Come on, you really think contributions are not reviewed before being released? If what you claim were true (this is one of the poorest arguments of Microsoft against OSS, by the way...), OSS would be HELL already. This argument just doesn't work. It just proves you don't know OSS.
When a vulnerability is discovered, it will get fixed much more quickly than it will take for a "hacker" to exploit it. One of the reasons is that most "hackers" are much poorer programmers than the people who contribute positively to OSS. This is exactly why they've chosen not to do anything constructive with their skills, but destructive instead. There are a few exceptions here and there, but this is mostly how it all works. And not just in the software either. A thief usually has some "stealing" skills, but doesn't have enough skills to get money and recognition in a positive manner. Ok I'm digressing a little bit here, but you get the idea.
This is not a very well documented reply. Linux-based servers are very common, especially for web servers. And they are being attacked all of the time! The fact that the impact is usually minimal is due to both good administration practices and timely patches when needed. And slightly better security models implemented in the OS.
when using Firefox or Mozilla is the Java virtual machine, most often the Sun JRE is used. There are some security holes in the JRE and this has nothing to do with Firefox. I mean, if you think you're safe with Firefox - update your JVM first. Or don't use any. Bizarrely, nobody ever talks about the Sun JRE. It's very far from perfect though, and must certainly be taken into account.
The following claim, that I'm quoting here, is kind of "tricky" though, or so I think: Doesn't such an en extra license in addition to the GNU GPL violate the terms of the GPL or at least make the whole package GPL-incompatible?
No, because those extra license terms give you rights in addition to those of the GNU GPL, including the right to remove those extra license terms.
As I said, if you only access Paypal via its main address and not via a dubious link, you're fine. It can't happen. And people *must* begin to learn to be cautious on the Internet. And double check things when they access a "sensitive" site. How hard is it to check the "page properties"? And since someone talked about Paypal, Paypal itself says on its site never to access it via an external link. Now if you don't bother to read stuff written for your own security, what else do you expect?
And last but not least, people should know this. People should get some kind of basic education on using Internet, otherwise it's going to become Hell personified. Do what you wish, but if you don't give a damn, nobody will. You've been warned.
Communism is all about the "common good" and giving to the collectivity. OSS and free-sharing knowledge is just what Science has been for a very, very long time. It's sharing knowledge freely with one another, so that knowledge can grow. It's not giving blindly to the collectivity. Big difference. I surely would hope nobody (nobody decent, at least) would claim that Science is communism.
Actually, most harsh defenders of industrial IP rights "against" OSS and patent-free stuff are the ones who act more for the "collective good" in mind, even if that's not their primary intend. They are defending the rights of their company, or sometimes a whole industry, sometimes in a forceful mamner: to me, that closely looks a lot more soviet-like than the spirit behind OSS. They also are often the ones who stole stuff from others: but in a legal way. All you have to do is patent it first - even if you didn't invent it.
wxWidgets (formerly wxWindows) is a rather nice cross-platform toolkit. And it doesn't have any weird license, that I know of.
If you're porting an existing Qt-based app, that's good news I guess, but if not, I think you should just use wxWidgets. The license for Qt is too restrictive, and well, their interpretation of GPL, as others have noticed here, is kind of absurd. It's GPL, but not really. Depends. Isn't that against what GPL is really all about?
Well, offer people a worldwide, general purpose online service, like eBay is, and they will end up wrecking it, no matter what it is. This is what is slowly happening with eBay.
The biggest problem with eBay is that no one (buyers and sellers alike) is really legally liable for anything. The legal part is just a joke, for now. Until it improves, things will stay where they are.
Anyone should know better than to base their trust on being on a particular, secure web page only on the address shown in the address bar! Everyone should know that they shouldn't access secure web pages from external links.
If you write "Pope" on your forehead, do you think people will believe you're the pope? An by the way, funny that for once, the lack of a functionality actually "saves" IE, for one of the biggest security concern is ActiveX...
And in the very rare cases where it's needed, there can be various gateways to transfer code in executable area. But under precise control. I hear people claiming what you claim all of the time, but I fail to see one valid reason. There is not any.
