It is commonly accepted now to use "who" in place of "whom".
By whom is this atrocity commonly accepted? Who in their right minds could have authorized such a thing? I have a compulsion to severely bludgeon those who committed such a heinous atrocity.
It's actually useful knowing the difference because, initially, I was going to write "...to severely bludgeon whomever I find out committed..." In thinking about the function of "whomever", though, I found that it was really the subject of "committed" and not an object of the prepositional phrase "to...bludgeon", and the "I find out" was grammatically incorrect and extraneous.
Is a corporation a who or a whom? How many people funded the article, or did a non human piece of paper do it? When in doubt in English, should you default to a singular or plural, a possessive or non possesive? And when you say "not to be a..." then go ahead and "be a" is it one, or the other?
Please. It's not that difficult.
"Who" is a subject. "Whom" is an object. A subject performs an action with a verb, an object receives the action of a verb. Prepositions take objects. I may have heard the term "subject of a preposition" but, grammatically, the subject of a preposition is an object.
"To whom am I speaking?" "With whom do you speak?" "Jenny and Michael spoke with those who did the crime." "Who is that man on the bench?" "Bill and Bob beat whom?" "Who did Bill and Bob beat?" "Who would you like to invite to the party which is being held in honor of whom?"
The last one pulls two questions out of one sentence and, while logically muddled, is grammatically correct.
Now, how does this relate here? Glad you asked! This is a forum on the internationally accessible internet
So how does this relate to an international forum? Because anyone with any grasp of any language is familiar with the concepts of subjects and objects around verbs. Honestly though I didn't really start to grasp the concept fully in English until after I had studied a foreign language. With that in mind I would expect that any foreigner who has studied English as a second language should find it very easy to pick out where the proper uses of "who" and "whom" are. It has nothing to do with dialect.
Clearly, the article is simply saying that all the OSes are equally insecure.
But the article doesn't mention that Secunia is stocked primarily with vuln information which comes from the open source sector. Vuln information from the proprietary sector is reliant on the proprietary company releasing all of the properly arranged information to make a proper entry in Secunia's database. In the OSS community, every single vuln in every single patch which you got from Windowsupdate would receive a separate entry. It doesn't because MS doesn't collaborate to create these entries. By default the Secunia database is light on actual vulns for MS-Windows. Primarily the vulnerabilities in Secunia's database which are relevent to Windows will focus on third-party software manufacturers.
how many exploitable vulnerabilities have been discovered in their kernel in the last 12 months?
No one needs to exploit the Windows kernel because, typically, the user running the application has sufficient priveleges to accomplish the goal of the attacker. In that sense the Windows kernel just lets them right on in.
This would work just as well under any *NIX system that had vulnerable applications
I don't allow non-root users to execute sendmail. They can't modify my firewall rules or change network settings. Normal users can't add routes or change gateways. Normal users cannot see system configuration files or add network shares with executable code which can modify system data. These are all things that the Linux system has which Windows doesn't.
And I'm going to remind you what my earlier post said: Secunia and other security databases are stocked primarily with vulns from the open source community because Microsoft does not give Secunia the technical details behind every MS security patch. Check your installed update history on any Win2k/ME machine. There should be, by no, no fewer than ten "security patches". Each one of those patches fixes three to five vulns each. Yet not a single one of those security patches is listed in Secunia's database because MS isn't kind enough to provide the world with the details.
Just like not being instantly assured that a project is good solely because it's free/open source.
True, but open source coders will rarely release a bug-ridden beta edition as a full version. The larger the company gets, the more frequently it happens.
There is no guarantee that open source equivalents are superior. It's just a safer bet that way.
Security databases are largely fed with information from people working on open source code. It is much easier to find a logic fault in source code than to notice a bug and reverse engineer its origin in proprietary code. When I mangle entries for security databases the majority are for open source code. By and large the security databases are weighted in such a fashion that makes open source code look less secure.
When I last looked at my Windows Update history on my machine at work, there were no fewer than 10 security patches and, going to the MS website, each one patched several security holes in this/that/the other. None of these will ever be documented in databases like Secunia because MS doesn't release the technical information. Secunia only lists the exploits which users in the field have found and submitted.
So relax, people. The article may be inflammatory and perhaps the head of Secunia should be shoulder-checked for 3 hours straight on the soccer field, but the Linux OS is still outperforming the competition.
