Sure, after a week of them being public knowledge (a few days for the fix to turn into a release, another few for the release to get out the door), which, coincidentally, is largely the same turnaround that Microsoft has had on serious flaws as of late.
There is no apologizing for exploits, it is bad whoever has them. On the other hand the nature of the last round of exploits in Firefox is rather really interesting, and as such newsworthy. The cryptographic signature exploit especially warrants a rather interesting technical discussion.
Granted, now they are fixed, but the exploits were known for at least several days before the update was made available (and another few days before the automatic updates picks up on it). Similiarly we can probably expect a Microsoft patch within a week (as has been the typical delay for more critical problems for some time, granted, the WMF exploit took 9 days, but that unfortunately happened during the holidays).
Considering that Firefox is the more common browser on Slashdot, how about doing a story about Firefox 1.5.07 fixing four separate critical heap corruption exploits and an honest to god RSA signature spoofing exploit? These stories about IE exploits comes off as pure Microsoft-hate masturbation.
I hope the swedish parties are more grown up than to play stupid games like that and I hope the swedish public is more educated than the hungarian, so that they can tell if nothing extraordinarily happened, just some PR hype.
A little from column A and a little from column B, the username and password used to illegally access the site were much too simple, but the site does contain extremely sensitive information such as classified reports from the security police. Overall I think it is fair to say that it is an extremely serious offense for a party to meddle in that way.
It is not that hard to argue for OSX security over Windows security due to the track-records, but this article is total crap. A few of the points:
All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services.: Right, just like how OSX daemons are launched by launchd, what is the point here?
By default, Windows launches all services with SYSTEM-level privileges: This is plain false, you have to give a user account that the service should run as, and at that point the extremely comprehensive NT security model kicks in.
SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore the activity of SYSTEM is next to impossible to control or log: Right. I don't see the problem. This is akin to the classic "you should not always run as root", it is counter-intuitive to people used to the UNIX security model of course, but it is not by any means a bad idea. There is no reason to have ridicolously powerful login accounts when such priviliges are better brokered by daemons. If needed you can of course still elevate the permissions though, but it should not be needed.
Windows buries most privileged software, service executables and configuration files in a single, unstructured massive directory (SYSTEM32) that is frequently used by third parties. Windows will notify you on an attempt to overwrite one of its own system files stored here, but does not try to protect privileged software: This is an odd complaint, of course the NT security model applies to system32, set any permissions you feel like. Massive usntructured directory? In comparison to the fine old let's-dump-it-in-/usr UNIX tradition?:)
Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32: Right click on any dll/exe in system32, click properties, click version and you get a short description of what the file is for.
Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid: Granted the builtin stuff is weak, which is why every sane Windows user quickly downloads Process Explorer (recently bought by Microsoft actually, keep your fingers crossed that it becomes standard). At any rate, pretending that this is an inherent property of the operating system is plain wrong.
Access to the massive, arcane, nearly unstructured, non-human-readable Windows Registry, which was to be obsolete by now, remains the only resource a Windows attacker needs to analyze and control a Windows system: Massive sure. "Arcane"? How so? Seems quite similar to Mac plists actually. "Nearly unstructured"? This is just bullshit, it is extremely well-structured. "non-human-readable"? Well, use regedit, not unlike needing a utility to read binary property lists on Mac. The core of the complain appears to be "if we hide settings all over the place they'll be hard to find for the bad people!" which is the worst attempt at security-through-obscurity I have ever heard.
Another trick that attackers learned from Microsoft is that Registry entries can be made read-only even to the Administrator, so you can find an exploit and be blocked from disarming it and Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these: "Once executed with administrator priviliges exploits can do hard-to-recover harm to your system, the horror!". These are idiotic complaints.
With all that said I can easily see people going to OSX to improve security, that does not make that article anything but deeply flawed however.
Additionally, AMD gets to claim the quad core market before Intel, just like it got to 1000 MHz before Intel did. It's not only positioning, but also marketing.
Intel's Kentsfield (four cores in one package, two per die) is slated for Q4 2006, while as the announcement states the 4-core Opteron is slated for mid-2007. So Intel has a very nice lead in this area as well. One can of course argue about the design trade-offs used, but it is not at all clear that AMD's approach is superior to Intel's.
