As for the effort for keeping up a Windows box - it takes almost zero effort.
Rrrright... zero.
Pick an antivirus to run and constantly worry if it's good enough to keep up with all the malware; make sure the firewall is on at all times; disable unneeded services that are on by default and those that pop up by themselves misteriously later; disable stuff like indexing and restore so that they don't fuck up my drives; always on the lookout for spyware and malware, because I've seen systems with everything of the above, not using IE, and still got malware on them; wonder why the fuck it won't stop asking for drivers for that Bluetooth dongle I plugged in two weeks ago -- I'd disable the bastard but the device manager shows 5 yellow "unknown devices" and I don't know which is what; hunting down programs to use by myself and always worry which of them might contain spyware or trojans; worry what goodies Microsoft will push on me via update tomorrow. Add the inherent rot of every Windows installation I've ever seen, which makes you need to reinstall at least once a year, if not 6 months.
Oh yes, it's a completely relaxing experience. It's so relaxing that I wonder why Gates, with his keen business sense, is not selling billions of punch bags with "Thank you Microsoft!" written on them. When Windows makes me run amok it would help to have a punch bag around instead of wanting to smash my keyboard and keep all the rage inside.;)
Stuff like this doesn't really inform the general public, it only frightens them and makes them even more irrational. It's like the occassional story about the kidnapped kid or terrorist attack that causes everyone to freak out and start demanding irrational laws.
I agree it's not a case for more stupid laws, but it needs to be said, to be brought out into the light. The truth is that online advertisers do everything they can to track people online. How many of the regular people are aware of it? Even nerds can miss out. How many of you, faithful Slashdot readers, know about the so called "Flash cookies" and how you're probably being tracked with them right now? Or other insidious tracking methods?
From a tehnical point of view it's easy to dismiss things. They have simple explanations. Browsers should come by default configured with high privacy options. When you install an external browser plugin it's common sense that the plugin may do whatever it pleases. Let's use AdBlock. But these are in no way obvious things for 90% of Internet users. And if someone is watching them wherever they go online I think they should know and learn how to protect themselves.
I sure hope you slipped a "big tits are the shit" somewhere in your post. If you didn't, you missed out big time, since nobody's gonna read all that in detail.
Can we give a rest to the "who stole what from who" stupidity? You can't steal ideas. There's no ownership of ideas. There's only implementations, some worse, some better. I don't give a shit who did what first, I care who's doing it best right now. As long as everybody gets a fair shot at doing it, whoever does it best "wins", fair and square.
I think you mean "cross site addressing" ie. loading content from several websites on the same page. It is NOT XSS, which means "cross site scripting". No scripting involved here.
All I see (and you can too, if you follow the comments and explanations on that page) is Microsoft doing things awkwardly, as usual. HTML inside OBJECT tags should be no different from HTML inside an IFRAME, yet Microsoft felt the need to use ActiveX and thus raised a security problem. Which they've handled inappropriately, by blocking, instead of falling back to simple rendering.
Good old ActiveX. Still messing things up, two browser generations later.
If one day I'll be coding a website and I find myself having to work around IE8 quirks just as I had to work around IE7 and IE6 quirks... Where's the difference? Hopefully there'll be less quirks to worry about, but at the end of the day I've still wasted time catering to IE whims.
...But the picture wouldn't be complete without this: I've gone and tested IE7 with ACID3. It scored a spectacular 4 (four) out of 100! That's while, I remind you, all other major browser engines out there score today in the 40-90 range. Even those versions, and this is important, that were out before the ACID3 test was around. See what it means to plan ahead and work with standards?
What does this tell me? That, while IE7 does a lot better than IE6, it becomes apparent that this is done with skin-deep tricks. They didn't do anything new. They needed something to pacify the angry mob until v8 came out, so they hacked on the IE6 engine to produce "nice" rendering. Together with the revamped interface it's something meant to stop Microsoft bleeding browser marketshare. Smart.