Maybe this is a silly question to ask here, but why does wanting to make money, in your mind, stop good software from being made?
At the programmer level the motive of making money will not affect the quality of the software significantly. What you don't consider is that proprietary companies have 15 levels of management and executives who don't give a flying patootle about the code quality. They want a shippable product that works before the next shareholder meeting.
P.S. You say "hardware firewall". Is there any disadvantage to using an $80 linksys firewall/router as opposed to a properly configured linux box with iptables?
I use a hardware router as a prefilter before the cable goes to my Debian firewall. The downside is that the router mangles the sport on outgoing connections so embedded protocols like DCC need a little custom configuration.
From a design standpoint this is just flat-out stupid:
It's designed to check whether an antivirus program is installed, whether that program is running, and whether it's updated with the latest antivirus definitions. When any of the security checks for antivirus, firewall, or critical Windows updates aren't met, Windows Security Center alerts you with system tray pop-up notifications that open the large WSC Control Panel
How long before proper functionality with a core OS component is leveraged against vendors? From a business standpoint it's pretty shrewd. But from the OS design standpoint it's flat out stupid. The OS provides a platform for userspace apps. The OS is not supposed to wrap around userspace apps.
"You don't have MS approved anti-virus checker installed. Please enter a credit card number for the $129.95 fee, the #39.95 yearly maintenance agreement, or we will disable your Windows update key within 2 days."
All those people who b__ch and moan about getting Grandmother to use Linux must really love this one
"One of the best new features of SP2's Internet Explorer is the Add-On Manager, available from the Internet Control Panel's Programs tab. It gives you a way to enable, disable, and configure ActiveX controls, browser help objects, and browser extensions. The primary purpose of this tool is to provide a user interface for controlling things that have already been added to your Internet Explorer installation. When, for example, you have already said yes to an ActiveX program Information Bar query and later decide you don't want that program on your computer, the Add-On Manager is the tool that solves that problem."
Yeah... Grandma's gonna be thrilled to keep track of unsigned ActiveX controls, browser help objects, and browser extensions. I can see this being turned into an "ACCEPT ALL" policy real quick.
This may be slightly different from what everyone else posts about the evaluation, but the first thing that really made an impression on me was the author's direct observation of Microsoft's anti-competitive lock-in strategy:
"For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. On the other hand, Windows Firewall is about to be onboard, and you already paid for it."
Is Microsoft going to start muscling out the other security vendors like it did Netscape?
Looks like another useless law which people will laugh at and shrug
It's not useless. It costs money. If it doesn't do what it say it does then, since it still costs money, you have to look at what it does do.
In this case I think it opens up a few more cushy overpaid upper management positions with arbitrary accountability for politicians to shoe their progeny into.
they are incapable of seeing logic, reason or even the facts
Ummmm, yeah, that's it. Or maybe we'd like to make sure that our tax money goes for what they say it does because most of us don't happen to be able to afford the Big Brother squeezing anymore.
When spam is annihilated, or when they actually start itemizing the costs of these things, then I'll side with your logic. Until then, it's a sham.
I have no idea why anyone would go with an Mandrake, or RedHat, or anything not based on Debian's package management.
I recently installed Xchat 2.0.10 on a Mandrake 9. At first./configure, Xchat 2.0.10 notified me that it needs gtk+ >= 2.0.3. So I went to the Mandrake 9 CD to see which gtk+ was on the system. It was labeled 2.0.0. I pulled gtk+ 2.0.4 from gtk.org and installed it. When I ran the./configure for Xchat it promptly told me that, while pkg-config reported gtk+ 2.0.4, libs for gtk+ 2.0.6 were found. As I scanned through/usr/lib, sure enough, there were gtk+ 2.0.6 libs lying around.
Now I don't know, maybe the user that I was helping b0rked their installation, but if gtk+ 2.0.6 really was fully installed then Xchat's./configure should have found it the first time around. The fact that Xchat didn't find the 2.0.6 libraries until after 2.0.4 had been fully installed tells me that some other.rpm had included them for necessity. Now what kind of monkeyed up junk is that?
I don't think it's about a philosophical high-ground. I have not seen that the.rpm binary package system is adequately organized in an easily accessible, standardized database which makes it easy for users to install packages.
I'll stick with Debian, I'll run Sid, and if I want to install something from source I'll freeze the package. Simple bim-bam-boom-done. I'm no fanboy but, imho, the.rpm system, as it exists in entirety on the 'net, needs LOTS of refinement before it can catch up with the.deb package system.
