> Your attempt to belittle Windows because of "biggest patch tuesday ever" seems to have completely backfired for you. Thousands of patches for ubuntu in no more than 5 months. Thats *THOUSANDS*
Yes. And if you would count single commits to all upstreams, it would be even more. Lines changed? Even more. Characters changed? *MORE*.
To cut out the sarcasm: For the 25.000+ packages in Debian, there have been a total of 153 advisories in 2010. http://www.debian.org/security/2010/
From what I remember when I still used Windows, most if not all patches that MS releases are either security fixes or updates for Media Player. But tbh, I don't care enough to look up what the last batch was about.
So yah, apples & oranges.
> > > You are a Linux zealot and are thus completely irrational.
> Saying that you are wrong because you are an ignorant dipshit would be an Ad Hominem.
> For each percentage the comparison is with the same stat on the 3GS.
So because you are using one device as baseline data, all data about said device can be compared to another device? What is the battery capacity to glass breakage ration between iPhone 3 & 4, then?
The point which went sailing over your head is that while it's not surprising that a phone with 2 glass sides has more glass damage incidents than a phone with one glass side, an increase in 86% is far from normal.
> My estimate is 56 pages with 20 bug fixes per page, so well over 1000 bug fixes in 4 months.
We're both aware that Multiverse & Universe contain a lot more packages than what MS offers. Also, we're both aware that MS can fix more than one bug with one update. So yah, apples & oranges.
Also, I did not say I don't include FF in the common Linux desktop stack. I merely said that I don't know much about how often they patch as I don't use it.
> I have not tried to demean Linux in any way, and have only pointed out that it is Security through Obscurity.
And I pointed out that I disagree with that assessment.
> Meanwhile you have tried several times to demean Windows with unfair comparisons and logical fallacies.
I know you claim that, I have yet to see proof.
> You are a Linux zealot and are thus completely irrational.
A detailed analysis if I ever saw one. As you are a fan of linking to lists for others to pick from, I'll be game: http://en.wikipedia.org/wiki/Ad_hominem/thread.
DCs are not moving into strange places. It's just that people are starting to realize that _any_ large and reasonably well-built structure is suitable as a DC. Electric power is usually a given, AC can almost always be installed and then you are down to "is it cheaper to get (redundant) fiber to this old structure or to build a new DC".
That's the beauty of a DC. The computers in there don't care where they are.
I agree with what you said about firewalling. Some of our customers have two firewalls behind each other, some have none. Personally, I prefer zero or one. And yes, it's always a trade-off. No one but worms really cares about yet another tiny VM serving static HTML. Attackers _do_ care about financial management companies.
> For me, each OS is simply a tool, each with their weaknesses and strengths.
Same here. But same as I will not work with sub-standard screwdrivers (pet-peeve, long story) and rather bring my own bits and/or screwdrivers, I try avoid other tools I consider inadequate for reasons of sanity and efficiency. Windows happens to be among those inadequate tools, for me. I know & respect some people who use Windows exclusively, it just so happens that I can't use it while staying calm for very long.
I did not mean to imply that I never need to update. But I do have problems keeping track as the frequency is rather low, for me.
> It could be that Firefox is one of the more poorly written tools in a the stack, it could also be that it's a much larger target because of its cross platform popularity.
I would tend to say it's a both of both plus the fact that by the very definition of a browser, you load & interpret outside stuff all the time.
Though Chrom{e,ium} is really popular as well and it has fewer holes, it seems.
> Firefox by itself has been updated at least once a week for the last month.
OK, dunno. I use Konqueror & Chromium.
> A mail server, for instance, probably wouldn't have had any updates (other than the bzip and kernel ones already mentioned) all month.
Also, most mail servers aren't 64 bit with 32 bit compability layer.;)
> A workstation on the other hand has had (that I can remember off the top of my head, without looking at logs) at least the kernel bug, bzip bug, three or four Firefox bugs, and two Samba bugs.
I don't use Samba (other than on one single server for one client), so I don't see those patches, either.
> I also remember having to update Apache once this month so there's one for a webserver. SSL had to updated on pretty everything last month (unless you have some box that doesn't use SSL for anything).
Those were ones I saw:)
> Just this morning I got Freetype, Poppler and KDE-utils updates.
Assuming you mean KDE 4.x, I think I need to upgrade once I am home:)
Let's be generous and say that the patches above were due two two dozen distinct bugs. I chose a number that is about double of what you listed, on purpose.
