Duck, Microsoft: Firefox Is Coming To Retail Stores (Linux offering OpenOffice & Firefox together)

TechWeb ^ | November 22, 2004 | TechWeb.com

[antiRepublicrat]

but I suspect if Firefox gets even remotely close to the usage of IE, you will get the hackers interest and viruses and worms will be written to take advantages of its weaknesses.

Firefox does have weaknesses, but there's one main structural difference that will always separate them. Firefox is it's own application and own renderer, running with the priviliges of the user. IE's "engine" (mshtml.dll) is a system-level library, fully capable of hosing the system should it be compromized. Add to that the fact that many applications, such as Outlook, use that same engine to give multiple angles of attack for the same security hole.

[antiRepublicrat]

If I were writing destructive software, I would target the largest number of platforms with the smallest amount of effort.

Or you can target lesser-known and more secure software so people will know you have ub3r-l33t m4d h4x0r 5kIllz instead of realizing you're simply a l4m3r.

That crap is for the script kiddies and won't get you any respect.

[antiRepublicrat]

And they're right: Apache sucks compared to IIS 6.

I'll be the first to admit that IIS 6 is a vast improvement over that lame excuse for a web server, IIS 5. However, Apache does not suck compared to it -- IIS 6 is just finally getting up to speed with what the rest of the world has had for ages.

IIS 6 user: "Yippie, I can have separate application pools so one crashing app doesn't take them all down!"

Rest of the world: "Welcome to where we were five years ago."

[Paridel]

And well-developed OSS projects such as Linux don't let amateurs contribute. They can submit, but their submissions don't have a chance in hell of getting into the production code.

That isn't exactly true... FreeBSD doesn't let amateurs commit, but you can get your patch in Linux fairly easily if there isn't a competing patch especially if it is for hardware that isn't widely used. I had a sound card that had a very poor driver submitted to ALSA, later incorporated into the 2.6 kernel. Enabling it would make my computer randomly restart when playing sound. Quite fun. But it wasn't a widely used driver so even thought it was very poor code it made it in.

To be fair it has since been fixed. However how do you think Linux stays ahead of FreeBSD on drivers? I'm sure it's partially because they have more people writing them, but they also have a less stringent acceptance policy.

I'd say don't take my word for it, download the kernel source code and look for yourself, but not everyone here understands C.

If you don't understand C just untar the source and grep for various bad words. That's quite an eye opener too, but Linux has long since spoken about how the f-word in the kernel comments should be preserved.

Another example of in my opinion code that shouldn't have made the cut is in drivers/net/sunhme.c:

static void happy_meal_tcvr_write(struct happy_meal *hp, unsigned long tregs, int reg, unsigned short value)

Hey! That's funny! So much so in fact that it makes reading the code painful because you have no clue what's going on. That's OK though, there are comments in the code to help with that!

/* Welcome to Sun Microsystems, can I take your order please? */ /* Would you like fries with that? */

I would have gotten canned so fast for including something like that in production code it would have made my head spin.

Now being less picky about the code does mean that Linux adopts new hardware fairly quick, and people are normally quicker to fix a bad driver than they would be to implement a new one from scratch. So you can argue about whether or not that is a good thing. If you want stability you can always go with an older kernel. But no, bad code and code from amateurs and first time submitters does make it in there.

-paridel

[Paridel]

Or you can target lesser-known and more secure software so people will know you have ub3r-l33t m4d h4x0r 5kIllz instead of realizing you're simply a l4m3r.

That crap is for the script kiddies and won't get you any respect.

I don't quite get the point you are trying to make here, but few people attack targets anymore to get respect. They do it to make money. A good example is that article that ran in Wired about a month ago... On-line Gambling sites are being forced to pay extortion fees or get ddos'ed into oblivion by Russian hackers. The US government won't help them out since the gambling sites for legal reasons, though often run from the US, are based and have servers in various small countries.

There is money in it for these jerks, they aren't just doing it for fun or to be cool.

-paridel

[Paridel]

That isn't true. You can have windows update automatically grab and install updates for you, thus it is easier than installing firefox.

That being said what a ridiculous line of reasoning. Well, it was easier to stay with Windows 98 cause it was already installed, so I didn't upgrade to XP (or install Linux, you can take your pick). Hmm, I would have installed Word, but geewiz, that would involve sticking in a CD, so I'm using notepad.

Come on! Argue for the benefits of firefox over IE all you want, but don't give me I have to click on less installers ;-) I would seriously hope that isn't the way anyone chooses software.

-paridel

[antiRepublicrat]

That isn't true. You can have windows update automatically grab and install updates for you, thus it is easier than installing firefox.

"Can" being the operative word. Most systems out there either don't have auto-update, or it isn't turned on by default.

Well, it was easier to stay with Windows 98 cause it was already installed, so I didn't upgrade to XP

That costs money.

[antiRepublicrat]

I don't quite get the point you are trying to make here, but few people attack targets anymore to get respect. They do it to make money.

They attack for various reasons that I'll classify into three groups:

1) Your criminals for money. They don't care about what OS is used more. They go for the target for money. These are not germane to the discussion.

2) Script kiddies: These guys care about the most prominent OS, so they can do the modern equivalent of vandalism with the most effect. Nobody likes these guys, and the hackers despise them, but they're the ones always in the news..

3) Hackers (actually, crackers): These guys are doing it to push the limits of technology and gain respect among their peers. They want to crack the harder targets. Usually you'll never know they were there unless you read the hacker channels.

[antiRepublicrat]

That isn't exactly true... FreeBSD doesn't let amateurs commit, but you can get your patch in Linux fairly easily if there isn't a competing patch especially if it is for hardware that isn't widely used.

