You are much more likely to be exposed if you are running Red Hat/Debian/Whatever than simply running Windows due to the number of additional silent-ware installed that you probably do not know about.
Strike that, reverse it. Linux warned me about every port I opened when I installed. Windows silently opens critical ports and you couldn't close 'em if you wanted to. [Sometimes they flat-out ignore you. Try custom-installing MS Office 2000 and tell it you DON'T want Outlook Express. It'll install anyway. Sendmail's bad too, but if I say no sendmail, I get no sendmail.] MS's solution is to leave all the ports open and add yet another background process to block them again, and we won't even see it 'till next year. Wattaya bet it only blocks the ports that are used for attacks now, and leaves others open for future attacks? Antivirus to block incoming admin-level code that never should have been installable in the first place and can't be stopped at the OS level, firewalls to block ports that shouldn't be open in the first place and can't be closed, mail filters to block the SYSTEM-level VB scripts that never should have been auto-executed in the first place and can't be turned off, and buying ever-faster CPUs and ever-more RAM, so that you can run Windows at the same speed as before while the extra performance you bought is sucked up by band-aids on top of band-aids. And you still end up infested with spyware. Yeesh.
If I installed Windows on my machine, without a Linux box to run blocker, my mean time to infection would be under 30 seconds. By the time I logged in, fired up regedit, and started closing vulnerabilities it would already be too late. See below for explanation.
Another fact that Linux geeks don't get. For every 1 person using linux, there are probably countless others running Windows.
Wow, thanks for that news flash. I had no idea. So THAT'S why there isn't a computer store in the state that carries products for my platform. Who knew? I had an inkling there must be a massive number of Win boxes out there from my firewall logs. See below.
Our Windows users are actually doing better because they're getting one exploit per 49500 users.
Huh? My firewall drops all packets that are known Windows root exploits. According to my logs, I've been averaging one every ten seconds, for the past 8 months solid. During the mass-outbreaks a few months ago, it was even more, about 1 every 2 seconds for a couple of weeks there. But now it's back down to one every 10 seconds or so, so I'll take that as a normal level of Windows infections. That's six per minute, 360 per hour, 36,024 per day, 1,080,720 per month, 12,968,640 per year - UNIQUES. Since my firewall drops 'em without sending an ACK, it'll time out on their end and the virus won't try again from that machine. The logs bear this out.
So 1 in 49,500 my butt. You should see my logs. I rack up several GB per month just of logging rejected Windows-hack attempts at the firewall, and another several GB of logged HTTP requests trying to buffer-overflow MSADC - the script kiddies don't even bother checking for IIS first. This on a test machine that doesn't even have a DNS name. It's insane. And even with the large number of Win boxes out there, 1 in 49,500 is not enough to account for it. The parent's off by at least two orders of magnitude. I'm guessing it's more like one in 495 Windows boxes on the net that are rooted at any given moment, and that's being generous.
Real security is all about knowing this crap
It sure is. Know this: If an exploit can self-replicate onto other machines, it doesn't matter even if only one in a million gets hacked - once one's infected, the infection spreads at an exponential rate. Once one user hits the vulnerability, in a few hours they all have. That's what's wrong with the bugs/user argument. The better measure is how many root exploits come along that can auto-replicate. On Windows, that's all of 'em by design.
my first voucher will go to the person who invented AFV
...instead of any artist whose music you enjoy, demonstrating why this half-baked idea won't work. Not for artists, anyway - I have hundreds upon hundreds of names in my collection, I perfer micropayments to each rather than having to give the whole pot to one of them, shutting the others out of the music biz. If I were in a monopoly position and had a large advertising budget, like say, the RIAA, I'm pretty sure I could use this system to make it almost impossible for competitors to get paid, that's for sure.
You think commercial music's bad now, try compulsory royalties: the record industry gets paid no matter what, and with this scheme, you can only support one competing artist per year. Sounds like an RIAA wet dream to me. Hope you like Justin Timberlake and Britney.
people would tend to elect for their money to go to [favorites] rather than going to all of the people they listen to.
BING BING BING! Do this, and it's entirely possible to make money purely by advertising an 'artist' who never produces any work and may not even exist, and by pure name-recognition gaining the royalties that would be paid to other artists who did produce work that consumers are enjoying. This scheme sounds like a great way to make Milli Vanilli clones rule the music world. It manages to take the blank-media tax idea and make it worse. As an artist, I just see people listening to my tunes, and then giving the voucher to whoever had the fanciest commercial on MTV.
I have a better idea though, as long as we're using government and texes to redistribute wealth to be spent on services, how about this: We all pay in to a pool with our taxes, and then, if we get sick or injured and need to go to the hospital, we can get the service and the hospital expenses can get paid out of the pool. Why don't we do THAT first, then worry about freaking pop-music records?
I haven't seen it yet, but I'm hardly surprised it's being panned. It's like the Star Wars triliogy, first one's a completely new idea and captures something in the collective imagination, second one trots the characters back out for another somewhat weaker go-round, and by the third one - Ewoks.
The Matrix: Drips of indie film that got picked up by Hollywood. Sci-fi plot was fun, despite violation of the laws of thermodynamics, and the FX were completely over-the-top great. Unfortunately, the warning signs were already in place. Neo/Trinity love plot seemed grafted in, so awkwardly that it prompted outright hissing in the theater when I saw it. I could almost picture the meeting where the filmmakers were told to put that in to counter the incidental homoerotic daddy/boy thing between Morpheus and Neo. No one can be told what the Matrix is, they have to be shown (Morph drops trou). Wouldn't want that - so let's kill the David Bowie clone androgyne while we're at it, and re-write the last reel so hetero kissing saves the day at the end. A sign of lameness to come?
Reloaded: Nice car chase. But what else is here? This isn't even a movie, it's like half a movie, padded with interminable MTV dance scenes to make 45 minutes worth of material last 90. I have seen Zion, and it looks a lot like Soul Train. Continuation of improbable Neo/Trinity love plot - they're not each others' types and I'm not buying it - is getting really annoying. But man, that was one hell of a car chase scene.
Revolutions: Is this where the other half of Reloaded went? Is there a whole movie here this time, or is this a single action sequence padded with an episodes of American Bandstand and One Life to Live like its predecessor? Gee I hope Trinity and Neo have a real human baby. Not. Someone tell me how far in to the movie the cool action sequence is, so I can show up late and leave early. Come to think of it, I'll just wait for the video to hit the bargain bin.
I have a feeling, if you have the DVDs of both, you could splice together Reloaded and Revolutions in such a way as to produce the one good action movie they were supposed to be in the first place, minus the get-another-ticket-purchase filler crap. I don't care if I never see that music-video/beer-commercial dance/love scene from Reloaded ever again, that's for sure. I haven't been that bored in a theater since Crouching Tiger.
I don't see what's unreasonable about this. If the system allows copying to a limit of 3 machines [snip] that wouldn't be unreasonable.
You own two machines, one for the living room and one for your bedroom. Of course you want to play your recordings both places, so there's 2 of your three copies. One day your home is burglarized and your machines stolen; you never had a chance to check-out the recordings played thereon. You buy two new machines. You have one playback left, so where would you like to watch all your existing tapes forever more, living room or bedroom? Choose wisely. If that machine breaks or you are robbed again, your entire archive is now useless. As soon as you tie the recordings to a limited set of playback devices, all recordings become temporary and are effectively timed out when those devices wear out, break, are stolen or destroyed.
