IIS tries to do a lot of things that you need tons of modules to do with Apache. And the Apache modules open up vulnerabilities.
IIS is really intended as a 'workgroup Information Server' kind of thing, for companies. That's why it's all integrated with Office, etc. An IIS server being used in a department within a company can be configured so that the department secretary can click 'edit' on her IE browser she's presented with a User/Password dialogue, then the page is pulled down and she can edit it with Microsoft Word or Excel, then save it back to the server.
When that kind of functionality is pushed out into the 'real world' of the Internet, instead of the office intranets where it's really best suited, it's not surprising that the holes and vulnerabilities pop up. That kind of functionality is a LOT more expensive and a hassle to implement using Apache.
IT staffers resent it when something is easy and inexpensive to do. That heritage goes way back to the dumb terminals and the power that IT once wielded in most companies.
The history behind PLCs is that when computer automation first came into production enviroments in the Automotive industry, the trade unions blasted it severely, and got a LOT of rules written prohibiting 'computers' taking over worker's jobs.
So the idea of a PLC (Programmable Logic Controller) came into being. Basically it's a computer. But the Union Steward doesn't need to know that.
And because it's a different sort of computer, it obviously doesn't run commodity software like a Microsoft OS. Also they cost one hell of a lot more than commodity 'PC' hardware. There's always someone to benefit with a economic shakedown when there's a Trade Union involved in making the rules.
To begin to explain to you why viruses will never be a big threat on a Unix system
Any machine that is usable has to have user writable storage on it. The most critical data on most 'desktop' computers is user writable. The most critical data on desktop Unix computers is in the user's home directory.
And that data is easily fucked up by a trojan. Any system is suseptable to trojans if it allows users to run binaries.
The fact that the all-hallowed binary application space on Unix boxes is protected really doesn't matter. When the actual user data is fucked up because a trojan of some sort was run and wiped out home directories, shared directories on NFS servers, etc, it doesn't matter that the the binaries can be streamed off a CDROM and reinstalled.
Computers are tools. User data is pretty much the only thing important on them that can't be easily replaced if it's wiped out.
Please stop pretending there isn't the potential for trojans to do significant damage on ANY system that gives the user enough power for the system to actually be useful.
It's really sad how some people consider an IT Staff to be a mandatory requirement. Part of the whole thrust of 'personal computing' and a big part of the popularity of PCs when they first came out is that the goons from the computer room weren't breathing down your neck and f*cking with your productivity. It's not unusual for 'mere users' to view IT staffs as a sort of protection racket. "Better hire a sysadmin or baaaad things will happen."
There's a snide sort of 'told you so' mentality in geek forums. Could it be all the unemployed IT people resent their lack of work?
The fact of the matter is, with a reasonable amount of eduction, and the auto-update features that more than a few people have brought up here, no Windows machine should be vulnerable. Small companies with 5-7 people on staff do NOT need a topheavy bombastic IT duff. The toner cartridge doesn't need changing that often and people can put new paper in the printer on their own.
Solutions? I think "Critical Updates" should be mandatory for all Windows users. If people refuse to update the updated system software, Windows would shut down after a reasons period of time -- say 30 days -- until the user agrees to get the Critical Update.
Well, isn't that an interesting suggestion. We could do that with Linux and other OSes as well.
Users need to connect to the Red Hat Update Website and download updates. The updates will be new binaries. Unless you connect and download said updates, your machine shuts down in two days.
Why do I get the feeling that wouldn't be popular?
Many people have no idea that there is an alternative.
And then the issue is compounded to be even worse. People like the parent phrase it like there's an alternative, and not numerous alternatives. Some of the alternatives are significantly more usable than Linux on the desktop. Yet we find people here posing it like it's an either/or choice.
Actually, it would be more accurate to say 99% of suits amount to nothing,
Then all the nothing cases amount to legal harassment, and they should just be put out of business.
