A Bad Month for Firefox 195
marty writes "Februrary is not a good month for Mozilla developers. Infoworld reports about the efforts of Polish researcher Michael Zalewski, who apparently kept finding new vulnerabilities in the popular browser on a daily basis through the month, first postponing the 2.0.0.2 update, and then finding a remotely exploitable flaw in it immediately after its release."
Compelling reasons to switch to 2? (Score:3, Insightful)
Re: (Score:2, Funny)
Re:Compelling reasons to switch to 2? (Score:5, Informative)
You're also missing the annoying UI design and worse performance.
I agree that the UI is not the most pretty thing ever envisioned (why does everyone go for ROUND shit now? let me guess, the UI designers have Macs) but performance wise it got better. also it's more stable and the integrated session management allows you to get rid of all the clunky extensions that tried to provide sessions (along with the kitchen sink)
there's also tabbed browsing improvements and other features. GP, check the changelogs.
Compare against the best. (Score:3, Interesting)
Maybe Firefox 2 is faster than Firefox 1.5. But compared to Opera, Konqueror and Safari, it's still quite slow and extremely bloated. Apparently it's also quite insecure, too.
KDE 4 is getting very close to being released. It's native support for Windows will bring Konqueror to
Re:Compare against the best. (Score:5, Informative)
I use Firefox and Opera on Windows, Safari on OSX, and I have occasionally used Konqueror, but I'll admit, not as frequently. However, I've never noticed a perceptible difference in speed or obvious bloat between Firefox, Opera, and Safari. "quite slow" and "extremely bloated" are obviously complete fabrications...
Re:Compare against the best. (Score:4, Interesting)
Nowadays if some page's slow to load I think "slow page" instead of "slow browser".
OTOH I use *lots* of tabs and there are major differences in memory consumption. On my PC Opera needs about 250-350MB of RAM for 100 tabs, Konqueror 400 and Firefox between 800 and 1.5GB.
Re: (Score:2)
Re: (Score:2)
Perhaps you have spyware or too many plugins installed or something. When I right-click on a link in Firefox, it's pretty much instantaneous. I'm not a Firefox fanboy or anything, but I really have never had to wait any length of time for the right-click menu to open up. My guess is it has more to do with your specific installation than any sort of broad problem with Firefox.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Just for full disclosure, I use Konqueror as my primary browser on all *nix systems, and Opera everywhere Konquero
Re: (Score:2)
No, they won't. "why?" do you ask? Because THERE IS NO SPEED DIFFERENCE! . Know this: if you need a benchmark to prove that something is faster than something else then it is not faster enough to be noticeable.
I tested konqueror, Opera , firefox and IE. All four browsers take the same time to render the same page : less than A SECOND! (And this is a fairly s
Re: (Score:2)
Given how the UI looks and acts on a Mac, I can assure you that this is not the case.
Re: (Score:2)
Nope, if the UI designers had Macs, I wouldn't have to download a theme to get it to look good in Mac OS!
Re: (Score:2)
[...] massive problems with stability in 2.0
I guess it's like with soylent cola -- the taste varies from person to person. I've been enjoying it all the way, through Phoenix/Firebird/Firefox and now 2.0. The only things that caused grief were fucked extensions, not the browser itself.
I'll be switching back to 1.5 as soon as I find a mirror to get the old version from.
there you go [mozilla.org]. have fun.
Re: (Score:2)
Yes: when the app crashes for whatever reason, Firefox 2.x automatically offers you the opportunity to reload the pages (and tabs) that you had open before the crash. I can't think of any other compelling features of Firefox 2.x, but to me, this alone is worth it. It's very handy, also, when the browser hasn't completely crashed but is just mildly wedged.
I believe you may be able to get basically the sam
you are missing 1.5.0.10 (Score:2)
Re: (Score:3, Informative)
If you are using your Web browser to do critical jobs like online banking, you should continue to use the latest iteration of Firefox 1.5. The la
Bottom line (Score:5, Insightful)
Granted, I do think Firefox is far superior to other browsers on the market, but I don't think that this should surprise anyone. At least Firefox is being fixed quickly. I suspect other software companies may not have held back their release times on upgrades to fix additional bugs. ("Don't worry now, just get this new version out before the deadline, we'll fix it later...")