That's why I'm glad they are doing the scoring thing. It's much better to be able to put an exact figure on the compatibility level. With ACID2 you just had the graphics to compare to and you'd say "that doesn't looks right" and "it fails". A score out of 100 is much better than a yes/no verdict. And it's much more realistic as well, since most browsers will not be able to implement all standards perfectly all the time.
IE on the other hand does whatever some guy at Microsoft thought would be cool at the time. Its not predictable and often it contradicts the standards.
"Never ascribe to malice what can be explained by incompetence", that's how the saying goes. Of course, Microsoft is always trying the lock-in tactics, but that's more about things like VBScript, ActiveX and Silverlight and less about HTML and CSS.
I suspect that the blunders present in IE6 and earlier in respect to HTML/CSS rendering (and security!) have more to do with things like preserving legacy behaviour, corporate decisional lag, not breaking compatibility and crap like that. Not good, naturally, but ascribable to a kind of stupidity rather than ill intent.
And may I point out that the whole standard compliance thing bloomed only a few years back, when Firefox started rising and web designers started wanting to move away from table layouts to liquid layouts with CSS 2.1 and so on and discovered that IE6 is crap in that respect. Before that nobody gave a damn, you could do table layouts in IE just as well as the next browser.
So what I see is that the standards revolution in web design caught IE6 in a dormant period and Microsoft was arrogant enough to let the problem grow worse for a while. It wasn't malice, just stupidity.
I dare speculate that if they had given the world IE7 a few years early, Firefox may have never had the success it enjoys today. Or that if Opera had started giving its browser for free it would've enjoyed higher usage figures right now. But that is a different discussion.
Come on, let's not be like that. I test my website layout in Opera and Firefox and then move on to IE to see what needs to be fixed so it looks as intended. With IE7 I rarely need to fix something, and it's usually minor. IE6 however is a completely different story and I never get away without a conditional comment introducing an extra stylesheet that picks up the pieces. So let's give credit where it's due: IE7 is a hell of a lot better than IE6 and I hope IE8 is even better than that.
Exactly. It may seem far-fetched, but they're doing it to themselves (or, rather, the government is twisting their arm). Once they start showing they care about what they transfer, responsability is around the corner. If you know what the customer is doing then it stands to reason that you also know about the attacks his computer is receiving from the Internet -- so how about taking responsability for that? Not pretty, eh?
It's debatable whether Safari as a whole is open-source. They use KHTML and post various changes they make back to the KDE source base, and WebKit is open, but that's just the core. Nobody said that the API changes we're talking about here are in WebKit, in fact I suspect they aren't, otherwise there wouldn't be any fuss over it.
Speaking of which, I wonder what will happen when P2P, and its main representative, BitTorrent, go for full encryption. All it takes is full mandatory encryption of transfer connections and SSL-enabled trackers. I remember reading an article recently that said that a lot of UK torrent users have resorted to encryption already in order to curb ISP bandwidth throttling. So it's not so far fetched.
Then what? What will they do? Order ISP's to block access to trackers? Raid the home of any broadband user caught encrypting his traffic? Police state indeed.
[..]Americans tend to be optimistic about this but Germans already have undergone two periods of oppression that relied on an extensive invasion of privacy.
That's why, in this context, the approach on topics such as mandatory ID's strikes me as strange in the two countries.
Most of the European countries, especially those that used to be behind the Iron Curtain, have grown used to mandatory ID's. When they finally got a taste of actual freedom and democracy they kept the ID's, but they also payed a lot more attention to possible abuse and privacy issues.
Whereas in the US, the very bed of democracy, the mandatory ID is regarded automatically as evil and Big Brother is the first thing the citizens think about.
It comes down to trusting your own Government to not abuse the personal data. So I find it ironic that former dictatorships and authoritarian states would be more trusted than a traditional democracy.
