Linked by Thom Holwerda on Wed 5th Jan 2011 22:09 UTC
Windows And this is part two of the story: Microsoft has just confirmed the next version of Windows NT (referring to it as NT for clarity's sake) will be available for ARM - or more specifically, SoCs from NVIDIA, Qualcomm, and Texas Instruments. Also announced today at CES is Microsoft Office for ARM. Both Windows NT and Microsoft Office were shown running on ARM during a press conference for the fact at CES in Las Vegas.
Thread beginning with comment 456276
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: BC
by lemur2 on Fri 7th Jan 2011 01:18 UTC in reply to "RE[5]: BC"
lemur2
Member since:
2007-02-17

"The problem is that almost all malware is also distributed as closed-source binary executables only, and that (being closed source) there is no way that anyone other than the creators of any given piece of such software can tell the difference. No amount of user education will change the fact that no-one (other than the authors of the software) can tell if a given closed-source binary executable does or does not contain new malware.


And that is why you get the software from the original author, and guess what ... if you educate someone to always get the software from the original author ... mmmmm.
"

The point is that if the original author is a malware author, then even going to the trouble of getting software directly from the original author won't prevent it from containing malware.

Furthermore if someone is so uneducated as to how to to avoid threats how will it being open source help ???


It is a matter of adopting a self-imposed policy. Linux distributions all maintan repositories of source code, and parallel repositories of binary executables compiled from that source code. Anyone at all can download the source code and verify that compiling it produces the corresponding binary executable. This means that people who did not write the code can nevertheless see what it is in the code, they can compile it for themselves to verify the integrity, and they are users of that code on their systems.

Any user adopting a elf-imposed policy of only installing software directly from such repositories is guaranteed to never get a malware infection on his/her system. There is a very long history of vast amounts of open source software delivered via this means which proves this claim.

A malware author can just offer an "alternative download source" and stick a key logger in there for example ... having the source won't help because the uneducated simply won't know any different.


Yes, it will make a difference. Every single user doesn't need to know how source code works, just one user needs to download the source code and discover the keylogger within it, and "blow the whistle" on that code. It can then be added to a blacklist for all users. It only takes one person to spot the malware, out of millions of users.

Also you obviously haven't heard of a checksum then? They use this on Unix/Linux Binary packages as well and also can be used on any file to validate it's integrity.


Certainly. If you use a checksum to verify that you have downloaded a closed source binary package (even directly from the original author) correctly, and the original author did deliberately include malware within that software, then all you have managed to do is confirm that you have a correct copy of the malware-containing package.

For example I remember Windows XP service pack 1 having a checksum key on in the installer properties ... if this didn't match what Microsoft had you had a duff/dodgy download.


Fine. I don't claim that this is not the case, and I do acknowledge that there is a great deal of perfectly legitimate closed-source non-malware software out there for Windows. Windows XP service pack 1 would be one such piece of software, no argument from me. So?

"BTW ... my agenda is merely to point out facts such as these to everybody, so they can make good decisions for themselves regarding which software they choose to run on their hardware. I make absolutely no apology for this agenda.


The thing is you "facts" aren't facts.
"

Oh yes they are. Each and every one of the claims I have made in this discussion is a verifiable fact.

They are opinions from someone that IMO doesn't really have any practical experience of developing or deploying software.


I am a project engineer by profession, leading projects which develop and deploy bespoke software. I have many years of experience. We supply source code to our customers.

Unless you work directly in the software industry as a developer or a manager for a development team you simply don't understand the landscape and the issues that developers face.


OK, so? I do happen to have many years of engineering experience at leading development teams.

Also you are biased in thinking that open sourcing everything is a cure to all software problems. This IMO couldn't be further from the truth.


You are of course as entitled to your opinion as I am to mine.

BTW, I have made no claim that "open sourcing everything is a cure to all software problems". That is your strawman argument. My claim here is only that users who stick to a self-imposed policy of only installing open source software will be guaranteed that their system never is compromised by malware. If you are going to argue against what I am saying, then this is what you must argue against. Friendly advice ... don't make up something I did not say, and argue against that ... doing that will get you nowhere.

"What exactly is your agenda in trying to disparage mine?


Because I think you are biased and do not presents the facts fairly.
"

And I think you are even more biased, you have no idea how to assess technical matters, and you simply do not heed what experienced people are telling you. How does this help the actual discussion?

Edited 2011-01-07 01:34 UTC

Reply Parent Score: 2

RE[7]: BC
by lucas_maximus on Fri 7th Jan 2011 12:03 in reply to "RE[6]: BC"
lucas_maximus Member since:
2009-08-18

It is a matter of adopting a self-imposed policy.


And you need to be educated, trained whatever you want to call it to do that. You don't do it if you don't understand that you need to do that.

Stop making circular arguments.

Reply Parent Score: 2

RE[8]: BC
by lemur2 on Fri 7th Jan 2011 13:09 in reply to "RE[7]: BC"
lemur2 Member since:
2007-02-17

"It is a matter of adopting a self-imposed policy.


And you need to be educated, trained whatever you want to call it to do that. You don't do it if you don't understand that you need to do that.

Stop making circular arguments.
"

Actually, you don't need to be trained at all.

For example, on an older Ubuntu system, there is an application right on the topmost level menu called "Add/remove applications".

Click on that. It will present you with a searchable list of available applications organised into categories, with those that are already installed marked with a tick in an adjacent box.

Click un-ticked boxes to select new applications to be installed, and un-tick existing ticked applications to select them to be removed. Click apply.

This installs applications from the Ubuntu repositories, or removes them from the local machine.

