Having a fix already in the development version puts a significant damper on those that would exploit it. They know the hole is closing soon and as a consequence its not necessarily worth putting a significant effort into it. It probably would be more effective to work on another exploit that isn't known and perhaps won't be known until you start exploiting it on a large scale.
Sure it is possible someone could exploit or is exploiting it in the mean time. Is it likely that the more effective amongst black hats have moved on to other areas of interest? If it's not effectively being exploited, is someone going to put in the effort knowing that it will be cut off soon and very likely sooner if they're marginally successful at it?
Who said anything about drivers? I'm not talking about drivers. I'm talking about user space applications.
I could go on for days listing Windows applications which do not install drivers yet require a reboot to finish the install process. Why does a Windows word processor, document viewer, IM client, etc a reboot? On Linux I simply install the application and start using it. For updates, I restart the application and continue on. No reboot or log out required.
Also logging out and in is much less of an interruption than a reboot. It's much faster than rebooting and you don't throw away all of your file system's cache. For many applications, the result is a significant discount on startup time.
What operating system doesn't need to reboot for a kernel update? I use Ubuntu on a few PCs, and when Update Manager installs an update for the Linux image and Linux modules, it always asks for a reboot.
I think the relevant question in the back of peoples minds is: What OS needs to reboot after installing/updating a user space application? Of the OSes available Windows is by far the most reboot happy OS of them all, kernel update or not. And since when do applications need to update the Windows kernel? Isn't that Windows Update's job?
Even where boot times are fast (eg like on Linux) I have a preference to not reboot. Its an interruption to work/play flow and it discards disk cache memory.
If rebooting is a significant metric to you, Linux is probably amongst cheapest and Windows is by far the most expensive.
There are plenty of big things to gripe about WRT Linux. No need to make them up.
You don't need to invade privacy to put up relevant ads.
If the content of a page is about tuning muscle cars for performance it stands to reason that an ad for an auto parts store is more relevant than an ad for fingernail polish. If the content of the page is interesting to the user and the ad has to do with something on the page then it stands to reason that the ad is relevant.
Broadcast TV has been doing for about as long as TV has existed. Watch a home improvement show and you get more ads for home improvement tools and materials. Watch a show about cars and you'll see ads for oil, spark plugs, fuel additives, etc.
Are TV ads ineffective and irrelevant because they don't look though your TV set to see what your living room looks like?
If you want to make money off of ads as a content provider you must insure they don't piss your users off. Ars has more control over what ads get shown than users do. Its up to Ars to insure quality ads. If they force the user to do the quality control then they will lose out. If their ad providers don't offer some level of control then Ars should get their ad revenue from somewhere else.
It doesn't get any simpler. If you want users to view your ads then make sure they don't piss them off.
It would be nice if I could go to a web site and find a seal/logo that indicated that the site doesn't tolerate badvertisements and that its safe to turn ad blockers off. Use of the logo would would be restricted to sites that insure some level of user control, feed back, and quality. Abuse the logo, 3 strikes, lose it for good, get a new domain.
Why does Microsoft need to control it? A third party software vendor would simply add an update source to the package management system. The package management would simply iterate through all the update sources and grab updates.
You can, for example, add a third party update source to Ubuntu and have it completely out of Canonical's control despite using the same package management system.
I don't implicitly approve of the on going vendor lock in. I don't accept the notion that because windows is "already the predominant gaming OS" that it should be forever that way. Of course Linux and Mac users should express their disapproval for this non-portable technology.
And haven't we learned that putting a non-portable proprietary technology in a browser is a slap in the face to all? After all this work to rid the world of broken IE only pages you want to hand the lock-in back to that wonderful vendor we know as Microsoft?
What is this noise about iPhones? Is there a notable phone out there using using Microsoft's D3D?
Since you're the "bigger numbers means better" type of guy: There are more gas guzzling, climate changing, SUVs out there than cleaner alternative energy cars. Obviously they're the better choice. We must appeal to the masses right? Or we could just break away from harmful technology.
I find it interesting that people think that old people are going to have the most trouble with technology. Really if you look at how much technology changed over the years they've seen more change than your average youngster. I've found that many old geezers are more comfortable with technology changing than some middle aged geeks.
Once you accept that it is new technology and it is different than that you've seen before the learning curve isn't as steep. Children don't have a prejudice about technology and old people can often overcome their prejudice faster having done so many times over the years. Its everyone in between that is the problem.
I don't mean to derail the conversation. I'm not trying to say Linux is easy or hard or that you will or will not end up in a support nightmare. Just that in my experience ease of use within an age bracket isn't really that reliable of a metric. Yet the very young and old are often used as "proof" that Linux is easy.
