The difference between Windows and Linux is how easy it is to remove stuff like this on Linux.
It was a deb. Which means the installation script, on the vast majority of users systems, is going to run as root. Which means the ease of removal can, depending on how clever the malware author is, be anything up to and including "practically impossible unless you have a lot of experience removing clever rootkits from a livecd".
On Linux, she could have simply killed any offending processes (O.K. that's nontrivial, but no root permissions needed in theory) and check the (graphical, so-easy-to-use-a-caveman^H^Hgrandma-could-do-it) Gnome startup programs tool for suspicious entries
The malware in TFA on gnome-look was packaged as a deb file, and so (on the vast majority of systems) would need elevated privileges to install, and so have its installation script run as root.
Which means it's not just gnome startup programs you'd have to check, its every complicated, optimised-for-fast-startup-to-the-point-of-obfuscation (remember, Grandma's going to be running Ubuntu, not Slackware) startup script on the system. And you'd have to know it when you see it, which is not necessarily trivial if the malware author was clever. Maybe you could manage it; I certainly couldn't, I'd be installing from scratch.
When software asks the user if he or she accepts the license agreement, software is, on the behalf of the owner and as a proxy, attempting to enter into a legal contract (EULA).
Oh, bah. If I hand you a contract which I've pre-signed, is the contract itself, "on the behalf of the owner and as a proxy", attempting to enter into the contract with you? No, of course not; I am, I'm merely pre-agreed with it. Analogously with software EULAs (up to maybe not strictly being a contract etc.).
Aptitude manages package selections far better including remembering that you installed library x simply to make package y happy.
...As does apt-get, since quite a few versions ago. Alias "apt-get remove" to "apt-get autoremove" to get it to automatically uninstall x when y gets removed.
The Linux Format article says it can import docx, pptx etc., which means they are Microsoft Office 2007 XML files, and not OOXML, the Published Standard.
Office 2007 OOXML files *are* a published standard -- the published standard in question being ECMA 376.
If what you actually meant was "...not OOXML, the Published ISO Standard", then say what you mean. But your original comment could be understood as saying that the spec Office 2007 uses is unpublished, wihch is obviously wrong.
(Not to mention that even saying that is ambiguous -- does "The ISO standard" refer to ISO 29500/Transitional or ISO 29500/Strict? The former is practically identical to ECMA 376, with the exception of minor tag semantic cleanup; whereas the latter is significantly different).
I've never used it, so I could be wrong; but as far as I can tell from the website, PyObjC wouldn't be any good here: it describes itself as "A bridge that allows Python scripts to use and extend existing Objective-C class libraries", *not* as something that can compile Python down to Objective C. So it wouldn't let you write iPhone apps unless someone ports Python to the iPhone.
Jython, on the other hand, *can* compile python down to java bytecode, and so could be used to compile python scripts for Android without having to port Python to Android. (Not that the latter would be that hard, since Android is basically Linux, which CPython already runs on).
Your system has been halted in order to prevent a loss of data.
Ummm, shouldn't that read "Your system has been halted in order to guarantee a loss of data"?, since I was never given a chance to save anything before the system halt.
The philosophy is fail fast: the idea being that it's better to cut your losses at losing unsaved work, than to potentially cause widespread data corruption, security breaches etc. that could occur if the system continues working when the kernel is in an unknown or unstable state. It's the same philosophy that underlies kernel panics.
with the limited number of write cycles with the SSD in some models, you want to avoid any unnecessary writes
I've heard this said often, but the only time I've seen any actual numbers crunched, the conclusion was that it wasn't worth worrying about:
With the Eee PC SSD, a typical user (6 hours/day, 10% write rate) will write for 36 minutes per day resulting in a useful lifespan of ~25 years in the worst assumed case [only 50% effective wear levelling, 100k writes to a sector before failure].
