The issue is so big that people from the entire IT industry, people driving the entire Internet can sit in same room at MS HQ which I believe was chosen for maximum security against espionage and agree on something and simultaneusly release updates without backstabbing eachother.
The money involved is billions. Lets not forget it. The Kaminsky flaming seems to come from jelousy, the.edu "mafia" and the fact that guy found some kind of security hole that it is there for 3 decades. It is a human thing really.
Working on multi billion Vista pre-release security should have give him enough credit already in professional terms and real life.
He deserves some kind of IT medal, that is what I thought while reading that excellently written article on my 320x200 phone screen and as I know he is an actual Slashdot user (saw his posts), I think he is clever to understand what slashdot comments/flaming are.
OS X Leopard (non Snow, the stable one) has fixed the problem. You just right click 64bit supporting software such as XCode 3 and click "Information", unclick "Run in 32bit" to run it on 64bit Mode. No weird -x64 ending files, no SET commands, no registry changes, nothing.
The pure 64bit Leopard (10.6, snow) will be looking like that too. No chaos, just a clever way of hiding things from user (and showing to nerd when asked).
Is it bigger? Well, everyone bitches about space of "Universal binary" (yea, lets abandon PPC!) and "Languages" but the space is actually 2 DVD rip images and nothing else.
They are x86 users. On x86, you get bonus registers etc. and commands. It is not like PPC or other CPUs, the x86 gets huge difference by going pure 64bit. I mean the performance etc.
So ideally your kernel, OS, frameworks and apps should be all 64bit to gain performance or something.
It is also one of the reasons why PPC-64 won't likely get Snow Leopard since PPC doesn't have such bonus stuff. If one sits and compiles "pure 64bit" Safari running on 64bit Kernel, it may actually run slower on PPC64 and it is not actually a bug or failure, it is the way CPU designed. Actually needing software such as Mathematica comes in 64bit and runs way better than 32 bit version on PPC64 of course.
Moonlight is not Microsoft software. Linux doesn't have an official, full feature Silverlight and likely will never have it. A half functioning, non 2.x compatible software being 64bit compilable is not big deal. Let them have to support 10 generations of software on 3 Major desktop operating systems having nothing to do with each other and the entire mobile/device scene. That is what Adobe has to do.
MS buddy Novell guys half functioning emulator coming with usual EULA traps is no comparison to a full feature, full supported Flash plugin.
Flash needs a rival but it is not Silverlight or its "open source" clones.
That is the issue with Firefox/Mozilla. They seem to ignore the enterprise requirements, how companies do things etc. As result, IE enjoys its kingdom on Windows desktop.
For example, while entire thing is documented, even open source package makers exist, they refuse to ship MSI packages. MSI is the Windows Native installer. It is not so different from shipping tar.gz to Redhat Enterprise and expect those sysadmins sit and convert them to RPM. It is same deal on OS X too while OS X doesn't have that many enterprise users. Normally, a.pkg should be provided.
Here is the entirely open source maker for MSI files coming from MS employee directly. (No moonlight/mono deal) http://wix.sourceforge.net/
No, Windows admins won't monkey around 2000 terminals to run "setup.exe" files. Some guys spare significant amount of time building their own MSI files just to satisfy Firefox fans.
If you can't run FF3, you better convert to Konqueror or Opera if they really stop security updates. Firefox is really popular and lots of 2.x users still exist. Black hats will sure use that advantage.
They seperated "Updates" with "New Software" now so you won't be pushed iTunes or other kind of software. So you better re install Apple software update (Safari installer should do it)
I tell you the real annoying bug. It erases cookies sometimes. Yes, the file itself (~Library/Cookies/Cookies.plist). It was documented by unsanity and said to be fixed at least on Intel but we, poor PPC users who made the mistake of jumping to Leopard still suffer from it.
What bugs me is the lack of documentation. Where is the data coming from? Is it offline or online (e.g. every URL submitted), how is the data secured?
1 Password added phishing protection to Safari long before Apple did and while being just a shareware developer, they gave all the details. It is powered by community powered phishtank (opendns).
