I'd say a TV guide style service that also doubles as a scheduling service for PVRs would be right up their alley for starters. Lots of people want to know what time TV shows are playing, and what an episode is about. Making it easy, fast, and searchable would be better than any of the others I've seen lately. I use TitanTV to do scheduling with my PVR right now, but I'd be happy to look at a google alternative. Maybe some of the ads would be targeted at things that actually interest me or are related to the shows I'm looking up. I'd also bet a number of Google employees have MythTV boxes at home they'd love to have a great scheduling service for, ala Tivo, especially if it included suggestions based upon the shows you already watch.
Anyway, that is my prediction. I don't think it is likely Tivo will release a hardware box anytime soon, although it would be great to have another credible competitor in that space. A google branded MythTV box with a simple and easy UI could be a real winner. TV over IP is also a fast moving space with amateur video podcasts and DTV both starting to have content I actually like to watch. Still, my bet is on the first idea, an online TV guide and PVR scheduling service. It seems to fit their MO the best.
They're haven't been many reports of Safari vulnerabilities continuing Apple's domination of the safety record for the last few years.
If you believe that then you haven't been paying attention. Every security update fixes a Safari vulnerability and I am not wholly convinced that it is doing the greatest job from a security perspective. Sure it is better than IE, but there have been some pretty old netscape style vulnerabilities that Safari managed to bring new life to. There have not been many real exploits out there, and I'm not overly concerned using it regularly, but it is not doing any better than Firefox. Safari is not a bad choice, but don't make the mistake of believing it somehow better than the other browsers available, it just isn't so.
I'm sure this bug will be patched within a couple of days.
I'm sure it won't be since it was patched before this exploit was even released. It has not, however, made it into all distribution channels, some linux distros, for example, will not have new version available to their package management system.
Put yourself in Tivo's place. Do you listen to your individual customers who are worried about what the industry will do and refrain from potentially screwing them all over? Or do you instead get that huge sale from Comcast who is willing to sign a contract to use Tivo hardware in every set top box for the next five years, thus forcing most cable customers to become your customer? After all, since the content providers just want the DRM there and promise not to use it till it is too late for your customers and since most of your customers won't know/care that it has happened for years it won't lose you too many sales. Tivo is just playing it safe by partnering with the big boys rather than fighting them.
Truthfully, this market has room for up to four distinct players: Content providers, hardware providers, software providers, and scheduling service providers. The big cable companies want to make sure they own all that space and will play dirty to do it. It is almost impossible to challenge them in the content space, since they are the only source of sufficient bandwidth in the last mile.
Ideally, all four of those areas would be separate and interoperable and there would be competition for each. You could buy an X brand set top PVR, install OS Y, subscribe to scheduling service Z, and still be stuck getting your content from the existing cable company. Already there are companies like Tivo and RealTV making the hardware and software, projects like MythTV and companies like Elgato providing software, and services like TitanTV selling just the subscription. This is the Cable companies ruin, so they are trying hard to maintain power. Thus they make a deal with the number one player, give them a really sweet deal with a long term supplier contract for more money and boxes than they could hope to sell on their own in years, and make sure the stage is set for them to gut the PVR space, by providing their own, limited, but cheaper (by the exact amount they just raised everyone's cable bill) boxes. No one can compete with their bundling, and they have a government enforced monopoly on the last mile that cannot be taken away easily. The result is Tivos starting to suck and be included in cable company provided boxes, that kinda sorta do what the users want, for now.
There are several possibly disruptive factors in their plans. One is cheap, fast internet that could cut them out of the loop and make them compete. Luckily for them, the cable companies and the content producers are mostly owned by the same corp. so there is little chance of that without a big indy video scene appearing. The second wildcard is Microsoft. Their media PS edition could completely screw them, but MS is planning for the long term. They will probably play nice and partner and add all the DRM they want, so long as it is MS DRM and locks everyone in to Windows for the foreseeable future. MS know some day it will all run thru the computer and that day they will subsume the cable companies. Until then they are content to build strength with their file format and OS lock in. The last wildcard is another Tivo. If someone can make a cheap enough device to do what Tivo does, that is easy to use and does not play ball with the cable companies, it could all come tumbling down. They are probably terrified of MythTV, since it cannot be bought out or bribed into the fold.
Plus a physical book was bought or donated to the Libraries at one point in time, where as Google would basically taking physical data, converting it to electronic (all of which *DOES NOT BELONG TO THEM*) and displaying sections of it.
I think you are not well enough versed in U.S. copyright law. The law allows for sections of books to be legally copied without getting permission from anyone. The law has also previously taken into account the intent and end-result of copying. For example it is legal to download an e-book despite that fact that it is digitally reproduced numerous times without permission on various routers, in RAM, and on hard drives. In a more important, precedent setting case, the courts ruled that activity like images.google where entire copyrighted images are copied is legal so long as the end user is only provided with an excerpt unless permission is secured from the copyright holder. Let me repeat that, you can take whole copyrighted works and copy them for the purpose of providing legal excerpts of those works. Now all of this is subject to conditions, but google seems to more than meet them in every instance I can see.
Now tell me, what is the difference between downloading an entire image without permission and providing a thumbnail made from that image to a user and scanning an entire book and providing a small excerpt of that book to a user on demand?
Remember Google is not using these books itself, and presumably their own people do not have the ability to read an entire book. If google downloaded and archived software and built a database of what words were used in the menus of the software and let people search for software based upon that, but only provided a screenshot of the menu, not the software itself, I imagine they would be fine legally as well. I'm afraid you have tried to oversimplify the legal system, which is anything but simple.
Have *you* tried the service ? they claim they deny you access to the rest of the book but they are not. You are free to search again for any other word, and lo and behold, you can read 5 more pages.
It works just fine for me. You know if you are seeing 5 pages that means it is a book where the author has opted in to have that much available. Several publishers seem to have opted in all their books to include nearly all the text. Read the FAQ at print.google already. All of this is explained.
Direct saving of the images is disabled by some javascript code, and this is trivial to hack (or just do a screen grab of the window...).
Or just take a picture of the screen with a camera, or scan a book. This is no easier or harder than copying things from the library. What is your point?
To read most of the content of any book in Google Print I now only need to go down to the nearest internet cafe. I can even print the pages I like for very little money. Compare this to the cost of going to Harvard, and be realistic about the consequences, please.
To read the content of most popular, books, or books recently in print I need to walk three blocks to the nearest public library. If I want to scan the whole bloody thing and resell it, nothing is stopping me. Heck I can do the same with all the DVDs, CDs, VCR tapes etc. they have. Realistically it is more of a pain trying to grab each and every page from Google than from a hard copy. Either of us printing copies of more than a small portion of the books, without the permission of the original copyright holder is illegal and has been for about 30 years now.
In google case, they have done the scanning, and so they are by your own definition committing copyright infrigement.
Every time you download an e-book you're making copies across a bunch of network devices, in RAM, and on your hard drive, but the courts say it is the end result that matters. For example, the courts ruled that a company that copied thousands of images from all over the internet, and then reprinted them as thumbnails was not guilty of copyright infringement because they only reprinted the thumbnails, even though they copied the entire images. Google currently does the same thing with images.google and have not lost any legal cases as far as I know. Google is copying entire books, but is only reprinting excerpts unless they are given permission to reprint more by the copyright holder. I'd say that is a pretty strong precedent. From the end-user's point of view and a functional point of view, google is creating tons of metadata about books, but only reprinting legally allowed fair-use excerpts.
Clearly Google has gone over that limit. This may be outrageous but that's the law!
Not according the rulings of the U.S. courts to date. They reproduce (for the end user) much less than 10% unless given permission. Since their print servers are in the U.S. I don't think the Australian courts can do much about those copies (which are probably legal here).
Google didn't generate any data. They *copied* it. The publisher can and will claim that what Google has scanned in fact belongs to them!
What books contain the word "fruitloop" in them? That is metadata they generated. How many times is it used in a given book? That is metadata they generated. Both of these are facts and cannot be copyrighted. The book "Jone's Walk" begins with the word "The." This is metadata that is a fact and cannot be copyrighted. You and I have no idea what method the data google has generated is stored in. It might be a giant distributed relational database or it might be complete printed copies of each book and a team of guys who look everything up manually. Any given chunk of a book is legal to have a copy of and it is legal to have those indexed in such a way that you can reproduce the entire book if necessary. Each picture of a page is legal by itself. I have all the characters used in pretty much every bo
I may be rather anti-litigious, but in this situation, I think that filing a bug report isn't really the answer. I'm quite sure that legal counsel would confirm that the correct action would be to sue.
