“For the second time in a week, Microsoft acknowledged that its initial estimation of a software flaw underrated the true threat posed by the vulnerability. The Redmond, Wash., giant said Thursday it plans to change the severity of a vulnerability in software common to Internet Explorer and other Windows applications from “important” to “critical.” The move was prompted by an in-depth analysis written by the security researchers who found the flaw.” Read the rest at ZDNet.
so, if you’re forced to update for security reasons does that mean that you will get some of the MS security drm?
ENGAGE RANT MODE >>>
God I’m getting sick of security exploits left, right and center on Windows systems. The time and effort I spend keeping Windows boxen up to date with patches patches patches and more damn patches I’d love to spend elsewhere. Why is it I have this problem with none of my other non-Windows systems?
It wouldn’t be so bad if there weren’t people constantly defending it – “it’s so widespread so it’s bound to be more vulnerable.” Not true! If I write a software package that meets, say, ASIO security standards, does it suddenly become less secure because 10,000 people are using it instead of just 10? Of course not.
There might be incompatibilities & bugs seen when it is distributed to those 10,000, but not a degradation of security, in both cases assuming the package is set up correctly.
And worst of all is the reporting of vulnerabilities; Microsoft likes the ability to pick and choose which alerts it releases, and when, within a 30-day period. That of course is their perogative, but in 30 days it could be my boxen that have been kiboshed due to a vulnerability I didn’t know about and couldn’t do anything to prevent. And this means? More time and effort picking up the pieces.
Before anyone gets into me about patching Linux systems, which I agree aren’t greatly secure either, please note that you get much greater flexibility for patching. There are no general Service Packs, rather just updates to individual packages. You can update from version A to version C, and not worry about version B. You can download the latest versions but choose to install them later. You can often obtain the source, and choose to build it now, or later. You can get the full story about new vulnerabilities usually within a few hours of its’ discovery. And on and on and on…
<<< DISENGAGE RANT MODE
If you use some insight, there are PLENTY of bugs and problems with linux. KDE, GNOME, Konqueror and mozilla all have plenty of bugs; Still, I feel that Mozilla can kick IE anyday and I use it on RH. My point is that Microsoft bashers like to promote the bugs on IE a bit too much.
I don’t mind bugs that much. There will always be bugs as no-one is perfect.
However, bugs can be minimized by adopting good coding & checking practices; this includes bugs that lead to vulnerabilities.
In open-source packages, the fact that anyone can, and often do, contribute means that the code may not have been written or checked with good practices. This is unfortunate but unavoidable.
However, for an organisation such as Microsoft, and indeed for any commercial vendor, I would like to think that use of such practices is a Corporate Standard for all products.
I’m not a Microsoft basher; never have been. But it ticks me off that just doing an every day task that could lead to a vulnerability being exploited, every time it seems to be with Windows, or included applications such as IE.
Hmm, on a re-read, I think my original post might be skirting the “No Trolling” rules. If so, my apologies, and feel free to mod down the post. I usually make it a habit to follow the forum rules.
God I’m getting sick of security exploits left, right and center on Windows systems. The time and effort I spend keeping Windows boxen up to date with patches patches patches and more damn patches I’d love to spend elsewhere.
I don’t understand what you mean. On my case, I’m a big WinXP user, and once every, say, 2 weeks, I do one click on “Update” icon, then I click on “Scan My System for Update”, then I click on “Download/Install”.
Total : 3 clicks in a row, then I let Windows download and install all the patch while I’m doing something else (games, work, browse, etc).
So I just don’t understand what you mean by waste of time.
Total : 3 clicks in a row, then I let Windows download and install all the patch while I’m doing something else (games, work, browse, etc).
Agree, especially when you can turn on the automatic update and it does it for you, and the fact that anti-virus runs and updates can be scheduled as well.
I do agree that there are a lot of security problems in Windows and I don’t attempt to make excuses for it, but the few minutes a month it takes to maintain my Windows box is minimal compared to the hours of hell & frustration one often encounters trying to get out of dependency hell and just all around making shit work right in Linux. There are definitely benefits to running Windows – security is not one of them
> God I’m getting sick of security exploits left, right and center on Windows
> systems. The time and effort I spend keeping Windows boxen up to date with
> patches patches patches and more damn patches I’d love to spend elsewhere.
