Ooops. Sorry. I forgot to add the;) smiley after the message to soften it up. It was meant to be a satiric comment but obviously it failed. I share your opinion about uselessness of such metrics.
Heh. This goes little off-topic but reminds me of a funny thing. I know a guy who works as a programmer and goes to a gym a lot. He can easily deadlift 250 kg and benchpress 200 kg. You would think those are pretty good numbers and that he is in pretty strong shape, don't you? Then why does he constantly moan about his laptop being too heavy;)
If sources are, as The Fine Summary says, directly available as a download on the Microsoft web site, and as The Fine Article says, directly available for a direct download on the Microsoft web site, so in fact where do you sign NDA? There is no electronic signing in my country. And if you look at Microsoft Open Specification Promise you will see the following text right at the beginning:
Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification
Allthought I don't know what "Microsoft Necessary Claims" means I think it would be very hard for MS to press charges against anyone after that statement.
What the heck! My computer updates itself every night at 3 am. I haven't seen any IE popups during that time. Is there something wrong with my Vista installation?
revolutionary features like "text message multiple people in one message" *snip* those being features available to pretty much every other mobile phone manufactured in the last five years....
Heh. This brings back memories when I coded such a thing for Piccolink 2000 (google for it, I didn't find any sites in English about it) in 2003. It could send multipart SMS to multiple recipient at once. Maybe I should check out if there's any job openings at Apple:)
FreeBSD... maybe... I kind of like the Apple hardware, though.
Well, last time I checked they used pretty ordinary PC components. I'm sure you can build your own computer with (almost) same components and even spray paint a picture of an apple to the chassis:)
But if you come to me with a question or a problem, you get to hear my opinion and very often that is "sorry, that sounds like it's a windos/IE/MS-Office/whatever-specific problem.
"Oh, it was a problem with www server crashing afterall, nothing to do with Windows/IE. They already fixed that. Oh, you already bought overpriced Apple computer? Well, sorry dude.";)
Whether or not the definition of atheism says lack of belief in god or not
I don't fricking lack any belief in any god. Lack of something means that there was or there should be something but for some reason it is now missing. So if there was nothing to begin with how can there be any lack of it?
But hey, you already control the repository, why not roll your own install disc?
That's a good point. I didn't consider that. If there's just a way (some tool or something) to monitor if patches are installed correctly then it should work nicely.
Again, I've never done this on Windows, so I don't really know how long it takes to join the corporate domain, on each computer.
Well, you log in to your computer with domain account and that's it:)
I don't know how easy the tools are, but you should be able to build and maintain your own repository for your distro of choice. Then just add a daily cron job to each machine, forcing it to update.
The difference here, if I understand this correctly, is that in Linux, you have to run through every computer and add cron job by hand. In Windows, when you join corporate domain this all is done automatically. So WSUS/group policy saves user's and admin's time.
This is much less important in real operating systems, which don't allow mail clients or web browsers to muck up boot sectors and the like.
My mail client and web browser is run on lowest privilege level there is. No MBR mucking. No system file mucking. I run Vista and IE7 with non-admin rights. This security hole doesn't concern me or any other Vista user who is not stupid enough to turn off UAC.
Huh. This reminds me one project where I stumbled into a huge SQL injection vulnerability. They we're creating SQL commands inside stored procedure by concatenating strings, without any input validation of course, and happily executed those. SQL Server wasn't directly connected to web but there was only a tiny ASP.NET layer which loaded every possible POST variable to the procedure. And again, no validations of any kinds, of couse. I think ASP.NET has somekind of protection against SQL injections but I, for one, wouldn't count solely on it.
Another good solution would be to add cron job to wipe out all the rules every 30 min or so. You get nice ~25 min to figure out "why the heck I did that" and possibly some time to explain to your boss why that fw isn't yet working. When you've finally got the rules right, remember to remove the cron job or you get more "nice" time to seek out for a new job;)
I wouldn't say it completely solves the problem, but it would go a long way. If everyday things could be installed into some sort of sandbox, then a user could be taught to think twice before giving some process extra privileges. (Which is partly why *nix is somewhat better in practise---you don't generally run stuff as root---but it doesn't go far enough in that respect.)
Well for instance spam bot doesn't have to be run as root. It only needs connection to outside world to recieve orders and send spam. Plenty of malware doesn't need root privileges so basically it doesn't matter are you running your system as root/admin or not (well of course it does but not in this particular case). And I'm talking about desktop systems. Servers are a totally different ball game of course.
Eh. How about I put "rm -rf/" inside a file which I cleverly name fetch_pictures_of_pamela_nude.sh? User expects to see large breasts but ends up with a very screwed OS. Of course it doesn't work unless user runs it as root but same goes for Windows and Vista especially. Just because there aren't a lot of stupid attacks like this targeted on *nix system doesn't mean that it isn't possible.
The problem with Windows is users. I know a heck lot of users who, as you correctly said, install every goddamn Messenger add-ons and screensavers (what an oxymoron, just switch off that stupid monitor). And of course they run everything as admin and that's something which can be blamed on MS. Vista is a step for better but it comes too late and is probably too little. And I don't really see how sandboxin everything solves the problem with trojans.
So every *nix version is a stupid, broken OS where stuff like this is bound to happen? How on earth OS is able to tell which command or executable is a valid one and which should be ignored?
When you have answer for that, patent it and sell it to some major OS vendor. You'll be very, very rich then.