Actually, I'm pretty sure you have no grounds for any financial compensation until after you have notified the offending party that they are violating your copyright. Otherwise, the best you can hope for is an injunction against them. So I guess it depends upon your goal.
basically googles stance is that they can do whatever they want with the librarys books unless you specificially tell them to not do it.
Actually Google, and the law as I read it both say Google can reproduce and publish small excerpts of any book they want to, but if you ask them not to they will exclude your book to be nice. Legally, they have no such obligation.
which actually sounds a bit funny as they seem to be searchable in full and basically readable in full as well
Being searchable in full is sort of the point, and is metadata, i.e. data about what is in a book. That data is a fact and is not copyrightable. As to entire books being viewable, that should only apply to public domain works and works where the copyright holder gave Google their permission. If you can view more than a few pages of any one book, and you don't think it falls into one of those categories, you should submit it as a bug.
making indexes that contain the copyrighted material in full is copying - or else we would have a very convinient loophole to destroy all copyrights.
Sort of like copying a work in RAM, and/or across network devices is copying? The courts have taken into account the intent and the end result of this sort of copying before. If the end user only sees a few pages, then that is probably what the courts will rule is the copied portion in any given instance.
Check the front few pages of some of your favorite books and look for the copyright statement.
Heh, I think now you're making a mistake. Copyright statements are not EULAs or any sort of contract. It is just legal boilerplate that attempts to claim as many rights as possible in the hopes that they can be enforced. I've written some myself, but if I include "...and you'll pay me annually the sum of one million dollars, bwahahahaha!" that does not mean they are actually obligated to pay.
In this case, quoting a few lines, or copying a few pages for academic use, are worlds apart from a for-profit business scanning entire books.
You may be right, but they are only providing a few pages to any end user, in any given instance, which is legal. And, while copying the entire work may technically be illegal in and of itself, many devices to the same thing every day, copying entire works into memory, transmitting them, copying them into different memory etc. Google is upholding the spirit of the law, and the courts may well recognize that, as they have with electronic devices.
No they are not. To go read something at the Harvard Library I need to purchase a plane ticket and go there in person, and then if someone else has the book I'm interested in then I might have to wait for a long time.
And to read the content online you need to have a computer, electricity, an internet connection, the time to wait for it to download, etc.
The content of the libraries is free for viewing. Incidental costs like plane fair to get to a particular library, or your time while you wait for it to become available do not alter that fact. There are incidental costs involved with everything. Next I suppose you'll be claiming breathing isn't free because you need to eat food to power your lungs. Sorry, I reject your argument.
It is way more than that. You can copy the pages and keep them forever, you can redistribute them without any effort. With a bit of patience and organisation you can in fact copy the whole book.
So? With a bookstore or library and a digital camera, you can do the same thing. Or a scanner or a copy machine for that matter. There is a way to deal with that, it is called copyright law.
What happens if Google goes out of business? what if they decide they want to sell this data? is it valuable? you bet! who would get the money?
Google generated the data (almost metadata actually) and did all the work. They would also get the profit, but that is unlikely due to legal issues.
Wrong. You can search all books in their entirety. You can display almost any page. There are some non-severe limitations but this is not the point.
Have you even tried using it? Yes, you can search the entire book, you just can't see the entire book, only a few pages. Search for a common word, not on their "no search" list and you may get 50 references in the book, but you will only be able to see a few pages that have that term on them before Google denies you access to the others.
The point is that publishers believe they own the *content* of books still under copyright
Actually the works themselves are copyrighted. The ideas and facts within cannot be copyrighted. Google allows you to search the text for any words, but they only provide small excerpts of the books to the public, as the law allows.
I'm not sure I understand what you mean. Libraries, as far as I know, buy their books or receive them as donations. They are public institutions and thus those copies of the books ultimately belong to the people. I've never seen a public library that has any restriction on who can come in and read a book. I know the library down the street from me allows anyone who wants to to come in and read anything there. I'd say that is free to the public.
Google does not pay this fee.
Google is scanning in books that are owned by libraries. You might argue that scanning in books is not fair use, but given the end results it is certainly in the spirit of the law.
You are clearly not trying to make a living from writing, then.
Actually, the vast majority of my income comes from my career as a professional writer. I, personally, am happy to have google archive and index my books. If anything I expect it will increase sales as people search for information on a subject and are able to find my books, which are useful to them. I expect the number of people who find my books as the result of a google search and then purchase them to use as a reference will far outweigh the number of people who would normally buy a book, but instead decide to just look up the 2-4 pages google provides and not buy a copy. Anyone who is content with just those pages as a reference should be checking the book out of a library anyway, not buying it.
You mean the firewall that isn't turned on by default ?
Yup, just like the system services that are not enabled by default. Not really much to firewall is there.
A user process is quite capable of starting a daemon...
Provided you can get a user to run it.
OS X users are/frequently/ prompted for an admin password - most type it without even thinking, let alone verifying what has asked. Social engineering in such an environment is simple.
I think you are confusing yourself with a typical user. I'm rarely asked for my admin password, especially to run/install a program and I'm always suspicious of programs that do want such access. You trivialize the social engineering required, but I have yet to see it accomplished on a wide scale.
But never by design, as you claimed
I said "due to the buggy design."
Which explains why Outlook is one of the cornerstones of the average businesses e-mail, collaboration and messaging platform.
True, most business do not care about security and/or do not hire competent security people. The huge amount of exposed customer data over the last few years shows that. When things do go bad, the focus is usually on PR and finding a scapegoat rather than fixing the problem. The number of banks and financial institutions that undergo security assessments by law and then completely disregard all the security recommendations is staggering. The 40 billion dollars banks lost to credit card fraud (and thus the more interest they charge) is pretty solid proof of entire industries that care a lot more about sales, then reducing lost money or data by having better security.
Outlook has never exhibited the behaviour you describe, by design, by default.
It did, and some versions do exhibit the behavior I describe, and that is the result of poor priorities and design choices. Just because no one sat down and said, well lets make it run scripts attached to anything the user previews" does not mean that that behavior is not the result of their design combined with circumstances they did not consider.
Do you have a list of these unpatched vulnerabilities ?
I don't know that anyone has compiled such a list. Entering "windows local privilege escalation" into google will give you about a quarter of a million results. The first result is the source code and instructions for an unpatched local privilege escalation exploit.
ActiveX is something that can be disabled.
We are talking about default and/or common configurations. Most users won't disable ActiveX or even know what it is. Within a few years a sizable number of Windows machines will ship with it disabled by default, but how long will it take for it to be a majority and how many users will have to enable it to use some service or another?
I've no doubt I could bang up something that, when run, installed itself into a user's startup items, fire up a network daemon to allow interactive remote logins and send off a few emails with the system's vital stats in a matter of hours.
That is not the problem, the problem is, can you get that executable installed on a significant number of machines either through automatic propagation, clever social engineering, or some other method?
We'll just have to agree to disagree on this one. I think that having real, usable non-admin accounts, better informative dialogues, much better defaults for services and permissions, not using outlook and IE by default, not implementing Active X at all, and dozens of other design choices make OS X more resistant to malware. Results from the field seem to agree with me, with no known malware spreading on Mac computers. You try to explain this away as the result of circumstance, and to some degree you are correct, but that does not mean it is all circumstance. I can't even conceive of how you can think a relatively securely designed OS like OS X could ever be as e
The difference is whether the publisher agrees to it.
I think you are mistaken. Publishers hold a lot of rights, but so do owners of a work. Libraries are allowed to make card catalogues of their books even going so far as to copy the title and the author without permission of the copyright holder. The law also says they can quote portions of the work, with special exemptions for academic endeavors.
Now Google, working with libraries, is enhancing that card catalogue to make it even easier to find the book you want. Sure, technically maybe they have a complete copy cached, but guess what lots of electronic devices have copies of works cached illegally. I think the courts are smart enough to get with the times and realize that it is the end result, not the workings of the technological mechanism, that counts. Google is providing fair-use portions of books and working hard to make sure they don't violate any copyrights. We'll see how the courts rule I guess.