Now, we gotta run Wireshark here to see where the data comes from, how it acts etc. The "live" online phishing check is a horrible privacy risk since every URL you visit must be sent to a third party for verification. That is why I hate anti phishing and telling non tech users to use 2 step login/ dynamic password generators (even J2ME versions exist) with their bank accounts. If their bank doesn't support it in age of 2008? Well, can move out to another bank.
I think the future means every single device having a IP, perhaps even human beings if you are paranoid.:)
Don't think about today, think about the future. Can you imagine every cell phone user somehow browses the net and plays some games?
It is not like today's concept, it is about the very weird and connected future. I agree demanding IPV6 from a consumer level ISP today is a bit overkill but recently my heater company called me and asked if I wanted my combination heater (Vaillant) to be connected to net. I asked if it is Windows some sort, they said "yes" and I said "good luck with that".
Didn't Linux kernel guys have hard time getting ACPI documents or implementing them thanks to "Tel" part of Wintel duopoly?
I wasn't on Linux that time but I remember once getting ACPI support was big deal on Linux. If Linux doesn't have that feature, it may have something to do with it.
The sad thing is, both Windows and OS X shouldn't need reboot most of the times but companies (even including MS and Apple themselves) keep that old World thing. So Developers take them as example and you end up rebooting 10x more than needed.
Ask the big company admins, they keep doing regsvr32, "net stop" etc. tricks saving users from reboot all the time. It has something to do with NTFS too but you can stop things most of the time and the files will be closed.
I just installed Apple CHUD 4.6.1 , a huge thing with system frameworks, kernel extensions, daemons to my Tiger (old) OS X. It didn't need reboot. Same time, Quicktime requires a reboot. Or a printer driver software.
and it does it on consumer level windows which is no way associated with long, stable uptimes. If there is memory leak, system leak, CPU hogging "service" it will be hibernated to disk and restored perfectly too.
just ask Mac Virtual PC 7 users why they stay away from saving virtual OS snapshot to disk and restoring it.
If there is a non enterprise windows version which has long uptimes without issues above, I apologise. I am not speaking about a Developer or nerd Windows desktop, a very regular one.
You mean Windows or OS X? Because OS X will likely fail (first time) trying to get network time because it doesn't even have IP yet. Until I figured out the real reason (async/parallel boot) I was watching my mac booting and saying "Idiot, you don't even have IP yet" to my computer. After watching that presentation, I figured it is part of that philosophy. Launch the ntpd process, let it take care of itself and only intervene if it crashes. Eventually, with a real IP, ntpd does get the time fine and exit until relaunched by launchd. If it was the windows logic, system would sit and wait for ntpd (Windows Time Service) to do its job adding more to boot process.
After Leopard, everything (Except kernel_task) is launchd now. Every single process has launchd as parent. It was different on Tiger. Even iPhone runs launchd on that deep level.
Launchd looks extremely good for server oriented stuff, that is why I wonder why not adopted. I mean, hopefully it is a purely technical reason as you describe, not political of any kind.
Of course, if Apple doesn't update documentation at their pages like http://developer.apple.com/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/BootProcess.html , I end up giving video references which is not really helpful. For example there shouldn't be any reason to reboot after kernel extension installation on Leopard and driver vendors still insist the old way of doing things even including manual removal of kernel extensions cache. I think Apple should explain things better before Redmond comes up with more "inventions" and millions of unnecessary boots.
Apple boot process does way more than the device drivers and services in async way, not exactly parallel. That happens thanks to launchd architecture. There is a direct architectural difference between both operating systems. Every single thing is fired at once and expected to take care of itself, independently. It is way more than XP's parallel driver loading. If it was the case, XP would boot way faster than Win 2k which I can assure you, it doesn't. Leopard does boot way faster without a single second of "freeze" unlike Tiger on same hardware.
Hopefully MS didn't remove the parallel booting of device drivers after XP RTM. They gave up some great things for mysterious reasons, check the Cairo Project done back in 1990s.
Trust me, Apple has hard time selling OS upgrades (major versions) to Windows Switchers.
Traditionally, Windows needs more CPU, RAM when upgraded and people won't believe an OS upgrade will actually make their system faster. Windows is such a brain washer. I had to prove the Mini G4 boots/performs better when Leopard installed to a friend thanks to Firewire external drive booting capability.
