Well, you have to go a long, loooooooong way to reach the conclusion that "Microsoft has the most secure operating system"!
The audit trail for this year's award for Best Distorting Headline:
The post links to a report on internetnews.com, not Information Week, as reported.
The InternetNews.com report links to the Symantec summary web page, which does not mention Microsoft at all. Moreover, it is a report on Internet Security, not operating systems. (A bit more about that next.)
The report itself is a 104 page (PDF) document (including 24 pages of appendices), which mentions Microsoft mostly in minor points, and in the following contexts:
The Executive Summary does not mention Microsoft at all, nor does the Internet Security Threat Report Overview.
The first mention of Microsoft comes in the Attack Trends Highlights of the Executive Summary Highlights, and it is not flattering: "Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers."
Similarly, under Vulnerability Trends Highlights (also under Executive Summary Highlights), the next mention is also not flattering: "Symantec documented 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers,
and four each in Apple Safari and Opera."
The next mention of Microsoft comes on page 19, under the heading, Threats posed to Windows Vista becoming evident. This comes after an Executive Summary Discussion that does not mention Microsoft anywhere in its ten pages. So far, I'm not feeling the "surprise" factor mentioned by david_g17.
The first conclusion reached in the discussion of threats to Vista is that "Microsoft's
Security Development Lifecycle, while thorough, does not necessarily identify all potential vulnerabilities." I am starting to feel some surprise, but it relates to how david_g17 interpreted this story.
The discussion of threats to Vista identifies vulnerabilities, malicious code and attacks against the Teredo protocol. It simply does not say anything to indicate that Symantec believes Vista to be in any way superior to other operating systems with respect to security.
The next mention of Microsoft comes under the section on Attack Trends, and concludes: "Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers."
The next mention of Microsoft is essentially a footnote that singles out two Microsoft vulnerabilities in attributing a peak in bot activity. This is not necessarily a criticism of Microsoft, but it would hardly lead one to think of Microsoft as superior to other vendors.
Next, under Vulnerability Trends, "Symantec documented 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers,
and four each in Apple Safari and Opera." Um... doesn't this mean that Microsoft is less than other vendors? Yes, I know, it's about browsers, not operating systems. Wait. Didn't Microsoft blur this distinction a little bit with their bundling strategy?
Finally... in the subsection, Patch development time for operating systems, almost halfway through the report, Symantec does give david_g17 his fodder: "Microsoft Windows had the shortest average patch development time of the five operating systems in the
last six months of 2006".
However, that same section concludes "The risk of exploitation in the wild is a major driving force in the development of patches. As with previous periods, Microsoft Windows was the operating system that had the most vulnerabilities with
associated exploit code and exploit activity in the wild (emphasis mine). This may have
Don't take this the wrong way, but that might be too "open", even for those of us who think "war on terror" is an over-used and misguided excuse. However, we do have FISO courts and special national security committees in the House and Senate, which might be the appropriate recipients of the records. I agree that it still might be not open enough for everyone's liking, but it provides the checks and balances that your post emphasizes and still makes it possible to conduct surveillance without informing the targets of investigation, which is pretty important in both criminal and terror investigations.
Neither approach is perfect, and I understand the impulse to make all the requests public information. But my objection to the Bush administration approach is not simply that they did not follow the law, but that they said the law did not give them the tools needed to combat terror, which is just a lie, since we already had these procedures in place long before 9/11.
None of this should be construed as support for the notion that "oral requests" should be sufficient. It just seems like another case of the Bushies saying that the law is too hard to follow, when they do not even try to do so. I have not seen one example where a Fibbie or any other law enforcement officer would have nabbed a terrorist except that he had to stop and fill out some paperwork (which, by law, can be done after the fact).
That law they cite I don't think "guidance" has the force of law. Granted, if it's your boss giving you "guidance", it's not irrelevant, but let's not confuse hierarchy with law.
I sure do see a lot of arguments that boil down to "the other side is worse". What is the point of that argument? Personally, I think W is worse than Clinton, but I don't see how that is relevant to an argument about whether something should or should not be done. I'm not sure "if nothing else, at least it's different" does a whole lot to advance the discussion, since "different" can be worse, by definition. If you have specific reasons making it actually better, or less worse, that would be a much more credible argument.