Besides, even if that wasn't the case, one of the things about the Eeepc is its moddability -- back up often (which you should be doing anyway), and then if/when the SSD drive goes, swap it for a new one. It'll also probably be a nice upgrade over the smallish original, given the speed that SSD drives are improving in capacity and speed.
um.. the cost to access or distribute isn't a factor in copyright. How can it not be infringing if it is free, and be infringing if someone charges?
It's not. It's infringing either way. But just because something's infringing doesn't mean that the copyright holder is somehow forced to sue them for it. Rowling can do whatever she wants -- it's her copyright -- and she's stated that she, personally, has no problem with the Lexicon continuing to be published for free on the web. She could choose to sue them off the web as well; she just doesn't want to.
This isn't a "help desk" it's a telephone banking system. You call up the bank. and do your banking over the phone. That means -- yes! -- that the guy you're talking to has unfettered access to your account. That's the inevitable price you pay for convenience if you want to do your banking over the phone.
Are there any licences that provide the same kind of stuff without linking me to them, or should I just change the name of the GPL when I licence my software?
While Linux has modern filesystems and gets optimized and fixed almost constantly, Windows Vista still uses the same basic NTFS layout and associated algorithms that were finalised around 10 years ago...
...Your implication that NTFS is much older than ext is nonsense...
I made no such implication. ext is the "tried and true" general purpose Linux file system, while Linux has MANY other filesystems in-tree and out-of-tree which are optimized to other workloads, including flash and SSD storage
Yes, there are filesystems for Linux designed for SSD and flash drives; such as JFFS, JFFS2, LogFS, and YAFFS (of which I think only JFFS and JFFS2 are included in standard Linux kernels). These handle the flash memory directly, doing things like wear levelling to extend flash's life. The are also, incidentally, utterly pointless in this day and age, since modern flash sticks and SSD drives does wear levelling etc. in firmware and, to the PC, appear to be standard hard drives (i.e. block devices). That's why the guides for installing Linux on flash and SSD drives usually recommend ext2, ext3, or FAT.
Also, to suggest you made "no such implication" is disingenuous: you admit that your original comparison is not true for the filesystem that pretty much every single modern wide-appeal Linux distro (Ubuntu, Madriva, Fedora, OpenSuse, Debain,...) uses as as its default filesystem.
Virtually none of [the revisions] have improved its performance or reduced its fragmentation. Practice reading.
True, it hasn't included fragmentation-reduction features such as extents in any of its revisions. Because it's had them from the start.
And it still performs like ass. Nothing you've said has disproven that.
Err, so any claim you make must be true until someone else disproves it...?
While Linux has modern filesystems and gets optimized and fixed almost constantly, Windows Vista still uses the same basic NTFS layout and associated algorithms that were finalised around 10 years ago, and weren't even very good back then. There have been only very minor revisions to NTFS and virtually none of them have improved its performance or reduced its fragmentation.
I don't know if you're blatantly lying or just very misinformed.
Let's take age and revisions first. Ext2 was introduced to Linux in January 1993. NTFS was introduced to Windows in July 1993 (in NT 3.1). So your implication that NTFS is much older than ext is nonsense.
You say that there have been "only minor" revisions to NTFS in comparison to ext2. Ext2 has in fact had only one (stable) revision, ext3, and it introduced only one new feature, journalling (something NTFS has had from the start). Various new revisions of NTFS, on the other hand, have added: transparent compression, named streams, disk quotas, filesystem-level encryption, sparse files, reparse points, update sequence number journaling, $Extend, distributed link tracking, and atomic transactioning, among others.
Some of these features, such as sparse files, are things that ext2 has had from the start. But many, such as transparent compression and file-system level encryption, are not only not, but have even now not found their way into mainstream Linux. To take those two features as an example, the only filesystems even close to mainstream that have them are Resier4 and ZFS, neither of which are ready for widespread use in Linux.