Why the hell has it become so accepted that PHP would make bad applications by default? I don't see this as a problem with stupid developers using PHP. It's a problem with stupid developers not knowing the first thing about security. You can use system(), eval() and have SQL injections in other languages as well. And you can write perfectly secure applications in PHP.
It's the overall developer quality, not the language. If these people were using any other language we'd still have problems.
(And don't tell me about register_globals and old vulnerabilities either, stuff like this has been bad practice and disabled by default for years now, whoever uses it is asking for it.)
Ah, but PHP is special. It's like issuing buldozers to the population at large. Some will get some useful work done. Most will tear down their house and uproot the trees.
Which brings us to a much more pertinent question: have those targeted vulnerabilities (in Quick Time, Messenger etc.) been fixed? Is the fix available?
[..]and every system they sold had one of 5 root passwords which quickly became common knowledge in the industry.
Ah yes, I know those five passwords: "123", "aaa", "123aaa", "qwerty" and "password". And if it wasn't one of these then it was probably on a post-it note on the system case.
It seems there are other people who sees a story validated by 4 different, independent security companies as FUD.
Yeah, well, when it's likely the reporters are deeply biased please excuse us if the knee-jerk reaction is to cry "FUD!"
Most of today's security companies have a business model that can only be called parasitic. They depend on the deeply flawed way of thinking pushed by the ubiquitous Windows operating systems. You know which: default allow, blacklisting, turd polishing etc. More here.
It is damn obvious that these security companies have all the interest in trying to sell anti-malware products to platforms such as Mac and UNIX/Linux, even though their security approach is very different ("by design" instead of "trial and error") which makes such products mostly redundant. Not to mention the efforts of the likes of Microsoft to discredit these competing platforms.
I haven't seen a single shred of evidence so far in this story. The whole thing is basically a hoax so far. "Yeah there's something out there but nobody has evidence and there's no common denominator." If that's not FUD I don't know what is.
This should be modded insightful, not funny. Yes, why did they buy it? The code is out there and can be reimplemented in a manner allowed by the copyright law. Granted, it wouldn't be trivial. But wouldn't it cost less than $1bn?
So what exactly did Sun buy for that cool billion? The assets? The research (hint: MySQL 6)? The developers? The right to re-license future versions as they wish (maybe open source, but maybe not)?
Think hard about that last one in particular. It opens all kinds of possibilites. Frankly, I don't see why one should automatically assume this was a FOSS-friendly move. They could just as well close it off and go make a splash in the closed-source commercial DB market. Or make it Solaris-only. Or whatever. It's theirs now.
Slashdot Mirror
Pick an antivirus to run and constantly worry if it's good enough to keep up with all the malware; make sure the firewall is on at all times; disable unneeded services that are on by default and those that pop up by themselves misteriously later; disable stuff like indexing and restore so that they don't fuck up my drives; always on the lookout for spyware and malware, because I've seen systems with everything of the above, not using IE, and still got malware on them; wonder why the fuck it won't stop asking for drivers for that Bluetooth dongle I plugged in two weeks ago -- I'd disable the bastard but the device manager shows 5 yellow "unknown devices" and I don't know which is what; hunting down programs to use by myself and always worry which of them might contain spyware or trojans; worry what goodies Microsoft will push on me via update tomorrow. Add the inherent rot of every Windows installation I've ever seen, which makes you need to reinstall at least once a year, if not 6 months.
Oh yes, it's a completely relaxing experience. It's so relaxing that I wonder why Gates, with his keen business sense, is not selling billions of punch bags with "Thank you Microsoft!" written on them. When Windows makes me run amok it would help to have a punch bag around instead of wanting to smash my keyboard and keep all the rage inside.
I agree it's not a case for more stupid laws, but it needs to be said, to be brought out into the light. The truth is that online advertisers do everything they can to track people online. How many of the regular people are aware of it? Even nerds can miss out. How many of you, faithful Slashdot readers, know about the so called "Flash cookies" and how you're probably being tracked with them right now? Or other insidious tracking methods?
