To summarize your link: 10% of laptop sales in the US are now Apples. Add desktops to that number, add worldwide sales to that number, and add installed base to that number -- you get the (unscientific) ~5% share that keeps getting tossed around. We know this already
As I said, Apple's sales are trending upwards - there's no question about it. But again, they don't have the numbers to make it a target for malware authors yet. And again, I'll get no joy from a Mac virus -- if Macs never exceed say 20% of the worldwide PC market (thus maintaining the element of 'differentness' that they have and also going below the radar of malware authors) I have no problem with that. I'm just pointing out the fallacy of the GP's statement (that because no virus has made it in the wild on OS-X in the last decade means that macs are inherently secure).
People have been saying the same damn thing for 8 years. "Just wait, one day OS X will get a virus. You'll see."
Actually, people have been saying "One day, OS-X will have enough users that malware authors will target it the way they target Windows". That hasn't happened yet, but OS-X marketshare is trending upwards, so it might still happen.
Also, please note the omission of "You'll see" and other such things. I don't want OS-X users to get viruses just so that my point gets proven. I do agree that in all likelihood if you run OS-X without an AV you'll be ok. That still doesn't negate the point -- OS-X does not have any inherent security advantage over Windows, and Apple's smug attitude towards security will bite them in the butt if their marketshare increases.
If that guy wants linux users to view his site, then he should use a technology that linux users can use.
I guess this has been re-hashed on/. over and over, but probably worth repeating: When desktop linux represents 1% of users, assume that web site owners aren't primarily concerned about Linux users being able to view their site. So the onus ends up being on the Linux folks to make sure their systems are able to work with the site - rather than vice versa.
Personally I don't really care about silverlight. if a site I go to uses it, then I assume that I am not the target user and go somewhere else.
As mentioned above, this is probably a valid assumption.
Now here's what I don't understand: why is there so much resistance to the idea of Silverlight on Linux? The Novell folks are broadening the scope of what will work with Linux -- yet the community itself seems to be so dead set against it. I don't understand...
Sounds like an issue with Oblivion rather than NXE. If Oblivion allows you to create so many game saves, Oblivion should offer a good UI for cleaning up it's junk.
I disagree. Saved games are universal in the sense that all games have them, and therefore managing them should be the duty of the platform, not the individual game.
Except that most games (oblivion is the only counter example I've ever heard of) allow just one save per profile - so they don't leave junk like that to clean up. As I stated elsewhere -- how is a non-savvy user to know which files to clean up? How does the user know they're not foobar-ing some important game files? How did the user even know where to look for the files? So you see - it does make sense for the UI for this to reside in the game. The game knows what files to delete, can present the information in a convenient and meaningful way, and the requirement is unique to this game.
To put things in perspective -- I would hardly complain if we got some good file management UI options in NXE -- I'd welcome it. But it's certainly not a core scenario, and it's definitely not a bug (as OP called it), and it's a really silly point based on which to criticize NXE, especially if the old blades behaved exactly the same way
It's still not the same thing -- no console game (PS3/Wii/xbox) should permit 150 save points without a good way of cleaning them up. Most console games allow only one save point per profile. How is a non-savvy user even expected to know which files to delete? How do they know they're not deleting some important game file? Oblivion is the only game I've heard of with this issue -- it's clearly their bug.
Not likely -- you still need to put the disk in the drive to play the game. My guess is that performance and noise are only "fringe benefits" of this feature. The big deal (for microsoft) is probably that this will allow them to make multi-disk games.
+It's great to see the party system extended beyond COD4 / Halo 3.
The party system always did extend beyond these games (to most games in fact). The party system in NXE is different. You can be in a party with some friends, but doing different things (playing a game, watching a movie, etc). You can switch to the party channel if you wish to only communicate with people in your party, or the game channel if you want to chat with the people you're playing with. So if you want to play COD4 but you're tired of dealing with obnoxious gamers, you can first start a party with your friends, and then play COD4, and stay on the party channel -- no need to deal with obnoxious ppl. Same for any game, in NXE now.
-We've gone from 5 tabs to 50+ screens. It's crap.
Why compare tabs to screens? We've gone from 5 tabs to 6 channels. Panning left/right in a channel is like scrolling up/down in a tab.
-The menu defaults to the "showcase" channel, which advertises Microsoft's newest games. This means that Microsoft, not content with getting us to pay $300+ for a console and $50 / year for Live, feels the need to advertise to us every time we go to the dashboard.
Turn off the Showcase channel:). It's in the settings somewhere.
-Old themes port very poorly, stretched across the background in awkward ways.