> Why is it I have this problem with none of my other non-Windows systems?
Because most operating-system-specific attacks are against Windows.
> It wouldn’t be so bad if there weren’t people constantly defending it –
> “it’s so widespread so it’s bound to be more vulnerable.” Not true! If I
> write a software package that meets, say, ASIO security standards, does
> it suddenly become less secure because 10,000 people are using it instead
> of just 10? Of course not.
Yes, it does. Suddenly a potential hacker can cause 1,000 times more damage with one exploit. This means that more people will want to work on exploits for this target, which means that exploits will be more common, which means that it is even easier for less experienced people to launch an attack.
> There might be incompatibilities & bugs seen when it is distributed to
> those 10,000, but not a degradation of security, in both cases assuming
> the package is set up correctly.
A security problem is just a hacker exploiting a software bug (i.e., unchecked buffers). In any software that is directly or indirectly related to communication with the outside world, where there are bugs, there *will* be security risks.
> Before anyone gets into me about patching Linux systems, which I agree
> aren’t greatly secure either, please note that you get much greater
> flexibility for patching. There are no general Service Packs, rather
> just updates to individual packages. You can update from version A to
> version C, and not worry about version B. You can download the latest
> versions but choose to install them later. You can often obtain the
> source, and choose to build it now, or later. You can get the full
> story about new vulnerabilities usually within a few hours of its’
> discovery. And on and on and on…
More flexibility, many more problems. Linux would do well with better package management software, but right now it is a major mess. Do not misunderstand me; I do not like Microsoft’s security problems any more than the next guy, but at least they have a web site that installs patches in a few mouse clicks.
One thing I don’t understand is that why the heck do I have to dowload 13 megs of data to PATCH mozilla from 12.0 to 12.1?
Another bugging issue. Talking of XP Updates, it is much simpler than in Linux. Does anybody using XP see that in using automatic updating, the downloading of updates takes place in the background VERY VERY SLOWLY, or is it just my system.
I’ve also noticed that XP is a lot more buggy (especially IE 6), after upgrading from a FRESH COPY of Win98 SE. Much faster and cleaner in a new install.
Enough ranting there. To the MS security experts, I say, wait 5 years till Linux becomes popular on the desktop… you will be having more virii (and anti-virus apps) than you could ever want. Linux virii already does exist.
The updating issues are closing fast between the OSs. Redhat up2date also does auto updating and has done so since 7.1.
update times can be schedualed from the redhat network. to update ate a pre-determined time of choice. This feature is not part of the free OS but with a good OS for free they make their money from offering a good services. Not perfect but I have no problems to report from my own experiences. And Neither windows can claim perfection in update releases nor methods of release.
The My OS can beat up your OS mentality is quite old now, use what you like. weather that be Linux or windows. They both require diferent ways of thinking and not every one will agree on everything.
IMHO- I don’t think that the issues with virii in nix will ever amount to the hassles they are in windows. while yes the OS is opensource and virii makers could construct exploits concider that at the same time the source is also used to map and fix the prob. the rate of fixes in Open Source has already proven to be more timely.
By no mean am I knocking windows, but the nature and problems related to the frequency of exploits and not to mention that the fix one prob, create three more probs record of fixes for windows can cause frustration with those users that are cross platform comfortable.
All the good coding practices in the world won’t help software if the guidelines for the project place no emphasis on security.
There are undoubtedly areas where Microsoft programmers could improve the code they write, but more than that, the philosphical undercurrent in Redmond has to change dramatically.
IMHO- I don’t think that the issues with virii in nix will ever amount to the hassles they are in windows. while yes the OS is opensource and virii makers could construct exploits concider that at the same time the source is also used to map and fix the prob.
I don’t think the issue with virii in nix (or lack thereof) has anything to do with open source. The fact is that you’re simply not going to convince a bunch of savvy nix users to double click on an email attachment that promises to display a nude pic of Anna Kournikova.