I think you're kinda mistaken: this is probably what made modern consumer computing possible. Not "modern computing" in itself. By the way, have you ever heard of the Harvard architecture? Did you know it's not dead? And well, we can expand on it to have yet another new architecture.
All in all, I'll correct your claim: mixing data and code is what made modern unstability and unsecurity possible.
It's no secret that the system is screwed up. At least 3/4 of the patent applications are unpatentable things. The problem is that most of them get accepted nowadays. Mostly because there are far too many applications and far too less money to handle them all in a proper way. If I remember well, it all started back in 1990 when some really stupid decision was made in the US regarding patents.
If you have money, you can now get a patent. On almost anything.
One of these days, Microsoft will come up with a patent application on human reproduction. You won't be able to have a baby unless you pay a licence to Microsoft. The question is: will there be a "Baby Update" thingy, which will allow us to "patch" our babies whenever a health issue is discovered?
Well, you're right, but that's not all there is. Microsoft has never really bothered to be interoperable with others. But, and many people think that, its very force has been to be interoperable with all of their previous software, all of the time. Windows worked because it was interoperable with DOS. Windows XP worked (for the average user) because it was "interoperable" with Windows 95 with minimal glitches.
What people see in Microsoft is future. Not in the innovative sense, but in the "it's still going to be there" sense. They fail to see this in OSS. Of course, most of them don't know jack about OSS, but that's still not totally off-track.
But what they fail to realize, is that they, as customers, make the future. Isn't that time we customers started to take responsibility for our consumer behaviors?
He claims a lot of things, all of the time. Bill Gates is just a big claimer.
People tend to believe what he says, because they obviously think that someone who makes so much money can't be wrong.
But go read one of his books. Yes, he's a "writer" too. You're in for a good laugh: they are hilarious.
As to interoperability, how can he say such a stupid thing? OSS is all about standards. Microsoft, on the other hand, has publicly said many times that they didn't really care about standards if those were hindering Microsoft. So how can they talk about interoperability? They just don't care about it! It's like when they talk about security. They don't care either. But as it's "in" to talk about those topics nowadays, Billy just does.
Don't be too amazed. There have been other great smooth talkers in the past who have been able to make a big part of the world believe in what they said. Even when that was total bullshit.
It's irrelevant, actually. A bug is a bug. You can make them in any language. The consequences of the potential bugs are what matters. But only the implementation defines what a "buffer overflow" will actually do. Granted you can try and write past some allocated buffer in C (and C++). That doesn't mean the write should actually occur. That's the responsibility of the implementation, and mostly of the underlying operating system. I already said that earlier: the major problem we have been facing for decades on mainstream systems (and even some critical servers) is, in my opinion:
Allowing executing code from a purely 'data memory' space. That should never, ever be possible under any circumstances. I'll fight for that cause if I have to.
Poor 'data memory' protection. Ideally, the OS should be able to protect individual data areas, down to application buffers and variables.
There is nothing that would prevent from writing a C or C++ compiler for such an environment. Absolutely nothing.
You may not be able to "overflow" some data buffer in Java, but you can always write garbage to it. That's the same. As I said, the languages need not be fixed. The systems and the memory models do.
And trusting an anti-virus program instead of actually knowing how to know if your OS is healthy, that's maybe even worse than not having one at all.
I don't know if you noticed that too, but surprisingly (well, not!), people who have anti-virus proggies and completely trust them are the ones who constantly get viruses and need to re-install the whole system every month. Does that not tell you anything?
I for one have never used any anti-virus (well, I did have one when I owned a Mac Plus, many years ago, how funny is that!), and never got any virus. The rules are pretty simple: don't install any program you can't trust and never (I say never, no matter where they come from) launch any attached executable files from emails - even if you think they're gonna be "cute". On top of that, never use Word nor Outlook Express, and you're all set.
But believe it or not, when you tell people not to use those programs, they just don't want to listen to you! They feel like they would be sort of "left out" of something if they don't use them like everyone does. *Sighs*
Windows does indeed "suck" on some technical points, but it does not suck all that bad (talking about 2000, XP and 2003 here).