Hrm.. I didn't have that experience. I did see the wallpapers being obscured below the horizon (no idea what the correct term is) though. Considering the magnitude of the upgrade, I'm hardly concerned about this though. I do agree it's irritating if you've actually purchased a theme, for it to not be as pervasive as it was earlier.
-Haven't fixed the glaring file management bugs - it's not possible to do something like, say, delete 150 old Oblivion saves to reclaim disk space while keeping 5 of them without pressing 4 buttons for each individual savegame. Not a problem until you realize they're over a megabyte apiece, and on a 20gb hard disk this adds up fast.
Sounds like an issue with Oblivion rather than NXE. If Oblivion allows you to create so many game saves, Oblivion should offer a good UI for cleaning up it's junk.
On the whole I hate it.
I'm so surprised that anyone can actually hate it! The old blades are just one button away at all times, and they've not lost any functionality, and they've only gotten zippier. And it doesn't have ads. So you have everything you want, a single button away, and wonderful eye candy on the other hand (you gotta admit it -- NXE is gorgeous). Best of both worlds! Not to mention, the sight of a bunch of avatars standing in a group (because they're in a party) is pretty cool. Very cool that you can just click on that group to see party options. And that for people who you game with regularly online you'll actually be able to recognize the avatars at a glance and get an idea of who's in the party -- rather than having to read a dry spreadsheet-looking list of friends. And from the cover-art, you know what the party is doing too. Super-cool.
Your assuming that Microsoft is competent and this new software actually does a effective job and continues to do so in the future.
True. I guess there are a couple of corollaries to that:
- If MS doesn't provide good antivirus, users (or at least corporations) will stick with other vendors, so the competitors might never go away
- If the competitors do go away (say because MS was doing a good job), and then MS relaxes on the AV front, their platform starts getting pwned by viruses again, resulting in inroads into their OS share (say by OS-X and Linux) coupled with a resurgence of the AV market.
There's also a third scenario where MS might do a good job, and just continue to do a good job, in which case consumers win.
Ultimately I don't think any of these scenarios is a bad thing -- it's just a company that needs to make a certain move to improve the customer experience on their platform. If they execute well, customers win and so does MS -- and if not, customers will eventually get frustrated and go to some other platform. No need for antitrust lawyers to get involved except for the scenario I had called out earlier -- where MS offers the AV downloads for free, does a good job, eradicates competition, and then starts charging -- in that case the free giveaway was done solely to kill competition -- and that's the only scenario that antitrust law needs to concern itself with. Further, since customers will have to explicitly download the product (as opposed to having it bundled into the platform as was the case with IE4) there's even less need for antitrust regulators to get involved.
If there's any antitrust directives that come out of this, it's that at some later point in the future (if/when the big competitors have disappeared) MS will not be allowed to start charging money for the suite -- it has to remain free.
About the move itself: it gives less people a reason to be running without antivirus sw., it enables more OEMs to sell PCs with AV pre-installed (which will not nag users in 1 month/3 months/1 year/whatever), and OneCare is less likely to use rootkit techniques etc. that symantec and others have used in the past.
... your rant, your posting history, accusing me of bias and assuming I'm an MS employee...
I don't care about you, your posting history, or your sense of humor. Way up on this thread somebody said "I'd trust Microsoft for security if my IQ was 50 and I didn't care that much" -- which is plain stupid, and I was replying to that.
You say I'm an MS employee. Not true, and how does it matter anyway -- that would only provide motive -- not negate my argument.
You say I have a pro-MS bias. I say you have an anti-MS bias. See how that works? You're so biased you can't even imagine how a non-MS employee could be defending MS!
You ask about astroturf ribbons -- and then you link to an old thread about DRM in Vista. I'll just remind you that it takes two people to have a conversation. So we're both astroturfing.
And finally -- you've posted some links of questionable value to prop up your argument. You can't make the same claim about me (in this thread, or any other). Why not just use facts and logic instead of this silly rant??
Or maybe you're not "with us"?
It's true -- I am not. Slashdot's hostility to MS has reached ridiculous levels -- to a point that I (who was once an MS hater) have become sick of the lack of objectivity and jump in to defend MS when I can. In that sense, I am not "with you". In that same sense, I accused you of groupthink earlier, and this precise line of yours seems to incriminate you worse than anything I can say.
Maybe, if Vista ever gets 20% real share there will be enough exploits to waste a few on some bots that find Microsoft's honey pots.
In that line, replace Vista with OS-X, Linux, or any other OS.
Further, I believe that as each vulnerability becomes common, is revealed, patched and repatched, others like yourself will continue appear to say "That was before! There are no more!"