Really, if you're going to claim that 99% of the cases are fruitless, the followup is that the lawyers should just cease to exist and stop being a drain on all of us.
but maybe the world would have been a better place if Microsoft had been knocked down a peg or two by this.
Huh? You're kidding, right? You're saying it might be a good thing if Apple had won established IP rights on critical GUI elements? They would have shut down more than Windows if they'd won the suit. The X Window System would have been next on the list to shut down.
We'd all be living in a happy smile Apple owned GUI environment now. It's scary just to contemplate.
Microsoft did the world a favor by slapping down Apple in the look-n-feel suit. Microsoft does many things that are wrong. Spending the money to establish a legal right for people to adopt similar user interface elements was NOT one of them.
Actually, Art, Fashion, and Music would be out of reach of the youngsters, too. In the kind of world being proposed it's highly unlikely that a Commercial Culture of Youth as now exists would continue to exist. Pop Musick could cease to be the overriding concern. The aesthetic could again become a primary emphasis in art and culture.
Whoops. Sorry, rock-n-rollers.
On the other hand, the oldsters might encourage that kind of infantile culture and strutting around, to keep the young turkeys off to the side and controlled.
Richard Stallman has on more than one occasion denounced people who write manuals for Free Software but then try to sell them for money. He has said that if O'Reilly hadn't come along and written all the animal books, and 'scratched the itch' at $30-60 a pop, that people would have put together freely distributable manuals for much of Unix and the Free Software community.
Granted, the FSF has been selling copies of printed documentation for years (I have a GNU Emacs manual from the mid-80's in my bookcase) but never 'exclusively' and always as a fundraising project, not a primary moneymaking scheme.
The commercialization of software documentation, while a way to 'make money with OSS' is just another way of hoarding knowledge, similar to hoarding software.
Well, GNU substantially did do that. Problem is, like most pot-heads, their ambitions were always getting sapped by bong hits. They couldn't pull it all together and get it running under a kernal anybody would want to run.
Linus came along: someone who it's pretty likely has never smoked grass. He pulled the rug out from under the GNU hippies. The rest is history.
This company doesn't produce software for Microsoft to have stolen. They are a 'pure R&D' outfit. In other words, they patent stuff and wait for somebody to sue or bill licensing fees to.
Also, this is the kind of company that people like R. Stallman bemoan and argue against when the topic of software patents comes up.
But you can continue to believe that anything anti-Microsoft is inherently good. If you wish to live in that simple of a world...
People who distribute the code and follow the provisions of the GPL didn't sign an explicit contract. Either did the people who distribute the code without following the provisions of the GPL.
So where's this enforcable contract that everbody is espousing? We're to believe that people can and will selectively be allowed to enforce an implicit contract binding other people? Sounds a lot like the toothless EULA licenses that everybody hates and ridicules.
However, 'big' isn't always 'better' in a court case. The American public has been conditioned for years to belive that the 'big company' is wrong, and the smaller company deserves their sympathy. That point has been driven into our heads for years and years of popular culture.
In an IBM=Goliath, SCO=David framing of the issue, the GPL guys don't come out ahead if their champion is IBM.
It's really awful, in some ways, seeing so many people cheer on IBM and praise them for their bigness. It's almost like big-company-coercion is okay, and the 800 pound gorilla is alright as long as it's our 800 pound gorilla. That's wrong. It goes against the grain, and it'll bite people who back it in the end.
If the GPL is declared null and void, then all those pieces of GPL'd code revert back to regular copyright. However, this means that the 'commons' that people have contributed to ceases to exist. Instead of a big project called the Linux kernal all under a common license, we've got 35,000 different code fragments, all of which have different copyrights and owners, and all of which can and will be interpreted seperately if people are taken to court for how they use said fragments.
So. Okay, we've established that a contract is necessary to redistribute the software.
Where is this contract? How many people have signed it? And how come I've never, ever, heard anybody testify or even casually mention having signed this contract?
Unless there's a contract, signed in pen and ink somewhere, or at least a formalized agreement that witnesses will testify in court was made.... there isn't a contract. Contracts are not implicit things.
