Microsoft didn't really have much choice with Bungee. Sure, they were in control of the company, but they weren't in control of the people working there (ie, the creative talent). They could have held on control to Bungie, with the creative talent choosing to leave to be in control of their own fate, or release control of Bungie back to its talent, foster a relationship with them and make sure they continue to use their talent to support their console.
You're right though. Ensemble Studios doesn't make much sense, neither does this.
I wasn't saying I'm sure account A infected files on account B. That's what the guy I was responding to seems to believe, that the exploit occured due to a badly written PHP script. It's more likely that it was the PHP server itself that had the exploit, or something else entirely at the website.
I'm not blaming Linux at all, nor is that what my argument is. I'm just saying that exploits can occur regardless of operating system, and just because you're on Linux does not necessarily mean your machine will not get compromised. Often, it happens because of an app, NOT the operating system. Therefore, one should blame the app, NOT the operating system. Sometimes, the OS does something stupid that allows the app to fuck up when it could have easily stopped it, and then the OS is to blame. (Not saying this was the case in my situation). However, whenever an app has an exploit in Windows, people automatically blame Windows, regardless of the situation. Whenever an app has an exploit in Linux (as was the case in my scenario), well...you could tell how everyone jumped and said it MUST be my fault, or not my fault, then the php's script's fault, and if it's not the php script's fault, then the PHP server's fault. It could never, ever be Linux' fault.
It's called sarcasm for effect. If you noticed, the person I replied to said the solution to stopping malware is to "stop making the product so absurdly exploitable". I was responding in similar fashion.
I am not a Layered Tech customer, so that vulnerability does not apply to me. I am the only person with the login details. Root logins are only allowed from my IP. Password was never exchanged via email.
At the end of the day, you have no proof to suggest that it was through something I did, and not via an exploit. I fail to see why it's so hard to believe that the server could have been exploited through no fault of my own. Linux is not infallible.
Again, you're assuming things. safe_mode was on and register_globals was off. I always have it that way. When I say the 'system was hacked' I don't mean it was done through a Linux exploit. It may have been done through PHP, or the other server software running on that thing, or even a PHP app as you say it might be, but the end result is that my server ended up serving exploited files that infected user's machines, and hence the system was, for all intents and purposes, hacked. Whether system files were affected or not is irrelevant to me, because the server was still compromised and did dangerous things to my users.
My point was, IF it was a PHP app, why was a PHP app on account A allowed to infect php files on account B? The server is setup so that account A isn't allowed to affect files on account B. There WAS an exploit somewhere. If it was in PHP, then so be it.
I never said Linux is "the bad". I never blamed the issue on Linux. If I thought Linux is bad why on earth would I continue using it as my server? All I'm saying is that Linux CAN get exploited, as can Windows, as can OS X, as can every OS out there. Apparently, that seems hard to believe.
I wasn't on a shared server. I lease a server, and it's a dedicated machine for my sites and the sites I host. The server management was included in what I pay, so they didn't make extra cash out of me. Like I said, every single PHP file on the webserver got that javascript code injected on to it. Unfortunately, I don't have an infected file on me.
Like I said, we never figured out what the cause of the issue was, and the people I talked to on other servers that experienced the same issue couldn't figure it out either, and a full OS re-install was recommended by both the server management guys where I lease and the server management guys where they least (completely different datacenters).
I wasn't aiming to demonstrate that Linux had anything to do with this, nor am I blaming Linux for the exploit, nor do I blame Windows for the Acrobat issue. It might have been PHP, I doubt it was a PHP app, or it might have been another thing running on the server. I can't really say.
I was merely trying to point out that no matter *how* secure an OS is (after all, the consensus here is that Linux is more secure than Windows), it can still get exploited. That's all. However, it seems that the average reaction here is that if an app in Windows is exploited to infect the system, then it's Windows fault, whereas if an app in Linux is exploited to infect the system, then it's the app's fault, or the user's fault, but definitely not Linux' fault!
I meant to write Google cloud, not Linux cloud. That was a typo.
The theory was it wasn't a PHP app that got owned, but either the PHP server itself got exploited or something else in the server got exploited, since the whole server was infected and each PHP app can only write to the files under the account it's running at.. And if it was a PHP app, why did it manage to infect the whole system? The same with why did Acrobate manage to infect the whole system.
After I re-installed the OS, with the same PHP apps running, the server hasn't gotten infected again.
Every single PHP file on the system was infected. Each PHP app can only write to the files under that user account's folder (the server had multiple websites/domains). So I'm guessing the system was hacked.
If it was a badly coded PHP app, why is one badly coded PHP app able to infect the whole system? Of course, the same question can be asked of Acrobat Reader: why is a badly coded app able to infect the whole system?