Re:Bottom line (Score:5, Insightful)
Re: (Score:3, Interesting)
(insert devil's advocate)
But for how much longer? the more positive attention fox draws from the unwashed masses, the more negative attention will turn in that direction from malware developers. If you go from 5% marketshare to 25% marketshare - your percentage of people looking for and finding bugs for good would drop through the floor. Think of it like this - Maybe one out of ever
Re: (Score:2)
Re: (Score:2)
Except that with the Fox, half of the people looking for and finding bugs are doing so in order to help get them fixed.
(insert devil's advocate)
But for how much longer? the more positive attention fox draws from the unwashed masses, the more negative attention will turn in that direction from malware developers.
If you go from 5% marketshare to 25% marketshare - your percentage of people looking for and finding bugs for good would drop through the floor.
Think of it like this - Maybe one out of every ten of my FFX using friends actually do any app-dev work. Is that accurate? Maybe 10% of all users? If more 'regular people' started using FFX, ditching IE, you think you're still going to have 10%?
Safari and FFx are safe for now, because they're not being targeted by hundreds/thousands/millions.
I would contend that 10% is a wildly inaccurate estimate. There are millions of FF users, including my parents, sister and all of my friends/professors here at the University. There might be one person among that group who has contributed code... I doubt 10% of the FF user base has the knowledge or technical ability to patch/hack Mozilla source. Perhaps 10% contribute if you include QA/Bug reports/Documentation etc, but not "App-Dev" work.
Two years ago Firefox Downloads passed 25,000,000 [mozilla.org]. To illustrate
Re: (Score:3, Funny)
Bottom line - the more people use Firefox, the more people look for bugs and vulnerabilities, the more people find them. The same thing happened with IE.
But, how can that be ? We are constantly being told marketshare is irrelevant !
No we're not (Score:2)
Re:No we're not (Score:5, Informative)
"Conclusion? Apache has predictably shown more vulnerabilities than IIS versions over the same time period"
Conclusion? Apache has predictably reported more vulnerabilities than IIS versions over the same time period
FYP
Re: (Score:3, Funny)
Oh I know, I know, it's bloated, it has features 99% of users never use, but darn it, I'm one of those 1% of users and I need my full-featured curses-enabled links console browser! Point-and-click, baby!
Re:Bottom line (Score:4, Insightful)
As much as I am annoyed by MS for their practices, that particular one is perfectly reasonable and acceptable.
If the overall program was not managed that way, they would have chaos. Every potential change to the main configuration has to be assigned to a given build and release. The place to attack the "problem" is in how they assign priorities to problems and bug fixes. The criteria for Critical and Non-Critical bugs, for High, Medium, and Low Risk threat and fixes are where software quality hinges. MS does it one way, Mozilla a different way. To some extent they will converge. Hopefully for us all, not too much. But definitely they will converge. If they don't do effective Configuration Management, they don't know what they have, and they can't be sure about what results they will get. The development process is tricky enough without deliberately adding random uncertainty to the process. If it means delaying a given fix for some period of time, so be it.
I would not be at all surprised to see Mozilla eventually adopt a variant of the MS "Update Tuesday" model. For all but the Most Critical changes, just hold all updates them bundle them and push them at the end of the next week/month/quarte. One thing they already do better than MS is to fully declare a new revision, rather than just issues a patch and updat a table with the information. Makes it easy for humans to know at a glance what revision they are at. (By the way, I got 1.5.0.10 shoved at me last night)
Re: (Score:2)
Far superior? I think you need to backup that painfully abstract and non-obvious statement.
I just cranked up my copy of Firefox 2.0.0.1 today after some time has passed since I last used it. I have it set to a blank page. You know what the first thing it asked me was after firing it up? It wanted to know if I wanted to set a "cookie" for the site "newsrss.bbc.co.uk" This would have been normal except for the fact that I hadn't yet eve
That's a Live Bookmark (Score:2, Informative)
It's located in Bookmarks -> Bookmarks toolbar folder (at least on my installation), and in the bookmarks toolbar.
Opera (Score:2)
A bad model? (Score:5, Insightful)
"Although Snyder said she would prefer it if Zalewski and other researchers would disclose vulnerabilities to Mozilla before taking them public, she said the company relies on such experts to help it keep customers protected from attacks, as painful as the reports may be."
Your model is bad. (Score:3, Insightful)
No. It's how it work with microsoft, it's not how it works with open source software.