How many times in Windows have we seen people get nailed by a variant of the same virus/worm that had been patched for months beforehand? I don’t think the number of exploits you see in Windows is directly proportional to how insecure Windows is, but more of a representation of how many people double click on anything that comes to them without thinking about it first. software updated, you have far less to worry about.
If you’re diligent about keeping your Windows box patched and your anti-virus. Not only that, but back in the old days (before hacking Windows became a professional sport), if you were to go on the web and check out hacking tutorials, every single one of them revolved around Unix, which leads me to believe that nix is not the end-all of secure operating systems, but simply a bit more secure than Windows
Fixing typo …
If you’re diligent about keeping your Windows box patched and your anti-virus software updated, you have far less to worry about.
Yes, I’m inclined to agree with your statments.
or did others read the headline as:
Microsoft Upgraded to “Critical Flaw” ?
😉
It is happening every week. I don’t want to spend my valuable time scamming through news which is not news.
It is happening every week. I don’t want to spend my valuable time scamming through news which is not news.
Too bad you’re not in charge of the news here then.
. Seriously though, if you don’t like the news coverage you can always read another site. Your time can’t be too valuable though if you had the time to click through the article, type a comment, and submit it, complaining about it (and all just to say you weren’t interested).
“A security problem is just a hacker exploiting a software bug (i.e., unchecked buffers). In any software that
is directly or indirectly related to communication with the outside world, where there are bugs, there *will*
be security risks. ”
It seems that a large proportion of security problems come from buffer
overflow.
Surely the programmer of an application should not be having to check
for this in the code? It ought to be handled automatically by the
programming language.
I suspect the basic problem is that people are using low level
languages, especially C and C++, for high level programming. Low level
languages are suitable for coding kernels and hardware drivers, not
for applications.
Ten years ago, when resources were very limited, it made sense to code
an entire paint program in assembler. No sane person would do that now
for a desktop system. Likewise, we need to move on to the use of
languages that handle all the memory requirements (allocating and
freeing memory for stacks, arrays, buffers,etc) automatically, and do
not use pointers.
The other problem, completely different, is allowing scripts to run
without explicit permission. Here getting the balance between security
and convenience right is more difficult. Microsoft went for
convenience.
What should I do Pat-the-genius? Every week, there is at least one “news” concerning another flaw in MS product. It deserves to have its own section. I just want it not to be mixed with the general news.
You cannot judge how valuable my time is Pat. Who are you anyway….
It would be difficult to do anything useful with this bug. A “Critical” flaw with the Linux operating system usually means vulnerable to remote compromise. It wouldn’t even be worth it to nitpick Linux at the same level.
What should I do Pat-the-genius? Every week, there is at least one “news” concerning another flaw in MS product. It deserves to have its own section. I just want it not to be mixed with the general news.
There are flaws in every product! Its just that the products that have the widest usage, receive more coverage. If you want a change in the layout of OSNews, you should try contacting one of the editors directly, they might not see your post attached to this article.
You cannot judge how valuable my time is Pat.
I was teasing you.
Who are you anyway….
Pat
C|Net, Zdnet’s owner, in recent weeks reported that Microsoft overrates the flaws by marking them more critical than they really are. Now they report this, but some “smart” people will think that Microsoft to save its ass always underrates the flaws.
1. How do you know that I am “Mr.”?
2. Editors do see my posts, we had lots of talks before with ex-editor Eugenia stemming from my posting to this section. Stop assuming. If it doesn’t work,
3. You were teasing me? Haha, just like me.
4. Who are you anyway Pat to tell me what to do. (apart from being a genius with a great sense of humour).
What should I do Pat-the-genius?
Who are you anyway Pat to tell me what to do?
You asked, I answered.
:). In all seriousness, if you feel this is incredibly important, feel free to contact me through email.