Ask Adobe? I don't think Reader had write permission, but it had a vulnerability which the malware took advantage of to fuck up the system.
You don't think virus writers are attempting to break into the Linux cloud? I'm sure they have, and if they succeeded, I'm sure Google was on top of it so it didn't affect their services at all, or they claimed they were having technical difficulties without explaining it. I'm sure the same situations have happened to Microsoft's cloud, as well as Apple's and Yahoo's.
I *have* given you an example of a Linux server getting exploited and owned, but I guess you chose to ignore that. Sure, it's anecdotal, but it DOES happen. When it happened to me, the exploit was brand new and wasn't very well known, however, I ran into quite a few people who had suffered the exact same exploit on their Linux machines when I was trying to figure out how it occured.
You got it wrong. My Linux server was exploited, I'm not quite sure how (nor did the server management guys). Every PHP file on the server had javascript code injected on it. When people browsed the website, this javascript code forwarded you to a PDF that had an exploit when opened up in Acrobat, that infected your computer.
So my website had that javascript code infected on it. On my home machine, running XP (and an antivirus app), I browse to my website. It automatically redirects to the PDF, which automatically runs in Acrobat, which automatically infects my PC.
I was just merely pointing out an example that yes, Linux with all it's fancy security model CAN also get exploited, and even with lots of user education AND running AntiVirus apps, you can still get infected. The remedial action on my home PC was to get rid of Acrobat, because I didn't want to suffer any future exploits it had. The remedial action on the server was to reinstall the OS, restore the files from backup, and run through every PHP file and make sure it didn't have the injected javascript code on it.
Why is Linux absurdly exploitable then? My Linux webserver has been exploited a couple of times, even though it was kept up to date with the latest security patches.
Every OS is exploitable, even the most hardened security system can be exploited. Don't kid yourself that Linux or OS X won't have the same amount of viruses Windows has now if it had a 90% market share on the desktop, because they would. Malware authors will concentrate their efforts on what will yield the greatest results, and right now, that's Windows.
Really, not that I'm excusing unsafe security models, but the only real way to solve the virus issue is to educate your users. Pretty much every single time I've seen someone get a virus, it was because of their own idiocy.
Unfortunately, even that fails sometime. It can't cover everything. Remember how I mentioned my Linux server got hacked? Well, it invoked a javascript code that redirected to a PDF file on all my sites, and when I visited my blog, Acrobat automatically opened it without even prompting (bad Acrobat! Bad!) which contained an exploit with Acrobat itself that infected my PC. Had to format. Ditched Reader and installed FoxIt instead.
I seriously wonder if people here would have the same reaction if it was Microsoft instead of Apple doing this. My guess is not, and people would be up in flames
Mind you, I don't really see a problem with it either.
Oddly enough, the actual download of the ISOs was fine. People had found a direct link when their servers were supposedly 'down' and I managed to download the ISO at 800k per second. It was the page that generated the serial keys that seemed unable to handle the load. Guess the code/database didn't scale properly.
If you believe Slashdot, of all places, has been taken over by Microsoft evangelists you clearly have your blinders on. Just look at all the crap being spewed in the comment to this story.
No. I like Vista and had been using it since beta. I also like the Windows 7 beta which is on my non-main machine. I'll put it in my main machine perhaps in beta 2 if there is one or in the release candidate.
However, how good Windows 7 is doesn't matter very much. It's too late. *nix is out of the bag as a viable alternative for most people. Plus, the more people use GNU/Linux, the better it becomes, not even a behemoth like Microsoft can stop that snowball effect
People have said the exact same thing about XP and Vista, yet it hasn't slowed Microsoft down as you claim.
Omg! I installed Vista on my Core Duo MacBook with 1 gig of RAM, and you know? I noticed absolutely no difference in the time it takes me to do things from XP!
No, but they're still irrelevant. You're talking about messing with conventions that make no sense. Moving the start menu to the right side of the screen achieves nothing but is a change for the sake of change. (Of course, in right to left languages, the start button IS on the right).
The evolution of the start menu itself was hardly changing things for the sake of changing things. It added features. Some didn't like them, sure, but at some point you have to risk alienating users with your changes. The taskbar itself has remained relatively unchanged since Windows 95, and in Windows 7 it will see changes and improvements that are welcome, which of course, some will dislike. But you can't keep on sticking to the old just because you don't want to risk alienating users.
I find it ironic that in one part of the thread people are complaining about changes to the OS, while in another part of the thread people are complaining that Microsoft focuses too much on maintaining compatability. In short? You're never going to please everyone.
Slashdot Mirror
Microsoft didn't really have much choice with Bungee. Sure, they were in control of the company, but they weren't in control of the people working there (ie, the creative talent). They could have held on control to Bungie, with the creative talent choosing to leave to be in control of their own fate, or release control of Bungie back to its talent, foster a relationship with them and make sure they continue to use their talent to support their console.