Saying yes to DRM, even a little bit, is saying good-bye to ever really owning anything. These rules are really designed to circumvent ownership under the first-sale doctrine, and effectively convert your entire collection of video and audio media to rentals without directly saying so, and fair-use be damned. All in the name of stopping piracy. Bear in mind, we've only seen allegations that domestic home-copying is what's hurting the content industries, we've never seen it proven. And they've given this exact same gloom-and-doom sky-is-falling speech, practically word-for-word, about reel-to-reel tape decks, cassette recorders, and VCRs - and were wrong each time.
The real mass-scale piracy that actually costs the *AA real sales is in Asia and Eastern Europe, where the counterfeiters will be completely unaffected by this and every other copy-protection idea, not in American living rooms, where Mom will always be worried that if the VCR-alike breaks or is stolen, she'll never be able to play back the recording of the time she was interviewed on the local news again.
The only people who won't be harmed are the pirates, as it seems rather trivial to mask out the flags in the process of running a criminal copying enterprise anyway. Add a small grey-market cottage industry for enterprising geeks to break the flags for acquaintances so they don't lose their collections when they buy new equipment, or they forgot to check-in their recording and the power went out or something, and so on.
All this, just to avoid producing content people would want to pay for. Reasonable, it's decidedly not.
time to see whether public support or big money business will win
Methinks accurate results relevant to the search performed will always win. The search engine landscape is littered with 'portals' that don't do jack - when I search for, say, 'KDE 3.2 beta KWin C++ API' and get back 'Buy books about C++ at Amazon.com!', 'Microsoft Visual C++ Studio 50% off!' and so on for the entire first page, I'm outta there and will never go back. Point being, when I hit a search engine it's because I'm looking for links to specific information, not someone to 'manage' my 'internet shopping experience'.
I wonder how many hits on Google are from research assistants, paralegals, programmers, etc. compared to how many are looking for an 'internet shopping experience?' Does Yahoo! think everyone's going to Google because they don't have enough paid links and useless portal categories cluttering up the page at Yahoo!?
I have no idea who the target market is for so many of these sites. There must be someone who sits down at the computer, credit card in hand, hoping a window will pop up allowing them to buy something - anything! - on the Internet. I think this someone only exists in the marketing department's imagination, though. I've never met that person.
Kudos to Google for just saying no. Both to intrusive advertising, and to the do-it-all portal concept that ends up donig nothing well.
The Starving Artist is a discussion based game where students are divided in group and shall produce a CD but then they are ripped off
Whee! Hey kids, let's play Starving Artist! It's FUN!
Students are divided into groups, in which each group 'produces' a CD. When finished, they submit their CD to local radio stations hoping it will be played, and try to get them sold in record stores, only to find out that the radio only plays material presented by a members of a certain association, and the shelf-space at the store is contractually obligated to hold only that association's material. The best they can get is the one small indie store on the bad side of town will put some copies in a cardboard box up near the register with 'indie bands' written on it in magic marker. How does this make them feel?
Then the students shop their CD to association-affiliated record labels. After repeated rejections, the students finally learn that if they want their CD heard, they have to accept a contract that pays them, at most, 4.5 cents per $18 CD sold. How does this make them feel?
Students then put up a website and let people download MP3s of their CD for free, with an online store selling 'real' packaged CDs, along with T-Shirts, posters, keychains, and other such merchandise, with all profits going directly to the students. Students calculate how many 4.5-cent CDs they'd have to sell to make the same as the $6 profit from a single CD sale on their own site, even selling at half the association's price. How does THIS make them feel?
Then they learn that the association is rigging consumer devices such that their independent CDs can't play unless they pay fifteen grand to the association for a 'key.' And they can only buy the key if they agree to the 4.5-cent contract and let the association have all the merch sales. Students calculate how much an extra $1.60 per-CD royalty tax eats into their bottom lines, the cost of lost T-Shirt sales, and how many 4.5-cent CDs it would take to pay off the $15,000 for a key. How does this make them feel?
End of lesson discussion: Why are artists starving?
OPTIONAL: If time permits, the teacher may role-play a visiting guest teacher who tries to tell them that they're criminals for daring to want to produce or enjoy music without paying the association. Hilarity ensues.
it would take some effort to craft a statement that explains what they're doing while not confusing or scaring the users
How about this: Would you like us to make those annoying adult popup ads go away? If you say yes, certain Windows messages like the one that says 'The system log is full' every time you reboot that scare you and you don't know what to do about them will go away also. Unless you're on a LAN, in which case you wouldn't be using AOL in the first place, you should say yes here. If you don't know what LAN means, your hard drive is a large beige box on the floor, and/or your computer is either 'NEC' or 'Trinitron' brand, you definitely want to say yes here.
shouldn't the coders/organization behind JavaScript (Netscape) get the credit [for popup/under scripting abiity]
If by 'credit' you mean 'good swift kick in the ass,' then yes. I didn't like it when Netscape added this misfeature, and after all this time, I'm still trying to think of a legitimate reason to pop up a window except as an immediate direct response to user input. And I'm still coming up blank.
The Linux/BSD crowd has already figured out how to read it, and are getting close to being able to write it. Pretty soon people might be able to dual-boot and have full r/w access to their legacy files from a non-Windows OS, without even having to back up all their data and reformat/repartition. That's what's wrong with NTFS. MSSQL to the rescue; those penguin-people and Lindows-guy will never figure out how to read this new filesystem. Well, until they do. But then it'll change again.
Why XML? It's much bigger than the old binary 'chunk' system, so the filesystem will grow huge. Selling hard disks is not the point, MS doesn't make those. The point is, with the criminalization of DVD burners and the 800MB CD limitation, to make it nigh on impossible for Joe User to make a full system backup so that he can migrate to another platform. A second hard disk (hello 'activation') wont do any good if it can only be formatted with the same incompatible new format. The idea is, by bloating the filesystem beyond the practical limits of common consumer storage media, and making it impossible to format a large hard disk in a cross-platform compatible way, only the hardest-core geeks would even think about switching away from Windows.
That's what the much-hated FAT-32 size limitations are about too - if it weren't for corporate users, they probably would have pulled FAT-32 already for this reason, or at least put in an artifical size limitation on reads as well as formats so we couldn't use FAT as a go-between anymore.
Never mind replacing your favorite apps, without a second machine (Windows tax paid again, ka-ching!), if you switch away from Windows how ya gonna get your data back? The only reliable way I can think of would be to network the old Windows box and the target *nix box together, run a black-hat crack script against the Windows box, and then download its contents via HTTP:80. Joe AOL won't be doing that (even if every website he visits probably is), never mind networking and Samba, assuming MS hasn't broken that too.
Weird they'd take Kicker/Run out. Oh well, it was highly redundant, there are only umpteen other ways to get a run-command dialog in KDE. Quick workarounds:
Right-click somewhere on your KDE panel.
From the pop-up, select
Panel Menu/Add/Applet/Application Launcher.
There ya go. Run-command is always available on the panel now. Even better, make a child panel (right-click panel, then Add/Extension/Child_Panel) and add the App Launcher to that, then you can hide it when you don't need it, and it's only one click away when you do. Or remove the windows-ish taskbar (what a space-wasting design) and add a KasBar extension to the panel instead - it's more useful, more configurable, conveys more info, and is far more frugal with screen space. The space you save can hold the app launcher.
