Posts by Eadon
2677 posts • joined Monday 3rd August 2009 06:33 GMT
Page:
Re: At least it GETS official updates
@mmeier "Besides: Security patches are something the producer should deliver not a "community" that may or may not be able to do it"
For open source the community is the producer. Which might explain why Linux has a far better security record than MS, hence it's prevalence on the server side, in the City / Wall St, etc.
Contrast that with MS, who are forever releasing patches, absolutely critical patches for remote exploits. Are those patches making things better or making things worse? Are these patches introducing new security flaws? Remember XP, VISTA, Win 7 and now Win 8. Every time MS would say, hey, this is the most secure Windows ever. Yet these operating systems are still as insecure as hell. Yet they were delivered by "the producer".
Methinks you are way too trusting of corporate software and corporate software processes.
Re: New vulnerabilities in Windows browser platforms ..
@mmeier "And as Eadon told us a few times the IE bug can not be important because nobody uses IE."
Where did I say that? The issue with IE is that it is still used by about 1/5 users, and worse, the users that use IE are clueless and therefore more vulnerable.
Worse, IE i s un-installable, so hackers can attack IE code even when it's not running. It increases the Windows attack surface area. Furthermore it has roots that reach into the kernel space, though MS claim they are resolving that.
@cashxx
In the case of trojan-based malware, the only way to eliminate risk is to eliminate freedom and have a strict 100% walled garden.
google play is not perfect, but that's still fairly safe and is a walled garden. Google also permit non-walled garden app stores too.
It is this freedom that is important, as the wise saying goes, those that sacrifice freedom for safety deserve neither.
Re: Resident malware?
@Fred Flintstone - "Given that most distros ask the user to type in their password for privilege escalation (usually a sudo process)"
As I say, the software has to trick the user. Viruses that have to trick the user are not viruses but trojans. Viruses are those malware progams that spread without user intervention. This point seems to be over so many commentards heads.
BTW, Windows copied that "sudo process" very badly, with UAC - which taught the user to hit the "yes" button all the time. The idea is that MS can blame the user when they get infected by trojans.
Note that a virus would circumnavigate both UAC and sudo.
"I.E. get kids hooked on google now for free"
Google is almost always free and has got nearly all of us hooked. It makes money selling information harvested from those that use its free products.
Any corporation that puts software into schools has several motives
1) Get the kids hooked (marketing)
2) Keep out the competition
3) Gather data (Data mining)
4) Earn money from licences or 3rd party products / services (fleece the tax payer)
It's a good law
The law makes perfect sense and I whole heartedly agree with it, data protection and privacy is important. Very occasionally MS does something that pleases me, and this is one of those rare occasions.
Obviously MS is not doing this out of the milk of human kindness of course. 0ne thing this shows is that MS are SCARED of competition from Google.
Another consideration is that States/countries should pass laws forbidding schools from training children to use a particular vendor's software. Teaching kids ribbons and MS Office is immoral, it's child abuse, and it gives MS an unfair advantage over the competition (Catch em young).
Kids should be taught computing with open and open source platforms, preferably *Nix as it is more secure and doesn't "rot" (slow down over time).
Re: Counting security holes is not a good guide - windows has HUGE HOLES
@Fred Flintstone "Let me ask you a very simple question: if you don't have any anti virus product installed, how do you KNOW that you don't have resident malware? Note: I said KNOW. Evidence based, not the assumption you love spouting "I use Linux so I'll never get infected"
I can ask you the same question about Windows. how do you know you don't have resident malware? Study after study shows that AV programs are poor at recognising new threats. And viruses are tested by virus authors to circumvent the AV defences.
I never said that Linux is immune from malware. All systems are vulnerable to trojan attacks, as the weakest link in the chain is the human.
Re: Counting security holes is not a good guide - windows has HUGE HOLES
"Of course, Linux applications tend not to auto-execute scripts they've just pulled off the web, but that's not an *intrinsic* vulnerability of the OS and you can easily avoid the same problem on Windows by (gasp) not running the shitware"
Whenever I see an argument like this, I groan. Please learn the difference between a trojan and a virus :-)
"Again, given that the code is out there in plain view of anyone who wants to reverse engineer it"
If I may, this argument seems to me to be naive. What makes you think that source code provided by microsoft to governments is the same source code that was used to make generic Windows binaries?
Re: "Linux avoids the need for AV" @Lamont Cranston
@Lamont Cranston - it's a paradox that open source is more secure than closed source.
