In what way will having these tattoos enhance your existence?
In what way will having a painting in your house enhance your existence. In what way will any artistic expression or personal expression do so?
Think of how dignified those tattoos will look when you age and your whole body looks like Reagan's neck.
I've heard many variants of this argument but never really bought the idea. Yeah when you're old and wrinkly they won't look good. Neither will your skin. Seriously, if you find "Reagan's neck" to be dignified i any way you are more twisted than I. The ravages of old age aren't sexy or cool or dignified, but just the opposite. At that point, tattoos are the least of your problems.
Do you really want to explain to your grandkids why you thought a math equation... was something that held enough meaning that it required you to permanently scar your body with it?
Yes. Well, assuming I had grandkids, I'd absolutely like to tell them why I chose specific and important mathematical equations and discuss with them the scientific importance, cultural relevance, and history of those equations. That would probably be a hundred times more significant and interesting of a conversation than is the norm.
Note, I don't have any tattoos right now, but I'm not opposed to them. I used to think getting one required a lot of thought, but they're pretty removable these days so maybe instead of lecturing someone about the details of a tattoo they're planning on getting, why not just make suggestions about what would be the most awesomely geeky equation and stop being so patronizing.
...in order to solve some private and isolated problem, we are changing the whole constitution.
No, we're not. I repeat, no, we are not changing the constitution. We're applying it the same as we always have, you just don't understand how it works. There is no "isolated problem". There's public endangerment by yelling in the theater, there's slander and libel, copyright and trademark, fraud, criminal conspiracy, false advertising,and dozens more. There's nothing isolated about the "fire in a crowded theater" handling of free speech versus other individual rights. They are all handled the same way and they're all constitutional. This is how the founding father's applied the first amendment and it is how we still do apply it.
Your free speech right to say, "kill him and his whole family family Vinny" is not as protected as some family's right to live without being murdered, which is why it is not unconstitutional for a law to be passed that has you to be arrested for simply speaking to your associate Vinny in that way.
"yelling fire in a crowded theater" may means[sic] that there are some very special cases when your freedom is restricted, but it is nonsense to make a law only because there is some exception to the rule.
"Yelling fire in a crowded theater" is a well known example from a SCOTUS case used to explain both freedom of speech and constitutionality to students. It's not an exception to the way law works, just an example. Are slander and libel also an exception to the way the law works? What about truth in advertising laws? Fraud and bunco? Criminal conspiracy? Copyright and trademark law? All of these are laws that restrict free speech. They aren't edge case or exceptions, just freedom of speech interpreted under the law and weighed against other rights to strike a balance in the legal code.
And there you may have some very good reason to yell fire in theater...... even if there is no fire.
Sure maybe you do... but you're still responsible under the law for making sure doing so in a particular instance is legal. You can't rely upon the first amendment as a blanket protection while you violate the law which interprets and limit free speech where it conflicts with other protected rights.
Pornography? Just some 20 years ago gay marriage could have been recognized as a pornography.
Only if there were pictures of it and probably not even then... but you seem to have missed my point. You should really read about the "fire in a crowded theater" case to gain a better understanding. Laws can be constitutional and restrict free speech if they balance conflicting rights. That doesn't mean all laws restricting free speech are constitutional. Pornography laws being a good example of a law where there is no case for constitutionality except flawed assertions about "harm" that cannot be quantified or evidenced in any objective way.
Do we wanna to change the law every 20 years!!!!
In many cases yes, but my point was that if people understand and insist upon the constitution being upheld, we can write much more general laws and need less specific interpretation. That, however, requires that people gain an education about how the constitution works instead of making poorly reasoned arguments about one amendment trumping all the others and being some sort of unrestrictable right, even when the consequences would collapse our whole legal system. An understanding of the principals is dreadfully important here. The first amendment does not now nor ever was intended to make it legal for someone to tell lie and your grandmother they own that bridge and for all her money they are wiling to transfer the deed. The first amendment doesn't work that way and insisting it does but that there are some sort of "exceptions" simply clouds the issue and makes reasoned debate on the topic less useful and less likely to result in real strengthening of constitutional protections.
Once the U.S. starts implementing "hate speech" laws...
"Hate speech laws" is used to describe a wide array of laws, many of which are already on the books in much of the US. For example, laws against telling others to commit violent crimes against other people of a certain social group. Then there are "hate speech laws" that make it illegal to make discriminatory, but nonviolent comments about some social group. The fact that the phrase refers to both, makes it pretty much impossible to have a relevant argument about constitutionality without going into more detail about definitions first.
Freedom of speech is designed to protect speech we don't like.
True, but that does not necessarily mean all speech we don't like is protected by the first amendment.
People wanting to regulate speech they don't like are, in fact, running contrary to the constitution.
That depends upon the speech. For example, even the most die hard literalist would have a hard time claiming misinformation on food packaging is constitutionally protected free speech.
Freedom is irrevocable, as the base constitution says. So, even if there is a some stature that restrains it, it is invalid and void. And it is very important that every single person is aware of that fact.