And here you finally expose yourself as somebody who doesn't know much about security. Read any comment in my entire history on slashdot - I will never say anything as stupid as "there are no more security issues" (in MS software or otherwise). The best anyone (MS or anyone else) can do is keep improving their secure coding practices (like so), and keep grinding away at it, never letting your guard down, so that the cost of finding exploits in your sw is higher than the returns you get from the exploit. New and ingenious types of exploits are created all the time -- it's the stupidest thing in the world to claim that you have no security issues in xyz piece of software.
It is my firm belief that there exists within a default install of Microsoft Vista and Microsoft Server 2008 a vulnerability which allows an anonymous attacker to achieve total control of such a system without user interaction.
Try not to hurt yourself celebrating if that happens.
I offer no evidence and I have none. I do not assert that these things are true - I only state that I believe them. I really do believe this and there's nothing you could say or do to dissuade me from these beliefs.
I already knew I cannot change your 'beliefs'. But it irks me no end that you yourself admit that you have no evidence to back them up, but you'll keep posting one anti-MS diatribe after the other based on 'belief'. This is precisely where my groupthink accusation came from. This is precisely why the anti-MS stance on/. has reached a level of religious fervor / dogma.
Just go away before I have to get all twitter on you.
And finally, we have your motive as well. You simply don't like the fact that I'm defending MS, so you want to shut me up.
I don't think "Can't use most of the sites that employ Silverlight" is a "random criteria" in the least.
Now we're finally on the same page. This is a valid test (as opposed to the emerge etc. BS earlier), and if Moonlight fails the test Silverlight can't be considered cross-platform. But again, it's still in development -- so it's a little early to condemn it. And recall that this was the case for Flash on Linux for the longest time.
It'll sorta work on non-MS and "work best" on MS. SSDD and we've all watched MS do this before.
Keep using whatever random criteria you want to come up with.. that doesn't make your argument more valid. You know very well that moonlight is still in incubation..
Silverlight has a short-standing track record of not being installed at all. I'm betting that particular track record will grow longer over time, on too many computers for it to matter much.
So you're essentially criticizing something you've never even used? Typical..
Sorry. Silverlight is a no-go here.
No apologies necessary - at least not to me. Ignore good technology all you want, it makes no difference to me..
The developer product to compare silverlight with is NOT Flash it is Flex.
Flex is the IDE, Flash is the runtime environment. Visual Studio is the IDE (among other options), and Silverlight is the runtime environment. So the comparison is between Flash and Silverlight.
from a programmers standpoint, flex can be used with alot more languages
Since Silverlight uses a lightweight version of the.net framework, you can use a humongous number of languages to develop Silverlight apps. For a current list, look here: http://en.wikipedia.org/wiki/CLI_Languages.. It's a huge list - Flex can't even begin to come close to it.
On stablity and security comparision is just plain foolish, flex has been around alot longer is far more proven
???
The IDE is irrelevant from a security perspective -- the runtime is what gets installed on 100s of millions of computers worldwide. And Flash has a long-standing track record of being a runtime made out of swiss cheese.
Your emerge claim doesn't make sense. I have no doubt that you can emerge Skype, but I don't understand how you can emerge something for which the code isn't available (perhaps I just don't understand emerge -- which is very likely). Anyway emerge still remains an arbitrary criteria. Gentoo might be 'popular', but it's essentially a niche (even within Linux) which is saying something. And the code for Moonlight is available and will continue to be. I have no idea why you can't emerge it, but it's really bizarre to use that as a standard for cross-platform availability considering Gentoo has a niche of the 1% of users worldwide that use desktop Linux.
Read your own link. It's got quotes from Brian Valentine (not a security expert) at the RSA 2000 conference talking about how MS put a naked Win2k machine on the 'net for 2 weeks, and only 4 denial of service bugs were found and no breaches were made. Also from your link: "Microsoft has made a comprehensive effort to build Windows 2000 with security in mind, including having a staff of 15 people study the code for breaches, denials of service, and bugs." -- in other words, that was a different world back then, and MS had a lot to learn about what kind of effort was required to secure windows. The effort mentioned in that article is laughable, with the benefit of hindsight. And as I said, the claim of MS not having secure development practices prior to ~2004 is true!
Again, read the damn link - not just the headline!
The article you linked does not refer to security in the sense of viruses/vulnerabilities/pwnage. It refers to security in the sense of data security using encryption and key management, authentication mechanisms (x509 certificate auth using smartcards). So you see, the headlines appear pretty damning, but the articles themselves again merely prove my point. Prior to 2004, MS really hadn't grasped the magnitude of the effort that would be required, and post 2004 (maybe earlier - right around the release of XP SP2) they really got their shit together.