> On those systems you refer to, where they facing the external world, or where they inside an intranet?
Outside world. If you don't listen on ports anyway, where is the use in firewalling them? (Yes, there can be issues, especially with dDoS. But then, if your firewall has a remote exploit, that is additional risk, as well)
> We have to work with them.
You do, I don't. When I was approached about being the only one with Linux on the desktop and integrating into the Windows infrastructure, I told them that I would quit if I had to work on, or with, Windows. Problem solved.
This may sound like I am wagging my e-dick, but I am truly trying to make my POV clearer. Thankfully, I am in a position where I can truly not care about Windows other than the odd family members' plea for help.
You are right about the turn-key comment. Full (optional) out-of-the-box integration of LDAP, Kerberos, etc in Debian would be a awesome.
Yet, I consider non-configured MAC on Windows as theoretical as SELinux on Linux. Your experience clearly makes you disagree with this assessment which is fine. I hope you can see my POV; I can see yours.
I don't pretend that there are not security issues within the *NIX world, but for the boxes I maintain, I average a lot less than one patch per week. No idea about differences between RH and Debian, but 2-4 sounds like a lot, to me.
You are right in a lot of what you say. Yet, none of this matters when Windows keeps on having gaping holes and *NIX seems to manage without those.
Torx is technically superior, yet you are more likely to have real-world success in the world of screwing with a Philips #2. And yes, the analogy is not 100% perfect.
> Every single production UNIX/Linux box I've encountered has sit behind a NAT/firewall. Machines that are not unfiltered (be it *NIX or Windows) typically sit within an intranet already enclosed by NATs/firewalls.
I know about a load of *NIX machines that are not behind any firewall whatsoever. Some run iptables locally, most don't.
And yes, by secure, I mean "keep others out of the machine". I don't care too much about local access control as different services run on different VMs anyway and the desktop machines only have a handful of users at max. And once there is reason to suspect anything has been compromised it's reinstalled, anyway. I am not sure how SELinux etc don't count as they are clearly something that exists within the *NIX context. That's like claiming the Windows family does not have have anything to write documents with as Office is not on the CD.
So, to be clear "in the context of direct & indirect remote exploits, *NIX is more secure than Windows". Also "in the context of direct & indirect local exploits, *NIX is more secure than Windows". I can't say too much about MAC on Windows as I don't really care or know much about it. I seem to remember several exploits bypassing most security measures, though. And less of those with SELinux.
Next Tuesday, MS will break the record for patches in one day. Before the recent bzip2 DoS hole, I don't even know _what_ I patched last.
Your obscurity argument would hold more water if most *NIX would not dominate the server hosting as much as it does. And those machines tend to be unfiltered while Windows machines tend to be behind NAT/a firewall.
And finally, even _if_ the obscurity argument was valid (I happen to think it's not, feel free to disagree), there is no way to make *NIX less obscure just to prove your point.
So, for all intents and purposes, as of right now, *NIX is more secure.
And when I was young, we had to walk to school, uphills both ways. We had to wrap barbed wire around our bare feet for traction on the dry ice that formed due to the cold.
In other words: I did claim that *NIX has always been perfect. I am simply saying they got their shit together a lot better, faster and more thoroughly than the Windows world.
> I gotta admit begrudging admoration of the Russians for this one.
Why the grudge? They were better and faster so they won that part. Though I suggest you don't read up on who put actual rovers onto the Moon, Venus & Mars first. That might disturb your tiny slice of USA-centric knowledge & feelings even more.
The fact that you can't seem to spell admiration makes your post even more amusing.
Slashdot Mirror
> Your attempt to belittle Windows because of "biggest patch tuesday ever" seems to have completely backfired for you. Thousands of patches for ubuntu in no more than 5 months. Thats *THOUSANDS*
Yes. And if you would count single commits to all upstreams, it would be even more. Lines changed? Even more. Characters changed? *MORE*.
To cut out the sarcasm: For the 25.000+ packages in Debian, there have been a total of 153 advisories in 2010. http://www.debian.org/security/2010/
From what I remember when I still used Windows, most if not all patches that MS releases are either security fixes or updates for Media Player. But tbh, I don't care enough to look up what the last batch was about.
So yah, apples & oranges.
> > > You are a Linux zealot and are thus completely irrational.
> Saying that you are wrong because you are an ignorant dipshit would be an Ad Hominem.
