> Number of exploits in the wild? Percentage of systems exploited? Mean time to bothood when connected to an Internet exposed IP address? Depth and breadth of UNIX support?
Not a single one of those factors is related to design.
Given that OSX has MORE critical vulnerabilities per year than any Microsoft OS, and that they are outstanding for longer periods of time, do you really beleive that, had they the exposure that Windows systems have, they wouldn't be hacked at the same rate?
And before you jump, the numbers are not linear. If you have a platform that's used ten times as much as another one (and the difference is bigger than that) why would you care to build hacks for the less profitable one? Same thing for researching vulnerabilities (the fact that, with an order of magnitude fewer researchers looking at OSX vulnerabilities and them coming out with more bugs should tell you something about Apple's code quality). And combine that with the difficulty in propagating your code with machines so isolated.
So you can't argue that any of those factors you present are related to the products quality.
Oh, BTW, you realize that the drives on Apple systems are EXACTLY THE SAME as on Windows systems? Same models, versions, lots! So the fact that you had more drive failures on Windows systems is not only anecdotic, it is irrelevant.
But the writer got the Windows tests WRONG.
He tested by installing Windows XP without a Service Pack and then upgrading to SP2. He found lots of open ports before the SP and that's what he's reporting.
That is clearly silly, as you can't buy XP without SP2 embedded today, and you can't buy a machine without it preinstalled.
Testing XP without a service Pack would be like testing an Apple with OS9.
Same thing when he tests Windows Server 2003 without Service Pack 1 or Service Pack 2.
Yes, the tester later reports the effects of installin the Service Pack (whith are much better) but reporting the service pack less results is just plain misleading.
Actually, I can't see that to be the case. Cytrix partnered with Microsoft and they are thriving. When they made the deal with Microsoft, their sales boomed. And they keep growing despite MS adding more features to their version of the solution. I went to a Microsoft conference a few weeks ago and they were promoting Cytrix solutions as a great extension of the basic capabilities in Windows.
The same happened with many other partners. Actually, many often asked for features such as backup to tape, cluster support for dynamic disks and other such features are not in the product because Microsoft is respecting previous agreements with partners that provided the technology.
I would be interested if you have a real example where Microsof "stabbed" a partner other than OS/2 (which is a matter of views, as far as I know the two companies had diverging views on the subject, IBM wanting to do a clear slab and MS pushing for more backwards compatibility, so MS decided to drop the thing). Sun was NEVER a partner with Microsoft until after the recent deals. They were declared enemies from day -1.
Any better examples? I'm not saying there aren't any, but as far as I can see microsoft has been pretty decent with their partners in general.
So you are actually claiming the history is false? And that all the evidence is made up? And that the guys went later and changed the information they published origianlly (and that lots of people read) and no one noticed?
And that Apple cant be possibly responsible of misbehavior?
You've ben certainly brainwashed. Seriously.
Of course nobody is demanding for the procut to be perfect. But when someone claims that their product, in opposition to the competition, "just works", you can understant that it has fewer defects, vulnerabilities and problems than the competition. And that's mathematically not the case, not by a long stretch.
It IS atomic IO. IO commands can be reordered as much as you want, but commands can be tagged for flush or immediate execution, and if a device doesn't comply with those, it is either badly writen or it has incorporated enough safeguards so it doesn't matter.
For all practical purposes it is atomic IO.
In addition, how do you expect a user mode component to be able to implement transactional services for kernel components? This is not only about begin trans/end trans for copying files. It is about bringing transactiona capability to every operation in an application and in the kernel. Yes, it is not yet exploited by every single kernel process, and probably will never be, but it is already being used by kernel code to simplify error handling and to provide better guarantees of consistency. Making it user mode would only increase state transitions with no real benefit to anyone.
What I don't get is why people concentrate on the irrelevant issue of wether a driver works or not.
The article was about Apple bullying researchers, using odd legal tactics to prevent truth about their vulnerabilities for surfacing and hiring bloggers to cover their tracks.
If Microsoft had done this, it would be on front page on the newspapers, and the first item on Slashdot would be "Microsoft Bullying Security Researchers". But this is Apple, so it is probably OK for them to do it.