What convincing evidence do you offer that this time they really, really mean it?
It may be an arbitrary test, but it's a very good one. If it's not present in the largest and most complete package repository for Linux, it's probably not relevant.
You just called every non-open source piece of code irrelevant.
I realize that might have actually been your intent, but I hope you realize how foolish that sounds.
It's locked down with Microsoft though. At least Flash is now more or less a fully open format.
How did you come to this conclusion?
Plus, Silverlight is much more ActiveX2.0 than it is a flash competitor.
???
There is no connection between the two. ActiveX is a technology you can use to embed controls for your app in other apps or web pages. Silverlight is a browser plugin that implements the WPF/E framework.
*Another* security flaw allowing remote code execution requiring a out of schedule patch release?
Let's see:
1. The flaw dates back to XP -- so more than 4 years ago.
2. The patch was released before the exploit was available -- that's a win for MS.
3. Now that exploit code is available, MS is alerting users to apply the patch -- that's a win for MS.
In those 12 years Flash has proven to be buggy and insecure. Developing for Flash (ActionScript) has been a joke so far.
Its not cross platform. Mention Moonlight and I'll hit you. I cannot type 'emerge moonlight' yet ergo its not anywhere near ready.
1. Violence is never the answer.
2. Typing 'emerge moonlight' is your own arbitrary test for being cross-platform -- it doesn't really mean anything.
3. With the recent exception of Flash 9, Flash has a long history of leaving Linux users in the lurch.
And I'd trust Microsoft for security if my IQ was 50 and I didnt care that much.
That's just typical groupthink regarding MS. Read this. I've seen in the past that people aren't very objective when discussing MS's security track record, so let me just try and summarize by saying that you were correct about 4 years ago -- now, you're just behind the times.
Marketing fluff does not belong in an OS, or a device driver. I surely hope there is an opt-out for this tripe.
One man's tripe is another man's truffle.
Seriously -- it's actually a cool idea and a natural extension of the concept of a device driver. A link to buy cartridges is certainly marketing (I don't know about fluff) -- but it's easy to think of scenarios where this is super-useful. A link to an updated manual being one example. Common trouble shooting links, information about recalls, firmware updates, exposing functionality (sync, settings, etc.).
From the point-of-view of a low-tech user:
1. Plug in shiny new toy/device, wait 10 secs while windows recognizes it and installs the driver, see picture of device with info, help, functionality, feel warm and fuzzy -- the device has been 'recognized' and is working
2. Not sure how to do something with device? Go to page with picture of device, look around, find help, figure out how to do whatever it was that you wanted to.
3. Just took a picture with my new phone. No idea how to get it to my computer, and email it to someone. Plug in phone. See picture/links/functionality. Accomplish task. Feel warm, fuzzy.
we/.ers often forget that not all computer users are like us.
Having said that, I definitely acknowledge that the danger of vendors using this to add 'fluff' is real - but the promise this feature holds is real as well. The devil will be in the details.
The purpose of an OS is to provide a stable, secure framework for which to run applications. The purpose of a device driver is to provide stable, and secure interface between hardware and the OS.
While that's true in a pedantic Computers 101 sort of way, the scope for a consumer OS goes waay beyond that goal. Are you suggesting that MS (and Apple and Ubuntu, etc.) just provide a scheduler + device drivers + APIs, and screw the average user who wouldn't know WTF to do with that?
I'm still hoping to boot Flash to the other side of that line, especially since it crashes my browser on a regular basis, but I still seem to be stuck with it.
Install, and lobby in favor of Silverlight then. Silverlight is far more stable/secure/lightweight than flash, and it's 10x easier to develop for. So if it replaces Flash, you're still in the position of having to install a plugin, but at least you'll be done with browser crashes..
Slashdot Mirror
I guess you have a valid point there. I wouldn't call it an 'architectural' advantage, but that's just semantics.
I have a hard time sympathizing with anyone pirating windows and then getting pwned by a virus of course, but it doesn't negate your point.
Yes - pretty sure :)
To summarize your link: 10% of laptop sales in the US are now Apples. Add desktops to that number, add worldwide sales to that number, and add installed base to that number -- you get the (unscientific) ~5% share that keeps getting tossed around. We know this already
As I said, Apple's sales are trending upwards - there's no question about it. But again, they don't have the numbers to make it a target for malware authors yet. And again, I'll get no joy from a Mac virus -- if Macs never exceed say 20% of the worldwide PC market (thus maintaining the element of 'differentness' that they have and also going below the radar of malware authors) I have no problem with that. I'm just pointing out the fallacy of the GP's statement (that because no virus has made it in the wild on OS-X in the last decade means that macs are inherently secure).