Your view is overly simplistic. Laws can restrain speech and still be constitutional, provided they are striking a balance between different enumerated rights. A law that says ordering your employees to commit murder restricts free speech, but is still constitutional because it simply judges the right to particular free speech versus the right of an individual to live and makes a law in favor of the latter. For more information please do a search for "yelling fire in a crowded theater".
Actually, automated worms generally target services and they account for the majority of malware infections.
Absolutely false. Go look up the top ten malware threats at any AV site, at any time.
Why would you look at the "top ten threats" when you can actually look up the statistics a cited? Why would you assume what some AV company thinks you should pay attention to is the same thing as what has caused the most infections. Personally, I don't have to look up the numbers because I helped write some of the tools ISPs use to track this very information and I still pay attention to the feed.
Code Red targeted IIS.
Initially. One of the later variants targeted UPnP and several other services.
Conflicker was a class of worms. One did target the a server service vulnerability. Another targeted weak passworded shares and another propagated through usb sticks and the "autorun" feature. None of them targeted the UPnP service.
Umm, okay. Aside from telling you you're completely wrong, I don't know what to say. This takes 5 seconds with Google.
Obox - never heard of it - Google turns up nothing.
That's because you fail at copy and paste. It's Qbox, not Obox.
You claim that UPnP is not adequately sandboxed, but give no reason why. Checking services, I see that UPnP runs as the local service account.
First you're conflating user account permissions with access control.
No, I'm wasn't. Via ACLs, the local service account in Windows has access to almost nothing.
Sandboxing != user account permissions. User accounts do not use the same mechanism as ACLs. If you can't even acknowledge you're wrong on such a basic and obvious point I'm not sure there's any point continuing this conversation.
Thanks, and yes, I knew what MAC is. I just didn't know if OSX made use of it, though given the bullshit you said about code red and conflicker above, I don't know if I should believe you.
...and clearly spending 30 seconds doing a Google search is too hard for you. Enjoy your unchangeable and unfounded beliefs.
Malware that targets services is rare. Malware typically targets users and applications - in that order.
Actually, automated worms generally target services and they account for the majority of malware infections. There are more types of viruses and trojans, but each one infects many fewer machines and together they still count as less than half of infections.
Services certainly can be targeted when the opportunity arises, but those opportunities don't come very often, especially in the last several years after debacles like code red hit us and Windows started shipping with the firewall turned on by default.
Even with a firewall, Windows ships with a lot of holes in it by default, for the many services it runs by default.
The one service you mention as an example, UPnP, has had maybe three vulnerabilities in the last decade (two are listed on secunia, but they only go back to 2003; I know there was one in 2001).
Your search foo is weak. UPnP is one of the most exploited of services. Not just code red but Conficker, Qbox, and many others make use of it as an attack vector. Heck there was one where is the entry point for a Flash vulnerability just the other day.
You claim that UPnP is not adequately sandboxed, but give no reason why. Checking services, I see that UPnP runs as the local service account. This local service has no special rights on the system and can't even read user files. How is that not sandboxed enough and what does OSX do to further sandbox it's services?
First you're conflating user account permissions with access control. User accounts are a less finely grained form of security that usually layers with ACLs. In addition to running in a restricted user space, on OS X, ZeroConf is further sandboxed by a mandatory access control architecture (think UAC for the OS interactions). Second, OS X does not run UPnP, it only runs Zeroconf because UPnP is fragmented into the Windows version that needs to be reverse engineered and the actual standard version largely unused.
On Windows more are exposed by default, they're easier to exploit, and they are usually proprietary; all of which leads to less security regardless of market share.
The first claim is downright wrong and the last two are completely unqualified. How are they easier to exploit. How does being proprietary lead to less security?
Sigh. Firewalls aren't magic. Just having one enabled does not mean your default settings on it don't expose any services. I feel like your level of understanding must be so poor I'm just wasting my time. As for the latter two comments, I provided a nice example. They're easier to exploit because they are less sandboxed and there are more of them by default. Being proprietary leads to duplication which increases the number of services providing more area to attack ala UPnP and ZeroConf instead of just one of them.
As for services being more exposed by default, since XPSP2, the firewall has come on by default, meaning precisely zero services were exposed by default.
Fail.
And another thing about UPnp. It is not a proprietary Microsoft technology.
While technically you're correct, in the real world that's not how things actually work.
On a related note, an amusing quip
Yeah, too bad it's completely wrong. Linux uses ZeroConf by default as well as does Solaris and the BSDs. It's a lot easier than reverse engineering what MS did to UPnP with SSDP. But all that i beside the point, which is that if you use the same software on OS X, you have a single well secured service instead of two poorly secured services. And that's just for one example of a trend based upon architectural choices of the respective OS's.
Internet is a highly dangerous place and it's very hard, if not impossible, to secure the browser only for HTML, CSS, JavaScript and DOM. But now Google makes the same mistake like MS with the IE (with ActiveX) and includes PDF in the core browser?
Umm, they built it using their new "secure, sandboxed plug-ins" API. Including it by default improves security because it means fewer people will end up downloading Adobe's terribly insecure PDF reader app or plugin, because the functionality will already be there in a much more secure way.