More important than the current law, however, does anyone doubt that having a searchable database of the contents of all books is a good thing for humanity? There is another exemption in the copyright laws, and that is for the library of Congress. Why the hell aren't they still collecting reference samples and providing a database like this for the good of the people?
First of all the content of public web sites is generally freely available to all.
And the contents of the libraries Google is scanning are not?
Google only provides a free indexing service to all that content.
Google caches Web pages and provides a short blurb from each page with the link to help you determine if this is valuable material for you. Now Google has added library books and you can view a page or two of the book to determine if it is a book you want to buy or check out from a library.
Further, web sites are usually happy to be searchable through Google, because their goal is to be visible and read...
The libraries Google is scanning are providing them with access and often free office space while performing their scans. They to want their catalogue to be easily searchable. It is the library that owns the book that is using their right to copy small portions of the book for literary endeavors. It seems pretty kosher to me. Any library that does not want to participate can just say "no" or not invite Google to come over.
You have looked at the Google pages right? You know they only let you see a few pages of most books and only public domain books and books whose copyright holder has given permission are shown in their entirety right? Surely you don't begrudge any library the right to build a searchable database of the books they own, just like you don't begrudge me the right to build a searchable database of the books I own.
I'm not sure how anyone has any right to complain. But this is America, so a lawsuit was inevitable.
There's very little that malware needs (or wants) to do that requires root privileges.
You mean like enable a network service or open a port in the firewall? There is not much malware that needs root (or sudo) access on Windows, but that is just because everyone is running as an administrator (which is a major problem right there) and because Admin on windows does not ask for the admin password to perform many operation that it probably should.
What "vital functions" - from a malware perspective
See above.
Many people are suspicious (or smart) enough to avoid malware on Windows, as well
OK, I'll use really small words for you. Windows: users are not prompted for a password. OS X: Users are prompted for a password. I think it is clear that malware is more likely to arouse a user's suspicion if they are running OS X, since it alerts them.
Outlook has never automatically executed attachments by default.
Please re-read my comments. Outlook has at many times in the past automatically executed scripts attached to mail delivered to it either immediately, when the mail is previewed, or when the mail is opened. The last time I bothered to look, it still executed scripts and executables when they were double clicked without providing a warning that they were executable, not data. All of the above is a security nightmare which is why pretty much every security conscious company with a clue has banned outlook as an e-mail client.
IE runs at the same privilege level as the user...
We've seen plenty of exploits via the web that grant full access to the system via Explorer and plenty of cases where using IE one user can gain access to another's files, or to protected system files. Running with the same privileges as the local user this should not be possible. Not that it makes a big difference since there are so many known, outstanding local privilege escalations on Windows that gaining more privileges from a normal user account is not exactly hard.
The architecture of Safari (+WebCore) is basically identical to IE. Safari has also had a couple of big-ish flaws from an architectural perspective as well, IIRC.
Safari+Webcore does not implement Active X or anything like it. As a result it will never be as poorly architected as IE. While there are flaws in the design of Safari and Webcore I don't know of any actual architectural decisions that are on par with the mess that is IE. Would you care to elaborate upon the point?
The biggest technical obstacle is a lack of listening network servces by default - and that only protects again remotely propogating worms (interestingly, OS X ships with the firewall *off*). There's very little to stand in the way of user-installed malware, the type typically found on Windows machines.
And yet, there aren't any. It has been years and everyone keeps saying it is not really hard to make a OS X worm, but it just hasn't happened. Maybe because it is harder than you think? As for "user-installed malware" that does not make up the majority or infected machines, nor network traffic for malware. Self-propagating worms make up the majority of infections, although not necessarily the majority of infections known to the user.
Sure a trojan can be sent out that poses as a harmless program or data, but the user will be warned that it is an executable, so all those trojans that pose as data will have a significant number of alerted security people and users who decide not to run it because they are unsure. A trojan posing as an executable has a harder time since it can't be easily passed of as porn or other "desirable" data. Combine that with limited privileges, a community of security experts, easy updates/patches that users actually install, and users that don't run as admin all the time and you have a system much more resistant to common malware than Windows. It is not immune by any means, but to claim it is no better than Windows is also misguided.
But just because they've forgotten about something that "aren't really doing [the companies] any good anyway", doesn't mean google can have it automatically.
I disagree. By default all works should be in the public domain. If there is no reason for a right to be taken from the people and if it cannot be demonstrated that maintaining copyright on a particular book is "advancing science and useful art" then it should be returned to the people. I'd go much further than Google. If a work is not being sold at a reasonable market rate then the publisher is not benefitting from their copyright except perhaps to try to make a work unavailable so that it does not compete with their current offerings. This is diametrically opposed to the purpose of copyright.
You're working from the incorrect assumption that it is the natural right of publishers to be able to restrict others from freely copying text. In fact that is not a natural right, but one imposed by the government for a specific purpose. That purpose is not to make money, it is to advance art and science and that is not accomplished by bury works or making sure the public has no access to them.
I don't know, I've only purchased one album and a few misc. songs there myself. I use it only for items I can't find anywhere else. The songs I've purchased show only the front cover album art.
The music industry could pull out anytime it wanted and could destroy iTunes.
Maybe, maybe not. The RIAA has already been convicted of price fixing. Taking all their songs and going home from the number one online music seller might result in some serious legal problems. Forcing price hikes might result in the same for that matter. You might think, "so what the legal system is corrupt anyway" and you'd be right, up to a point. But unlike operating systems people understand increased music prices and they understand the itunes store having all the music unavailable and I seriously doubt they will be happy about either. Jobs making this all public is step number one. And any politician who is looking for speaking points and free press has a new cause to champion and a new villain to vilify. Aren't you going to vote for the gubernatorial candidate who promises to "stop those fat cat music moguls and make them offer music at a reasonable price again!" The RIAA better think very carefully before they play the bully with this one.
Well, yeah. The Russian Mafia certainly have fewer start-up costs involved in the production of music...
Have you got any information to back up that accusation or a are you just making libelous remarks based on some rumor? From the sound of it, you are not particularly well informed so I'm guessing the latter.
You gain granularity in that you can buy only the songs you want. You gain instant gratification in that you can get the song immediately without going to a store. You gain selection since many songs available in the iTunes store are not available in most record stores. Also, your comment about album art is no longer correct. Most albums sold there come with the artwork, and some with music videos. I'm also not sure about price. In some cases the iTunes store costs more and in some less than buying the physical album.
Personally, I only buy music from there if I really want it and can't find it anywhere else. Used CD's are my normal purchase, as well as small indy CD's from band performances.
Anyway, there are advantages to the iTunes store as well as disadvantages. Most of the disadvantages you mention are meaningless gibberish to the average consumer. Price, however, is not.
I don't kid myself the lack of OS X viruses is because of something in the OS making them impossible (or even difficult) to create.
Actually, I think it is pretty difficult to create an internet worm or virus that will infect OS X machines and propagate. Some of this is due to circumstance and some of it is due to a better design. Circumstantially OS X machines are still not common, so any worm or virus that wanted to quickly spread to them would have to be cross-platform or very intelligently targeted. Either is a hurdle for malware authors to overcome.
Secondly, the user base for OS X is composed of a lot of geeks and security guys, so a propagating worm is much more likely to run afoul of someone's well configured firewall, ACL, IDS, etc. and be identified quickly.
Architecturally, OS X does a good job of warning users, by default, when a downloaded file is executable, thus partially mitigating that avenue of attack. Root users are an extreme rarity, local privilege escalation is non trivial, and the system does a fair job of restricting access to vital functions via the admin password. Many users will just enter it anyway (if they admin their own machine) but not all of them and it is enough to make many users suspicious (possibly helping to identify a virus early).