You're right though. Ensemble Studios doesn't make much sense, neither does this.
Hopefully at at least get a new set of bunny suicides out of it
I wasn't saying I'm sure account A infected files on account B. That's what the guy I was responding to seems to believe, that the exploit occured due to a badly written PHP script. It's more likely that it was the PHP server itself that had the exploit, or something else entirely at the website.
I'm not blaming Linux at all, nor is that what my argument is. I'm just saying that exploits can occur regardless of operating system, and just because you're on Linux does not necessarily mean your machine will not get compromised. Often, it happens because of an app, NOT the operating system. Therefore, one should blame the app, NOT the operating system. Sometimes, the OS does something stupid that allows the app to fuck up when it could have easily stopped it, and then the OS is to blame. (Not saying this was the case in my situation). However, whenever an app has an exploit in Windows, people automatically blame Windows, regardless of the situation. Whenever an app has an exploit in Linux (as was the case in my scenario), well...you could tell how everyone jumped and said it MUST be my fault, or not my fault, then the php's script's fault, and if it's not the php script's fault, then the PHP server's fault. It could never, ever be Linux' fault.
It's called sarcasm for effect. If you noticed, the person I replied to said the solution to stopping malware is to "stop making the product so absurdly exploitable". I was responding in similar fashion.
I am not a Layered Tech customer, so that vulnerability does not apply to me. I am the only person with the login details. Root logins are only allowed from my IP. Password was never exchanged via email.
At the end of the day, you have no proof to suggest that it was through something I did, and not via an exploit. I fail to see why it's so hard to believe that the server could have been exploited through no fault of my own. Linux is not infallible.
Again, you're assuming things. safe_mode was on and register_globals was off. I always have it that way. When I say the 'system was hacked' I don't mean it was done through a Linux exploit. It may have been done through PHP, or the other server software running on that thing, or even a PHP app as you say it might be, but the end result is that my server ended up serving exploited files that infected user's machines, and hence the system was, for all intents and purposes, hacked. Whether system files were affected or not is irrelevant to me, because the server was still compromised and did dangerous things to my users.
My point was, IF it was a PHP app, why was a PHP app on account A allowed to infect php files on account B? The server is setup so that account A isn't allowed to affect files on account B. There WAS an exploit somewhere. If it was in PHP, then so be it.
I never said Linux is "the bad". I never blamed the issue on Linux. If I thought Linux is bad why on earth would I continue using it as my server? All I'm saying is that Linux CAN get exploited, as can Windows, as can OS X, as can every OS out there. Apparently, that seems hard to believe.
Wait, found this, which is where I was talking to people that had the same issue: link
I wasn't on a shared server. I lease a server, and it's a dedicated machine for my sites and the sites I host. The server management was included in what I pay, so they didn't make extra cash out of me. Like I said, every single PHP file on the webserver got that javascript code injected on to it. Unfortunately, I don't have an infected file on me.
Like I said, we never figured out what the cause of the issue was, and the people I talked to on other servers that experienced the same issue couldn't figure it out either, and a full OS re-install was recommended by both the server management guys where I lease and the server management guys where they least (completely different datacenters).
I wasn't aiming to demonstrate that Linux had anything to do with this, nor am I blaming Linux for the exploit, nor do I blame Windows for the Acrobat issue. It might have been PHP, I doubt it was a PHP app, or it might have been another thing running on the server. I can't really say.
I was merely trying to point out that no matter *how* secure an OS is (after all, the consensus here is that Linux is more secure than Windows), it can still get exploited. That's all. However, it seems that the average reaction here is that if an app in Windows is exploited to infect the system, then it's Windows fault, whereas if an app in Linux is exploited to infect the system, then it's the app's fault, or the user's fault, but definitely not Linux' fault!
I meant to write Google cloud, not Linux cloud. That was a typo.
The theory was it wasn't a PHP app that got owned, but either the PHP server itself got exploited or something else in the server got exploited, since the whole server was infected and each PHP app can only write to the files under the account it's running at.. And if it was a PHP app, why did it manage to infect the whole system? The same with why did Acrobate manage to infect the whole system.
After I re-installed the OS, with the same PHP apps running, the server hasn't gotten infected again.
Every single PHP file on the system was infected. Each PHP app can only write to the files under that user account's folder (the server had multiple websites/domains). So I'm guessing the system was hacked.
If it was a badly coded PHP app, why is one badly coded PHP app able to infect the whole system? Of course, the same question can be asked of Acrobat Reader: why is a badly coded app able to infect the whole system?
Not quite. Read my response to smoker2's comment.
Ask Adobe? I don't think Reader had write permission, but it had a vulnerability which the malware took advantage of to fuck up the system.