With Firefox, if you disclose a hole to the public there's also a higher chance that someone outside the foundation, from the public, could try to fix the hole. (Which could be not to much difficult for an outsider if the fix is just adding a check to avoid invalid input). If you only disclose
Re:Your model is bad. (Score:5, Insightful)
I can't see any valid reason for someone not to report to Mozilla first, and to expect a reasonable and speedy response, then oing public if a fix is not in place inside a sensible timescale. To do otherwise suggests the researcher is more interested in self publicity than in protecting users of the browser.
Incentives (Score:2)
Re: (Score:2)
There already is an incentive in place: not having people think you are an arrogant dick.
What's worse? (Score:5, Insightful)
The measure of success is whether the bug(s) found in Feb are new additions added by sloppy coders, or legacy bugs that have so far escaped notice?
Tom
Re:What's worse? (Score:5, Informative)
Re:What's worse? (Score:5, Interesting)
Some people like the press it gets for finding them too.
That being said, some projects react bad to bugs. GCC is an example of a group who react well to them. I've had several PR's fixed because of a simple ICE or asm dump I sent in. Whereas in the Linux camp, bug fixing is a royal right only a few can have. When I wanted to add device IDs for Intel NICs to the 2.6.18.2 [iirc] kernel I submitted a patch which added them. It was refused saying that they would be added in the next major release cycle. Even after I told them that they could trivially be added to the next point release they still refused. Oddly enough the maintainer, a Gentoo developer, added them to the gentoo brand of the kernel anyways. Go co-operation!
I dunno, for me it's a sense of responsibility. If I'm going to release software that can potentially cause problems for others, I make sure I respond to valid reports as soon as possible. I don't look at it as a negative experience because for me the alternative is to stop sharing the code alltogether.
Tom
Re: (Score:2)
Whereas in the Linux camp, bug fixing is a royal right only a few can have. When I wanted to add device IDs for Intel NICs to the 2.6.18.2 [iirc] kernel I submitted a patch which added them. It was refused saying that they would be added in the next major release cycle. Even after I told them that they could trivially be added to the next point release they still refused. Oddly enough the maintainer, a Gentoo developer, added them to the gentoo brand of the kernel anyways.
So you tried to add the ids to
Re: (Score:2)
My complaint isn't that they weren't added, it's that the maintainer refused to add them to the vanilla kernel [e.g. at kernel.org] and instead horded them for Gentoo-sources [even though I run gentoo I still feel this is wrong]. Eventually at the next major release they were added. So it's not that the device IDs were wrong or caused problems. It's that the developer didn't want to share them with the rest of the Linux crowd.
You should ask Jean-Luc
Re:What's worse? (Score:5, Interesting)
My complaint isn't that they weren't added, it's that the maintainer refused to add them to the vanilla kernel [e.g. at kernel.org] and instead horded them for Gentoo-sources [even though I run gentoo I still feel this is wrong]. Eventually at the next major release they were added. So it's not that the device IDs were wrong or caused problems. It's that the developer didn't want to share them with the rest of the Linux crowd.
Or more to the point: the maintainer knew they would never be accepted into the stable branch kernel until, at the very least, they were tested in the dev branch first.
The maintainer doesn't have the final say. It's the stable team that decides in the end and they have only gotten more strict now that there are shorter dev cycles. Also, I didn't say that they did cause problems I said they could in theory cause problems and there is no way to know for sure until the new ids have been well tested. The change was quite probably safe but I'm astounded your whining that they would not throw improperly tested code right into the stable branch. I've seen simple device ID additions cause crashes. I've had them crash MY system. It's rare but it happens. That's why I update my servers with the stable branch and run my personal stuff on the more cutting edge devel kernels.
You should ask Jean-Luc Cooke about his experience trying to replace the horrible /dev/random device with one based on Fortuna. He got the same royal decreed from Ted T'so about "who owns the kernel" and who doesn't. In the end, Jean-Luc just gave up and withdrew the patches.
/dev/random has to be as hard to predict as possible. You claim it's horrible but there are whole papers on how to random generate numbers and even seasoned kernel devs have had patches refused patches because they weren't able to justify them properly.
The kernel is, for the most part, a horribly written, and poorly maintain piece of code. The maintainers are selfish ego-hording losers and have to really learn there is more people willing to contribute then just them.
