Oh for fucks sake. Have you not read the W3Schools disclaimer on their stats? They warn you not to take their results at face value because they will be biased by the fact that their viewers are generally web developers, who are more open to alternative browsers.
Also, W3Schools != W3C, who don't publish their stats.
People need to stop modding this shit as insightful. Explorer isn't based on Internet Explorer either.
What you perceive as Safari is two components: Safari, and WebKit. WebKit is something you can't remove from Mac OS, as the shell would die horribly without it. You can happily drag Safari to the trash.
What you perceive as Internet Explorer is two components: Internet Explorer, and Trident. Trident is something you can't remove from Windows, as the shell would die horribly without it. You can happily drag Internet Explorer to the recycle bin (with one caveat: Windows will try replace it without some coaxing).
As you can see, the Safari and Internet Explorer arguments are one and the same, and people need to stop pretending that the Mac OS setup is somehow different.
Really? Has it occurred to you that we'd LOVE to upgrade past IE6 (and in fact, the majority of our users have admin access to their PCs and DO upgrade their browser or install Firefox without ITs blessing) but we can't because our vendors tell us they refuse to support anything except IE6?
Oh, and before you say "just use open source", in our market (and many other vertical markets - you'll note I say vertical markets because in many general markets open source is very good) open source software is neither available in any decent selection nor to an acceptable standard to consider.
Now THAT is correct, and I wont even try addressing that issue (because issue it is). I was addressing the point that anyone with a few hundred bucks can get a cert, when if you're paying a few hundred bucks, you're not buying from Godaddy.
UAC is as secure as sudo, or OS X's escalation dialog. Actually, it's slightly less secure than OS X's, as OS X also wants your password. Unless the OS X window runs in the user desktop context (i.e. easily keylogged) in which case it's less secure.
Funny, you'd bitch and whine if Microsoft just went along and installed any ActiveX control that wants it without asking.
Let me recap the steps to install an ActiveX control on Windows:
Click the info bar (because you don't want dialogs just popping up obscuring your work - that's Flash's job) Click Continue to the prompt warning you that IE has to elevate to do this (if the ActiveX control has a manifest demanding install for all users - Flash does) Click Continue to the "This comes from Adobe. Install it? You can also always trust this publisher and we'll never ask you again before installing anything cryptographically signed by this company" prompt.
There. I counted the security warnings: 1. The other dialogs: 1. If it's from a trusted company, only the first dialog will appear.
Now. How does it work on Firefox I wonder?
Click on the "Additional plugins are needed to display media on this page" message. Click Next. Click Next again. Read message telling you that Firefox can't auto-install this. Click finish. Adobe web page opens. Click Download. Click Save (because Open is disabled on EXEs). Wait for download. Double click download. Click Open File. Click Run. Click Next. Click Next. Click Finish. Close Firefox. Open Firefox. Reopen web page you wanted to go to. Media plays!
Difficult time doing so? It's the same model! Let me rephrase your post slightly:
AFAIK a flash exploit would still be running as your user and be very limited in what it can do.
To gain root access to your system it would have to piggyback on an independent root escalation exploit, or perhaps keylog the user escalating to root priviledges, if the OS allows user-level evesdropping on escalation dialogues.
So yes, the Vista security model is still a big improvement.
I believe OS X is trying to follow the same conventions, it's just having a difficult time doing so while trying to remain remotely backwards-compatible with the many apps coded for prior Mac OS versions that expect to be able to do anything to the system.
(I realise the following points: Mac OS X actually does a fairly decent job of it, and Mac OS doesn't even pretend to be backwards compatible with any apps coded for prior versions)
The way Vista's UAC works, is to actually create the UAC dialog on "the secure desktop" - basically it's the same context as the logon screen. At this point, only keyloggers installed as drivers would be able to intercept anything entered. And installing a driver requires administrative intervention. Unfortunately, this is where Windows' weak point comes in: the user. If the user clicks "Continue" (I don't know where "Cancel or Allow" comes from, the options are "Continue or Cancel") then there's not much the OS can or should do, eh?
It's the same for OS X, I believe. Not sure though if the escalation dialog is actually some sort of magic secure window.
You talk about Silverlight being worse than Flash because it uses ActiveX -- hey guess what... SO DOES FLASH!
ActiveX is not a platform, it's a specifically formatted way of producing a Dynamic Link Library that the browser can load it as a COM object (usually in the browser's context - so the users). It by definition cannot have security vulnerabilities - the host can, and the plugin can, but "ActiveX" can't.
Stream internet radio?!? I tried that. Within half an hour, I received a text message telling me I'd used 70% of my mobile data allowance for the month.
Did you know that Slashdot uses unencrypted connections? When you logged on to Slashdot to post your message, anybody in between could have easily got your username and password. If you and Slashdot had been using a self-signed certificate, it would have been less easy. Of course, a CA signed certificate would have been better.
