Yeah... of course! When someone publicly sets out to ruin your reputation and undermine your credibility using a falsified story in an internationally distributed publication, just sit back and relax it'll all go away.
Because people are actually excellent judges of the difference between lies and truth when it's published in an authoritive sounding source with little surrounding story or supporting facts. Everyone knows that.
"Who do you think writes the ATI drivers for Mac OS. It isn't Apple."
Indeed, but Apple do have to put in some effort to test that drivers written by ATI are working on every supported hardware configuration when they ship those drivers to customers in updates. I would also argue that buying several million units would constitute a payment to ATI for development of the drivers. I doubt that ATI would have written those drivers without some kind of extra margin to cover the development of Mac drivers.
From a bit of snooping around on some PPC and Intel macs it seems that most of the drivers installed on a new Mac actually are written by Apple, including the PMU/ACPI, Apple audio/AC97, Ethernet, PATA, SATA, Firewire, USB and Bluetooth drivers. I'm sure intel would be on hand for a bit of help on their chipsets, but the fact remains that Apple bears the burden of distribution, support and testing of all the drivers they ship whether they created them or not.
The problem with that strategy is that it makes OS X entirely unsuitable to 90% of the market, and 100% of the corporate market (unnecessarily tying your company to a single vendor is a breach of fiduciary duty, and thus illegal.)
Yes, like all those IT directors getting arrested and fined for putting all their files into Microsoft Office format.
There are no legitimate technical reasons for Apple not to be selling OS X for other systems. It is entirely corporate strategy, it has nothing to do with things "just working", and everything to do with vendor lock in.
Of course there are legitimate technical reasons for OS X not to work on other hardware.
It takes effort and time on the part of a skilled and experienced developer to create a driver for a given piece of hardware, why would Apple want to pay good money and stretch their developer resources thinner for hardware that they will never ship? I think unneccesarily wasting money is also a "breach of fiduciary duty" as you are so fond of saying.
Have you ever tried running OS X on normal X86 hardware?
Its pathetic hardware support means probably about 1 in 10 PCs could actually run it properly. If you're going to go out and spec a machine that has the right motherboard to get UDMA, the right AC97 chipset for sound, and a supported graphics card, and have the time to spend hacking the drivers to get them to recognise your vendor IDs etc. then yes, you can run a hacked version of OS X on a normal x86 box. But it's not easy, and it's not what I'd call a pleasant experience.
I'd say the only people who are ever going to get OSX86 going well are dyed-in-the-wool card-carrying nerds like myself with some kind of obsessive-compulsive tweaking disorder, so not exactly a threat to Apple's target market.
All that annoying tweaking isn't even part of Apple's strategy to keep normal people off OS X, the friendly hackers who made my install DVD disabled Apple's booby traps, it's because they actually support a very narrow range of hardware. At the moment, if I stick OSX86 on my computer and it doesn't support my SIS ATA controller, and doesn't support my Soundblaster live, I say "damn!" and swap those parts out, because I know there's not a hope in hell that Apple will support my PoS homebrew box.
However, if I'd just forked over the cash for a new copy of OSX86 from a shop and took it home and it didn't work properly, you can bet your ass I'd be on the phone to Apple asking them what kind of game they're playing at, selling me an OS that doesn't work on my Zing Fu motherboard when everything else does.
If I were Apple, and selling more hardware every year following a strategy of tightly binding the OS to the hardware, I wouldn't be falling over myself to change that strategy to one of trying to support everyone else's hardware. Apple's reputation of "just working" has a lot to do with the tight control they can exercise over what goes into their own machines.
They are better off putting in a token effort to restrict the software from running on normal hardware, and leave running OS X on normal hardware to the geeks who are afraid to even mention that they're using it to Apple, for fear of being outed as a "Pirate" or DMCA violator.
"Your answer is way too simplistic and doesn't address the issue at all. It works great if you live in one world (OSS) or the other. This comes from what is appears to be the common belief that ALL software should be OSS. As long as you believe that to be the case, your answer seems appropriate because you have decided to live in only one world."