From a tehnical point of view it's easy to dismiss things. They have simple explanations. Browsers should come by default configured with high privacy options. When you install an external browser plugin it's common sense that the plugin may do whatever it pleases. Let's use AdBlock. But these are in no way obvious things for 90% of Internet users. And if someone is watching them wherever they go online I think they should know and learn how to protect themselves.
I sure hope you slipped a "big tits are the shit" somewhere in your post. If you didn't, you missed out big time, since nobody's gonna read all that in detail.
"Deep Throat" would've been a nice pun in this context...
Can we give a rest to the "who stole what from who" stupidity? You can't steal ideas. There's no ownership of ideas. There's only implementations, some worse, some better. I don't give a shit who did what first, I care who's doing it best right now. As long as everybody gets a fair shot at doing it, whoever does it best "wins", fair and square.
I think you mean "cross site addressing" ie. loading content from several websites on the same page. It is NOT XSS, which means "cross site scripting". No scripting involved here.
All I see (and you can too, if you follow the comments and explanations on that page) is Microsoft doing things awkwardly, as usual. HTML inside OBJECT tags should be no different from HTML inside an IFRAME, yet Microsoft felt the need to use ActiveX and thus raised a security problem. Which they've handled inappropriately, by blocking, instead of falling back to simple rendering.
Good old ActiveX. Still messing things up, two browser generations later.
If one day I'll be coding a website and I find myself having to work around IE8 quirks just as I had to work around IE7 and IE6 quirks... Where's the difference? Hopefully there'll be less quirks to worry about, but at the end of the day I've still wasted time catering to IE whims.
...But the picture wouldn't be complete without this: I've gone and tested IE7 with ACID3. It scored a spectacular 4 (four) out of 100! That's while, I remind you, all other major browser engines out there score today in the 40-90 range. Even those versions, and this is important, that were out before the ACID3 test was around. See what it means to plan ahead and work with standards?
What does this tell me? That, while IE7 does a lot better than IE6, it becomes apparent that this is done with skin-deep tricks. They didn't do anything new. They needed something to pacify the angry mob until v8 came out, so they hacked on the IE6 engine to produce "nice" rendering. Together with the revamped interface it's something meant to stop Microsoft bleeding browser marketshare. Smart.
That's why I'm glad they are doing the scoring thing. It's much better to be able to put an exact figure on the compatibility level. With ACID2 you just had the graphics to compare to and you'd say "that doesn't looks right" and "it fails". A score out of 100 is much better than a yes/no verdict. And it's much more realistic as well, since most browsers will not be able to implement all standards perfectly all the time.
I suspect that the blunders present in IE6 and earlier in respect to HTML/CSS rendering (and security!) have more to do with things like preserving legacy behaviour, corporate decisional lag, not breaking compatibility and crap like that. Not good, naturally, but ascribable to a kind of stupidity rather than ill intent.
And may I point out that the whole standard compliance thing bloomed only a few years back, when Firefox started rising and web designers started wanting to move away from table layouts to liquid layouts with CSS 2.1 and so on and discovered that IE6 is crap in that respect. Before that nobody gave a damn, you could do table layouts in IE just as well as the next browser.
So what I see is that the standards revolution in web design caught IE6 in a dormant period and Microsoft was arrogant enough to let the problem grow worse for a while. It wasn't malice, just stupidity.
I dare speculate that if they had given the world IE7 a few years early, Firefox may have never had the success it enjoys today. Or that if Opera had started giving its browser for free it would've enjoyed higher usage figures right now. But that is a different discussion.
Exactly. It may seem far-fetched, but they're doing it to themselves (or, rather, the government is twisting their arm). Once they start showing they care about what they transfer, responsability is around the corner. If you know what the customer is doing then it stands to reason that you also know about the attacks his computer is receiving from the Internet -- so how about taking responsability for that? Not pretty, eh?
