Can you please provide links?

Because FLAC is very poorly supported among both portable media devices and media center devices? Further, the difference in actual perceptible quality between a high quality mp3/ogg/wma/whatever encoding and a FLAC encoding is between negligible and non-existent, negating pretty much any benefit of FLAC. Media archival is one area where FLAC is an obvious choice for, but bit-for-bit storage is generally something only a subset of music enthusiasts care about, and so unless constantly transcoding FLAC into a format that your chosen non-PC device supports is your idea of a good time, then it's just not worth the effort...

So basically, your suggestion is to design an OS that ensures that it is secure by taking away API calls that could be misused in a way that compromises security? By your own admission, it is a documented specification, and it is behaving exactly as it is intended to do so. It isn't a "bug" in the API, it's misuse by various developers. However, Microsoft is at fault for how developers (its own or 3rd-party) misuse an API call that is fully documented and behaving exactly as intended? This makes absolute, perfect sense.

Yes, they are blaming applications that have incorrectly used the documented specification. And, they have provided the capability to control remote loading of DLLs through a patch that can be targetted at individual applications or the entire OS. What more can reasonably be done?

And this is factually wrong. Windows NT (as opposed to Windows) was designed from Day 1 to be secure. You can argue whether they succeeded in developing a secure OS, and that might be a far more interesting debate, but to argue that it was never designed to be secure is incorrect. This is a fact of historical record. I'd argue that earlier versions of Windows NT were significantly flawed from a security perspective while modern versions (Vista and newer) are significantly improved, but that's another debate.

Essentially, your entire argument is that it is Microsoft's fault for providing a documented API that can be misused. I'll grant the defaults could have been chosen better, but competent programmers need to be aware of these issues. I'm mildly surprised it's getting the coverage it is, as this isn't some brand new attack; this issue has been known about for some time and not gotten a lot of coverage because it simply isn't that big a deal and is not a flaw in the underlying OS. For example, this blog post from early 2008 covers the issue (and was linked in some more recent blog posts): DLL Preloading Attacks

I always thought that WinSxS was quite an elegant fix to a difficult problem. Put it this way, I still have nightmares about DLL Hell from the bad old days, but have yet to encounter a problem due to WinSxS. The closest I've come is one or two applications making assumptions about dependencies (i.e. not bundling the required installers and not failing gracefully). Have you had issues with WinSxS?

The answer is:
Said "top scientists working in industry" are welcome to do all of the above, and should be encouraged to do so in fact, but the determining factor of whether their work is published should be one purely of merit; not payment for publicity or any other form of bribe that results in direct gain to the publisher.

Wait, what? No Windows Service Pack has ever forced an update of Internet Explorer; maybe NT 4.0 did as I can't remember that far back, but definitely nothing since Windows 2000 onwards. Windows XP SP3 will install fine with IE 6.0 (XP bundled version). They'd be breaking their own support policy by even doing so, as Microsoft commits to supporting the version of IE that is shipped with every Windows version for the lifetime of support for that OS release. Seriously, where do you trolls get your garbage? You're not picking exceptions, you're claiming shit that has never happened.

That's because XP x64 isn't actually XP (NT 5.1), it's Windows Server 2003 (NT 5.2). That is, it's really only XP in name as it is built off the Windows Server 2003 codebase. It has all the server functionality of its counterparts removed as well as some minor functionality present in XP but absent from the server releases included. Consequently, they share the same service packs and updates, with the latest service pack for Windows Server 2003 being SP2. Unless of course, you meant the original "XP" Itanium release, which really is built off of XP, but support for that was discontinued a long time ago.

Then they're not competent, or more likely, they did something catastrophic to the operating system that makes reinstalling the easier solution than hunting down the actual cause(s) and fixing it/them. For example, a seriously nasty virus infection that hoses operating system components, or disk corruption that takes out half the registry without a backup. Linux, while less susceptible to some of these problems for various reasons, isn't immune to them.

I have well over a decade of experience using MS operating systems and I've never had to reinstall a system because I absolutely couldn't fix it; I've chosen to reinstall systems that were compromised by an infection because, although I could remove it, I lack confidence that it is 100% removed and the system is back to a pristine state. I've done the same for Linux boxes that were hit by rootkits; I simply can't guarantee trust of that system anymore knowing that install has been thoroughly compromised. As far as configuration issues go, versus security or data destruction issues, I've never had to revert to a reinstall.

Typically, I also find it unproductive, as you don't learn anything. Even if it's a bastard to track down the issue, you learn a lot from the experience, and that will help you solve the same or similar problems in the future. Reinstalling any operating system is a very blunt approach. More to the point, for most systems I use as well as friends and family, reinstalling is more time consuming in the long run for sheer time and effort invested backing up data, reinstalling apps, restoring data, and getting the configuration back to a state that you like. Then there's the problem that sometimes the reinstall didn't fix the problem, and you've wasted a monumental amount of time. So I view reinstalls as a solution on any OS as a particularly poor solution; it's frustrating it is so common on Windows systems as to me it demonstrates a lack of technical proficiency by many who would claim competence with the system.

