Slashdot Mirror


User: FireFury03

FireFury03's activity in the archive.

Stories
0
Comments
3,710
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,710

  1. Re:Model for other OSS projects? on Mozilla Foundation Turns 1 · · Score: 1

    As a server supplier, we don't have the resources to train up all of the end users (if we supply a server to a company with 2000 employees, we cannot train those 2000 people). It should be up to the techies at the company in question, but of course they also probably don't have the resources to train everyone and 9 times out of 10 the techies are almost as bad as the end users.

    Explaining things clearly does work on a small number of the users - I for one have always tried to explain things to them. But unfortunately a large proportion of them seem to be of the opinion that they need the computer to do something for them and they don't need to know how it does it or why they need to do something so they don't listen to the explanation.

    I think the problem I have always hit is that a lot of users frankly don't care while they're getting the explanation, they just want the immediate problem fixed.

  2. Re:Model for other OSS projects? [CORRECTION] on Mozilla Foundation Turns 1 · · Score: 2, Informative

    what's wrong with giving their workstation an address like 10.2.3.4 in a 10.0.0.0/8 subnet?

    Oops, sorry, I meant a 10.0.0.0/24 subnet. (404 Could not locate coffee error :)

  3. Re:Model for other OSS projects? on Mozilla Foundation Turns 1 · · Score: 2, Informative

    I'm sorry, but you're attributing too much intelligence to the average user. They will phone up the helpdesk again and again and again. Trust me - the other day we had somene phone up our support line (we support the server, not the workstations) because their workstation kept beeping at them. It turns out they had a folder sat right ontop of their keyboard.

    And that's just the clueless users - it's absolutely amazing the calls we get from people who are supposed to be qualified. We have had network installation engineers (i.e. the people who are paid to set up all the machines on a network) asking what a default gateway is, how do they find it out, why can't they have identical subnets on all the interfaces on a router and "what's wrong with giving their workstation an address like 10.2.3.4 in a 10.0.0.0/8 subnet?". Then they phone back again the next week when they're on another site and ask *exactly* the same questions again. Not to mention the "qualified" MSCE network engineers who wouldn't know a RFC1918 network if it hit them in the face.

    Happilly I am not in any way involved in support anymore.

    web developers sure got lazy in the time since that was my occupation

    Yes, I worry lots about a lot of these computing qualifications - I've spoken to supposidly "qualified" web developers (they've been on course, got certificates and all sorts) who, when you start talking about web design with them will interrupt you to ask what this HTML thing is you keep talking about. Yes, that's right - they've never heard of HTML, they do everything in MicroSoft FrontPants. And what's this validator thing you talk about. When I was working on a web-based project recently I was actually asked why I was "wasting my time" validating my HTML as I write it (yeah, I was pretty shocked by that one).

    From my experience that only computing certificates worth anything are the Cisco ones - I trust people with no paper qualifications at all more than I trust people with MSCEs, etc.

  4. Re:Model for other OSS projects? on Mozilla Foundation Turns 1 · · Score: 1

    the proper response to that is: "no problem, they'll both be on your machine. you can still use (unsafe) IE for the apps that depend on it, but use (safe and better) firefox as your default browser."

    No, you can't do that - that's far too confusing for the average muppet. If you leave IE accessible they'll keep using it for everything and keep complaining that whatever it was that didn't work under IE still doesn't work (the reason you told them to use Firefox in the first place). If you're going to migrate dumb users over to Firefox (in a office environment) then you have to do as much as you can to stop them using IE (unfortunately since IE is built in that's actually a pretty hard thing to do)

  5. Re:On FireFox, speed, and machine specs on Mozilla Foundation Turns 1 · · Score: 1

    Pages that use Java take a hundred years to load in Fox. Period. Maybe there are settings that I've neglected to tweak, but the Java environment seems to start loading at whatever point the page in question calls it, adding Java's start time to the time it would normally take the page to load. IE wins for speed hands down in this case, but if I'm doing something stupid and can fix it easily, I'd love to be corrected here.