1. When you have answered for the first time, I have not asked you. Read the trail again.
2. I said “What should I do Pat-the-genius?” by implying the past, not the future. Sorry, English is my 3rd language.
3. I do not see any point in indulging in conversation with you. Get a life.
Posting on the forum in such small posts wouldn’t make Eugenia change her mind. In fact, she would consider it a troll, rather a constructive critic. The best way to do things with her and David Adams is to go straight to them in private and tell your whole objection in full and lay it all out based on logic rather than preference. Normally, you would get your way, unless he/she disagree with you.
Questioning the story here won’t get you anywhere. Put yourself in Eugenia’s shoes.
Get a life.
Sorry. I didn’t ask what you think I should do with my life.
Read the trail again.
Sorry I didn’t ask you to tell me what to do.
I guess I can be a pain too.
I have right to say what I think, as you have right to say what you think.
I said my opinion. It may affect the forums’ editors or not. But I will keep on saying my opinion everytime I see something wrong according to me on this site, since this site is unique from many perspectives, valuable to me, and I want to make it better from my point of view.
Every week, there is a bullet about new bug/security hole/flaw in MS product. This is not news. Here is the analogy: If a dog bites man, it is not a news, since it is happening all the time. If a man bites a dog, that is news. IG, No MS bug/security hole/flaw is discovered last month would be a nice news. =))))
:)))))))))
Pat sent me an e-mail, when I try to answer, I realized that s/he blocked me. So, I am posting it here:
Here is the mail:
============================================================
I will try to answer your questions civilly (politely) despite the fact that you could not do the same.
1. When you have answered for the first time, I have not asked you. Read the trail again.
What did you expect after you posted it in a public forum? Like I said if you wanted to have a dialog with an OSnews staff you could have contacted them. You said you have already done so, so why post it in the first place?
2. I said “What should I do Pat-the-genius?” by implying the past, not the future. Sorry, English is my 3rd language.
I realize you were being sarcastic anyway, so that is besides the point. Regardless, I did not tell you what to do. I said you had the option of going to another site. Maybe you missed that because English is your third language.
3. I do not see any point in indulging in conversation with you. Get a life.
I don’t understand this. Besides a small amount of teasing, I have done nothing hostile to you. You complained in a public forum, and I commented. Not everyone has the same views as you! Deal with it, or at least try to be mature about it.
Pat
==========================================================
Here is my answer Pat:
OK,
What did you expect after you posted it in a public forum? Like I said if you wanted to have a dialog with an OSnews staff you could have contacted them. You said you have already done so, so why post it in the first place?
1. You are assuming that I have talked to OSNews staff about this issue. I did not.
2. Even if OSNews staff says no, I have a right to express my opinion on the “public” forum. This is exactly what I will do everytime I see “MS Flaw” news. They have a right to moderate it down. I am playing their game within the
rules.
I realize you were being sarcastic anyway, so that is besides the point. Regardless, I did not tell you what to do. I said you had the option of going to another site. Maybe you missed that because English is your third language.
Well, I did not like your sarcastic tone in your reply, so I answered in the bitter way. I have a right to do so. OK, let me explain how I think in a better way: I do not want to go to another site, since OSNews is important for me. If I do not have the power to stop the postings that I find useless, or make them move ones to another place, then I have a right to protest it by sending why I find them useless to each useless post since it is “public” forum. Now, Martin, my Czech friend says if something does not come to you more than twice, it is not important. (I hope I am not missing anything in the translation, since I am translating this
from my 6th language to 3rd.)
Besides, if you don’t like my protests, you can always read other postings. (I am not saying you to what to do in the preceding sentence. I am saying you have an option of reading the other postings. You know, I may know be sure, since English is my third language.)
I don’t understand this. Besides a small amount of teasing, I have done nothing hostile to you. You complained in a public forum, and I commented. Not everyone has the same views as you! Deal with it, or at least try to be mature about it.
Teasing is a form of being hostile. You could comment in a nice way. I also commented in a bitter way. If you think that you may tease somebody that you don’t know after his/her first message, I believe I have a right to be bitter as a reply to your teasing. I did never say that everyone has the same views as me. “Deal with it, or at least try to be mature about it.” Thanks for telling me what should I do.
Cheers.
> It seems that a large proportion of security problems come
from buffer overflow.