On a fast machine (even my P3-500 is fast enough), it's actually quicker and fewer clicks just to hit the 'Shell' icon and get a command line. Faster than Kicker/Run_command, enter command in pop-up dialog, then enter or OK.
Still a silly thing to take out - if it's missing from the Kicker I guess that means right-click on desktop, choose Run_command... from popup won't be there anymore. Silly silly silly. Maybe it's just to avoid scaring n00bs? I wonder if the full-version of 9.2 still has all the old menu options?
In DMCA countries, the CSS-related codecs are deleted from the distro; in other countries they have the complete package. Something to think about when choosing a mirror. By that I mean you wouldn't want to accidentally break the law, of course.
First thing, perspective and disclosure: I installed Mandrake 9.1 in early May I think, it worked so well that June 16 was my 'Windependence Day'[*] when I fdisked my NT4 partition (I never drank the 2K/XP Kool-Aid) and went pure Mandrake. Since then, it's been pretty smooth, does everything I need my home box to do. Things get better each release - in 6 months I've already seen substantial improvement. I'll live with a few glitches here and there, given that they get fixed. And my dual-processor (suck my clit, Darl) P3-500 box practically screams in normal use under 'Drake, and will continue to do so in the future, while Win2K is sluggish at best and XP would be molasses in January (July for those down under) unless I bought a new mobo. And then I'd have to call and get permission. Fsck that.
'Drake does have some UI glitches (kernel's been quite solid though). Same for every other GUI-based OS I've ever used, and neither Windows nor pre-X MacOS can claim the low-level stability. In six months of using 'Drake 9.1, the occasional 'Crash' has meant a simple SIGSEV dialog with no spillover effects, system stays up no harm no foul. Thanks to *nix process model, no memory leakage either. A full system lock-up is unheard of, nigh unimaginable now that I understand how this thing works.
That said, here's my list:
Attempting to play LBreakout full-screen while listening to a CD ends up with me opening a console as root, to kill my login and restart the X server, as that hangs KDE up but good. It's LBreakout's fault - after releasing the sound system, it checks to see if there are any sound processes remaining and assumes it failed if there are, so it just hangs there waiting for the CD to finally play out. Someday I gotta get the source code and fix that; the fact that I can speaks volumes about why OSS rocks. [The bug that I can't use my 'puter 'cause my roommate is on my machine playing Frozen Bubble is not a Mandrake issue.]
The bug that really keeps getting me is Konq's Find function - it seems that upon completing a search, it enables the 'back' button. If the search was the first thing you did, there's no previous page to go back to so it SIGSEV's if you hit 'back.' Looks like a null pointer deref. Hardly a killer; just annoying, given how natural it is to hit the back button. If I SIGSEV, odds are I just did the above. I think this has been fixed in the newer KDE release though?
What else? Noatun rarely ever works, I just use it to test the KDE crash handler. But XMMS, K3B, and KsCD all work fine so I don't miss it, and 'real-world' interfaces suck rocks anyway. If my CD player looks like a seashell I can't find the Play button.
KDev annoys because it says it wants autoconf 2.5, then installing that forces me to uninstall KDev, defeating the purpose. Hope they fixed THAT; I'm having to write C programs in Kate and it's not a happy situation - good thing I learned to program before the 'Hover Help' era or I'd be so lost...
MCC still has a few dialogs that don't seem to do anything (setting the bootsplash and KDM themes, for example).
'Drake is still a terrific beginner distro though, if you just browse and check email you won't hit most of the above, and its firewall is really good so you won't get r00ted while you're learning. OOo and Moz have never done me wrong. KOffice isn't my thing but it seems to work fine for my purposes. I don't do Palm-sync or Organizers so can't speak to those. Unless you're prepared to lay out for a new OSX Mac, I'd recommend it to a n00b over anything else.
[*] Windependence Day: Not counting the first time I kicked MS off my system, circa 1990, thanks to DR-DOS, QEMM, and DesqView. But we all know the rest of that story. Too bad OS/2 had such unrealistic hardware requirements for so long.
It's 106 miles to Chicago; we've got a full tank of gas, half a pack of cigarattes, it's dark, and we're wearing sunglasses.
Never mind that, it's one win to the Series, we've got a full tank of Sosa, half a pack of Dusty Baker, it's October, and we ain't been there since 1945. GO CUBBIES!!!
1) Introduce new protection scheme for popular OS, knowing full well that it can be disabled via well-known features of that OS which have been around for years.
2) Sue OS manufacturer under DMCA for pre-emptively circumventing my protection scheme.
3) Profit!!!
it's kinda like calling the wrong 800 number and the person who answers says "Oh this happens all the time, the number you actually want is...". This is a nice feature!
Problem is, it's also like writing the address wrong when you send your mom a gift for her birthday certified mail, and rather than the post-office quickly return the letter 'addressee unknown,' instead the person who tries to deliver it keeps the letter and says 'Oh, I can't deliver because no one is home right now' and tries to deliver it again day after day. After a while, the post office might learn that when a certain Mr. Verislime answers the door but says he cannot accept the letter for your mom, that really means the address is wrong. If a different person answers the door, though, it happens again until that person becomes known. Repeat until insane.
This is not a feature, it's a malfunction. Given their position, Verislime had to know they were doing it, and such irresponsibility should get their admin rights revoked immediately. If you or I knowingly and purposefully did something at work that Broke Everything, how long before we would get the sack?
If I ever screw up at work so bad I'm gonna get fired, I've gotta try the innovation line though. That's rich. 'Sorry I blew up research areas A-F, I need to do more research to see how mixing large quantities of hydrogen, oxygen, and fire in the open areas is received company-wide before I change anything, I'm just trying to be innovative and you wouldn't want to stifle innovation!'
every time I see an exploit, it's after Microsoft has already issued a patch.
Please tell me you meant to say: Every time I see an exploit, it's in something that MS has already patched, but it's still susceptible to similar attacks? When did the first Outlook-preview exploit go around, IIRC it was a VB exploit circa early '97?
In all seriousness, I have alerts in my email box going back to at least 1999 regarding exploits in Outlook's preview feature. Never mind patches, there have been 3 NT4 service packs since Outlook's VB vulnerabilities were discovered, the entire Win2K release and maintenance, XP, several Office revisions, and Outlook is STILL a vector?
But you asked a question: What do I want them to do?
OK, for starters, I have used Netscape/Mozilla mail since 1995. [On Windows until early this year, BTW.] I have never had an email virus, nor ever patched for one. Through upgrades from Win3.1 to 95 to NT4 to Linux, I've never lost my mail, as it was kept as regular files, easily identifiable... So it can really been done, and the techniques have been known for a LONG time. So:
Step 1: Admit they have a problem.
Next, their patches treat the symptoms, not the problems. Changing:
blindlyExecuteAsSystem(foreignCode);
To:
If (!isKnownAttack(foreignCode)) blindlyExecuteAsSystem(foreignCode);
...and adding to the list of known attacks after they've already done their damage is not a fix. So:
Step 2: Actually FIX IT FOR REAL THIS TIME. They're not stupid in Redmond, what you're seeing is a planned-obsolescence scheme to keep you strung along, buying upgrades in the false hope that it'll really be fixed next release. I am no longer fooled, I'll buy another Windows AFTER I've seen real-world proof that it really is fixed. Seeing NT4 and 2K3 be susceptible to so many of the same exploits tells me they haven't really rewritten much of anything worth shelling out for (pun not intended).