So what are the architectural differences in OSX or Linux that would protect everyone from malware if they were the dominant platforms?
While the previous poster may be a bit vague on the details, this is not a point without merit. OS X and most desktop Linux variants do, indeed, have some significant security as a result of architectural choices. In other areas Windows has the upper hand, such as how much access control is applied in userland. Services, are a good example. Windows tends to have more open services and because of the proprietary nature of those closed services, more redundant services. A good example is Autodetection of local network services. It's a good type of service to exploit and a common target for malware on all platforms. Microsoft implements UPnP and exposes it by default, but by most accounts does not adequately sandbox it. Further, because it is proprietary, all cross-platform software has to either forgo the ability to link up with other versions of their own software running on other platforms, or they have to implement a different service. The upshot is, if you're running Adobe CS suite or any one of many other software packages on Windows you're running two services (UPnP and Zeroconf) that do the same thing, both of which have to exposed to hackers and neither of which is as sandboxed as it should be. If you're doing the same on OS X you have only one version (Zeroconf) and it is happily sandboxed so an attacker has to exploit not only the service, but also break the sandbox somehow... a very difficult task. This is all the result of how Windows handles services in comparison to OS X or Linux. On Windows more are exposed by default, they're easier to exploit, and they are usually proprietary; all of which leads to less security regardless of market share.
No, it's really not. Different groups of people are involved, different working groups, different schedules.
What are you talking about? Both are under the purview of the WHATWG working group.
> is generally referred to as "HTML5" by both the layman and the people writing the specs.
Speaking as one of the latter... no, it's not.
The last sentence of the first paragraph on the HTML5 wikipedia page reads: "In common usage, HTML5 may also refer to the additional use of CSS3, as both technologies are under development in parallel." Apparently you are not the average layperson.
Seriously, show me the code that Apple is including that is not proposed as part of one
> of the new WHATWG specs
Well, since no CSS specs are whatwg specs... that's easy.
Oh no! Apple implemented a demo with CSS 3D transforms, which has been a fully published working draft since early 2009. The horror! When will those bastards stop implementing openly published Web technologies with open source reference implementations. Clearly they are trying to take over the Web and make it proprietary or something? They do use HTML5 in that demo, they just go on to use another technology as well WHICH THEY SPECIFICALLY MENTION TWICE on the page for that demo. And that's what you find misleading? Yeah, you're just a hater looking for something to bitch about.
Yes. I am claiming that the demos include all sorts of stuff that's not in "the spec" if "the spec" is HTML5, nor is it in any drafts likely to become specs in the near future.
Well, clearly they use some other proposed specs as well, like CSS3, Webforms 2.0, 3D CSS transforms, but I don't see anything that isn't a proposed Web standard.
So they're basically demoing proprietary Safari extensions and trying to claim that they're part of HTML5.
Most people are lumping several technologies into the term "HTML5" in the press and common usage. Even the wikipedia page mentions the term has come to include more technologies in common use. But claiming that open specs submitted as standards with an open source reference implementation is the same thing as "proprietary extensions" is way way way more disingenuous than anything Apple has said on the issue.
In the "other browsers don't implement this stuff" verbiage.
You mean in the Slashdot summary, because I don't see it on Apple's page. Please provide a specific quote and citation.
...don't then advertise it as a demo of HTML5 (complete with the url claiming it has something to do with HTML5).
Apple didn't. Slashdot did. Apple says right in the title of the page that it is a Safari demo of HTML5 features, which is completely true. It does have something to do with HTML5, since it demoes features HTML5 allows Safari to support.
While it sounds damn sexy, I don't want it. It is stained with blood from Foxconn employees that make Apple products.
It's deeply sad that you're just now realizing one product in the US is made by poor people being exploited in foreign countries. That applies to almost everything you buy these days because the market shifted in the direction, long ago. It's also almost ironic that you pick out the iPhone as the example of this product, since Apple has been one of the very few companies actually pushing back and not only auditing their suppliers for human rights violations, but openly publishing those audits and requiring changes from their suppliers. Heck Steve Jobs pioneered a better way when he ran NextStep, creating computers that were technologically superior to anything else in the market and were made in the US using high tech robotics for no exploitation of the poor in foreign countries. How many did you buy? You pick the flagship product from the one guy who gave everyone a chance to buy a product that was not "stained with blood" (as you put it) and choose that as where you're going to make a stand? I don't know if that's more sad or funny at this point.
Come on Apple, how do you expect others to respect your trademarks if you don't respect other?
Ever think of checking your facts before commenting? From the FaceTime IM company web site:
"Our agreement with Apple to transfer the FaceTime trademark to them comes as we are rebranding our company to better reflect our capabilities. We will be announcing a new name in the coming months."
Which makes it sound like what they're demoing is part of "the spec". It's not.
Apple says it's demoing Safari's support for the spec. That is what they explicitly state. Are you claiming that is not true. Please be specific.
It also makes it sound like Safari is just ahead of the other browsers in implementing HTML5 (a line Apple has been pushing hard), which it's not.