Will AMD actually do shared L2 in their new processors? I have not heard it stated yet at least.
Which makes things more interesting still; AMD has a better interconnect for all their four cores in the form of very local HyperTransport, but Intel has a far better interconnect within the pairs (shared L2) but a worse interconnect between the pairs (the FSB, which is not that shabby, but still no HyperTransport).
Will be fun to see at any rate, if nothing else it would be rather interesting if Apple announces an 8-core machine before the end of the year:)
Notice: This worm cannot target Server 2003 or XP SP2, in fact, no exploit for them has been found. The basic flaw exists, but the stack guards used on all newer versions of Windows (post-security-push) trips all as of yet attempted attacks. To be really safe however make sure you update Server 2003 and XP SP2 machines anyway!
100% wrong. OS X uses a technology called Quartz, which is a totally different world above Windows XP's GDI+. It's vector-based and resolution-independent, and has been since its introduction six years ago. The same instructions used to draw to a printer are used to draw to the screen.
This is a nonsensical argument, just GDI+ operations are also resolution-independent, based on vectors (of course, lines and fonts and such are after all vector-based) and does map directly to printers. As it happens, so did the stuff in MacOS 9 and GDI prior to Windows 2000, which makes both sides of the argument quite invalid. These are simply long-known features.
Quartz is a vector-based layer, and Quartz 2D Extreme in Tiger/Leopard accelerates all GUI drawing operations via the GPU.
Quartz 2D Extreme is however extremely unrealiable and thus disabled in both.
No, you're being ignorant. Quartz is not Windows XP/GDI+ with "only the addition of a Bitmap Composer." You seem to know little about the Quartz Compositor layer in OS X.
Feel free to point out where the difference lies, as far as I can see the composition layer in GDI+ is indeed a pretty straight match to the one in Quartz.
Wow, so all those anti-aliased Quartz vector operations I've been doing are available in Windows XP? I can print the contents of any view to a printer automatically like I can with Quartz?
Well, yes and yes.
In the end the arguments here are simply too simplistic, with a simple checkbox approach to evaluating technology GDI+ indeed does well against Quartz, in reality Quartz is a much more modern and at the same time mature approach. On the other hand it seems equally clear that Vista graphics does leapfrog Quartz, unless Quartz 2D Extreme manages to prove itself in the future (the problem is that there is a bit of a mismatch between GPU functionality and the classic Quartz rendering, whereas the Windows Presentation Foundation have been very much designed with GPU implementation in mind, giving it a bit of an edge).
Whether this is relevant or not is highly arguable however, Quartz software is extremely speedy, and Quartz Extreme (the compositor part that actually works that is) does offload the most performance-critical step. Microsoft should have some kudos for the great design of the Windows Presentation Foundation, but Apple may actually be better served keeping the small rendering operations in software where it is easy and flexible to maintain the best possible predictable quality of graphics. The performance difference is most likely small in practice.
Like when Apple promised to replace MacOS with a modern OS (with a microkernel and an OO platform SDK no less) in 1991 (here I am referring to "Pink", which ended up being spun of as Taligent when it failed to materialize in development, which were then to be partly reused in the even later Copland).
Slamming Microsoft over the Vista delays is fine and all, but Apple does have a pretty damn legendary series of delays, trashing of feature-lists and restarts behind them before managing to release OSX in 2001. Big software projects just seldom go according to plan.
Sure AMD gets close to winning price/performance with this cut, and in some of the classes even succeeding. The problem however is that once they manage price/performance parity they still lose out badly in (power-use/performance)/price. So really, them cutting prices to remain in parity (on the low and mid end, they are way off on the high end) only makes the choice of a Conroe a no-brainer because you get the same price/performance with much less power use and heat.
A bit late but; The Merom has the exact same socket and design specifications (including power envelopes) as Yonah. I would suprise if we don't get macbooks using it as soon as they are available.