You say "Vista still uses the same basic NTFS layout and associated algorithms that were finalised around 10 years ago" -- conventiently not mentioning that that that 'ten-year-old layout policy' uses a number of modern layout features, such as extents, that have also still not yet found their way into mainstream Linux (ext4 and Reiser4 both support them, but neither are yet out of beta; neither ext3 nor ReiserFS 3 do). Directory contents in NTFS, incidentally, is stored as a B+ tree, which is the same structure that ReiserFS uses due to its scalability.
But the authors keep talking about man-in-the-middle attacks on FOSS repos. Couldn't someone just as easily do that for Windows?
Using https instead of http or ftp prevents man-in-the-middle attacks. Windows update uses https. The vast majority of FOSS mirrors use http or ftp, not https, due to the expense of key signing.
In recent versions at least, Qt in Windows works by using the Windows native APIs.
What do you EXPECT it to use? Telepathy? Voodoo?
I mean that, in Windows, it uses the native UI-rendering APIs. So a button created under recent versions of Qt in Windows will be the same as one created by using MFC directly. Older versions of Qt implemented its own widgets, which emulated the look and feel of native widgets, but did not match exactly. If you want further examples; wxwidgets uses native widgets; FLTK implements its own. (On Linux, the situation is a bit different, since there are no native widget-rendering APIs. However, by convention, in KDE, Qt's widget set is considered the "native" widget set, and in Gnome and Xfce, Gtk+ is "native", since they are what most other apps on those desktop enviroments use).
I'm sure that many of the Windows APIs are good, but there's so many to choose from, the practical result is that if you don't apply the same discipline on your Windows teams as you apply on your UNIX teams you end up with much the same problem.
You don't seem to have any problems with the fact that on Linux there's "so many [toolkits] to choose from". You just choose Qt. And you can do the same thing on Windows. Leave Trolltech to worry about which of "many conflicting GUI APIs on top of GDI and Win32" to use, that's their problem.
Noooope. Word does not (currently) implement OOXML.
Half truth.
Word does currently implement OOXMl as defined by ECMA 376.
Word does not currently implement OOXML as defined by ISO 29500 (for the obvious reason that all the changes from the ECMA standard were made after Office 2007 had already come out).
Also, that second statement can be broken down into:
- Word very nearly implements ISO 29500/Transitional (the differences being tag semantic tidying, such as "on" "off" being replaced by "true" "false" etc.)
- Word is very far from implementing ISO 29500/Strict (Lots of things that Word uses, such as VML, are not present in the strict standard)
Microsoft has already realized that OOXML is unimplementable
...Was it the statement that the OOSML SDK "will definitely be 100% compliant with the final ISO/IEC 29500 spec, including the changes accepted at the BRM" (Doug Mahugh) that tipped you off that "Microsoft has already realized that OOXML is unimplementable"? Or was it the one about "We are committed to supporting the Open XML specification that is approved by ISO/IEC in our products (Chris Capossela)?
And what exactly is it about OOXML that is so "unimplementable" exactly? ISO 29500/Transitional is pretty close to ECMA 376, which is what Office 2007 (and everyone else) already implements; and the Strict version is much, much simpler to implement than Transitional; since it's basically Transitional with all the deprecated crap (VML, FormatLikeBabbageDiffEngine) stripped out.
Slashdot Mirror
The difference between Windows and Linux is how easy it is to remove stuff like this on Linux.
It was a deb. Which means the installation script, on the vast majority of users systems, is going to run as root. Which means the ease of removal can, depending on how clever the malware author is, be anything up to and including "practically impossible unless you have a lot of experience removing clever rootkits from a livecd".
On Linux, she could have simply killed any offending processes (O.K. that's nontrivial, but no root permissions needed in theory) and check the (graphical, so-easy-to-use-a-caveman^H^Hgrandma-could-do-it) Gnome startup programs tool for suspicious entries
The malware in TFA on gnome-look was packaged as a deb file, and so (on the vast majority of systems) would need elevated privileges to install, and so have its installation script run as root.