Not really. The connection between Slashdot and I was encrypted with a wildcard SSL certificate issued by Geotrust to *.slashdot.org.
The PKI "authorities" do no checking. Anyone with a few hundred bucks can get a "valid" cert, so if you're relying on that...
Bullshit. If you are purchasing a cert from Verisign, Thawte, or any other major player (i.e. not a $30 cert from RapidSSL), they'll demand a physical address, copy of a utility bill with the company name on it, DUNS number (or other company registration proof), and they'll call to verify the company knows you're applying by digging up the company's phone number from a third party phone directory service. If you want an EV SSL cert, I've heard they start digging into financials too. I don't think that's "no checking" by any stretch of the term.
So it couldn't possibly be because on a Microsoft search engine, the terms people search for are more Microsoft-centric, thereby resulting in a biased pool of suggestions?
It couldn't possibly be because most people with a genuine interest in Linux are Microsoft-hating sheep who wouldn't dare go near a Microsoft search engine, resulting in a dearth of Linux-but-not-Microsoft related search terms?
I agree with you, but there's just one catch: we're not everyone.
There are people who do in fact not only want the computer to try guess what they meant, they expect it, and get their panties in a wad if the computer doesn't. That's who Bing's targeting, I think.
Seriously? That method is the worst thing I've ever seen. You basically have to hex edit the binary (in fact, you are). If we use that as an example of it being doable, you may as well say that Internet Explorer is easily removable from Windows*
* Requires nLite, a slipstreamed XP CD, and four hours.
I believe it's illegal to hold identifying information without the consent of the person it identifies. At least, in the UK I think. Definitely is here.
Here's the catch though - they're entitled to it. If they do not explicitly request it, then the copyright lapses (that's actually explained in the fact sheet, by the way). And according to the copyright office records (searchable from their website), the work 1984 by George Orwell does not have a current copyright registration.
No, you can trademark a phrase (as in a line of text that is specifically attached to your product, like Avis rental cars "we try harder") but you can not trademark a sound. You can only copyright a sound.
Oh for fucks sake. Have you not read the W3Schools disclaimer on their stats? They warn you not to take their results at face value because they will be biased by the fact that their viewers are generally web developers, who are more open to alternative browsers.
Also, W3Schools != W3C, who don't publish their stats.
People need to stop modding this shit as insightful. Explorer isn't based on Internet Explorer either.
What you perceive as Safari is two components: Safari, and WebKit. WebKit is something you can't remove from Mac OS, as the shell would die horribly without it. You can happily drag Safari to the trash.
What you perceive as Internet Explorer is two components: Internet Explorer, and Trident. Trident is something you can't remove from Windows, as the shell would die horribly without it. You can happily drag Internet Explorer to the recycle bin (with one caveat: Windows will try replace it without some coaxing).
As you can see, the Safari and Internet Explorer arguments are one and the same, and people need to stop pretending that the Mac OS setup is somehow different.
Really? Has it occurred to you that we'd LOVE to upgrade past IE6 (and in fact, the majority of our users have admin access to their PCs and DO upgrade their browser or install Firefox without ITs blessing) but we can't because our vendors tell us they refuse to support anything except IE6?
Oh, and before you say "just use open source", in our market (and many other vertical markets - you'll note I say vertical markets because in many general markets open source is very good) open source software is neither available in any decent selection nor to an acceptable standard to consider.
Why do you include a program to make web sites AND Visual Studio? Visual Studio has a quite nice HTML editor, thanks.
Yes, but there are no upgrade fees for going from say Windows XP to Windows XP SP2.
Compare to Mac OS X Tiger to Mac OS X Leopard, an equivalent jump.
Now THAT is correct, and I wont even try addressing that issue (because issue it is). I was addressing the point that anyone with a few hundred bucks can get a cert, when if you're paying a few hundred bucks, you're not buying from Godaddy.
Not in the US unfortunately. Here, Vodafone reckons that $1 for 10MB is actually GOOD.
UAC is as secure as sudo, or OS X's escalation dialog. Actually, it's slightly less secure than OS X's, as OS X also wants your password. Unless the OS X window runs in the user desktop context (i.e. easily keylogged) in which case it's less secure.
Funny, you'd bitch and whine if Microsoft just went along and installed any ActiveX control that wants it without asking.
Let me recap the steps to install an ActiveX control on Windows:
Click the info bar (because you don't want dialogs just popping up obscuring your work - that's Flash's job)
Click Continue to the prompt warning you that IE has to elevate to do this (if the ActiveX control has a manifest demanding install for all users - Flash does)
Click Continue to the "This comes from Adobe. Install it? You can also always trust this publisher and we'll never ask you again before installing anything cryptographically signed by this company" prompt.
There. I counted the security warnings: 1. The other dialogs: 1. If it's from a trusted company, only the first dialog will appear.
Now. How does it work on Firefox I wonder?