People have been saying the same damn thing for 8 years. "Just wait, one day OS X will get a virus. You'll see."
Actually, people have been saying "One day, OS-X will have enough users that malware authors will target it the way they target Windows". That hasn't happened yet, but OS-X marketshare is trending upwards, so it might still happen.
Also, please note the omission of "You'll see" and other such things. I don't want OS-X users to get viruses just so that my point gets proven. I do agree that in all likelihood if you run OS-X without an AV you'll be ok. That still doesn't negate the point -- OS-X does not have any inherent security advantage over Windows, and Apple's smug attitude towards security will bite them in the butt if their marketshare increases.
If that guy wants linux users to view his site, then he should use a technology that linux users can use.
I guess this has been re-hashed on /. over and over, but probably worth repeating: When desktop linux represents 1% of users, assume that web site owners aren't primarily concerned about Linux users being able to view their site. So the onus ends up being on the Linux folks to make sure their systems are able to work with the site - rather than vice versa.
Personally I don't really care about silverlight. if a site I go to uses it, then I assume that I am not the target user and go somewhere else.
As mentioned above, this is probably a valid assumption.
Now here's what I don't understand: why is there so much resistance to the idea of Silverlight on Linux? The Novell folks are broadening the scope of what will work with Linux -- yet the community itself seems to be so dead set against it. I don't understand...
There is no option to turn off the Showcase channel. You can turn off the Welcome channel.
You're right -- I take that back. I must have been thinking about that option (to turn off the Welcome channel) when I posted that.
Sounds like an issue with Oblivion rather than NXE. If Oblivion allows you to create so many game saves, Oblivion should offer a good UI for cleaning up it's junk.
I disagree. Saved games are universal in the sense that all games have them, and therefore managing them should be the duty of the platform, not the individual game.
Except that most games (oblivion is the only counter example I've ever heard of) allow just one save per profile - so they don't leave junk like that to clean up. As I stated elsewhere -- how is a non-savvy user to know which files to clean up? How does the user know they're not foobar-ing some important game files? How did the user even know where to look for the files? So you see - it does make sense for the UI for this to reside in the game. The game knows what files to delete, can present the information in a convenient and meaningful way, and the requirement is unique to this game.
To put things in perspective -- I would hardly complain if we got some good file management UI options in NXE -- I'd welcome it. But it's certainly not a core scenario, and it's definitely not a bug (as OP called it), and it's a really silly point based on which to criticize NXE, especially if the old blades behaved exactly the same way
It's still not the same thing -- no console game (PS3/Wii/xbox) should permit 150 save points without a good way of cleaning them up. Most console games allow only one save point per profile. How is a non-savvy user even expected to know which files to delete? How do they know they're not deleting some important game file? Oblivion is the only game I've heard of with this issue -- it's clearly their bug.
Possible way to "save" broken discs?
Not likely -- you still need to put the disk in the drive to play the game. My guess is that performance and noise are only "fringe benefits" of this feature. The big deal (for microsoft) is probably that this will allow them to make multi-disk games.
+It's great to see the party system extended beyond COD4 / Halo 3.
The party system always did extend beyond these games (to most games in fact). The party system in NXE is different. You can be in a party with some friends, but doing different things (playing a game, watching a movie, etc). You can switch to the party channel if you wish to only communicate with people in your party, or the game channel if you want to chat with the people you're playing with. So if you want to play COD4 but you're tired of dealing with obnoxious gamers, you can first start a party with your friends, and then play COD4, and stay on the party channel -- no need to deal with obnoxious ppl. Same for any game, in NXE now.
-We've gone from 5 tabs to 50+ screens. It's crap.
Why compare tabs to screens? We've gone from 5 tabs to 6 channels. Panning left/right in a channel is like scrolling up/down in a tab.
-The menu defaults to the "showcase" channel, which advertises Microsoft's newest games. This means that Microsoft, not content with getting us to pay $300+ for a console and $50 / year for Live, feels the need to advertise to us every time we go to the dashboard.
Turn off the Showcase channel :). It's in the settings somewhere.
-Old themes port very poorly, stretched across the background in awkward ways.
Hrm.. I didn't have that experience. I did see the wallpapers being obscured below the horizon (no idea what the correct term is) though. Considering the magnitude of the upgrade, I'm hardly concerned about this though. I do agree it's irritating if you've actually purchased a theme, for it to not be as pervasive as it was earlier.