Which means it's not just gnome startup programs you'd have to check, its every complicated, optimised-for-fast-startup-to-the-point-of-obfuscation (remember, Grandma's going to be running Ubuntu, not Slackware) startup script on the system. And you'd have to know it when you see it, which is not necessarily trivial if the malware author was clever. Maybe you could manage it; I certainly couldn't, I'd be installing from scratch.
I'm leery of the "Smart desktop" technology ... can anybody here shed more light on what it is,
As far as I can tell: Mandriva's name for NEPOMUK. See http://en.wikipedia.org/wiki/NEPOMUK_(framework) , http://nepomuk.kde.org/
When software asks the user if he or she accepts the license agreement, software is, on the behalf of the owner and as a proxy, attempting to enter into a legal contract (EULA).
Oh, bah. If I hand you a contract which I've pre-signed, is the contract itself, "on the behalf of the owner and as a proxy", attempting to enter into the contract with you? No, of course not; I am, I'm merely pre-agreed with it. Analogously with software EULAs (up to maybe not strictly being a contract etc.).
Aptitude manages package selections far better including remembering that you installed library x simply to make package y happy.
...As does apt-get, since quite a few versions ago. Alias "apt-get remove" to "apt-get autoremove" to get it to automatically uninstall x when y gets removed.
The Linux Format article says it can import docx, pptx etc., which means they are Microsoft Office 2007 XML files, and not OOXML, the Published Standard.
Office 2007 OOXML files *are* a published standard -- the published standard in question being ECMA 376.
If what you actually meant was "...not OOXML, the Published ISO Standard", then say what you mean. But your original comment could be understood as saying that the spec Office 2007 uses is unpublished, wihch is obviously wrong.
(Not to mention that even saying that is ambiguous -- does "The ISO standard" refer to ISO 29500/Transitional or ISO 29500/Strict? The former is practically identical to ECMA 376, with the exception of minor tag semantic cleanup; whereas the latter is significantly different).
I've never used it, so I could be wrong; but as far as I can tell from the website, PyObjC wouldn't be any good here: it describes itself as "A bridge that allows Python scripts to use and extend existing Objective-C class libraries", *not* as something that can compile Python down to Objective C. So it wouldn't let you write iPhone apps unless someone ports Python to the iPhone.
Jython, on the other hand, *can* compile python down to java bytecode, and so could be used to compile python scripts for Android without having to port Python to Android. (Not that the latter would be that hard, since Android is basically Linux, which CPython already runs on).
Jython: "A compiler to compile Python source code down to Java bytecode which can run directly on a JVM".
Your system has been halted in order to prevent a loss of data.
Ummm, shouldn't that read "Your system has been halted in order to guarantee a loss of data"?, since I was never given a chance to save anything before the system halt.
The philosophy is fail fast: the idea being that it's better to cut your losses at losing unsaved work, than to potentially cause widespread data corruption, security breaches etc. that could occur if the system continues working when the kernel is in an unknown or unstable state. It's the same philosophy that underlies kernel panics.
with the limited number of write cycles with the SSD in some models, you want to avoid any unnecessary writes
I've heard this said often, but the only time I've seen any actual numbers crunched, the conclusion was that it wasn't worth worrying about:
With the Eee PC SSD, a typical user (6 hours/day, 10% write rate) will write for 36 minutes per day resulting in a useful lifespan of ~25 years in the worst assumed case [only 50% effective wear levelling, 100k writes to a sector before failure].
Besides, even if that wasn't the case, one of the things about the Eeepc is its moddability -- back up often (which you should be doing anyway), and then if/when the SSD drive goes, swap it for a new one. It'll also probably be a nice upgrade over the smallish original, given the speed that SSD drives are improving in capacity and speed.
Of course, IE7 then came out, with every new "innovation" basically being a copy of whatever made Firefox unique
Hardly unique. IE7 didn't rip anything off Firefox that Opera hadn't had for years before either Firefox or IE7.
um.. the cost to access or distribute isn't a factor in copyright. How can it not be infringing if it is free, and be infringing if someone charges?
