Quick & dirty/As long as it works seems to be the current mode of software coding - more profit!

Programmers are naturally 'lazy' about coding. However, 'proprietary' adds severe pressures of rush and compromise to get anything that might be vaguely passable 'out the door' to be 'forgotten' or fixed 'later'...

A big advantage of FLOSS is that usually you don't suffer the same bad pressures of rush and compromise. You also have people coding for the love of doing a good job. Importantly, you also have the code open to peer review to catch the clangers...

(In stark contrast, I'm suffering some contractors at the moment that seem to be desperate to sweep everything under the carpet and hope I don't notice rather than openly talk and discuss. The unhelpful prevarications make for silly painfully long meetings, which also mean added expense all round for everyone. Silly. :-( )


Is that why FLOSS appears to be inexorably stealing the show? ;-)

IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

(In stark contrast, I'm suffering some contractors at the moment that seem to be desperate to sweep everything under the carpet and hope I don't notice rather than openly talk and discuss. The unhelpful prevarications make for silly painfully long meetings, which also mean added expense all round for everyone. Silly. :-( )

Know what you mean, got a business client that's "chewing the cud" over a quote I've given him. He had a "so called" networking expert wire his building. Now the network is playing up & 11 rj45 sockets not registering.

Patch panel not labelled, link cables from panel to switch all over the place (48 port switch - 27 ports in use) & the same with the second cabinet on the 1st floor. 4 desktops & 1 laptop using counterfeit software.

Quick & dirty seems to be paying off in today's societies!

---

Google detects website ID exploit

"It is really time we move on from this 20-year-old, poorly implemented system," wrote Mr Wisniewski. "It doesn't need to be perfect to beat what we have." "

Quick & dirty/As long as it works seems to be the current mode of software coding - more profit!

Love it.

How do I prove I'm me if I'm standing in front of you? I give you a certificate from an authority saying I'm so and so. But how do you know if it is true? You don't. It doesn't matter that it is a passport issued by a government. I could have tricked the certificate authority, government, into issuing a fake certificate. Sounds like we are describing a universal problem with certificates issued by authorities.

---

Google detects website ID exploit

"It is really time we move on from this 20-year-old, poorly implemented system," wrote Mr Wisniewski. "It doesn't need to be perfect to beat what we have." "

Quick & dirty/As long as it works seems to be the current mode of software coding - more profit!

Love it.

How do I prove I'm me if I'm standing in front of you? I give you a certificate from an authority saying I'm so and so. But how do you know if it is true? You don't. It doesn't matter that it is a passport issued by a government. I could have tricked the certificate authority, government, into issuing a fake certificate. Sounds like we are describing a universal problem with certificates issued by authorities.

For an excellent example of that, head over to the "Duplicity at Work" thread!

---

Can a user really trust this one?...


Nokia: Yes, we decrypt HTTPS - but we don't spy

Nokia has admitted that the Nokia Xpress browser redirects even encrypted HTTPS traffic through Nokia servers – and that the data is temporarily decrypted in the process. ...

... However, Pandya writes that the phenomenon is not restricted to the pre-installed Nokia browser, and that it also affects apps such as the built-in Twitter and email applications which also use the browser. ...


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

http://www.foxnews.com/tech/2013/01/12/us-government-advises-computer-users-to-disable-java-software/?test=latestnews?test=latestnews

WASHINGTON – The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.

The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.

Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system.

FOSS, it is what we make it ...

http://en.wikipedia.org/wiki/Java_%28programming_language%29

As of May 2007, in compliance with the specifications of the Java Community Process, Sun relicensed most of its Java technologies under the GNU General Public License.

---

http://www.foxnews.com/tech/2013/01/12/us-government-advises-computer-users-to-disable-java-software/?test=latestnews?test=latestnews

WASHINGTON – The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.

The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts.

Experts believe hackers have found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.

Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system.

FOSS, it is what we make it ...

http://en.wikipedia.org/wiki/Java_%28programming_language%29

As of May 2007, in compliance with the specifications of the Java Community Process, Sun relicensed most of its Java technologies under the GNU General Public License.

I hope that's not a dig on FOSS...
Just because that garbage platform is licensed under the GPL, does not mean anything. Besides, not even Bill Gates could get someone to pay for that platform. ;-0

---

#resist

I hope that's not a dig on FOSS...

It is a dig on the hubris that FOSS is any different than closed source. It is still the product of man.

If security isn't designed in, ten thousand eyeballs can't test it in, after the fact.

---

I hope that's not a dig on FOSS...

It is a dig on the hubris that FOSS is any different than closed source. It is still the product of man.

If security isn't designed in, ten thousand eyeballs can't test it in, after the fact.

Yes in the aspect of security FOSS is just a susceptible. However some OSs are less susceptible to security issues than others. This seems to be based on the popularity of the OS coupled with quality of programming of the OS... Nothing is immune. I like Android but I am aware that it's popularity will lead to every little issue that can be found being exploited. People will have to be responsible with their phones as they are with their PCs, and we all know how that's gonna go...

