For the sake of brevity, I'll just respond to a couple of items in your post:
while also making it difficult to install a non-Honda stereo into their car
What are the restrictions on running other browsers on Windows?
Except for all the abuse that's happened, that gave them their market share. They're leveraging ill-gotten gains, which is STILL having a negative effect on the market.
Why do you say that? Can you point to the specific area where the consent decree has fallen short?
There's no other DOS for PC-style computers anymore. There's no other OS platform with more than a niche market. There's no one making a living selling web browsers. They already destroyed the market.
But FF and Opera are profitable and healthy (i.e. they're making a living selling web browsers).
(5) Nobody buys a car based on the built-in stereo and even if a car didn't have a stereo, that wouldn't stop anybody from buying a car they really wanted in the first place.
Ok, I now understand why car analogies are frowned upon. I can refute this point, but we end up arguing utterly irrelevant minutae..
btw: Sorry for unloading on you in the other thread. I just got really frustrated with the lack of insight/information (in the entire discussion; ~200 odd posts) and took it out on you and I should not have.
In Windows you have to carefully "uninstall" an application, so as not to break other parts
Thanks for being a bleeding troll! Can you stay on point? Do you have anything you want to contribute regarding Krstic's security philosophy and what it might mean for Macs? I'm more than happy to disabuse you of this silly thinking above, but do we have to pollute every motherfucking thread on this site with these "my OS is better than yours" pissfests??
You're making the assumption that this change is at the application level. What about at the OS level where you don't want to be calling managed APIs (not managed in a conventional sense, but in the sense of "make this shiznit higher level") - you can't afford performance penalties at that level.
Hey man -- thanks for attempting -- but that's not what I was asking for. I understand security concepts very well - I'm asking for people to discuss Krstic's take on what he will do (architecturally) for Mac security.
I don't mean to be rude, but there are terrible flaws in your post, and you ended up posting just another one of those "windows is insecure, mac is secure" type of posts that I was hoping people would stay away from. Registry is just another configuration mechanism. Screw up your config (no matter where/how it is stored) and you risk breaking stuff. DLLs are just libraries that you link to at run-time. Every OS has this concept (.so or.sol on linux -- something like that on Mac). There's no deep/deeper/deepest dependency than the signature of the API you're calling in a DLL. It's pretty simple stuff -- no voodoo on any platform. Delete a dll/so/sol on any platform, and the code that calls into it will break.
Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user.
Yep. This approach is super-interesting. He also claimed that there is a 0% CPU overhead from using this approach and some ridiculously low memory overhead. I forget the number - but I promise you it was ridiculously low:).
This approach also results in an overall reduction (cleaning up?) of IPC mechanisms. So the approach doens't sound free/easy from an engineering standpoint -- it will either require apps to be re-authored or make exceptions for apps that need to use certain IPC mechanisms (or perhaps use heuristics to decide when to permit what).
Viruses are left isolated and impotent, unable to execute their code.
I saw this in the ZDNet/CNet article but I'm not sure if those are Krstic's own words or the author's. My first thought on reading that -- it depends on the 'virtual OS' we're talking about. I mean, is this a sandbox, or is it a hypervisor type thing? I haven't quite wrapped my mind around what are the attack vectors you would use in a scheme like this -- anyone know more about this??
Gotta say -- this sounds like promising stuff. Good to see Apple starting to take action before they go through a Nimda or Blaster type experience.
I totally agree with you, but
grrr.. trust/. to degenerate the topic into "Macs are swiss cheese.." "no! widnows is swiss cheese".. etc..
I'm really interested in hearing about Krstic's security philosophy and it's merits/demerits. I found this talk on zdnet but there's only about 5 minutes of actual security architecture info in it at around 40:00 into the video. Oh, and there's also this BitFrost overview on Wikipedia.
I think there are some cool concepts there. The idea of sandboxing all apps into containers with sets of standard rights, and restricting IPC to certain approved mechanisms is pretty interesting. Was hoping poeple could focus on BitFrost and Krstic's security philosophies so we could all learn something.
MS has used and abused their vertical monopoly to control pricing and market competition, and that has harmed the market. This gets the DOJ's attention, and is illegal.
I was with you until this point.
And that's because, as you yourself said - "An OS without applications is as useful as raw cotton. That doesn't mean it's not a product, though. It's just not a complete consumer product."
i.e. it's not that browsers aren't a seperate product - they are. But they are still a feature required to complete the OS. Without the browser, the OS is incomplete.
Requisite car anology:
(1) A car without a stereo is not feature-complete. A consumer OS without a browser is not feature-complete
(2) That doesn't mean the stereo isn't a seperate product and can't be sold seperately. Nor does it mean that a browser isn't a seperate product and can't be sold seperately.
(3) Consumers who want a different audio system will install one later. Consumers who want a different browser will install one later.
(4) At no point, is there anything restricting the dealer from offering the car for sale with a different stereo, or on the customer from installing a different stereo. At no point is there a restriction on the OEM from installing a different browser, or on the customer from installing a different browser.
So when it's all been distilled, the only difference left is MS's market share. And that's not enough to force them to strip the browser. You have to have market share + abuse. There's no abuse in this case.
If the MS vertical monopoly (OS, web browser, email client, office suite) is hampering open competition
- The web browser is a required feature in a consumer OS, so it's not valid to call out that point seperately.
- The email client (Outlook) is available on multiple OSes and Windows versions. What's the integration (vertical monopoly) you're referring to?
- Same case with the Office suite. The latest version of MS Office runs on Win XP/2k3/Vista/OS-X will run on Win7, and probably even runs on Win2k. What's the vertical monopoly you are referring to? These products are completely decoupled. The consent decree of 2000 clearly forbids MS from using any Windows APIs in office (or any other product) that are not publicly documented.
. ... splitting up that monopoly creates a healthier market place, which produces better, cheaper products for consumers (at the expense of profits for the leading company). That's the entire POINT of antitrust laws.
A monopoly isn't sufficient for this. Abuse of monopoly has to be proven, and you haven't done that yet.
From that link "Another Lotus veteran summed it up: "MS was cooperative and wanted to be cooperative. They wanted to sell OSs." So if anything, DOS wasn't done until Lotus DID run". This is from Mitch Kapor and other members of the Lotus 1-2-3 team.