    I'd guess that's because IE has it's own (very broken) built in Java VM, whereas Firefox uses an external plugin. Personally I would prefer to wait a little longer for Java to fire up safe in the knowledge that I'm running the official Sun Java VM instead of Microsoft SecurityHole

  6. Re:Significant advantages? on Mozilla Foundation Turns 1 · · Score: 1

    PNG is supported, just not alpha blended PNG. I just design my site as if everyone had alpha blended PNG support - if someone uses IE it just looks a bit crap but it's still usable.

    Although I've long argued that someone should retheme Firefox to look like IE and then write a virus that installs it on everyone's machines :)

  7. Re:Mozilla & Netscape on Mozilla Foundation Turns 1 · · Score: 2

    What's wrong with "Firefox"? Seems like quite a snappy name to me.

    Besides, the names "Mozilla", "Firefox", "Opera", etc. seem somewhat more imaginative than "Internet Explorer"... or infact most of Microsoft's other names (Isn't "Word" a really imaginative name for a wordprocessor? Maybe calling a web browser "Browser" will win more users?)

  8. Re:now all you need on Mozilla Foundation Turns 1 · · Score: 2, Informative

    startup time is slow, much worse than IE + Windows desktop load time (to account for the preloaded parts of IE).

    You're talking about Mozilla, not Firefox - they are two completely different products which use the same rendering engine. Mozilla is rather slow and bulky, Firefox is quite speedy and small. I would certainly estimate Firefox to be as fast, if not faster than IE.

    html editing component (e.g. mail's compose window) has serious issues with long documents; IE's equivalent component is much faster, although not as nice IMHO.

    Again, you're not talking about Firefox here - hell, you're not even talking about the browser.

  9. Re:Significant advantages? on Mozilla Foundation Turns 1 · · Score: 4, Informative

    IE has a truely broken nonstandard rendering engine - writing HTML that works in both IE and complient browsers is hell.

    There are also other things that are just plain missing in the IE rendering engine - it doesn't support alphablended PNGs even though they've been around (and supported in other browsers) for years. Oddly MacIE handles them fine. It also doesn't support some very useful CSS2 properties such as position:fixed. The lack of support is bad in itself, but the fact that MS will not fix it for years is even worse. If I have to support IE then I cannot use any cool new features that the W3C specify, even if the W3C originally specified them over 5 years ago.

    The whole problem with IE having such a large majority of the market is that it holds back developemtn across the whole web - MS won't implement new features because there is little pressure to do so. For them it's just money down the drain since they won't gain any market share from the development. TBH I think that any profit-making organisation with such a large chunk of the market would be in (more or less) the same state of afairs and I would be much happier with a non-profit organisation such as the Mozilla Foundation in the driving seat since they are not worried (so much) about the bottom line.

  10. Re:Model for other OSS projects? on Mozilla Foundation Turns 1 · · Score: 4, Insightful

    I think the appearance of Firefox helped a lot - Mozilla itself is reasonably bulky and slow, but Firefox is as fast as (faster than?) IE. Firefox also does what most end users (especially the non-techy ones) want out of the box - no messing around tweaking it to work how you like. But that is not to say you can't tweak it and those cwho feel competent enough will tweak away, setting up the button bars how they like, theming it, etc.

    Another thing that has undoubtedly helped is the regular IE security holes which have been hitting the mainstream press and probably also MS's apethy at fixing them and adding enhancements - on the odd occasion I'm forced to sit infront of a Windows machine and use IE, I wonder how on earth anyone can put up with the lack of features such as tabbed browsing and I'm stunned by the shear number of popups that even an un-spywared machine gets through IE - no wonder Windows users don't pay any attention to popup errors, they get so much crap popping up anyway.

    Various support departments have now started recommending Firefox - the support guys here now recommend it to our customers, and where we used to get a "no, we have to use IE" response, the customers now more often than not say "oh that's a good idea, I'll try it" and end up very happy.

    Also, a browser is something reasonably high profile that the average user wants - I'm sure a lot of people have a browser open practically all the time. Once someone's tried it at home then chances are they will install it at work too (assuming they don't work in a company who has a restrictive "you must use the most insecure software we can find" policy). All the coworkers will see it and install it on their workstations and home machines.