>
> Surely the programmer of an application should not be having to check for this in
> the code? It ought to be handled automatically by the programming language.
>
> I suspect the basic problem is that people are using low level languages, especially
> C and C++, for high level programming. Low level
languages are suitable for
> coding kernels and hardware drivers, not
for applications.
Programmers need to learn not to write fragile code. Allocating a fixed amount of memory for data determined by anyone who happens to be using the software is simply a bad design decision. In C++ it would be almost trivial to create a class template that allocates a fixed-size buffer on the stack *and* throws an exception when an access occurs outside the buffer range. C, lacking templates, would be more challenging, and the resulting code would not be as clean.
> Ten years ago, when resources were very limited, it made sense to code an entire
> paint program in assembler. No sane person would do that now for a desktop system.
> Likewise, we need to move on to the use of languages that handle all the memory
> requirements (allocating and freeing memory for stacks, arrays, buffers,etc)
> automatically, and do not use pointers.
Sounds like modern C++ with the standard library and boost.
> The other problem, completely different, is allowing scripts to run without
> explicit permission. Here getting the balance between security and convenience
> right is more difficult. Microsoft went for convenience.
Exactly.
Could you please confine your petty arguments to private email correspondence? It is getting tiresome to have to wade through the comments discussing having to wade through news.
Since neither of you appear to have anything relevent to say, will both of you please just shut up?
The comments section of this site is becoming more of a pain every day, and with Eugenia leaving, the articles are going to go downhill as well.
Eugenia, install some sort of a Troll filter puhleeze.
Linux is geting easier, SuSE great easy to use distro. Why wear paper armor when you could be in the linux bomb sheltor?
Nicolas: Linux is geting easier, SuSE great easy to use distro. Why wear paper armor when you could be in the linux bomb sheltor?
Hi i do agree that it is possible to setup Linux to be more secure then Windows, definitely. But this requires that you know what you are doing.
. If someone has limited computer knowledge and is setting up a server (unfortunately happens all the time), Windows does in fact make the initial setup easier.
Croanon: Try the reply button.
Man you seem to have issues. The first being you take things posted on a message board way too seriously. The second being you have to inflate you ego by either letting everyone know you speak over half a dozen languages. Or you lie about speaking a mulititude of languages just so you think people will think you’re intelligent and insightful.
Pat I personally don’t think you’ve done any trolling, but until you stop being anonymous (by giving an email address) people will assume that by even just replying to flames you are a troll.
Surely the programmer of an application should not be having to check
for this in the code? It ought to be handled automatically by the
programming language.
I was actually just reading an article about this, (I’m learning about TCP/IP connections through C at the moment). Here’s the link if you are interested:
Blocking Buffer Overflow Attacks
http://www.networkmagazine.com/article/NMG20000511S0015
“…Talking of XP Updates, it is much simpler than in Linux. Does anybody using XP see that in using automatic updating, the downloading of updates takes place in the background VERY VERY SLOWLY, or is it just my system.”
MSFT designed the auto-updating in the background to use something called “drizzle” mode. What this means is, your machine is talking to MSFT’s update servers at a very, very slow rate in the background over a period of days or weeks, which is why you are only prompted to install updates once every three weeks or so after they have been fully downloaded. The scheduling of this is still somewhat ‘bursty’ but you will see it happening if you look for it with a IP traffic monitor. This drizzle-download technique is used to allow everyone out there to be able to get at MSFT’s updates while easing the burdon of network traffic on corporate and ISP networks.
Or, you can choose to do a full-speed download manually if you so prefer.
Cronoan, you are psycho. Please go away.
You do not have a right to say what should I do. =)
“There will always be bugs as no-one is perfect.”
This is nonsense! Stop proliferating the belief that the very nature of computers is that they are flawed and that there is nothing that can be done about it. This isn’t some kind of natural law of physics. There are TONS of products that work and function on a daily basis without demonstrating the endless number of mistakes, flaws, bad design and need for patching, fixing and workarounds that computers demonstrate constantly!
Stop furthering the belief that computers are some kind of special case in the universe were we need not demand some damned quality and responsibility from the makers!!!!!!