Security policy is just one aspect of Group Policy, and a small one at that relative to the total set of configurable options. In essence, if it is a configurable Windows setting, Group Policy can configure it; including settings that have no GUI front-end outside of the GPO configuration window (ie. typically registry settings without a Control Panel UI). The point being, of all the configurable settings in Windows (or any OS), security settings tend to be a minority considering everything else.

That aside, while deploying secure systems in the first place is unquestionably the smart thing to do, security tends to be dynamic, and security configurations change. When they do, even on Linux, a mechanism to quickly and easily update security settings company wide (e.g. for LDAP authentication or NFS/SMB authentication) is obviously incredibly useful, and pasting together scripts that modify the relevant files (hopefully at the individual settings level instead of just nuking the entire file with a new copy and potentially wiping out custom settings) is a clunky business at best, and definitely not elegant.

You're correct hands-down though that Linux is far superior for pushing out whole applications through an internal repo or other solution. There's some interesting stuff going on with using WSUS to deploy 3rd-party apps, and AD can do it with MSI packages, but it's still not even close to the power of rpm/deb and associated distribution technologies generally, and certainly not as easy to setup and manage.

Inexperienced Linux user:

Windows issues can be fixed.
Linux can be reinstalled. Probably. Or you can get a new distro and migrate your data. Perhaps.

Do you see the point I'm trying to hammer home?

Um, Xenophon is against the filter, and has publicly stated this several times. I don't agree with everything he says by a long shot, but he's definitely not a crackpot like Steve Fielding or Tony Abbott. Further, independents can often be a good thing, primarily because they don't toe the party line and are more likely to vote based on their personal beliefs than what will get them a promotion to the front bench. I'd rather politicians who vote for what they believe in (even if I disagree) than vote for what earns them a larger salary or a nicer job. I'd say his electorate and who they vote for is a fair indication of whether he is being a tosser. Considering how difficult it is to get elected as an independent, without the massive financial and human resources you'd have at your disposal as a member of one of the major parties, I'd suggest he by definition has to be quite in tune with them. You might want to check the actual policies and standpoints of members of parliament before unleashing abuse on them.

A recent interview with Xenophon: Q&A: Xenophon on ISPs, Telstra and the cloud.

Not really, it makes a lot of sense once you bother to learn about it rather than just flame about it on Slashdot. Although, you may not necessarily agree with the design principles behind it. Svchost (Service Host) isn't difficult to understand; "encapsulates" is a fair choice of word as that's really all that it does: executes multiple services under a single process (ie. hosts them). An important distinction is that it hosts services that exist as DLLs, not binary executables (most Windows OS services are implemented in this way, 3rd-party services far less so). Multiple svchost processes can exist concurrently and each host one or more services, commonly loosely grouped into different svchost processes by category, importance, etc...

Why have svchost at all? The answer is basically performance. Windows processes are "expensive" relative to Unix systems from a resources perspective. They require greater overhead to setup and for the OS to maintain, and so Windows tends to have a greater emphasis on a proliferation of threads than a proliferation of processes. At any given time a modern Windows OS is likely to be running a lot of services, and hosting each of these in a different process would potentially incur a lot of resource overhead that is ultimately just a waste. The primary benefit of doing so would be stability. Why? Because if one of the services hosted in a svchost process crashes, it'll bring down the rest of the services in the svchost process with it. Obviously, if it's a svchost process running important services and/or a lot of services, the results can be catastrophic. To be fair, this is in my experience extremely rare (I can't in living memory remember ever seeing this occur firsthand).

Netstat is admittedly fairly useless for inspecting ports with respect to svchost hosted services, but the reason why is obvious: it would need "special" coding to give it an understanding of svchost specifically, rather than just an understanding of processes. However, Sysinternals Process Explorer can quickly and easily show you which services are hosted in which svchost process, as well as which TCP/IP connections (and listening ports) belong to which service in any given svchost process. It's not ideal, but it does work and well at that; any Windows sysadmin worth their paycheck should have a copy of the Sysinternals Suite on hand anyway.

I also found it bizarre that at no point did he seem to think of checking the setup logs. Admittedly, it probably wouldn't have helped him in this case, as logs often don't reveal anything in the case of intermittent hardware failure, but really, if I have a problem with setup, the first thing I'd think to check would be the log files in case they turn up something interesting. That's, you know, kind of why they're there...