Unfortunately such benchmarks with games are not nearly as valid as they once were from the CPU perspective. They use timedemos, which most often don't redo all the CPU work such as AI and physics and so on. The reason being that it lowers the risk that the simulation will diverge due to numerical errors.
So the CPU has a larger impact that reviews often makes it seem. It is true though that the top of the end CPU really need top of the end graphics to balance, and who can afford that? On the other hand it might be advicable to get up to the E6700. The video card pricing curve is so sharply declining that one is more likely to replace it with the new mid-end quite soon and end up CPU-limited.
Unless I am misintepreting the issue you are having it is actually not a bug but rather a different behaviour within the specification, IEBlog discussed this Slashdot CSS issue. Exactly who to blame for this inconsistency is hard to tell, but I guess the W3C is first in line with the Slashdot CSS developer second.
By the same logic Fedora Core 6 is the same as RedHat Linux 5.2 though. Of course the operating system core is going to be pretty much the same from the external perspective, it just doesn't have all that much end-user visible features to start with (one is the user interface, which is very very overhauled in Vista). The list of changes, added features and general tuning on the system programming level is pretty damn lengthy for Vista.
It's hard to tell, they randomly jump from 275 to 880 and back. First off, why didn't they just choose 285s? Failing that, why did they jump between 2 or 3 different AMD cores? Who knows if their results are even accurate.
It seems a bit odd that they use different machines yes, however, Anandtech is typically fairly thorough with these things so I see very little reason to doubt the accuracy. At any rate it does satisfy your requirement of tests independent of Intel.
On the crypto side, the results are hard to read. The graph shows more signatures/sec for AMD but the table lists otherwise. Even still, I find it hard to believe Intel has any lead on that market. AMD has a 5 cycle multiplier and three ALU pipes for bignum math [hint: this is my passion]. Unless Intel has a 3 cycle multiplier or faster L1 (doesn't look like it) it should clock in at about the same pace. Doing bignum mults/sqrs I routinely get an IPC of nearly two on my 885 box.
I see no problems reading the results for the crypto test, the Opteron and Woodcrest run more or less neck-to-neck when using 4 threads (the opteron crushes the Woodcrest running with 8 threads since the machine in question is apparently an 8-core deal), the Woodcrest wins on smaller key-lengths and the Opteron wins on larger, no big difference though. It seems fairly clear that a 2.6 GHz or higher Opteron will take that particular test for AMD, though with a very thin margin.
As for your comment about scaling linearly... If the task fits in the cache, generally it's true. At least for crypto work. AES takes 260 cycles @2.6Ghz... it takes 260 cycles at 2.2Ghz as well...
Right, I said "Unless the Opteron magically scales better than linear". Looking through the results the Opteron is quite a bit behind on most tests even if we assume that it somehow managed to run at 3GHz and scales there linearly. So the Woodcrest is not only higher-clocked, it most often performs better clock-by-clock.
Eitheway, I'm not saying it's impossible for Intel to win out on some marks. I'm just questioning the validity of the test because they seem to use random collection of boxes. If they want to make a point they could just pit some 285s against it running more open tests. I'd rather see Intel win by merits alone and not questionable testing practices.
Can't really fault you for being cautious. I would say that the evidence that the Conroe based chips are superior to the K8-based ones has piled up high enough to thoroughly convince me however. I were not too suspicious about the tests done at Intel-controlled facilities, sure they put the machines together, but they did not control the software, indendent testing on AMD machines suggest that the AMD set-up is indeed fair. This Anandtech article is then only confirmation for me, a Conroe brought into a non-Intel lab still seems to perform beautifully.
If they *are* faster it gives more incentive for AMD to catch up next year.
Sure is, there is no downside here for consumers; Faster, lower-power and cheaper processors ahead. I really think that AMD has been a bit pricier than I had exptected from them as of late, sure the X2's are nice and all but the entrypoint price was much too steep for me. The move to 65 nm and K8L redesign ought to make the situation a bit less skewed and set us up for a nice price-war.
Unless the Opteron magically scales better than linear when going from 2.2GHz and 2.4GHz (both tested) to 2.6 GHz it is still way behind, not only on raw performance but also on power consumption and price/performance. The woodcrest is a CPU of the future yes, the future being less than two weeks from now.