How does it make it sound like that? This is a demo of Safari as the page says. Clearly that is what they're focusing on, but where do they say other browsers are behind?
No, you just have to be willing to call entities on actions that are not acceptable even if you otherwise like what they're doing.
Yeah, those bastards putting up a demo of Safari, how terrible. I reiterate... weak.
But the point is that the demos are using random proprietary Safari features that are not part of HTML5, not planned to be a part of it, and will never become a part of it (for example, because they're CSS features, not HTML ones).
What the hell nonsense are you talking now? HTML5 is being developed in parallel with CSS3, which is vital for it to be used. It would be hard to write an HTML5 demo without CSS. Using CSS and javascript and Webforms 2.0 in conjunction with HTML5 is generally referred to as "HTML5" by both the layman and the people writing the specs.
So calling it a demo of "support for HTML5" is just a bald-faced lie.
No, it is not. Seriously are you being paid to spread FUD or are you just so unbelievably biased that you're willing to twist the truth so badly to attack Apple for putting up a technology demo of cool new open specs. Seriously, show me the code that Apple is including that is not proposed as part of one of the new WHATWG specs.
In other words, this is a pure deceptive marketing ploy, and deserves to be called out as such.
The only thing I've seen that's deceptive is the Slashdot summary. Apple's page is very clear that they're not the only ones with support for HTML5 and that other browsers and Safari are in the process of adding support for the spec. They also clearly state on the page that this is a Safari demo, showing what works in Safari, contrary to the title of the Slashdot article. Seriously, Apple does crap regularly that I think deserves calling out, but this? It makes a good portion of Slashdot sound like bitchy whiners that will complain about anything, even a vendor demoing the level of support they've added for cool new open standards. You have to be biased as hell and looking for a way to interpret this negatively.
Seriously, Apple is dumping resources into an open source project (Webkit) and writing demoes of how cool that is in their browser bringing good PR to the open standard while fighting the proprietary, closed source competitior. And that's what you choose to whine is "evil"? Weak.
Did you actually click "view demo" on Firefox or Chrome?
Yes, it worked fine in Chrome. I later tried Firefox after someone said that did not work, and discovered they were correct. But, it certainly does work in Chrome, at least for me and several others.
Hey, a strawman logical fallacy is a logical fallacy only when you use it to draw a conclusion.
It is used to draw the conclusion that the grandparent post was not a troll.
on paper. Such checks go completely against the intent of the standards.
In a perfect world you don't need to check for browsers because everyone follows a standard, however, not all browsers do, especially for emerging standards (through no fault of their own). In those instanced, browser checking is a very, very useful technique. Would you argue that YouTube is hurting standards because they use browser checking and supply HTML5 video tag versions of pages to some browsers that support the new standard and Flash to everyone else?
A page that only works if your user agent has a certain value isn't standard. Period.
I reject this as an unsupported assertion... oh and writing the word "period" with a period on either side of it is idiotic. "Period period period"? It makes sense if you're vocalizing the punctuation in speech for emphasis, but not the way you're writing it.
The URL http://developer.apple.com/safaridemos/ works fine for me in Chrome. Each link opens a page that says they work best in safari but the demos load and work without issue (although with some bugs for some) if you click the "View Demo" button.
So Apple should spend resources and time to "be nice"? They're a business not a charity. And does anyone even want Safari for Linux? Enough to make it worthwhile?
So, you want me to install Windows on my computer, (and given your fanboy status, I don't think you really want me to do that), or buy a Mac (you'd like that, wouldn't you?) so that I can promote Apple products?
Clearly you missed my point. You want Apple to go out of their way and do random things you seem to want and accuse them of being afraid for not having done so. Yet when I tell you to go out of your way, you throw a hissy fit. If you want something done, do it,. Don't bitch and moan that other's are afraid so they haven't gone out and done a pile of work for you.
And for the record, I don't give a rat's ass what OS you run or if you do or don't install OS X, Windows, or BeOS.
HTML5 will be great! It will just take about 5-10 years for all the other browsers to adopt the standards carefully laid out today.
Thanks to Google, I don't think so. There are a lot of big players pushing hard at getting these adopted. MS will be a holdout as much as they can, but losing share in mobile Web use and overseas browsers share combined with Google's Chrome plug-in will make them much less able to pull it off. Web standards have stagnated a long time because of MS, but times are changing.
You really think Web developers are so stupid in general that they're going to implement bleeding edge HTML5 code and not test it for browser compatibility? That's just dumb.
They want to give the false impression that no one else supports this stuff.
Which they cleverly do by stating "not all browsers offer this support" which implies very strongly that some other browsers do? Are you just looking for crap to complain about or what? I have a different opinion about who's serving up the FUD.
Slashdot Mirror
In what way will having these tattoos enhance your existence?
In what way will having a painting in your house enhance your existence. In what way will any artistic expression or personal expression do so?
Think of how dignified those tattoos will look when you age and your whole body looks like Reagan's neck.