"just" works would literally mean "Only" works, or, in other words, "dows not do other thing that work". That would preculde "sometimes fails".
So "Just works" means exactly what the grandparent is implying. "Sometimes fails" is exactly the opposite to that.
That's why the "just works" message is so silly. everything fails once in a while and for some users. It is the rate that matters. And, based on my personal experience, Apple has an edge on that only when you don't do anything exotic such as running low quality drivers or obscure applications. Exactly the same as Windows.
Hydrogen is not good. It is dangerous, has little energy density, is difficult to handle and (if used as a charging mechanism) will require rebuilding the whole world refueling infrastrcuture, leading to a chicken and egg problem that will simply kill the technology.
What's wrong with batteries? They are simple, well known, reasonably efficient, and improving at a rate that insures applicability to any scenario you can think of in less than a decade, and most scenarios in two or three years. And that's without considering any potential breakthroughs in battery technology.
Also, electrical storage is basically "black box" technology. If someone comes out with a super nanocapacitor or some other electricity storage medium that's more efficient than what you are using, just replace the battery, update some software and you are set to go!
Actually, 1 gallon = 3.78 liters. SInce gas weights substantially less than water (density of about.75), 2.5Kg sounds reasonable (2.8 would be more accurate, but as a rough approximation 2.5 seems OK).
You should only correct people when you have a clue.
$10K pre tax for a subcompact, limited power car is not cheap at all. In those regions you can get other more decent (comfort and performance wise) vehicles for that money.
Yes, being energy efficient is a big plus, but the price doesn't help here.
Compact electric cars will in two or three years be at that price level, have better reliability and be more fun to drive.
I agree with most of your analysis, but on the range thing.
Why on earth would you want a range of over 400 miles AND a charge time of five minutes? You mean you can drive 400 miles, rest for five minutes and then you are ready for 400 more miles? Now I'm impressed.
5 min charge time is a necessity if you have a range of 100 miles.
More than 400 miles is desirable if you can't charge overnight.
But if you have the ability of overnight charging (and electric charging ability is ubiquitous) 400 miles is more than enough for anything but commercial truck drivers, and a five minute charge time is not necessary with that range.
The air we breathe is already polluted. So taking the air and compressing it concentrates the pollution. Then, it follows, releasing them to the atmosphere is polluting!!!
It might sound like a silly argument, but that's exactly what happens with nuclear reactors (OK, they crate particularly long lasting radioactive elements, but nobody cared when the source radioactive elements were in the environment, where they were taken from in the first place).
Compressed air is not a power source, since the energy has to come from some other source, such as electricity.
Storing energy as compressed air is not a more efficient process than storing electricity inside a battery.
There ARE electric cars today with more range than the Air Car. And they are not all ultracompact cars but some more reasonable formats.
So we have already a technology that is simpler, proven, has better performance, it is likely to be much more reliable (fewer moving parts) and has constant performance (a vehicle run by compressed air will lower its performance as it runs out of "gas").
I'm not completely sure it is cheaper today, but it certainly will be as batteries progress (they have been progressing at a steady 10% increase in capacity or decrease in cost every year for the last few decades, it is expected that the trend continues). The Air Car is not so proven, and the manufacturing costs will surely go up as they near production (they always do).
I'm not saying this project has no value, but investing the same money and effort in developing electric cars will certainly produce better results faster.
What I don't get is the "monoculture" comment. These guys are complaining that all the web servers are using the same software? Or that the different layers are using the same platform? In neither case having a more diverse platform would reduce the number of bugs or make them less serious. That's especially true for cross site scripting exploits and the like. Having two differetn web servers would not reduce the number of exploits or their seriousness, it would actually probably double them and make them more difficult to diagnose. And having heterogeneous layers wouldn't make a difference at all. I just don't get it.
The study appears flawed in its conclusions.
> Those children who do sports at school do not burn more calories than those who don't.