-Haven't fixed the glaring file management bugs - it's not possible to do something like, say, delete 150 old Oblivion saves to reclaim disk space while keeping 5 of them without pressing 4 buttons for each individual savegame. Not a problem until you realize they're over a megabyte apiece, and on a 20gb hard disk this adds up fast.
Sounds like an issue with Oblivion rather than NXE. If Oblivion allows you to create so many game saves, Oblivion should offer a good UI for cleaning up it's junk.
On the whole I hate it.
I'm so surprised that anyone can actually hate it! The old blades are just one button away at all times, and they've not lost any functionality, and they've only gotten zippier. And it doesn't have ads. So you have everything you want, a single button away, and wonderful eye candy on the other hand (you gotta admit it -- NXE is gorgeous). Best of both worlds! Not to mention, the sight of a bunch of avatars standing in a group (because they're in a party) is pretty cool. Very cool that you can just click on that group to see party options. And that for people who you game with regularly online you'll actually be able to recognize the avatars at a glance and get an idea of who's in the party -- rather than having to read a dry spreadsheet-looking list of friends. And from the cover-art, you know what the party is doing too. Super-cool.
Your assuming that Microsoft is competent and this new software actually does a effective job and continues to do so in the future.
True. I guess there are a couple of corollaries to that:
- If MS doesn't provide good antivirus, users (or at least corporations) will stick with other vendors, so the competitors might never go away
- If the competitors do go away (say because MS was doing a good job), and then MS relaxes on the AV front, their platform starts getting pwned by viruses again, resulting in inroads into their OS share (say by OS-X and Linux) coupled with a resurgence of the AV market.
There's also a third scenario where MS might do a good job, and just continue to do a good job, in which case consumers win.
Ultimately I don't think any of these scenarios is a bad thing -- it's just a company that needs to make a certain move to improve the customer experience on their platform. If they execute well, customers win and so does MS -- and if not, customers will eventually get frustrated and go to some other platform. No need for antitrust lawyers to get involved except for the scenario I had called out earlier -- where MS offers the AV downloads for free, does a good job, eradicates competition, and then starts charging -- in that case the free giveaway was done solely to kill competition -- and that's the only scenario that antitrust law needs to concern itself with. Further, since customers will have to explicitly download the product (as opposed to having it bundled into the platform as was the case with IE4) there's even less need for antitrust regulators to get involved.
This is definitely a good thing for consumers.
If there's any antitrust directives that come out of this, it's that at some later point in the future (if/when the big competitors have disappeared) MS will not be allowed to start charging money for the suite -- it has to remain free.
About the move itself: it gives less people a reason to be running without antivirus sw., it enables more OEMs to sell PCs with AV pre-installed (which will not nag users in 1 month/3 months/1 year/whatever), and OneCare is less likely to use rootkit techniques etc. that symantec and others have used in the past.
... your rant, your posting history, accusing me of bias and assuming I'm an MS employee ...
I don't care about you, your posting history, or your sense of humor. Way up on this thread somebody said "I'd trust Microsoft for security if my IQ was 50 and I didn't care that much" -- which is plain stupid, and I was replying to that.
You say I'm an MS employee. Not true, and how does it matter anyway -- that would only provide motive -- not negate my argument.
You say I have a pro-MS bias. I say you have an anti-MS bias. See how that works? You're so biased you can't even imagine how a non-MS employee could be defending MS!
You ask about astroturf ribbons -- and then you link to an old thread about DRM in Vista. I'll just remind you that it takes two people to have a conversation. So we're both astroturfing.
And finally -- you've posted some links of questionable value to prop up your argument. You can't make the same claim about me (in this thread, or any other). Why not just use facts and logic instead of this silly rant??
Or maybe you're not "with us"?
It's true -- I am not. Slashdot's hostility to MS has reached ridiculous levels -- to a point that I (who was once an MS hater) have become sick of the lack of objectivity and jump in to defend MS when I can. In that sense, I am not "with you". In that same sense, I accused you of groupthink earlier, and this precise line of yours seems to incriminate you worse than anything I can say.
Maybe, if Vista ever gets 20% real share there will be enough exploits to waste a few on some bots that find Microsoft's honey pots.
In that line, replace Vista with OS-X, Linux, or any other OS.
Further, I believe that as each vulnerability becomes common, is revealed, patched and repatched, others like yourself will continue appear to say "That was before! There are no more!"