The problem is the customer. Not the product. Microsoft makes whatever the average (well, very average) customer wants. They keep saying this. Just listen. There are open security holes in most Microsoft products, but a lot of them come from design choices that were made consciously because there was more demand on some features than there was potential anger from the customers the product was aimed at, at the time.
And even so, with some minimal education before using a computer running Windows, you just never get any virus or any worm. I've been using Windows for years, and I've never gotten any of those. Ever.
The problem that Microsoft is now facing is that they actually counted on their customers' stupidity to be successful, but I think they never realized how stupid they would be. Microsoft has been "out-dumbed". So to speak.
I agree though that they have given the masses the proper weapon to shoot themselves in the foot - and that they must be held accountable for it. When people open their eyes, Microsoft will become what it should have been in the first place: a software company, nothing more, nothing less.
Whatever happens in the future, I strongly suggest to promote alternatives. That's just healthy.
Unfortunately, this is a sad joke. It doesn't come even close to the Mac Mini's computing power (the 1.42GHz G4 processor is much, much faster than the Via C3 1GHz, which, for a lack of a better word, sucks); the items required don't even ship yet (the nano itx motherboard), and when they do, it's going to be very expensive. Then the graphics card in the Mac Mini is much more powerful than the integrated graphics controller on the Via board, which is barely adequate for very basic use.
Apple is a heck of a lot ahead of time for now. Everyone who has toyed with the idea of making the smallest PC computer possible will have to agree.
There is just no PC motherboard yet which can fit the bill. Not to talk about cooling, which would be way to huge to fit in a small box like this and get the same amount of processing power than a 1.4 GHz G4.
I'm constantly looking for that rare beast, but it's never coming. I thought the new BTX standard would get us closer to it, but no! The micro-BTX size is even larger than a micro-ATX. VIA has nice stuff, but it really lacks of processing power and I just don't see it going anywhere in the long run.
As for me, I just think they're more interested in patenting something (whatever that is) than in privacy.
There is a huge trend in security and privacy matters, whereas it looks to me as though we're losing privacy in the process at the speed of light. Just take DRM, for instance: it's the exact opposite of privacy. It just protects a big industry that doesn't even need protection, and it lets the "little people" at their mercy, without any privacy left.
is the security level that can be achieved with such a processor; not the fact that it can run "several OSs at the same time", which is just a by-product of its architecture.
Apart from some real crude memory protection, modern "mainstream" processors hadn't had any kind of abstraction/security feature, so I think this is good news. And if that ever succeeds in a reasonably "mainstream" future Apple computer, along with a hardened Mac OS, the couple Intel/Microsoft or even AMD/Microsoft are in for a rough ride...
That's true to some extent. But the necessity of such a fast access time remains unclear. We use sophisticated caching mechanisms to make up for it, that are usually enough to make the ball rolling, so to speak.
I think there are a lot of other ways to improve the "memory models" currently in use. I'll just take an example: the way our brain functions. Typical "reaction time" is in the order of tens of milliseconds in our brain. But what can be done in that time lapse is impressively phenomenal.
The guy, in this article, says that flash rom "is faster" than discs.
If you're comparing a plain flash eeprom chip (nothing fancy) and the latest hard drives, this is clearly false. My current hard drive sustains a 50-60 Mbytes/s fingers in the nose, and a lot of fancier hard drives can get much more throughput than that. That's about 16 ns/byte. I don't know of a lot of flash eeprom chips that have such a low access time. Of course, you could always "stack" up several of them so as to widen the data path (128, 256, even more maybe? bytes in a row). That would solve the read time. Write time is still pretty much a lot longer than on most hard drives, though. Even if you widened the data path a lot. Which would cause other problems.
Just a thought. I think the author was a bit quick here. Motionless storage devices may be the future, but I don't see it coming any time soon. There is still a lot to be doing in solid-state memory before we can achieve this.
Slashdot Mirror
Come on, you really think contributions are not reviewed before being released? If what you claim were true (this is one of the poorest arguments of Microsoft against OSS, by the way...), OSS would be HELL already. This argument just doesn't work. It just proves you don't know OSS.