Do you suppose that MS Office does NOT have access to the most up-to-date source?
I honestly can't even image why they would need/want such access. Office suites do not use some advanced OS functionality that requires say low-level OS constructs etc. In fact, each Office version is available for multiple versions of windows, so if anything, they probably write abstraction layers on top of the windows APIs to make life easier for themselves.
And, advance warning when some new "feature" might break something?
I think you might have put the cart in front of the horse in this analysis:). Applications like Office, Firefox, Photoshop, Adobe Reader, Flash, etc. etc. are used by such a ridiculously huge number of users. Forget the versions in development - there are so many released versions out there that are expected to function flawlessly with the next version of windows whenever it is released. i.e. the windows team will probably be bending over backwards to make sure that they do not break any of these applications. These applications (or rather their teams) will get the CTP/Beta/RC builds of windows to test against to be sure, but the windows guys will already have done their best to make sure that nothing breaks.
Let's say that a change in some API will break OpenOffice - when does OOo find out about it? Probably when OOo users complain, then they have to research, and find a fix.
Would it not be due diligence on the part of OOo to test against the CTP/beta/RC builds when they are available? The beta would be available roughly one year ahead of the release of the OS. Btw, see this resource -- MS is clearly serious about making sure that apps are ready for the next version of windows.
Let's say that the same change in the same API will break something in MS Office. When do THEY find out about it? About 6 months before it is ever released to the public as a beta.
Aside from the points above, I'm just not following your logic here. Your entire post sort of makes the assumption that MS wants office to always function perfectly, but wants to break (or does not care if they break) other applications that run on windows. How could that possibly be their goal? The whole reason everyone sticks with windows is the ridiculous wealth of apps on it.
These arguments have been rehashed many times, but I guess once more won't hurt.
"Enriching it's shareholders requires " only that sales are made. FUD makes a large number of sales.
Same is true of a giant corporation, a smaller company, or even a FOSS product. Office being independent of windows does not preclude them from using FUD. Enriching shareholders still only requires that sales get made - no matter the size of the company. As I said earlier - nefarious activities are not the sole domain of large corporations.
Wrong. Redhat doesn't make a browser, nor does Suse, Debian, or any of the other Linux OS's.
Every consumer linux flavor (indeed every consumer OS) provides a browser. None of these linux distros you mentioned actually even makes a kernel (and that's pretty core functionality as far as OSes go:P). So their business model isn't really comparable to MS's business model. What works for them doesn't necessarily have to work for MS.
A web browser is not necessary for an operating system to operate, period.
A text editor is not necessary for an operating system to operate, period. A text editor is required functionality. Same case with a browser on a consumer OS.
There are any number of methods by which MS could offer a CHOICE of browsers
That's doesn't mean they should be forced to do that. In any case, it's besides the point. MS has one browser -- IE. In the event of MS getting split up, IE should and would be a part of the OS division.
including the method used by Ubuntu: package half a dozen or more on the OS installation CD, and let the user CHOOSE which, if any, he wants.
As I said earlier, the user already has plenty of choice. Nothing compels them to use IE. I understand you want to emphasize choice (hence the caps) -- but where did the choice get taken away to begin with?
Good - you do admit that in one instance, at least, what's been good for MS has not been good for the advancement of computer sciences. Stockholders were quite happy with a substandard browser, and only opensource competition offered the stimulation to improve.
Not just one instance -- many instances. MS's charter is not the advancement of computer sciences. They have a stake in that, only as far as it meets their business goals (and enriches their shareholders). One amendment to the statement above - it's not that stockholders were happy with a substandard browser (IE 5.x, IE6) -- stockholders were happy with the best browser that existed at the time (due to lack of competition from the other players - i.e. the rest of the industry was slacking off). When FF got really good and exposed IE's weaknesses, shareholders were not happy, and that pushed MS into action again. The industry made a lot of noise about IE subverting the standards and thus making it impossible for them to catch up. FF proved this was untrue. They simply accepted the defacto standard imposed by IE, and using that as one of their design goals they made an awesome browser.
MS Office was designed and built to integrate itself into the operating system, much as the web browser does. The people with the source code to the operating system KNEW how to make it fit like a hand into a glove. Obfuscation, as much as anything, defeated some of the office suites of yesteryear. Without the insider information available to MS Office developers, WordPerfect and others were left out in the cold. Added to that was the common FUD put out by Microsoft, pressuring businesses go by MS Office to ensure "support" by MS.
I think if you re-read this paragraph, you yourself will have to agree that it's not much more than a pretty vague accusation. (for example "fit like a glove", obfuscation, insider information, "left out in the cold", FUD, pressuring businesses, etc..) --
you really WOULD like to see MS actually make constructive contributions to computer science, as opposed to just enriching it's current stockholders, you should agree with me.
Enriching it's shareholders requires continuously improving products (which is done through research and developement based on that research). The ribbon is a recent and visible example of that, from the product group you were referencing. (recycling electrons). You might contend that MS is up to all kinds of nefarious activities to enrich it's shareholders. There's many things to be said about that. First, it's debatable. Second, if they break the law in anyway, there are harsher penalties for that - breaking up the company is pretty mild. Third, nefarious activities aren't the sole domain of very large companies, so breaking up MS isn't the solution to that either. And finally, you still haven't pointed out this synergy between Office and Windows that you're referring to..
Interoperability will improve unbelievably, because IE, for instance, won't have the wealth of the other divisions to draw on.
But any modern OS is incomplete without a browser. If you were to break up the company, you would have to include the browser in the OS unit.
It is only that wealth, and the stubborness of MS, that has prevented IE from being standards compliant in the past.
I would contend that it's a lack of competition that caused IE's stagnation and lack of standards compliance. After a few years of good, solid competition from FF, IE's vitality is finally getting restored. The rest of the industry let us down by not competing with IE. Mozilla righted things with FF.
MS reps waltzed into the conference, paid off a few people, and bullied the rest into signing off on a new standard. Phhht. As a seperate corporation, they could never have pulled that off.