Well, the tested Conroe E6700 is expected to retail at $529, whereas the tested Athlon64 (clocked at 2.6 GHz, the tested one is overclocked a bit) costs $1035. So even though the price of the AMD chip will no doubt go down a bit before then things still look very good for Intel.
It might also be interesting to note that the E6700 has a TDP of less than 65 watts, whereas the tested Athlon64 has a TDP of 110 watts. Amazes me that such a thing isn't brought up in the article, it is one of the factors we have decently hard data on and a clear advantage for Intel, whereas the benchmarks themselves leave a lot of room for arguing.
While one can argue a lot about the validity of the benchmarks it is quite clear that Intel is ahead in pretty much every possible metric with the information we have as of yet. It will be interesting to see how things sort themselves out this fall.
The benchmarked Conroe (the E6700) is expected to have a price-tag of $529, the benchmarked Athlon64 (at correct clock, it is overclocked a bit for the benchmark) costs $1032 on newegg.com.
So on this high-end (well, high mid-end for the Conroe since this is just the E series, there will be a higher clocked XE series as well) pricing looks to be in Intels favour at the moment. Things might shift a bit before the release, but it seems likely that the pricing will be very competitive.
Slashdot Mirror
Sure, after a week of them being public knowledge (a few days for the fix to turn into a release, another few for the release to get out the door), which, coincidentally, is largely the same turnaround that Microsoft has had on serious flaws as of late.
There is no apologizing for exploits, it is bad whoever has them. On the other hand the nature of the last round of exploits in Firefox is rather really interesting, and as such newsworthy. The cryptographic signature exploit especially warrants a rather interesting technical discussion.
Granted, now they are fixed, but the exploits were known for at least several days before the update was made available (and another few days before the automatic updates picks up on it). Similiarly we can probably expect a Microsoft patch within a week (as has been the typical delay for more critical problems for some time, granted, the WMF exploit took 9 days, but that unfortunately happened during the holidays).
Considering that Firefox is the more common browser on Slashdot, how about doing a story about Firefox 1.5.07 fixing four separate critical heap corruption exploits and an honest to god RSA signature spoofing exploit? These stories about IE exploits comes off as pure Microsoft-hate masturbation.
I hope the swedish parties are more grown up than to play stupid games like that and I hope the swedish public is more educated than the hungarian, so that they can tell if nothing extraordinarily happened, just some PR hype.
A little from column A and a little from column B, the username and password used to illegally access the site were much too simple, but the site does contain extremely sensitive information such as classified reports from the security police. Overall I think it is fair to say that it is an extremely serious offense for a party to meddle in that way.
It is not that hard to argue for OSX security over Windows security due to the track-records, but this article is total crap. A few of the points:
With all that said I can easily see people going to OSX to improve security, that does not make that article anything but deeply flawed however.
Additionally, AMD gets to claim the quad core market before Intel, just like it got to 1000 MHz before Intel did. It's not only positioning, but also marketing.
Intel's Kentsfield (four cores in one package, two per die) is slated for Q4 2006, while as the announcement states the 4-core Opteron is slated for mid-2007. So Intel has a very nice lead in this area as well. One can of course argue about the design trade-offs used, but it is not at all clear that AMD's approach is superior to Intel's.Will AMD actually do shared L2 in their new processors? I have not heard it stated yet at least.
Which makes things more interesting still; AMD has a better interconnect for all their four cores in the form of very local HyperTransport, but Intel has a far better interconnect within the pairs (shared L2) but a worse interconnect between the pairs (the FSB, which is not that shabby, but still no HyperTransport).
Will be fun to see at any rate, if nothing else it would be rather interesting if Apple announces an 8-core machine before the end of the year :)
Notice: This worm cannot target Server 2003 or XP SP2, in fact, no exploit for them has been found. The basic flaw exists, but the stack guards used on all newer versions of Windows (post-security-push) trips all as of yet attempted attacks. To be really safe however make sure you update Server 2003 and XP SP2 machines anyway!