That's not quite true, not everyone who uses the GPL believes that no-one else should create non-free software. There are certainly a few out there who believe that, I'm sure, but what you're complaining about is not being able to take someone else's code that they licensed to us all with certain caveats and put it under a different license.
That's not something that you are permitted to do under most source licenses, open or otherwise. When someone licenses their code with obligations that are too onerous, you simply don't use that code. You don't have a right to take source-code and incorporate it into your own software unless you are willing to follow the licensing conditions just like any other licensed source code.
Licensing software under the GPL isn't something that happens by accident, the author of the software that you wish to incorporate has stated in a legal fashion that he/she does not want that code to be used in closed-source products. The license is aimed squarely at people like you who would take their code, use it's features to enhance their own product and give nothing back to the community.
There's not much difference between that and commercial code licenses which insist that you only use their product in closed-source products, except that the GPL is about benefitting the community at large rather than the company owners or shareholders.
The GPL isn't about making all software free, it's about keeping free software free, even if it means preventing people from using that code. For developers, all that GPL code that you talk about wanting to use is out there as a huge advertisment about how many resources are available, if only you join the club.
I agree to a certain extent, if your computer can't be an extension of your personality, work methods and experience then you're using the wrong system. Computers are like vehicles, if your computer or vehicle doesn't stir something emotional inside you, then you're missing out on a whole other side to using them, enjoying the experience at an emotional level is an important part of selecting a computer or a car or a stereo for me. But not more important than having the appropriate tool for the job at hand.
"There are plenty of other ways for an infected file to get onto a system besides Outlook, and a scheduled scan can't catch those files until it runs. On demand provides the ultimate protection for uneducated users, which is why ClamWin is adding it in.
From the FAQ:
Q.) Can ClamWin check files automatically as they are accessed
A.) The answer is not yet."
Apparently there's a program called WinPooch which can do realtime scanning with ClamAV. Haven't tried it, it was mentioned in an earlier post, but it sounds like the ClamAV folks should probably update their FAQ.
SSH is already pretty secure. Switching to a different port may add another layer to the security.
SSH is not what I would call a secure protocol, it's entire purpose in life is to allow remote users to have control of the computer. SSH has probably seen more, and worse vulnerabilities than just about any other protocol barring the unencrypted protocols it replaced. Just because it's hard for someone to intercept your traffic in transit doesn't make it secure against buffer overflows and dictionary attacks.
Personally I think that moving SSH from it's original port to an obscure high numbered port could easily be the difference between being rooted or not. That IS creating security through obscurity regardless of how 'secure' SSH appears to be.
If I had mod points and hadn't already commented, I'd mark you +1 insightful too. You've succinctly summed up why both viewpoints are valid, it's like you have four feet so you can be in both sets of shoes at once.:)
It's comments like yours that make this place worthwhile.
Viruses are a subset of Malware, Malware = MALicious softWARE. I would argue that there are an extremely small subset of Viruses which aren't malicious (at any rate they're not what I'm talking about), and an even smaller subset, diminishing to the point of zero, which aren't software.
All malware are not viruses, but all viruses can be considered malware.
Heh, we have yet to encounter even a port scan on our obscure SSH port, let alone any kind of attack, so it's safe to say that script kiddies don't want to spend the time scanning all 65,000 ports on every computer when they can get a similar yield by only harvesting those computers that answer on port 22.
It's also probably safe to assume that if someone has the intelligence to change the port that SSH is listening on that they are also clever enough to keep it up to date and securely configured.:)
Moving your potentially vulnerable services to a different port is effectively putting yourself in the too-hard basket as far as auto-scanning script kiddies are concerned, but doesn't do anything to stop attackers who are targetting you.
Unfortunately the soft pink human underbelly of your network is the most glaring weak point for attackers targetting your systems, and we can't really firewall their voice-boxes and fingers if we expect to keep doing business.