For one thing, the fact is that hackers tend to use black box techniques to attack systems. They take a binary executable and subject it to attacks until it caves in, to put it simplistically.
Secondly the RSA algorithm is used to secure credit cards and is the key behind most cryptography. That is secure even when you can see the source code.
The converse, that not seeing the source code makes a system more secure is a false sense of security. It is called security by obscurity and history teaches us that this fails.
Another advantage of open source is that coders are very careful when their code is visible to other coders, and they tend to write much higher quality code, with fewer flaws in it, when writing open source. And the "many eyeballs" effect can be used to find bugs and fix them by white hat hackers.
Regarding rewards for virus writing - think of linux as a pool of acid. Viruses cannot survive in it, the pool kills them instantly, and certainly does not allow them to duplicate themselves. It's the same on all Unix-like operating systems. The main reason for this is that there is something called the "execute bit" that is set to off for all code by default that comes from untrusted sources such as the internet. So a virus can't spread itself unless it tricks the user into switching on the executable bit. That's why viruses do not spread on Linux platforms. It's got little to do with popularity, that's a myth but a highly persistent myth.
Re: @Eadon Siverlight
@1Rafayal - .NET will stick around for a while, like VB6 and Active X did. But MS are not passionate about it any more, so it will just stagger along, as a kind of half-hearted legacy platform. One reason MS might not like .NET is that, as mentioned, several run times need installing to be compatible with .NET software of various ages and versions and this adds to the Windows bloat. And, right now, Windows needs to go on a diet, to fit more efficiently in VM's, mobile devices etc etc.
.NET FAIL (hey, it's friday :)
Criminalisation of society
The copyright lobbyists will not be happy until every sharing human is behind bars.
The principle underlying copyright is flawed. Why should a work by an artist allow that artist to be paid for seven plus decades? Does a plumber get paid for 7 decades for some pipework he did in Shoreditch in 1994?
It's nonsense when you think about it. If artists want to get paid they should perform. You know, work, like the rest of us.
Besides, when megaupload was shut down, independent movies suffered, because they lost the word-of-mouth marketing that they need. Sharing is not a crime, it shouldn't be criminalised.
"Can this rescue Microsoft from the pickle it finds itself in?"
The issue here is not a tactic - i.e. how to make Metro Apps go away. It's a strategic decision. You have to realise what MS is up to. MS wants to REPLACE the traditional / classical UI with a Metro UI. So far the Start button vanished from the Classic UI and in future versions of windows the classical UI will suffer further degradations - removal of features basically. In this way, MS would force users into its Metro walled garden complete with MS App Store where MS can cream off profits from Metro app sales, Apple style.
Putting Metro apps inside normal classical windows is, for Microsoft's strategy, a regression, it's moving away from its strategy of getting everybody to move to the new Metro World.
METRO STRATEGY FAIL
Re: @Eadon Siverlight
@1Rafayal - Silverlight's dead - see http://social.msdn.microsoft.com/Forums/en-US/silverlightgen/thread/b6245a34-9bc4-448e-a98e-855d5334425d/
As for .NET, MS are replacing that with the next shiny new thing, Windows 8 development is via an MS-flavour of HTML5 and javascript.
.NET was always a mess of multiple run times, and within MS it was never loved. There are no serious MS applications written in .NET that I can think of.
So .NET's future is, shall we say, not very bright. It never was bright, MS usually API-related ditch stuff after 5 or so years for the next shiny new thing. As lucratively training people up for new ways of doing things is part of it's business model.
Proof? MFC's - dead. VB6 - dead. Win 32 API's declared dead too (though they'll be used internally, no doubt). ActiveX also declared dead. Silverlight - Dead. .NET? going. At least as an app. dev platform.
Surface to Air Missiles For Obliterating eXternal Espionage Surveilance
Eadon is looking forward to launching his deadly arsenal of SAMFOXES at these pesky Snoopcopters.
You have been warned...
EU Political Correctness / Communism / Fascism
First the EU attack Pirate Bay. Now they attack porn. The EU are as bad as the USSR / China.
We must leave the EU ASAP.
Re: Siverlight
MS are not pushing Silverlight anymore, they declared that the next version (already released?) will be the LAST.
Silverlight was designed to compete with (kill) Adobe Flash. But Flash was killed by Apple, so MS has no use for Silverlight any more.