And here you finally expose yourself as somebody who doesn't know much about security. Read any comment in my entire history on slashdot - I will never say anything as stupid as "there are no more security issues" (in MS software or otherwise). The best anyone (MS or anyone else) can do is keep improving their secure coding practices (like so), and keep grinding away at it, never letting your guard down, so that the cost of finding exploits in your sw is higher than the returns you get from the exploit. New and ingenious types of exploits are created all the time -- it's the stupidest thing in the world to claim that you have no security issues in xyz piece of software.
It is my firm belief that there exists within a default install of Microsoft Vista and Microsoft Server 2008 a vulnerability which allows an anonymous attacker to achieve total control of such a system without user interaction.
Try not to hurt yourself celebrating if that happens.
I offer no evidence and I have none. I do not assert that these things are true - I only state that I believe them. I really do believe this and there's nothing you could say or do to dissuade me from these beliefs.
I already knew I cannot change your 'beliefs'. But it irks me no end that you yourself admit that you have no evidence to back them up, but you'll keep posting one anti-MS diatribe after the other based on 'belief'. This is precisely where my groupthink accusation came from. This is precisely why the anti-MS stance on /. has reached a level of religious fervor / dogma.
Just go away before I have to get all twitter on you.
And finally, we have your motive as well. You simply don't like the fact that I'm defending MS, so you want to shut me up.
I don't think "Can't use most of the sites that employ Silverlight" is a "random criteria" in the least.
Now we're finally on the same page. This is a valid test (as opposed to the emerge etc. BS earlier), and if Moonlight fails the test Silverlight can't be considered cross-platform. But again, it's still in development -- so it's a little early to condemn it. And recall that this was the case for Flash on Linux for the longest time.
It'll sorta work on non-MS and "work best" on MS. SSDD and we've all watched MS do this before.
Only time will tell..
*sigh*
Keep using whatever random criteria you want to come up with.. that doesn't make your argument more valid. You know very well that moonlight is still in incubation..
Silverlight has a short-standing track record of not being installed at all. I'm betting that particular track record will grow longer over time, on too many computers for it to matter much.
So you're essentially criticizing something you've never even used? Typical..
Sorry. Silverlight is a no-go here.
No apologies necessary - at least not to me. Ignore good technology all you want, it makes no difference to me..
As always -- read your own links carefully. For a balanced analysis, see the arstechnica link at the bottom: http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html which explains why this isn't a big deal.
The developer product to compare silverlight with is NOT Flash it is Flex.
Flex is the IDE, Flash is the runtime environment. Visual Studio is the IDE (among other options), and Silverlight is the runtime environment. So the comparison is between Flash and Silverlight.
from a programmers standpoint, flex can be used with alot more languages
Since Silverlight uses a lightweight version of the .net framework, you can use a humongous number of languages to develop Silverlight apps. For a current list, look here: http://en.wikipedia.org/wiki/CLI_Languages.. It's a huge list - Flex can't even begin to come close to it.
On stablity and security comparision is just plain foolish, flex has been around alot longer is far more proven
???
The IDE is irrelevant from a security perspective -- the runtime is what gets installed on 100s of millions of computers worldwide. And Flash has a long-standing track record of being a runtime made out of swiss cheese.
Your emerge claim doesn't make sense. I have no doubt that you can emerge Skype, but I don't understand how you can emerge something for which the code isn't available (perhaps I just don't understand emerge -- which is very likely). Anyway emerge still remains an arbitrary criteria. Gentoo might be 'popular', but it's essentially a niche (even within Linux) which is saying something. And the code for Moonlight is available and will continue to be. I have no idea why you can't emerge it, but it's really bizarre to use that as a standard for cross-platform availability considering Gentoo has a niche of the 1% of users worldwide that use desktop Linux.
Ok - I admit I got the timeline wrong - but I still see nothing but responsible behavior from MS in dealing with this flaw.
Every time this happens we get some idiot on here blathering about how things are better now.
Easy there dude.. however strongly you feel about it, the links you used were extremely disingenuous. I'll explain why:
Well that wasn't true before, was it?
Read your own link. It's got quotes from Brian Valentine (not a security expert) at the RSA 2000 conference talking about how MS put a naked Win2k machine on the 'net for 2 weeks, and only 4 denial of service bugs were found and no breaches were made. Also from your link: "Microsoft has made a comprehensive effort to build Windows 2000 with security in mind, including having a staff of 15 people study the code for breaches, denials of service, and bugs." -- in other words, that was a different world back then, and MS had a lot to learn about what kind of effort was required to secure windows. The effort mentioned in that article is laughable, with the benefit of hindsight. And as I said, the claim of MS not having secure development practices prior to ~2004 is true!
It wasn't true last time, was it? Note the 10 XP vulnerability blurb footing the story.
Again, read the damn link - not just the headline!