“Stop furthering the belief that computers are some kind of special case in the universe were we need not demand some damned quality and responsibility from the makers!!!!!!”
Problem is, Jace, that computers and their software are several orders of magnitude more complex than something like a cell phone or a DVD player, or any other electronics product out there. Take Windows, for example, at say 20+ million lines of code (incl. some of its essential middleware) – it has what (?) something like 10,000+ man-years of work that has gone into it. Dinky little cellphones just don’t compare to this, and even they have their problems too, which will require more patching and security fixes as time goes on and phones get more complex.
You aren’t telling me anything I don’t already know (I’m not being sarcastic). By saying what you are saying, I fear you are still missing the essential point: computers are badly designed, and the software is far worse.
Are you familiar with the space shuttle, stealth bomber or any modern combat planes in use today? These are frighteningly complex machines with tons of electronics. One small bolt falls off of the space shuttle or these jets and you get lots of dead people. However, the reliability of these machines and their electronics are several orders of magnitude greater, and they perform under far greater stress. It isn’t because they “aren’t computers.” It’s because they are designed to work and because there is accountability on the part of the creators.
Computers are not special cases unless we MAKE them special cases.
Not to sound like I’m fighting (I’m really not), the phrase you used about complexity is the second BS meme that I want to see abandoned. People need to think deeper and longer about these things before they spread these phrases around to others.
“I was actually just reading an article about this, (I’m learning about TCP/IP connections through C at the
moment). Here’s the link if you are interested:
Blocking Buffer Overflow Attacks
http://www.networkmagazine.com/article/NMG20000511S0015“
Thanks. A good short article.
“Are you familiar with the space shuttle, stealth bomber or any modern combat planes in use today? These are frighteningly complex machines with tons of electronics. … However, the reliability of these machines and their electronics are several orders of magnitude greater, and they perform under far greater stress.”
I think your faith in milspec systems is highly unfounded, Jace. I have read so many stories about half of a fighter wing’s F-15s being grounded because of some hardware/software glitch that is waiting to be solved, or the case of the F-18E having shitty low-speed aerodynamics according to the pilots because it was not designed correctly in the computer simulations (Northrop engineers were trying to figure out a way to ‘patch’ the problem), or the case of British special forces being trapped in Iraq during the 1991 operation because their radios didn’t work, and on and on and on…
The terms SNAFU (situation normal, all f*cked up) and FUBAR (f*cked up beyond all repair) originated in the military for very good reasons.
I could point out plenty of military/aerospace systems projects that were total disasters – how about those two Mars probes that ‘completely vanished’ on NASA when they tried to land, or the very recent Ariane 5 explosion that destroyed two multimillion-dollar satellites that techs spent much of their careers building by hand over a number of years, or the utter failure of the new national air-traffic control system project that was abandoned after hundreds of millions of dollars have been wasted some years back? The list is endless.
The only military/aerospace systems that are so reliable are the ones that a) have spent millions on QA processes that the civilian computer industry cannot afford, b) have been around long enough so that they are well understood and proven because they are ‘old’ technology, c) are embedded systems that are very inflexible in their functionality, totally unlike a general-purpose computer, so that they can be designed with much more constraints and restrictions in place (this would cover most military aircraft avionics systems).
I think you should probably be thankful that Windows and Linux work as well as they do at this point, instead of complaining.
WINDOWS! It has millions of lines of code!
From: Jace
Stop furthering the belief that computers are some kind of special case in the universe were we need not demand some damned quality and responsibility from the makers!!!!!!
There’s a difference between accepting the bugs and accepting the facts.
I’m not one that believes in saying “Oh… it crashed… oh well, that’s OK, I’ll just get on with life…”. I agree that there is no good reason why desktop applications software can’t be every bit as reliable as mission-critical systems that have four-nines reliability (> 1 hour of downtime in a year). It’s infuriating to see claims to the contrary ESPECIALLY by certain large commercial software vendors.