Also Silverlight was not liked by internal factions within MS. The C++ guys didn't like it as it is .NET. And even the .NET guys didn't like Silverlight as they perceived it as a parasite of their work.
.NET itself is being quietly retired also.
Re: Counting security holes is not a good guide - windows has HUGE HOLES
@AC 12:47 - you are talking about trojans. All systems will always be vulnerable to trojan attacks because the trojans trick the humans. Like scam emails, some will always fall for that. There's no such thing as a usable, bulletproof system when you have humans :)
Re: "Linux avoids the need for AV" @Lamont Cranston
@Lamont Cranston - There is no security by obscurity in Linux - it's open source. Think about it.
Re: Counting security holes is not a good guide - windows has HUGE HOLES
@Crisp - who said they are "unhackable"? Any system is hackable. But windows is much more hackable than Linux systems. Some say that this is due to there being more windows boxes, making windows more attractive to hack. But that's not true for servers.
The real reasons are several fold. Windows is intrinsically vulnerable to viruses, whereas on Linux code cannot self-replicate. Windows has a huge attack surface area, with massive and complex API's - many of which are unofficial. Windows code is less modular than Linux code, with more inter-dependencies between, say, the kernel and the GUI levels and even browser (IE) levels. Windows code is closed source and there is a greater reliance on security by obscurity. Also there is the possibility of "back doors" allowing spying by the FBI and even the RIAA. This back-door idea might sound paranoid, but in the security world, paranoia is a requirement. After all, look at the Stuxnet phenomenon.
I repeat, I am not saying Linux is perfect. But I do claim that its security record is infinitely superior to that of Windows.
Re: FUD
@AC 12:51 I was stating my personal experience and also knowledge of the prevalence of remote exploits. No one is saying that this is a black and white issue. But what is clear is that Windows has security issues that Linux doesn't suffer from, due to differences in the architectures of the systems.
Sure, there's some overlap here and there and no system is 100% secure, but no one is saying otherwise.
Re: What's fascinating about that is...- TIFKAM is an ad.
It's not controversial that you need larger buttons / icons / controls for touch interfaces.
FUD
Nice FUD you've got there, A.C. 11:47 (RICHTO?)
Now please explain to me why you virtually never see remote exploits or viruses in Linux systems.
I use Linux Mint and before that various distros and the update system is fully automated and I've never had any problems with it.
Counting security holes is not a good guide - windows has HUGE HOLES
When a security hole says, "remote code execution risk" that is so serious that it is worse than million local exploits.
That's why you can't trust people who compare numbers of reported security holes without discussing their critical status.
This is one of the main reasons I use Linux - it is more secure, remote vulns are extremely rare for the Linux kernel. Also Linux avoids the need for AV, hence avoiding the perils of the Kaspersky problems that are also in the news (again).
Umbongo Car Crash
I moved to Linux Mint even before this Umbongo BS. Ubuntu were great back in the day but they've caught corporate madness disease.
I don't dislike Canonical, in a way they bridge a gap between MS Evil and pure Linux virtuosity, and such a bridge might serve a useful purpose.
Love it
Open source systems are preferred by developers with self-respect and a love of not being forced into working in ways that may or may not be optimal or moral.
Re: What's fascinating about that is...- TIFKAM is an ad.
@1Rafayal - I was, of course expressing an opinion but it's an opinion based on two compelling evidences
a) No one has managed it yet. And a lot of experts have tried hard
b) The mouse is a (relatively) accurate pointing device that can hit small objects. The fingers are inaccurate and can only hit large targets.
So essentially you have an elephant and a, er, mouse, two different animals. You cannot treat them the same way.
Java 7
It's about time someone forked java 7 and took over Java that release too. This would be similar to LibreOffice forking from OpenOffice when Oracle were neglecting that.
Re: What's fascinating about that is...- TIFKAM is an ad.
@1Rafayal - what is optimal for mouse and keyboard is not optimal for fingers and vice versa.
Re: Paging Maxwell! Mawell to the white courtesy phone!
@Destroy - I think you've misunderstood my comment. I'm not saying that Maxell's demon is in play in this system.
Re: What's fascinating about that is...- TIFKAM is an ad.
TIFKAM is in Windows 8 for 2 reasons -
1 to attempt to force the hoi poloi to like it, with the hope that they will start buying Win Phone 8.
2) to force people to use the MS App Store in Win 8.
MS has a monopoly of the desktop (it tells the OEMs what default OS to install) and it is foisting TIFKAM on Windows users as a strategy to sell MS branded Mobile kit.