100% wrong. OS X uses a technology called Quartz, which is a totally different world above Windows XP's GDI+. It's vector-based and resolution-independent, and has been since its introduction six years ago. The same instructions used to draw to a printer are used to draw to the screen.
This is a nonsensical argument, just GDI+ operations are also resolution-independent, based on vectors (of course, lines and fonts and such are after all vector-based) and does map directly to printers. As it happens, so did the stuff in MacOS 9 and GDI prior to Windows 2000, which makes both sides of the argument quite invalid. These are simply long-known features.
Quartz is a vector-based layer, and Quartz 2D Extreme in Tiger/Leopard accelerates all GUI drawing operations via the GPU.
Quartz 2D Extreme is however extremely unrealiable and thus disabled in both.No, you're being ignorant. Quartz is not Windows XP/GDI+ with "only the addition of a Bitmap Composer." You seem to know little about the Quartz Compositor layer in OS X.
Feel free to point out where the difference lies, as far as I can see the composition layer in GDI+ is indeed a pretty straight match to the one in Quartz.
Wow, so all those anti-aliased Quartz vector operations I've been doing are available in Windows XP? I can print the contents of any view to a printer automatically like I can with Quartz?
Well, yes and yes.
In the end the arguments here are simply too simplistic, with a simple checkbox approach to evaluating technology GDI+ indeed does well against Quartz, in reality Quartz is a much more modern and at the same time mature approach. On the other hand it seems equally clear that Vista graphics does leapfrog Quartz, unless Quartz 2D Extreme manages to prove itself in the future (the problem is that there is a bit of a mismatch between GPU functionality and the classic Quartz rendering, whereas the Windows Presentation Foundation have been very much designed with GPU implementation in mind, giving it a bit of an edge).
Whether this is relevant or not is highly arguable however, Quartz software is extremely speedy, and Quartz Extreme (the compositor part that actually works that is) does offload the most performance-critical step. Microsoft should have some kudos for the great design of the Windows Presentation Foundation, but Apple may actually be better served keeping the small rendering operations in software where it is easy and flexible to maintain the best possible predictable quality of graphics. The performance difference is most likely small in practice.
Like when Apple promised to replace MacOS with a modern OS (with a microkernel and an OO platform SDK no less) in 1991 (here I am referring to "Pink", which ended up being spun of as Taligent when it failed to materialize in development, which were then to be partly reused in the even later Copland). Slamming Microsoft over the Vista delays is fine and all, but Apple does have a pretty damn legendary series of delays, trashing of feature-lists and restarts behind them before managing to release OSX in 2001. Big software projects just seldom go according to plan.
Sure AMD gets close to winning price/performance with this cut, and in some of the classes even succeeding. The problem however is that once they manage price/performance parity they still lose out badly in (power-use/performance)/price. So really, them cutting prices to remain in parity (on the low and mid end, they are way off on the high end) only makes the choice of a Conroe a no-brainer because you get the same price/performance with much less power use and heat.
A bit late but; The Merom has the exact same socket and design specifications (including power envelopes) as Yonah. I would suprise if we don't get macbooks using it as soon as they are available.
So the CPU has a larger impact that reviews often makes it seem. It is true though that the top of the end CPU really need top of the end graphics to balance, and who can afford that? On the other hand it might be advicable to get up to the E6700. The video card pricing curve is so sharply declining that one is more likely to replace it with the new mid-end quite soon and end up CPU-limited.
Unless I am misintepreting the issue you are having it is actually not a bug but rather a different behaviour within the specification, IEBlog discussed this Slashdot CSS issue. Exactly who to blame for this inconsistency is hard to tell, but I guess the W3C is first in line with the Slashdot CSS developer second.
By the same logic Fedora Core 6 is the same as RedHat Linux 5.2 though. Of course the operating system core is going to be pretty much the same from the external perspective, it just doesn't have all that much end-user visible features to start with (one is the user interface, which is very very overhauled in Vista). The list of changes, added features and general tuning on the system programming level is pretty damn lengthy for Vista.
It seems a bit odd that they use different machines yes, however, Anandtech is typically fairly thorough with these things so I see very little reason to doubt the accuracy. At any rate it does satisfy your requirement of tests independent of Intel.