That would make sense. An obese boy burns as many calories walking as a thin boy burns running. An obese boy has to carry and move extra weight 16 hours a day. Doing sports one hour a day cannot compete with that. If obese children are among the ones not doing sports, that's exactly what the study should find. Surprisingly, the researchers make exactly the opposite conclusion.
> Furthermore there is no correlation between body mass index and the number of calories used!
Again, this proves exactly the opposite point the conclusions claim. A high BMI makes you burn MORE calories no less. If that compensates for less sport activity (which would cause the high BMI) you get the observed results.
Conclusion: the data observed proves that sports are useful in burning calories and in losing weight. They are even so powerful that they even match the high calorie burn of carrying around 30 pounds of cargo everywhere. If you take an obese child and make him or her do some sports, that would add both energy outputs and the kid would lose weight and be healthier.
Either I don't know anything about computer segurity (odd as I get paid for that) or these guys don't know anything about security (odd as THEY get paid for that).
In order for this "hack" to work the user has to download malicious code from the Internet, run it and accept a warning that indicates there's a dangerous elevated operation going on. How is this a hack in any way?
Normally, if the user ran malicious code on Vista and it tried an elevated operation, it would trigger a warning. If the user accepts the warning, the code is run elevated and the computer becomes damaged. That's how it is designed to be, and that's even more than most platforms do in this respect.
In this situation, exactly the same applies. The user has to download the code, run it, and accept a security warning. So where's the hack?
A real hack would be to prevent a security warning from raising, not to raise a security warning when one is granted (or not).
But leading in IT shouldn't be measured in absolute terms but in relative ones.
Do you think that if the US had the same population density and distributionas, say, Japan, the situation would be the same? Or that the japanese would have the service they have now if Japan was the size of the US with a large non urban population?
Given the situation, the US is doing pretty well in that aspect. And that's a factor that is absent in most observations about broadband penetration.
If your metric for development cost concentrates on the cost of tools (which, by the way, are FREE in Microsofts case for very reasonably featured versions) you are valuing your time very low.
One thing Microsoft did very well is building a very efficient development environment. THat's something companies value a lot. The cost of developing for Windows has been analyzed in many serious studies, and it has demonstrated to be lower than the alternatives. Of course, that doesn't mean you HAVE to write for Windows. There are other considerations than cost. If your target market runs Unix, write for Unix. If you have a principles thing against IP, write OSS. If you need a community keep improving your code and benefit for it, write OSS. But if yow thing that writing for Linux is any easier than writing for Windows, you are just plain wrong. Especially when you consider Microsofts curse: they have to maintani App compatibility. An application writen for Windows 3.1 more likely works on any later version of the OS than not (I tested many). Linux and other OSs don't have such pressure, which is a blessing for the OS writers, but a curse for app developers.
Again, you are confusing being among the top with being #1.
Yes, there are some countries where you get cheaper and faster broadband than in the US. Not surprisingly, they are all much denser countries, a factor that signifficantly lowers cost and increases speed (reducing connection distance to switches).
You complain about the price you pay for 5MB/s? You JUST CAN'T GET 5MB/s ANYWHERE IN THE WHOLE SOUTH AMERICAN CONTINENT!!! Some companies market such speeds, but the effective rate is well under 2Mbps at off peak. And the price for that is normally over a hundred bucks. And you know what? MOST OF THE PLANET IS LIKE THAT! Few countries get a better deal than the US when it comes to broadband. Very few.
So again, if you were comparing to the average country and losing, you could complain. But just because there are a handful of countries that, for perfectly understandable technical reasons, have a better deal than you do, you think conspiracy, no matter that the vast majority of the planet is way worse than the US in speed, penetration or rates.
What I don't get is why this is news. Since when the US needs to be 1st in everything? I mean, what if a small country (or even a large one) has more penetration tha the US? If the US had one of the world's lowest broadband penetration it would be surprising. But being just average among the world's most industrialized countries is reasonable. Each country has different population distributions, different technological penetration patterns, different needs. It is reasonable that broadband penetration follows those patterns, and not some macho man "MUST BE 1ST" need.