However, some developers do take this seriously. They are experienced, they use good coding practices, and they make sure their work is comprehensively tested. But despite all of that, chances are there will still be bugs in the software; rather than being a weakness on the part of the developer, that is simply the case of the developers not being perfect (in the same way that no human being in existence is perfect), or of conflicts that arise in a particular platform combination that the developers did not have access too.
Fortunately, it’s easy to tell the difference between the developers that do try to get the bugs out of their software and the developers that, through inexperience, lack of listening to feedback, lack of interest, or corporate policy, don’t worry about quality software.
CROANAN! He is one big waste of life!
See how little trolling adds to the discussion?
I understand what you’re saying. Indeed, there are still problems in that area (military and NASA). Granted, I think one of the losses you referred to in NASA’s excursions was due to the fact that this idiotic nation never converted to Metric ages ago. It was a human error, math conversion, on the part of a technician at the moment, not in programming (if memory serves). That’s the element you can’t get rid of. Human error. You can, however, minimize it through study and redesign and such.
The computer industry is infantile compared to most others and that is certainly one reason why it is so low on the quality scale. This should not be an excuse, though.
Still, with all the FUBARs and such, the general functionality of most things in the world is far greater than that of PCs. It would be nice if I did some research and wrote this all down with cited evidence and all, but right now I am going on my experience as a consumer in a world of stuff.
As for the computer industry not having the money to do the research and such.. I don’t think that’s true at all. Especially with software. After the initial time investment to develop the software, there’s almost a 100% profit made on it. There’s almost no cost to produce and distribute the product (and if you don’t sell it physically, the cost is even lower).
Your point about things that are generally stable and working are older technologies… this is quite right. How old is the computer industry? Where do we begin the measurement? At the first Unix or at the first home computer? After more than 20 years, we should have something better than this. Maybe this is what other industries went through (wouldn’t surprise me), but after a certain point, something has to change. I think we are either on the verge of this changing point but I have a great fear that it will be missed. One reason is that computers are such a gee-wiz technology that people have a tendency to love it out of sheer fascination. They give it more benefit of the doubt, more devil’s advocation (can I say that?) than other products would get because it’s all so hyped and glamerous (which is far from what it was when I started). So many people idolize this stuff so much that the real problems just fly over their heads. The computer industry is also setting dangerous precidents with quality control and contractual agreements. We have a law in some states that makes the EULA of software legally binding (though many suggest that one court case would smash this, it’s still yet to be tested).
With all the focus on making money from nothing that this industry gets, we see other industries trying to work the same way.
Look at the examples: Businesses (for example, MetaCreations when they sold Carrara version 1 and Kensington when they sold their VideoCAM product) want to shove the (unready and flawed) products out the door at next to zero cost for development. They want to make money instantly, rather than be sure the product works in the real world. They have no reason to fear any sort of action against them because no one does anything about it and everyone has their EULA plastered all over the place to tell people that they have no rights.
Has this happened before with car companies (products sold at less than acceptable quality)? Sure. We have laws to protect consumers from this kind of thing now. That’s what I want to see with the computer industry.
But, back to those dangerous precidents…
What happens when car companies try to tell you that the problem with your car is not covered under warranty because it’s a software flaw (which, according to the EULA, says they do not warrant in any way)?
Yes, I AM complaining, but I’m not JUST complaining for the hell of it. I think there’s a stable soapbox to stand on here, with this topic. Since I work in technical support and have worked with end users for years, I see that the general state of things is rather bad for the consumer. The more that I want to just use computers instead of fiddle with them nonstop, the more angry the situation makes me. I see how people react to computers. They think that they are the problem or that they are unable to learn how to use computers. It’s nonsense. The computers are the problem and until this becomes more than common knowledge and people begin to actively be concerned about it, nothing will change. A surprising number of people just don’t see that there is a serious problem here.
I am NOT thankful that Windows or Linux (or MacOS) work as well as they do. For me, they barely work at all. They are still geek toys, with geek level learning curves, tons of design problems and mistakes that are being sold at premium (even Linux) under the guise of being a consumer-ready and consumer-friendly product. Which they are not.
To me, it’s not splitting hairs. It’s a big issue that few people even consider.
Why do I bother… it’s not like anyone will read this… it’s too old…