
OK, am I the only one who has grown weary of the "oh well, another month, another insain exploit" state of mind in which windows users and admins seem to be willing to accept? - That's easy to say. Problem is much higher on the food chain. Managers and people with money, who pay for projects have no clue what's good and what's not. To make matters worse, Microsoft shoves under their noses "unbiased" studies that show Windows is superior to *Nix. So managers get brainwashed and think that the people below them (coders, admins, etc.) are a bunch of hippies and they are wrong about *nix being better. So they end up buying into MS propaganda and continue using MS products. Of course the programmer or admin who has a mortgage and bills to pay can't really slam the door and leave, finding another job is not easy. The "Screw you guys, I am going home" line doesn't work in the real world anymore. It worked in the Dot.com bubble for sure. Not anymore.
That won't necessarily eliminate carelessness on the companies' part. If the fine is less than the cost to properly secure the data, nothing will change.
The only group that benefits in this case is the government.
I disagree. How many times a year we see a car manufacturer do a major recall of some cars? Very rare. How many times a year we see horror stories about lack of security related to software/IT systems? Lawsuits by people and/or the governement will force companies to consider security extremely important. This year was a perfect example of companies not giving a damn about security. Afer MasterCard lost a boatload of information to hackers did they get a fine? No. They blamed it on a small 3d party company and shoved it under the rug. See no evil, hear no evil. As soon as there is a problem with some kind of car component, tires for instance, there is already talk of class action lawsuits, car maker recalls cars and whatnot.
The IT industry needs to be held liable for the security holes in their products, only then will we have an improved security. Cars today are safe because there is regulation in the industry. IT needs the same thing.
Slashdot Mirror
Iran's nucular plan despite pressures from western countries
Why is everyone so worried about Iran? Israel bombed Iraq in the early 80s for the same reasons, you think they will sit idle this time? Hell no. Let Israel take care of Iran. Their acting PM even said they will never allow Iran to go nuclear.
I's possible to upgrade a soldered chip...just takes a soldering iron, a little skill, and a lot of paitence.
... ever. IMO ugprading is not worth it. Usually when I upgrade it's more than CPU only, I need new type of RAM, new stuff like USB 2.0. And at the end, new mobo + CPU = better choice than simply a bit faster CPU that would run in the old machine.
(A commercial-grade desoldering tool is also useful.)
I haven't upgraded a CPU for like
My good ole' 486 wasn't worth upgrading with Pentium Overdrive, my Athlon Thoroughbreed neither with a faster CPU, and so is my current Athlon 64 3000+ (939). I could upgrade my 939 3000+ with a dual core, but then again I don't need it now and when I would need it, probably early next year I would be better off with a AM2 socket (or whatever it's called) to get DDR2.
In other words: Macs are not perfect, but are pretty good. Same applies to *BSD, most Linux distros, Solaris, HP SUX, etc, etc... -- in other words, any major OS made by any company other than Microsoft.
IMO, there is more to the "*nix* is more secure side of the problem.
The problem is purely "economical". Most scumware writers are in for the money. Yes there are exceptions, but mostly it's about green pieces of paper with dead presidents on them. SPAM, phishing and scams work with volumes. If you, as a hacker, want to target as many potential victims as possible you need to attack the biggest possible group of people using the same platform, Windows. Why would a hacker spend time and resources trying to hack a Mac when only 3.some% of the world uses it when there is huge windows PC monoculture used by 95+% of the planet?
Second, Windows hardened is fairly secure. Problem is, out of the box, it's not secure. Everyone and his grandma is root. IE is deep in the OS. This gives an advantage to *nixes, not saying *nixes don't have security holes.
I would bet that if a Linux vendor would take 90% of the desktop market, it would be a big target for malware writers. And if this vendor would allow, and encourage people to use root accounts for their regular PC usage, it would be almost as bad as Windows.
I could see someone deliberatly doing this, maybe a contractor or a disgruntled employee.
- How about a totally stupid idea that MS thought was good?
I mean MS has a long history of ignoring security for usability, lock in and whatnot. WMF dates back to close to 10 years, back when MS really didn't give a damn about security. Even after a the big Gates propaganda email and Trusted Computing Initiative and all the hoopla, XP SP2 allows blank passwords for administrators, the user created during installation is an administrator, again if password is blank no one gives a shit. Remote registry is on by default. RPC on by default. Administrative shares are on by default. Not to mention a plethora of completely useless services.