Slashdot Mirror
> Number of exploits in the wild? Percentage of systems exploited? Mean time to bothood when connected to an Internet exposed IP address? Depth and breadth of UNIX support? Not a single one of those factors is related to design. Given that OSX has MORE critical vulnerabilities per year than any Microsoft OS, and that they are outstanding for longer periods of time, do you really beleive that, had they the exposure that Windows systems have, they wouldn't be hacked at the same rate? And before you jump, the numbers are not linear. If you have a platform that's used ten times as much as another one (and the difference is bigger than that) why would you care to build hacks for the less profitable one? Same thing for researching vulnerabilities (the fact that, with an order of magnitude fewer researchers looking at OSX vulnerabilities and them coming out with more bugs should tell you something about Apple's code quality). And combine that with the difficulty in propagating your code with machines so isolated. So you can't argue that any of those factors you present are related to the products quality. Oh, BTW, you realize that the drives on Apple systems are EXACTLY THE SAME as on Windows systems? Same models, versions, lots! So the fact that you had more drive failures on Windows systems is not only anecdotic, it is irrelevant.
But the writer got the Windows tests WRONG. He tested by installing Windows XP without a Service Pack and then upgrading to SP2. He found lots of open ports before the SP and that's what he's reporting. That is clearly silly, as you can't buy XP without SP2 embedded today, and you can't buy a machine without it preinstalled. Testing XP without a service Pack would be like testing an Apple with OS9. Same thing when he tests Windows Server 2003 without Service Pack 1 or Service Pack 2. Yes, the tester later reports the effects of installin the Service Pack (whith are much better) but reporting the service pack less results is just plain misleading.
Actually, I can't see that to be the case. Cytrix partnered with Microsoft and they are thriving. When they made the deal with Microsoft, their sales boomed. And they keep growing despite MS adding more features to their version of the solution. I went to a Microsoft conference a few weeks ago and they were promoting Cytrix solutions as a great extension of the basic capabilities in Windows. The same happened with many other partners. Actually, many often asked for features such as backup to tape, cluster support for dynamic disks and other such features are not in the product because Microsoft is respecting previous agreements with partners that provided the technology. I would be interested if you have a real example where Microsof "stabbed" a partner other than OS/2 (which is a matter of views, as far as I know the two companies had diverging views on the subject, IBM wanting to do a clear slab and MS pushing for more backwards compatibility, so MS decided to drop the thing). Sun was NEVER a partner with Microsoft until after the recent deals. They were declared enemies from day -1. Any better examples? I'm not saying there aren't any, but as far as I can see microsoft has been pretty decent with their partners in general.
OK, it's not enough for 5% of the drivers. Tell me a vehicle that IS useful for over 95% of the population.
So you are actually claiming the history is false? And that all the evidence is made up? And that the guys went later and changed the information they published origianlly (and that lots of people read) and no one noticed? And that Apple cant be possibly responsible of misbehavior? You've ben certainly brainwashed. Seriously.
Of course nobody is demanding for the procut to be perfect. But when someone claims that their product, in opposition to the competition, "just works", you can understant that it has fewer defects, vulnerabilities and problems than the competition. And that's mathematically not the case, not by a long stretch.
It IS atomic IO. IO commands can be reordered as much as you want, but commands can be tagged for flush or immediate execution, and if a device doesn't comply with those, it is either badly writen or it has incorporated enough safeguards so it doesn't matter. For all practical purposes it is atomic IO. In addition, how do you expect a user mode component to be able to implement transactional services for kernel components? This is not only about begin trans /end trans for copying files. It is about bringing transactiona capability to every operation in an application and in the kernel. Yes, it is not yet exploited by every single kernel process, and probably will never be, but it is already being used by kernel code to simplify error handling and to provide better guarantees of consistency. Making it user mode would only increase state transitions with no real benefit to anyone.
What I don't get is why people concentrate on the irrelevant issue of wether a driver works or not. The article was about Apple bullying researchers, using odd legal tactics to prevent truth about their vulnerabilities for surfacing and hiring bloggers to cover their tracks. If Microsoft had done this, it would be on front page on the newspapers, and the first item on Slashdot would be "Microsoft Bullying Security Researchers". But this is Apple, so it is probably OK for them to do it.