Also vectors for spreading a worm are pretty hard to come by. On windows worms go after known or unknown vulnerabilities, usually in exposed system services like RPC. OS X has no exposed system services by default on any version of the OS. Windows has firewalled them recently with XP SP 2, but still has them exposed behind that firewall and wide open on other versions of windows. Outlook and IE are common vectors for viruses via web pages and e-mail, as well as P2P protocols and IM. Both outlook and IE are very poorly designed with security a tertiary concern. Outlook automatically runs all sorts of executable files due to its buggy implementation and automatically fetches remote files from the internet without user intervention, by default. IE has been pounded on again and again and most of the obvious bugs have been shaken out, but it remains a good target because it runs with escalated privileges far beyond what a web browser needs. It also incorporates Active X by default which is basically a way to run arbitrary code without a sandbox on your system, inherently trusting remote web sites. That is some pretty piss poor security. All of this has has added security measures bolted on, but the fundamental problems are still there.
Contrast this with Safari and Mail.app and you'll see programs that, while not perfect, at least don't make huge, fundamental security mistakes in their basic architecture. I'm sure eventually someone will get a worm to propagate via a hole in unpatched versions of Safari or Mail.app, but I am also skeptical that it will go very far or have much effect. Patching is another important concern. So far OS X has a good track record for timely security fixes and has a well thought out mechanism for software updates. Everyone I know updates their OS X boxes regularly, because the OS asks them to, while only some Windows users do the same.
Basically, worms and viruses can propagate on OS X, but the deck is well stacked against them. It is not an easy target or a particularly profitable target. Either of those things might change in the future, but as things stand it does not look like OS X will ever suffer from the same level of problems with regard to worms and viruses that Windows currently does. OS X does make it difficult to create a successful virus or worm.
The primary problem with OS X is the indiscriminate use of the administrative password.
I agree with you for the most part. There are plenty of applications that actually need administrative privileges to install and the OS should provide more information about these applications and more finely grained security for managing them. The real problem, however, is programs that should have no need for administrative passwords, but that require them anyway. The Adobe Creative Suite, for example, requires an admin password to install. If not for the fact that I need it to do my job I would never enter my password to run an image editor and layout program. Combine that with the fact that some of the programs in the suite try to call home. The reason it asks for the password is so that it can install a CVS-like management server on your machine that always runs in the background with escalated privileges, sucks down huge amounts of RAM, and provides an easy avenue for privilege escalation attacks via a number of obvious vulnerabilities. Somehow vendors need to be made to pay attention to security or the OS needs to provide a sandbox for applications that can't be trusted.
On a related note, trojans could do a lot of damage on OS X right now because many users might download a random application that they think is a game and run it. They might (as you mentioned) even type in their admin password for it. I think what is needed is an easily user configurable set of ACLs for programs with some sensible and well thought out defaults.
The OS already warns the user when the download is an executable, so it is hard to hide one as a data file, but it would be useful to go one step further. By default most applications should not have access to a user's files (aside from those it creates), system files, or the internet. I think it is perfectly reasonable to download a game from some random web site, run it, and expect my OS to be able to keep it from starting a mail server, modifying my firewall, or copying my financial records. If it is an online game, fine, let the OS ask me if I want to allow it to access the internet, with an advanced configuration pane for what ports it can talk on and what servers it can talk to. If it is a graphics editor and it is used to modify my pictures, fine let me open pictures with it that I manually select, or if it wants to open all my pictures for me, or become the default application for opening a set of files, the OS can ask me.
This sort of system would quickly curtail most trojans as well as rein in software vendors like Adobe who can't be trusted to play nicely. It is probably not needed to deal with current threats on the OS X platform, but it may well be needed in the future and would be very, very useful for many people right now. And I think Apple is the right company to do it. The hard part about all of this is making the experience intuitive and user friendly enough. Requests for resources need to be explained in plain English with clearly defined consequences, ala "The application 'Monkey Madness 4' would like to connect to the internet in a way usually used to send e-mail. (Don't let it send e-mail) (Never let it send e-mail) (Let it send e-mail just this once) (Always let it send e-mail) (Advanced Options)."
That is the sort of control I am talking about, but with a lot more user testing to see what actually is easiest for users. Please Apple, implement this ASAP so that MS and all the Linux distros can copy it and make the internet a much better place.
How ca competition exist without "duplication of effort"?
It is a trade-off. The more competition you have, the more effort is duplicated. The more resources are combined and shared to reduce unnecessary duplication the less competition. For example, Everyone living in a house, but each building and using their own bath tub is wasteful. Their is no reason multiple people cannot share one bathtub. In doing so, however, there is no testing of multiple bath tubs and thus the "best" tub design will not necessarily be identified.
I see some and am a member of two.
I think you mistake the intended meaning of my statement. In many countries the wealth and power has greatly consolidated. Less than one percent of the population controlling 50% of the resources. It is very, very rare for the money and resources controlled by that small percentage to again be equitably distributed among the general populace. As a result the creation of communes that control a significant amount of resources to appear is very small. Small communes exist and benefit the members, but I doubt any single commune will ever control 1% of the resources in the U.S. and I would be flabbergasted if 50 different communes ever controlled 1% each.
Not all OSS is high quality, far from it. And last but not least, not all of it is maintained on a decently regular basis.
The same is true of closed source software. So from a consumer perspective you can either have software that may be abandoned, not updated, not maintained, etc. that is closed source or open source. If it is closed source, you're completely screwed. How many programs have places I work for standardized on, only to find the companies that write the software go under, abandon it, or get bought by a competitor who immediately kills it. Hell, right now the best software to do my main job, and those of the people working with me, has been end of lined by the manufacturer (who bought the original manufacturer). They killed the Mac, Linux, and Solaris versions. They haven't added any features to the Windows version in years. You can't pay them to fix things.
Compare this to an open source solution. With the same software we could at least have one of our engineers or an outside consultant fix the bugs in the product rather than working around them for years because the vendor refuses to fix it. With open source at least the problem is solvable, if potentially expensive. That is head and shoulders above "you're screwed."
Obviously the "making money off support" is not always workable...
Making money off of open source has not been a problem for many years. Making money of of support is a short term hack. Sure it pays some bills, but it also encourages software that needs lots of support.
The way to make money off of open source is easy, you get paid to write code. If someone wants a bug fixed, or functionality added, or something customized, they pay for it. Companies open source their software for free improvements, PR benefits, etc. It works well too. Nobody writes open source software and tries to sell it. That is short sighted. Find someone who wants a better solution, write it, and get them to pay you. Get them to pay you for any improvements they want, when they want improvements. Get every other company that needs the same or similar software to pay you for any improvements they want. That is the way it works for everything from OS's and web servers to specialized research applications. Why is this so hard for people to grasp? It is the same as building any other infrastructure. Companies don't build sewer systems under a city and then try to get the city to pay them, the city hires them to do it. If the city wants something fixed, they hire someone (maybe the original vendor maybe someone else) to fix it or add on to it. Only a fool or a crook would pay the guys who build their own secret sewer system under the city which they won't let anyone see and, won't let anyone else fix, and won't let anyone else build improvements to. The fact that most companies and organizations tolerate this for their software is mind boggling.
Sorry for the rant, but I'm tired of people who can't see open source software except in terms of closed source software. It is a different model, selling programming services, rather than selling a product. It does not let an engineer gouge their customers as easily, so as an engineer you may wish to avoid it if you can, but don't be surprised if your customers realize the advantage and start demanding it.
Mr. Ignoramus enabled the crime to happen on your network, he would be on the hook for it. Ignorance is not a valid defense.
Actually, you're confusing the concept. The law says ignorance of the law (usually) is not an excuse for violating the law. This has absolutely nothing to do with ignorance about anything else. You don't know that Vinnie and Guido are currently planning on murdering that guy whose been poking around their warehouse. You're ignorant of that. If you rent them a car, sell them concrete, or even sell them a gun and give them directions, you're still not guilty of conspiracy to commit murder.
Leaving your wireless network wide open could easily provide plausible deniability if no files can be found on your machine and you don't imply you did so just to gain said plausibility. Personally, I leave my wireless connection wide open, intentionally. Anyone who wants to can use it, although if it ever bogs down I'll bandwidth throttle it per mac address. I don't do so because I want to hide any illegal activity, just because I'm a nice guy.
If the RIAA ever comes a knocking I'll be happy to go to court and let them try to prove I did anything illegal. I also will refuse to give them keys to my encrypted hard drive shares without a warrant and I'll be happy to counter sue them for damages and court costs.