  11. Re:Wrong priorities here... on Odeon Orders Takedown Of Copycat Site · · Score: 2, Informative

    info@odeonuk.com if anyone wants to tell them how stupid they are.

  12. Re:At what point... on 4 New "Extremely Critical" IE Vulnerabilities · · Score: 3, Funny

    Oh hang on, there's a 'Y' in the day, time for another windows security hole :)

  13. Re:TCO on Gates: Open Source Kills Jobs · · Score: 2, Insightful

    Indeed, there are also a lot of small companies doing Linux development, so spreading the money across these companies instead of driving it all into one huge one would seem to make economic sense.

    I'm sorry Bill - you can't have it both ways. Either Linux is more expensive (good for the government, bad for the customer) or it's cheaper (bad for the government, good for the customer). You can't tell the customer "oh you don't want to buy Linux because it's more expensive" and at the same time tell the governments that "you don't want to support Linux because it's cheaper and you won't get so much tax".

    In any case, money has a habit of getting spent nomatter how much you save, so they will still get their taxes. And infact if you save money on software and spend if on some other sector, you are helping to employ more people in that sector which is good for the economy anyway.

    Open source stuff makes everyone's lives easier - if you're writing an opensource application you don't have to start from scratch, you can build on some other opensource work that already exists. This means that the software is generally more robust (if you're building on something that's 5 years old to start with you're going to have less bugs than if you start for scratch since that part of your project has had 5 years of bugfixing already). It also means that software development is faster - that doesn't mean that you're necessarilly going to take less time to produce something, but if you take the same amount of time it's going to be more feature-rich and better designed.

  14. Re:Scale, not growth. on Gates: Open Source Kills Jobs · · Score: 2, Interesting

    Interestingly, MS makes some very dubious arguements:

    If you don't want to create jobs or intellectual property, then there is a tendency to develop open source. It is not something you do as a day job.

    I think the people at RedHat, Mandrake, Suse, OpenOffice.org, Mozilla Foundation, etc. might take exception that this view.

    [Open source] doesn't guarantee upward compatibility or do that kind of integration [for seamless computing to work]

    And MS software does?!?

    We certainly will have open-source apps that compete with and that run on Windows. But when it comes to a guarantee or having someone who stands behind your software, [open source] is typically not something done in a capital approach.

    Read your EULA recently? MS EULAs explicitly say that they're not responsible for anything going wrong and they are liabel for only up to the cost of the software.. What's different about opensource?

    Windows has opened up opportunities for computers and chips

    Because opensource software obviously doesn't run on these computer things...?

    one area being their loss of tax revenue "when people don't pay for software"

    Ok, fair point, you can't tax people on something that costs no money... You can tax on the services provided though - all those hosting companies that use Linux to run their servers are making the governments money in taxes. But hang on, doesn't MS say that Linux has a much higher TCO anyway? So this isn't even a problem. :)

  15. Re:commercial? on Commercial DVD Software Comes to Linux · · Score: 4, Interesting

    I wonder if it's legal to run DeCSS as a service on a server outside the US - i.e. it cracks the keys to watch the DVD over the internet - it only has to be done once because your DVD player can then cache the keys for the next time you want to watch the DVD.

  16. Re:Am I missing something? on Build Your Own Bluetooth Hearing Aid · · Score: 1

    The audio output from a cellphone is already electrically isolated from the RF circuits. The problem is that _inductively_ isolating it from high frequency RF energy is very hard and I doubt an optoisolator would help. Another possible solution is to use fibre optic cable instead of copper cable to connect the phone and the earpiece together - separating the devices by a metre of fibre optics would probably do the trick.

    Having said all that, I must congratulate this guy on a good idea. With circuits getting smaller and smaller aalong with batteries, maybe it won't be long before all hearing aids come with built-in bluetooth.

  17. Re:Security model on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 1

    I really don't see what the Mozilla team could have done differently - the OS provides a mechanism for finding a program that knows how to handle a given URI (i.e. if I go to rtsp://foo it'll fire up RealPlayer). By it's very nature that mechanism needs to be secure. The only thing they can do is filter the URIs to reject known bad ones before handing it to the OS... except that involves knowing which are bad, which they didn't do until this bug was reported. And after the bug was reported they fixed the problem *immediately*.