(I learned at an early age to not underestimate those who yell at you to get off their lawn. They can be crafty sons of bitches in their old age. They will get you.)
I'm going to go out on a limb here and say: so what. Do tech communities matter to non-techies? Do former Windows users need or want a community? Even though they didn't need one when using Windows? The word from the Linux communities is that it is easy enough for anyone and easier than Windows. It just works, right?
Don't get me wrong, I'm not trolling for Windows and it's great that Ubuntu has a community too. There is value for many in having a friendly community to scrape tech tips from. I just wonder if it really matters to a non-techie who is just looking to play videos, send e-mail, and visit Facebook.
If they were going without because the price was to high that would be capitalism. Taking something without paying for it because it costs to much is not capitalism.
Until I need a disk in my CD/DVD drive and/or an Internet connection for single player mode. Or until it's used as an excuse to inflate the price of entertainment.
Bla bla bla victim of popularity. Yes you can expect your popular product to be attacked more because of its popularity. But that doesn't excuse the vendor of fixing it. The same popularity should (if your business model isn't full of fail) enable you to audit your code and respond to vulnerabilities faster. The number of attacks are up but so is your research and development funding.
The problem is that even though a vendor knows the attacks are coming and often has the resources to head it off, very often the vendor doesn't bother doing anything until just before or very quickly after the bad press happens.
Expect Adobe's products to be bad for security until they've accumulated enough bad press and then they'll miraculously become much better. They won't be immune but they'll be on par with unpopular software's security (which is often by obscurity).
Security is not proportional to popularity. If it were than the IE product line would NOT have improved nearly as much as it has. If it's proportional to anything its proportional to the amount of effort you put into making it secure. IE got better because there was lots of press that said Firefox is better for your security.
Same with Windows. Windows got much better at security even though its popularity didn't change in a significant way. As a fan boy you must agree that Windows did get better and you also must agree that Windows isn't any less popular. Ergo the popularity==insecure doesn't work well for you. (Unless you wish to tell me that Windows is still the same insecure pile of crap it always has been. I'm happy with that.)
... when the problem of Flash cookies came to light several months ago.
several: of an indefinite number more than 2 or 3 but not many.
Most of us knew about this many months ago. If you only found out several months ago you are behind the curve.
It would be nice if Adobe was responding to an issue that was discovered several months ago but this has been around and known for quite some time. Make no mistake about it Adobe isn't being quick to respond to the issue.
I don't expect them to be. I do expect them not to treat me like shit when I find do a production glitch. The hardware is defective out of the box they need to fix it. It is that simple.
It is NOT about shipping a defective product. It's about not honoring the warranty which I paid extra for. If a company can't stand behind their warranty then it doesn't deserve your business.
Ease of RMA and warranty honoring is huge. It's impossible to ship perfection every time. Yet that's just about what is necessary in the world of data storage. I'm a reasonable guy and I expect the same from companies I do business with.
It only took one bad experience with Seagate and I'll not be back. Wasn't that the drive failed out of the box (shit happens). It was the simple fact that their RMA process was stupid. At one point I even had some brain dead idiot tell me that Linux wasn't supported and come short of telling me to GTFO and use Windows. Since I'm in a position to stop it, Seagate isn't used at work either for the same reason (We use that ridiculous OS there too). They basically will run you in circles telling you that the drive works fine.
Warranty doesn't mean shit if it cost you $300 (eg the cost of the product) worth of your time to get it honored. Customer service does matter after the sale.
Obviously, that wouldn't work well in the commercial closed source market.
It can and does work fine and there's a lot of value in it.
1. Developers don't have to re-invent the install and update wheel for every application. 2. Users get a consistent UI for installing and updating software. (For example, users don't have 30 different trey icons all telling them in a slightly different way that they have updates) 3. You don't need extra per application processes running in the background checking for updates. Don't need extra startup junk doing it either. 4. The user doesn't need do it all manually (although it's still an option)
Why should any one company be charged with hosting every other companies compiled code when they gain nothing from doing so?
Packages don't need to or have to be all hosted in the same repository. You can have your package management system connect to as many as you like. Your distribution doesn't even have to know or approve of 3rd party software installed this way. I don't know where you get the idea that it all must come from one singular centralized source.
I don't think you understand how package management systems work.
I don't follow your reasoning. Yes distributions often tweak various software when they compile and package it. That's a benefit of open source. It's not a requirement that all software be tweaked, compiled, packaged, and blessed by your distribution. A third party can still package their own software and host it in a repository if they want.
Modern package management systems can pull form multiple sources, resolve dependencies across multiple sources, and allow the user to select preferred packages. The packages don't have to come from the distribution directly.