I'd say a TV guide style service that also doubles as a scheduling service for PVRs would be right up their alley for starters. Lots of people want to know what time TV shows are playing, and what an episode is about. Making it easy, fast, and searchable would be better than any of the others I've seen lately. I use TitanTV to do scheduling with my PVR right now, but I'd be happy to look at a google alternative. Maybe some of the ads would be targeted at things that actually interest me or are related to the shows I'm looking up. I'd also bet a number of Google employees have MythTV boxes at home they'd love to have a great scheduling service for, ala Tivo, especially if it included suggestions based upon the shows you already watch.
Anyway, that is my prediction. I don't think it is likely Tivo will release a hardware box anytime soon, although it would be great to have another credible competitor in that space. A google branded MythTV box with a simple and easy UI could be a real winner. TV over IP is also a fast moving space with amateur video podcasts and DTV both starting to have content I actually like to watch. Still, my bet is on the first idea, an online TV guide and PVR scheduling service. It seems to fit their MO the best.
They're haven't been many reports of Safari vulnerabilities continuing Apple's domination of the safety record for the last few years.
If you believe that then you haven't been paying attention. Every security update fixes a Safari vulnerability and I am not wholly convinced that it is doing the greatest job from a security perspective. Sure it is better than IE, but there have been some pretty old netscape style vulnerabilities that Safari managed to bring new life to. There have not been many real exploits out there, and I'm not overly concerned using it regularly, but it is not doing any better than Firefox. Safari is not a bad choice, but don't make the mistake of believing it somehow better than the other browsers available, it just isn't so.
I'm sure this bug will be patched within a couple of days.
I'm sure it won't be since it was patched before this exploit was even released. It has not, however, made it into all distribution channels, some linux distros, for example, will not have new version available to their package management system.
Exactly why is TiVo adding this functionality?
Put yourself in Tivo's place. Do you listen to your individual customers who are worried about what the industry will do and refrain from potentially screwing them all over? Or do you instead get that huge sale from Comcast who is willing to sign a contract to use Tivo hardware in every set top box for the next five years, thus forcing most cable customers to become your customer? After all, since the content providers just want the DRM there and promise not to use it till it is too late for your customers and since most of your customers won't know/care that it has happened for years it won't lose you too many sales. Tivo is just playing it safe by partnering with the big boys rather than fighting them.
Truthfully, this market has room for up to four distinct players: Content providers, hardware providers, software providers, and scheduling service providers. The big cable companies want to make sure they own all that space and will play dirty to do it. It is almost impossible to challenge them in the content space, since they are the only source of sufficient bandwidth in the last mile.
Ideally, all four of those areas would be separate and interoperable and there would be competition for each. You could buy an X brand set top PVR, install OS Y, subscribe to scheduling service Z, and still be stuck getting your content from the existing cable company. Already there are companies like Tivo and RealTV making the hardware and software, projects like MythTV and companies like Elgato providing software, and services like TitanTV selling just the subscription. This is the Cable companies ruin, so they are trying hard to maintain power. Thus they make a deal with the number one player, give them a really sweet deal with a long term supplier contract for more money and boxes than they could hope to sell on their own in years, and make sure the stage is set for them to gut the PVR space, by providing their own, limited, but cheaper (by the exact amount they just raised everyone's cable bill) boxes. No one can compete with their bundling, and they have a government enforced monopoly on the last mile that cannot be taken away easily. The result is Tivos starting to suck and be included in cable company provided boxes, that kinda sorta do what the users want, for now.
There are several possibly disruptive factors in their plans. One is cheap, fast internet that could cut them out of the loop and make them compete. Luckily for them, the cable companies and the content producers are mostly owned by the same corp. so there is little chance of that without a big indy video scene appearing. The second wildcard is Microsoft. Their media PS edition could completely screw them, but MS is planning for the long term. They will probably play nice and partner and add all the DRM they want, so long as it is MS DRM and locks everyone in to Windows for the foreseeable future. MS know some day it will all run thru the computer and that day they will subsume the cable companies. Until then they are content to build strength with their file format and OS lock in. The last wildcard is another Tivo. If someone can make a cheap enough device to do what Tivo does, that is easy to use and does not play ball with the cable companies, it could all come tumbling down. They are probably terrified of MythTV, since it cannot be bought out or bribed into the fold.
At least that is my take on it. I could be wrong.
Plus a physical book was bought or donated to the Libraries at one point in time, where as Google would basically taking physical data, converting it to electronic (all of which *DOES NOT BELONG TO THEM*) and displaying sections of it.
I think you are not well enough versed in U.S. copyright law. The law allows for sections of books to be legally copied without getting permission from anyone. The law has also previously taken into account the intent and end-result of copying. For example it is legal to download an e-book despite that fact that it is digitally reproduced numerous times without permission on various routers, in RAM, and on hard drives. In a more important, precedent setting case, the courts ruled that activity like images.google where entire copyrighted images are copied is legal so long as the end user is only provided with an excerpt unless permission is secured from the copyright holder. Let me repeat that, you can take whole copyrighted works and copy them for the purpose of providing legal excerpts of those works. Now all of this is subject to conditions, but google seems to more than meet them in every instance I can see.
Now tell me, what is the difference between downloading an entire image without permission and providing a thumbnail made from that image to a user and scanning an entire book and providing a small excerpt of that book to a user on demand?
Remember Google is not using these books itself, and presumably their own people do not have the ability to read an entire book. If google downloaded and archived software and built a database of what words were used in the menus of the software and let people search for software based upon that, but only provided a screenshot of the menu, not the software itself, I imagine they would be fine legally as well. I'm afraid you have tried to oversimplify the legal system, which is anything but simple.
Have *you* tried the service ? they claim they deny you access to the rest of the book but they are not. You are free to search again for any other word, and lo and behold, you can read 5 more pages.
It works just fine for me. You know if you are seeing 5 pages that means it is a book where the author has opted in to have that much available. Several publishers seem to have opted in all their books to include nearly all the text. Read the FAQ at print.google already. All of this is explained.
Direct saving of the images is disabled by some javascript code, and this is trivial to hack (or just do a screen grab of the window...).
Or just take a picture of the screen with a camera, or scan a book. This is no easier or harder than copying things from the library. What is your point?
To read most of the content of any book in Google Print I now only need to go down to the nearest internet cafe. I can even print the pages I like for very little money. Compare this to the cost of going to Harvard, and be realistic about the consequences, please.
To read the content of most popular, books, or books recently in print I need to walk three blocks to the nearest public library. If I want to scan the whole bloody thing and resell it, nothing is stopping me. Heck I can do the same with all the DVDs, CDs, VCR tapes etc. they have. Realistically it is more of a pain trying to grab each and every page from Google than from a hard copy. Either of us printing copies of more than a small portion of the books, without the permission of the original copyright holder is illegal and has been for about 30 years now.
In google case, they have done the scanning, and so they are by your own definition committing copyright infrigement.
Every time you download an e-book you're making copies across a bunch of network devices, in RAM, and on your hard drive, but the courts say it is the end result that matters. For example, the courts ruled that a company that copied thousands of images from all over the internet, and then reprinted them as thumbnails was not guilty of copyright infringement because they only reprinted the thumbnails, even though they copied the entire images. Google currently does the same thing with images.google and have not lost any legal cases as far as I know. Google is copying entire books, but is only reprinting excerpts unless they are given permission to reprint more by the copyright holder. I'd say that is a pretty strong precedent. From the end-user's point of view and a functional point of view, google is creating tons of metadata about books, but only reprinting legally allowed fair-use excerpts.
Clearly Google has gone over that limit. This may be outrageous but that's the law!
Not according the rulings of the U.S. courts to date. They reproduce (for the end user) much less than 10% unless given permission. Since their print servers are in the U.S. I don't think the Australian courts can do much about those copies (which are probably legal here).
Google didn't generate any data. They *copied* it. The publisher can and will claim that what Google has scanned in fact belongs to them!