    I'm sorry, but if you cannot trust the OS you're running on to do things securely then you're screwed anyway since you would have to replace *ALL* the OS functions with your own. If you don't trust the OS then similarly you can't trust fundamental functions like malloc() - how do you know it's not going to allocate you some memory that has already been allocated to a more privalidged process?

    Working around broken software is one thing, but working around a broken OS isn't possible - it's like putting a very expensive and un-pickable lock on the front door of a ground floor flat when all the windows are missing anyway.

  18. Re:Mars Galileo on GPS on Mars? · · Score: 1, Interesting

    It might interest you to know that after a *LOT* of complaining from the Americans, Europe has given in and changed the design of their propsed GPS system to allow the Americans to jam it if the want. Happilly America never needs to go to war with Europe since they can always get their quota of dead people through friendly fire...

  19. Re:Serendipity! Vindication in under one day! on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 2

    What arrogance.

    Does IE have this bug?
    If not, it's a FIREFOX BUG...aka, it's a serious security flaw the Firefox browser has that other browsers due not.


    As a matter of fact, the shell: bugs have plagued IE - this is a bug with the operating system that needs to be fixed at the source rather than _every single_ internet application needing a workaround.

    I'm sure the typical arrogant "Firefox is impervious" argument will reign on Slashdot though..

    I would never suggest that any software is completely secure - any programmer who believes otherwise is not worth employing. However, there is "less secure" and "more secure" - IE is a very insecure browser built ontop of (into) a very insecure operating system (mainly because MS take so long to fix problems after they've been discovered). Mozilla, FireFox, Opera, etc are reasonably secure browsers. Of course if you run an insecure OS then that compromises the security of everything running on it and there is only a limited amount of work those applications can do to correct for this.

    The only real advantage Firefox has over IE is that it's more _defaultly_ secure.

    Most of the people who get hit by the security problems are the people who do not know anything about security - they're the people who won't be selecting and deselecting options. Those of us who tweak the config ourselves are the reasonably safe ones so the default should be security. Additionally, installing ActiveX is a really stupid thing to do as it is the single biggest security hole in IE and is infact listed on the FireFox feature list as a security improvement by *NOT* running it.

    Windows flaw...pish...if I put something in my browser that was capable of calling "rm -rf /", would you also blame the inventor of the rm program? Or how bout the shell? Maybe the OS? *smirk*

    Windows holds a register of all the programs that can handle various internet protocols. Someone saw fit to add "shell:" to that register - whoever that was is to blame (and it sure as hell wasn't the browser)

  20. Re:In support on Microsoft Responds to IE Criticism · · Score: 2, Informative

    You've obviously never coded anything but the most simplistic website. IE completely ignores the standards which means making a web page that works in both IE and every other browser in the world is difficult. The result is that since IE has a large market share, most web developers write nonstandard pages that works in IE and breaks in every other browser in the world. What makes this even worse is that IE is a single-platform browser essentially turning the web into a windows-only system (and before you get started about IE existing on the Mac you should know that Mac IE and Windows IE are completely different beasts and break in completely different ways).

    As for IE being faster, I have not noticed IE being any faster than FireFox, but if it is it's probably because bits of it run in ring zero, whcih is an enormous security risk (one you will never see any Linux developers taking).

    As far as security is concerned, IMHO FireFox, etc probably have as many security holes in as any other bit of well designed software. The Mozilla team fix security problems ASAP, MS fix security problems shortly after someone made use of them (AFAIK there has never been a zero-day attack whcih simply put means that if MS patched holes as soon as they knew about them we would have no security problems with fully up to date systems).

  21. Re:It's not "in" the browser on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 1

    1. MS had acknowledged the security problem and said they'd fixed it - its not stupid to think that it has infact been fixed and so nothing more needs doing

    2. It was not known about 2 years ago - that bug report is a general discussion about making calls to arbitrary protocol handlers and doesn't refer to any specific threat (such as the shell: problem). It was more of a "maybe this might be a problem in the future, we're not sure" rather than referring to a specific case. Since no specific threat had been identified it isn't clear what could be done about it - at best they could pop up a warning message when executing an external protocol handler, but we know how much attention people pay to popup warnings.