"just" works would literally mean "Only" works, or, in other words, "dows not do other thing that work". That would preculde "sometimes fails". So "Just works" means exactly what the grandparent is implying. "Sometimes fails" is exactly the opposite to that. That's why the "just works" message is so silly. everything fails once in a while and for some users. It is the rate that matters. And, based on my personal experience, Apple has an edge on that only when you don't do anything exotic such as running low quality drivers or obscure applications. Exactly the same as Windows.
Hydrogen is not good. It is dangerous, has little energy density, is difficult to handle and (if used as a charging mechanism) will require rebuilding the whole world refueling infrastrcuture, leading to a chicken and egg problem that will simply kill the technology. What's wrong with batteries? They are simple, well known, reasonably efficient, and improving at a rate that insures applicability to any scenario you can think of in less than a decade, and most scenarios in two or three years. And that's without considering any potential breakthroughs in battery technology. Also, electrical storage is basically "black box" technology. If someone comes out with a super nanocapacitor or some other electricity storage medium that's more efficient than what you are using, just replace the battery, update some software and you are set to go!
Actually, 1 gallon = 3.78 liters. SInce gas weights substantially less than water (density of about .75), 2.5Kg sounds reasonable (2.8 would be more accurate, but as a rough approximation 2.5 seems OK).
You should only correct people when you have a clue.
$10K pre tax for a subcompact, limited power car is not cheap at all. In those regions you can get other more decent (comfort and performance wise) vehicles for that money. Yes, being energy efficient is a big plus, but the price doesn't help here. Compact electric cars will in two or three years be at that price level, have better reliability and be more fun to drive.
I agree with most of your analysis, but on the range thing. Why on earth would you want a range of over 400 miles AND a charge time of five minutes? You mean you can drive 400 miles, rest for five minutes and then you are ready for 400 more miles? Now I'm impressed. 5 min charge time is a necessity if you have a range of 100 miles. More than 400 miles is desirable if you can't charge overnight. But if you have the ability of overnight charging (and electric charging ability is ubiquitous) 400 miles is more than enough for anything but commercial truck drivers, and a five minute charge time is not necessary with that range.
The air we breathe is already polluted. So taking the air and compressing it concentrates the pollution. Then, it follows, releasing them to the atmosphere is polluting!!! It might sound like a silly argument, but that's exactly what happens with nuclear reactors (OK, they crate particularly long lasting radioactive elements, but nobody cared when the source radioactive elements were in the environment, where they were taken from in the first place).
Compressed air is not a power source, since the energy has to come from some other source, such as electricity. Storing energy as compressed air is not a more efficient process than storing electricity inside a battery. There ARE electric cars today with more range than the Air Car. And they are not all ultracompact cars but some more reasonable formats. So we have already a technology that is simpler, proven, has better performance, it is likely to be much more reliable (fewer moving parts) and has constant performance (a vehicle run by compressed air will lower its performance as it runs out of "gas"). I'm not completely sure it is cheaper today, but it certainly will be as batteries progress (they have been progressing at a steady 10% increase in capacity or decrease in cost every year for the last few decades, it is expected that the trend continues). The Air Car is not so proven, and the manufacturing costs will surely go up as they near production (they always do). I'm not saying this project has no value, but investing the same money and effort in developing electric cars will certainly produce better results faster.
What I don't get is the "monoculture" comment. These guys are complaining that all the web servers are using the same software? Or that the different layers are using the same platform? In neither case having a more diverse platform would reduce the number of bugs or make them less serious. That's especially true for cross site scripting exploits and the like. Having two differetn web servers would not reduce the number of exploits or their seriousness, it would actually probably double them and make them more difficult to diagnose. And having heterogeneous layers wouldn't make a difference at all. I just don't get it.