Translation: They didn't let me do what I want to they are a bunch of jerks
There are people who dedicate themselves to teaching new people how to add patches to the kernel. The whole kernel newbies project and the kernel janitors project exist to provide developers who new to kernel programming an easy way to learn their way around and get patches accepted. There have been hundreds of patches in the past few months that were accepted from people who were previously unknown to kernel programming. So it really is open to others but only people willing to follow the rules. Those rules are there for a reason.
Re: (Score:3, Informative)
In the case of my patches, they were against [iirc] 2.6.18.2 not 2.6.19-rc2 or something. The last "." is supposed to be for incremental changes to reduce the time between major releases. It gives users a chance to try a work-in-progress kernel that has been through at least some testing. Otherwise, why even have the fourth level of releases?
That's not even close to correct. The last "." is so bug fixes can be added to a known stable branch. The shorter RC cycle (a month or two instead of a year or two) i
Re:What's worse? (Score:4, Insightful)
Out of the box, the latest kernel wouldn't work on my mobo [when I got it]. That means LINUX IS BROKEN. The fix? Add one line to a eth device drivers list of recognized device IDs. What does the community do? Reject it until MONTHS LATER. Many newcomers would look at that and say "fine I'll go to Windows or BSD."
How are we supposed to build a community of trust and co-operation if we can't resolve single line fixes to code that enable hardware to work?
Tom
Re: (Score:2)
Re: (Score:3, Insightful)
You have to use your brain to determine what's a high and low risk change. Adding an entirely new driver, high risk. Adding a device ID to a list for an existing driver? Low risk. *NOT ADDING* the driver? High risk of user unsatisfaction.
Tom
Re: (Score:2)
You may have missed the following comment in the thread I linked to before.
Gentoo (Score:2)
I mostly use Gentoo - I've done well with it running servers almost from its conception. But the Gentoo developers and maintainers, on the whole, are developing increasingly obnoxious attitudes towards their users - which makes no sense at all considering Gentoo users on average have higher skill and knowledge levels than the users of the other popular distros. A few years ago bug reports were handled as well in Gentoo
Re: (Score:2)
Re: (Score:2)
The rationale is that in theory this can cause a working system to fail or be misconfigured after a kernel upgrade (due to a new device appearing in the system). That type of
Re:What's worse? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
I like Mozilla and FF. But if this kind of attention is what it takes to get them to assign coders to all levels of bugs, from Highest Risk to Lowest, I am all for the heat. the little ones never go away until you actually fix them. Letting them get older is not the correct solution. Not from a technical point of view. Business-wise, you could just wait until the product is obsolete and no one cares. But that is just lazy practi
How is this bad? (Score:5, Insightful)
Could someone please explain how finding and fixing bugs/issues/problems/whatever is bad? Now, I understand that it is not particularly good from a PR perspective. However, it is not like they are ignoring these things or trying to spin it like they are not real problems (as certain commercial and proprietary software vendors are prone to do). This is, in fact, quite good for the users.
Re:How is this bad? (Score:5, Informative)
Re: (Score:2)
In short, Zalewski seems to believe in full disclosure instead of responsible disclosure.
FTA: On the other hand, she's dealing with almost daily reports of newly identified vulnerabilities in Firefox disclosed by a researcher who makes his work public before informing Mozilla of the problems.
Ahh. So Zalewski is in it for the publicity. I did not catch that.
Re:How is this bad? (Score:5, Insightful)
So do most of us here at
Some of these bugs were initially reported in 2001 and were only fixed in Firefox 2.0.0.2, six years later. The lesson here seems clear to me: Reporting security holes on bugzilla get them marked DUPE/WONTFIX/NOTABUG and ignored for 5+ years. Publishing detailed explanations of the exploits on your blog gets them fixed within a few weeks.
Re: (Score:3, Insightful)
If you know of any such security holes, report them publicly or privately, and you will get a $500 bounty [mozilla.org]. If reporting them privately doesn't get them fixed, you can always go public later without losing your bounty. If responsible disclosure doesn't get bugs fixed, then I would agree that full disclosure is nee
Re:How is this bad? (Score:5, Informative)
No. I would venture to say that most people here believe in giving Windows/IE/Java/Firefox devs a couple of weeks to fix a bug before going public. Coming up with a patch is the easy part. Any large project will need to look for related issues in the rest of the code, to do QA work to make sure the patch doesn't introduce new bugs or vulnerabilities, and to package the updates for all the different architectures and products that happen to be vulnerable. That process takes time; it is physically impossible for the Windows/IE/Java/Firefox team to release an update the same day you informed them about the issue. If you go public on the first day, you are just being an asshole.