MS just doesn't understand security. This WMF example is nothing different. It's some ancient code that never got looked at. Add to that the fact everyone and his mother is root, AND that the OS is a big bowl of spaghetti (hi2u IE deep in kernel), you get another attack vector vs Windows systems.
Did someone maliciously implement this WMF "feature"? I doubt it. It looks like another regular MS security hole that shows that MS has no clue about security.
SWG was the most open and free of the games out there at the time.
....
Riiiiight
You never heard of Ultima Online right?
"Sorry," I said, "that's just Windows. It crashes. That's why I don't like it." I looked up the uptime on the Sun workstation where I was: 121 days. RHEL4 Server: 122 days. Oh yeah, I did patch those last summer, around Labor Day.
Computers don't crash: Windows does.
My dual BP6 Celeron 500 running on Windows XP sp1 crashed only when the ancient motherboard had some diodes that died. It ran my SSH server, IM client and Email client 24/h a day. Oh and it was my main download machine since it was on 24h a day. My longest uptime was something around 6 months, but I figured I rather install those 500000 patches waiting and I had to reboot it.
My current online 24h/day PC is pretty much same setup, current uptime: about 1.5 months, but I got some patches to install so I'll have to reboot it.
PS: Tell your wife to hit the save icon a few times per hour.
It's not entirely MS's fault that almost everyone abuses it; most of the blame lies squarely with the third party developers.
3d party developer? You mean silly things like:
- The user created during XP install is an administrator.
- The builtin administrator account can have blank password.
- During installation the system doesn't warn you at all that you enter a blank password.
Yes let's blame the 3d party devs when the installation of Windows XP welcomes and encourages shitty shitty security.
What kind of music do terrorists listen to??
- Illegaly downloaded music of course! It funds terrorism!
note: I can too make fun of all antivirus companies. I run debian.
I haven't installed an anti-virus software on my home PC and laptop for over 3 years now (both running Windows). Never had any problems either. I just follow a few paranoid steps:
- Firewall the machines router + laptop has software firewall.
- Avoid IE like the plague.
- Avoid Outlook Express like the plague.
- Try as much as possible using a limited rights account instead of root. For some games and apps it doesn't work but for most mundane tasks like browsing, video, mp3 playback it works great.
- VMware or VirtualPC is your friend if you want to run code from ugh *cough* warez sites *cough*, but as a general step, I refuse to open any email attachment that isn't an image, video or hyperlink from a trusted source (ie: someone emailing a funny image to group of friends). I treat every email attachement that I receive on my home PC as a virus. I then lower the severity of it based on file type.
- Firefox + Adblock = golden.
Is it perfect? Nope but paranoid surfing habits as in don't click on "OMG YOUR PC IS SLOW SPEED IT UP" flashing crap helps, or when you get to a pr0n site and it offers you a plugin.exe it might also be a bad idea to execute it.
Obvious, they go to where the easy targets are. As a plus: When you infect a computer connected through AOL the chance of discovery and subsequent removal is smaller. How many granny's on AOL run a firewall+spybot+antivirus etc?
I doubt it's only AOL. How many non AOL average Joes use a firewall, antivirus and antispamware? The vast majority of home computer users don't give a damn about or are totally clueless about computer security.
That and everyone and his mother running with a root account so once you get a user clicking on a "OMG COOL PICTURE HERE CHECK IT OUT" spam, their PC is a newborn zombie.
Hey, God makes bees fly.
- Flying Spaghetti Monster you insensitive clod!
Right. So once it goes live, they're going to introduce a bunch of untested stuff? I find that hard to believe.
Unfortunately MMOG makers often release untested stuff. WoW had major class overhauls a few weeks before release, EQ had shipped unfinished zones (far worse than untested) for ages with their expansions. It's nothing new.
And in other news, fire is hot!
Thanks for the hints. I'll definitely try SUSE, I picked Kubunut because it was supposedly the most user friendly version.
You obviously don't support Windows systems for laymen.
In every instance that I've replaced someone's Windows-only system with a dual-boot Windows/Linux install, they've thanked me.
I didn't install Linux to computer illiterate family members but I did install Windows XP without any problems and they have no viruses, spyware, scumware, whatnot, to this day.