Nothing related to OOXML and ODF is not politicized. Your version of events isn't neutral either. If there was indeed bribing involved, how do we know that Office (as an independant company) would not have large enough coffers to do the bribing on it's own? Their revenues & profits are on the same scale as Windows revenues and profits. They don't need any funding from the OS division.
but it should stand on it's own merits, and not rely on all the rest of the MS monopoly.
And it does. I honestly have no idea about the 'assistance' the office team gets from the rest of MS, that you're referring to.
What we have today really sucks. And, because so few people can even imagine how much better things COULD BE, they think that they are happy with it.
What we imagine (in terms of a better world, software-wise) is hardly justification for breaking up MS. For instance, if Apple open sourced all it's software, and it's hardware designs, and released all it's patents into the public domain, of course things could be better. But that's not a good enough reason to force them to do that -- they are completely justified in following the business model they have today.
Also, by losing their biggest actual benefit (the tight integration with Office), they will have to compete more on features, usability, and security--which will be good for everyone.
I saw someone else post this as well -- am I missing something? What's the tight integration between Windows and Office?
It would be good for Office. By being cut loose, the application company would no longer have to put the Windows platform, branding, and goofy UI idea du jour ahead of the main goal: making the best office suite better. Suddenly, I think we could expect the infuriating hobbles put on the Mac version of the product (Why no VB support? Why can I only see 5 Styles in the style list? Why can't it look more like Pages, which looks more like Word 2003?) to disappear, and--even better--the introduction of a native Linux version.
I don't know.. I can't think of any windows platform/branding/goofy UI that Office has to put ahead of it's main goal. Perhaps you could clarify that point? You're not talking about the ribbon right?? I mean, that's an example of awesome UI, and it would surely have been implemented irrespective of Office being made by the same company as windows (see here for details).
The Mac issues I'm not familiar with (I'm not a Mac user) but I suspect it's mostly a numbers game. For example balancing the cost of creating a VB runtime for Mac vs. the Mac office revenue. Same case for making Office available on Linux -- low linux installed base, plus very high adoption of (and pre-disposition towards) OOo among that installed probably makes it infeasible irrespective of Office unit being a part of MS, or an independant company.
This would be good for Apple.
Sure, but that's no justification for splitting MS.. I mean, if MS ceased to exist altogether, even that would be good for Apple.
This would be good for Linux.
Same point as above -- that doesn't really justify splitting MS.
So there you go, Mr. AC. Those are the reasons why cutting MS in two would be good, exactly.
So, I think I understand what you mean when you say it would be "good". But that's not the same as "fair"...
It's true that both examples fail the intuitive test for a novice user (after all, what novice would know about static IP addresses) - but the functionality is at least discoverable in the windows case.
I mean, in the linux case, imagine the plight of the poor novice if they googled for instructions and got: "vi/etc/network/interfaces" (i.e., vi instead of nano).
Why the fucking hell would I pay 10$ to see an INCOMPLETE movie? And it's VOLUNTARY incomplete too?
Dude!
The movie was 2 hours 45 mins long to start with! And that's after making loads of cuts in the backgrounds of characters and stuff (the most egregious cut/shortening being Roarschach's scene with the psychiatrist).
Worse - for people who hadn't read the book, it was a difficult movie to follow, and unusually slow starting, especially going by cookie-cutter action movie standards, which is what the uninitiated viewer would have expected. Throw in the Black Freighter and rather than seeing it as the metaphor that explains the main thread, the (uninitiated) audience would have just gotten frustrated.
I actually feared that exactly this sort of thing would happen -- that they would really struggle to find the line between fidelity to the novel, and making the necessary cuts/deviations for it to be a success. And the fantastic level of detail and complexity in the book makes it really hard to cut anything. The movie was almost doomed from the start. They almost needed to split it into 2 parts - but that would have required a huge deviation (a crisis/climax to end the first part - which isn't present in the novel) - and the faithful would then have rebelled.
Someone who currently backs MS 100% of the time regardless of the issue is not an independent thinker.
100% of my posts are not on MS topics.
100% of my posts on MS topics are not in their defense.
I do not post on 100% of/. articles involving MS.
You're still attempting an irrelevant character assassination -- stop trying to dig up dirt when you continuously fail to prove your point.
... Office 2007 Unusable in Limited User Account [techarena.in]... I had this problem, but it was better than the crash that I use to get, which only happened as a limited user. So, you don't know what you're talking about...
1. Acknowledged - this is a bug in the office installer.
2. Acknowledged - I am genuinely surprised by this - I guess I always did office installs on a clean windows install.
3. Hence, I owe you an apology for accusing you of lying - I apologize.
4. Note - this is not an 'architectural'/security defect in windows.
5. Note - this does not meet your standard of making the limited user account unusable. Consider the easy workaround (move standard user to admin group, install, remove standard user from admin group).
And finally, note that in a corporate deployment scenario, IT will just fix this issue one time in their install image and then do image installs.
Remember your claims - (1) Running as standard user is a new concept to windows. (2) Windows is unusable as a standard user. This doesn't help either claim.
Do you like getting updates to those required anti-virus programs? Then you may want to be an administrator.
Absolute rubbish! Install AV as admin. The update service for the AV will have whatever privileges it needs for updating. If it doesn't, it's a bug in the AV s/w -- use something else. And set it to update silently (if you even need to do that - most AVs won't bug you about this). Simple. Your logging in as a standard user has absolutely no bearing on the service. It will get started by the SCM on system startup (even if no user is logged in). The SCM knows what creds to use when starting the service.
Prediction: You will now go on to deny that Windows XP and every prior version had a problem with this
What OS(es) we may use in the future, nobody knows. But TFA arrives at it's conclusions only because it fails to imagine the possiblities (it doesn't even attempt to do so). There will be killer apps that require more horsepower, more OS infrastructure than what we have in OSes today. 'Good enough' OSes will generally lag in implementing such infrastructure.
It's very tricky for the international community to even know how to help Pakistan right now. They don't have control of the North/Northwestern part of their country. They don't have leaders with any sort of vision (or even just wisdom/sense). And they are (quite justifiably) suspicious of the West and unlikely to accept help/suggestions.