When a vulnerability is discovered, it will get fixed much more quickly than it will take for a "hacker" to exploit it. One of the reasons is that most "hackers" are much poorer programmers than the people who contribute positively to OSS. This is exactly why they've chosen not to do anything constructive with their skills, but destructive instead. There are a few exceptions here and there, but this is mostly how it all works. And not just in the software either. A thief usually has some "stealing" skills, but doesn't have enough skills to get money and recognition in a positive manner. Ok I'm digressing a little bit here, but you get the idea.
This is not a very well documented reply. Linux-based servers are very common, especially for web servers. And they are being attacked all of the time! The fact that the impact is usually minimal is due to both good administration practices and timely patches when needed. And slightly better security models implemented in the OS.
when using Firefox or Mozilla is the Java virtual machine, most often the Sun JRE is used. There are some security holes in the JRE and this has nothing to do with Firefox. I mean, if you think you're safe with Firefox - update your JVM first. Or don't use any. Bizarrely, nobody ever talks about the Sun JRE. It's very far from perfect though, and must certainly be taken into account.
Thanks for pointing me to the FAQ.
The following claim, that I'm quoting here, is kind of "tricky" though, or so I think:
Doesn't such an en extra license in addition to the GNU GPL violate the terms of the GPL or at least make the whole package GPL-incompatible? No, because those extra license terms give you rights in addition to those of the GNU GPL, including the right to remove those extra license terms.
As I said, if you only access Paypal via its main address and not via a dubious link, you're fine. It can't happen. And people *must* begin to learn to be cautious on the Internet. And double check things when they access a "sensitive" site. How hard is it to check the "page properties"? And since someone talked about Paypal, Paypal itself says on its site never to access it via an external link. Now if you don't bother to read stuff written for your own security, what else do you expect?
And last but not least, people should know this. People should get some kind of basic education on using Internet, otherwise it's going to become Hell personified. Do what you wish, but if you don't give a damn, nobody will. You've been warned.
But I don't agree with that point in the least.
Communism is all about the "common good" and giving to the collectivity. OSS and free-sharing knowledge is just what Science has been for a very, very long time. It's sharing knowledge freely with one another, so that knowledge can grow. It's not giving blindly to the collectivity. Big difference. I surely would hope nobody (nobody decent, at least) would claim that Science is communism.
Actually, most harsh defenders of industrial IP rights "against" OSS and patent-free stuff are the ones who act more for the "collective good" in mind, even if that's not their primary intend. They are defending the rights of their company, or sometimes a whole industry, sometimes in a forceful mamner: to me, that closely looks a lot more soviet-like than the spirit behind OSS. They also are often the ones who stole stuff from others: but in a legal way. All you have to do is patent it first - even if you didn't invent it.
wxWidgets (formerly wxWindows) is a rather nice cross-platform toolkit. And it doesn't have any weird license, that I know of.
If you're porting an existing Qt-based app, that's good news I guess, but if not, I think you should just use wxWidgets. The license for Qt is too restrictive, and well, their interpretation of GPL, as others have noticed here, is kind of absurd. It's GPL, but not really. Depends. Isn't that against what GPL is really all about?
Well, offer people a worldwide, general purpose online service, like eBay is, and they will end up wrecking it, no matter what it is. This is what is slowly happening with eBay.
The biggest problem with eBay is that no one (buyers and sellers alike) is really legally liable for anything. The legal part is just a joke, for now. Until it improves, things will stay where they are.
It's merely a "trick".
Anyone should know better than to base their trust on being on a particular, secure web page only on the address shown in the address bar! Everyone should know that they shouldn't access secure web pages from external links.
If you write "Pope" on your forehead, do you think people will believe you're the pope? An by the way, funny that for once, the lack of a functionality actually "saves" IE, for one of the biggest security concern is ActiveX...
SO when was the last time you needed it?
And in the very rare cases where it's needed, there can be various gateways to transfer code in executable area. But under precise control. I hear people claiming what you claim all of the time, but I fail to see one valid reason. There is not any.