I usually have a "nazi" checklist like this:
- I am admin on the machine. No one else is. Yes it's a very severe limitation but it's worth gold. Before switching to these "nazi" rules, every month or two I had to clean up myriads of spywares and viruses. For the last 2 years, not one single virus, adware or spyware.
- Only root has execute rights on iexplore.exe.
- Firefox is default browser (thank $DEITY$ my mom's and sisters' banking sites support it well).
- Thunderbird is default mail client.
- OO.org installed (so far no complaints!)
- Autoplay disabled.
- SSH installed.
- Router used as firewall.
There are limitations like installing software, but I can connect remote to the machine and do maintenance and/or installs if needed. There was no antivirus nor antispyware installed, and for shits and giggles I did install one of each and no scumware was found on the machines.
And referring to BSODs, I yet have to see Windows BSOD on about 7+ PCs in my family that wasn't related to some goddamn piece of shit ATI video driver. The only other BSOD I had on one of our PCs was because of a bad memory stick.
My experience with Kubuntu 10.5 on a Compaq Presario 905US laptop (about 3 year old) are far from being "user friendly". As a Linux novice I had many problems. I tried installing Linux before but kernel kept panicing on install. Last year I decided to give it another go.
... now I can change the settings. Weird. Still not fixed, it still won't automatically start it. Fiddle with /etc/network/interfaces and iwconfig and I got it up and running. I can consider myself lucky and I had a sort-of-linux-supported driver: atheros. My friend was more unlucky and he had to use ndiswrapper.
... no sound. Third install ... sound works again! I have no logical explanation.
... and ... well, it can't recognize them. Look around on the web, I have download "illegal" libraries. So be it. Problem is, the package manager won't let me install them because it "Breaks install" whatever that is. Fiddling around with different players and libraries I findally got one running.
First problem, wireless. For some reason the Kubuntu GUI won't let me change the settings. Re-install OS
Second problem: sound. First install, sound is detected and driver loaded properly. Second install
OS installed, I connect to my file server, load up Mp3s in Amarok
Next problem: video, same problem as sound.
Finally, Install Firefox. Worked great except under KDE it was beyond fugly. Thank $DEITY$ I had some CSS knowledge and were able to change the interface in some hidden folder and definitely not userfriendly way of hacking a CSS file.
I never had these kinds of problems on Windows. Don't get me wrong, I hate MS like the next geek here, but 2 days of hacking text files, downloading weird libraries just to get my laptop operational for simple tasks as: browsing web, listening to mp3s and watching videos IMO is way too much to ask. Not to mention, any person with limited knowledge would have given up on it.
Now I know the big part of the problem is that Linux lacks supported drivers but I don't see how that will change.
This spells the end for revolutions, for insurgents, freedom fighters whatever you want to call them.
How will this device stop a car full of exlosives ready to be detonated by distance? Roadside bombs? Suicidie bombers? A suicide bomber with a car full of explosives will drive his van to a checkpoint and blow it up. No need to see if "someone is hidden". Or when a bomber walks into a crowded place, same thing. And roadside bombs or mines are pretty much safe from this device.
Also let's suppose the US is doing a raid in some town against insurgets, how can they determine with this device that people in the house are evil up to no good or just law obiding citizens? They can't. They still have to go in. IMO, all this will allow is to conduct searches much faster. Instead of going to every house door by door, you scan the area and go inside where there are people. Problem is, you still have to go inside without first blowing the house up because you can't just afford killing everything that moves.
MS should have been all over this once the news hit. Why did it take them so long to get a patch out the door for this vulnerability? I suppose I could understand that it was the holiday, but even then, with 90%+ marketshare, you have an obligation to get that patched up ASAP.
I think that's a bit unfair. We got news of this zero day exploit the 27th of December? It's still only about 10 days to produce a patch and test it. It fixes multiple versions of Windows too. IMO it didn't take too long for MS to fix it compared to the 200+ day fixes you read about regulary on eEye's site. Of course the not so good design of Windows doesn't help either. Windows is not modular so fixing something like an image processing function can impact the entire kernel, it needs extra testing.
But shouldn't that be everybody's focus? We're seeing a lot of articles this week on coding practices, bugs, and vulnerabilities, and it all boils down to how hard every programmer is going to work to eliminate them. It's unrealistic to think that there will be no bugs in any piece of code, but if there are to be bugs/vulnerabilities, their impact should at least be minimized. And it's going to take teamwork; the day of the lone programmer capable of wiping out the bugs is long over.