I really hope they find some way to pull out of their current situation. And if/when they do, I hope they are able to establish a good civilian government able to keep its own military in check. This whole crisis was slowly created by an overambitious military with a long track record of craving (and obtaining) political power, and waging a proxy war through Afghan militia. That's the root cause right there - an ambitious military and a weak civilian government/weak leadership. That's not something the rest of the world can help them fix. If Iraq taught us nothing else, let it at least remind us that you can't fix the government in a foreign country -- that change has to come from within.
7. Claim to know more, but don't actually present a counter argument.
My counter-argument, if you will, is merely that your claim is false.
No, how dare you do nothing but defend MS on slashdot, then call yourself and independent thinker.
An independent thinker cannot back MS?
If you were to simply argue your point on technical merit I wouldn't accuse you of groupthink. In absence of that, I can only conclude that you never took the effort to understand the topic at hand (security), and yet you have a strong opinion on it.
About the third time that you dug in your heels on something obvious, and not very important, I started to wonder what was up with you. Now we know.
Character assassination again? My posting history is somehow relevant, but you getting your facts wrong so often is not?
I don't care about DRM. It really was on the list of things you posted recently. Again, I was being factual, and you completely misread the plain meaning of it.
Then what was your purpose in mentioning that I 'promote DRM'?
In case you missed it, all of my post were in English.
Word play again? When I point out that you are wrong in your interpretation of sudo as a security warning, you claim that in the 'plain english' sense that's what it does anyway. i.e. you're using 'plain english' as a fuzzy abstraction to hide the fact that you were wrong.
Speaking of English comprehension, if I say that being able to run without root privileges is new to Windows
Well alright then -- so you're saying that running without root privileges is new to windows? That's just as ludicrous as saying that standard users are new to windows. You're simply 100% dead wrong on this point however you want to interpret it.
If I say that those standard users were unusable, it might mean that I think not being able to use ordinary applications, including Microsoft applications like Word and Excel, made the standard user unusable.
If you claim that Word and Excel did not run as standard users, you are now exposing yourself as a liar. Because you claimed to have tried using XP as a standard user many times in the past. If you did, you would know that Word and Excel do indeed work for standard users. So you lied about running as a standard user, and you lied right now about Word and Excel not working for standard users.
And if I post a link to a Microsoft executive admitting that they coded like this prior to Vista, then you really should be able to comprehend that.
And I acknowledged this point -- read the posts. You need to understand the difference between a bug in an application (caused by this) - vs. being 'architecturally' insecure.
Wow, I'm genuinely surprised you got the following right:
Wordplay is not a subsitute for knowing what you're talking about.
My claim was that Windows didn't have usable standard users
And your claim was wrong. There were bugs in the scenario and MS set out to resolve them to make the experience better. That's not the same as being unusable. Further -- "usable" was an ancilliary part of your claim. You claimed standard users themselves were new. And you were wrong. I challenged you to point out bugs that made it unusable, and you came up with... nothing!
If you think that Windows administrators are not like root, then you are truly clueless. Remember when I asked when you were going to make your next uninformed assumption? It didn't take long. Yes, I know what the system account does. Have fun running as local system. D'oh!
You failed to state the reasons we should consider windows admins to be root (as opposed to just being on par with linux admins). Your local system jibe doesn't appear to have any point to it - it's just a snarky remark. Do you care to clarify, or are you deliberately being vague?
It is a warning, in the plain English reading of the word. Choosing not to understand again? How strange... or maybe not.
Now you need to fall back on plain english. I cite the precise working of the tool you're talking about, and you need to fall back on fuzzy old english.
Says who?! Whitelisting does not invalidate my argument. If you're using whitelisting to suppress unwanted UAC *warnings*, then you just don't get it.
Further evidence that you don't understand security concepts. Both sudo and UAC use whitelisting. The very mechanism you described in sudo is a form of whitelisting. And you've conveniently ignored the point about Authenticode. Way to go, you groupthinker, you.
Now let me try your tactic: You don't know what Integrity Levels are?? Clearly security is not your thing. You didn't even know what Integrity Levels were until I told you, etc., etc., lie, lie
I'll give you props for the attempt if nothing else. You wanna try explaining that , son? Hint: better not BS because I'll know when you do. Second hint: when you're done explaining it, you'll realize that it doens't help your case.
I have used SELinux since FC4, genius. And PolicyKit is on my Ubuntu 8.04 (running in default config, though). This is "unrelated" to Linux security?? Hey, didn't you claim to be running Ubuntu? You said, "I'm typing this from Ubuntu now!" I guess you like to claim things that aren't true. Why is that?
And I'm still typing this on Ubuntu (8.10 Intrepid). In default config PolicyKit is used by nothing. Stop trying to turn your little wikipedia attempt into a magic bullet. Now you claim to be running SELinux. Would you care to talk about what 'architectural' deficiencies in linux it overcomes?
I can't believe I didn't check before now, but since the linux-friendly Linux bashing didn't add up I looked at your posting history. You're a total Microsoft homer!
You would have mis-interpreted every single post that you read. Defending MS != bashing linux. Calling a spade a spade != bashing linux. You just see me defending MS (which I do very often - mostly because I hate groupthink -- and groupthink would have you believe that MS sucks no matter what). You see me defending MS you conclude that I am a linux basher. Well - that's another logical fallacy on your part.
You did take a couple of breaks from it in recent postings to promote DRM and to dump on Apple
Again you're falling into groupthink. I am pro-DRM as a concept, but I am opposed to DRM as it exists today (because it safegaurds the producer's rights, but does nothing to safeguard the consumers rights). I understand that I am prob
Slashdot Mirror
For the sake of brevity, I'll just respond to a couple of items in your post:
while also making it difficult to install a non-Honda stereo into their car
What are the restrictions on running other browsers on Windows?
Except for all the abuse that's happened, that gave them their market share. They're leveraging ill-gotten gains, which is STILL having a negative effect on the market.
Why do you say that? Can you point to the specific area where the consent decree has fallen short?
There's no other DOS for PC-style computers anymore. There's no other OS platform with more than a niche market. There's no one making a living selling web browsers. They already destroyed the market.
But FF and Opera are profitable and healthy (i.e. they're making a living selling web browsers).