You don't think virus writers are attempting to break into the Linux cloud? I'm sure they have, and if they succeeded, I'm sure Google was on top of it so it didn't affect their services at all, or they claimed they were having technical difficulties without explaining it. I'm sure the same situations have happened to Microsoft's cloud, as well as Apple's and Yahoo's.
I *have* given you an example of a Linux server getting exploited and owned, but I guess you chose to ignore that. Sure, it's anecdotal, but it DOES happen. When it happened to me, the exploit was brand new and wasn't very well known, however, I ran into quite a few people who had suffered the exact same exploit on their Linux machines when I was trying to figure out how it occured.
You got it wrong. My Linux server was exploited, I'm not quite sure how (nor did the server management guys). Every PHP file on the server had javascript code injected on it. When people browsed the website, this javascript code forwarded you to a PDF that had an exploit when opened up in Acrobat, that infected your computer.
So my website had that javascript code infected on it. On my home machine, running XP (and an antivirus app), I browse to my website. It automatically redirects to the PDF, which automatically runs in Acrobat, which automatically infects my PC.
I was just merely pointing out an example that yes, Linux with all it's fancy security model CAN also get exploited, and even with lots of user education AND running AntiVirus apps, you can still get infected. The remedial action on my home PC was to get rid of Acrobat, because I didn't want to suffer any future exploits it had. The remedial action on the server was to reinstall the OS, restore the files from backup, and run through every PHP file and make sure it didn't have the injected javascript code on it.
Why is Linux absurdly exploitable then? My Linux webserver has been exploited a couple of times, even though it was kept up to date with the latest security patches.
Every OS is exploitable, even the most hardened security system can be exploited. Don't kid yourself that Linux or OS X won't have the same amount of viruses Windows has now if it had a 90% market share on the desktop, because they would. Malware authors will concentrate their efforts on what will yield the greatest results, and right now, that's Windows.
Really, not that I'm excusing unsafe security models, but the only real way to solve the virus issue is to educate your users. Pretty much every single time I've seen someone get a virus, it was because of their own idiocy.
Unfortunately, even that fails sometime. It can't cover everything. Remember how I mentioned my Linux server got hacked? Well, it invoked a javascript code that redirected to a PDF file on all my sites, and when I visited my blog, Acrobat automatically opened it without even prompting (bad Acrobat! Bad!) which contained an exploit with Acrobat itself that infected my PC. Had to format. Ditched Reader and installed FoxIt instead.
I've never been 'required' to install an AntiVirus app.
I seriously wonder if people here would have the same reaction if it was Microsoft instead of Apple doing this. My guess is not, and people would be up in flames
Mind you, I don't really see a problem with it either.
And to add to this: it runs Windows 7 beautifully (and before that, Windows Vista). The Intel Core that is.
Oddly enough, the actual download of the ISOs was fine. People had found a direct link when their servers were supposedly 'down' and I managed to download the ISO at 800k per second. It was the page that generated the serial keys that seemed unable to handle the load. Guess the code/database didn't scale properly.
Maybe because it was already discussed?
If you believe Slashdot, of all places, has been taken over by Microsoft evangelists you clearly have your blinders on. Just look at all the crap being spewed in the comment to this story.
No. I like Vista and had been using it since beta. I also like the Windows 7 beta which is on my non-main machine. I'll put it in my main machine perhaps in beta 2 if there is one or in the release candidate.
However, how good Windows 7 is doesn't matter very much. It's too late. *nix is out of the bag as a viable alternative for most people. Plus, the more people use GNU/Linux, the better it becomes, not even a behemoth like Microsoft can stop that snowball effect People have said the exact same thing about XP and Vista, yet it hasn't slowed Microsoft down as you claim.
Feel free to post em here. My printer isn't working anyway.
How is it not an excellent business model if they made plenty of money from the N64 and GameCube?
Omg! I installed Vista on my Core Duo MacBook with 1 gig of RAM, and you know? I noticed absolutely no difference in the time it takes me to do things from XP!
Anecdotal evidence is just that: anecdotal.
No, but they're still irrelevant. You're talking about messing with conventions that make no sense. Moving the start menu to the right side of the screen achieves nothing but is a change for the sake of change. (Of course, in right to left languages, the start button IS on the right).
The evolution of the start menu itself was hardly changing things for the sake of changing things. It added features. Some didn't like them, sure, but at some point you have to risk alienating users with your changes. The taskbar itself has remained relatively unchanged since Windows 95, and in Windows 7 it will see changes and improvements that are welcome, which of course, some will dislike. But you can't keep on sticking to the old just because you don't want to risk alienating users.
I find it ironic that in one part of the thread people are complaining about changes to the OS, while in another part of the thread people are complaining that Microsoft focuses too much on maintaining compatability. In short? You're never going to please everyone.