I've heard many variants of this argument but never really bought the idea. Yeah when you're old and wrinkly they won't look good. Neither will your skin. Seriously, if you find "Reagan's neck" to be dignified i any way you are more twisted than I. The ravages of old age aren't sexy or cool or dignified, but just the opposite. At that point, tattoos are the least of your problems.
Do you really want to explain to your grandkids why you thought a math equation... was something that held enough meaning that it required you to permanently scar your body with it?
Yes. Well, assuming I had grandkids, I'd absolutely like to tell them why I chose specific and important mathematical equations and discuss with them the scientific importance, cultural relevance, and history of those equations. That would probably be a hundred times more significant and interesting of a conversation than is the norm.
Note, I don't have any tattoos right now, but I'm not opposed to them. I used to think getting one required a lot of thought, but they're pretty removable these days so maybe instead of lecturing someone about the details of a tattoo they're planning on getting, why not just make suggestions about what would be the most awesomely geeky equation and stop being so patronizing.
...in order to solve some private and isolated problem, we are changing the whole constitution.
No, we're not. I repeat, no, we are not changing the constitution. We're applying it the same as we always have, you just don't understand how it works. There is no "isolated problem". There's public endangerment by yelling in the theater, there's slander and libel, copyright and trademark, fraud, criminal conspiracy, false advertising,and dozens more. There's nothing isolated about the "fire in a crowded theater" handling of free speech versus other individual rights. They are all handled the same way and they're all constitutional. This is how the founding father's applied the first amendment and it is how we still do apply it.
Your free speech right to say, "kill him and his whole family family Vinny" is not as protected as some family's right to live without being murdered, which is why it is not unconstitutional for a law to be passed that has you to be arrested for simply speaking to your associate Vinny in that way.
"yelling fire in a crowded theater" may means[sic] that there are some very special cases when your freedom is restricted, but it is nonsense to make a law only because there is some exception to the rule.
"Yelling fire in a crowded theater" is a well known example from a SCOTUS case used to explain both freedom of speech and constitutionality to students. It's not an exception to the way law works, just an example. Are slander and libel also an exception to the way the law works? What about truth in advertising laws? Fraud and bunco? Criminal conspiracy? Copyright and trademark law? All of these are laws that restrict free speech. They aren't edge case or exceptions, just freedom of speech interpreted under the law and weighed against other rights to strike a balance in the legal code.
And there you may have some very good reason to yell fire in theater...... even if there is no fire.
Sure maybe you do... but you're still responsible under the law for making sure doing so in a particular instance is legal. You can't rely upon the first amendment as a blanket protection while you violate the law which interprets and limit free speech where it conflicts with other protected rights.
Pornography? Just some 20 years ago gay marriage could have been recognized as a pornography.
Only if there were pictures of it and probably not even then... but you seem to have missed my point. You should really read about the "fire in a crowded theater" case to gain a better understanding. Laws can be constitutional and restrict free speech if they balance conflicting rights. That doesn't mean all laws restricting free speech are constitutional. Pornography laws being a good example of a law where there is no case for constitutionality except flawed assertions about "harm" that cannot be quantified or evidenced in any objective way.
Do we wanna to change the law every 20 years!!!!
In many cases yes, but my point was that if people understand and insist upon the constitution being upheld, we can write much more general laws and need less specific interpretation. That, however, requires that people gain an education about how the constitution works instead of making poorly reasoned arguments about one amendment trumping all the others and being some sort of unrestrictable right, even when the consequences would collapse our whole legal system. An understanding of the principals is dreadfully important here. The first amendment does not now nor ever was intended to make it legal for someone to tell lie and your grandmother they own that bridge and for all her money they are wiling to transfer the deed. The first amendment doesn't work that way and insisting it does but that there are some sort of "exceptions" simply clouds the issue and makes reasoned debate on the topic less useful and less likely to result in real strengthening of constitutional protections.
Once the U.S. starts implementing "hate speech" laws...
"Hate speech laws" is used to describe a wide array of laws, many of which are already on the books in much of the US. For example, laws against telling others to commit violent crimes against other people of a certain social group. Then there are "hate speech laws" that make it illegal to make discriminatory, but nonviolent comments about some social group. The fact that the phrase refers to both, makes it pretty much impossible to have a relevant argument about constitutionality without going into more detail about definitions first.
Freedom of speech is designed to protect speech we don't like.
True, but that does not necessarily mean all speech we don't like is protected by the first amendment.
People wanting to regulate speech they don't like are, in fact, running contrary to the constitution.
That depends upon the speech. For example, even the most die hard literalist would have a hard time claiming misinformation on food packaging is constitutionally protected free speech.
Freedom is irrevocable, as the base constitution says. So, even if there is a some stature that restrains it, it is invalid and void. And it is very important that every single person is aware of that fact.
Your view is overly simplistic. Laws can restrain speech and still be constitutional, provided they are striking a balance between different enumerated rights. A law that says ordering your employees to commit murder restricts free speech, but is still constitutional because it simply judges the right to particular free speech versus the right of an individual to live and makes a law in favor of the latter. For more information please do a search for "yelling fire in a crowded theater".
Actually, automated worms generally target services and they account for the majority of malware infections.