You know, for the everyday user that doesn't want to get involved with the politics of the software industry and uses their computer to play a few games now and then and who has a comfortable salary and not too many bills and no interest in using computers as a general hobby...
I tried a number of these alternative shells to customize my Windows (back when I used Windows) and, to be quite frank, system stability went straight out the window.
Have you ever actually *run* OS X? Have you used it?
I have, extensively. It's nice. It's not what I prefer.
The senior member of our lab is a former Mac user. He constantly goes on and on about how easy it was to work with a Mac. He said once,"It was so easy working with a Mac. You didn't have to know anything. It just worked." I think he caught the look in my eye when he said that (yeah buddy, and it shows).
Anyways, this guy wouldn't know a command line from a blender. Supposedly he's proficient with a GUI. I've watched him click blindly around a screen when an application won't do what he wants it to. He won't wait for the popup which tells him the function of the icon he's about to click, he won't read the options in the menus, he'll just start clicking around like he's trying to escape from a paper bag. I can just hear his brain saying,"Maybe this will work? Nope. Maybe this will work? Nope. Maybe this will work? Nope. Maybe this will work? Nope. Maybe this will work?" Finally, if nothing works within one click, he'll close the app and go read through some paperwork for 30 minutes.
Supposedly he has a PhD. Shouldn't that imply a little more problem solving ability than,"PANIC! PUSH EVERY BUTTON UNTIL SOMETHING WORKS!"
If that's what using a GUI does to your brain, I'll stick with with my command line syntax. Thank you very much.
Slashdot Mirror
It is commonly accepted now to use "who" in place of "whom".
By whom is this atrocity commonly accepted? Who in their right minds could have authorized such a thing? I have a compulsion to severely bludgeon those who committed such a heinous atrocity.
It's actually useful knowing the difference because, initially, I was going to write "...to severely bludgeon whomever I find out committed..." In thinking about the function of "whomever", though, I found that it was really the subject of "committed" and not an object of the prepositional phrase "to...bludgeon", and the "I find out" was grammatically incorrect and extraneous.
They know they lie. We know they lie. Those who don't, will find out eventually. I'm waiting for that day :P
As long as the liars continue to profit we'll never see it.
See... I just mangle entries for security databases and I knew this. Kudos to you for actually taking the time out to prove it for the record.
Is a corporation a who or a whom? How many people funded the article, or did a non human piece of paper do it? When in doubt in English, should you default to a singular or plural, a possessive or non possesive? And when you say "not to be a..." then go ahead and "be a" is it one, or the other?
Please. It's not that difficult.
"Who" is a subject. "Whom" is an object. A subject performs an action with a verb, an object receives the action of a verb. Prepositions take objects. I may have heard the term "subject of a preposition" but, grammatically, the subject of a preposition is an object.
"To whom am I speaking?"
"With whom do you speak?"
"Jenny and Michael spoke with those who did the crime."
"Who is that man on the bench?"
"Bill and Bob beat whom?"
"Who did Bill and Bob beat?"
"Who would you like to invite to the party which is being held in honor of whom?"
The last one pulls two questions out of one sentence and, while logically muddled, is grammatically correct.
Now, how does this relate here? Glad you asked! This is a forum on the internationally accessible internet
So how does this relate to an international forum? Because anyone with any grasp of any language is familiar with the concepts of subjects and objects around verbs. Honestly though I didn't really start to grasp the concept fully in English until after I had studied a foreign language. With that in mind I would expect that any foreigner who has studied English as a second language should find it very easy to pick out where the proper uses of "who" and "whom" are. It has nothing to do with dialect.
Clearly, the article is simply saying that all the OSes are equally insecure.
But the article doesn't mention that Secunia is stocked primarily with vuln information which comes from the open source sector. Vuln information from the proprietary sector is reliant on the proprietary company releasing all of the properly arranged information to make a proper entry in Secunia's database. In the OSS community, every single vuln in every single patch which you got from Windowsupdate would receive a separate entry. It doesn't because MS doesn't collaborate to create these entries. By default the Secunia database is light on actual vulns for MS-Windows. Primarily the vulnerabilities in Secunia's database which are relevent to Windows will focus on third-party software manufacturers.
how many exploitable vulnerabilities have been discovered in their kernel in the last 12 months?