"First of all, neither of those applications is intensive or running all the time. I use a virus scan on executables before running them; I don't leave it doing live monitoring, because that's a waste."
Right, so you don't really check for viruses, because in Windows that malware could be hiding in an MP3, a WAV, a WMV, a DOC or a JPG just to mention a few, viruses don't just hide in executables these days you know.
Since you've indicated you don't run a resident scan and only check executables, I can deduce that you're not really qualified to comment on whether your computer is riddled with malware or not, which pretty much makes any further discussion on the subject more pointless than an upside down bed of nails.
Uh huh, so lets phrase that a different way... you mention that you caught viruses on the machine before they could execute. Unless you manually check all the instructions before they reach the CPU then this indicates pretty clearly you'd be running virus checking software. You also mention the need to use adaware from time to time.
So to get this straight, you run an operating system that has so many security problems that you need to run at least two other programs just to make sure that you aren't infected by anything. At least one of those programs is an intensive application that has to scan every potentially harmful file before it can be used.
Despite having effectively ended up with a less powerful computer with less memory, and still having to very carefully modify your behaviour while using your computer because of the OS vendors poor security practices you're still defending their operating system (and effectively their reputation). Bizarre.
I'm so sick of hearing people tout this crap over and over... the truth is that security by obscurity does work, and you just highlighted that it does in fact work by noting that there are far fewer people attacking PPC than x86, that situation is only going to get better not worse, with Apple moving away from the PPC platform.
Ever since my company made it policy to move SSH away from the standard ports, the number of dictionary attacks and exploits has gone down from upwards of 20 a day across all our machines down to zero (0). Even though any automated scanning tool worth it's salt could easily identify that it's SSH running on an obscure port from the banner.
Security by obscurity is enough to break the default configuration of most automated scanning tools, which in turn is enough to stop most of the people out there attacking servers at random.
The great thing about using security by obscurity is that by effectively foiling most automated scanning tools, we limit our focus to only people who are genuinely trying to hack us, rather than just anyone, and can focus on tracking them down and turning them over to the authorities.
Security by obscurity does work, it doesn't devalue your other forms of security, and should be considered a useful and valid part of the arsenal of security defences that can be deployed to protect things.
Anyone who says otherwise has obviously never worked in a situation where their security knowledge actually made any difference. It's obvious that an SSH server getting blasted 20 times a day by attackers is at least 20 times more likely to be hacked than one that's hit 0 times a day, and security by obscurity can make that difference.
The number of sheep isn't what's important, what is important that New Zealand is the first country in the world to put flock of sheep in charge of the government's I.T. policy.
Yes, I agree watching movies in aaxine on the console is exactly equal to watching them in a GUI, and the drop shadows and live move and resize in Twin is easily a match for anything X can do!
No you can't - I know because I also don't like the Safari way. With every new Firefox release I've to hack the tabbrowser.xml to reenable ctrl+tab for easy tab switching.
You should try the keyconfig extension, last time I checked it didn't include the option to map previous and next tab so you need to add them as code, but thankfully it's pretty simple.
Next Tab... gBrowser.mTabContainer.advanceSelectedTab(1);
This probably won't solve your problem over major version changes, since the extension is likely to refuse to load or be broken, but it will mean you don't have to dive into the app bundle every time you download a minor fix to firefox, and of course you can add as many mappings to change tabs as you like.
Slashdot Mirror
Yeah... of course! When someone publicly sets out to ruin your reputation and undermine your credibility using a falsified story in an internationally distributed publication, just sit back and relax it'll all go away.
Because people are actually excellent judges of the difference between lies and truth when it's published in an authoritive sounding source with little surrounding story or supporting facts. Everyone knows that.
"Who do you think writes the ATI drivers for Mac OS. It isn't Apple."
Indeed, but Apple do have to put in some effort to test that drivers written by ATI are working on every supported hardware configuration when they ship those drivers to customers in updates. I would also argue that buying several million units would constitute a payment to ATI for development of the drivers. I doubt that ATI would have written those drivers without some kind of extra margin to cover the development of Mac drivers.