Step 3: If you want me to stay with your product, try being BETTER than the competition. I use the best tools for my purposes in my judgement, and I view every forced upgrade and un-removable 'feature' as an admission that those tools are known to be inferior by their producers - an impression I will remember not just for the admission, but for the response, which is to force the inferior product down my throat rather than making it better. 'Nuff said.
While I'm a bit leery of the lawsuit idea for its potential spillover barrier-to-entry effects, I do wonder if there is something along the lines of truth-in-advertising, misrepresentation, something like that. IANAL either, just seems like they spend a whole lot of money advertising themselves as 'enterprise-ready' and yet, that phrase does have a meaning, and they are nowhere near meeting its requirements as evidenced by the disclaimers in their EULA - so they're conceivably advertising something that isn't really in the box? Maybe there's something there, seems a stretch. I dunno.
pardon my ignorance, does Linux have a similar auto-update feature like in Windows (but with fewer bugs:) ?
No problem, after all no one's born knowing this stuff.:)
It seems most Linux distros have such a feature under various names, but they generally call home (or the nearest mirror site, or wherever you told it to look), and compare the list of updates there against the software installed on your machine. Then it gives you the opportunity to review the relevant updates individually, with explanations about what they fix, on a per-application basis before installing any or all of them as you like. Many distros have a nice GUI app for this.
There are generally no monolothic do-all updates like in Windows-land; you only D/L what you need and if you ever install another package later off CD, you only have to grab the latest update for that one package, the system stays up, no reboots required. Or just install from the web and have the latest to begin with.
I can only speak for Mandrake about bugs, but I've never seen a fatal one on my home box. It doesn't try to think for you much to begin with, it just tells you what your options are and awaits your input, so there's less room for error, more ability to back-out, etc. There have been a couple of instances where it's gotten dependencies wrong, some boolean flag reversed so patch A required that I install patch B, then B required that I NOT install A. This only happened once and it was corrected a few hours later. Aside from that it's been fine.
Hope that helps. Oh, yeah I forgot this is slashdot: RTFM.;)
In the end it will be decided not in the courtrooms, but at kitchen tables across the country. We are heartened by the response we have seen so far.
This is precisely the point. I know a lot of people who are somewhat uneasy about file sharing. Giving it bad publicity was probably their goal from the outset.
I beg to differ. Getting parents and everyone else to make sure they don't have ANY music in the house that didn't come on RIAA-issued media at full retail price, that's been their goal from the outset. The idea isn't to combat piracy - though it's nice PR spin - but rather to criminalize the entire internet-as-distribution-channel concept. Except of course for 'legitimate' artists (theirs) through legitimate online services (their licencees), natch.
People are already swallowing it hook line and sinker too. Witness public acceptance of the royalty-paid blank CD concept, which is predicated on the assumption that there is no competition to the so-called major-labels, and never ever will there be. All music must be theirs after all; even if music copying *is* occurring, there's no room for doubt about who gets paid. Once they manage to get the encryption keys built into the consumer devices, every startup label and DIY-band will have to pay the big bux to get a CD key in order to have their discs be playable in consumer equipment. If they aren't frozen out entirely. Just wait till all the 'legit' D/L sites become 'RIAA Preferred Partners'
Slashdot Double Standard #50: Linux Advocates, Evangalists and Fans are pure noble warriors fighting the holy fight for good. The [sic] can do no wrong.
Nope. Never can they do wrong. Except when a vulnerability is found in a little-used service three versions obsolete, by which a local user with access to the physical machine can execute arbitrary code as himself, but only if it happens to be exactly midnight during a harvest moon in a non-leap year evenly divisible by four. Then it's front page news and the Astroturfers get a thread to post 'see, that's just as bad as when MS lets an email from $DIETY-knows-who automatically reconfigure Word's default templates and turn our machines into SPAM/DDoS zombies without so much as a confirmation dialog!' What part of/. don't you understand?
Microsoft's defenders and supporters are almost always shills, corrupted, evil, immoral devils out to dominate the world.
If you haven't been paying attention, the anti-MS attitude ultimately originates within Redmond. Think about it: MS has openly built its corporate strategy on not only making sure that they are the default position, but ensuring that switching from that default is as difficult and painful as possible. The former is just business, but the latter carries an assumption - from within the company itself - that its products are inferior, do not compete on merit, and consumers will switch away from them in favor of ANYTHING else if they are ever allowed access to an alternitive.
Microsoft says this loud and clear when they do things like kill IE/Mac - it was one of the few MS programs that DID compete on merit, but MacOS was no real threat to NT or even Win98 in any real sense. OSX is way too elegant and rock-solid for Mac support to live. If MS thought Windows was really more stable, more secure, and easier to use than Linux, they'd be tripping over themselves to get me a copy of Office for Linux so that they could bring me 'into the fold' as they say, and move me over to Windows in time. The fact that they don't tells me loud and clear which direction THEY think the migrations would go. Every program you can't uninstall or is surreptitiously placed in a Service Pack says a similar thing with equal clarity: We know damn well you wouldn't use our software if you had a choice; we're so sure of that we went out of our way to avoid giving you the opportunity to choose.
Having used Microsoft products for twenty years (CPM-86/DOS 1.0 until Win2K chased me off), I can't imagine why anyone would cheer Microsoft unless they're either intentionally Astroturfing, or else are young and came in to this movie late. But whatever. I only know for sure what Microsoft, through its actions in the marketplace (such as it is anymore), tells me. For the last two decades, but with increasing intensity and frequency since the mid-1990s, they've been telling me that they think they are inferior and are scared to death that I might switch to something else (Linux in particular as they themselves say publicly) if they don't keep changing file and disk formats and building in expirations to hold my data hostage to sell me a license under duress that will hopefully prevent me from switching for another year or two. They're telling us they suck and they know it. All/. does is listen well, really.
Rather than fining the people (victims?) of poorly written software and OSes, why not have a class-action suit against the corporations that make the worms & viruses possible in the first place?
Wouldn't that be the effect? Seems like the connection between running a certain notoriously insecure monopoly OS and getting a mailbox full of expensive tickets would have a chilling effect on purchases of that OS. At, say, $15 a pop, times 10,000 machines, times infinity (for the number of possible infections), it would make a company think twice about buying no matter how many untrue promises the friendly sales rep made to the PHBs...
Not that I like this fine idea (I don't), but it just occurs to me that this would threaten a certain company a lot. Not that it would ever fly, it makes no sense, if the wheels fly off your car due to a defect and you crash, the company's going to have to eat that, not the driver. But if Da Gubbamint is going to fine the 'driver' in this instance, he/she will have to file a civil suit against the company to recoup... why not just have the companies cut the trial lawyers a welfare check directly, and skip the show trial?
Now, as for the mandatory AV scanner software: Does Linux count as antivirus? Does anyone besides us on/. understand that there are better ways to protect computers than scanning every single fscking packet and message for known viruses (doing nothing to stop brand-new ones)? You know these diddleheads would hit us with notices because we're not running either Norton or McAffee(sp?), so we must be vulnerable...
Slashdot Mirror
You are much more likely to be exposed if you are running Red Hat/Debian/Whatever than simply running Windows due to the number of additional silent-ware installed that you probably do not know about.