You're right, drivers are a good exception.

I would have gotten canned so fast for including something like that in production code it would have made my head spin.

Did you read any of the comments for the leaked Windows code? That was pretty funny too.

[Paridel]

Did you read any of the comments for the leaked Windows code? That was pretty funny too.

No, I had amble opportunity to, there were a couple copies on my school LAN among other places, but I figured it would be better if I left that code alone. But unfortunately I have a feeling that no matter what large software product you looked at the code for there would be examples of poor programming (or at least poor commenting).

That being said, I really do wish I had gotten a look at those comments you are talking about. ;-)

-paridel

[KoRn]

The same can be said of M$'s IIS service for web services, vs Apache on Linux.

[Paridel]

I think group #2 (script kiddies) and #3 (hackers) actually are a lot alike, at least in intent. The big difference being that the later knows what they are doing and that leaving traces means more opportunity to get caught, and the former doesn't.

I'm not really impressed with anyone that breaks into other people's machines, no matter what they do there. At school I had a couple friends and we would quite often break into each others machines and change the background, etc. It wasn't too difficult. My suitemate's debian box took me the longest to break into, because I never had physical access to it and it didn't run many services, but we eventually got that one too when he was a little too slow in updating packages, just took a couple months. Now this was all in good fun, with each others consent, and pretty strict ground rules (i.e. you didn't mess with a machines that had important school work on them, and the week a project was due you didn't mess with anything, and you made it really clear what you did). But it demonstrated to all of us that these "hackers" are really more persistent than smart.

-paridel

[antiRepublicrat]

That being said, I really do wish I had gotten a look at those comments you are talking about. ;-)

I didn't read the code either, but the best of the comments were posted online. I like this:

* CallProc32W is insane. It's a variadic function that uses
* the pascal calling convention. (It probably makes more sense
* when you're stoned.)

[antiRepublicrat]

I think group #2 (script kiddies) and #3 (hackers) actually are a lot alike, at least in intent.

Not really. What you described in school was hackers, people doing it for the challenge, the test of their skills (as well as being l33t in the eyes of their peers). Kiddies are just modern day vandals working with malice.

[Paridel]

Just wanted to let you know I really enjoyed that link. No I don't have to feel like I'm missing out anymore. Thanks!

Incidental I'm not too surprised about the amount of obscenities in this, Linux, or any other source code. It was pretty typical of my buddies in college to add them, at least in comments, and quite possibly as variables, when there were getting stuck and irritated about a programing assignment.

Every once and a while people would forget to do a global find / replace before submission. Particularly interesting when they said some bad things about the professor or his mom in their comments. I was too afraid of missing an instance to ever add stuff like that to mine though.

-paridel

[KoRn]

I just wanted to throw this screen of my Desktop running Mandrake 10.1 Official.

The GUI runs super fast, and its veeeerry slick! I have yet to encounter any bugs at all. It seems to be a vast improvement from Mandrake 10.0. I would recommend this to anyone who is considering or is already running Linux.

Along with the good GUI the OS still has all the 'under the hood' power tools most Linux users enjoy.

It's also good for the average user who may be used to Windows and hasn't tried Linux. My wife took to it right away, the install is very easy too.

[goldstategop]

The problem isn't Open Office and its database compansion MySQL, its Microsoft Office's proprietary format. Its Microsoft not having open source standards that creates the compatibility issues to begin with. With a little bit of work you can still get OOO files and MySQL databases read by MSO. You'll lose a tad in the translation but not much. And the advantage of Linux is the software is free. Even the operating system is free but I paid to have an easy to use Linux and after trying out Mepis, I went back to Xandros. Downloading and installing new software from the net is a little difficult since one has to create icons on the desktop and put the program in the KDE programs list but its easy enough to learn. And running Linux with click and point is even easier than in Windows.

[goldstategop]

Not true at all. Xandros configured my laptop and installed all the drivers for me without my having to do anything. So Linux has come a long way from its early days when it was hard to install and you had to learn a lot of command-line strings to run it. All you need to do today is click and point a mouse. And Ark is the nicest little unzipping utility I've ever seen. Getting folders set up is a breeze. And of course, no viruses, worms, or spyware to worry about. Plus, open source ensures improvements will keep coming long making Linux even better. What's the best thing about Linux? The stability! If you shut off your computer without going through the shutdown process, it will still protect the files and keep them where they are. A level of protection even Windows doesn't have!

[Paridel]

If you shut off your computer without going through the shutdown process, it will still protect the files and keep them where they are.

No matter what operating system you are using there can still be write-cached data that isn't written before the drive shuts down. Using a journaled file system (ext3 or reiserfs on Linux for example) I'm sure can certainly help, but won't completely mitigate the problem, as at its core it is a hardware issue.

That being said, I typically don't lose data from improper shutdown's on Windows or Linux anymore.

-paridel

[Paridel]

Kiddies may just be modern day vandals, but I would argue that at the core their actions are a way to get attention, or at least to feel like they are making some impact on the world.

That impact is negative, and quite often against people they don't know, but impact is still the goal. The only difference with "hackers" would be that the impact is the admiration of people they know.

Anyway, the line is blurred. What about individuals who are very technically astute but write fairly destructive viruses like Code Red?

I'm impressed by those who are technically astute, but not when that knowledge is used to effect systems you shouldn't be messing with. Especially when every system is vulnerable to an extent, people putting the systems up know that, and have to weight the effort spent protecting their system against the cost of someone breaking it. All you are doing by messing with them is proving that they bet wrong.

-paridel