Fascinating. Anyway, you summed it up nicely:
> Zealots and their faulty logic. Simply amazing.
> Unless the battery capacity would effect the glass breakage rate, it's hardly relevant.
Correct. Same as the _amount of glass_ is not directly related to the _opportunities for the glass to break_.
Anyway, this is leading nowhere.
> For each percentage the comparison is with the same stat on the 3GS.
So because you are using one device as baseline data, all data about said device can be compared to another device? What is the battery capacity to glass breakage ration between iPhone 3 & 4, then?
The point which went sailing over your head is that while it's not surprising that a phone with 2 glass sides has more glass damage incidents than a phone with one glass side, an increase in 86% is far from normal.
> A bit unfair to make the bank liable for the NRC's and PUC's decisions.
Increase the interest rate to account for any increased risk.
> If you need a government guarantee on your loan in order to afford it then whatever you are doing isn't viable.
Or maybe you just figure it's nice to get free/cheap money.
You just compared _occurrences_ with _amount of damage once something occurs_.
Would you like an apple with that orange?
> My estimate is 56 pages with 20 bug fixes per page, so well over 1000 bug fixes in 4 months.
We're both aware that Multiverse & Universe contain a lot more packages than what MS offers. Also, we're both aware that MS can fix more than one bug with one update. So yah, apples & oranges.
Also, I did not say I don't include FF in the common Linux desktop stack. I merely said that I don't know much about how often they patch as I don't use it.
> I have not tried to demean Linux in any way, and have only pointed out that it is Security through Obscurity.
And I pointed out that I disagree with that assessment.
> Meanwhile you have tried several times to demean Windows with unfair comparisons and logical fallacies.
I know you claim that, I have yet to see proof.
> You are a Linux zealot and are thus completely irrational.
A detailed analysis if I ever saw one. As you are a fan of linking to lists for others to pick from, I'll be game: http://en.wikipedia.org/wiki/Ad_hominem /thread.
DCs are not moving into strange places. It's just that people are starting to realize that _any_ large and reasonably well-built structure is suitable as a DC. Electric power is usually a given, AC can almost always be installed and then you are down to "is it cheaper to get (redundant) fiber to this old structure or to build a new DC".
That's the beauty of a DC. The computers in there don't care where they are.
I agree with what you said about firewalling. Some of our customers have two firewalls behind each other, some have none. Personally, I prefer zero or one. And yes, it's always a trade-off. No one but worms really cares about yet another tiny VM serving static HTML. Attackers _do_ care about financial management companies.
> For me, each OS is simply a tool, each with their weaknesses and strengths.
Same here. But same as I will not work with sub-standard screwdrivers (pet-peeve, long story) and rather bring my own bits and/or screwdrivers, I try avoid other tools I consider inadequate for reasons of sanity and efficiency. Windows happens to be among those inadequate tools, for me. I know & respect some people who use Windows exclusively, it just so happens that I can't use it while staying calm for very long.
I did not mean to imply that I never need to update. But I do have problems keeping track as the frequency is rather low, for me.
> It could be that Firefox is one of the more poorly written tools in a the stack, it could also be that it's a much larger target because of its cross platform popularity.
I would tend to say it's a both of both plus the fact that by the very definition of a browser, you load & interpret outside stuff all the time.
Though Chrom{e,ium} is really popular as well and it has fewer holes, it seems.
> > Next Tuesday, MS will break the record for patches in one day.
> So because MS issues patches on a monthly cycle that that is your evidence that Windows is less secure? Really? Thats the evidence you have?
As you are into math: 49 / 30 = ?
> obscurity outstandingly
> shameful attempt
> which one of these
> evidence suggests that this is because it is obscure
Neither you nor me seem to have links to hard data handy, but at least one of us manages to stay nice :)
> Firefox by itself has been updated at least once a week for the last month.
OK, dunno. I use Konqueror & Chromium.
> A mail server, for instance, probably wouldn't have had any updates (other than the bzip and kernel ones already mentioned) all month.
Also, most mail servers aren't 64 bit with 32 bit compability layer. ;)
> A workstation on the other hand has had (that I can remember off the top of my head, without looking at logs) at least the kernel bug, bzip bug, three or four Firefox bugs, and two Samba bugs.
I don't use Samba (other than on one single server for one client), so I don't see those patches, either.