Strike that, reverse it. Linux warned me about every port I opened when I installed. Windows silently opens critical ports and you couldn't close 'em if you wanted to. [Sometimes they flat-out ignore you. Try custom-installing MS Office 2000 and tell it you DON'T want Outlook Express. It'll install anyway. Sendmail's bad too, but if I say no sendmail, I get no sendmail.] MS's solution is to leave all the ports open and add yet another background process to block them again, and we won't even see it 'till next year. Wattaya bet it only blocks the ports that are used for attacks now, and leaves others open for future attacks? Antivirus to block incoming admin-level code that never should have been installable in the first place and can't be stopped at the OS level, firewalls to block ports that shouldn't be open in the first place and can't be closed, mail filters to block the SYSTEM-level VB scripts that never should have been auto-executed in the first place and can't be turned off, and buying ever-faster CPUs and ever-more RAM, so that you can run Windows at the same speed as before while the extra performance you bought is sucked up by band-aids on top of band-aids. And you still end up infested with spyware. Yeesh.
If I installed Windows on my machine, without a Linux box to run blocker, my mean time to infection would be under 30 seconds. By the time I logged in, fired up regedit, and started closing vulnerabilities it would already be too late. See below for explanation.
Another fact that Linux geeks don't get. For every 1 person using linux, there are probably countless others running Windows.
Wow, thanks for that news flash. I had no idea. So THAT'S why there isn't a computer store in the state that carries products for my platform. Who knew? I had an inkling there must be a massive number of Win boxes out there from my firewall logs. See below.
Our Windows users are actually doing better because they're getting one exploit per 49500 users.
Huh? My firewall drops all packets that are known Windows root exploits. According to my logs, I've been averaging one every ten seconds, for the past 8 months solid. During the mass-outbreaks a few months ago, it was even more, about 1 every 2 seconds for a couple of weeks there. But now it's back down to one every 10 seconds or so, so I'll take that as a normal level of Windows infections. That's six per minute, 360 per hour, 36,024 per day, 1,080,720 per month, 12,968,640 per year - UNIQUES. Since my firewall drops 'em without sending an ACK, it'll time out on their end and the virus won't try again from that machine. The logs bear this out.
So 1 in 49,500 my butt. You should see my logs. I rack up several GB per month just of logging rejected Windows-hack attempts at the firewall, and another several GB of logged HTTP requests trying to buffer-overflow MSADC - the script kiddies don't even bother checking for IIS first. This on a test machine that doesn't even have a DNS name. It's insane. And even with the large number of Win boxes out there, 1 in 49,500 is not enough to account for it. The parent's off by at least two orders of magnitude. I'm guessing it's more like one in 495 Windows boxes on the net that are rooted at any given moment, and that's being generous.
Real security is all about knowing this crap
It sure is. Know this: If an exploit can self-replicate onto other machines, it doesn't matter even if only one in a million gets hacked - once one's infected, the infection spreads at an exponential rate. Once one user hits the vulnerability, in a few hours they all have. That's what's wrong with the bugs/user argument. The better measure is how many root exploits come along that can auto-replicate. On Windows, that's all of 'em by design.
my first voucher will go to the person who invented AFV
...instead of any artist whose music you enjoy, demonstrating why this half-baked idea won't work. Not for artists, anyway - I have hundreds upon hundreds of names in my collection, I perfer micropayments to each rather than having to give the whole pot to one of them, shutting the others out of the music biz. If I were in a monopoly position and had a large advertising budget, like say, the RIAA, I'm pretty sure I could use this system to make it almost impossible for competitors to get paid, that's for sure.
You think commercial music's bad now, try compulsory royalties: the record industry gets paid no matter what, and with this scheme, you can only support one competing artist per year. Sounds like an RIAA wet dream to me. Hope you like Justin Timberlake and Britney.
people would tend to elect for their money to go to [favorites] rather than going to all of the people they listen to.
BING BING BING! Do this, and it's entirely possible to make money purely by advertising an 'artist' who never produces any work and may not even exist, and by pure name-recognition gaining the royalties that would be paid to other artists who did produce work that consumers are enjoying. This scheme sounds like a great way to make Milli Vanilli clones rule the music world. It manages to take the blank-media tax idea and make it worse. As an artist, I just see people listening to my tunes, and then giving the voucher to whoever had the fanciest commercial on MTV.
I have a better idea though, as long as we're using government and texes to redistribute wealth to be spent on services, how about this: We all pay in to a pool with our taxes, and then, if we get sick or injured and need to go to the hospital, we can get the service and the hospital expenses can get paid out of the pool. Why don't we do THAT first, then worry about freaking pop-music records?
I haven't seen it yet, but I'm hardly surprised it's being panned. It's like the Star Wars triliogy, first one's a completely new idea and captures something in the collective imagination, second one trots the characters back out for another somewhat weaker go-round, and by the third one - Ewoks.
The Matrix: Drips of indie film that got picked up by Hollywood. Sci-fi plot was fun, despite violation of the laws of thermodynamics, and the FX were completely over-the-top great. Unfortunately, the warning signs were already in place. Neo/Trinity love plot seemed grafted in, so awkwardly that it prompted outright hissing in the theater when I saw it. I could almost picture the meeting where the filmmakers were told to put that in to counter the incidental homoerotic daddy/boy thing between Morpheus and Neo. No one can be told what the Matrix is, they have to be shown (Morph drops trou). Wouldn't want that - so let's kill the David Bowie clone androgyne while we're at it, and re-write the last reel so hetero kissing saves the day at the end. A sign of lameness to come?
Reloaded: Nice car chase. But what else is here? This isn't even a movie, it's like half a movie, padded with interminable MTV dance scenes to make 45 minutes worth of material last 90. I have seen Zion, and it looks a lot like Soul Train. Continuation of improbable Neo/Trinity love plot - they're not each others' types and I'm not buying it - is getting really annoying. But man, that was one hell of a car chase scene.
Revolutions: Is this where the other half of Reloaded went? Is there a whole movie here this time, or is this a single action sequence padded with an episodes of American Bandstand and One Life to Live like its predecessor? Gee I hope Trinity and Neo have a real human baby. Not. Someone tell me how far in to the movie the cool action sequence is, so I can show up late and leave early. Come to think of it, I'll just wait for the video to hit the bargain bin.
I have a feeling, if you have the DVDs of both, you could splice together Reloaded and Revolutions in such a way as to produce the one good action movie they were supposed to be in the first place, minus the get-another-ticket-purchase filler crap. I don't care if I never see that music-video/beer-commercial dance/love scene from Reloaded ever again, that's for sure. I haven't been that bored in a theater since Crouching Tiger.
I don't see what's unreasonable about this. If the system allows copying to a limit of 3 machines [snip] that wouldn't be unreasonable.
You own two machines, one for the living room and one for your bedroom. Of course you want to play your recordings both places, so there's 2 of your three copies. One day your home is burglarized and your machines stolen; you never had a chance to check-out the recordings played thereon. You buy two new machines. You have one playback left, so where would you like to watch all your existing tapes forever more, living room or bedroom? Choose wisely. If that machine breaks or you are robbed again, your entire archive is now useless. As soon as you tie the recordings to a limited set of playback devices, all recordings become temporary and are effectively timed out when those devices wear out, break, are stolen or destroyed.
Saying yes to DRM, even a little bit, is saying good-bye to ever really owning anything. These rules are really designed to circumvent ownership under the first-sale doctrine, and effectively convert your entire collection of video and audio media to rentals without directly saying so, and fair-use be damned. All in the name of stopping piracy. Bear in mind, we've only seen allegations that domestic home-copying is what's hurting the content industries, we've never seen it proven. And they've given this exact same gloom-and-doom sky-is-falling speech, practically word-for-word, about reel-to-reel tape decks, cassette recorders, and VCRs - and were wrong each time.