What books contain the word "fruitloop" in them? That is metadata they generated. How many times is it used in a given book? That is metadata they generated. Both of these are facts and cannot be copyrighted. The book "Jone's Walk" begins with the word "The." This is metadata that is a fact and cannot be copyrighted. You and I have no idea what method the data google has generated is stored in. It might be a giant distributed relational database or it might be complete printed copies of each book and a team of guys who look everything up manually. Any given chunk of a book is legal to have a copy of and it is legal to have those indexed in such a way that you can reproduce the entire book if necessary. Each picture of a page is legal by itself. I have all the characters used in pretty much every bo
I may be rather anti-litigious, but in this situation, I think that filing a bug report isn't really the answer. I'm quite sure that legal counsel would confirm that the correct action would be to sue.
Actually, I'm pretty sure you have no grounds for any financial compensation until after you have notified the offending party that they are violating your copyright. Otherwise, the best you can hope for is an injunction against them. So I guess it depends upon your goal.
basically googles stance is that they can do whatever they want with the librarys books unless you specificially tell them to not do it.
Actually Google, and the law as I read it both say Google can reproduce and publish small excerpts of any book they want to, but if you ask them not to they will exclude your book to be nice. Legally, they have no such obligation.
which actually sounds a bit funny as they seem to be searchable in full and basically readable in full as well
Being searchable in full is sort of the point, and is metadata, i.e. data about what is in a book. That data is a fact and is not copyrightable. As to entire books being viewable, that should only apply to public domain works and works where the copyright holder gave Google their permission. If you can view more than a few pages of any one book, and you don't think it falls into one of those categories, you should submit it as a bug.
making indexes that contain the copyrighted material in full is copying - or else we would have a very convinient loophole to destroy all copyrights.
Sort of like copying a work in RAM, and/or across network devices is copying? The courts have taken into account the intent and the end result of this sort of copying before. If the end user only sees a few pages, then that is probably what the courts will rule is the copied portion in any given instance.
Check the front few pages of some of your favorite books and look for the copyright statement.
Heh, I think now you're making a mistake. Copyright statements are not EULAs or any sort of contract. It is just legal boilerplate that attempts to claim as many rights as possible in the hopes that they can be enforced. I've written some myself, but if I include "...and you'll pay me annually the sum of one million dollars, bwahahahaha!" that does not mean they are actually obligated to pay.
In this case, quoting a few lines, or copying a few pages for academic use, are worlds apart from a for-profit business scanning entire books.
You may be right, but they are only providing a few pages to any end user, in any given instance, which is legal. And, while copying the entire work may technically be illegal in and of itself, many devices to the same thing every day, copying entire works into memory, transmitting them, copying them into different memory etc. Google is upholding the spirit of the law, and the courts may well recognize that, as they have with electronic devices.
No they are not. To go read something at the Harvard Library I need to purchase a plane ticket and go there in person, and then if someone else has the book I'm interested in then I might have to wait for a long time.
And to read the content online you need to have a computer, electricity, an internet connection, the time to wait for it to download, etc.
The content of the libraries is free for viewing. Incidental costs like plane fair to get to a particular library, or your time while you wait for it to become available do not alter that fact. There are incidental costs involved with everything. Next I suppose you'll be claiming breathing isn't free because you need to eat food to power your lungs. Sorry, I reject your argument.
It is way more than that. You can copy the pages and keep them forever, you can redistribute them without any effort. With a bit of patience and organisation you can in fact copy the whole book.
So? With a bookstore or library and a digital camera, you can do the same thing. Or a scanner or a copy machine for that matter. There is a way to deal with that, it is called copyright law.
What happens if Google goes out of business? what if they decide they want to sell this data? is it valuable? you bet! who would get the money?
Google generated the data (almost metadata actually) and did all the work. They would also get the profit, but that is unlikely due to legal issues.
Wrong. You can search all books in their entirety. You can display almost any page. There are some non-severe limitations but this is not the point.
Have you even tried using it? Yes, you can search the entire book, you just can't see the entire book, only a few pages. Search for a common word, not on their "no search" list and you may get 50 references in the book, but you will only be able to see a few pages that have that term on them before Google denies you access to the others.
The point is that publishers believe they own the *content* of books still under copyright
Actually the works themselves are copyrighted. The ideas and facts within cannot be copyrighted. Google allows you to search the text for any words, but they only provide small excerpts of the books to the public, as the law allows.
Libraries pay per loan
I'm not sure I understand what you mean. Libraries, as far as I know, buy their books or receive them as donations. They are public institutions and thus those copies of the books ultimately belong to the people. I've never seen a public library that has any restriction on who can come in and read a book. I know the library down the street from me allows anyone who wants to to come in and read anything there. I'd say that is free to the public.
Google does not pay this fee.
Google is scanning in books that are owned by libraries. You might argue that scanning in books is not fair use, but given the end results it is certainly in the spirit of the law.
You are clearly not trying to make a living from writing, then.
Actually, the vast majority of my income comes from my career as a professional writer. I, personally, am happy to have google archive and index my books. If anything I expect it will increase sales as people search for information on a subject and are able to find my books, which are useful to them. I expect the number of people who find my books as the result of a google search and then purchase them to use as a reference will far outweigh the number of people who would normally buy a book, but instead decide to just look up the 2-4 pages google provides and not buy a copy. Anyone who is content with just those pages as a reference should be checking the book out of a library anyway, not buying it.
You mean the firewall that isn't turned on by default ?
Yup, just like the system services that are not enabled by default. Not really much to firewall is there.
A user process is quite capable of starting a daemon...
Provided you can get a user to run it.
OS X users are /frequently/ prompted for an admin password - most type it without even thinking, let alone verifying what has asked. Social engineering in such an environment is simple.
I think you are confusing yourself with a typical user. I'm rarely asked for my admin password, especially to run/install a program and I'm always suspicious of programs that do want such access. You trivialize the social engineering required, but I have yet to see it accomplished on a wide scale.
But never by design, as you claimed
I said "due to the buggy design."
Which explains why Outlook is one of the cornerstones of the average businesses e-mail, collaboration and messaging platform.
True, most business do not care about security and/or do not hire competent security people. The huge amount of exposed customer data over the last few years shows that. When things do go bad, the focus is usually on PR and finding a scapegoat rather than fixing the problem. The number of banks and financial institutions that undergo security assessments by law and then completely disregard all the security recommendations is staggering. The 40 billion dollars banks lost to credit card fraud (and thus the more interest they charge) is pretty solid proof of entire industries that care a lot more about sales, then reducing lost money or data by having better security.
Outlook has never exhibited the behaviour you describe, by design, by default.
It did, and some versions do exhibit the behavior I describe, and that is the result of poor priorities and design choices. Just because no one sat down and said, well lets make it run scripts attached to anything the user previews" does not mean that that behavior is not the result of their design combined with circumstances they did not consider.
Do you have a list of these unpatched vulnerabilities ?
I don't know that anyone has compiled such a list. Entering "windows local privilege escalation" into google will give you about a quarter of a million results. The first result is the source code and instructions for an unpatched local privilege escalation exploit.
ActiveX is something that can be disabled.
We are talking about default and/or common configurations. Most users won't disable ActiveX or even know what it is. Within a few years a sizable number of Windows machines will ship with it disabled by default, but how long will it take for it to be a majority and how many users will have to enable it to use some service or another?
I've no doubt I could bang up something that, when run, installed itself into a user's startup items, fire up a network daemon to allow interactive remote logins and send off a few emails with the system's vital stats in a matter of hours.
That is not the problem, the problem is, can you get that executable installed on a significant number of machines either through automatic propagation, clever social engineering, or some other method?
We'll just have to agree to disagree on this one. I think that having real, usable non-admin accounts, better informative dialogues, much better defaults for services and permissions, not using outlook and IE by default, not implementing Active X at all, and dozens of other design choices make OS X more resistant to malware. Results from the field seem to agree with me, with no known malware spreading on Mac computers. You try to explain this away as the result of circumstance, and to some degree you are correct, but that does not mean it is all circumstance. I can't even conceive of how you can think a relatively securely designed OS like OS X could ever be as e
The difference is whether the publisher agrees to it.
I think you are mistaken. Publishers hold a lot of rights, but so do owners of a work. Libraries are allowed to make card catalogues of their books even going so far as to copy the title and the author without permission of the copyright holder. The law also says they can quote portions of the work, with special exemptions for academic endeavors.