Absolutely false. Go look up the top ten malware threats at any AV site, at any time.
Why would you look at the "top ten threats" when you can actually look up the statistics a cited? Why would you assume what some AV company thinks you should pay attention to is the same thing as what has caused the most infections. Personally, I don't have to look up the numbers because I helped write some of the tools ISPs use to track this very information and I still pay attention to the feed.
Code Red targeted IIS.
Initially. One of the later variants targeted UPnP and several other services.
Conflicker was a class of worms. One did target the a server service vulnerability. Another targeted weak passworded shares and another propagated through usb sticks and the "autorun" feature. None of them targeted the UPnP service.
Umm, okay. Aside from telling you you're completely wrong, I don't know what to say. This takes 5 seconds with Google.
Obox - never heard of it - Google turns up nothing.
That's because you fail at copy and paste. It's Qbox, not Obox.
You claim that UPnP is not adequately sandboxed, but give no reason why. Checking services, I see that UPnP runs as the local service account.
First you're conflating user account permissions with access control.
No, I'm wasn't. Via ACLs, the local service account in Windows has access to almost nothing.
Sandboxing != user account permissions. User accounts do not use the same mechanism as ACLs. If you can't even acknowledge you're wrong on such a basic and obvious point I'm not sure there's any point continuing this conversation.
Thanks, and yes, I knew what MAC is. I just didn't know if OSX made use of it, though given the bullshit you said about code red and conflicker above, I don't know if I should believe you.
...and clearly spending 30 seconds doing a Google search is too hard for you. Enjoy your unchangeable and unfounded beliefs.
Malware that targets services is rare. Malware typically targets users and applications - in that order.
Actually, automated worms generally target services and they account for the majority of malware infections. There are more types of viruses and trojans, but each one infects many fewer machines and together they still count as less than half of infections.
Services certainly can be targeted when the opportunity arises, but those opportunities don't come very often, especially in the last several years after debacles like code red hit us and Windows started shipping with the firewall turned on by default.
Even with a firewall, Windows ships with a lot of holes in it by default, for the many services it runs by default.
The one service you mention as an example, UPnP, has had maybe three vulnerabilities in the last decade (two are listed on secunia, but they only go back to 2003; I know there was one in 2001).
Your search foo is weak. UPnP is one of the most exploited of services. Not just code red but Conficker, Qbox, and many others make use of it as an attack vector. Heck there was one where is the entry point for a Flash vulnerability just the other day.
You claim that UPnP is not adequately sandboxed, but give no reason why. Checking services, I see that UPnP runs as the local service account. This local service has no special rights on the system and can't even read user files. How is that not sandboxed enough and what does OSX do to further sandbox it's services?
First you're conflating user account permissions with access control. User accounts are a less finely grained form of security that usually layers with ACLs. In addition to running in a restricted user space, on OS X, ZeroConf is further sandboxed by a mandatory access control architecture (think UAC for the OS interactions). Second, OS X does not run UPnP, it only runs Zeroconf because UPnP is fragmented into the Windows version that needs to be reverse engineered and the actual standard version largely unused.
On Windows more are exposed by default, they're easier to exploit, and they are usually proprietary; all of which leads to less security regardless of market share.
The first claim is downright wrong and the last two are completely unqualified. How are they easier to exploit. How does being proprietary lead to less security?
Sigh. Firewalls aren't magic. Just having one enabled does not mean your default settings on it don't expose any services. I feel like your level of understanding must be so poor I'm just wasting my time. As for the latter two comments, I provided a nice example. They're easier to exploit because they are less sandboxed and there are more of them by default. Being proprietary leads to duplication which increases the number of services providing more area to attack ala UPnP and ZeroConf instead of just one of them.
As for services being more exposed by default, since XPSP2, the firewall has come on by default, meaning precisely zero services were exposed by default.
Fail.
And another thing about UPnp. It is not a proprietary Microsoft technology.
While technically you're correct, in the real world that's not how things actually work.
On a related note, an amusing quip
Yeah, too bad it's completely wrong. Linux uses ZeroConf by default as well as does Solaris and the BSDs. It's a lot easier than reverse engineering what MS did to UPnP with SSDP. But all that i beside the point, which is that if you use the same software on OS X, you have a single well secured service instead of two poorly secured services. And that's just for one example of a trend based upon architectural choices of the respective OS's.
Internet is a highly dangerous place and it's very hard, if not impossible, to secure the browser only for HTML, CSS, JavaScript and DOM. But now Google makes the same mistake like MS with the IE (with ActiveX) and includes PDF in the core browser?
Umm, they built it using their new "secure, sandboxed plug-ins" API. Including it by default improves security because it means fewer people will end up downloading Adobe's terribly insecure PDF reader app or plugin, because the functionality will already be there in a much more secure way.
So what are the architectural differences in OSX or Linux that would protect everyone from malware if they were the dominant platforms?