BTW, I "get" the frustration angle; I even share it; I just don't think your response to it makes any sense.
So, if a distributor who typically makes a 5% profit will charge $105 for every $100 in increased cost
Does this ever happen in the real world?
I wasn't aware that the road to profit was simply "mark up all input costs". I thought it had something to do with demand and value added. An increase in a factor cost (like fuel) does not change the value proposition of a distributor or anyone else in the production chain, and it doesn't change the basic demand for end products. Basic economic analysis and research will show that suppliers will pass on less than 1x any increase in factor costs, and that's ignoring efficiency improvements (which take time to develop).
By your logic, any increase in the cost of any factor anywhere would lead to spiraling inflation.
Am I the only one who believes bees are evil? That's gotta explain a lot of this. Or, maybe Einstein was a bee, in which case he might seem like the devil.
Agreed; and furthermore, I haven't seen anyone explain what new Operating System stuff is now done by Vista that wasn't already done by XP. I hear vague references to security (but there's a more recent/. post suggesting it ain't so hot, either). Otherwise, I just don't see what's new about this that should require more memory. The great stuff that computers can do today that they couldn't do twenty years ago (mapping, analytical processing, etc.) seem to be things that are done by software above the OS, so I just don't see the value proposition for Vista (other than the value prop to MS and its business partners).
If application A is mean-and-lean but still under development, you'll whine and cavil and buy B because it's the only one available, regardless of features.
Surely free market people belive that private individuals can make a better solution than the government. That the market can make a better solution.
I don't disagree with your enthusiasm for "free market" solutions. However, most free market people believe that government should ensure the functioning of markets. For example, contracts wouldn't exist without laws (government). Pretty important to the functioning of markets.
In the present case, I'm simply wondering what would replace the monopoly and ensure the functioning of free (or at least reasonable, bah dum bah) markets. In other words, what great solution has the free market devised, that doesn't involve breaking the law? Yeah, I know, if the law is wrong, that presents a problem. But most arguments against copyright involve some hypothetical "better" solution, and I just never seem to see even the faintest specifics of how they would change the law, as opposed to just break it. The argument that content owners or their agents (RIAA, MPAA, etc.) should just do things differently isn't entirely persuasive. If that argument were persuasive, I don't know why we couldn't just ignore contracts or tell businesses to find other "business models" that don't rely on contract law.
I don't think that's what you're arguing, btw; in fact, I think we're not that far apart. I'm just wondering out loud because I don't have any good ideas at the moment for a satisfactory replacement for copyright law. That doesn't mean I support DRM; it seems to violate copyright law, though IANAL.
Lastly, I think the "monopoly" argument in the case of copyright is overblown -- not totally irrelevant, just overstated. Copyright means that everyone has the same rights with respect to content they create. These rights are tradable (in a pretty free market). Other posts allude to price fixing, etc., which would seem to be evidence of a monopoly problem. I'm too lazy at the moment to evaluate the links. Even if the evidence is credible, it seems to indicate that the problem is in distribution, not "manufacturing" of content. I still don't have a clue as to what that says about the shape of a "fix" for copyright. Since you're "happy to try", I'll expect a white paper on my desk in the morning...:)
That is funny, because GP said "autism and similar developmental problems stem from the fact that people these days are not getting enough social interaction". To this, you said "your suggestion is spot-on".
So, my confusion stems from: "stem from" == "causation"; and you said "spot-on". My mistake; you must have meant something else.
Of course, one is too many, if it has the wrong/right data on it. But this left me with a lot more questions than answers.
TFA mentions that the FBI has "more than 21,000 laptops at any given time". The loss or theft of.76% (160) in 44 months is.21% per year. Is an annual disappearance rate of 2/1000 laptops high? What's the benchmark for the private sector, and how much lower should the tolerance be for the FBI or similar organizations? I gave up after following numerous Google and Ask links; all I found were USAToday-type figures, which didn't give rates and often didn't seem credible. (One link cited an "FBI statistic" that one in 8 laptops will be stolen... I wondered if they were just trying to make themselves look good!)
How much should we care about the distinction between lost and stolen? I note that the loss rate has gone down while the theft rate has gone up, although about three fourths of the disappearances are classified as losses. I'll bet it's more socially acceptable in the FBI (as elsewhere) to say "my laptop was stolen" ("it broke... uh, I mean... there were these three big guys...") than "I lost my laptop". The audit points out the the reporting of losses and thefts didn't seem to follow required procedures, including 38 that were reported more than 10 days after loss. There's a lot of ass-covering that can go on in 10 days, I suspect.
