Linked by Thom Holwerda on Wed 5th Jan 2011 22:09 UTC
Windows And this is part two of the story: Microsoft has just confirmed the next version of Windows NT (referring to it as NT for clarity's sake) will be available for ARM - or more specifically, SoCs from NVIDIA, Qualcomm, and Texas Instruments. Also announced today at CES is Microsoft Office for ARM. Both Windows NT and Microsoft Office were shown running on ARM during a press conference for the fact at CES in Las Vegas.
Thread beginning with comment 456192
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: BC
by lucas_maximus on Thu 6th Jan 2011 15:10 UTC in reply to "RE[4]: BC"
lucas_maximus
Member since:
2009-08-18

The problem is that almost all malware is also distributed as closed-source binary executables only, and that (being closed source) there is no way that anyone other than the creators of any given piece of such software can tell the difference. No amount of user education will change the fact that no-one (other than the authors of the software) can tell if a given closed-source binary executable does or does not contain new malware.


And that is why you get the software from the original author, and guess what ... if you educate someone to always get the software from the original author ... mmmmm.

Furthermore if someone is so uneducated as to how to to avoid threats how will it being open source help ??? A malware author can just offer an "alternative download source" and stick a key logger in there for example ... having the source won't help because the uneducated simply won't know any different.

Also you obviously haven't heard of a checksum then? They use this on Unix/Linux Binary packages as well and also can be used on any file to validate it's integrity.

For example I remember Windows XP service pack 1 having a checksum key on in the installer properties ... if this didn't match what Microsoft had you had a duff/dodgy download.

BTW ... my agenda is merely to point out facts such as these to everybody, so they can make good decisions for themselves regarding which software they choose to run on their hardware. I make absolutely no apology for this agenda.


The thing is you "facts" aren't facts. They are opinions from someone that IMO doesn't really have any practical experience of developing or deploying software.

Unless you work directly in the software industry as a developer or a manager for a development team you simply don't understand the landscape and the issues that developers face.

Also you are biased in thinking that open sourcing everything is a cure to all software problems. This IMO couldn't be further from the truth.

What exactly is your agenda in trying to disparage mine?


Because I think you are biased and do not presents the facts fairly.

Reply Parent Score: 2

RE[6]: BC
by lemur2 on Fri 7th Jan 2011 01:18 in reply to "RE[5]: BC"
lemur2 Member since:
2007-02-17

"The problem is that almost all malware is also distributed as closed-source binary executables only, and that (being closed source) there is no way that anyone other than the creators of any given piece of such software can tell the difference. No amount of user education will change the fact that no-one (other than the authors of the software) can tell if a given closed-source binary executable does or does not contain new malware.


And that is why you get the software from the original author, and guess what ... if you educate someone to always get the software from the original author ... mmmmm.
"

The point is that if the original author is a malware author, then even going to the trouble of getting software directly from the original author won't prevent it from containing malware.

Furthermore if someone is so uneducated as to how to to avoid threats how will it being open source help ???


It is a matter of adopting a self-imposed policy. Linux distributions all maintan repositories of source code, and parallel repositories of binary executables compiled from that source code. Anyone at all can download the source code and verify that compiling it produces the corresponding binary executable. This means that people who did not write the code can nevertheless see what it is in the code, they can compile it for themselves to verify the integrity, and they are users of that code on their systems.

Any user adopting a elf-imposed policy of only installing software directly from such repositories is guaranteed to never get a malware infection on his/her system. There is a very long history of vast amounts of open source software delivered via this means which proves this claim.

A malware author can just offer an "alternative download source" and stick a key logger in there for example ... having the source won't help because the uneducated simply won't know any different.


Yes, it will make a difference. Every single user doesn't need to know how source code works, just one user needs to download the source code and discover the keylogger within it, and "blow the whistle" on that code. It can then be added to a blacklist for all users. It only takes one person to spot the malware, out of millions of users.

Also you obviously haven't heard of a checksum then? They use this on Unix/Linux Binary packages as well and also can be used on any file to validate it's integrity.


Certainly. If you use a checksum to verify that you have downloaded a closed source binary package (even directly from the original author) correctly, and the original author did deliberately include malware within that software, then all you have managed to do is confirm that you have a correct copy of the malware-containing package.