The real mass-scale piracy that actually costs the *AA real sales is in Asia and Eastern Europe, where the counterfeiters will be completely unaffected by this and every other copy-protection idea, not in American living rooms, where Mom will always be worried that if the VCR-alike breaks or is stolen, she'll never be able to play back the recording of the time she was interviewed on the local news again.
The only people who won't be harmed are the pirates, as it seems rather trivial to mask out the flags in the process of running a criminal copying enterprise anyway. Add a small grey-market cottage industry for enterprising geeks to break the flags for acquaintances so they don't lose their collections when they buy new equipment, or they forgot to check-in their recording and the power went out or something, and so on.
All this, just to avoid producing content people would want to pay for. Reasonable, it's decidedly not.
time to see whether public support or big money business will win
Methinks accurate results relevant to the search performed will always win. The search engine landscape is littered with 'portals' that don't do jack - when I search for, say, 'KDE 3.2 beta KWin C++ API' and get back 'Buy books about C++ at Amazon.com!', 'Microsoft Visual C++ Studio 50% off!' and so on for the entire first page, I'm outta there and will never go back. Point being, when I hit a search engine it's because I'm looking for links to specific information, not someone to 'manage' my 'internet shopping experience'.
I wonder how many hits on Google are from research assistants, paralegals, programmers, etc. compared to how many are looking for an 'internet shopping experience?' Does Yahoo! think everyone's going to Google because they don't have enough paid links and useless portal categories cluttering up the page at Yahoo!?
I have no idea who the target market is for so many of these sites. There must be someone who sits down at the computer, credit card in hand, hoping a window will pop up allowing them to buy something - anything! - on the Internet. I think this someone only exists in the marketing department's imagination, though. I've never met that person.
Kudos to Google for just saying no. Both to intrusive advertising, and to the do-it-all portal concept that ends up donig nothing well.
It would be sweeter if it read:
My rocket has killed fewer people...
Three words: Internet Star Raiders.
The Starving Artist is a discussion based game where students are divided in group and shall produce a CD but then they are ripped off
Whee! Hey kids, let's play Starving Artist! It's FUN!
Students are divided into groups, in which each group 'produces' a CD. When finished, they submit their CD to local radio stations hoping it will be played, and try to get them sold in record stores, only to find out that the radio only plays material presented by a members of a certain association, and the shelf-space at the store is contractually obligated to hold only that association's material. The best they can get is the one small indie store on the bad side of town will put some copies in a cardboard box up near the register with 'indie bands' written on it in magic marker. How does this make them feel?
Then the students shop their CD to association-affiliated record labels. After repeated rejections, the students finally learn that if they want their CD heard, they have to accept a contract that pays them, at most, 4.5 cents per $18 CD sold. How does this make them feel?
Students then put up a website and let people download MP3s of their CD for free, with an online store selling 'real' packaged CDs, along with T-Shirts, posters, keychains, and other such merchandise, with all profits going directly to the students. Students calculate how many 4.5-cent CDs they'd have to sell to make the same as the $6 profit from a single CD sale on their own site, even selling at half the association's price. How does THIS make them feel?
Then they learn that the association is rigging consumer devices such that their independent CDs can't play unless they pay fifteen grand to the association for a 'key.' And they can only buy the key if they agree to the 4.5-cent contract and let the association have all the merch sales. Students calculate how much an extra $1.60 per-CD royalty tax eats into their bottom lines, the cost of lost T-Shirt sales, and how many 4.5-cent CDs it would take to pay off the $15,000 for a key. How does this make them feel?
End of lesson discussion: Why are artists starving?
OPTIONAL: If time permits, the teacher may role-play a visiting guest teacher who tries to tell them that they're criminals for daring to want to produce or enjoy music without paying the association. Hilarity ensues.
it would take some effort to craft a statement that explains what they're doing while not confusing or scaring the users
How about this:
Would you like us to make those annoying adult popup ads go away? If you say yes, certain Windows messages like the one that says 'The system log is full' every time you reboot that scare you and you don't know what to do about them will go away also. Unless you're on a LAN, in which case you wouldn't be using AOL in the first place, you should say yes here. If you don't know what LAN means, your hard drive is a large beige box on the floor, and/or your computer is either 'NEC' or 'Trinitron' brand, you definitely want to say yes here.
shouldn't the coders/organization behind JavaScript (Netscape) get the credit [for popup/under scripting abiity]
If by 'credit' you mean 'good swift kick in the ass,' then yes. I didn't like it when Netscape added this misfeature, and after all this time, I'm still trying to think of a legitimate reason to pop up a window except as an immediate direct response to user input. And I'm still coming up blank.
What's wrong with NTFS?
The Linux/BSD crowd has already figured out how to read it, and are getting close to being able to write it. Pretty soon people might be able to dual-boot and have full r/w access to their legacy files from a non-Windows OS, without even having to back up all their data and reformat/repartition. That's what's wrong with NTFS. MSSQL to the rescue; those penguin-people and Lindows-guy will never figure out how to read this new filesystem. Well, until they do. But then it'll change again.
Why XML? It's much bigger than the old binary 'chunk' system, so the filesystem will grow huge. Selling hard disks is not the point, MS doesn't make those. The point is, with the criminalization of DVD burners and the 800MB CD limitation, to make it nigh on impossible for Joe User to make a full system backup so that he can migrate to another platform. A second hard disk (hello 'activation') wont do any good if it can only be formatted with the same incompatible new format. The idea is, by bloating the filesystem beyond the practical limits of common consumer storage media, and making it impossible to format a large hard disk in a cross-platform compatible way, only the hardest-core geeks would even think about switching away from Windows.
That's what the much-hated FAT-32 size limitations are about too - if it weren't for corporate users, they probably would have pulled FAT-32 already for this reason, or at least put in an artifical size limitation on reads as well as formats so we couldn't use FAT as a go-between anymore.
Never mind replacing your favorite apps, without a second machine (Windows tax paid again, ka-ching!), if you switch away from Windows how ya gonna get your data back? The only reliable way I can think of would be to network the old Windows box and the target *nix box together, run a black-hat crack script against the Windows box, and then download its contents via HTTP:80. Joe AOL won't be doing that (even if every website he visits probably is), never mind networking and Samba, assuming MS hasn't broken that too.
In summary:
void configureNewWindows(int version) {
kernel = NT4_kernel() + superfluousVersionCheck(version);
filesys = NTFS() + superfluousIncompatibilityByte();
filesize = backupMediaMax() + 1;
}
[Yes, I know that MS code should be in Hungarian obfus^D^D^D^D^Dnotation]
Weird they'd take Kicker/Run out. Oh well, it was highly redundant, there are only umpteen other ways to get a run-command dialog in KDE. Quick workarounds:
Right-click somewhere on your KDE panel.
From the pop-up, select Panel Menu/Add/Applet/Application Launcher.
There ya go. Run-command is always available on the panel now. Even better, make a child panel (right-click panel, then Add/Extension/Child_Panel) and add the App Launcher to that, then you can hide it when you don't need it, and it's only one click away when you do. Or remove the windows-ish taskbar (what a space-wasting design) and add a KasBar extension to the panel instead - it's more useful, more configurable, conveys more info, and is far more frugal with screen space. The space you save can hold the app launcher.