Also, the audit says the FBI had a total of 26,166 laptops. Assuming this does not contradict "21,000 at any one time", that seems to mean that the FBI turns over about a quarter of its laptops in three and a half years. (Rough math seems appropriate because "more than" isn't very precise.) That actually seems like a slow replacement cycle, compared with large corporate environments, but the replacement rate isn't particularly relevant here. What might be relevant is an audit of what happens to an FBI laptop when it is taken out of service. If these aren't securely managed, then we have a bigger security threat, by far, from replacement of laptops than we do from lost or stolen ones. Five thousand routine disposals vs. 160 "non-routine disposals". (I'm kind of surprised some bureaucrat didn't categorize them that way.) If the procedures aren't tight, I'd be a lot more worried about those.
As an aside, I'm shocked -- shocked! -- to see that TFA has several plugs for commercial "solutions" to the problem.
Mod me off-topic if you must, but I think asking about browser share is definitely the wrong place to start. Start by asking why you want a web-based application, and you'll probably confront the fact that "universal client" was at least an important consideration at some point in the evolution (maybe back in the naive days before MS entered the browser market). For every feature you consider, before asking about browser share, think about whether the communication or functionality objective (user can get/do X) requires something so complex or sophisticated that it has to be embedded in a proprietary browser. The vast majority of features don't need the proprietary features, and of those that really, really need them, it might be worth developing multiple options, because "really, really need" usually means revenue$.
I'd say, more likely somewhere in a chain of laziness or general stupidity. One end of that chain starts with web developers, but they report to a manager (maybe also to a project/program manager in a wonderful matrix, which only grows the chain in multiple directions). The managers report to uber-managers. Ya gotta know someone from marketing has some skin in the game. At the other end of the chain, a senior executive isn't getting the direct trade-offs from the developers' mouths -- "we could do this in one of several ways... option a requires IE6+ only... option b allows other browsers..." -- but gets something like "research confirms a large majority of our customer base uses IE, so we optimized by...". The children's game of telephone is actually good training for corporate management. Laying this off entirely on the developers is as much a leap as the GP, imho. But either way makes more sense than a conspiracy theory, which gives way too much credit to the ability to execute and not enough credit to "just because...".
First, I agree with the mod up for 99% of your post. I disagree with the 5% about hating the modern US government. (Hey, you brought up our lousy schools, not me!).
But, seriously, I don't think you answered GP's point about wasteful military spending, unless your only response is "well, the schools waste more than the army does". That sounds a lot like the Sean Hannity rationale for voting Republican in the last election. Mind you, I'm not disagreeing (or agreeing) with it, but I just don't think "the other side is worser" is a great rationale for anything...
Slashdot Mirror
---
Emily Latella
The audit trail for this year's award for Best Distorting Headline:
However, that same section concludes "The risk of exploitation in the wild is a major driving force in the development of patches. As with previous periods, Microsoft Windows was the operating system that had the most vulnerabilities with associated exploit code and exploit activity in the wild (emphasis mine). This may have
Don't take this the wrong way, but that might be too "open", even for those of us who think "war on terror" is an over-used and misguided excuse. However, we do have FISO courts and special national security committees in the House and Senate, which might be the appropriate recipients of the records. I agree that it still might be not open enough for everyone's liking, but it provides the checks and balances that your post emphasizes and still makes it possible to conduct surveillance without informing the targets of investigation, which is pretty important in both criminal and terror investigations.
Neither approach is perfect, and I understand the impulse to make all the requests public information. But my objection to the Bush administration approach is not simply that they did not follow the law, but that they said the law did not give them the tools needed to combat terror, which is just a lie, since we already had these procedures in place long before 9/11.
None of this should be construed as support for the notion that "oral requests" should be sufficient. It just seems like another case of the Bushies saying that the law is too hard to follow, when they do not even try to do so. I have not seen one example where a Fibbie or any other law enforcement officer would have nabbed a terrorist except that he had to stop and fill out some paperwork (which, by law, can be done after the fact).
Even if wiretapping is a teensy bit OT from TFA, the Verisign stuff is still very interesting and consistent with the drift of this thread.