Here is a picture so that you might get the idea:
https://help.ubuntu.com/community/InstallingSoftware?action=AttachFi...

Recently, this has been replaced in Ubuntu (not Kubuntu) with the Ubuntu Software Centre:

http://en.wikipedia.org/wiki/Ubuntu_Software_Center

http://www.ubuntu.com/desktop/features
"Get all the software you need

The Ubuntu Software Centre gives you instant access to thousands of open-source and carefully selected free applications. And now you can buy apps too. Browse software in categories including: education, games, sound and video, graphics, programming and office. All the applications are easy to find, easy to install and easy to buy."


So, in order to follow such a self-imposed policy, all that an Ubuntu user needs to do is simply stick only to the Ubuntu Software Centre to install software. Use no other methods even if you read something on a website.

Simple. Everyone can do it, it is dead easy.

You are guaranteed to get no malware if you stick to installing software only via the Ubuntu Software Centre.

Other Linux distributions also have similar tools to install software from the distribution's repository, although not all of them are quite as easy to use.

Here are a couple:
http://en.wikipedia.org/wiki/KPackage
http://en.wikipedia.org/wiki/File:Kpackage_3.5.5.png

http://en.wikipedia.org/wiki/Synaptic_%28software%29
http://en.wikipedia.org/wiki/File:Synaptic_screenshot.png

The principle is the same, however.

Edited 2011-01-07 13:19 UTC

Reply Parent Score: 2

RE[7]: BC
by lucas_maximus on Fri 7th Jan 2011 22:02 in reply to "RE[6]: BC"
lucas_maximus Member since:
2009-08-18

Oh yes they are. Each and every one of the claims I have made in this discussion is a verifiable fact.


No they are not ... they are an opinion. You make circular arguments. Circular arguments have a fundamental problem and you just don't see it.

I am a project engineer by profession, leading projects which develop and deploy bespoke software. I have many years of experience. We supply source code to our customers.
OK, so? I do happen to have many years of engineering experience at leading development teams.


Don't believe it for a second. You linked me (in another discussion) to using C# binding for GTK when I said I will use Visual Studio and .NET because it works. This is crazy ...

You also said "What is soo special about source code" (in another discussion) ... if you lead software development teams you would know the sweat, blood and tears it takes to make a decent product and also the amount of money.

I also give my source code to my customers .. however in my contract states they may not disclose to 3rd parties else unless they ask for my permission. If they have their own developers they can work on it. Most customers are happy about this ... they pay extra if they want to own it.

BTW, I have made no claim that "open sourcing everything is a cure to all software problems". That is your strawman argument. My claim here is only that users who stick to a self-imposed policy of only installing open source software will be guaranteed that their system never is compromised by malware. If you are going to argue against what I am saying, then this is what you must argue against. Friendly advice ... don't make up something I did not say, and argue against that ... doing that will get you nowhere.


It is inferred in every post you make ... most people "read between the lines". It is certainly obvious to me, and other I have spoke to about your posts on OSNews.

And I think you are even more biased, you have no idea how to assess technical matters, and you simply do not heed what experienced people are telling you. How does this help the actual discussion?


I assess technical matter everyday. I think though decisions on a logical basis almost everyday of my life.

However you have an "open source" agenda that skews your thinking.

Also in software engineer experience only counts for so much ... and it not only me who thinks this ... The author of Code Complete also agrees with me, one of the best books on Software Engineering ever written.

Edited 2011-01-07 22:04 UTC

Reply Parent Score: 2

RE[8]: BC
by lemur2 on Sat 8th Jan 2011 12:32 in reply to "RE[7]: BC"
lemur2 Member since:
2007-02-17

Also in software engineer experience only counts for so much ... and it not only me who thinks this ... The author of Code Complete also agrees with me, one of the best books on Software Engineering ever written.


I didn't say I was a Software Engineer, I am a Systems Engineer.

http://en.wikipedia.org/wiki/Systems_engineering

Software is but one part of a system.

The type of systems my teams engineered are Cockpit Procedures Trainers (CPT) and Flight Training Devices (FTD). These indeed take a number of years to build, and there is much blood, sweat and tears to go into it. A decent FTD may use as many as twenty PCs to drive various simulated cockpit screens and the outside world visuals and other player tactical simulations.
http://en.wikipedia.org/wiki/Flight_simulator

This represents a bucketload of software and hardware all integrated together into a complex system. It is actually more complex than the aircraft being simulated.

Perhaps this might give you a feel for the scope of such a project:
http://www.cwu.edu/~aviation/facilit_simlators.html

Having said that, a full-feature A grade movie takes just about as much effort, and that venture is protected only by copyright.

Anyway, back to software ... if one's team had to write the entire software from whoa to go, it would be impossible (the final software deliverable occupies about 20 CDs, and even that uses common components such as the same OS on most machines). The airframe would reach end of life before the simulator on which to train the pilots was ready.

The best approach to providing software for a complex system is to use as much as possible of what already works and is proven.

For example, for the outside world graphics subsystems, we sometimes used this solution:
http://real-time.ccur.com/solutions_businessneed_imagegeneration.as...

The point is that even though this solution is based on open source, we still paid for it, and we still paid about twenty software engineers to integrate with it and write aircraft-specific parts of the FTD software, and it was still part of an overall engineering solution, and money was still made on the deal by both us and Concurrent. To re-use open source solutions for components of the overall system was better for us, better for our customer, better for the whole life-cycle cost (including software maintenance) of the solution because the customer got all the source code, and we got the FTD product out the door at about the same time as the real aircraft was first comissioned.

Where is the problem?

Edited 2011-01-08 12:46 UTC

Reply Parent Score: 2