> I also remember having to update Apache once this month so there's one for a webserver. SSL had to updated on pretty everything last month (unless you have some box that doesn't use SSL for anything).
Those were ones I saw :)
> Just this morning I got Freetype, Poppler and KDE-utils updates.
Assuming you mean KDE 4.x, I think I need to upgrade once I am home :)
Let's be generous and say that the patches above were due two two dozen distinct bugs. I chose a number that is about double of what you listed, on purpose.
Tomorrow, MS will release 49 patches.
> On those systems you refer to, where they facing the external world, or where they inside an intranet?
Outside world. If you don't listen on ports anyway, where is the use in firewalling them? (Yes, there can be issues, especially with dDoS. But then, if your firewall has a remote exploit, that is additional risk, as well)
> We have to work with them.
You do, I don't. When I was approached about being the only one with Linux on the desktop and integrating into the Windows infrastructure, I told them that I would quit if I had to work on, or with, Windows. Problem solved.
This may sound like I am wagging my e-dick, but I am truly trying to make my POV clearer. Thankfully, I am in a position where I can truly not care about Windows other than the odd family members' plea for help.
You are right about the turn-key comment. Full (optional) out-of-the-box integration of LDAP, Kerberos, etc in Debian would be a awesome.
Yet, I consider non-configured MAC on Windows as theoretical as SELinux on Linux. Your experience clearly makes you disagree with this assessment which is fine. I hope you can see my POV; I can see yours.
I don't pretend that there are not security issues within the *NIX world, but for the boxes I maintain, I average a lot less than one patch per week. No idea about differences between RH and Debian, but 2-4 sounds like a lot, to me.
You are right in a lot of what you say. Yet, none of this matters when Windows keeps on having gaping holes and *NIX seems to manage without those.
Torx is technically superior, yet you are more likely to have real-world success in the world of screwing with a Philips #2. And yes, the analogy is not 100% perfect.
> Every single production UNIX/Linux box I've encountered has sit behind a NAT/firewall. Machines that are not unfiltered (be it *NIX or Windows) typically sit within an intranet already enclosed by NATs/firewalls.
I know about a load of *NIX machines that are not behind any firewall whatsoever. Some run iptables locally, most don't.
And yes, by secure, I mean "keep others out of the machine". I don't care too much about local access control as different services run on different VMs anyway and the desktop machines only have a handful of users at max. And once there is reason to suspect anything has been compromised it's reinstalled, anyway. I am not sure how SELinux etc don't count as they are clearly something that exists within the *NIX context. That's like claiming the Windows family does not have have anything to write documents with as Office is not on the CD.
So, to be clear "in the context of direct & indirect remote exploits, *NIX is more secure than Windows". Also "in the context of direct & indirect local exploits, *NIX is more secure than Windows". I can't say too much about MAC on Windows as I don't really care or know much about it. I seem to remember several exploits bypassing most security measures, though. And less of those with SELinux.
Next Tuesday, MS will break the record for patches in one day. Before the recent bzip2 DoS hole, I don't even know _what_ I patched last.
Your obscurity argument would hold more water if most *NIX would not dominate the server hosting as much as it does. And those machines tend to be unfiltered while Windows machines tend to be behind NAT/a firewall.
And finally, even _if_ the obscurity argument was valid (I happen to think it's not, feel free to disagree), there is no way to make *NIX less obscure just to prove your point.
So, for all intents and purposes, as of right now, *NIX is more secure.
And when I was young, we had to walk to school, uphills both ways. We had to wrap barbed wire around our bare feet for traction on the dry ice that formed due to the cold.
In other words: I did claim that *NIX has always been perfect. I am simply saying they got their shit together a lot better, faster and more thoroughly than the Windows world.
That as may be. But look at their relative security track records.
Look at the submitter, look at the URL, sigh at timothy for accepting it in this form.
> I gotta admit begrudging admoration of the Russians for this one.
Why the grudge? They were better and faster so they won that part. Though I suggest you don't read up on who put actual rovers onto the Moon, Venus & Mars first. That might disturb your tiny slice of USA-centric knowledge & feelings even more.
The fact that you can't seem to spell admiration makes your post even more amusing.
Or it was simply a ton of work to draw stuff by hand so they re-used pics where they could.
> Are you actually listening to yourself?
I know your question was rhetoric. Still, it's painfully obvious that he is not. And for very good reasons, too.
http://yro.slashdot.org/comments.pl?sid=1812120&cid=33834874 might interest you.