The article you linked does not refer to security in the sense of viruses/vulnerabilities/pwnage. It refers to security in the sense of data security using encryption and key management, authentication mechanisms (x509 certificate auth using smartcards). So you see, the headlines appear pretty damning, but the articles themselves again merely prove my point. Prior to 2004, MS really hadn't grasped the magnitude of the effort that would be required, and post 2004 (maybe earlier - right around the release of XP SP2) they really got their shit together.
What convincing evidence do you offer that this time they really, really mean it?
1. Industry plaudits: http://news.cnet.com/8301-1009_3-10042248-83.html
2. Details of the process: http://msdn.microsoft.com/en-us/security/ms995349.aspx
(note, the second link is a white paper by Michael Howard - a hacker/security expert himself - not a PHB unlike the dude quoted in your first link.) It's also detailed and insightful -- I suggest you read this link, even if you forgo reading your own.
It may be an arbitrary test, but it's a very good one. If it's not present in the largest and most complete package repository for Linux, it's probably not relevant.
You just called every non-open source piece of code irrelevant.
I realize that might have actually been your intent, but I hope you realize how foolish that sounds.
It's locked down with Microsoft though. At least Flash is now more or less a fully open format.
How did you come to this conclusion?
Plus, Silverlight is much more ActiveX2.0 than it is a flash competitor.
???
There is no connection between the two. ActiveX is a technology you can use to embed controls for your app in other apps or web pages. Silverlight is a browser plugin that implements the WPF/E framework.
*Another* security flaw allowing remote code execution requiring a out of schedule patch release?
Let's see:
1. The flaw dates back to XP -- so more than 4 years ago.
2. The patch was released before the exploit was available -- that's a win for MS.
3. Now that exploit code is available, MS is alerting users to apply the patch -- that's a win for MS.
Your example proves my point.
Its untested, Flash has 12 years behind it.
In those 12 years Flash has proven to be buggy and insecure. Developing for Flash (ActionScript) has been a joke so far.
Its not cross platform. Mention Moonlight and I'll hit you. I cannot type 'emerge moonlight' yet ergo its not anywhere near ready.
1. Violence is never the answer.
2. Typing 'emerge moonlight' is your own arbitrary test for being cross-platform -- it doesn't really mean anything.
3. With the recent exception of Flash 9, Flash has a long history of leaving Linux users in the lurch.
And I'd trust Microsoft for security if my IQ was 50 and I didnt care that much.
That's just typical groupthink regarding MS. Read this. I've seen in the past that people aren't very objective when discussing MS's security track record, so let me just try and summarize by saying that you were correct about 4 years ago -- now, you're just behind the times.
Marketing fluff does not belong in an OS, or a device driver. I surely hope there is an opt-out for this tripe.
One man's tripe is another man's truffle.
Seriously -- it's actually a cool idea and a natural extension of the concept of a device driver. A link to buy cartridges is certainly marketing (I don't know about fluff) -- but it's easy to think of scenarios where this is super-useful. A link to an updated manual being one example. Common trouble shooting links, information about recalls, firmware updates, exposing functionality (sync, settings, etc.).
From the point-of-view of a low-tech user: /.ers often forget that not all computer users are like us.
1. Plug in shiny new toy/device, wait 10 secs while windows recognizes it and installs the driver, see picture of device with info, help, functionality, feel warm and fuzzy -- the device has been 'recognized' and is working
2. Not sure how to do something with device? Go to page with picture of device, look around, find help, figure out how to do whatever it was that you wanted to.
3. Just took a picture with my new phone. No idea how to get it to my computer, and email it to someone. Plug in phone. See picture/links/functionality. Accomplish task. Feel warm, fuzzy.
we
Having said that, I definitely acknowledge that the danger of vendors using this to add 'fluff' is real - but the promise this feature holds is real as well. The devil will be in the details.
The purpose of an OS is to provide a stable, secure framework for which to run applications. The purpose of a device driver is to provide stable, and secure interface between hardware and the OS.
While that's true in a pedantic Computers 101 sort of way, the scope for a consumer OS goes waay beyond that goal. Are you suggesting that MS (and Apple and Ubuntu, etc.) just provide a scheduler + device drivers + APIs, and screw the average user who wouldn't know WTF to do with that?
I'm still hoping to boot Flash to the other side of that line, especially since it crashes my browser on a regular basis, but I still seem to be stuck with it.
Install, and lobby in favor of Silverlight then. Silverlight is far more stable/secure/lightweight than flash, and it's 10x easier to develop for. So if it replaces Flash, you're still in the position of having to install a plugin, but at least you'll be done with browser crashes..