Now Google, working with libraries, is enhancing that card catalogue to make it even easier to find the book you want. Sure, technically maybe they have a complete copy cached, but guess what lots of electronic devices have copies of works cached illegally. I think the courts are smart enough to get with the times and realize that it is the end result, not the workings of the technological mechanism, that counts. Google is providing fair-use portions of books and working hard to make sure they don't violate any copyrights. We'll see how the courts rule I guess.
More important than the current law, however, does anyone doubt that having a searchable database of the contents of all books is a good thing for humanity? There is another exemption in the copyright laws, and that is for the library of Congress. Why the hell aren't they still collecting reference samples and providing a database like this for the good of the people?
First of all the content of public web sites is generally freely available to all.
And the contents of the libraries Google is scanning are not?
Google only provides a free indexing service to all that content.
Google caches Web pages and provides a short blurb from each page with the link to help you determine if this is valuable material for you. Now Google has added library books and you can view a page or two of the book to determine if it is a book you want to buy or check out from a library.
Further, web sites are usually happy to be searchable through Google, because their goal is to be visible and read...
The libraries Google is scanning are providing them with access and often free office space while performing their scans. They to want their catalogue to be easily searchable. It is the library that owns the book that is using their right to copy small portions of the book for literary endeavors. It seems pretty kosher to me. Any library that does not want to participate can just say "no" or not invite Google to come over.
You have looked at the Google pages right? You know they only let you see a few pages of most books and only public domain books and books whose copyright holder has given permission are shown in their entirety right? Surely you don't begrudge any library the right to build a searchable database of the books they own, just like you don't begrudge me the right to build a searchable database of the books I own.
I'm not sure how anyone has any right to complain. But this is America, so a lawsuit was inevitable.
There's very little that malware needs (or wants) to do that requires root privileges.
You mean like enable a network service or open a port in the firewall? There is not much malware that needs root (or sudo) access on Windows, but that is just because everyone is running as an administrator (which is a major problem right there) and because Admin on windows does not ask for the admin password to perform many operation that it probably should.
What "vital functions" - from a malware perspective
See above.
Many people are suspicious (or smart) enough to avoid malware on Windows, as well
OK, I'll use really small words for you. Windows: users are not prompted for a password. OS X: Users are prompted for a password. I think it is clear that malware is more likely to arouse a user's suspicion if they are running OS X, since it alerts them.
Outlook has never automatically executed attachments by default.
Please re-read my comments. Outlook has at many times in the past automatically executed scripts attached to mail delivered to it either immediately, when the mail is previewed, or when the mail is opened. The last time I bothered to look, it still executed scripts and executables when they were double clicked without providing a warning that they were executable, not data. All of the above is a security nightmare which is why pretty much every security conscious company with a clue has banned outlook as an e-mail client.
IE runs at the same privilege level as the user...
We've seen plenty of exploits via the web that grant full access to the system via Explorer and plenty of cases where using IE one user can gain access to another's files, or to protected system files. Running with the same privileges as the local user this should not be possible. Not that it makes a big difference since there are so many known, outstanding local privilege escalations on Windows that gaining more privileges from a normal user account is not exactly hard.
The architecture of Safari (+WebCore) is basically identical to IE. Safari has also had a couple of big-ish flaws from an architectural perspective as well, IIRC.
Safari+Webcore does not implement Active X or anything like it. As a result it will never be as poorly architected as IE. While there are flaws in the design of Safari and Webcore I don't know of any actual architectural decisions that are on par with the mess that is IE. Would you care to elaborate upon the point?
The biggest technical obstacle is a lack of listening network servces by default - and that only protects again remotely propogating worms (interestingly, OS X ships with the firewall *off*). There's very little to stand in the way of user-installed malware, the type typically found on Windows machines.
And yet, there aren't any. It has been years and everyone keeps saying it is not really hard to make a OS X worm, but it just hasn't happened. Maybe because it is harder than you think? As for "user-installed malware" that does not make up the majority or infected machines, nor network traffic for malware. Self-propagating worms make up the majority of infections, although not necessarily the majority of infections known to the user.
Sure a trojan can be sent out that poses as a harmless program or data, but the user will be warned that it is an executable, so all those trojans that pose as data will have a significant number of alerted security people and users who decide not to run it because they are unsure. A trojan posing as an executable has a harder time since it can't be easily passed of as porn or other "desirable" data. Combine that with limited privileges, a community of security experts, easy updates/patches that users actually install, and users that don't run as admin all the time and you have a system much more resistant to common malware than Windows. It is not immune by any means, but to claim it is no better than Windows is also misguided.
But just because they've forgotten about something that "aren't really doing [the companies] any good anyway", doesn't mean google can have it automatically.
I disagree. By default all works should be in the public domain. If there is no reason for a right to be taken from the people and if it cannot be demonstrated that maintaining copyright on a particular book is "advancing science and useful art" then it should be returned to the people. I'd go much further than Google. If a work is not being sold at a reasonable market rate then the publisher is not benefitting from their copyright except perhaps to try to make a work unavailable so that it does not compete with their current offerings. This is diametrically opposed to the purpose of copyright.
You're working from the incorrect assumption that it is the natural right of publishers to be able to restrict others from freely copying text. In fact that is not a natural right, but one imposed by the government for a specific purpose. That purpose is not to make money, it is to advance art and science and that is not accomplished by bury works or making sure the public has no access to them.
I don't know, I've only purchased one album and a few misc. songs there myself. I use it only for items I can't find anywhere else. The songs I've purchased show only the front cover album art.
The music industry could pull out anytime it wanted and could destroy iTunes.
Maybe, maybe not. The RIAA has already been convicted of price fixing. Taking all their songs and going home from the number one online music seller might result in some serious legal problems. Forcing price hikes might result in the same for that matter. You might think, "so what the legal system is corrupt anyway" and you'd be right, up to a point. But unlike operating systems people understand increased music prices and they understand the itunes store having all the music unavailable and I seriously doubt they will be happy about either. Jobs making this all public is step number one. And any politician who is looking for speaking points and free press has a new cause to champion and a new villain to vilify. Aren't you going to vote for the gubernatorial candidate who promises to "stop those fat cat music moguls and make them offer music at a reasonable price again!" The RIAA better think very carefully before they play the bully with this one.
Well, yeah. The Russian Mafia certainly have fewer start-up costs involved in the production of music...
Have you got any information to back up that accusation or a are you just making libelous remarks based on some rumor? From the sound of it, you are not particularly well informed so I'm guessing the latter.
You gain granularity in that you can buy only the songs you want. You gain instant gratification in that you can get the song immediately without going to a store. You gain selection since many songs available in the iTunes store are not available in most record stores. Also, your comment about album art is no longer correct. Most albums sold there come with the artwork, and some with music videos. I'm also not sure about price. In some cases the iTunes store costs more and in some less than buying the physical album.
Personally, I only buy music from there if I really want it and can't find it anywhere else. Used CD's are my normal purchase, as well as small indy CD's from band performances.
Anyway, there are advantages to the iTunes store as well as disadvantages. Most of the disadvantages you mention are meaningless gibberish to the average consumer. Price, however, is not.
I don't kid myself the lack of OS X viruses is because of something in the OS making them impossible (or even difficult) to create.
Actually, I think it is pretty difficult to create an internet worm or virus that will infect OS X machines and propagate. Some of this is due to circumstance and some of it is due to a better design. Circumstantially OS X machines are still not common, so any worm or virus that wanted to quickly spread to them would have to be cross-platform or very intelligently targeted. Either is a hurdle for malware authors to overcome.
Secondly, the user base for OS X is composed of a lot of geeks and security guys, so a propagating worm is much more likely to run afoul of someone's well configured firewall, ACL, IDS, etc. and be identified quickly.
Architecturally, OS X does a good job of warning users, by default, when a downloaded file is executable, thus partially mitigating that avenue of attack. Root users are an extreme rarity, local privilege escalation is non trivial, and the system does a fair job of restricting access to vital functions via the admin password. Many users will just enter it anyway (if they admin their own machine) but not all of them and it is enough to make many users suspicious (possibly helping to identify a virus early).