Same people will never try a different browser (or keep them installed) since they think having 5 browsers in/Applications does something bad to their system (slow down) or their OS even cares about it (except Launch services of course).
I found myself needlessly rebooting many times thanks to my own Windows brainwashing too.
Because gcc coming with XCode is so strict that it will not allow stuff which previous (Tiger) gcc allows. It even says things like "warnings are treated as errors". So, they were forced to code it very cleanly compared to previous Office which is in fact a gigantic Carbon monster.
Of course, as it is MS we talk about, they managed to install that clean code under user 502 (traditionally normal user account) which created a bit security panic. They have traditions you know:)
If MS did something like Apple adopting an open standard (OpenCL) and putting an ultra modern, accessible, documented multi core SDK like "Grand Central", there would be huge changes to CPU bound video encoding process.
Of course, they will go with ultra-mega-patched archaic libraries without putting anything new and accessible and watch Quicktime X doing amazing things on h264 encoding process which may lead to amazing things (it is open to developers). I bet they are still wondering how come OS X makes top 10 Amazon list whenever a major update releases.
If I trusted MS not to be opportunistic and actually do deep level changes which will make those archaic SDK using idiots mad, I would seriously watch MS Windows 7 development.
Even today, they started to make changes which will be in favour of their big software friends on unreleased OS. The "It will run whatever Vista can run" gives a big clue.
In Apple terms, they don't say to developers "Switch from Carbon to Cocoa or your app won't run and there is nothing you can do to change it." That is what Apple says to Microsoft itself and Adobe, imagine that. MS Office had to deal with very strict gcc coming with XCode 3. Now they say it is one of the best MS Office done on OS X. Guess why?:)
What happens if you install thousands of software titles, remove them, install tens of drivers/updates, remove them, install huge suites like MS Office, update them...
If I saw "Snow Leopard is 2x faster than Leopard", I wouldn't buy it too. The beta (pre beta) lacks something. Actual, real life usage. Nobody is mad enough to use a pre-beta OS as their main OS. I got MS Virtual PC 7 here with bare bones XP SP3 installed. Trust me, that junk boots faster than your core Duo/Quad real PC because it is very heavily maintained, almost nothing installed, nothing in registry etc.
What matters is, does it care about how many apps installed, removed, running or not? In Apple's sense, there are some real big, explainable architectural reasons why a Adobe Suite CS4 installed Mac is not different from a cleanly installed Mac. MS just says "we optimised this, we optimised that" without huge underlying changes which will really cost them for a while. Like moving from a single user OS to a Unix OS which runs Mach kernel with a real weird filesystem.
The very interesting thing about OS X 10.5 (Leopard) boot process is: It does nothing in order. It is parallel booting, firing all OS startup stuff at once and expects to do their jobs. That happens thanks to launchd architecture which I have no clue why not adopted by Linux or *BSD.
That is one of underrated features/changes of Leopard. Now the term "photocopy" comes from this: They do something like launchd without using the underlying Unix logic and architecture. So, there is a huge chance that it won't be scaled. I have really lost count of how many kernel extensions, startup items, daemons running on my Leopard but it boots exactly same speed as it was cleanly installed for first time. Just like I really don't care about 1000+.plist (pref) files on my user directory.
Something like DirectX, supported by a big company so big, commercial Developers can trust relying on. I hope it will be Apple adopted (in KHTML sense) SDL in future which relies on open standards.
Slashdot Mirror
The issue is so big that people from the entire IT industry, people driving the entire Internet can sit in same room at MS HQ which I believe was chosen for maximum security against espionage and agree on something and simultaneusly release updates without backstabbing eachother.
It must be one of the first in history.
That detail in page 3 ( http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky?currentPage=3 ) impressed me.
The money involved is billions. Lets not forget it. The Kaminsky flaming seems to come from jelousy, the .edu "mafia" and the fact that guy found some kind of security hole that it is there for 3 decades. It is a human thing really.
Working on multi billion Vista pre-release security should have give him enough credit already in professional terms and real life.
He deserves some kind of IT medal, that is what I thought while reading that excellently written article on my 320x200 phone screen and as I know he is an actual Slashdot user (saw his posts), I think he is clever to understand what slashdot comments/flaming are.