For example I remember Windows XP service pack 1 having a checksum key on in the installer properties ... if this didn't match what Microsoft had you had a duff/dodgy download.


Fine. I don't claim that this is not the case, and I do acknowledge that there is a great deal of perfectly legitimate closed-source non-malware software out there for Windows. Windows XP service pack 1 would be one such piece of software, no argument from me. So?

"BTW ... my agenda is merely to point out facts such as these to everybody, so they can make good decisions for themselves regarding which software they choose to run on their hardware. I make absolutely no apology for this agenda.


The thing is you "facts" aren't facts.
"

Oh yes they are. Each and every one of the claims I have made in this discussion is a verifiable fact.

They are opinions from someone that IMO doesn't really have any practical experience of developing or deploying software.


I am a project engineer by profession, leading projects which develop and deploy bespoke software. I have many years of experience. We supply source code to our customers.

Unless you work directly in the software industry as a developer or a manager for a development team you simply don't understand the landscape and the issues that developers face.


OK, so? I do happen to have many years of engineering experience at leading development teams.

Also you are biased in thinking that open sourcing everything is a cure to all software problems. This IMO couldn't be further from the truth.


You are of course as entitled to your opinion as I am to mine.

BTW, I have made no claim that "open sourcing everything is a cure to all software problems". That is your strawman argument. My claim here is only that users who stick to a self-imposed policy of only installing open source software will be guaranteed that their system never is compromised by malware. If you are going to argue against what I am saying, then this is what you must argue against. Friendly advice ... don't make up something I did not say, and argue against that ... doing that will get you nowhere.

"What exactly is your agenda in trying to disparage mine?


Because I think you are biased and do not presents the facts fairly.
"

And I think you are even more biased, you have no idea how to assess technical matters, and you simply do not heed what experienced people are telling you. How does this help the actual discussion?

Edited 2011-01-07 01:34 UTC

Reply Parent Score: 2

RE[7]: BC
by lucas_maximus on Fri 7th Jan 2011 12:03 in reply to "RE[6]: BC"
lucas_maximus Member since:
2009-08-18

It is a matter of adopting a self-imposed policy.


And you need to be educated, trained whatever you want to call it to do that. You don't do it if you don't understand that you need to do that.

Stop making circular arguments.

Reply Parent Score: 2

RE[7]: BC
by lucas_maximus on Fri 7th Jan 2011 22:02 in reply to "RE[6]: BC"
lucas_maximus Member since:
2009-08-18

Oh yes they are. Each and every one of the claims I have made in this discussion is a verifiable fact.


No they are not ... they are an opinion. You make circular arguments. Circular arguments have a fundamental problem and you just don't see it.

I am a project engineer by profession, leading projects which develop and deploy bespoke software. I have many years of experience. We supply source code to our customers.
OK, so? I do happen to have many years of engineering experience at leading development teams.


Don't believe it for a second. You linked me (in another discussion) to using C# binding for GTK when I said I will use Visual Studio and .NET because it works. This is crazy ...

You also said "What is soo special about source code" (in another discussion) ... if you lead software development teams you would know the sweat, blood and tears it takes to make a decent product and also the amount of money.

I also give my source code to my customers .. however in my contract states they may not disclose to 3rd parties else unless they ask for my permission. If they have their own developers they can work on it. Most customers are happy about this ... they pay extra if they want to own it.

BTW, I have made no claim that "open sourcing everything is a cure to all software problems". That is your strawman argument. My claim here is only that users who stick to a self-imposed policy of only installing open source software will be guaranteed that their system never is compromised by malware. If you are going to argue against what I am saying, then this is what you must argue against. Friendly advice ... don't make up something I did not say, and argue against that ... doing that will get you nowhere.


It is inferred in every post you make ... most people "read between the lines". It is certainly obvious to me, and other I have spoke to about your posts on OSNews.

And I think you are even more biased, you have no idea how to assess technical matters, and you simply do not heed what experienced people are telling you. How does this help the actual discussion?


I assess technical matter everyday. I think though decisions on a logical basis almost everyday of my life.

However you have an "open source" agenda that skews your thinking.

Also in software engineer experience only counts for so much ... and it not only me who thinks this ... The author of Code Complete also agrees with me, one of the best books on Software Engineering ever written.

Edited 2011-01-07 22:04 UTC

Reply Parent Score: 2