Slashdot Mirror
Ooops. Sorry. I forgot to add the ;) smiley after the message to soften it up. It was meant to be a satiric comment but obviously it failed. I share your opinion about uselessness of such metrics.
Well of course you can't if it puts open source in bad light! This is Slashdot afterall.
I found it hard to continue reading your post after this very speculative line:
"Windows 7" will be an incremental change to Vista with some bug fixesYou've got a crystal ball at your home or is this just another case of "The pot calls the kettle black"?
Yep. I've seen job descriptions where they seek people with 5+ years experience on ASP.NET 2.0. I think they have invented time machine :)
Heh. This goes little off-topic but reminds me of a funny thing. I know a guy who works as a programmer and goes to a gym a lot. He can easily deadlift 250 kg and benchpress 200 kg. You would think those are pretty good numbers and that he is in pretty strong shape, don't you? Then why does he constantly moan about his laptop being too heavy ;)
If sources are, as The Fine Summary says, directly available as a download on the Microsoft web site, and as The Fine Article says, directly available for a direct download on the Microsoft web site, so in fact where do you sign NDA? There is no electronic signing in my country. And if you look at Microsoft Open Specification Promise you will see the following text right at the beginning:
Allthought I don't know what "Microsoft Necessary Claims" means I think it would be very hard for MS to press charges against anyone after that statement.
Is it that when you get married and everything you own(ed) changes under the ownership of your wife? Yes, I've come to know it, twice ;)
What the heck! My computer updates itself every night at 3 am. I haven't seen any IE popups during that time. Is there something wrong with my Vista installation?
Spam bots don't need admin privileges. Just that they get pass the firewall. An evil mIRC/Irssi script would be a great example I think.
Heh. This brings back memories when I coded such a thing for Piccolink 2000 (google for it, I didn't find any sites in English about it) in 2003. It could send multipart SMS to multiple recipient at once. Maybe I should check out if there's any job openings at Apple :)
Well, last time I checked they used pretty ordinary PC components. I'm sure you can build your own computer with (almost) same components and even spray paint a picture of an apple to the chassis :)
"Oh, it was a problem with www server crashing afterall, nothing to do with Windows/IE. They already fixed that. Oh, you already bought overpriced Apple computer? Well, sorry dude." ;)
I don't fricking lack any belief in any god. Lack of something means that there was or there should be something but for some reason it is now missing. So if there was nothing to begin with how can there be any lack of it?
That's a good point. I didn't consider that. If there's just a way (some tool or something) to monitor if patches are installed correctly then it should work nicely.
Well, you log in to your computer with domain account and that's it :)
The difference here, if I understand this correctly, is that in Linux, you have to run through every computer and add cron job by hand. In Windows, when you join corporate domain this all is done automatically. So WSUS/group policy saves user's and admin's time.
My mail client and web browser is run on lowest privilege level there is. No MBR mucking. No system file mucking. I run Vista and IE7 with non-admin rights. This security hole doesn't concern me or any other Vista user who is not stupid enough to turn off UAC.
Huh. This reminds me one project where I stumbled into a huge SQL injection vulnerability. They we're creating SQL commands inside stored procedure by concatenating strings, without any input validation of course, and happily executed those. SQL Server wasn't directly connected to web but there was only a tiny ASP.NET layer which loaded every possible POST variable to the procedure. And again, no validations of any kinds, of couse. I think ASP.NET has somekind of protection against SQL injections but I, for one, wouldn't count solely on it.
That really hurts my feelings you know. I'm trying to be hermaphrodite, I really am!
Not a really reliable source if they put Apache ahead of windows. Apache ahead of IIS wouldn't be so much apples and oranges ;)
Another good solution would be to add cron job to wipe out all the rules every 30 min or so. You get nice ~25 min to figure out "why the heck I did that" and possibly some time to explain to your boss why that fw isn't yet working. When you've finally got the rules right, remember to remove the cron job or you get more "nice" time to seek out for a new job ;)
Well for instance spam bot doesn't have to be run as root. It only needs connection to outside world to recieve orders and send spam. Plenty of malware doesn't need root privileges so basically it doesn't matter are you running your system as root/admin or not (well of course it does but not in this particular case). And I'm talking about desktop systems. Servers are a totally different ball game of course.
Eh. How about I put "rm -rf /" inside a file which I cleverly name fetch_pictures_of_pamela_nude.sh? User expects to see large breasts but ends up with a very screwed OS. Of course it doesn't work unless user runs it as root but same goes for Windows and Vista especially. Just because there aren't a lot of stupid attacks like this targeted on *nix system doesn't mean that it isn't possible.
The problem with Windows is users. I know a heck lot of users who, as you correctly said, install every goddamn Messenger add-ons and screensavers (what an oxymoron, just switch off that stupid monitor). And of course they run everything as admin and that's something which can be blamed on MS. Vista is a step for better but it comes too late and is probably too little. And I don't really see how sandboxin everything solves the problem with trojans.
Please run this as root: rm -rf /
So every *nix version is a stupid, broken OS where stuff like this is bound to happen? How on earth OS is able to tell which command or executable is a valid one and which should be ignored?
When you have answer for that, patent it and sell it to some major OS vendor. You'll be very, very rich then.
So the real news is don't trust Kaspersky Lab's antivirus software.
Well there's already a joke about it.
Chuck Norris is currently suing NBC, claiming Law and Order are trademarked names for his left and right legs.