OS X Leopard (non Snow, the stable one) has fixed the problem. You just right click 64bit supporting software such as XCode 3 and click "Information", unclick "Run in 32bit" to run it on 64bit Mode. No weird -x64 ending files, no SET commands, no registry changes, nothing.
The pure 64bit Leopard (10.6, snow) will be looking like that too. No chaos, just a clever way of hiding things from user (and showing to nerd when asked).
Is it bigger? Well, everyone bitches about space of "Universal binary" (yea, lets abandon PPC!) and "Languages" but the space is actually 2 DVD rip images and nothing else.
They are x86 users. On x86, you get bonus registers etc. and commands. It is not like PPC or other CPUs, the x86 gets huge difference by going pure 64bit. I mean the performance etc.
So ideally your kernel, OS, frameworks and apps should be all 64bit to gain performance or something.
It is also one of the reasons why PPC-64 won't likely get Snow Leopard since PPC doesn't have such bonus stuff. If one sits and compiles "pure 64bit" Safari running on 64bit Kernel, it may actually run slower on PPC64 and it is not actually a bug or failure, it is the way CPU designed. Actually needing software such as Mathematica comes in 64bit and runs way better than 32 bit version on PPC64 of course.
Moonlight is not Microsoft software. Linux doesn't have an official, full feature Silverlight and likely will never have it. A half functioning, non 2.x compatible software being 64bit compilable is not big deal. Let them have to support 10 generations of software on 3 Major desktop operating systems having nothing to do with each other and the entire mobile/device scene. That is what Adobe has to do.
MS buddy Novell guys half functioning emulator coming with usual EULA traps is no comparison to a full feature, full supported Flash plugin.
Flash needs a rival but it is not Silverlight or its "open source" clones.
That is the issue with Firefox/Mozilla. They seem to ignore the enterprise requirements, how companies do things etc. As result, IE enjoys its kingdom on Windows desktop.
For example, while entire thing is documented, even open source package makers exist, they refuse to ship MSI packages. MSI is the Windows Native installer. It is not so different from shipping tar.gz to Redhat Enterprise and expect those sysadmins sit and convert them to RPM. It is same deal on OS X too while OS X doesn't have that many enterprise users. Normally, a .pkg should be provided.
Here is the entirely open source maker for MSI files coming from MS employee directly. (No moonlight/mono deal)
http://wix.sourceforge.net/
No, Windows admins won't monkey around 2000 terminals to run "setup.exe" files. Some guys spare significant amount of time building their own MSI files just to satisfy Firefox fans.
If you can't run FF3, you better convert to Konqueror or Opera if they really stop security updates. Firefox is really popular and lots of 2.x users still exist. Black hats will sure use that advantage.
They seperated "Updates" with "New Software" now so you won't be pushed iTunes or other kind of software. So you better re install Apple software update (Safari installer should do it)
This one is indeed a serious security update on Windows (and OS X), check http://support.apple.com/kb/HT3298 for reference.
Windows version is there too and it is a serious sounding security update.
The actual release notes are at http://support.apple.com/kb/HT3298
You should subscribe to Apple Security Updates mailing list for non PR infested update announcements.
http://lists.apple.com/mailman/listinfo/security-announce
I tell you the real annoying bug. It erases cookies sometimes. Yes, the file itself (~Library/Cookies/Cookies.plist). It was documented by unsanity and said to be fixed at least on Intel but we, poor PPC users who made the mistake of jumping to Leopard still suffer from it.
http://www.unsanity.org/archives/apple/apple_hates_bug_filers.php
Ironically, it generally hits you when you report a bug to Apple, that is where the title comes from.
I had to restore 2.2 MB of cookies from Time Machine today.
What bugs me is the lack of documentation. Where is the data coming from? Is it offline or online (e.g. every URL submitted), how is the data secured?
1 Password added phishing protection to Safari long before Apple did and while being just a shareware developer, they gave all the details. It is powered by community powered phishtank (opendns).
Now, we gotta run Wireshark here to see where the data comes from, how it acts etc. The "live" online phishing check is a horrible privacy risk since every URL you visit must be sent to a third party for verification. That is why I hate anti phishing and telling non tech users to use 2 step login/ dynamic password generators (even J2ME versions exist) with their bank accounts. If their bank doesn't support it in age of 2008? Well, can move out to another bank.