For example, Opera provides packages for ALT Linux, Arch, CentOS, Debian, Fedora, Gentoo, MEPIS, Mandriva, Mint, RedHat, Sabayon, Slackware, SuSE, and Ubuntu. Obviously there's nothing stopping them from packaging their binaries for Linux. If they wanted to all they'd have to do is host them in a repository and you could get regular updates to their software.
Your "feature" merely exposes a deficiency in the OS tool set. That Microsoft's software update process is exclusive to Microsoft products. It would be nice if I could run update and get a new flash, java, etc. Instead every application has to write it's own update software to check for updates and install them. It leads to all sorts of annoying crap from vendors like tray icons and background processes that run all the time just to see if there's an update.
Contrast with your typical Linux distribution where all software can be installed and updated with the same package management system. A third party could provide a repository that the user could just add to their package management system for seamless and "native" update support.
In the code once ship to all category wouldn't Linux be the choice here? If Mono supports a subset of Microsoft's.NET wouldn't that lead to developing on Linux to insure the overlap? (Assuming that the developer actually cares about being Linux compatible in the first place and not just getting lucky that it might work someday on Linux)
And what of all the mixed mode crap that won't work on Linux at all? These mixed mode applications make calls to Windows APIs that (outside of Wine) don't exist on Linux. Developing on Linux insures compatibility to a much larger extent than developing on Windows. Wouldn't it be more attractive to develop on Linux if you care about compatibility?
Or it could be that developers are just going to develop for Windows anyway (where the users are) and Mono's existence just gives.NET developers an opportunity to have a Linux afterthought.
At any rate, Mono provides an opportunity to use code that would have otherwise required a Windows box. This is significant because now the user has more than one option in the OS bracket.
But accounts still get compromised left and right.
More accurately, the Windows machines of users with Blizzard accounts are compromised left and right as a means to compromise a Blizzard account. The system gets compromised and then phones home with account credentials as users log in. Blizzard combats this with a key chain authenticator. Doesn't stop the machine from being infected but insures that when the user name/password makes it to the wrong hands it is not useful because the attackers don't have the 3rd login credential (which is time sensitive and cryptographically generated by a separate physical device).
Slashdot Mirror
Having a fix already in the development version puts a significant damper on those that would exploit it. They know the hole is closing soon and as a consequence its not necessarily worth putting a significant effort into it. It probably would be more effective to work on another exploit that isn't known and perhaps won't be known until you start exploiting it on a large scale.
Sure it is possible someone could exploit or is exploiting it in the mean time. Is it likely that the more effective amongst black hats have moved on to other areas of interest? If it's not effectively being exploited, is someone going to put in the effort knowing that it will be cut off soon and very likely sooner if they're marginally successful at it?
Bottom line is, Windows is reboot happy next to other non Windows OSes.
I can install, update, remove, and even crash applications without reboot or logout on other non-Windows OSes.
Again, if downtime due to rebooting is a significant metric for you, Windows is not your best choice.
Who said anything about drivers? I'm not talking about drivers. I'm talking about user space applications.
I could go on for days listing Windows applications which do not install drivers yet require a reboot to finish the install process. Why does a Windows word processor, document viewer, IM client, etc a reboot? On Linux I simply install the application and start using it. For updates, I restart the application and continue on. No reboot or log out required.
Also logging out and in is much less of an interruption than a reboot. It's much faster than rebooting and you don't throw away all of your file system's cache. For many applications, the result is a significant discount on startup time.
I think the relevant question in the back of peoples minds is: What OS needs to reboot after installing/updating a user space application? Of the OSes available Windows is by far the most reboot happy OS of them all, kernel update or not. And since when do applications need to update the Windows kernel? Isn't that Windows Update's job?
Even where boot times are fast (eg like on Linux) I have a preference to not reboot. Its an interruption to work/play flow and it discards disk cache memory.
If rebooting is a significant metric to you, Linux is probably amongst cheapest and Windows is by far the most expensive.
There are plenty of big things to gripe about WRT Linux. No need to make them up.
You don't need to invade privacy to put up relevant ads.
If the content of a page is about tuning muscle cars for performance it stands to reason that an ad for an auto parts store is more relevant than an ad for fingernail polish. If the content of the page is interesting to the user and the ad has to do with something on the page then it stands to reason that the ad is relevant.
Broadcast TV has been doing for about as long as TV has existed. Watch a home improvement show and you get more ads for home improvement tools and materials. Watch a show about cars and you'll see ads for oil, spark plugs, fuel additives, etc.
Are TV ads ineffective and irrelevant because they don't look though your TV set to see what your living room looks like?