Re: (Score:2)
Unfortunately, that seems to be the case frequently in other areas as well. I recently asked a question on a development mailing list (which shall remain anonymous) on how to accomplish alpha blending within the published API, and got nothing but silence for over a week. I then asked a similar question, but ra
Re: (Score:3, Interesting)
It's quite hard to tell for the user if they're fixing many bugs because they have a high attention to security or if their
Re: (Score:2)
Fixing: good
Reporting to maintainers: vital
Reporting to the public: depends on many things all of which are hotly disputed. To the extent there's a consensus, it's to make public announcements after there's been time to code, test and release a patch. If the supplier hasn't used that time to fix the product, well, their customers deserve to be warned before a black hat discovers the same thing and uses it for evil.
Reporting to the whole world simultaneously only makes sense if you believe all i
Re: (Score:2)
Didn't you just answer your own question?
Bad month? No... (Score:5, Insightful)
I'd like to extend a hearty thank you to this researcher for making Firefox even better.
Re: (Score:2)
Re: (Score:2)
it's bad that they were not already detected
Yeah it's true, it's a pity these bugs were not already detected . . . like before they were detected . . . already.
that they were not already worked on
Yeah it's true, why didn't they work on them before . . . like before they were detected . . . already.
or that they were even there
Yeah it's true, what did they think they were doing putting bugs in to begin with . . . like everybody knows not to write bugs into software . . . duh!
Re: (Score:2)
As usual, however, Microsoft's record of performance on that score hasn't been as stellar.
So while some MS fanboy types might like to claim this as a "bad month" for Firefox, I can't say I agree.
Good month for Microsoft too? (Score:2)
I'd like to extend a hearty thank you to this researcher for making Windows even better.
Internet Explorer (Score:5, Funny)
Or more precisely with IE7 on Vista (Score:2)
It's almost like SELinux, but without process isolation. Entire layers of processes are isolated instead. And in contract to SELinux, you can't turn it off.
Firefox folks nee
Javascript (Score:2, Insightful)
Compliance should be the next target of finger pointing too. If Firefox seems have its act together and it keeps falling prey to, and having to adapt to, issues of external development, I really think it's time for an overhaul o
Bad month, but... (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Interesting)
Isn't that the point of Open Source? (Score:2)
Re: (Score:2)
To exploit a bug in closed source, you have to grovel like crazy through the code or just throw things at random at it. If you want to exploit a memory overflow bug you've got to do it entirely based on the disassembled binary, probably without any symbols. It's astonishing that anybody ever achieves it. Internet Explorer must REALLY be full of holes to have so many spotted.
In either open or closed source, the question is how lon
Oh no there are boooogs in my firefox... (Score:2)
Bad month ends up with a good product. (Score:5, Insightful)
The rational ways of dealing with this are a very dictatorial style of project management to get it right the first time (See: OpenBSD) or a quick and responsive way to kill security-affecting bugs dead. Firefox, with its gazillions of volunteer and paid programmers, opt for the latter. Too often, closed source developers just sit on these bugs, or sue the people trying to find and publish them, or use their marketing department to cover for their developers' shortcomings.
I'm pleased and reassured that Firefox is having these issues. Active and open security research will always result in a stronger product, and delays to deal with them are acceptable so long as the software is better for it. Even OpenBSD's been hacked a few times, and it's how you deal with it that's more important.
Microsoft's stuff is broken for =years=, which allows a security nightmare. Firefox is broken for a few days, or a month or two... too quick for all but the most dedicated and talented black-hats to take advantage of. Give me this over Internet Exploder any day.
When will we see a stable and secure project? That's an important question when dealing with closed source products. On something like Mozilla, with an open development model, the project goals and progress aren't company secrets... we actually know exactly why something has been pushed back, and can make reasonable judgements about when it will be back on track for ourselves. This is one of the more important aspects of open source that corporate IT overlooks... the ability to plan for and work around changes in the release schedule.