At least in the Open community, we [as individuals] have the option to do whatever we want to our OS and software, including making low level config changes and changing any code. [given the know-how to do so]

And back to the original subject, Java... I only have it because I need it for one specific piece of software. But I always hated Java as a platform, programmers that like it have obviously not spent a decade and a half noticing that the buggiest software they use is built on Java...

---

#resist

I hope that's not a dig on FOSS...

It is a dig on the hubris that FOSS is any different than closed source. It is still the product of man.

If security isn't designed in, ten thousand eyeballs can't test it in, after the fact.

Yes in the aspect of security FOSS is just a susceptible.

Then we agree. I believe Martin, who posts here frequently about how much better FOSS is security wise, disagrees with that.

However some OSs are less susceptible to security issues than others. This seems to be based on the popularity of the OS coupled with quality of programming of the OS... Nothing is immune. I like Android but I am aware that it's popularity will lead to every little issue that can be found being exploited. People will have to be responsible with their phones as they are with their PCs, and we all know how that's gonna go...

Popularity is the only factor if you are an opportunistic criminal. However stuxnet shows that targeted attacks are based on the target.

At least in the Open community, we [as individuals] have the option to do whatever we want to our OS and software, including making low level config changes and changing any code. [given the know-how to do so]

And back to the original subject, Java... I only have it because I need it for one specific piece of software.

Ah, that problem. The must use it problem, because others dictate it to me.

But I always hated Java as a platform, programmers that like it have obviously not spent a decade and a half noticing that the buggiest software they use is built on Java...

Bugs are overtime.

---

And actually I'd like to correct myself on one thing.
Android.
It is THE most used OS on the planet, yet we do not hear too much about security flaws, do we? When we do hear something about security it so far has been related solely to apps, I can only think of one OS specific bug found on some Samsung phones where a hotlink could be used to wipe the phones settings.

Beats the heck outta some others in the security department, I'd say.

+1 FOSS

---

#resist

... If security isn't designed in, ten thousand eyeballs can't test it in, after the fact.

Yes in the aspect of security FOSS is just a susceptible.

Then we agree. I believe Martin, who posts here frequently about how much better FOSS is security wise, disagrees with that.

Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place.

A bit of an obtuse example is that for the development of WINE. Great pride was taken in the translation layer being so faithful to reimplementing the Windows interfaces that even Windows viruses and malware would operate just as for the Windows world! True to FLOSS thoroughness, careful design was also included to ensure those features could not be exploited by Windows malware to spread any damage outside of that environment. One brief example: I Can Haz Virus (Note the simple two commands to reinstall the Windows environment in just a few seconds!)

[edit]
And before anyone bangs on the Neanderthal old worn record of "Uh! Command line?! Uh!":

Those two commands to quickly reinstall WINE for a Linux system are given because they are easy. The same result can be done from clicking a beautiful graphical software installer. However, explaining two commands is far easier than the effort to describe various graphical clickings!
[/edit]

The big deal with FLOSS is just not the "thousands of eyeballs". A lot is gained from the openness allowing peer review, rapid development, and the personal pride and thoroughness of the authors/contributors. The peer review backs up that thoroughness: You have to work up to the same level as other peers for whatever project.

FLOSS is no guarantee of good software. However, the openness gives far better guarantees than the alternative of proprietary secrecy and exploitative motivations...

FLOSS is almost always intended to be beneficial to the users. That is a huge shift in emphasis from the world of proprietary exploitation of users.


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Too silly to not include. Have we learnt nothing after decades of Microsoft?

Amusing Windows Phone Error Asks User to Insert Install Disc


I suppose that one is a sort of advance on the old badly worn but still current:

No keyboard detected. Press F1 to continue.

I hate you, computer. You need a keyboard to boot? Why?! And under what circumstance would even be able to push the f****** F1 key if I don’t have a g***** keyboard?! Who in their right g****** mind even took the time to code that?...


Hilarious if it wasn't sadly for real...

IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

http://www.tomshardware.co.uk/Windows-Phone-Error-Installation-Disc,news-42098.html

LOL! That's classic! (Surprised there's not an option to "reboot computer in MS-DOS mode")


And Martin, that USB keyboard issue is a BIOS related issue, not a Win specific one. ;-) (The man should have chosen "halt on all- except keyboard")

---

#resist

Here's one way of possibly making the code insecure.

US employee 'outsourced job to China'

Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place.

It is only a peer review if the ten thousand eyeballs are trained in security reviews. If they all learned the same bad programming habits to begin with ...

---

Here's one way of possibly making the code insecure.

US employee 'outsourced job to China'

Interesting report. Brings it right back to the original thread post & a "rogue engineer".

The question one now has to ask is: -

Just how many more like those 2 in the I.T. industry?

---