For years there has been the whole what is more secure, Open or Closed source? Microsoft has and still takes a beating over this. Truth, though, is a different thing.
We all have heard of Heartbleed by now. The 2 year old security gap in OpenSSL has been all over the news. During all of this, a hole in the much loved Chrome browser that will allow websites to turn on your microphone and record what you are saying was announced. Another bug that had been around for a while (August 2013). Meanwhile, the hated entity known as Microsoft has been pretty much unaffected by these issues. Maybe it is time to remove our preconceived and ancient thought over security in the Open vs. Closed Source world.
The argument has been, from what I have heard and can tell, that Open Source is more secure because you have more eyes looking at it. The code is open and out there so people can find the issues faster and with the collaborative nature of Open Source, will be patched faster. Truth of the matter, as has been shown over the past week, is that it is not the case, and security holes can get past this set of checks and balances just as they can in any Closed Source system. The surprising thing is how long it has taken to find Heartbleed. One would think, with all those eyes looking at the code, that it would have been found much sooner. Of course this has led to the theories of the bug being an NSA backdoor. True or not, the code was still out there for everyone to see.
Chrome is a slightly different issue. Here is a bug that was found over 6 months ago, that still hasn’t been patched. It was brought to Google’s attention and they sat on it. Could this be another NSA (or insert your favorite Government agency here) backdoor? A way to spy on you without warrants? We will never know for sure, but it does show one major hole. Our thinking of Open Source and security is not completely correct. It is not the be all end all.
What has been lost in this is that Microsoft, and its Closed Source implementations of SSL have been free and clear of the Heartbleed problem. Microsoft at one time was awful with security. In this day and age though, it has gotten a lot better. It is responsive to holes, and the amount of out-of-band patches and workarounds for Zero Days is quite speedy. In fact the biggest security holes in Microsoft systems, is usually Java and/or Flash. Flash is still Closed Source, but Java was at one point more open. Java also is embedded in the web very deep. Try using NoScript at it’s tightest levels and see how much of websites get blocked, and how many websites complain about Java not being turned on. Yet through all of this, Microsoft is the one that still takes the blame, especially in the public’s eye. That is because we, the ones in the know, have done little to reeducate the public, and ourselves.
Do not get me wrong. I have nothing but love for the Open Source community. Collaborative efforts are awesome, and the community puts out some fantastic software, and alternatives to Closed Source (and overpriced) programs. It just has to be realized that it is no more secure than Closed Source. In the end it is all about the eyes on the code and the people looking for the holes. Remember Security is a process, not a destination.
A couple of weeks ago, Verizon pushed ICS down to my Razr. I had been look forward to the upgrade for a while, but was it everything one wants?
The biggest problem with the Android OS is Google puts out a new version right about the time the Upgrades to the prior version come out. That being said, I finally got the ICS upgrade on my Droid Razr. With all the talk and positive things I had heard about ICS, I was excited.
The upgrade process was mostly painless, except for the notification coming at 4am on a work day. Once completed, I started looking for changes. First thing though was letting a number of my applications update. One of the biggest changes there was the Google+ app. The widget for it now showed actual posts, which makes my life easier, especially since I tend to forget about Google+ for days at a time (a post for another day).
The first bad thing about ICS I ran into was with my home button right after seeing the Google+ change. On Gingerbread, if you hit the home button once, it brought you to your home screen, and this hasn’t changed. Hitting the home button from your home screen on ICS does nothing, compared to Gingerbread which zoomed out and shows you all 5 screens so you could jump to a specific screen and not have to scroll to the far ones. This feature removal is a definite down side, although understandable since ICS is designed for devices without the 4 buttons below the actual screen.
The new set of customizable on screen quick start buttons is decent. the have put a nice App button there to bring you to the full application listing also. To add items to a home screen was completely different. You actually have to go into your main app list and hold touch on the itme. Apps that have widgets should show a widget app in the App screens also.
There are 2 big annoyances with ICS though. First is battery life, which already was limited on the Razr, has dropped even more. The second was after the upgrade, all the personalization I had done for ringtones, notifications etc, were gone. I wondered for a couple days why I was not vibrating when I got a new text message, until I figure this out.