It's debatable whether Safari as a whole is open-source. They use KHTML and post various changes they make back to the KDE source base, and WebKit is open, but that's just the core. Nobody said that the API changes we're talking about here are in WebKit, in fact I suspect they aren't, otherwise there wouldn't be any fuss over it.
Speaking of which, I wonder what will happen when P2P, and its main representative, BitTorrent, go for full encryption. All it takes is full mandatory encryption of transfer connections and SSL-enabled trackers. I remember reading an article recently that said that a lot of UK torrent users have resorted to encryption already in order to curb ISP bandwidth throttling. So it's not so far fetched.
Then what? What will they do? Order ISP's to block access to trackers? Raid the home of any broadband user caught encrypting his traffic? Police state indeed.
"It burnsss uss!"
Most of the European countries, especially those that used to be behind the Iron Curtain, have grown used to mandatory ID's. When they finally got a taste of actual freedom and democracy they kept the ID's, but they also payed a lot more attention to possible abuse and privacy issues.
Whereas in the US, the very bed of democracy, the mandatory ID is regarded automatically as evil and Big Brother is the first thing the citizens think about.
It comes down to trusting your own Government to not abuse the personal data. So I find it ironic that former dictatorships and authoritarian states would be more trusted than a traditional democracy.
Why the hell has it become so accepted that PHP would make bad applications by default? I don't see this as a problem with stupid developers using PHP. It's a problem with stupid developers not knowing the first thing about security. You can use system(), eval() and have SQL injections in other languages as well. And you can write perfectly secure applications in PHP.
It's the overall developer quality, not the language. If these people were using any other language we'd still have problems.
(And don't tell me about register_globals and old vulnerabilities either, stuff like this has been bad practice and disabled by default for years now, whoever uses it is asking for it.)
...or use the rate limiting built in the SSH features already. Honestly, using iptables as a kitchen sink for security is NOT sane practice.
Ah, but PHP is special. It's like issuing buldozers to the population at large. Some will get some useful work done. Most will tear down their house and uproot the trees.
Which brings us to a much more pertinent question: have those targeted vulnerabilities (in Quick Time, Messenger etc.) been fixed? Is the fix available?
Yeah, well, when it's likely the reporters are deeply biased please excuse us if the knee-jerk reaction is to cry "FUD!"
Most of today's security companies have a business model that can only be called parasitic. They depend on the deeply flawed way of thinking pushed by the ubiquitous Windows operating systems. You know which: default allow, blacklisting, turd polishing etc. More here.
It is damn obvious that these security companies have all the interest in trying to sell anti-malware products to platforms such as Mac and UNIX/Linux, even though their security approach is very different ("by design" instead of "trial and error") which makes such products mostly redundant. Not to mention the efforts of the likes of Microsoft to discredit these competing platforms.
I haven't seen a single shred of evidence so far in this story. The whole thing is basically a hoax so far. "Yeah there's something out there but nobody has evidence and there's no common denominator." If that's not FUD I don't know what is.
Ah, careful with the terminology there. Brownware is an already established term.
This should be modded insightful, not funny. Yes, why did they buy it? The code is out there and can be reimplemented in a manner allowed by the copyright law. Granted, it wouldn't be trivial. But wouldn't it cost less than $1bn?
So what exactly did Sun buy for that cool billion? The assets? The research (hint: MySQL 6)? The developers? The right to re-license future versions as they wish (maybe open source, but maybe not)?
Think hard about that last one in particular. It opens all kinds of possibilites. Frankly, I don't see why one should automatically assume this was a FOSS-friendly move. They could just as well close it off and go make a splash in the closed-source commercial DB market. Or make it Solaris-only. Or whatever. It's theirs now.
More like: "Man acts as a wolf toward his own kind". Gotta love Latin for its brevity.
In his defence, SCO is not an industry. But I say, give it time.