(5) Nobody buys a car based on the built-in stereo and even if a car didn't have a stereo, that wouldn't stop anybody from buying a car they really wanted in the first place.
Ok, I now understand why car analogies are frowned upon. I can refute this point, but we end up arguing utterly irrelevant minutae..
btw: Sorry for unloading on you in the other thread. I just got really frustrated with the lack of insight/information (in the entire discussion; ~200 odd posts) and took it out on you and I should not have.
In Windows you have to carefully "uninstall" an application, so as not to break other parts
Thanks for being a bleeding troll! Can you stay on point? Do you have anything you want to contribute regarding Krstic's security philosophy and what it might mean for Macs? I'm more than happy to disabuse you of this silly thinking above, but do we have to pollute every motherfucking thread on this site with these "my OS is better than yours" pissfests??
You're making the assumption that this change is at the application level. What about at the OS level where you don't want to be calling managed APIs (not managed in a conventional sense, but in the sense of "make this shiznit higher level") - you can't afford performance penalties at that level.
Right -- but a static analysis tool can catch precisely that behavior at compile time.
I can give you a layman's understanding.
Hey man -- thanks for attempting -- but that's not what I was asking for. I understand security concepts very well - I'm asking for people to discuss Krstic's take on what he will do (architecturally) for Mac security.
I don't mean to be rude, but there are terrible flaws in your post, and you ended up posting just another one of those "windows is insecure, mac is secure" type of posts that I was hoping people would stay away from. Registry is just another configuration mechanism. Screw up your config (no matter where/how it is stored) and you risk breaking stuff. DLLs are just libraries that you link to at run-time. Every OS has this concept (.so or .sol on linux -- something like that on Mac). There's no deep/deeper/deepest dependency than the signature of the API you're calling in a DLL. It's pretty simple stuff -- no voodoo on any platform. Delete a dll/so/sol on any platform, and the code that calls into it will break.
Sure. Here is a tip-of-the-iceberg paragraph from Wikipedia that explains it.
Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user.
Yep. This approach is super-interesting. He also claimed that there is a 0% CPU overhead from using this approach and some ridiculously low memory overhead. I forget the number - but I promise you it was ridiculously low :).
This approach also results in an overall reduction (cleaning up?) of IPC mechanisms. So the approach doens't sound free/easy from an engineering standpoint -- it will either require apps to be re-authored or make exceptions for apps that need to use certain IPC mechanisms (or perhaps use heuristics to decide when to permit what).
Viruses are left isolated and impotent, unable to execute their code.
I saw this in the ZDNet/CNet article but I'm not sure if those are Krstic's own words or the author's. My first thought on reading that -- it depends on the 'virtual OS' we're talking about. I mean, is this a sandbox, or is it a hypervisor type thing? I haven't quite wrapped my mind around what are the attack vectors you would use in a scheme like this -- anyone know more about this??
Gotta say -- this sounds like promising stuff. Good to see Apple starting to take action before they go through a Nimda or Blaster type experience.
I totally agree with you, but /. to degenerate the topic into "Macs are swiss cheese.." "no! widnows is swiss cheese".. etc..
grrr.. trust
I'm really interested in hearing about Krstic's security philosophy and it's merits/demerits. I found this talk on zdnet but there's only about 5 minutes of actual security architecture info in it at around 40:00 into the video. Oh, and there's also this BitFrost overview on Wikipedia. I think there are some cool concepts there. The idea of sandboxing all apps into containers with sets of standard rights, and restricting IPC to certain approved mechanisms is pretty interesting. Was hoping poeple could focus on BitFrost and Krstic's security philosophies so we could all learn something.
MS has used and abused their vertical monopoly to control pricing and market competition, and that has harmed the market. This gets the DOJ's attention, and is illegal.
I was with you until this point.
And that's because, as you yourself said - "An OS without applications is as useful as raw cotton. That doesn't mean it's not a product, though. It's just not a complete consumer product."
i.e. it's not that browsers aren't a seperate product - they are. But they are still a feature required to complete the OS. Without the browser, the OS is incomplete.
Requisite car anology:
(1) A car without a stereo is not feature-complete. A consumer OS without a browser is not feature-complete
(2) That doesn't mean the stereo isn't a seperate product and can't be sold seperately. Nor does it mean that a browser isn't a seperate product and can't be sold seperately.
(3) Consumers who want a different audio system will install one later. Consumers who want a different browser will install one later.
(4) At no point, is there anything restricting the dealer from offering the car for sale with a different stereo, or on the customer from installing a different stereo. At no point is there a restriction on the OEM from installing a different browser, or on the customer from installing a different browser.
So when it's all been distilled, the only difference left is MS's market share. And that's not enough to force them to strip the browser. You have to have market share + abuse. There's no abuse in this case.
If the MS vertical monopoly (OS, web browser, email client, office suite) is hampering open competition
- The web browser is a required feature in a consumer OS, so it's not valid to call out that point seperately.
- The email client (Outlook) is available on multiple OSes and Windows versions. What's the integration (vertical monopoly) you're referring to? - Same case with the Office suite. The latest version of MS Office runs on Win XP/2k3/Vista/OS-X will run on Win7, and probably even runs on Win2k. What's the vertical monopoly you are referring to? These products are completely decoupled. The consent decree of 2000 clearly forbids MS from using any Windows APIs in office (or any other product) that are not publicly documented.
.
... splitting up that monopoly creates a healthier market place, which produces better, cheaper products for consumers (at the expense of profits for the leading company). That's the entire POINT of antitrust laws.
A monopoly isn't sufficient for this. Abuse of monopoly has to be proven, and you haven't done that yet.
I'm afraid that's just a myth.
From that link "Another Lotus veteran summed it up: "MS was cooperative and wanted to be cooperative. They wanted to sell OSs." So if anything, DOS wasn't done until Lotus DID run". This is from Mitch Kapor and other members of the Lotus 1-2-3 team.
Do you suppose that MS Office does NOT have access to the most up-to-date source?
I honestly can't even image why they would need/want such access. Office suites do not use some advanced OS functionality that requires say low-level OS constructs etc. In fact, each Office version is available for multiple versions of windows, so if anything, they probably write abstraction layers on top of the windows APIs to make life easier for themselves.