Overall ICS has some good and bad. At this point in time, Android really reminds me of Microsoft and Windows. So many different configurations and hardware, the main company can’t keep up with it all, and the OEMs don’t care about keeping things current for their users. Instead they want you to buy new all the time.
The world of Technology is a fickle one. You can be a darling one minute and a hated evil empire the next.
There is a lot of talk going around on the technology websites. With all the announcements made recently there has to be. You have Microsoft’s Surface, Google’s Nexus 7, Apple’s new MacBook, and that is just the tip of the iceberg. As always there is much debate about what these things mean, not only to the world at large, but in terms of what a company is or is not. These opinions help shape the future of tech, and what company’s bottom lines will be. The problem is that those writing opinions are just that, opinions, but people take them as facts.
For instance, lets look at Microsoft and its reputation as an “Evil” empire. This thought, which started back in the 90′s, when Apple was on life support and when Microsoft was trying to outflank any competitor, mostly by using integration with less superior products. There was an Anti-Trust suit, Microsoft had to capitulate to oversight and allowing use of its APIs fairly. The tech world wanted Microsoft broken into multiple companies, like AT&T had been many years ago(and that turned out so well). Here we are now in an age where the world of technology is well more than just PCs. A world where overall, Microsoft is not that big of a player. Yes it still is the dominant PC operating system. The world of mobility though belongs to Apple and Google. The world of the internet belongs to Google and Facebook. Microsoft’s name and slips seem to measure bigger, get sounded louder, and last longer than any slip from any of these other companies.
Take a look at security and privacy. Microsoft has been working for years, and getting much better, at security. Third party applications, such as Flash and Java, have been the big holes into Microsoft systems recently. Yes there are still vulnerabilities found in Microsoft’s software, but the have gotten pretty responsive about patching those holes. Apple recently had the Flashback malware, which came through a Java exploit. A Java exploit which had a patch out from Oracle for 60 days before Apple decided to push it to the OSX machines out there. Apple has control over the updates that get pushed down to its devices. It doesn’t like playing with others. As a result, it has now changed its marketing about Macs and Malware, removing the idea that Mac’s do not get viruses from its marketing. There was a lot of talk about Apple’s problems with security, but overall it did not hurt Apple as a company. The average person didn’t even know about the whole deal. If it was Microsoft the whole world would have been down their throats and never forgotten.
For a second example of the hypocrisy in the world of technology, we can look at Tablets. Microsoft has announced it is making its own tablet called Surface. Most tech writers are pleased with this idea, but the OEMs are pissed. How dare Microsoft produce a tablet of its own. Yet when Google announced its own Tablet, the Nexus 7, these same OEMs had no issue with it. Apple produces the iPad, with utter control over it, and OEMs don’t complain. So why be up in arms over Microsoft? The issue at hand is that Microsoft has been burned by its partners on non-PC’s as of late (I won’t get into the whole HP PC stupidity). Think about it, Microsoft created a tablet type computer almost 10 years ago, besed on specific types of hardware, and the OEMs screwed it up, and overpriced it. Apple comes along with the iPad and its a revolution. Microsoft had the Windows CE phones (I had one and loved it back in the early 2000′s). The OS eventually got a bad rep as it became bloated, but when Microsoft fixed things with Windows 7 Phone were the OEMs ready to get back to producing items with it? No. For that matter, OEMs which have done the same thing with their support of Linux, claim to be supportive, and claim to be coming out with new products based on Microsoft technology, yet either come out with one item that is not pushed in the marketplace, or don’t ever come to market with the item. Now add on that Microsoft has its own store (like Apple), and you can understand why Microsoft would get into making a Tablet of its own.
The reality of it all is that people are letting certain things from the past cloud their judgement. They are not basing everything on the current facts only. Truth be told, Apple is a more controlling and “evil” empire because of its control than Microsoft is. Google has been shown to have a ton of privacy issues, as much if not more than Microsoft. Microsoft gets held to a higher standard because of their past and the Anti-Trust suit more than they should at this point. For technology to really grow right, we need to hold everyone to the same standards.