I think you're kinda mistaken: this is probably what made modern consumer computing possible. Not "modern computing" in itself. By the way, have you ever heard of the Harvard architecture? Did you know it's not dead? And well, we can expand on it to have yet another new architecture.
All in all, I'll correct your claim: mixing data and code is what made modern unstability and unsecurity possible.
It's no secret that the system is screwed up. At least 3/4 of the patent applications are unpatentable things. The problem is that most of them get accepted nowadays. Mostly because there are far too many applications and far too less money to handle them all in a proper way. If I remember well, it all started back in 1990 when some really stupid decision was made in the US regarding patents.
If you have money, you can now get a patent. On almost anything.
One of these days, Microsoft will come up with a patent application on human reproduction. You won't be able to have a baby unless you pay a licence to Microsoft. The question is: will there be a "Baby Update" thingy, which will allow us to "patch" our babies whenever a health issue is discovered?
Well, you're right, but that's not all there is. Microsoft has never really bothered to be interoperable with others. But, and many people think that, its very force has been to be interoperable with all of their previous software, all of the time. Windows worked because it was interoperable with DOS. Windows XP worked (for the average user) because it was "interoperable" with Windows 95 with minimal glitches.
What people see in Microsoft is future. Not in the innovative sense, but in the "it's still going to be there" sense. They fail to see this in OSS. Of course, most of them don't know jack about OSS, but that's still not totally off-track.
But what they fail to realize, is that they, as customers, make the future. Isn't that time we customers started to take responsibility for our consumer behaviors?
He claims a lot of things, all of the time. Bill Gates is just a big claimer.
People tend to believe what he says, because they obviously think that someone who makes so much money can't be wrong.
But go read one of his books. Yes, he's a "writer" too. You're in for a good laugh: they are hilarious.
As to interoperability, how can he say such a stupid thing? OSS is all about standards. Microsoft, on the other hand, has publicly said many times that they didn't really care about standards if those were hindering Microsoft. So how can they talk about interoperability? They just don't care about it! It's like when they talk about security. They don't care either. But as it's "in" to talk about those topics nowadays, Billy just does.
Don't be too amazed. There have been other great smooth talkers in the past who have been able to make a big part of the world believe in what they said. Even when that was total bullshit.
It's irrelevant, actually. A bug is a bug. You can make them in any language. The consequences of the potential bugs are what matters. But only the implementation defines what a "buffer overflow" will actually do. Granted you can try and write past some allocated buffer in C (and C++). That doesn't mean the write should actually occur. That's the responsibility of the implementation, and mostly of the underlying operating system. I already said that earlier: the major problem we have been facing for decades on mainstream systems (and even some critical servers) is, in my opinion:
Allowing executing code from a purely 'data memory' space. That should never, ever be possible under any circumstances. I'll fight for that cause if I have to.
Poor 'data memory' protection. Ideally, the OS should be able to protect individual data areas, down to application buffers and variables. There is nothing that would prevent from writing a C or C++ compiler for such an environment. Absolutely nothing.
You may not be able to "overflow" some data buffer in Java, but you can always write garbage to it. That's the same. As I said, the languages need not be fixed. The systems and the memory models do.
Exactly. Very true.
And trusting an anti-virus program instead of actually knowing how to know if your OS is healthy, that's maybe even worse than not having one at all.
I don't know if you noticed that too, but surprisingly (well, not!), people who have anti-virus proggies and completely trust them are the ones who constantly get viruses and need to re-install the whole system every month. Does that not tell you anything?
I for one have never used any anti-virus (well, I did have one when I owned a Mac Plus, many years ago, how funny is that!), and never got any virus. The rules are pretty simple: don't install any program you can't trust and never (I say never, no matter where they come from) launch any attached executable files from emails - even if you think they're gonna be "cute". On top of that, never use Word nor Outlook Express, and you're all set.
But believe it or not, when you tell people not to use those programs, they just don't want to listen to you! They feel like they would be sort of "left out" of something if they don't use them like everyone does. *Sighs*
Windows does indeed "suck" on some technical points, but it does not suck all that bad (talking about 2000, XP and 2003 here).