While the previous poster may be a bit vague on the details, this is not a point without merit. OS X and most desktop Linux variants do, indeed, have some significant security as a result of architectural choices. In other areas Windows has the upper hand, such as how much access control is applied in userland. Services, are a good example. Windows tends to have more open services and because of the proprietary nature of those closed services, more redundant services. A good example is Autodetection of local network services. It's a good type of service to exploit and a common target for malware on all platforms. Microsoft implements UPnP and exposes it by default, but by most accounts does not adequately sandbox it. Further, because it is proprietary, all cross-platform software has to either forgo the ability to link up with other versions of their own software running on other platforms, or they have to implement a different service. The upshot is, if you're running Adobe CS suite or any one of many other software packages on Windows you're running two services (UPnP and Zeroconf) that do the same thing, both of which have to exposed to hackers and neither of which is as sandboxed as it should be. If you're doing the same on OS X you have only one version (Zeroconf) and it is happily sandboxed so an attacker has to exploit not only the service, but also break the sandbox somehow... a very difficult task. This is all the result of how Windows handles services in comparison to OS X or Linux. On Windows more are exposed by default, they're easier to exploit, and they are usually proprietary; all of which leads to less security regardless of market share.
> HTML5 is being developed in parallel with CSS3
No, it's really not. Different groups of people are involved, different working groups, different schedules.
What are you talking about? Both are under the purview of the WHATWG working group.
> is generally referred to as "HTML5" by both the layman and the people writing the specs.
Speaking as one of the latter... no, it's not.
The last sentence of the first paragraph on the HTML5 wikipedia page reads: "In common usage, HTML5 may also refer to the additional use of CSS3, as both technologies are under development in parallel." Apparently you are not the average layperson.
Seriously, show me the code that Apple is including that is not proposed as part of one > of the new WHATWG specs
Well, since no CSS specs are whatwg specs... that's easy.
Gee WHATWG disagrees on that.
As a particularly egregious example, the demo at http://www.apple.com/html5/showcase/vr/ [apple.com] uses 3d transforms
Oh no! Apple implemented a demo with CSS 3D transforms, which has been a fully published working draft since early 2009. The horror! When will those bastards stop implementing openly published Web technologies with open source reference implementations. Clearly they are trying to take over the Web and make it proprietary or something? They do use HTML5 in that demo, they just go on to use another technology as well WHICH THEY SPECIFICALLY MENTION TWICE on the page for that demo. And that's what you find misleading? Yeah, you're just a hater looking for something to bitch about.
Yes. I am claiming that the demos include all sorts of stuff that's not in "the spec" if "the spec" is HTML5, nor is it in any drafts likely to become specs in the near future.
Well, clearly they use some other proposed specs as well, like CSS3, Webforms 2.0, 3D CSS transforms, but I don't see anything that isn't a proposed Web standard.
So they're basically demoing proprietary Safari extensions and trying to claim that they're part of HTML5.
Most people are lumping several technologies into the term "HTML5" in the press and common usage. Even the wikipedia page mentions the term has come to include more technologies in common use. But claiming that open specs submitted as standards with an open source reference implementation is the same thing as "proprietary extensions" is way way way more disingenuous than anything Apple has said on the issue.
In the "other browsers don't implement this stuff" verbiage.
You mean in the Slashdot summary, because I don't see it on Apple's page. Please provide a specific quote and citation.
...don't then advertise it as a demo of HTML5 (complete with the url claiming it has something to do with HTML5).
Apple didn't. Slashdot did. Apple says right in the title of the page that it is a Safari demo of HTML5 features, which is completely true. It does have something to do with HTML5, since it demoes features HTML5 allows Safari to support.
While it sounds damn sexy, I don't want it. It is stained with blood from Foxconn employees that make Apple products.
It's deeply sad that you're just now realizing one product in the US is made by poor people being exploited in foreign countries. That applies to almost everything you buy these days because the market shifted in the direction, long ago. It's also almost ironic that you pick out the iPhone as the example of this product, since Apple has been one of the very few companies actually pushing back and not only auditing their suppliers for human rights violations, but openly publishing those audits and requiring changes from their suppliers. Heck Steve Jobs pioneered a better way when he ran NextStep, creating computers that were technologically superior to anything else in the market and were made in the US using high tech robotics for no exploitation of the poor in foreign countries. How many did you buy? You pick the flagship product from the one guy who gave everyone a chance to buy a product that was not "stained with blood" (as you put it) and choose that as where you're going to make a stand? I don't know if that's more sad or funny at this point.
Come on Apple, how do you expect others to respect your trademarks if you don't respect other?
Ever think of checking your facts before commenting? From the FaceTime IM company web site:
"Our agreement with Apple to transfer the FaceTime trademark to them comes as we are rebranding our company to better reflect our capabilities. We will be announcing a new name in the coming months."
Which makes it sound like what they're demoing is part of "the spec". It's not.
Apple says it's demoing Safari's support for the spec. That is what they explicitly state. Are you claiming that is not true. Please be specific.
It also makes it sound like Safari is just ahead of the other browsers in implementing HTML5 (a line Apple has been pushing hard), which it's not.
How does it make it sound like that? This is a demo of Safari as the page says. Clearly that is what they're focusing on, but where do they say other browsers are behind?