You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works....
Okay. So where does the person who wants to accept the License sign? Until there's a place to sign the contract, there isn't a contract. Without a signed contract, there isn't any way to enforce said contract.
This paradox is more important than most people are willing to accept.
Minux is a pedagogical Operating System intended to be used for educational purposes. There was no intent by the original author for it to be extended and bloated into the kind of project the Linux kernal has become.
The people who 'gave up' on Minix and moved over to work on Linux did so because a project that better met their needs became available. Not because Minix 'failed' in some way.
Let's say you're an author, and a publishing company wants to publish your book. You have the copyrights. They cannot publish it without your permission. So you sell them the right to publish it for an advance of $40,000 and maybe a buck a book for every copy sold after the advance is paid off.
Now, in the case of the GPL, instead of paying with cash or a portion of the profits from distribution, you pay by agreeing to certain terms and taking certain actions.
The big difference in the comparision you made above is that the author and owner of the copyright for the book have made an explicit contract signed in ink with the publisher. The GPL is an implicit contract. Anybody who happens along and acquires a copy of the GPL'd code is supposedly bound by this 'contract.' It's a heck of a lot like an EULA in that regard, and nobody here takes binding EULA's seriously. Why should we take the GPL seriously either?
Any time severe and clear-cut penalties are defined into a law or a contract, that just means that it would be worth billions of dollars to defeat it, if the threat of it going into force became a possibility.
But we're wandered so far off into hypothetical that it's ridicuous. Microsoft doesn't need any of the GPL code out there. They can and do write their own code. They're far too egotistical an outfit to just suck in code from outside and use it. They learned the perils of doing that when they were forced to come up with a replacement for the Stacker code and put out a whole new version of DOS (DOS 6.22) because they'd made the mistake of cloning Stack's kludge (yes, it was a kludge, and I told anybody who used Stacker that it sucked).
Slashdot Mirror
IIS tries to do a lot of things that you need tons of modules to do with Apache. And the Apache modules open up vulnerabilities.
IIS is really intended as a 'workgroup Information Server' kind of thing, for companies. That's why it's all integrated with Office, etc. An IIS server being used in a department within a company can be configured so that the department secretary can click 'edit' on her IE browser she's presented with a User/Password dialogue, then the page is pulled down and she can edit it with Microsoft Word or Excel, then save it back to the server.
When that kind of functionality is pushed out into the 'real world' of the Internet, instead of the office intranets where it's really best suited, it's not surprising that the holes and vulnerabilities pop up. That kind of functionality is a LOT more expensive and a hassle to implement using Apache.
IT staffers resent it when something is easy and inexpensive to do. That heritage goes way back to the dumb terminals and the power that IT once wielded in most companies.
The history behind PLCs is that when computer automation first came into production enviroments in the Automotive industry, the trade unions blasted it severely, and got a LOT of rules written prohibiting 'computers' taking over worker's jobs.
So the idea of a PLC (Programmable Logic Controller) came into being. Basically it's a computer. But the Union Steward doesn't need to know that.
And because it's a different sort of computer, it obviously doesn't run commodity software like a Microsoft OS. Also they cost one hell of a lot more than commodity 'PC' hardware. There's always someone to benefit with a economic shakedown when there's a Trade Union involved in making the rules.
To begin to explain to you why viruses will never be a big threat on a Unix system
Any machine that is usable has to have user writable storage on it. The most critical data on most 'desktop' computers is user writable. The most critical data on desktop Unix computers is in the user's home directory.
And that data is easily fucked up by a trojan. Any system is suseptable to trojans if it allows users to run binaries.
The fact that the all-hallowed binary application space on Unix boxes is protected really doesn't matter. When the actual user data is fucked up because a trojan of some sort was run and wiped out home directories, shared directories on NFS servers, etc, it doesn't matter that the the binaries can be streamed off a CDROM and reinstalled.
Computers are tools. User data is pretty much the only thing important on them that can't be easily replaced if it's wiped out.