I think the future means every single device having a IP, perhaps even human beings if you are paranoid. :)
Don't think about today, think about the future. Can you imagine every cell phone user somehow browses the net and plays some games?
It is not like today's concept, it is about the very weird and connected future. I agree demanding IPV6 from a consumer level ISP today is a bit overkill but recently my heater company called me and asked if I wanted my combination heater (Vaillant) to be connected to net. I asked if it is Windows some sort, they said "yes" and I said "good luck with that".
Didn't Linux kernel guys have hard time getting ACPI documents or implementing them thanks to "Tel" part of Wintel duopoly?
I wasn't on Linux that time but I remember once getting ACPI support was big deal on Linux. If Linux doesn't have that feature, it may have something to do with it.
The sad thing is, both Windows and OS X shouldn't need reboot most of the times but companies (even including MS and Apple themselves) keep that old World thing. So Developers take them as example and you end up rebooting 10x more than needed.
Ask the big company admins, they keep doing regsvr32, "net stop" etc. tricks saving users from reboot all the time. It has something to do with NTFS too but you can stop things most of the time and the files will be closed.
I just installed Apple CHUD 4.6.1 , a huge thing with system frameworks, kernel extensions, daemons to my Tiger (old) OS X. It didn't need reboot. Same time, Quicktime requires a reboot. Or a printer driver software.
and it does it on consumer level windows which is no way associated with long, stable uptimes. If there is memory leak, system leak, CPU hogging "service" it will be hibernated to disk and restored perfectly too.
just ask Mac Virtual PC 7 users why they stay away from saving virtual OS snapshot to disk and restoring it.
If there is a non enterprise windows version which has long uptimes without issues above, I apologise. I am not speaking about a Developer or nerd Windows desktop, a very regular one.
You mean Windows or OS X? Because OS X will likely fail (first time) trying to get network time because it doesn't even have IP yet. Until I figured out the real reason (async/parallel boot) I was watching my mac booting and saying "Idiot, you don't even have IP yet" to my computer. After watching that presentation, I figured it is part of that philosophy. Launch the ntpd process, let it take care of itself and only intervene if it crashes. Eventually, with a real IP, ntpd does get the time fine and exit until relaunched by launchd. If it was the windows logic, system would sit and wait for ntpd (Windows Time Service) to do its job adding more to boot process.
After Leopard, everything (Except kernel_task) is launchd now. Every single process has launchd as parent. It was different on Tiger. Even iPhone runs launchd on that deep level.
Launchd looks extremely good for server oriented stuff, that is why I wonder why not adopted. I mean, hopefully it is a purely technical reason as you describe, not political of any kind.
Of course, if Apple doesn't update documentation at their pages like http://developer.apple.com/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/BootProcess.html , I end up giving video references which is not really helpful. For example there shouldn't be any reason to reboot after kernel extension installation on Leopard and driver vendors still insist the old way of doing things even including manual removal of kernel extensions cache. I think Apple should explain things better before Redmond comes up with more "inventions" and millions of unnecessary boots.
Apple boot process does way more than the device drivers and services in async way, not exactly parallel. That happens thanks to launchd architecture. There is a direct architectural difference between both operating systems. Every single thing is fired at once and expected to take care of itself, independently. It is way more than XP's parallel driver loading. If it was the case, XP would boot way faster than Win 2k which I can assure you, it doesn't. Leopard does boot way faster without a single second of "freeze" unlike Tiger on same hardware.
Hopefully MS didn't remove the parallel booting of device drivers after XP RTM. They gave up some great things for mysterious reasons, check the Cairo Project done back in 1990s.
Trust me, Apple has hard time selling OS upgrades (major versions) to Windows Switchers.
Traditionally, Windows needs more CPU, RAM when upgraded and people won't believe an OS upgrade will actually make their system faster. Windows is such a brain washer. I had to prove the Mini G4 boots/performs better when Leopard installed to a friend thanks to Firewire external drive booting capability.
Same people will never try a different browser (or keep them installed) since they think having 5 browsers in /Applications does something bad to their system (slow down) or their OS even cares about it (except Launch services of course).