The study appears flawed in its conclusions. > Those children who do sports at school do not burn more calories than those who don't. That would make sense. An obese boy burns as many calories walking as a thin boy burns running. An obese boy has to carry and move extra weight 16 hours a day. Doing sports one hour a day cannot compete with that. If obese children are among the ones not doing sports, that's exactly what the study should find. Surprisingly, the researchers make exactly the opposite conclusion. > Furthermore there is no correlation between body mass index and the number of calories used! Again, this proves exactly the opposite point the conclusions claim. A high BMI makes you burn MORE calories no less. If that compensates for less sport activity (which would cause the high BMI) you get the observed results. Conclusion: the data observed proves that sports are useful in burning calories and in losing weight. They are even so powerful that they even match the high calorie burn of carrying around 30 pounds of cargo everywhere. If you take an obese child and make him or her do some sports, that would add both energy outputs and the kid would lose weight and be healthier.
Either I don't know anything about computer segurity (odd as I get paid for that) or these guys don't know anything about security (odd as THEY get paid for that). In order for this "hack" to work the user has to download malicious code from the Internet, run it and accept a warning that indicates there's a dangerous elevated operation going on. How is this a hack in any way? Normally, if the user ran malicious code on Vista and it tried an elevated operation, it would trigger a warning. If the user accepts the warning, the code is run elevated and the computer becomes damaged. That's how it is designed to be, and that's even more than most platforms do in this respect. In this situation, exactly the same applies. The user has to download the code, run it, and accept a security warning. So where's the hack? A real hack would be to prevent a security warning from raising, not to raise a security warning when one is granted (or not).
But leading in IT shouldn't be measured in absolute terms but in relative ones. Do you think that if the US had the same population density and distributionas, say, Japan, the situation would be the same? Or that the japanese would have the service they have now if Japan was the size of the US with a large non urban population? Given the situation, the US is doing pretty well in that aspect. And that's a factor that is absent in most observations about broadband penetration.
And consider what the chimps are using the weapons for: to kill Bush Babies! That should drive George mad.
Now that there's reliable intelligence indicating that the chimps in Senegal are building weapons, an US led invasion should not be far.
If your metric for development cost concentrates on the cost of tools (which, by the way, are FREE in Microsofts case for very reasonably featured versions) you are valuing your time very low. One thing Microsoft did very well is building a very efficient development environment. THat's something companies value a lot. The cost of developing for Windows has been analyzed in many serious studies, and it has demonstrated to be lower than the alternatives. Of course, that doesn't mean you HAVE to write for Windows. There are other considerations than cost. If your target market runs Unix, write for Unix. If you have a principles thing against IP, write OSS. If you need a community keep improving your code and benefit for it, write OSS. But if yow thing that writing for Linux is any easier than writing for Windows, you are just plain wrong. Especially when you consider Microsofts curse: they have to maintani App compatibility. An application writen for Windows 3.1 more likely works on any later version of the OS than not (I tested many). Linux and other OSs don't have such pressure, which is a blessing for the OS writers, but a curse for app developers.
You are right. Only 95% of the worlds computation is done on Windows. It is a waste of time writing for that platform.
Again, you are confusing being among the top with being #1. Yes, there are some countries where you get cheaper and faster broadband than in the US. Not surprisingly, they are all much denser countries, a factor that signifficantly lowers cost and increases speed (reducing connection distance to switches). You complain about the price you pay for 5MB/s? You JUST CAN'T GET 5MB/s ANYWHERE IN THE WHOLE SOUTH AMERICAN CONTINENT!!! Some companies market such speeds, but the effective rate is well under 2Mbps at off peak. And the price for that is normally over a hundred bucks. And you know what? MOST OF THE PLANET IS LIKE THAT! Few countries get a better deal than the US when it comes to broadband. Very few. So again, if you were comparing to the average country and losing, you could complain. But just because there are a handful of countries that, for perfectly understandable technical reasons, have a better deal than you do, you think conspiracy, no matter that the vast majority of the planet is way worse than the US in speed, penetration or rates.
What I don't get is why this is news. Since when the US needs to be 1st in everything? I mean, what if a small country (or even a large one) has more penetration tha the US? If the US had one of the world's lowest broadband penetration it would be surprising. But being just average among the world's most industrialized countries is reasonable. Each country has different population distributions, different technological penetration patterns, different needs. It is reasonable that broadband penetration follows those patterns, and not some macho man "MUST BE 1ST" need.