No one needs to exploit the Windows kernel because, typically, the user running the application has sufficient priveleges to accomplish the goal of the attacker. In that sense the Windows kernel just lets them right on in.
This would work just as well under any *NIX system that had vulnerable applications
I don't allow non-root users to execute sendmail. They can't modify my firewall rules or change network settings. Normal users can't add routes or change gateways. Normal users cannot see system configuration files or add network shares with executable code which can modify system data. These are all things that the Linux system has which Windows doesn't.
And I'm going to remind you what my earlier post said: Secunia and other security databases are stocked primarily with vulns from the open source community because Microsoft does not give Secunia the technical details behind every MS security patch. Check your installed update history on any Win2k/ME machine. There should be, by no, no fewer than ten "security patches". Each one of those patches fixes three to five vulns each. Yet not a single one of those security patches is listed in Secunia's database because MS isn't kind enough to provide the world with the details.
Just like not being instantly assured that a project is good solely because it's free/open source.
True, but open source coders will rarely release a bug-ridden beta edition as a full version. The larger the company gets, the more frequently it happens.
There is no guarantee that open source equivalents are superior. It's just a safer bet that way.
Secunia, IMHO, is a respectable security source.
I admonish the following:
Security databases are largely fed with information from people working on open source code. It is much easier to find a logic fault in source code than to notice a bug and reverse engineer its origin in proprietary code. When I mangle entries for security databases the majority are for open source code. By and large the security databases are weighted in such a fashion that makes open source code look less secure.
When I last looked at my Windows Update history on my machine at work, there were no fewer than 10 security patches and, going to the MS website, each one patched several security holes in this/that/the other. None of these will ever be documented in databases like Secunia because MS doesn't release the technical information. Secunia only lists the exploits which users in the field have found and submitted.
So relax, people. The article may be inflammatory and perhaps the head of Secunia should be shoulder-checked for 3 hours straight on the soccer field, but the Linux OS is still outperforming the competition.
Maybe this is a silly question to ask here, but why does wanting to make money, in your mind, stop good software from being made?
At the programmer level the motive of making money will not affect the quality of the software significantly. What you don't consider is that proprietary companies have 15 levels of management and executives who don't give a flying patootle about the code quality. They want a shippable product that works before the next shareholder meeting.
P.S. You say "hardware firewall". Is there any disadvantage to using an $80 linksys firewall/router as opposed to a properly configured linux box with iptables?
I use a hardware router as a prefilter before the cable goes to my Debian firewall. The downside is that the router mangles the sport on outgoing connections so embedded protocols like DCC need a little custom configuration.
From a design standpoint this is just flat-out stupid:
It's designed to check whether an antivirus program is installed, whether that program is running, and whether it's updated with the latest antivirus definitions. When any of the security checks for antivirus, firewall, or critical Windows updates aren't met, Windows Security Center alerts you with system tray pop-up notifications that open the large WSC Control Panel
How long before proper functionality with a core OS component is leveraged against vendors? From a business standpoint it's pretty shrewd. But from the OS design standpoint it's flat out stupid. The OS provides a platform for userspace apps. The OS is not supposed to wrap around userspace apps.
"You don't have MS approved anti-virus checker installed. Please enter a credit card number for the $129.95 fee, the #39.95 yearly maintenance agreement, or we will disable your Windows update key within 2 days."
All those people who b__ch and moan about getting Grandmother to use Linux must really love this one
"One of the best new features of SP2's Internet Explorer is the Add-On Manager, available from the Internet Control Panel's Programs tab. It gives you a way to enable, disable, and configure ActiveX controls, browser help objects, and browser extensions. The primary purpose of this tool is to provide a user interface for controlling things that have already been added to your Internet Explorer installation. When, for example, you have already said yes to an ActiveX program Information Bar query and later decide you don't want that program on your computer, the Add-On Manager is the tool that solves that problem."
Yeah... Grandma's gonna be thrilled to keep track of unsigned ActiveX controls, browser help objects, and browser extensions. I can see this being turned into an "ACCEPT ALL" policy real quick.
This may be slightly different from what everyone else posts about the evaluation, but the first thing that really made an impression on me was the author's direct observation of Microsoft's anti-competitive lock-in strategy:
"For my money, either ZoneAlarm 4.5 or 5.0 Pro or Symantec's Personal Firewall 2004 would be better bets for protecting road warriors out in the wild. On the other hand, Windows Firewall is about to be onboard, and you already paid for it."