It's not. It's infringing either way. But just because something's infringing doesn't mean that the copyright holder is somehow forced to sue them for it. Rowling can do whatever she wants -- it's her copyright -- and she's stated that she, personally, has no problem with the Lexicon continuing to be published for free on the web. She could choose to sue them off the web as well; she just doesn't want to.
Anytime an employee changes a password there should be records of the interaction. Call logs, voice logs, notes, etc.
What makes you think there wasn't? It's not as if they can't find the culprit due to a lack of logs; the article says they identified and fired them.
This isn't a "help desk" it's a telephone banking system. You call up the bank. and do your banking over the phone. That means -- yes! -- that the guy you're talking to has unfettered access to your account. That's the inevitable price you pay for convenience if you want to do your banking over the phone.
Well, yes, but you see the point. Your data is worth a lot more than the OS; which can be redownloaded at any time. And not everyone makes backups.
A way to fix the occasional need to do this would be a sudo-like tool that needs to be used to execute a file, but doesn't grant root privileges.
How's this:
Like change system files? Nope. ... So... it can mess up my documents? Darn.
Oh, good. My life's work is reconstructable in a mere few decades; wheras if it damages system files, a reinstall could take up to half an hour!
Are there any licences that provide the same kind of stuff without linking me to them, or should I just change the name of the GPL when I licence my software?
Certainly. Have a browse through http://www.opensource.org/licenses/category. I suggest using the Microsoft Reciprocal License (basically equivalent to the LGPL, and perfectly GPL-compatible), just to piss off the FSF...
While Linux has modern filesystems and gets optimized and fixed almost constantly, Windows Vista still uses the same basic NTFS layout and associated algorithms that were finalised around 10 years ago...
...Your implication that NTFS is much older than ext is nonsense...
I made no such implication. ext is the "tried and true" general purpose Linux file system, while Linux has MANY other filesystems in-tree and out-of-tree which are optimized to other workloads, including flash and SSD storage
Yes, there are filesystems for Linux designed for SSD and flash drives; such as JFFS, JFFS2, LogFS, and YAFFS (of which I think only JFFS and JFFS2 are included in standard Linux kernels). These handle the flash memory directly, doing things like wear levelling to extend flash's life. The are also, incidentally, utterly pointless in this day and age, since modern flash sticks and SSD drives does wear levelling etc. in firmware and, to the PC, appear to be standard hard drives (i.e. block devices). That's why the guides for installing Linux on flash and SSD drives usually recommend ext2, ext3, or FAT.
...) uses as as its default filesystem.
Also, to suggest you made "no such implication" is disingenuous: you admit that your original comparison is not true for the filesystem that pretty much every single modern wide-appeal Linux distro (Ubuntu, Madriva, Fedora, OpenSuse, Debain,
Virtually none of [the revisions] have improved its performance or reduced its fragmentation. Practice reading.
True, it hasn't included fragmentation-reduction features such as extents in any of its revisions. Because it's had them from the start.
And it still performs like ass. Nothing you've said has disproven that.
Err, so any claim you make must be true until someone else disproves it...?
I have always been interested in OS research and concept implementations ... Microsoft could have done it but they couldnt care less.
I was under the impression that MS Research does quite of a lot of "OS research and concept implementations" -- Singularity, anyone?
While Linux has modern filesystems and gets optimized and fixed almost constantly, Windows Vista still uses the same basic NTFS layout and associated algorithms that were finalised around 10 years ago, and weren't even very good back then. There have been only very minor revisions to NTFS and virtually none of them have improved its performance or reduced its fragmentation.
I don't know if you're blatantly lying or just very misinformed.
Let's take age and revisions first. Ext2 was introduced to Linux in January 1993. NTFS was introduced to Windows in July 1993 (in NT 3.1). So your implication that NTFS is much older than ext is nonsense.