Click on the "Additional plugins are needed to display media on this page" message. Click Next. Click Next again. Read message telling you that Firefox can't auto-install this. Click finish. Adobe web page opens. Click Download. Click Save (because Open is disabled on EXEs). Wait for download. Double click download. Click Open File. Click Run. Click Next. Click Next. Click Finish. Close Firefox. Open Firefox. Reopen web page you wanted to go to. Media plays!
Difficult time doing so? It's the same model! Let me rephrase your post slightly:
AFAIK a flash exploit would still be running as your user and be very limited in what it can do.
To gain root access to your system it would have to piggyback on an independent root escalation exploit, or perhaps keylog the user escalating to root priviledges, if the OS allows user-level evesdropping on escalation dialogues.
So yes, the Vista security model is still a big improvement.
I believe OS X is trying to follow the same conventions, it's just having a difficult time doing so while trying to remain remotely backwards-compatible with the many apps coded for prior Mac OS versions that expect to be able to do anything to the system.
(I realise the following points: Mac OS X actually does a fairly decent job of it, and Mac OS doesn't even pretend to be backwards compatible with any apps coded for prior versions)
The way Vista's UAC works, is to actually create the UAC dialog on "the secure desktop" - basically it's the same context as the logon screen. At this point, only keyloggers installed as drivers would be able to intercept anything entered. And installing a driver requires administrative intervention. Unfortunately, this is where Windows' weak point comes in: the user. If the user clicks "Continue" (I don't know where "Cancel or Allow" comes from, the options are "Continue or Cancel") then there's not much the OS can or should do, eh?
It's the same for OS X, I believe. Not sure though if the escalation dialog is actually some sort of magic secure window.
That's the biggest load of bullshit in a while.
You talk about Silverlight being worse than Flash because it uses ActiveX -- hey guess what... SO DOES FLASH!
ActiveX is not a platform, it's a specifically formatted way of producing a Dynamic Link Library that the browser can load it as a COM object (usually in the browser's context - so the users). It by definition cannot have security vulnerabilities - the host can, and the plugin can, but "ActiveX" can't.
Is it used in education? Then yes.
Stream internet radio?!? I tried that. Within half an hour, I received a text message telling me I'd used 70% of my mobile data allowance for the month.
Not on a cellphone you don't (thanks Nokia!)
Er, I'm not from Europe. So there.
Besides, don't tell me you actually LIKE your government?
Did you know that Slashdot uses unencrypted connections? When you logged on to Slashdot to post your message, anybody in between could have easily got your username and password. If you and Slashdot had been using a self-signed certificate, it would have been less easy. Of course, a CA signed certificate would have been better.
Not really. The connection between Slashdot and I was encrypted with a wildcard SSL certificate issued by Geotrust to *.slashdot.org.
Actually, Slashdot does have SSL certificates. One for every single subdomain.
But only subscribers are allowed to use SSL connections.
(Posting over HTTPS. It's actually faster)
The PKI "authorities" do no checking. Anyone with a few hundred bucks can get a "valid" cert, so if you're relying on that ...
Bullshit. If you are purchasing a cert from Verisign, Thawte, or any other major player (i.e. not a $30 cert from RapidSSL), they'll demand a physical address, copy of a utility bill with the company name on it, DUNS number (or other company registration proof), and they'll call to verify the company knows you're applying by digging up the company's phone number from a third party phone directory service. If you want an EV SSL cert, I've heard they start digging into financials too. I don't think that's "no checking" by any stretch of the term.
So it couldn't possibly be because on a Microsoft search engine, the terms people search for are more Microsoft-centric, thereby resulting in a biased pool of suggestions?
It couldn't possibly be because most people with a genuine interest in Linux are Microsoft-hating sheep who wouldn't dare go near a Microsoft search engine, resulting in a dearth of Linux-but-not-Microsoft related search terms?
Please.
I agree with you, but there's just one catch: we're not everyone.
There are people who do in fact not only want the computer to try guess what they meant, they expect it, and get their panties in a wad if the computer doesn't. That's who Bing's targeting, I think.
Seriously? That method is the worst thing I've ever seen. You basically have to hex edit the binary (in fact, you are). If we use that as an example of it being doable, you may as well say that Internet Explorer is easily removable from Windows*
* Requires nLite, a slipstreamed XP CD, and four hours.
No, he's referring to the browser's search box.
Have you even fucking seen the browser?
I believe it's illegal to hold identifying information without the consent of the person it identifies. At least, in the UK I think. Definitely is here.
Oh, it's illegal all right. In many countries. Just because the US government doesn't give a crap about privacy, doesn't mean other countries don't.
Here's the catch though - they're entitled to it. If they do not explicitly request it, then the copyright lapses (that's actually explained in the fact sheet, by the way). And according to the copyright office records (searchable from their website), the work 1984 by George Orwell does not have a current copyright registration.
No, you can trademark a phrase (as in a line of text that is specifically attached to your product, like Avis rental cars "we try harder") but you can not trademark a sound. You can only copyright a sound.