From a bit of snooping around on some PPC and Intel macs it seems that most of the drivers installed on a new Mac actually are written by Apple, including the PMU/ACPI, Apple audio/AC97, Ethernet, PATA, SATA, Firewire, USB and Bluetooth drivers. I'm sure intel would be on hand for a bit of help on their chipsets, but the fact remains that Apple bears the burden of distribution, support and testing of all the drivers they ship whether they created them or not.
The problem with that strategy is that it makes OS X entirely unsuitable to 90% of the market, and 100% of the corporate market (unnecessarily tying your company to a single vendor is a breach of fiduciary duty, and thus illegal.)
Yes, like all those IT directors getting arrested and fined for putting all their files into Microsoft Office format.
There are no legitimate technical reasons for Apple not to be selling OS X for other systems. It is entirely corporate strategy, it has nothing to do with things "just working", and everything to do with vendor lock in.
Of course there are legitimate technical reasons for OS X not to work on other hardware.
It takes effort and time on the part of a skilled and experienced developer to create a driver for a given piece of hardware, why would Apple want to pay good money and stretch their developer resources thinner for hardware that they will never ship? I think unneccesarily wasting money is also a "breach of fiduciary duty" as you are so fond of saying.
Have you ever tried running OS X on normal X86 hardware?
Its pathetic hardware support means probably about 1 in 10 PCs could actually run it properly. If you're going to go out and spec a machine that has the right motherboard to get UDMA, the right AC97 chipset for sound, and a supported graphics card, and have the time to spend hacking the drivers to get them to recognise your vendor IDs etc. then yes, you can run a hacked version of OS X on a normal x86 box. But it's not easy, and it's not what I'd call a pleasant experience.
I'd say the only people who are ever going to get OSX86 going well are dyed-in-the-wool card-carrying nerds like myself with some kind of obsessive-compulsive tweaking disorder, so not exactly a threat to Apple's target market.
All that annoying tweaking isn't even part of Apple's strategy to keep normal people off OS X, the friendly hackers who made my install DVD disabled Apple's booby traps, it's because they actually support a very narrow range of hardware. At the moment, if I stick OSX86 on my computer and it doesn't support my SIS ATA controller, and doesn't support my Soundblaster live, I say "damn!" and swap those parts out, because I know there's not a hope in hell that Apple will support my PoS homebrew box.
However, if I'd just forked over the cash for a new copy of OSX86 from a shop and took it home and it didn't work properly, you can bet your ass I'd be on the phone to Apple asking them what kind of game they're playing at, selling me an OS that doesn't work on my Zing Fu motherboard when everything else does.
If I were Apple, and selling more hardware every year following a strategy of tightly binding the OS to the hardware, I wouldn't be falling over myself to change that strategy to one of trying to support everyone else's hardware. Apple's reputation of "just working" has a lot to do with the tight control they can exercise over what goes into their own machines.
They are better off putting in a token effort to restrict the software from running on normal hardware, and leave running OS X on normal hardware to the geeks who are afraid to even mention that they're using it to Apple, for fear of being outed as a "Pirate" or DMCA violator.
"Your answer is way too simplistic and doesn't address the issue at all. It works great if you live in one world (OSS) or the other. This comes from what is appears to be the common belief that ALL software should be OSS. As long as you believe that to be the case, your answer seems appropriate because you have decided to live in only one world."
That's not quite true, not everyone who uses the GPL believes that no-one else should create non-free software. There are certainly a few out there who believe that, I'm sure, but what you're complaining about is not being able to take someone else's code that they licensed to us all with certain caveats and put it under a different license.
That's not something that you are permitted to do under most source licenses, open or otherwise. When someone licenses their code with obligations that are too onerous, you simply don't use that code. You don't have a right to take source-code and incorporate it into your own software unless you are willing to follow the licensing conditions just like any other licensed source code.