Also vectors for spreading a worm are pretty hard to come by. On windows worms go after known or unknown vulnerabilities, usually in exposed system services like RPC. OS X has no exposed system services by default on any version of the OS. Windows has firewalled them recently with XP SP 2, but still has them exposed behind that firewall and wide open on other versions of windows. Outlook and IE are common vectors for viruses via web pages and e-mail, as well as P2P protocols and IM. Both outlook and IE are very poorly designed with security a tertiary concern. Outlook automatically runs all sorts of executable files due to its buggy implementation and automatically fetches remote files from the internet without user intervention, by default. IE has been pounded on again and again and most of the obvious bugs have been shaken out, but it remains a good target because it runs with escalated privileges far beyond what a web browser needs. It also incorporates Active X by default which is basically a way to run arbitrary code without a sandbox on your system, inherently trusting remote web sites. That is some pretty piss poor security. All of this has has added security measures bolted on, but the fundamental problems are still there.
Contrast this with Safari and Mail.app and you'll see programs that, while not perfect, at least don't make huge, fundamental security mistakes in their basic architecture. I'm sure eventually someone will get a worm to propagate via a hole in unpatched versions of Safari or Mail.app, but I am also skeptical that it will go very far or have much effect. Patching is another important concern. So far OS X has a good track record for timely security fixes and has a well thought out mechanism for software updates. Everyone I know updates their OS X boxes regularly, because the OS asks them to, while only some Windows users do the same.
Basically, worms and viruses can propagate on OS X, but the deck is well stacked against them. It is not an easy target or a particularly profitable target. Either of those things might change in the future, but as things stand it does not look like OS X will ever suffer from the same level of problems with regard to worms and viruses that Windows currently does. OS X does make it difficult to create a successful virus or worm.
The primary problem with OS X is the indiscriminate use of the administrative password.
I agree with you for the most part. There are plenty of applications that actually need administrative privileges to install and the OS should provide more information about these applications and more finely grained security for managing them. The real problem, however, is programs that should have no need for administrative passwords, but that require them anyway. The Adobe Creative Suite, for example, requires an admin password to install. If not for the fact that I need it to do my job I would never enter my password to run an image editor and layout program. Combine that with the fact that some of the programs in the suite try to call home. The reason it asks for the password is so that it can install a CVS-like management server on your machine that always runs in the background with escalated privileges, sucks down huge amounts of RAM, and provides an easy avenue for privilege escalation attacks via a number of obvious vulnerabilities. Somehow vendors need to be made to pay attention to security or the OS needs to provide a sandbox for applications that can't be trusted.
On a related note, trojans could do a lot of damage on OS X right now because many users might download a random application that they think is a game and run it. They might (as you mentioned) even type in their admin password for it. I think what is needed is an easily user configurable set of ACLs for programs with some sensible and well thought out defaults.
The OS already warns the user when the download is an executable, so it is hard to hide one as a data file, but it would be useful to go one step further. By default most applications should not have access to a user's files (aside from those it creates), system files, or the internet. I think it is perfectly reasonable to download a game from some random web site, run it, and expect my OS to be able to keep it from starting a mail server, modifying my firewall, or copying my financial records. If it is an online game, fine, let the OS ask me if I want to allow it to access the internet, with an advanced configuration pane for what ports it can talk on and what servers it can talk to. If it is a graphics editor and it is used to modify my pictures, fine let me open pictures with it that I manually select, or if it wants to open all my pictures for me, or become the default application for opening a set of files, the OS can ask me.
This sort of system would quickly curtail most trojans as well as rein in software vendors like Adobe who can't be trusted to play nicely. It is probably not needed to deal with current threats on the OS X platform, but it may well be needed in the future and would be very, very useful for many people right now. And I think Apple is the right company to do it. The hard part about all of this is making the experience intuitive and user friendly enough. Requests for resources need to be explained in plain English with clearly defined consequences, ala "The application 'Monkey Madness 4' would like to connect to the internet in a way usually used to send e-mail. (Don't let it send e-mail) (Never let it send e-mail) (Let it send e-mail just this once) (Always let it send e-mail) (Advanced Options)."
That is the sort of control I am talking about, but with a lot more user testing to see what actually is easiest for users. Please Apple, implement this ASAP so that MS and all the Linux distros can copy it and make the internet a much better place.
How ca competition exist without "duplication of effort"?
It is a trade-off. The more competition you have, the more effort is duplicated. The more resources are combined and shared to reduce unnecessary duplication the less competition. For example, Everyone living in a house, but each building and using their own bath tub is wasteful. Their is no reason multiple people cannot share one bathtub. In doing so, however, there is no testing of multiple bath tubs and thus the "best" tub design will not necessarily be identified.
I see some and am a member of two.
I think you mistake the intended meaning of my statement. In many countries the wealth and power has greatly consolidated. Less than one percent of the population controlling 50% of the resources. It is very, very rare for the money and resources controlled by that small percentage to again be equitably distributed among the general populace. As a result the creation of communes that control a significant amount of resources to appear is very small. Small communes exist and benefit the members, but I doubt any single commune will ever control 1% of the resources in the U.S. and I would be flabbergasted if 50 different communes ever controlled 1% each.
Not all OSS is high quality, far from it. And last but not least, not all of it is maintained on a decently regular basis.
The same is true of closed source software. So from a consumer perspective you can either have software that may be abandoned, not updated, not maintained, etc. that is closed source or open source. If it is closed source, you're completely screwed. How many programs have places I work for standardized on, only to find the companies that write the software go under, abandon it, or get bought by a competitor who immediately kills it. Hell, right now the best software to do my main job, and those of the people working with me, has been end of lined by the manufacturer (who bought the original manufacturer). They killed the Mac, Linux, and Solaris versions. They haven't added any features to the Windows version in years. You can't pay them to fix things.
Compare this to an open source solution. With the same software we could at least have one of our engineers or an outside consultant fix the bugs in the product rather than working around them for years because the vendor refuses to fix it. With open source at least the problem is solvable, if potentially expensive. That is head and shoulders above "you're screwed."
Obviously the "making money off support" is not always workable...
Making money off of open source has not been a problem for many years. Making money of of support is a short term hack. Sure it pays some bills, but it also encourages software that needs lots of support.
The way to make money off of open source is easy, you get paid to write code. If someone wants a bug fixed, or functionality added, or something customized, they pay for it. Companies open source their software for free improvements, PR benefits, etc. It works well too. Nobody writes open source software and tries to sell it. That is short sighted. Find someone who wants a better solution, write it, and get them to pay you. Get them to pay you for any improvements they want, when they want improvements. Get every other company that needs the same or similar software to pay you for any improvements they want. That is the way it works for everything from OS's and web servers to specialized research applications. Why is this so hard for people to grasp? It is the same as building any other infrastructure. Companies don't build sewer systems under a city and then try to get the city to pay them, the city hires them to do it. If the city wants something fixed, they hire someone (maybe the original vendor maybe someone else) to fix it or add on to it. Only a fool or a crook would pay the guys who build their own secret sewer system under the city which they won't let anyone see and, won't let anyone else fix, and won't let anyone else build improvements to. The fact that most companies and organizations tolerate this for their software is mind boggling.
Sorry for the rant, but I'm tired of people who can't see open source software except in terms of closed source software. It is a different model, selling programming services, rather than selling a product. It does not let an engineer gouge their customers as easily, so as an engineer you may wish to avoid it if you can, but don't be surprised if your customers realize the advantage and start demanding it.
Mr. Ignoramus enabled the crime to happen on your network, he would be on the hook for it. Ignorance is not a valid defense.
Actually, you're confusing the concept. The law says ignorance of the law (usually) is not an excuse for violating the law. This has absolutely nothing to do with ignorance about anything else. You don't know that Vinnie and Guido are currently planning on murdering that guy whose been poking around their warehouse. You're ignorant of that. If you rent them a car, sell them concrete, or even sell them a gun and give them directions, you're still not guilty of conspiracy to commit murder.
Leaving your wireless network wide open could easily provide plausible deniability if no files can be found on your machine and you don't imply you did so just to gain said plausibility. Personally, I leave my wireless connection wide open, intentionally. Anyone who wants to can use it, although if it ever bogs down I'll bandwidth throttle it per mac address. I don't do so because I want to hide any illegal activity, just because I'm a nice guy.
If the RIAA ever comes a knocking I'll be happy to go to court and let them try to prove I did anything illegal. I also will refuse to give them keys to my encrypted hard drive shares without a warrant and I'll be happy to counter sue them for damages and court costs.