Is Microsoft going to start muscling out the other security vendors like it did Netscape?
Looks like another useless law which people will laugh at and shrug
It's not useless. It costs money. If it doesn't do what it say it does then, since it still costs money, you have to look at what it does do.
In this case I think it opens up a few more cushy overpaid upper management positions with arbitrary accountability for politicians to shoe their progeny into.
they are incapable of seeing logic, reason or even the facts
Ummmm, yeah, that's it. Or maybe we'd like to make sure that our tax money goes for what they say it does because most of us don't happen to be able to afford the Big Brother squeezing anymore.
When spam is annihilated, or when they actually start itemizing the costs of these things, then I'll side with your logic. Until then, it's a sham.
I have no idea why anyone would go with an Mandrake, or RedHat, or anything not based on Debian's package management.
./configure, Xchat 2.0.10 notified me that it needs gtk+ >= 2.0.3. So I went to the Mandrake 9 CD to see which gtk+ was on the system. It was labeled 2.0.0. I pulled gtk+ 2.0.4 from gtk.org and installed it. When I ran the ./configure for Xchat it promptly told me that, while pkg-config reported gtk+ 2.0.4, libs for gtk+ 2.0.6 were found. As I scanned through /usr/lib, sure enough, there were gtk+ 2.0.6 libs lying around.
./configure should have found it the first time around. The fact that Xchat didn't find the 2.0.6 libraries until after 2.0.4 had been fully installed tells me that some other .rpm had included them for necessity. Now what kind of monkeyed up junk is that?
.rpm binary package system is adequately organized in an easily accessible, standardized database which makes it easy for users to install packages.
.rpm system, as it exists in entirety on the 'net, needs LOTS of refinement before it can catch up with the .deb package system.
I recently installed Xchat 2.0.10 on a Mandrake 9. At first
Now I don't know, maybe the user that I was helping b0rked their installation, but if gtk+ 2.0.6 really was fully installed then Xchat's
I don't think it's about a philosophical high-ground. I have not seen that the
I'll stick with Debian, I'll run Sid, and if I want to install something from source I'll freeze the package. Simple bim-bam-boom-done. I'm no fanboy but, imho, the
Recently Samba and parts of KDE could not coexist due to print library dependancies
I won't even bother flaming you but I hope you feel the heat.
Well, it wasn't an accident, but I have this program which continually subjects me to the worst trolls in the world.
Secondly, who knows- Apple has the originals, and might offer, once bandwidth gets cheaper, downloads of the music you've bought, at lossless quality.
Who knows. They might even charge you for them.
I'd say more that MS is a serial bank robber who's been given life on parole. Big frickin' deal. Just don't get caught at the next bank, okay?
You know, for the everyday user that doesn't want to get involved with the politics of the software industry and uses their computer to play a few games now and then and who has a comfortable salary and not too many bills and no interest in using computers as a general hobby...
You're probably right.
I tried a number of these alternative shells to customize my Windows (back when I used Windows) and, to be quite frank, system stability went straight out the window.
Have you ever actually *run* OS X? Have you used it?
I have, extensively. It's nice. It's not what I prefer.
The senior member of our lab is a former Mac user. He constantly goes on and on about how easy it was to work with a Mac. He said once,"It was so easy working with a Mac. You didn't have to know anything. It just worked." I think he caught the look in my eye when he said that (yeah buddy, and it shows).
Anyways, this guy wouldn't know a command line from a blender. Supposedly he's proficient with a GUI. I've watched him click blindly around a screen when an application won't do what he wants it to. He won't wait for the popup which tells him the function of the icon he's about to click, he won't read the options in the menus, he'll just start clicking around like he's trying to escape from a paper bag. I can just hear his brain saying,"Maybe this will work? Nope. Maybe this will work? Nope. Maybe this will work? Nope. Maybe this will work? Nope. Maybe this will work?" Finally, if nothing works within one click, he'll close the app and go read through some paperwork for 30 minutes.
Supposedly he has a PhD. Shouldn't that imply a little more problem solving ability than,"PANIC! PUSH EVERY BUTTON UNTIL SOMETHING WORKS!"
If that's what using a GUI does to your brain, I'll stick with with my command line syntax. Thank you very much.
It sure does if the other >40% is split evenly between 10 other players.
And generally the people haven't gained anything from the independence; most only became poorer
That sounds like some other industrialized nation that I know of.