Licensing software under the GPL isn't something that happens by accident, the author of the software that you wish to incorporate has stated in a legal fashion that he/she does not want that code to be used in closed-source products. The license is aimed squarely at people like you who would take their code, use it's features to enhance their own product and give nothing back to the community.
There's not much difference between that and commercial code licenses which insist that you only use their product in closed-source products, except that the GPL is about benefitting the community at large rather than the company owners or shareholders.
The GPL isn't about making all software free, it's about keeping free software free, even if it means preventing people from using that code. For developers, all that GPL code that you talk about wanting to use is out there as a huge advertisment about how many resources are available, if only you join the club.
You'd make the FSF proud I'm sure.
"teach a man to fish" versus "give a man a fish"
I prefer the adage "Set a man a fire, and he will be warm for a night, set a man on fire and he will be warm for the rest of his life".
I agree to a certain extent, if your computer can't be an extension of your personality, work methods and experience then you're using the wrong system. Computers are like vehicles, if your computer or vehicle doesn't stir something emotional inside you, then you're missing out on a whole other side to using them, enjoying the experience at an emotional level is an important part of selecting a computer or a car or a stereo for me. But not more important than having the appropriate tool for the job at hand.
Pff.
Have a nice time "locked-in" your mom's toilet jacking off over a full page spread of Dick Stallman.
Yeah Dvorak told the truth for once.
"There are plenty of other ways for an infected file to get onto a system besides Outlook, and a scheduled scan can't catch those files until it runs. On demand provides the ultimate protection for uneducated users, which is why ClamWin is adding it in.
From the FAQ:
Q.) Can ClamWin check files automatically as they are accessed
A.) The answer is not yet."
Apparently there's a program called WinPooch which can do realtime scanning with ClamAV. Haven't tried it, it was mentioned in an earlier post, but it sounds like the ClamAV folks should probably update their FAQ.
SSH is already pretty secure. Switching to a different port may add another layer to the security.
SSH is not what I would call a secure protocol, it's entire purpose in life is to allow remote users to have control of the computer. SSH has probably seen more, and worse vulnerabilities than just about any other protocol barring the unencrypted protocols it replaced. Just because it's hard for someone to intercept your traffic in transit doesn't make it secure against buffer overflows and dictionary attacks.
Personally I think that moving SSH from it's original port to an obscure high numbered port could easily be the difference between being rooted or not. That IS creating security through obscurity regardless of how 'secure' SSH appears to be.
If I had mod points and hadn't already commented, I'd mark you +1 insightful too. You've succinctly summed up why both viewpoints are valid, it's like you have four feet so you can be in both sets of shoes at once. :)
It's comments like yours that make this place worthwhile.
Viruses are a subset of Malware, Malware = MALicious softWARE. I would argue that there are an extremely small subset of Viruses which aren't malicious (at any rate they're not what I'm talking about), and an even smaller subset, diminishing to the point of zero, which aren't software.
All malware are not viruses, but all viruses can be considered malware.
I often think security would be so easy if we just didn't have those darn users...
:)
Indeed, and the IT business would run so much more smoothly without those darn customers who keep breaking things too.
Heh, we have yet to encounter even a port scan on our obscure SSH port, let alone any kind of attack, so it's safe to say that script kiddies don't want to spend the time scanning all 65,000 ports on every computer when they can get a similar yield by only harvesting those computers that answer on port 22.
:)
It's also probably safe to assume that if someone has the intelligence to change the port that SSH is listening on that they are also clever enough to keep it up to date and securely configured.
Moving your potentially vulnerable services to a different port is effectively putting yourself in the too-hard basket as far as auto-scanning script kiddies are concerned, but doesn't do anything to stop attackers who are targetting you.
Unfortunately the soft pink human underbelly of your network is the most glaring weak point for attackers targetting your systems, and we can't really firewall their voice-boxes and fingers if we expect to keep doing business.
"First of all, neither of those applications is intensive or running all the time. I use a virus scan on executables before running them; I don't leave it doing live monitoring, because that's a waste."