On the crypto side, the results are hard to read. The graph shows more signatures/sec for AMD but the table lists otherwise. Even still, I find it hard to believe Intel has any lead on that market. AMD has a 5 cycle multiplier and three ALU pipes for bignum math [hint: this is my passion]. Unless Intel has a 3 cycle multiplier or faster L1 (doesn't look like it) it should clock in at about the same pace. Doing bignum mults/sqrs I routinely get an IPC of nearly two on my 885 box.
I see no problems reading the results for the crypto test, the Opteron and Woodcrest run more or less neck-to-neck when using 4 threads (the opteron crushes the Woodcrest running with 8 threads since the machine in question is apparently an 8-core deal), the Woodcrest wins on smaller key-lengths and the Opteron wins on larger, no big difference though. It seems fairly clear that a 2.6 GHz or higher Opteron will take that particular test for AMD, though with a very thin margin.
As for your comment about scaling linearly... If the task fits in the cache, generally it's true. At least for crypto work. AES takes 260 cycles @2.6Ghz ... it takes 260 cycles at 2.2Ghz as well ...
Right, I said "Unless the Opteron magically scales better than linear". Looking through the results the Opteron is quite a bit behind on most tests even if we assume that it somehow managed to run at 3GHz and scales there linearly. So the Woodcrest is not only higher-clocked, it most often performs better clock-by-clock.
Eitheway, I'm not saying it's impossible for Intel to win out on some marks. I'm just questioning the validity of the test because they seem to use random collection of boxes. If they want to make a point they could just pit some 285s against it running more open tests. I'd rather see Intel win by merits alone and not questionable testing practices.
Can't really fault you for being cautious. I would say that the evidence that the Conroe based chips are superior to the K8-based ones has piled up high enough to thoroughly convince me however. I were not too suspicious about the tests done at Intel-controlled facilities, sure they put the machines together, but they did not control the software, indendent testing on AMD machines suggest that the AMD set-up is indeed fair. This Anandtech article is then only confirmation for me, a Conroe brought into a non-Intel lab still seems to perform beautifully.
If they *are* faster it gives more incentive for AMD to catch up next year.
Sure is, there is no downside here for consumers; Faster, lower-power and cheaper processors ahead. I really think that AMD has been a bit pricier than I had exptected from them as of late, sure the X2's are nice and all but the entrypoint price was much too steep for me. The move to 65 nm and K8L redesign ought to make the situation a bit less skewed and set us up for a nice price-war.
Unless the Opteron magically scales better than linear when going from 2.2GHz and 2.4GHz (both tested) to 2.6 GHz it is still way behind, not only on raw performance but also on power consumption and price/performance. The woodcrest is a CPU of the future yes, the future being less than two weeks from now.
Well, they were way ahead of everyone when it comes to the Web 2.0 stuff.
Well, Anandtechs tests of a 4 core Woodcrest server against a Sun Niagara and 4 core Opteron sure seems to suggest otherwise: http://www.anandtech.com/IT/showdoc.aspx?i=2772
Granted you may be after 8-way or higher, but that is an interesting enough test. The Woodcrest makes an extremely good showing there.
MSFT sure, but Googles market cap is 118B.
Well, that's true, except it's not.
A cardboard box with the word "computer" written on it would be a superior to Windows 9x.
It might also be interesting to note that the E6700 has a TDP of less than 65 watts, whereas the tested Athlon64 has a TDP of 110 watts. Amazes me that such a thing isn't brought up in the article, it is one of the factors we have decently hard data on and a clear advantage for Intel, whereas the benchmarks themselves leave a lot of room for arguing.
While one can argue a lot about the validity of the benchmarks it is quite clear that Intel is ahead in pretty much every possible metric with the information we have as of yet. It will be interesting to see how things sort themselves out this fall.
So on this high-end (well, high mid-end for the Conroe since this is just the E series, there will be a higher clocked XE series as well) pricing looks to be in Intels favour at the moment. Things might shift a bit before the release, but it seems likely that the pricing will be very competitive.