Exactly.
If you want to make money off of ads as a content provider you must insure they don't piss your users off. Ars has more control over what ads get shown than users do. Its up to Ars to insure quality ads. If they force the user to do the quality control then they will lose out. If their ad providers don't offer some level of control then Ars should get their ad revenue from somewhere else.
It doesn't get any simpler. If you want users to view your ads then make sure they don't piss them off.
It would be nice if I could go to a web site and find a seal/logo that indicated that the site doesn't tolerate badvertisements and that its safe to turn ad blockers off. Use of the logo would would be restricted to sites that insure some level of user control, feed back, and quality. Abuse the logo, 3 strikes, lose it for good, get a new domain.
Why does Microsoft need to control it? A third party software vendor would simply add an update source to the package management system. The package management would simply iterate through all the update sources and grab updates.
You can, for example, add a third party update source to Ubuntu and have it completely out of Canonical's control despite using the same package management system.
You Lost me.
I don't implicitly approve of the on going vendor lock in. I don't accept the notion that because windows is "already the predominant gaming OS" that it should be forever that way. Of course Linux and Mac users should express their disapproval for this non-portable technology.
And haven't we learned that putting a non-portable proprietary technology in a browser is a slap in the face to all? After all this work to rid the world of broken IE only pages you want to hand the lock-in back to that wonderful vendor we know as Microsoft?
What is this noise about iPhones? Is there a notable phone out there using using Microsoft's D3D?
Since you're the "bigger numbers means better" type of guy: There are more gas guzzling, climate changing, SUVs out there than cleaner alternative energy cars. Obviously they're the better choice. We must appeal to the masses right? Or we could just break away from harmful technology.
I find it interesting that people think that old people are going to have the most trouble with technology. Really if you look at how much technology changed over the years they've seen more change than your average youngster. I've found that many old geezers are more comfortable with technology changing than some middle aged geeks.
Once you accept that it is new technology and it is different than that you've seen before the learning curve isn't as steep. Children don't have a prejudice about technology and old people can often overcome their prejudice faster having done so many times over the years. Its everyone in between that is the problem.
I don't mean to derail the conversation. I'm not trying to say Linux is easy or hard or that you will or will not end up in a support nightmare. Just that in my experience ease of use within an age bracket isn't really that reliable of a metric. Yet the very young and old are often used as "proof" that Linux is easy.
(I learned at an early age to not underestimate those who yell at you to get off their lawn. They can be crafty sons of bitches in their old age. They will get you.)
I'm going to go out on a limb here and say: so what. Do tech communities matter to non-techies? Do former Windows users need or want a community? Even though they didn't need one when using Windows? The word from the Linux communities is that it is easy enough for anyone and easier than Windows. It just works, right?
Don't get me wrong, I'm not trolling for Windows and it's great that Ubuntu has a community too. There is value for many in having a friendly community to scrape tech tips from. I just wonder if it really matters to a non-techie who is just looking to play videos, send e-mail, and visit Facebook.
If they were going without because the price was to high that would be capitalism. Taking something without paying for it because it costs to much is not capitalism.
Piracy != capitalism.
Until I need a disk in my CD/DVD drive and/or an Internet connection for single player mode. Or until it's used as an excuse to inflate the price of entertainment.
Bla bla bla victim of popularity. Yes you can expect your popular product to be attacked more because of its popularity. But that doesn't excuse the vendor of fixing it. The same popularity should (if your business model isn't full of fail) enable you to audit your code and respond to vulnerabilities faster. The number of attacks are up but so is your research and development funding.
The problem is that even though a vendor knows the attacks are coming and often has the resources to head it off, very often the vendor doesn't bother doing anything until just before or very quickly after the bad press happens.
Expect Adobe's products to be bad for security until they've accumulated enough bad press and then they'll miraculously become much better. They won't be immune but they'll be on par with unpopular software's security (which is often by obscurity).
Security is not proportional to popularity. If it were than the IE product line would NOT have improved nearly as much as it has. If it's proportional to anything its proportional to the amount of effort you put into making it secure. IE got better because there was lots of press that said Firefox is better for your security.
Same with Windows. Windows got much better at security even though its popularity didn't change in a significant way. As a fan boy you must agree that Windows did get better and you also must agree that Windows isn't any less popular. Ergo the popularity==insecure doesn't work well for you. (Unless you wish to tell me that Windows is still the same insecure pile of crap it always has been. I'm happy with that.)
several: of an indefinite number more than 2 or 3 but not many.
Most of us knew about this many months ago. If you only found out several months ago you are behind the curve.
