Imagine the message sent to both parties if Stein, or Johnson handed Obama a loss.
You mean like when Nader handed Gore a loss in 2000?
The lesson the Republicans learned was "we have a mandate" and proceeded to pursue a decade of self-destructive jingoistic policy they still haven't recovered from. The lesson the Democrats learned was "don't get Nadered again."
They might try some more conventional approaches before being total scumbags.
You mean, for example, selling support services, offering affordable cloud services, and creating an online store for linux-compatible software vendors?
Yeah... they should really try that stuff...
And how, exactly, is this different to the situation with Linux? There is no guarantee that someone will report a vulnerability to the maintainers of, say, a Linux distro, any more than that someone will report one to Microsoft. And what Linux distribution or major infrastrucuture project still runs an open access security mailing list today, with guaranteed full and immediate disclosure of all reported vulnerabilities?
Ultimately, unless you personally are directly involved with the security and maintenance of every major Linux project you use, you're still trusting other people to be honest in their disclosure and prompt with fixing security issues.
You're looking for guarantees while I'm talking about options. If you, as a security professional, are concerned about the code, you can scrutinize it. Windows doesn't give you this option. There's no guarantee of disclosure but probability suggests that with greater access to the code will come greater disclosure.
Yes, because obviously the people who are responsible for systems processing a quadrillion dollars of financial transactions just throw a quick Debian CD in the drive to set it up. I don't suppose they're taking any extra steps to audit or secure their systems beyond what a typical home user running Windows for Facebook and gaming would do. Hell, you could probably just walk right into their data centre and remove a hard drive while no-one's looking, and then take it home to look through the files in your own time.
It's ridiculous to assume that when we're talking about securing an office computing environment that we're not allowing for extra steps of auditing and securing in the process. The question is, then, which platform offers a better tool set for doing that?
Leaving aside whether or not any of those things are necessarily true in 2012, about 99.37% of the Linux user base is also experienced enough not to fall for typical malware scams, but I don't suppose that makes any difference.
In the sense that it's completely irrelevant to the discussion, you're correct, it does not. End users will always be the weak point in security. End of story. Now, the question is, do you by default give them write access to system directories, or not? Do you keep granular logs of each file i/o access by individual users?
You won't hear me say that Windows "sucks" at security, or that it hasn't improved significantly since XP. But the fact is that these same mechanisms MS is implementing in 2010, 2011, 2012 have been available to unix users for 30+ years. The whole model has been built around multi-user systems in networked environments with disparate resources moderated by varying levels of access. It's not something that was bolted on 17 years later as an afterthought.
More importantly, if the model that exists doesn't actually serve your organization's needs, there's nothing materially stopping you from modifying it until it does.
Do a lot of on-line banking on your Android phone, do you? Or have a nice, high bandwidth connection you could saturate to support a DDoS attack on someone who didn't pay their protection money? Or store any juicy company data that could be handy for not-quite-insider trading?
As ozmanjsri said, yes to all these things. My 4g connection is definitely faster than my home broadband.
There have been security vulnerabilities found in just about every major piece of networking/server software on Linux. There is no doubt about this, because most of those packages are open source, and the fixes are a matter of public record. If there was money in writing Linux malware, there have been plenty of weaknesses to exploit, just like on Windows (or any other major platform).
There have been security vulnerabilities found in every piece of networking/server software, Period. The trick is that on Windows, even Microsoft is often not notified of these for months after their discovery by the black hats, and it has been sometimes two years for a fix. You as a consumer may NEVER know about them.
But serious malware today isn't written by script kiddies any more. It's essentially organised crime, and it follows the money. If you think that wouldn't lead it right to Linux if that became the dominant desktop OS, or that being primarily open source makes the Linux ecosystem magically immune to the kinds of security bugs that make it into code written by highly skilled and experienced professionals working for the best funded software companies in the world, then I've got a few friends in Nigeria who would like your help with some financial transactions.
the U.S. Army is “the” single largest install base for Red Hat Linux. Industrial Commercial Bank of China runs Linux at all 20,000 of its locations. The Chicago Mercantile Exchange employs an all-Linux computing infrastructure and has used it to process over a quadrillion dollars worth of financial transactions. No money in Linux malware? Pshaw.
But no, Linux doesn't make you magically immune. It simply has a more mature and advanced security model, better tools for detecting and stopping intrusions, and the ability for a motivated firm to make any security modifications needed on their own schedule.
If you have moral difficulties with something outside the scope of your employment agreement and/or job responsibilities, then don't do it.
Normally someone doesn't have to ask me to astroturf a project I'm working on. I want my company to be a viable source of employment so their bottom line is my bottom line. The more money I make them, the more money there is around raise time, whether they're keeping a naughty or nice list or not. Keeping that in mind, I'm usually very eager to promote things I'm working on. Even if I haven't tried it, I probably know what advantages it offers over competing products.
I'm perplexed at how developers can make something and not use it. Or marketers can sell something they don't use. Or administrators can manage people working on something they don't use. It strikes me that this is what Marx was talking about with regard to alienation. And it smells like a management failure, either to hire people who care enough about the work they do, or to instill enough of a sense of shared involvement, to casually mention it to some friends.
"Hey guys I'm working on this thing, check it out and let me know what you think!" is subtle, effective and not pushy. If you don't feel right doing that? look for another job.
if you get off your butt and learn it Gimp will do just about everything PS will do save some of the newest of the new items Adobe has come up with.
That's fine, if you work in a vaccuum. I, however, have to work with client-supplied PSD files on a frequent basis. These things are badly organized enough as it is, to have whatever semblance of structure is provided by layer groups simply MISSING, well, renders the file unusuable. Layer effects just plain don't work.
Obviously since video games were invented in 1962, there was a steep rise in violent crime. Only after they were outlawed in 1992 did we see that start to decline.
Three cheers for this successful prevention effort.
I'm sure it's all covered in the Facebook "terms of service", but that doesn't make it right
Why not? Agreeing to TOS is important for a variety of reasons. In most cases agreement to TOS is what permits a service to host your media (writings, photos, videos, etc.) because without it you would retain copyright of the work, and sites would be liable for everything. Take away the viability of TOS agreements, and you take away the ability of most websites to operate in useful ways.
If they're transcribing source code then they've absolutely within the bounds of derivative work and will fall foul of copyright law.
There's a well known method of avoidance of this issue. What you do is set up two teams. One team looks at the original source code and writes a detailed spec based on that code. The second team never sees a single line of code from the original project. They use the detailed spec to recreate the program "from scratch" but such as to perform exactly or nearly exactly the same as the original program.
This method has two safeguards. For one, your "blind" team will most likely write code quite different from the original project. Secondly, you have a clear paper trail of this process so that when the lawyers come a-knockin' you have a stack of documents to show that you did it in a legit fashion.
The moon is made of green cheese. -- John Heywood