Register says DFS is wrong... 679

Curses, hit send too soon and didn't edit the outgoin article before the newsserver sent it, oh well, I'll just add on what I said to the rest of your bullpoo here.

do you release the sources to your users? If not, then the only way they can report flaws is the hard way, by using your slopware. Security flaws aren't found easily in closed source stuff, it takes a lot of prodding and probing and sending invalid packets to find a flaw in something that isn't open to see. (that doesn't stop it from being found though, but your users probably wouldn't find it)

Security through obscurity isn't exactly a very good security model. Is it?

3) none of the above. Nothing is perfect. (and there's no such thing as nothing, even the vacuum of space has particles floating in it)

No, the job of an author is to write, he has no obligation to promote anything.

If everything WAS equal, it might mean that, but it isn't is it? Microsoft doesn't submit its source code for peer review does it? No. Microsoft don't reveal all their vulnerabilities as soon as they're found (and then fix them within a week) do they? No. Microsoft doesn't have 2000 commonly used packages as part of their "distribution", do they? (6000 of the ones on gentoo are probably obscure, hobbyish or specialist programs few people would want)

Again with the hypocrite. OK, loony, one post, just one. Just post the snippet from it here that reveals my hypocrisy. Just one?

Awwww go one, you can do it, if you try. (It'll take a lot of out of context editing to make it look bad though)

Either that or look up hypocrisy in the dikshunairy.

Does microsoft report its security flaws and issue fixes within days of them being found? Or does it sit on them for months, trying to cover them up, and then release a big patch that attempts to fix 5 of them, whilst breaking 3 unrelated things in the system?

Does microsoft open their source code for anyone to view? I don't care if you say "no-one peer reviews linux slopware", because you could never prove that. There're security specialists, hobbyists, generally curious people who can and do look at the source code for linux-gnu apps all the time, every day.

Nope. Doesn't work like that. OK, how's this for an argument... Microsoft make billions per year in profit (true or false?) Now, for one company to make that much profit, don't you think some of that should be ploughed back into development? Specifically security? What? it is? Well, not enough of it is.

bollocks, you are.

Face it doofy, windows was built on sand, and you know what happens when the tide comes in, don't you.

Microsoft was NEVER interested in security... well, not until it came and bit them on the behind, anyway.

Windows was never designed with security in mind, as a result, its entire framework has a lot of holes. Security added to an insecure system as an afterthought will never be as secure as a system with security designed in from the start.

And now? Microsoft is sooooo afraid of the upstart from finland with a penguin fetish, they've put into their precious little EULA that publishing benchmarks comparing windows with other OSes is now forbidden without their permission. (I imagine that also covers such things as independent security audits)