I sure do see a lot of arguments that boil down to "the other side is worse". What is the point of that argument? Personally, I think W is worse than Clinton, but I don't see how that is relevant to an argument about whether something should or should not be done. I'm not sure "if nothing else, at least it's different" does a whole lot to advance the discussion, since "different" can be worse, by definition. If you have specific reasons making it actually better, or less worse, that would be a much more credible argument.
BTW, I "get" the frustration angle; I even share it; I just don't think your response to it makes any sense.
Admittedly, this is a quibble and slightly off-topic, but they could use a clean slate for their web design. It doesn't fit in my 1024x768 display.
FTA: "the company has also formed alliances with water testing companies and other industrial concerns"
"The meter is showing that there's ink in the water, sir."
"Good thing we had Nanoident semiconductors; better order some more."
So, if a distributor who typically makes a 5% profit will charge $105 for every $100 in increased cost
Does this ever happen in the real world?
I wasn't aware that the road to profit was simply "mark up all input costs". I thought it had something to do with demand and value added. An increase in a factor cost (like fuel) does not change the value proposition of a distributor or anyone else in the production chain, and it doesn't change the basic demand for end products. Basic economic analysis and research will show that suppliers will pass on less than 1x any increase in factor costs, and that's ignoring efficiency improvements (which take time to develop).
By your logic, any increase in the cost of any factor anywhere would lead to spiraling inflation.
Am I the only one who believes bees are evil? That's gotta explain a lot of this. Or, maybe Einstein was a bee, in which case he might seem like the devil.
Agreed; and furthermore, I haven't seen anyone explain what new Operating System stuff is now done by Vista that wasn't already done by XP. I hear vague references to security (but there's a more recent /. post suggesting it ain't so hot, either). Otherwise, I just don't see what's new about this that should require more memory. The great stuff that computers can do today that they couldn't do twenty years ago (mapping, analytical processing, etc.) seem to be things that are done by software above the OS, so I just don't see the value proposition for Vista (other than the value prop to MS and its business partners).
With?
If application A is mean-and-lean but still under development, you'll whine and cavil and buy B because it's the only one available, regardless of features.
if bizarre was an option, it would still need to specify plus or minus, no?
Surely free market people belive that private individuals can make a better solution than the government. That the market can make a better solution.
... :)
I don't disagree with your enthusiasm for "free market" solutions. However, most free market people believe that government should ensure the functioning of markets. For example, contracts wouldn't exist without laws (government). Pretty important to the functioning of markets.
In the present case, I'm simply wondering what would replace the monopoly and ensure the functioning of free (or at least reasonable, bah dum bah) markets. In other words, what great solution has the free market devised, that doesn't involve breaking the law? Yeah, I know, if the law is wrong, that presents a problem. But most arguments against copyright involve some hypothetical "better" solution, and I just never seem to see even the faintest specifics of how they would change the law, as opposed to just break it. The argument that content owners or their agents (RIAA, MPAA, etc.) should just do things differently isn't entirely persuasive. If that argument were persuasive, I don't know why we couldn't just ignore contracts or tell businesses to find other "business models" that don't rely on contract law.
I don't think that's what you're arguing, btw; in fact, I think we're not that far apart. I'm just wondering out loud because I don't have any good ideas at the moment for a satisfactory replacement for copyright law. That doesn't mean I support DRM; it seems to violate copyright law, though IANAL.
Lastly, I think the "monopoly" argument in the case of copyright is overblown -- not totally irrelevant, just overstated. Copyright means that everyone has the same rights with respect to content they create. These rights are tradable (in a pretty free market). Other posts allude to price fixing, etc., which would seem to be evidence of a monopoly problem. I'm too lazy at the moment to evaluate the links. Even if the evidence is credible, it seems to indicate that the problem is in distribution, not "manufacturing" of content. I still don't have a clue as to what that says about the shape of a "fix" for copyright. Since you're "happy to try", I'll expect a white paper on my desk in the morning
That is funny, because GP said "autism and similar developmental problems stem from the fact that people these days are not getting enough social interaction". To this, you said "your suggestion is spot-on".
So, my confusion stems from: "stem from" == "causation"; and you said "spot-on". My mistake; you must have meant something else.