Right, so you don't really check for viruses, because in Windows that malware could be hiding in an MP3, a WAV, a WMV, a DOC or a JPG just to mention a few, viruses don't just hide in executables these days you know.
Since you've indicated you don't run a resident scan and only check executables, I can deduce that you're not really qualified to comment on whether your computer is riddled with malware or not, which pretty much makes any further discussion on the subject more pointless than an upside down bed of nails.
Uh huh, so lets phrase that a different way... you mention that you caught viruses on the machine before they could execute. Unless you manually check all the instructions before they reach the CPU then this indicates pretty clearly you'd be running virus checking software. You also mention the need to use adaware from time to time.
So to get this straight, you run an operating system that has so many security problems that you need to run at least two other programs just to make sure that you aren't infected by anything. At least one of those programs is an intensive application that has to scan every potentially harmful file before it can be used.
Despite having effectively ended up with a less powerful computer with less memory, and still having to very carefully modify your behaviour while using your computer because of the OS vendors poor security practices you're still defending their operating system (and effectively their reputation). Bizarre.
And people say Apple and Linux fans are zealots.
I'm so sick of hearing people tout this crap over and over... the truth is that security by obscurity does work, and you just highlighted that it does in fact work by noting that there are far fewer people attacking PPC than x86, that situation is only going to get better not worse, with Apple moving away from the PPC platform.
Ever since my company made it policy to move SSH away from the standard ports, the number of dictionary attacks and exploits has gone down from upwards of 20 a day across all our machines down to zero (0). Even though any automated scanning tool worth it's salt could easily identify that it's SSH running on an obscure port from the banner.
Security by obscurity is enough to break the default configuration of most automated scanning tools, which in turn is enough to stop most of the people out there attacking servers at random.
The great thing about using security by obscurity is that by effectively foiling most automated scanning tools, we limit our focus to only people who are genuinely trying to hack us, rather than just anyone, and can focus on tracking them down and turning them over to the authorities.
Security by obscurity does work, it doesn't devalue your other forms of security, and should be considered a useful and valid part of the arsenal of security defences that can be deployed to protect things.
Anyone who says otherwise has obviously never worked in a situation where their security knowledge actually made any difference. It's obvious that an SSH server getting blasted 20 times a day by attackers is at least 20 times more likely to be hacked than one that's hit 0 times a day, and security by obscurity can make that difference.
The number of sheep isn't what's important, what is important that New Zealand is the first country in the world to put flock of sheep in charge of the government's I.T. policy.
Yes, I agree watching movies in aaxine on the console is exactly equal to watching them in a GUI, and the drop shadows and live move and resize in Twin is easily a match for anything X can do!
Down with X!
and the parent has confirmed my prediction - Apple-bashing (or shall we call it smashing?) articles will be modded down by Apple zealots?
How did you reach that conclussion*?
Is everyone who mods down serial trolls these days an Apple zealot?
*see GP
No you can't - I know because I also don't like the Safari way. With every new Firefox release I've to hack the tabbrowser.xml to reenable ctrl+tab for easy tab switching.
You should try the keyconfig extension, last time I checked it didn't include the option to map previous and next tab so you need to add them as code, but thankfully it's pretty simple.
Next Tab...
gBrowser.mTabContainer.advanceSelectedTab(1);
Previous Tab...
gBrowser.mTabContainer.advanceSelectedTab(-1);
This probably won't solve your problem over major version changes, since the extension is likely to refuse to load or be broken, but it will mean you don't have to dive into the app bundle every time you download a minor fix to firefox, and of course you can add as many mappings to change tabs as you like.
The low UI
D suggests otherwise, but are you new here?
"If you were able to run Mac OS X on a regular personal computer, there would be practically no reason to buy Macintosh computers."
Sounds like Apple shouldn't be in the hardware business then.
Why, Because you don't like their business philosophy?
Using the same logic, and my telepathetic powers I determine that you aren't a hot chick, therefore you do not deserve to live.