On a fast machine (even my P3-500 is fast enough), it's actually quicker and fewer clicks just to hit the 'Shell' icon and get a command line. Faster than Kicker/Run_command, enter command in pop-up dialog, then enter or OK.
Still a silly thing to take out - if it's missing from the Kicker I guess that means right-click on desktop, choose Run_command... from popup won't be there anymore. Silly silly silly. Maybe it's just to avoid scaring n00bs? I wonder if the full-version of 9.2 still has all the old menu options?
In DMCA countries, the CSS-related codecs are deleted from the distro; in other countries they have the complete package. Something to think about when choosing a mirror. By that I mean you wouldn't want to accidentally break the law, of course.
First thing, perspective and disclosure: I installed Mandrake 9.1 in early May I think, it worked so well that June 16 was my 'Windependence Day'[*] when I fdisked my NT4 partition (I never drank the 2K/XP Kool-Aid) and went pure Mandrake. Since then, it's been pretty smooth, does everything I need my home box to do. Things get better each release - in 6 months I've already seen substantial improvement. I'll live with a few glitches here and there, given that they get fixed. And my dual-processor (suck my clit, Darl) P3-500 box practically screams in normal use under 'Drake, and will continue to do so in the future, while Win2K is sluggish at best and XP would be molasses in January (July for those down under) unless I bought a new mobo. And then I'd have to call and get permission. Fsck that.
'Drake does have some UI glitches (kernel's been quite solid though). Same for every other GUI-based OS I've ever used, and neither Windows nor pre-X MacOS can claim the low-level stability. In six months of using 'Drake 9.1, the occasional 'Crash' has meant a simple SIGSEV dialog with no spillover effects, system stays up no harm no foul. Thanks to *nix process model, no memory leakage either. A full system lock-up is unheard of, nigh unimaginable now that I understand how this thing works.
That said, here's my list:
Attempting to play LBreakout full-screen while listening to a CD ends up with me opening a console as root, to kill my login and restart the X server, as that hangs KDE up but good. It's LBreakout's fault - after releasing the sound system, it checks to see if there are any sound processes remaining and assumes it failed if there are, so it just hangs there waiting for the CD to finally play out. Someday I gotta get the source code and fix that; the fact that I can speaks volumes about why OSS rocks. [The bug that I can't use my 'puter 'cause my roommate is on my machine playing Frozen Bubble is not a Mandrake issue.]
The bug that really keeps getting me is Konq's Find function - it seems that upon completing a search, it enables the 'back' button. If the search was the first thing you did, there's no previous page to go back to so it SIGSEV's if you hit 'back.' Looks like a null pointer deref. Hardly a killer; just annoying, given how natural it is to hit the back button. If I SIGSEV, odds are I just did the above. I think this has been fixed in the newer KDE release though?
What else? Noatun rarely ever works, I just use it to test the KDE crash handler. But XMMS, K3B, and KsCD all work fine so I don't miss it, and 'real-world' interfaces suck rocks anyway. If my CD player looks like a seashell I can't find the Play button.
KDev annoys because it says it wants autoconf 2.5, then installing that forces me to uninstall KDev, defeating the purpose. Hope they fixed THAT; I'm having to write C programs in Kate and it's not a happy situation - good thing I learned to program before the 'Hover Help' era or I'd be so lost...
MCC still has a few dialogs that don't seem to do anything (setting the bootsplash and KDM themes, for example).
'Drake is still a terrific beginner distro though, if you just browse and check email you won't hit most of the above, and its firewall is really good so you won't get r00ted while you're learning. OOo and Moz have never done me wrong. KOffice isn't my thing but it seems to work fine for my purposes. I don't do Palm-sync or Organizers so can't speak to those. Unless you're prepared to lay out for a new OSX Mac, I'd recommend it to a n00b over anything else.
[*] Windependence Day: Not counting the first time I kicked MS off my system, circa 1990, thanks to DR-DOS, QEMM, and DesqView. But we all know the rest of that story. Too bad OS/2 had such unrealistic hardware requirements for so long.
It's 106 miles to Chicago; we've got a full tank of gas, half a pack of cigarattes, it's dark, and we're wearing sunglasses.
Never mind that, it's one win to the Series, we've got a full tank of Sosa, half a pack of Dusty Baker, it's October, and we ain't been there since 1945. GO CUBBIES!!!
Dude, that's it!
1) Introduce new protection scheme for popular OS, knowing full well that it can be disabled via well-known features of that OS which have been around for years.
2) Sue OS manufacturer under DMCA for pre-emptively circumventing my protection scheme.
3) Profit!!!
it's kinda like calling the wrong 800 number and the person who answers says "Oh this happens all the time, the number you actually want is...". This is a nice feature!
Problem is, it's also like writing the address wrong when you send your mom a gift for her birthday certified mail, and rather than the post-office quickly return the letter 'addressee unknown,' instead the person who tries to deliver it keeps the letter and says 'Oh, I can't deliver because no one is home right now' and tries to deliver it again day after day. After a while, the post office might learn that when a certain Mr. Verislime answers the door but says he cannot accept the letter for your mom, that really means the address is wrong. If a different person answers the door, though, it happens again until that person becomes known. Repeat until insane.
This is not a feature, it's a malfunction. Given their position, Verislime had to know they were doing it, and such irresponsibility should get their admin rights revoked immediately. If you or I knowingly and purposefully did something at work that Broke Everything, how long before we would get the sack?
If I ever screw up at work so bad I'm gonna get fired, I've gotta try the innovation line though. That's rich. 'Sorry I blew up research areas A-F, I need to do more research to see how mixing large quantities of hydrogen, oxygen, and fire in the open areas is received company-wide before I change anything, I'm just trying to be innovative and you wouldn't want to stifle innovation!'
Right at the end of the article you will notice that the users will have an option to turn off the DRM...
...in the form of a Big Red Switch marked 'Power.'
every time I see an exploit, it's after Microsoft has already issued a patch.
Please tell me you meant to say: Every time I see an exploit, it's in something that MS has already patched, but it's still susceptible to similar attacks? When did the first Outlook-preview exploit go around, IIRC it was a VB exploit circa early '97?
In all seriousness, I have alerts in my email box going back to at least 1999 regarding exploits in Outlook's preview feature. Never mind patches, there have been 3 NT4 service packs since Outlook's VB vulnerabilities were discovered, the entire Win2K release and maintenance, XP, several Office revisions, and Outlook is STILL a vector?
But you asked a question: What do I want them to do?
OK, for starters, I have used Netscape/Mozilla mail since 1995. [On Windows until early this year, BTW.] I have never had an email virus, nor ever patched for one. Through upgrades from Win3.1 to 95 to NT4 to Linux, I've never lost my mail, as it was kept as regular files, easily identifiable... So it can really been done, and the techniques have been known for a LONG time. So:
Step 1: Admit they have a problem.
Next, their patches treat the symptoms, not the problems. Changing:
blindlyExecuteAsSystem(foreignCode);
To:
If (!isKnownAttack(foreignCode)) blindlyExecuteAsSystem(foreignCode);
...and adding to the list of known attacks after they've already done their damage is not a fix. So:
Step 2: Actually FIX IT FOR REAL THIS TIME. They're not stupid in Redmond, what you're seeing is a planned-obsolescence scheme to keep you strung along, buying upgrades in the false hope that it'll really be fixed next release. I am no longer fooled, I'll buy another Windows AFTER I've seen real-world proof that it really is fixed. Seeing NT4 and 2K3 be susceptible to so many of the same exploits tells me they haven't really rewritten much of anything worth shelling out for (pun not intended).