No, you just have to be willing to call entities on actions that are not acceptable even if you otherwise like what they're doing.
Yeah, those bastards putting up a demo of Safari, how terrible. I reiterate... weak.
But the point is that the demos are using random proprietary Safari features that are not part of HTML5, not planned to be a part of it, and will never become a part of it (for example, because they're CSS features, not HTML ones).
What the hell nonsense are you talking now? HTML5 is being developed in parallel with CSS3, which is vital for it to be used. It would be hard to write an HTML5 demo without CSS. Using CSS and javascript and Webforms 2.0 in conjunction with HTML5 is generally referred to as "HTML5" by both the layman and the people writing the specs.
So calling it a demo of "support for HTML5" is just a bald-faced lie.
No, it is not. Seriously are you being paid to spread FUD or are you just so unbelievably biased that you're willing to twist the truth so badly to attack Apple for putting up a technology demo of cool new open specs. Seriously, show me the code that Apple is including that is not proposed as part of one of the new WHATWG specs.
In other words, this is a pure deceptive marketing ploy, and deserves to be called out as such.
The only thing I've seen that's deceptive is the Slashdot summary. Apple's page is very clear that they're not the only ones with support for HTML5 and that other browsers and Safari are in the process of adding support for the spec. They also clearly state on the page that this is a Safari demo, showing what works in Safari, contrary to the title of the Slashdot article. Seriously, Apple does crap regularly that I think deserves calling out, but this? It makes a good portion of Slashdot sound like bitchy whiners that will complain about anything, even a vendor demoing the level of support they've added for cool new open standards. You have to be biased as hell and looking for a way to interpret this negatively.
Seriously, Apple is dumping resources into an open source project (Webkit) and writing demoes of how cool that is in their browser bringing good PR to the open standard while fighting the proprietary, closed source competitior. And that's what you choose to whine is "evil"? Weak.
Did you actually click "view demo" on Firefox or Chrome?
Yes, it worked fine in Chrome. I later tried Firefox after someone said that did not work, and discovered they were correct. But, it certainly does work in Chrome, at least for me and several others.
Besides HTML5 not being standardized yet, it also uses vendor extensions rather than the proposed extensions in the HTML5/CSS3 documents.
What extensions are they using that have not been proposed as part of the spec? I didn't see any.
Hey, a strawman logical fallacy is a logical fallacy only when you use it to draw a conclusion.
It is used to draw the conclusion that the grandparent post was not a troll.
on paper. Such checks go completely against the intent of the standards.
In a perfect world you don't need to check for browsers because everyone follows a standard, however, not all browsers do, especially for emerging standards (through no fault of their own). In those instanced, browser checking is a very, very useful technique. Would you argue that YouTube is hurting standards because they use browser checking and supply HTML5 video tag versions of pages to some browsers that support the new standard and Flash to everyone else?
A page that only works if your user agent has a certain value isn't standard. Period.
I reject this as an unsupported assertion... oh and writing the word "period" with a period on either side of it is idiotic. "Period period period"? It makes sense if you're vocalizing the punctuation in speech for emphasis, but not the way you're writing it.
Wrong, the pages at http://developer.apple.com/safaridemos/ [apple.com] also state that Safari is required.
No, the page says "Best Viewed: Safari iPhone OS, Mac OS X, Windows" but the demos work just fine in Chrome. Did you even try them?
no, they don't. give me a link that works.
The URL http://developer.apple.com/safaridemos/ works fine for me in Chrome. Each link opens a page that says they work best in safari but the demos load and work without issue (although with some bugs for some) if you click the "View Demo" button.
Maybe they could be nice?
So Apple should spend resources and time to "be nice"? They're a business not a charity. And does anyone even want Safari for Linux? Enough to make it worthwhile?
So, you want me to install Windows on my computer, (and given your fanboy status, I don't think you really want me to do that), or buy a Mac (you'd like that, wouldn't you?) so that I can promote Apple products?
Clearly you missed my point. You want Apple to go out of their way and do random things you seem to want and accuse them of being afraid for not having done so. Yet when I tell you to go out of your way, you throw a hissy fit. If you want something done, do it,. Don't bitch and moan that other's are afraid so they haven't gone out and done a pile of work for you.
And for the record, I don't give a rat's ass what OS you run or if you do or don't install OS X, Windows, or BeOS.
HTML5 will be great! It will just take about 5-10 years for all the other browsers to adopt the standards carefully laid out today.
Thanks to Google, I don't think so. There are a lot of big players pushing hard at getting these adopted. MS will be a holdout as much as they can, but losing share in mobile Web use and overseas browsers share combined with Google's Chrome plug-in will make them much less able to pull it off. Web standards have stagnated a long time because of MS, but times are changing.
You really think Web developers are so stupid in general that they're going to implement bleeding edge HTML5 code and not test it for browser compatibility? That's just dumb.
They want to give the false impression that no one else supports this stuff.
Which they cleverly do by stating "not all browsers offer this support" which implies very strongly that some other browsers do? Are you just looking for crap to complain about or what? I have a different opinion about who's serving up the FUD.