Essentially TIFKAM is an ugsome advert for Win Pho 8. And you can only block this annoying ad using 3rd party utils.
METRO FAIL!
Re: Evolution in action
@ I ain't Spartacus - not a bad idea at all, perhaps a UKIP version might be on the cards too.
Re: Windows Cash Cow on death row
@Michael Kean - that's actually a v good question. Obviously layers of cruft have been added to the kernel and surrounding levels. MS could start again from the 2000 code base, but then it would need to add in all the extra API's it has since introduced, add in support for new drivers and debug the whole thing. All of that would cost a fortune. Then MS would have to maintain two different code bases, like in the CE days.
MS are struggling because they have in Windows an essentially unmaintainable code base.
@tony hence your missus would love an MS Surface as a chopping board.
Re: Paging Maxwell! Mawell to the white courtesy phone!
The hot electrons are filtered out via thermodynamics.
Maxwell's demon attempts to circumvent the 2nd law of thermodynamics by using his free will to do the filtering, thus reducing entropy.
That was shown recently to be impossible because the demon would need to memorise the states of the particles, and that memory would increase entropy. Oh (max)well...
@Obviously - usability experts have reviewed TIKFAM and they have provided a verdict. It is confusing in two ways. Firstly it's inherently confusing. Secondly it comes with Windows 8 in which case the user is faced with two completley different UI's within the same OS.
But if you say there's nothing confusing about Metro, then I guess I should take your word for it and dismiss the opinion of the UX experts...
TIKFAM FAIL
Re: Windows Cash Cow on death row
@Mikel "blame the victim" - aptly put, you nailed it.
Re: Windows Cash Cow on death row
@nordwards - I agree with some of the gist of your post, but I'd still opine that it's a betrayal by Microsoft. MS stole the designs of its partners and attempted to profit from them. MS promised not to put its own hardware into the retail channel, and it did. In Staples and other stores, MS is directly competing with its partners for the tiny Windows Tablet market.
The Google Chromebook Pixel (if I remember its name correctly) is more likely to inspire OEMs than the Surface. The Surface has not embarrassed Microsoft's partners. Everybody is laughing at the Surface, pointing out that it is a shockingly bad computer. Not a laptop. Not a tablet. And it sucks at being either. Topped off with a FUGLY OS.
MS have shown the partners how NOT to make computers.
Evolution in action
What we are seeing is the evolution of Android into a more-literal-than-usual-metaphoric ecosystem, rather like (in fact literally) Linux distros. Different Linux distros are suited to different users - embedded, supercomputer, desktop, mobile, bleeding edge, conservative (with a small c), secure and so on.
With android we'll see a similar process happening. This can be pretty healthy as it means that the best will survive. Google own the official version, so that there is fragmentation doesn't matter much, so long as an official compatible version exists.
With all these flavours of Android, new operating systems will find fewer available niches to squeeze into, so to win they will need to create something new and exciting.
Re: Stagnation
"It's too foreign, it still requires too much computing knowledge for the average person"
bullshit - the 1990's wants its FUD back.
Android is Linux. ChromeOS is Linux. And as far as I can tell, the former is wildly popular, whilst the latter is giving MS nightmares already.
Linux Mint is more user friendly than Windows, if you can use Win 7 then the leap to Mint is easy, whereas moving to Windows 8 is a nightmare.
Re: Making Windows 8 look like Windows 7 isn't a climbdown?
@michael Habel,
Even with Jobs around, Apple's iThingy's would gradually become less exciting over time. What Jobs did was make a new class of iThingy's just as the competition was copying the existing iThingy's.
E.g. when MS was full steam ahead with the Zune, Jobs released the iPhone and instantly made the Zune (even more) obsolete.
I wouldn't write off apple as their new generation of iThingy's will be wearable devices. That will be a new cycle now that the iPhone has matured.
Pint - it is fermented fruit (well, ok, grain).
Embedded bloat
"That Windows 8 Embedded is Windows 8 with some extra bits"
Linux embedded distro's are generally normal Linux with many features removed so that the OS runs on cheap, low-powered hardware. A well known example is Raspberry Pi.
But this quote indicates that Windows 8 "embedded" should be even more bloated than Windows 8. That may or may not be true, but when MS talks about "trends towards more generic hardware" it seems to be saying, Good luck getting Windows 8 embedded working on anything even remotely out of the ordinary.