It would be nice if Adobe was responding to an issue that was discovered several months ago but this has been around and known for quite some time. Make no mistake about it Adobe isn't being quick to respond to the issue.
I don't expect them to be. I do expect them not to treat me like shit when I find do a production glitch. The hardware is defective out of the box they need to fix it. It is that simple.
It is NOT about shipping a defective product. It's about not honoring the warranty which I paid extra for. If a company can't stand behind their warranty then it doesn't deserve your business.
Ease of RMA and warranty honoring is huge. It's impossible to ship perfection every time. Yet that's just about what is necessary in the world of data storage. I'm a reasonable guy and I expect the same from companies I do business with.
It only took one bad experience with Seagate and I'll not be back. Wasn't that the drive failed out of the box (shit happens). It was the simple fact that their RMA process was stupid. At one point I even had some brain dead idiot tell me that Linux wasn't supported and come short of telling me to GTFO and use Windows. Since I'm in a position to stop it, Seagate isn't used at work either for the same reason (We use that ridiculous OS there too). They basically will run you in circles telling you that the drive works fine.
Warranty doesn't mean shit if it cost you $300 (eg the cost of the product) worth of your time to get it honored. Customer service does matter after the sale.
I don't follow this reasoning:
It can and does work fine and there's a lot of value in it.
1. Developers don't have to re-invent the install and update wheel for every application.
2. Users get a consistent UI for installing and updating software. (For example, users don't have 30 different trey icons all telling them in a slightly different way that they have updates)
3. You don't need extra per application processes running in the background checking for updates. Don't need extra startup junk doing it either.
4. The user doesn't need do it all manually (although it's still an option)
Packages don't need to or have to be all hosted in the same repository. You can have your package management system connect to as many as you like. Your distribution doesn't even have to know or approve of 3rd party software installed this way. I don't know where you get the idea that it all must come from one singular centralized source.
I don't think you understand how package management systems work.
I don't follow your reasoning. Yes distributions often tweak various software when they compile and package it. That's a benefit of open source. It's not a requirement that all software be tweaked, compiled, packaged, and blessed by your distribution. A third party can still package their own software and host it in a repository if they want.
Modern package management systems can pull form multiple sources, resolve dependencies across multiple sources, and allow the user to select preferred packages. The packages don't have to come from the distribution directly.
For example, Opera provides packages for ALT Linux, Arch, CentOS, Debian, Fedora, Gentoo, MEPIS, Mandriva, Mint, RedHat, Sabayon, Slackware, SuSE, and Ubuntu. Obviously there's nothing stopping them from packaging their binaries for Linux. If they wanted to all they'd have to do is host them in a repository and you could get regular updates to their software.
Your "feature" merely exposes a deficiency in the OS tool set. That Microsoft's software update process is exclusive to Microsoft products. It would be nice if I could run update and get a new flash, java, etc. Instead every application has to write it's own update software to check for updates and install them. It leads to all sorts of annoying crap from vendors like tray icons and background processes that run all the time just to see if there's an update.
Contrast with your typical Linux distribution where all software can be installed and updated with the same package management system. A third party could provide a repository that the user could just add to their package management system for seamless and "native" update support.
In the code once ship to all category wouldn't Linux be the choice here? If Mono supports a subset of Microsoft's .NET wouldn't that lead to developing on Linux to insure the overlap? (Assuming that the developer actually cares about being Linux compatible in the first place and not just getting lucky that it might work someday on Linux)
And what of all the mixed mode crap that won't work on Linux at all? These mixed mode applications make calls to Windows APIs that (outside of Wine) don't exist on Linux. Developing on Linux insures compatibility to a much larger extent than developing on Windows. Wouldn't it be more attractive to develop on Linux if you care about compatibility?
Or it could be that developers are just going to develop for Windows anyway (where the users are) and Mono's existence just gives .NET developers an opportunity to have a Linux afterthought.
At any rate, Mono provides an opportunity to use code that would have otherwise required a Windows box. This is significant because now the user has more than one option in the OS bracket.
Typical Microsoft patch. It side steps the real issue: not having Noscript pre-installed too.
Sorry, but I need them alive! Muhahahahahahahh! Nom Nom Nom Nom!
More accurately, the Windows machines of users with Blizzard accounts are compromised left and right as a means to compromise a Blizzard account. The system gets compromised and then phones home with account credentials as users log in. Blizzard combats this with a key chain authenticator. Doesn't stop the machine from being infected but insures that when the user name/password makes it to the wrong hands it is not useful because the attackers don't have the 3rd login credential (which is time sensitive and cryptographically generated by a separate physical device).
DirectX 11 in a mobile device? So the device doubles as a hairdryer?