Step 3: If you want me to stay with your product, try being BETTER than the competition. I use the best tools for my purposes in my judgement, and I view every forced upgrade and un-removable 'feature' as an admission that those tools are known to be inferior by their producers - an impression I will remember not just for the admission, but for the response, which is to force the inferior product down my throat rather than making it better. 'Nuff said.
While I'm a bit leery of the lawsuit idea for its potential spillover barrier-to-entry effects, I do wonder if there is something along the lines of truth-in-advertising, misrepresentation, something like that. IANAL either, just seems like they spend a whole lot of money advertising themselves as 'enterprise-ready' and yet, that phrase does have a meaning, and they are nowhere near meeting its requirements as evidenced by the disclaimers in their EULA - so they're conceivably advertising something that isn't really in the box? Maybe there's something there, seems a stretch. I dunno.
pardon my ignorance, does Linux have a similar auto-update feature like in Windows (but with fewer bugs :) ?
No problem, after all no one's born knowing this stuff. :)
It seems most Linux distros have such a feature under various names, but they generally call home (or the nearest mirror site, or wherever you told it to look), and compare the list of updates there against the software installed on your machine. Then it gives you the opportunity to review the relevant updates individually, with explanations about what they fix, on a per-application basis before installing any or all of them as you like. Many distros have a nice GUI app for this.
There are generally no monolothic do-all updates like in Windows-land; you only D/L what you need and if you ever install another package later off CD, you only have to grab the latest update for that one package, the system stays up, no reboots required. Or just install from the web and have the latest to begin with.
I can only speak for Mandrake about bugs, but I've never seen a fatal one on my home box. It doesn't try to think for you much to begin with, it just tells you what your options are and awaits your input, so there's less room for error, more ability to back-out, etc. There have been a couple of instances where it's gotten dependencies wrong, some boolean flag reversed so patch A required that I install patch B, then B required that I NOT install A. This only happened once and it was corrected a few hours later. Aside from that it's been fine.
Hope that helps. Oh, yeah I forgot this is slashdot: RTFM. ;)
In the end it will be decided not in the courtrooms, but at kitchen tables across the country. We are heartened by the response we have seen so far.
This is precisely the point. I know a lot of people who are somewhat uneasy about file sharing. Giving it bad publicity was probably their goal from the outset.
I beg to differ. Getting parents and everyone else to make sure they don't have ANY music in the house that didn't come on RIAA-issued media at full retail price, that's been their goal from the outset. The idea isn't to combat piracy - though it's nice PR spin - but rather to criminalize the entire internet-as-distribution-channel concept. Except of course for 'legitimate' artists (theirs) through legitimate online services (their licencees), natch.
People are already swallowing it hook line and sinker too. Witness public acceptance of the royalty-paid blank CD concept, which is predicated on the assumption that there is no competition to the so-called major-labels, and never ever will there be. All music must be theirs after all; even if music copying *is* occurring, there's no room for doubt about who gets paid. Once they manage to get the encryption keys built into the consumer devices, every startup label and DIY-band will have to pay the big bux to get a CD key in order to have their discs be playable in consumer equipment. If they aren't frozen out entirely. Just wait till all the 'legit' D/L sites become 'RIAA Preferred Partners'
Slashdot Double Standard #50: Linux Advocates, Evangalists and Fans are pure noble warriors fighting the holy fight for good. The [sic] can do no wrong.
Nope. Never can they do wrong. Except when a vulnerability is found in a little-used service three versions obsolete, by which a local user with access to the physical machine can execute arbitrary code as himself, but only if it happens to be exactly midnight during a harvest moon in a non-leap year evenly divisible by four. Then it's front page news and the Astroturfers get a thread to post 'see, that's just as bad as when MS lets an email from $DIETY-knows-who automatically reconfigure Word's default templates and turn our machines into SPAM/DDoS zombies without so much as a confirmation dialog!' What part of /. don't you understand?
Microsoft's defenders and supporters are almost always shills, corrupted, evil, immoral devils out to dominate the world.
If you haven't been paying attention, the anti-MS attitude ultimately originates within Redmond. Think about it: MS has openly built its corporate strategy on not only making sure that they are the default position, but ensuring that switching from that default is as difficult and painful as possible. The former is just business, but the latter carries an assumption - from within the company itself - that its products are inferior, do not compete on merit, and consumers will switch away from them in favor of ANYTHING else if they are ever allowed access to an alternitive.
Microsoft says this loud and clear when they do things like kill IE/Mac - it was one of the few MS programs that DID compete on merit, but MacOS was no real threat to NT or even Win98 in any real sense. OSX is way too elegant and rock-solid for Mac support to live. If MS thought Windows was really more stable, more secure, and easier to use than Linux, they'd be tripping over themselves to get me a copy of Office for Linux so that they could bring me 'into the fold' as they say, and move me over to Windows in time. The fact that they don't tells me loud and clear which direction THEY think the migrations would go. Every program you can't uninstall or is surreptitiously placed in a Service Pack says a similar thing with equal clarity: We know damn well you wouldn't use our software if you had a choice; we're so sure of that we went out of our way to avoid giving you the opportunity to choose.
Having used Microsoft products for twenty years (CPM-86/DOS 1.0 until Win2K chased me off), I can't imagine why anyone would cheer Microsoft unless they're either intentionally Astroturfing, or else are young and came in to this movie late. But whatever. I only know for sure what Microsoft, through its actions in the marketplace (such as it is anymore), tells me. For the last two decades, but with increasing intensity and frequency since the mid-1990s, they've been telling me that they think they are inferior and are scared to death that I might switch to something else (Linux in particular as they themselves say publicly) if they don't keep changing file and disk formats and building in expirations to hold my data hostage to sell me a license under duress that will hopefully prevent me from switching for another year or two. They're telling us they suck and they know it. All /. does is listen well, really.
Would you like to download PrecisionTime from the Gator Corporation?
[Yes] [OK] [Sure]
Rather than fining the people (victims?) of poorly written software and OSes, why not have a class-action suit against the corporations that make the worms & viruses possible in the first place?
Wouldn't that be the effect? Seems like the connection between running a certain notoriously insecure monopoly OS and getting a mailbox full of expensive tickets would have a chilling effect on purchases of that OS. At, say, $15 a pop, times 10,000 machines, times infinity (for the number of possible infections), it would make a company think twice about buying no matter how many untrue promises the friendly sales rep made to the PHBs...
Not that I like this fine idea (I don't), but it just occurs to me that this would threaten a certain company a lot. Not that it would ever fly, it makes no sense, if the wheels fly off your car due to a defect and you crash, the company's going to have to eat that, not the driver. But if Da Gubbamint is going to fine the 'driver' in this instance, he/she will have to file a civil suit against the company to recoup... why not just have the companies cut the trial lawyers a welfare check directly, and skip the show trial?
Now, as for the mandatory AV scanner software: Does Linux count as antivirus? Does anyone besides us on /. understand that there are better ways to protect computers than scanning every single fscking packet and message for known viruses (doing nothing to stop brand-new ones)? You know these diddleheads would hit us with notices because we're not running either Norton or McAffee(sp?), so we must be vulnerable...