As for an embedded system only being able to remove parts of the UI and not ALL of the UI, that's just weird. When MS talk about "embedded" I'm not sure that they're thinking about what most people think of as embedded.
The use cases they seem to be talking about are basically desktop like systems - kiosk systems that probably have a relatively large quantity of RAM and CPU and Graphics hardware. Let's face it, there's no chance MS would squeeze the fast old woman that is Windows 8 into a $50 Raspberry Pi like device.
WINDOWS 8 CRIPPLED METRO EMBEDDED FAIL!
Windows Cash Cow on death row
"It may be that Microsoft now believes its best chance of carving itself a significant slice of that pie will be for OEMs to market tablets that offer both a low price tag and the full power of Windows"
MS betrayed its partners by competing with them - releasing the Surface computers on it's own retail systems and then releasing the computers in generic shops.
So the OEMs were not pleased about that, and cancelled (or "delayed") their own Windows mobile tablets projects.
There are additional issues:
1) Windows too fat and power hungry to run on cheap hardware
2) Windows licences are too expensive.
3) The competition have a superior product at a lower price
4) the competitions products are more popular in the mobile space
MS cannot survive in a future where it sells licences for peanuts, if it did, it would face catastrophic losses. But there is not an alternative future that can sustain high licence prices, at least not on consumer kit. Ultimately this is because hardware has become cheap compared to windows licence prices. When the biggest item on the BOM is Windows, then Linux/Android/ChromeOS look extremely tempting, especially when they run faster and last much longer between charges.
Finally, the public abhor metro. So the OEM's are facing a prospect of making products that the public have no appetite for. Worse, they know that they cannot trust MS. MS already copied their tech when it made the Surface, another betrayal they will not forget.
Re: Disk space
@DrXym, you mean Linux that runs on a Raspberry Pi?
Re: Disk space
It might also be worth pointing out Linux is the kernel of ChromeOS.
Re: At with a Chromebook Pixel you have the choice.
@mmeier the AC is correct, MS have made it extraordinarily difficult for 3rd party operating systems, such as Linux, to make a use-friendly installer.
MS could have worked with the Linux foundation and produced a solution that was fine for everyone but instead we have the worst possible solution, a real pain the ass. That is typical of MS's attitude, which is downright hostile to open source.
toodle pip and have a prosperous life resplendent with open source operating systems
Stagnation
We're seeing stagnation in the Desktop market but, hey, in the Mobile market, where MS does not rule with an iron fist, people are making money left, right and centre.
A huge problem with the desktop is not just that Windows 8 sucks, it's that the cost of the MS licence is large compared to the cost of the hardware itself. The only way OEM's can offset the costs on consumer machines is by installing crapware, which makes for a deeply unpleasant user experience. Now consumers are using Apple and Android mobile kit, they are seeing that computers don't have to suck! The customer is realising that computers without Windows are computers without pain.
So what does an OEM do? They are making money from mobile so their instinct is to take mobile operating systems and extend them to be dekstop operating systems. Hence ChromeOS. Soon it will dawn on them that ChromeOS and Android are Linux. And, hey, Linux Mint is already the best OS out there. It just needs someone who can fight off MS to market it. If Linux Mint was pre-installed on computers and marketed, in the same way that ChromeOS is marketed, then, hey presto - you will have a reinvigorated Desktop market with higher margins. (No OS licence to pay, and cheaper hardware suffices to run Linux FAST).
This actually already happened once, when netbooks first appeared, then MS reacted by strong-arming OEM's to install XP instead.
Re: @Thad
"And every time someone buys a Windows Phone, Eadon dies a little inside" - which probably explains why I feel absolutely fine, vivacious in fact.
The TRAITOR Miguel de Icaza
This guy has been called a traitor to open source, and this rings true to me. He was in bed with MS, and probably still is. He's the Grima Wormtongue of the IT world.
ICAZA FAIL
Re: Huh.
@Don Jefe FYI the Linux desktop is the most user friendly environment going right now if you know which windows managers are the user friendliest ones.
Linux Mint - if you can use win XP and Win 7 then you will LOVE Linux Mint. It's the same but better (multiple desktops for example).
Of course Ubuntu and Gnome 3 screwed up, but there you go. Fools! They could have cleaned up with Windows 8 coming out and alienating the windows plebians.
Also, Linux mint comes without crapware and doesn't need AV. It's secure, it's easy, it's runs fast and stays running fast years later. It's completely user friendly.