I don't think there's any economic system, free market or otherwise, that is wholly self-sufficient without any need for external input to (attempt) to ensure the best possible outcome. This is precisely my problem with individuals such as yourself, that are so absolute in their beliefs in the infallability of a given ideology. Essentially, you believe your philosophy is perfect. The world is not black and white, and this extends to economics. Further, your distaste for government regulation is quite obvious, to the extent you're willing to jump to conclusions at the moment of its mention. You suggest that I think that "government regulation is obviously the cure", yet, I specifically stated that excessive government regulation is no better, and may well make things significantly worse. As always, moderation is essential, and staunch devotion to any given ideology, in some attempt to maintain "purity", is simply folly. I don't believe government regulation is the solution, any more than I believe free market economics are the solution, but rather, that together when both used appropriately, they can yield the best possible outcome combined.

China begs to differ (prosperous and not free), as does the United States (highly free with economic crisis). Further, considering that the entirety of modern history has resulted in regulated economies, unless every single economic system in modern history is a failure in your book, then your assertion is false. Further, extremely deregulated economies (I acknowledge you accept some degree of limited regulation) have yet to my knowledge been implemented in any Western society, at least, not to the extent you'd like, in which case, your preferred system is an unknown quantity. Any assertion as to its historical success is therefore, also invalid.

I looked at the Index of Economic Liberty and it seems somewhat ridiculous. The most prosperous countries right now include the likes of China, which, anyone not living in a cave will tell you is hardly free in any sense, economic or otherwise. The indicators are also, by definition, difficult to accurately quantify, and so I view such studies as only of mild usefulness.

My issue with Ayn Rand is simple, I don't agree with her Objectivist philosophy. I think it is ultimately shallow, and doesn't in any way contribute to any meaningful impetus to better ones-self or the broader humanity. I do not view selfishness as a core principle worth consideration, far less adopting. Further, it amazes me an author of fiction manages to command such respect as a source of inspiration and authority for economics in the real world. Atlas Shrugged, for the record, is not a biography. I could write an essay on my distaste for the philosophy, but this is Slashdot, not a philosophy forum.

The rest of your post is really just a rail against government; you acknowledge the issues of corporations with respect to their own self-interest, yet are wholly pre-occupied with how that relates to government and the influence they attempt to exert on it. This pre-occupation (or fixation if you prefer), results in an inability to realise that corporate corruption extends beyond government, and into the economy itself, negatively impacting other businesses as well as consumers themselves. It's a distinctly Libertarian bent to blame all of society's ills on government, but a wrong one. It's simplistic in analysis, ignoring all the myriad of other societal issues that exist independent of government. In some respects, it's a quick-fix mentality, wishfully identifying a single cause for the woes of a group, and steadfastly advocating its removal, in complete ignorance of the larger, far more complex relations that form modern culture.

Regardless, I don't think either of us are going to change our minds, so I won't be replying any further.

Alan Greenspan is a particularly amusing choice of individual to cite, considering he publicly admitted only recently that his faith in free market economics as his central ideology had been fundamentally shaken by the recent economic crisis in the US. The relevant segment from Wikipedia would be (all cited, see Alan Greenspan article):

With respect to your larger reply, I'm not sure that government regulation can necessarily "prevent" monopolies, as the establishment of them tends to be through illegal means, often only that come to light after the monopoly is established. Regulation in that respect has a disciplinary function more than a preventative function. The function being to level the playing field to encourage competition due to the illicit gains made by the incumbent. Providing some real world examples of unregulated markets leading to monopolies is exceptionally difficult, primarily because I'm not aware of any wholly unregulated markets. All economies of any size have regulation, the degree of which differs, but it is all present. The US market is regulated, and is only notable in degree of regulation in comparison to other markets. Your suggestion that the vast majority of monopolies have arisen as a result of regulation is presumably referencing government sanctioned monopolies. While I'd contest that the assertion that "almost all examples" might be an exaggertion, I don't disagree with the premise that excessive regulation can be a very bad thing. There are interesting arguments with respect to the RIAA/MPAA being something of a government sanctioned monopoly with respect to their control of the media industry; as always, balance is key, and I tend to subscribe to the view that regulation is necessary, but must be moderated. Too much will be just as damaging as too little.

My quote of "natural tendency of business is to damage the economy for selfish material gain" references the fact that what's good for the economy isn't often what is good for business. Businesses exist to make a profit, and that core objective often runs contrary to what would be in the interests of the larger economy, and its components (consumers, employers, corporations, etc...). Businesses, like people, are at heart selfish entities, and acts of altruism that benefit the economy but hurt the business (hurt being relative, a profit may still be gained, but not as great a profit as otherwise) tend to be rare. Things such as diversity and competition are good for the economy and (most of) its participants, but not necessarily individual businesses. Competition and diversity don't contribute to profits, they tend to reduce them. That's not some complex reasoning, it's an obvious conclusion when observing the key reason for existence of business.

I'll read your article later tonight, I promise, but I'll need some sedatives first. Ayn Rand tends to offend me, as does her philosophy and those who subscribe to it, and I'm not sure a Greenspan essay from 1961 is even relevant, as in light of his recent "revelations" (see above), it may well not even be in line with his current thinking. I'll read it later regardless.