Please stop pretending there isn't the potential for trojans to do significant damage on ANY system that gives the user enough power for the system to actually be useful.
It's really sad how some people consider an IT Staff to be a mandatory requirement. Part of the whole thrust of 'personal computing' and a big part of the popularity of PCs when they first came out is that the goons from the computer room weren't breathing down your neck and f*cking with your productivity. It's not unusual for 'mere users' to view IT staffs as a sort of protection racket. "Better hire a sysadmin or baaaad things will happen."
There's a snide sort of 'told you so' mentality in geek forums. Could it be all the unemployed IT people resent their lack of work?
The fact of the matter is, with a reasonable amount of eduction, and the auto-update features that more than a few people have brought up here, no Windows machine should be vulnerable. Small companies with 5-7 people on staff do NOT need a topheavy bombastic IT duff. The toner cartridge doesn't need changing that often and people can put new paper in the printer on their own.
Solutions? I think "Critical Updates" should be mandatory for all Windows users. If people refuse to update the updated system software, Windows would shut down after a reasons period of time -- say 30 days -- until the user agrees to get the Critical Update.
Well, isn't that an interesting suggestion. We could do that with Linux and other OSes as well.
Users need to connect to the Red Hat Update Website and download updates. The updates will be new binaries. Unless you connect and download said updates, your machine shuts down in two days.
Why do I get the feeling that wouldn't be popular?
Many people have no idea that there is an alternative.
And then the issue is compounded to be even worse. People like the parent phrase it like there's an alternative, and not numerous alternatives. Some of the alternatives are significantly more usable than Linux on the desktop. Yet we find people here posing it like it's an either/or choice.
Just as long as the same thing can be done to Trade Unions or any other corrupt entity, it sounds like a fine plan.
Actually, it would be more accurate to say 99% of suits amount to nothing,
Then all the nothing cases amount to legal harassment, and they should just be put out of business.
Really, if you're going to claim that 99% of the cases are fruitless, the followup is that the lawyers should just cease to exist and stop being a drain on all of us.
but maybe the world would have been a better place if Microsoft had been knocked down a peg or two by this.
Huh? You're kidding, right? You're saying it might be a good thing if Apple had won established IP rights on critical GUI elements? They would have shut down more than Windows if they'd won the suit. The X Window System would have been next on the list to shut down.
We'd all be living in a happy smile Apple owned GUI environment now. It's scary just to contemplate.
Microsoft did the world a favor by slapping down Apple in the look-n-feel suit. Microsoft does many things that are wrong. Spending the money to establish a legal right for people to adopt similar user interface elements was NOT one of them.
Actually, Art, Fashion, and Music would be out of reach of the youngsters, too. In the kind of world being proposed it's highly unlikely that a Commercial Culture of Youth as now exists would continue to exist. Pop Musick could cease to be the overriding concern. The aesthetic could again become a primary emphasis in art and culture.
Whoops. Sorry, rock-n-rollers.
On the other hand, the oldsters might encourage that kind of infantile culture and strutting around, to keep the young turkeys off to the side and controlled.
What's really weird is pondering why anybody would run emacs on a Mac in the first place.
This question would seem equally relevant to both people who hate, and people who love, the (old) Macintosh.
Well, once you start labeling entites 'contrary to the purpose of free software' and start excluding, where do you stop?
Richard Stallman has on more than one occasion denounced people who write manuals for Free Software but then try to sell them for money. He has said that if O'Reilly hadn't come along and written all the animal books, and 'scratched the itch' at $30-60 a pop, that people would have put together freely distributable manuals for much of Unix and the Free Software community.
Granted, the FSF has been selling copies of printed documentation for years (I have a GNU Emacs manual from the mid-80's in my bookcase) but never 'exclusively' and always as a fundraising project, not a primary moneymaking scheme.
The commercialization of software documentation, while a way to 'make money with OSS' is just another way of hoarding knowledge, similar to hoarding software.