And, advance warning when some new "feature" might break something?
I think you might have put the cart in front of the horse in this analysis :). Applications like Office, Firefox, Photoshop, Adobe Reader, Flash, etc. etc. are used by such a ridiculously huge number of users. Forget the versions in development - there are so many released versions out there that are expected to function flawlessly with the next version of windows whenever it is released. i.e. the windows team will probably be bending over backwards to make sure that they do not break any of these applications. These applications (or rather their teams) will get the CTP/Beta/RC builds of windows to test against to be sure, but the windows guys will already have done their best to make sure that nothing breaks.
Let's say that a change in some API will break OpenOffice - when does OOo find out about it? Probably when OOo users complain, then they have to research, and find a fix.
Would it not be due diligence on the part of OOo to test against the CTP/beta/RC builds when they are available? The beta would be available roughly one year ahead of the release of the OS. Btw, see this resource -- MS is clearly serious about making sure that apps are ready for the next version of windows.
Let's say that the same change in the same API will break something in MS Office. When do THEY find out about it? About 6 months before it is ever released to the public as a beta.
Aside from the points above, I'm just not following your logic here. Your entire post sort of makes the assumption that MS wants office to always function perfectly, but wants to break (or does not care if they break) other applications that run on windows. How could that possibly be their goal? The whole reason everyone sticks with windows is the ridiculous wealth of apps on it.
These arguments have been rehashed many times, but I guess once more won't hurt.
"Enriching it's shareholders requires " only that sales are made. FUD makes a large number of sales.
Same is true of a giant corporation, a smaller company, or even a FOSS product. Office being independent of windows does not preclude them from using FUD. Enriching shareholders still only requires that sales get made - no matter the size of the company. As I said earlier - nefarious activities are not the sole domain of large corporations.
Wrong. Redhat doesn't make a browser, nor does Suse, Debian, or any of the other Linux OS's.
Every consumer linux flavor (indeed every consumer OS) provides a browser. None of these linux distros you mentioned actually even makes a kernel (and that's pretty core functionality as far as OSes go :P). So their business model isn't really comparable to MS's business model. What works for them doesn't necessarily have to work for MS.
A web browser is not necessary for an operating system to operate, period.
A text editor is not necessary for an operating system to operate, period. A text editor is required functionality. Same case with a browser on a consumer OS.
There are any number of methods by which MS could offer a CHOICE of browsers
That's doesn't mean they should be forced to do that. In any case, it's besides the point. MS has one browser -- IE. In the event of MS getting split up, IE should and would be a part of the OS division.
including the method used by Ubuntu: package half a dozen or more on the OS installation CD, and let the user CHOOSE which, if any, he wants.
As I said earlier, the user already has plenty of choice. Nothing compels them to use IE. I understand you want to emphasize choice (hence the caps) -- but where did the choice get taken away to begin with?
Good - you do admit that in one instance, at least, what's been good for MS has not been good for the advancement of computer sciences. Stockholders were quite happy with a substandard browser, and only opensource competition offered the stimulation to improve.
Not just one instance -- many instances. MS's charter is not the advancement of computer sciences. They have a stake in that, only as far as it meets their business goals (and enriches their shareholders). One amendment to the statement above - it's not that stockholders were happy with a substandard browser (IE 5.x, IE6) -- stockholders were happy with the best browser that existed at the time (due to lack of competition from the other players - i.e. the rest of the industry was slacking off). When FF got really good and exposed IE's weaknesses, shareholders were not happy, and that pushed MS into action again. The industry made a lot of noise about IE subverting the standards and thus making it impossible for them to catch up. FF proved this was untrue. They simply accepted the defacto standard imposed by IE, and using that as one of their design goals they made an awesome browser.
MS Office was designed and built to integrate itself into the operating system, much as the web browser does. The people with the source code to the operating system KNEW how to make it fit like a hand into a glove. Obfuscation, as much as anything, defeated some of the office suites of yesteryear. Without the insider information available to MS Office developers, WordPerfect and others were left out in the cold. Added to that was the common FUD put out by Microsoft, pressuring businesses go by MS Office to ensure "support" by MS.
I think if you re-read this paragraph, you yourself will have to agree that it's not much more than a pretty vague accusation. (for example "fit like a glove", obfuscation, insider information, "left out in the cold", FUD, pressuring businesses, etc..) --
I'll take D - "none of the above" :)
you really WOULD like to see MS actually make constructive contributions to computer science, as opposed to just enriching it's current stockholders, you should agree with me.
Enriching it's shareholders requires continuously improving products (which is done through research and developement based on that research). The ribbon is a recent and visible example of that, from the product group you were referencing. (recycling electrons). You might contend that MS is up to all kinds of nefarious activities to enrich it's shareholders. There's many things to be said about that. First, it's debatable. Second, if they break the law in anyway, there are harsher penalties for that - breaking up the company is pretty mild. Third, nefarious activities aren't the sole domain of very large companies, so breaking up MS isn't the solution to that either. And finally, you still haven't pointed out this synergy between Office and Windows that you're referring to..
Interoperability will improve unbelievably, because IE, for instance, won't have the wealth of the other divisions to draw on.
But any modern OS is incomplete without a browser. If you were to break up the company, you would have to include the browser in the OS unit.
It is only that wealth, and the stubborness of MS, that has prevented IE from being standards compliant in the past.
I would contend that it's a lack of competition that caused IE's stagnation and lack of standards compliance. After a few years of good, solid competition from FF, IE's vitality is finally getting restored. The rest of the industry let us down by not competing with IE. Mozilla righted things with FF.
MS reps waltzed into the conference, paid off a few people, and bullied the rest into signing off on a new standard. Phhht. As a seperate corporation, they could never have pulled that off.
Nothing related to OOXML and ODF is not politicized. Your version of events isn't neutral either. If there was indeed bribing involved, how do we know that Office (as an independant company) would not have large enough coffers to do the bribing on it's own? Their revenues & profits are on the same scale as Windows revenues and profits. They don't need any funding from the OS division.
but it should stand on it's own merits, and not rely on all the rest of the MS monopoly.