    This is not and never has been an implementation problem with Mozilla and I commend the Mozilla team for working around this problem as soon as they had enough information to do so.

  22. Re:It's not "in" the browser on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 2, Informative

    why does Mozilla "hand off" stuff from the Internet to the operating system? It obviously can't determine that doing so is safe, so it shouldn't do it.

    The OS contains a list of protocols and their handling applications. For example, RealPlayer will register itself and say "When someone clicks a link that calls for the rtsp: protocol then start me up coz I know how to handle it" (if this wasn't allowed then you could say goodbye to being able to just click a realaudio link and fire up the player). Unfortunately, Windows decided to add to the register an application saying "When someone clicks a link that calls for the shell: protocol, I know how to handle that".

    Essentially there is a central register of "these applications can handle these internet protocols". As you know, anything on the internet has to be secure so this is basically a register of secure software. Unfortunately MS decided to put an insecure piece of software on the register and there was no reason for the browser to distrust the contents of the register.

  23. Re:It's not "in" the browser on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 2, Insightful

    If the Mozilla guys knew about this all this time and decided to sit on it just because technically it was a problems with the OS, shame on them.

    It was also "known" that MS had released a patch that claimed to fix this exact security problem with the OS... shame it didn't actually do that.

  24. Re:Serendipity! Vindication in under one day! on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 3, Insightful

    Of course, you're also completely ignoring the amazing PR spin Mozilla is for Open Source. Sure, it has a bugs and holes--but those bugs are publicly filed, honestly reported, and fixed in a VERY timely fashion.

    I really hope that if the mainstream media does stories on this they will make it clear that:
    1. This is not a problem with the browser, it is a problem with the OS
    2. The problem with the OS was alegedly fixed by a previous MS patch... except it wasn't - MS obviously don't test their patches.
    3. Even though it was not Mozilla's own problem they still jumped and fixed it within a day of the report.
    4. Microsoft knew about the latest IE hole 10 months before it was exploited and still did nothing about it.

  25. Re:Bad way on Mozilla/Firefox Bug Allows Arbitrary Program Execution · · Score: 1, Insightful

    IE bad because it is integrated into the OS

    Not entirely accurate - IE is bad because parts of it run in ring zero. This gives it a marginal speed boost but is a major security problem. Anything running in ring zero is essentially allowed to do anything - it's less restricted than being root on a linux system. So if one of the parts running in ring zero gets exploted then the exploit can do absolutely anything (wipe your hard drive, install key loggers, etc).

    In contrast, if you're running FireFox under Linux, it is running as _your_ user. If it gets exploited, it's only your files at stake, it can't go look at the files belonging to all the other users and it can't modify system files since they're owned by root. It also means it can't do nasty things like hooking the keyboard interrupt to sniff your keypresses or install the network sniffer to log your network traffic.

    Moz bad because it calls the OS because it's not integrated

    I'm sorry, but making calls to the OS is absolutely the right thing to do - one of the reasons for having an OS is to provide library functions for common tasks. Otherwise, each piece of software has to implement it's own (lots of work) and they will invariably act in a different way (inconsistency is *BAD*).

    The problem here is that the OS was badly designed in the first place - there is absolutely no reason to implement a "shell:" protocol handler. The other problem is that Microsoft has again shown itself to be incapable of resolving problems - the number of times I have seen an MS patch claim to fix a problem and later find out that it never fixed that at all makes me wonder if they test any of these fixes at all or if they just cobble together some code and release it.

    Perhaps if Moz just imported the windows URI handlers as a datafile, and stripped out known baddies?

    The problem with filtering known exploits is that you have to know about the expolit first - once you know about it the party responsible for the buggy code should fix it instead of every other 3rd party application having to fix it itself. What's worse is that this exploit had been found and Microsoft had told everyone they had fixed it so noone needed to worry anymore.