The problem is the customer. Not the product. Microsoft makes whatever the average (well, very average) customer wants. They keep saying this. Just listen. There are open security holes in most Microsoft products, but a lot of them come from design choices that were made consciously because there was more demand on some features than there was potential anger from the customers the product was aimed at, at the time.
And even so, with some minimal education before using a computer running Windows, you just never get any virus or any worm. I've been using Windows for years, and I've never gotten any of those. Ever.
The problem that Microsoft is now facing is that they actually counted on their customers' stupidity to be successful, but I think they never realized how stupid they would be. Microsoft has been "out-dumbed". So to speak.
I agree though that they have given the masses the proper weapon to shoot themselves in the foot - and that they must be held accountable for it. When people open their eyes, Microsoft will become what it should have been in the first place: a software company, nothing more, nothing less.
Whatever happens in the future, I strongly suggest to promote alternatives. That's just healthy.
Do we have any sample of Windows' handwriting? That could explain a lot. :)
Unfortunately, this is a sad joke. It doesn't come even close to the Mac Mini's computing power (the 1.42GHz G4 processor is much, much faster than the Via C3 1GHz, which, for a lack of a better word, sucks); the items required don't even ship yet (the nano itx motherboard), and when they do, it's going to be very expensive. Then the graphics card in the Mac Mini is much more powerful than the integrated graphics controller on the Via board, which is barely adequate for very basic use. Apple is a heck of a lot ahead of time for now. Everyone who has toyed with the idea of making the smallest PC computer possible will have to agree. There is just no PC motherboard yet which can fit the bill. Not to talk about cooling, which would be way to huge to fit in a small box like this and get the same amount of processing power than a 1.4 GHz G4. I'm constantly looking for that rare beast, but it's never coming. I thought the new BTX standard would get us closer to it, but no! The micro-BTX size is even larger than a micro-ATX. VIA has nice stuff, but it really lacks of processing power and I just don't see it going anywhere in the long run.
As for me, I just think they're more interested in patenting something (whatever that is) than in privacy. There is a huge trend in security and privacy matters, whereas it looks to me as though we're losing privacy in the process at the speed of light. Just take DRM, for instance: it's the exact opposite of privacy. It just protects a big industry that doesn't even need protection, and it lets the "little people" at their mercy, without any privacy left.
is the security level that can be achieved with such a processor; not the fact that it can run "several OSs at the same time", which is just a by-product of its architecture. Apart from some real crude memory protection, modern "mainstream" processors hadn't had any kind of abstraction/security feature, so I think this is good news. And if that ever succeeds in a reasonably "mainstream" future Apple computer, along with a hardened Mac OS, the couple Intel/Microsoft or even AMD/Microsoft are in for a rough ride...
Very well put. Your posts are "refreshing". I think you've just nailed it.
Yep. Not to mention that the projected image is very detailed for such a device and clearly is more than 320x200.
Do you mean to say that Microsoft products actually promote pornography, and that's why they are so successful (for the time being, anyway)? :D
That's true to some extent. But the necessity of such a fast access time remains unclear. We use sophisticated caching mechanisms to make up for it, that are usually enough to make the ball rolling, so to speak. I think there are a lot of other ways to improve the "memory models" currently in use. I'll just take an example: the way our brain functions. Typical "reaction time" is in the order of tens of milliseconds in our brain. But what can be done in that time lapse is impressively phenomenal.
The guy, in this article, says that flash rom "is faster" than discs. If you're comparing a plain flash eeprom chip (nothing fancy) and the latest hard drives, this is clearly false. My current hard drive sustains a 50-60 Mbytes/s fingers in the nose, and a lot of fancier hard drives can get much more throughput than that. That's about 16 ns/byte. I don't know of a lot of flash eeprom chips that have such a low access time. Of course, you could always "stack" up several of them so as to widen the data path (128, 256, even more maybe? bytes in a row). That would solve the read time. Write time is still pretty much a lot longer than on most hard drives, though. Even if you widened the data path a lot. Which would cause other problems. Just a thought. I think the author was a bit quick here. Motionless storage devices may be the future, but I don't see it coming any time soon. There is still a lot to be doing in solid-state memory before we can achieve this.