And it does. I honestly have no idea about the 'assistance' the office team gets from the rest of MS, that you're referring to.
What we have today really sucks. And, because so few people can even imagine how much better things COULD BE, they think that they are happy with it.
What we imagine (in terms of a better world, software-wise) is hardly justification for breaking up MS. For instance, if Apple open sourced all it's software, and it's hardware designs, and released all it's patents into the public domain, of course things could be better. But that's not a good enough reason to force them to do that -- they are completely justified in following the business model they have today.
Also, by losing their biggest actual benefit (the tight integration with Office), they will have to compete more on features, usability, and security--which will be good for everyone.
I saw someone else post this as well -- am I missing something? What's the tight integration between Windows and Office?
It would be good for Office. By being cut loose, the application company would no longer have to put the Windows platform, branding, and goofy UI idea du jour ahead of the main goal: making the best office suite better. Suddenly, I think we could expect the infuriating hobbles put on the Mac version of the product (Why no VB support? Why can I only see 5 Styles in the style list? Why can't it look more like Pages, which looks more like Word 2003?) to disappear, and--even better--the introduction of a native Linux version.
I don't know.. I can't think of any windows platform/branding/goofy UI that Office has to put ahead of it's main goal. Perhaps you could clarify that point? You're not talking about the ribbon right?? I mean, that's an example of awesome UI, and it would surely have been implemented irrespective of Office being made by the same company as windows (see here for details).
The Mac issues I'm not familiar with (I'm not a Mac user) but I suspect it's mostly a numbers game. For example balancing the cost of creating a VB runtime for Mac vs. the Mac office revenue. Same case for making Office available on Linux -- low linux installed base, plus very high adoption of (and pre-disposition towards) OOo among that installed probably makes it infeasible irrespective of Office unit being a part of MS, or an independant company.
This would be good for Apple.
Sure, but that's no justification for splitting MS.. I mean, if MS ceased to exist altogether, even that would be good for Apple.
This would be good for Linux.
Same point as above -- that doesn't really justify splitting MS.
So there you go, Mr. AC. Those are the reasons why cutting MS in two would be good, exactly.
So, I think I understand what you mean when you say it would be "good". But that's not the same as "fair"...
The browser needs to go, simple as that.
Why does the browser need to go?
What is preventing you from using a different browser?
DirectX needs to be torn out, and put into competition against things like OpenGL.
What prevents an OEM from providing Open GL drivers on Windows?
What is to say that without DirectX we would have seen Open GL v3.x?
The office suite needs to be ripped out of the hands of the operating system people, and any future collusion absolutely prohibited.
What is the collusion of which you speak?
What synergy do you see between Office and Windows, that disadvantages say Open Office?
Take out the silly chat program, and make it earn it's own way.
I assume you mean MSN messenger? Check out the Win7 RC -- already done.
Turn Microsoft's portfolio into a damned paper doll. Competition might actually IMPROVE the various products.
Because you care about improving things, right? Yeah, I totally got that from your post.
It's true that both examples fail the intuitive test for a novice user (after all, what novice would know about static IP addresses) - but the functionality is at least discoverable in the windows case. I mean, in the linux case, imagine the plight of the poor novice if they googled for instructions and got: "vi /etc/network/interfaces" (i.e., vi instead of nano).
True. Not to mention the soundtrack was ridiculously corny at times.
Why the fucking hell would I pay 10$ to see an INCOMPLETE movie? And it's VOLUNTARY incomplete too?
Dude!
The movie was 2 hours 45 mins long to start with! And that's after making loads of cuts in the backgrounds of characters and stuff (the most egregious cut/shortening being Roarschach's scene with the psychiatrist).
Worse - for people who hadn't read the book, it was a difficult movie to follow, and unusually slow starting, especially going by cookie-cutter action movie standards, which is what the uninitiated viewer would have expected. Throw in the Black Freighter and rather than seeing it as the metaphor that explains the main thread, the (uninitiated) audience would have just gotten frustrated.
I actually feared that exactly this sort of thing would happen -- that they would really struggle to find the line between fidelity to the novel, and making the necessary cuts/deviations for it to be a success. And the fantastic level of detail and complexity in the book makes it really hard to cut anything. The movie was almost doomed from the start. They almost needed to split it into 2 parts - but that would have required a huge deviation (a crisis/climax to end the first part - which isn't present in the novel) - and the faithful would then have rebelled.
What's a film-maker to do?
Someone who currently backs MS 100% of the time regardless of the issue is not an independent thinker.
100% of my posts are not on MS topics. /. articles involving MS.
100% of my posts on MS topics are not in their defense.
I do not post on 100% of
You're still attempting an irrelevant character assassination -- stop trying to dig up dirt when you continuously fail to prove your point.
... Office 2007 Unusable in Limited User Account [techarena.in]... I had this problem, but it was better than the crash that I use to get, which only happened as a limited user. So, you don't know what you're talking about...
1. Acknowledged - this is a bug in the office installer.
2. Acknowledged - I am genuinely surprised by this - I guess I always did office installs on a clean windows install.
3. Hence, I owe you an apology for accusing you of lying - I apologize.
4. Note - this is not an 'architectural'/security defect in windows.
5. Note - this does not meet your standard of making the limited user account unusable. Consider the easy workaround (move standard user to admin group, install, remove standard user from admin group).
And finally, note that in a corporate deployment scenario, IT will just fix this issue one time in their install image and then do image installs.
Remember your claims - (1) Running as standard user is a new concept to windows. (2) Windows is unusable as a standard user. This doesn't help either claim.
Do you like getting updates to those required anti-virus programs? Then you may want to be an administrator.
Absolute rubbish! Install AV as admin. The update service for the AV will have whatever privileges it needs for updating. If it doesn't, it's a bug in the AV s/w -- use something else. And set it to update silently (if you even need to do that - most AVs won't bug you about this). Simple. Your logging in as a standard user has absolutely no bearing on the service. It will get started by the SCM on system startup (even if no user is logged in). The SCM knows what creds to use when starting the service.
Prediction: You will now go on to deny that Windows XP and every prior version had a problem with this
Read above. Prediction false.
Parent is exactly correct.