So, yeah, setbacks happen. To everyone. How the setbacks are dealt with is where the rubber meets the road. Firefox is generally ahead of the industry here, too.
Re: (Score:3, Interesting)
I like and use Firefox too, but I don't think security is a good reason to like Firefox. The great plugins are what puts it head+shoulders above anything else, imho. And with NoScript, AdBlock, etc, it makes it much easier to avoid malicious sites.
Anyway, It's not right to be so complacent, when a hole is f
Re:Bad month ends up with a good product. (Score:5, Insightful)
Not if you use proper design techniques, or programming languages where they aren't a possibility. Saying "buffer overruns happen" is just a concession to current poor programming practices. Better ways to do things have been known for a long time, it just requires more effort to use them when most of the world isn't yet.
That's true, but not every software project makes grand claims about having better security than the opposition. There is little text on the Firefox home page, but one of the three big headings is "Stay secure on the web". "Firefox continues to lead the way in online security," it tells us. Clicking through the link finds explicit claims about the open source model and the use of "security experts".
And how do you know that all of these Firefox bugs have only been added recently, and haven't already been exploited by black hats before they were announced? Do you personally check into the background of every bug report in Firefox? Do you think everyone who uses it does? How many serious vulnerabilities in IE are really open for years? Do you have stats to back this up, or are you just a Firefox fanboy spreading FUD? These are, after all, exactly the criticisms commonly levelled at IE.
So all security bugs in the Mozilla family are immediately and openly disclosed to the public?
Re: (Score:2)
Re: (Score:2)
ActiveX. It's been a security nightmare since the day it was introduced.
Firefox is not perfect, but it is demonstrably more secure than MSIE. I provide technical support for numerous organisations, most of whose staff have extremely limited understanding about the Internet and its dangers. After I made a concerted effort to move everyone to Firefox in early 2004, I experienced a consistent and statis
Re: (Score:2)
Isn't that a bit like saying computers have been a security nightmare since the day they were invented? Sure, they're useful for lots of stuff and no-one has yet suggested an equally effective and significantly more secure alternative, but they do undeniably have security risks associated with them.
Really? And who's demonstrated that, then? Unless I missed som
Re: (Score:2)
Well, for starters, computers have been a security nightmare since the day we first began using them. Heck, the first really big thing w
Re: (Score:2)
Thank you, unfrozen caveman programmer. I'm trying to remember the last time I experienced a buffer overrun in Java, Python, or Perl. Hrmm. Still thinking ...
Hard to reproduce (Score:3, Interesting)
If anyone can reproduce it consistently, and has a 1.8 debug branch build, it would be great if he could try and give a useful stacktrace in the bug.
I bet... (Score:3, Funny)
After dropping dead on place, that is.
just rude (Score:4, Interesting)
Most Critical Firefox Flaw Remains Unzapped (Score:2, Interesting)
Interesting read at http://securitywatch.eweek.com/open_source/all_th
Ruh-roh! (Score:5, Funny)
http://www.kb.cert.org/vuls/id/393921 is fixed!!!! (Score:2, Informative)
So maybe the post can be updated?
Slight correction (Score:5, Informative)
The remotely exploitable flaw, bug 371321, was reported at 5:35 pm (California time) on Thursday. We had been planning to release Firefox 2.0.0.2 on Friday morning. After some discussion, we decided to go ahead with the release and then follow up with a quick 2.0.0.3 once we had a patch for the newly discovered hole.
After releasing Firefox 2.0.0.2, we realized that bug 371321 didn't affect it, thanks to another patch that went into Firefox 2.0.0.2 for non-security reasons. So although we didn't know it at the time, we released a fixed version of Firefox about 16 hours after the most serious hole was reported.
The testcase in bug 371321 did lead to a fix for a similar bug that existed on trunk, though.
Whoever wrote the headline is smoking crack (Score:2)
its already fixed in 2.0.0.2 and 1.5.0.10! (Score:2)
Re: (Score:2)
Well, I certainly wouldn't put it past the innovator from Redmond to use this guy to spread some more FUD, but if so, they've only managed to encourage the competition to improve their codebase.
Re: (Score:2)
'Hello World' runs on Windows. Does that make it a buggy and vulnerable program? Your logic baffles me.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And lastly, the word is "kudos" -- writing "Kudo's" means "belonging to Kudo" which I don't think you mean.
Re: (Score:2)