Kids need to learn reading, writing and arithmetic. Otherwise, they'll learn how to solder in Iraq (cuz they kant spel).
My apologies to the tens of thousands of soldiers who can spell and do electronics.
Correlation != Causation!
I think there's a correlation between writing articles and being a journalist. Articles probably cause journalism.
There should be an article about how articles don't usually get science right.
Of course, one is too many, if it has the wrong/right data on it. But this left me with a lot more questions than answers.
.76% (160) in 44 months is .21% per year. Is an annual disappearance rate of 2/1000 laptops high? What's the benchmark for the private sector, and how much lower should the tolerance be for the FBI or similar organizations? I gave up after following numerous Google and Ask links; all I found were USAToday-type figures, which didn't give rates and often didn't seem credible. (One link cited an "FBI statistic" that one in 8 laptops will be stolen ... I wondered if they were just trying to make themselves look good!)
... uh, I mean ... there were these three big guys ...") than "I lost my laptop". The audit points out the the reporting of losses and thefts didn't seem to follow required procedures, including 38 that were reported more than 10 days after loss. There's a lot of ass-covering that can go on in 10 days, I suspect.
TFA mentions that the FBI has "more than 21,000 laptops at any given time". The loss or theft of
How much should we care about the distinction between lost and stolen? I note that the loss rate has gone down while the theft rate has gone up, although about three fourths of the disappearances are classified as losses. I'll bet it's more socially acceptable in the FBI (as elsewhere) to say "my laptop was stolen" ("it broke
Also, the audit says the FBI had a total of 26,166 laptops. Assuming this does not contradict "21,000 at any one time", that seems to mean that the FBI turns over about a quarter of its laptops in three and a half years. (Rough math seems appropriate because "more than" isn't very precise.) That actually seems like a slow replacement cycle, compared with large corporate environments, but the replacement rate isn't particularly relevant here. What might be relevant is an audit of what happens to an FBI laptop when it is taken out of service. If these aren't securely managed, then we have a bigger security threat, by far, from replacement of laptops than we do from lost or stolen ones. Five thousand routine disposals vs. 160 "non-routine disposals". (I'm kind of surprised some bureaucrat didn't categorize them that way.) If the procedures aren't tight, I'd be a lot more worried about those.
As an aside, I'm shocked -- shocked! -- to see that TFA has several plugs for commercial "solutions" to the problem.
Did anything have you convinced otherwise?
Mod me off-topic if you must, but I think asking about browser share is definitely the wrong place to start. Start by asking why you want a web-based application, and you'll probably confront the fact that "universal client" was at least an important consideration at some point in the evolution (maybe back in the naive days before MS entered the browser market). For every feature you consider, before asking about browser share, think about whether the communication or functionality objective (user can get/do X) requires something so complex or sophisticated that it has to be embedded in a proprietary browser. The vast majority of features don't need the proprietary features, and of those that really, really need them, it might be worth developing multiple options, because "really, really need" usually means revenue$.
I'd say, more likely somewhere in a chain of laziness or general stupidity. One end of that chain starts with web developers, but they report to a manager (maybe also to a project/program manager in a wonderful matrix, which only grows the chain in multiple directions). The managers report to uber-managers. Ya gotta know someone from marketing has some skin in the game. At the other end of the chain, a senior executive isn't getting the direct trade-offs from the developers' mouths -- "we could do this in one of several ways ... option a requires IE6+ only ... option b allows other browsers ..." -- but gets something like "research confirms a large majority of our customer base uses IE, so we optimized by ...". The children's game of telephone is actually good training for corporate management. Laying this off entirely on the developers is as much a leap as the GP, imho. But either way makes more sense than a conspiracy theory, which gives way too much credit to the ability to execute and not enough credit to "just because ...".
First, I agree with the mod up for 99% of your post. I disagree with the 5% about hating the modern US government. (Hey, you brought up our lousy schools, not me!).
...
But, seriously, I don't think you answered GP's point about wasteful military spending, unless your only response is "well, the schools waste more than the army does". That sounds a lot like the Sean Hannity rationale for voting Republican in the last election. Mind you, I'm not disagreeing (or agreeing) with it, but I just don't think "the other side is worser" is a great rationale for anything
Hmm ... and I thought Sally Ride was her real name.
How many of you would pay good money to see "Cat Fight in Space"?