You say that there have been "only minor" revisions to NTFS in comparison to ext2. Ext2 has in fact had only one (stable) revision, ext3, and it introduced only one new feature, journalling (something NTFS has had from the start). Various new revisions of NTFS, on the other hand, have added: transparent compression, named streams, disk quotas, filesystem-level encryption, sparse files, reparse points, update sequence number journaling, $Extend, distributed link tracking, and atomic transactioning, among others.
Some of these features, such as sparse files, are things that ext2 has had from the start. But many, such as transparent compression and file-system level encryption, are not only not, but have even now not found their way into mainstream Linux. To take those two features as an example, the only filesystems even close to mainstream that have them are Resier4 and ZFS, neither of which are ready for widespread use in Linux.
You say "Vista still uses the same basic NTFS layout and associated algorithms that were finalised around 10 years ago" -- conventiently not mentioning that that that 'ten-year-old layout policy' uses a number of modern layout features, such as extents, that have also still not yet found their way into mainstream Linux (ext4 and Reiser4 both support them, but neither are yet out of beta; neither ext3 nor ReiserFS 3 do). Directory contents in NTFS, incidentally, is stored as a B+ tree, which is the same structure that ReiserFS uses due to its scalability.
But the authors keep talking about man-in-the-middle attacks on FOSS repos. Couldn't someone just as easily do that for Windows?
Using https instead of http or ftp prevents man-in-the-middle attacks. Windows update uses https. The vast majority of FOSS mirrors use http or ftp, not https, due to the expense of key signing.
In recent versions at least, Qt in Windows works by using the Windows native APIs.
What do you EXPECT it to use? Telepathy? Voodoo?
I mean that, in Windows, it uses the native UI-rendering APIs. So a button created under recent versions of Qt in Windows will be the same as one created by using MFC directly. Older versions of Qt implemented its own widgets, which emulated the look and feel of native widgets, but did not match exactly. If you want further examples; wxwidgets uses native widgets; FLTK implements its own. (On Linux, the situation is a bit different, since there are no native widget-rendering APIs. However, by convention, in KDE, Qt's widget set is considered the "native" widget set, and in Gnome and Xfce, Gtk+ is "native", since they are what most other apps on those desktop enviroments use).
I'm sure that many of the Windows APIs are good, but there's so many to choose from, the practical result is that if you don't apply the same discipline on your Windows teams as you apply on your UNIX teams you end up with much the same problem.
You don't seem to have any problems with the fact that on Linux there's "so many [toolkits] to choose from". You just choose Qt. And you can do the same thing on Windows. Leave Trolltech to worry about which of "many conflicting GUI APIs on top of GDI and Win32" to use, that's their problem.
Noooope. Word does not (currently) implement OOXML.
Half truth.
Word does currently implement OOXMl as defined by ECMA 376.
Word does not currently implement OOXML as defined by ISO 29500 (for the obvious reason that all the changes from the ECMA standard were made after Office 2007 had already come out).
Also, that second statement can be broken down into:
- Word very nearly implements ISO 29500/Transitional (the differences being tag semantic tidying, such as "on" "off" being replaced by "true" "false" etc.)
- Word is very far from implementing ISO 29500/Strict (Lots of things that Word uses, such as VML, are not present in the strict standard)
Microsoft has already realized that OOXML is unimplementable
...Was it the statement that the OOSML SDK "will definitely be 100% compliant with the final ISO/IEC 29500 spec, including the changes accepted at the BRM" (Doug Mahugh) that tipped you off that "Microsoft has already realized that OOXML is unimplementable"? Or was it the one about "We are committed to supporting the Open XML specification that is approved by ISO/IEC in our products (Chris Capossela)?
And what exactly is it about OOXML that is so "unimplementable" exactly? ISO 29500/Transitional is pretty close to ECMA 376, which is what Office 2007 (and everyone else) already implements; and the Strict version is much, much simpler to implement than Transitional; since it's basically Transitional with all the deprecated crap (VML, FormatLikeBabbageDiffEngine) stripped out.