Hey now, programmers aren't the only ones responsible. Yes programmers produce code with bugs, yes they do try to correct it until Mr.Manager comes in and tells them they need to ship yesterday. Right now finding and fixing elusive bugs and security issues is not even close to the top priority for the majority of the companies, it costs money and it doesn't produce any money. They rather ship the coding team to start cranking out a new project/version. Not to mention for desktop software, the vast majority of the users don't even know what the hell a security hole is. So they don't care, there is no pressure on companies to produce quality code and invest time and resources into finding and fixing bugs. Until there is no governement regulation about software security, sloppy and unsecure software will continue to exist in large numbers, especially for desktops.
We only see things like "Trusted Computing Initiative" and other BS propaganda like that when a company takes a LOT of bad mainstream press. The only time companies cave into pressure fixing their software when there is a huge outcry from the press. Of course that is all caused by no one in managmenet giving a fsck about quality, just to ship version X of the software ASAP and start working on version X+1.
Begging Bill's pardon, but Microsoft's attitudes and practices are their own biggest threat.
While that's true to an extent, I think it's open source and innovation. Google innovated with search engines, now it's a word. IPod is almost a word, a huge trend. Open Source is an ideology. You can't fight ideologies and words from dictionnary. Open Source + Microsoft's reluctance to change their business model + lack of innovation on their part will be it's ultimate undoing.
Then again, that won't change jack in the big scheme of things. Yesterday was IBM, the big Monopolistic Empire of Evil(tm), today is Microsoft, tommorow it will be (fill in the blanks).
How much did the latter cause the former?
... Number 3, in a quantum finish."
IMO, Futurama failed on Fox because it's intellectual humor. How many Fox regulars would understand this joke?
Horse race announcer: "And the winner is
Professor Farnsworth: "No fair! You changed the outcome by measuring it!"
There were plenty of geek humor in Futurama, like Bender's CPU being a 6502, church of Robotology: 10 SIN, 20 GOTO HELL, and so on. Unfortunately the average american person likes to watch people eat rats on TV (X Factor yay!) or some (insert retarded reality show) instead of quality TV.
Smart humor, geek humor has no place on mainstream TV. Even if Fox had aired Futurama 24h/day it would have failed.
Groening should have forseen this and approached a niche channel for it, Discovery Channel or Comedy Central. Definitely not Fox.
2006 is the year!
Can't wait to play Duke Nukem Forever on my Phantom Game Console!
OK, am I the only one who has grown weary of the "oh well, another month, another insain exploit" state of mind in which windows users and admins seem to be willing to accept?
- That's easy to say. Problem is much higher on the food chain. Managers and people with money, who pay for projects have no clue what's good and what's not. To make matters worse, Microsoft shoves under their noses "unbiased" studies that show Windows is superior to *Nix. So managers get brainwashed and think that the people below them (coders, admins, etc.) are a bunch of hippies and they are wrong about *nix being better. So they end up buying into MS propaganda and continue using MS products. Of course the programmer or admin who has a mortgage and bills to pay can't really slam the door and leave, finding another job is not easy. The "Screw you guys, I am going home" line doesn't work in the real world anymore. It worked in the Dot.com bubble for sure. Not anymore.
...good old ini files are much more easy to use (i.e. copy around, fiddle and the like)
That will also make applications easier to port. Something Microsoft doesn't want. Registry is a good lock-in tool for Microsoft.
That won't necessarily eliminate carelessness on the companies' part. If the fine is less than the cost to properly secure the data, nothing will change.
The only group that benefits in this case is the government.
I disagree. How many times a year we see a car manufacturer do a major recall of some cars? Very rare. How many times a year we see horror stories about lack of security related to software/IT systems? Lawsuits by people and/or the governement will force companies to consider security extremely important. This year was a perfect example of companies not giving a damn about security. Afer MasterCard lost a boatload of information to hackers did they get a fine? No. They blamed it on a small 3d party company and shoved it under the rug. See no evil, hear no evil. As soon as there is a problem with some kind of car component, tires for instance, there is already talk of class action lawsuits, car maker recalls cars and whatnot.
The IT industry needs to be held liable for the security holes in their products, only then will we have an improved security. Cars today are safe because there is regulation in the industry. IT needs the same thing.