Well, GNU substantially did do that. Problem is, like most pot-heads, their ambitions were always getting sapped by bong hits. They couldn't pull it all together and get it running under a kernal anybody would want to run.
Linus came along: someone who it's pretty likely has never smoked grass. He pulled the rug out from under the GNU hippies. The rest is history.
I guess you'd better get used to static web pages. No more e-commerce, no more web-oriented applicaton development.
This company doesn't produce software for Microsoft to have stolen. They are a 'pure R&D' outfit. In other words, they patent stuff and wait for somebody to sue or bill licensing fees to.
Also, this is the kind of company that people like R. Stallman bemoan and argue against when the topic of software patents comes up.
But you can continue to believe that anything anti-Microsoft is inherently good. If you wish to live in that simple of a world...
How is the GPL a contract?
Who signed on which dotted line? Were there witnesses at the signing?
People who distribute the code and follow the provisions of the GPL didn't sign an explicit contract. Either did the people who distribute the code without following the provisions of the GPL.
So where's this enforcable contract that everbody is espousing? We're to believe that people can and will selectively be allowed to enforce an implicit contract binding other people? Sounds a lot like the toothless EULA licenses that everybody hates and ridicules.
However, 'big' isn't always 'better' in a court case. The American public has been conditioned for years to belive that the 'big company' is wrong, and the smaller company deserves their sympathy. That point has been driven into our heads for years and years of popular culture.
In an IBM=Goliath, SCO=David framing of the issue, the GPL guys don't come out ahead if their champion is IBM.
It's really awful, in some ways, seeing so many people cheer on IBM and praise them for their bigness. It's almost like big-company-coercion is okay, and the 800 pound gorilla is alright as long as it's our 800 pound gorilla. That's wrong. It goes against the grain, and it'll bite people who back it in the end.
If the GPL is declared null and void, then all those pieces of GPL'd code revert back to regular copyright. However, this means that the 'commons' that people have contributed to ceases to exist. Instead of a big project called the Linux kernal all under a common license, we've got 35,000 different code fragments, all of which have different copyrights and owners, and all of which can and will be interpreted seperately if people are taken to court for how they use said fragments.
So. Okay, we've established that a contract is necessary to redistribute the software.
Where is this contract? How many people have signed it? And how come I've never, ever, heard anybody testify or even casually mention having signed this contract?
Unless there's a contract, signed in pen and ink somewhere, or at least a formalized agreement that witnesses will testify in court was made.... there isn't a contract. Contracts are not implicit things.
Quoth the GPL:
You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works....
Okay. So where does the person who wants to accept the License sign? Until there's a place to sign the contract, there isn't a contract. Without a signed contract, there isn't any way to enforce said contract.
This paradox is more important than most people are willing to accept.
Minux is a pedagogical Operating System intended to be used for educational purposes. There was no intent by the original author for it to be extended and bloated into the kind of project the Linux kernal has become.
The people who 'gave up' on Minix and moved over to work on Linux did so because a project that better met their needs became available. Not because Minix 'failed' in some way.
The big difference in the comparision you made above is that the author and owner of the copyright for the book have made an explicit contract signed in ink with the publisher. The GPL is an implicit contract. Anybody who happens along and acquires a copy of the GPL'd code is supposedly bound by this 'contract.' It's a heck of a lot like an EULA in that regard, and nobody here takes binding EULA's seriously. Why should we take the GPL seriously either?
Any time severe and clear-cut penalties are defined into a law or a contract, that just means that it would be worth billions of dollars to defeat it, if the threat of it going into force became a possibility.
But we're wandered so far off into hypothetical that it's ridicuous. Microsoft doesn't need any of the GPL code out there. They can and do write their own code. They're far too egotistical an outfit to just suck in code from outside and use it. They learned the perils of doing that when they were forced to come up with a replacement for the Stacker code and put out a whole new version of DOS (DOS 6.22) because they'd made the mistake of cloning Stack's kludge (yes, it was a kludge, and I told anybody who used Stacker that it sucked).