What OS(es) we may use in the future, nobody knows. But TFA arrives at it's conclusions only because it fails to imagine the possiblities (it doesn't even attempt to do so). There will be killer apps that require more horsepower, more OS infrastructure than what we have in OSes today. 'Good enough' OSes will generally lag in implementing such infrastructure.
Well put.
It's very tricky for the international community to even know how to help Pakistan right now. They don't have control of the North/Northwestern part of their country. They don't have leaders with any sort of vision (or even just wisdom/sense). And they are (quite justifiably) suspicious of the West and unlikely to accept help/suggestions.
I really hope they find some way to pull out of their current situation. And if/when they do, I hope they are able to establish a good civilian government able to keep its own military in check. This whole crisis was slowly created by an overambitious military with a long track record of craving (and obtaining) political power, and waging a proxy war through Afghan militia. That's the root cause right there - an ambitious military and a weak civilian government/weak leadership. That's not something the rest of the world can help them fix. If Iraq taught us nothing else, let it at least remind us that you can't fix the government in a foreign country -- that change has to come from within.
7. Claim to know more, but don't actually present a counter argument.
My counter-argument, if you will, is merely that your claim is false.
No, how dare you do nothing but defend MS on slashdot, then call yourself and independent thinker.
An independent thinker cannot back MS?
If you were to simply argue your point on technical merit I wouldn't accuse you of groupthink. In absence of that, I can only conclude that you never took the effort to understand the topic at hand (security), and yet you have a strong opinion on it.
About the third time that you dug in your heels on something obvious, and not very important, I started to wonder what was up with you. Now we know.
Character assassination again? My posting history is somehow relevant, but you getting your facts wrong so often is not?
I don't care about DRM. It really was on the list of things you posted recently. Again, I was being factual, and you completely misread the plain meaning of it.
Then what was your purpose in mentioning that I 'promote DRM'?
In case you missed it, all of my post were in English.
Word play again? When I point out that you are wrong in your interpretation of sudo as a security warning, you claim that in the 'plain english' sense that's what it does anyway. i.e. you're using 'plain english' as a fuzzy abstraction to hide the fact that you were wrong.
Speaking of English comprehension, if I say that being able to run without root privileges is new to Windows
Well alright then -- so you're saying that running without root privileges is new to windows? That's just as ludicrous as saying that standard users are new to windows. You're simply 100% dead wrong on this point however you want to interpret it.
If I say that those standard users were unusable, it might mean that I think not being able to use ordinary applications, including Microsoft applications like Word and Excel, made the standard user unusable.
If you claim that Word and Excel did not run as standard users, you are now exposing yourself as a liar. Because you claimed to have tried using XP as a standard user many times in the past. If you did, you would know that Word and Excel do indeed work for standard users. So you lied about running as a standard user, and you lied right now about Word and Excel not working for standard users.
And if I post a link to a Microsoft executive admitting that they coded like this prior to Vista, then you really should be able to comprehend that.
And I acknowledged this point -- read the posts. You need to understand the difference between a bug in an application (caused by this) - vs. being 'architecturally' insecure.
Wow, I'm genuinely surprised you got the following right:
Wordplay is not a subsitute for knowing what you're talking about.
My claim was that Windows didn't have usable standard users
And your claim was wrong. There were bugs in the scenario and MS set out to resolve them to make the experience better. That's not the same as being unusable. Further -- "usable" was an ancilliary part of your claim. You claimed standard users themselves were new. And you were wrong. I challenged you to point out bugs that made it unusable, and you came up with... nothing!
If you think that Windows administrators are not like root, then you are truly clueless. Remember when I asked when you were going to make your next uninformed assumption? It didn't take long. Yes, I know what the system account does. Have fun running as local system. D'oh!
You failed to state the reasons we should consider windows admins to be root (as opposed to just being on par with linux admins). Your local system jibe doesn't appear to have any point to it - it's just a snarky remark. Do you care to clarify, or are you deliberately being vague?
It is a warning, in the plain English reading of the word. Choosing not to understand again? How strange... or maybe not.
Now you need to fall back on plain english. I cite the precise working of the tool you're talking about, and you need to fall back on fuzzy old english.
Says who?! Whitelisting does not invalidate my argument. If you're using whitelisting to suppress unwanted UAC *warnings*, then you just don't get it.
Further evidence that you don't understand security concepts. Both sudo and UAC use whitelisting. The very mechanism you described in sudo is a form of whitelisting. And you've conveniently ignored the point about Authenticode. Way to go, you groupthinker, you.
Now let me try your tactic: You don't know what Integrity Levels are?? Clearly security is not your thing. You didn't even know what Integrity Levels were until I told you, etc., etc., lie, lie
I'll give you props for the attempt if nothing else. You wanna try explaining that , son? Hint: better not BS because I'll know when you do. Second hint: when you're done explaining it, you'll realize that it doens't help your case.
I have used SELinux since FC4, genius. And PolicyKit is on my Ubuntu 8.04 (running in default config, though). This is "unrelated" to Linux security?? Hey, didn't you claim to be running Ubuntu? You said, "I'm typing this from Ubuntu now!" I guess you like to claim things that aren't true. Why is that?
And I'm still typing this on Ubuntu (8.10 Intrepid). In default config PolicyKit is used by nothing. Stop trying to turn your little wikipedia attempt into a magic bullet. Now you claim to be running SELinux. Would you care to talk about what 'architectural' deficiencies in linux it overcomes?
I can't believe I didn't check before now, but since the linux-friendly Linux bashing didn't add up I looked at your posting history. You're a total Microsoft homer!
You would have mis-interpreted every single post that you read. Defending MS != bashing linux. Calling a spade a spade != bashing linux. You just see me defending MS (which I do very often - mostly because I hate groupthink -- and groupthink would have you believe that MS sucks no matter what). You see me defending MS you conclude that I am a linux basher. Well - that's another logical fallacy on your part.
You did take a couple of breaks from it in recent postings to promote DRM and to dump on Apple
Again you're falling into groupthink. I am pro-DRM as a concept, but I am opposed to DRM as it exists today (because it safegaurds the producer's rights, but does nothing to safeguard the consumers rights). I understand that I am prob