I found myself needlessly rebooting many times thanks to my own Windows brainwashing too.
Because gcc coming with XCode is so strict that it will not allow stuff which previous (Tiger) gcc allows. It even says things like "warnings are treated as errors". So, they were forced to code it very cleanly compared to previous Office which is in fact a gigantic Carbon monster.
Of course, as it is MS we talk about, they managed to install that clean code under user 502 (traditionally normal user account) which created a bit security panic. They have traditions you know :)
If MS did something like Apple adopting an open standard (OpenCL) and putting an ultra modern, accessible, documented multi core SDK like "Grand Central", there would be huge changes to CPU bound video encoding process.
Of course, they will go with ultra-mega-patched archaic libraries without putting anything new and accessible and watch Quicktime X doing amazing things on h264 encoding process which may lead to amazing things (it is open to developers). I bet they are still wondering how come OS X makes top 10 Amazon list whenever a major update releases.
If I trusted MS not to be opportunistic and actually do deep level changes which will make those archaic SDK using idiots mad, I would seriously watch MS Windows 7 development.
Even today, they started to make changes which will be in favour of their big software friends on unreleased OS. The "It will run whatever Vista can run" gives a big clue.
In Apple terms, they don't say to developers "Switch from Carbon to Cocoa or your app won't run and there is nothing you can do to change it." That is what Apple says to Microsoft itself and Adobe, imagine that. MS Office had to deal with very strict gcc coming with XCode 3. Now they say it is one of the best MS Office done on OS X. Guess why? :)
What happens if you install thousands of software titles, remove them, install tens of drivers/updates, remove them, install huge suites like MS Office, update them...
If I saw "Snow Leopard is 2x faster than Leopard", I wouldn't buy it too. The beta (pre beta) lacks something. Actual, real life usage. Nobody is mad enough to use a pre-beta OS as their main OS. I got MS Virtual PC 7 here with bare bones XP SP3 installed. Trust me, that junk boots faster than your core Duo/Quad real PC because it is very heavily maintained, almost nothing installed, nothing in registry etc.
What matters is, does it care about how many apps installed, removed, running or not? In Apple's sense, there are some real big, explainable architectural reasons why a Adobe Suite CS4 installed Mac is not different from a cleanly installed Mac. MS just says "we optimised this, we optimised that" without huge underlying changes which will really cost them for a while. Like moving from a single user OS to a Unix OS which runs Mach kernel with a real weird filesystem.
The very interesting thing about OS X 10.5 (Leopard) boot process is: It does nothing in order. It is parallel booting, firing all OS startup stuff at once and expects to do their jobs. That happens thanks to launchd architecture which I have no clue why not adopted by Linux or *BSD.
Here is its presentation by the inventor of launchd
http://video.google.com/videoplay?docid=1781045834610400422
(in 8:00")
That is one of underrated features/changes of Leopard. Now the term "photocopy" comes from this: They do something like launchd without using the underlying Unix logic and architecture. So, there is a huge chance that it won't be scaled. I have really lost count of how many kernel extensions, startup items, daemons running on my Leopard but it boots exactly same speed as it was cleanly installed for first time. Just like I really don't care about 1000+ .plist (pref) files on my user directory.
They named it "parallel booting" or something, some story about it on http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9119230&intsrc=hm_list
Something like DirectX, supported by a big company so big, commercial Developers can trust relying on. I hope it will be Apple adopted (in KHTML sense) SDL in future which relies on open standards.
There was something like that in pre OS X days named Game Sprockets, http://docs.info.apple.com/article.html?artnum=31236
Of course bootcamp has good DirectX support (drivers etc) but I also recommend getting the missing (?) parts via http://www.microsoft.com/downloads/details.aspx?familyid=2da43d38-db71-4c1b-bc6a-9b6652cd92a3&displaylang=en
It requires "Windows Validation", as you know, it is Microsoft, loves to bug their own customers.
The choice is clear in fact.
http://en.wikipedia.org/wiki/Ray_Kurzweil
Of course, it is politics and I don't know how realistic I can be as outside foreigner. I mean stuff like http://en.wikipedia.org/wiki/Ray_Kurzweil#Stance_on_religion (Which Obama is mentioned)