Doubt's Log

I saw a slashdot article this morning about Apple releasing more vuln fixes. In the comment section, discussion broke into the usual "why do people think Macs are safer then Windows" arguements. The two major points of "it has less of a market" and "it's just more secure" went back and forth. I happen to think both are an oversimplification of the subject.

Vuln finding is a function people of going after whatever is currently easiest. Many attackers have broaden their horizons to other platforms once Windows became significantly more secure and harden against attack. Oracle was the next major target and Apple might be the one after. I admit that I love the irony of the switch after both companies choose to market on how they must be more secure since people weren't finding vulns in them.

Exploits on the other hand is based on the business case these days. The vulns are available but Windows didn't have the magnitude of the problem it did until there was a profit motive to create bot networks.

So to put it together, vulns found help you tell about the security of an area, exploiting tells you about how profitable a particular OS is to attack. The corollary of this rule is that as a random host you are as profitable as the OS, as a specific host with specific data or rights you are as valuable to attack as that data or rights. The result being that if your data is valuable is doesn't matter that there are few exploits for your box when there are plenty of vulns.

Here are some things I'd like radio userland to have:

A Better UI (for entering weblog entries)

Entering weblog entries into this little box is just getting annoying. I often find that I want to make the box bigger, or I'm writing a longer entry that is just too hard to work with without being able to quicksave. It would also be nice to get spell checking and make it easy to add pictures.

A Better UI (for reading the news aggergator)

There should be select all/select none buttons. Why do I have to go to a preference and back to select all the items? Keyboard shortcuts. Let me click on an item and hit the delete key, or on a set of items. Give me a page with the list of channels I'm on that have entries, and show me how many entries are there. Extra: Try to realize what a given entry is about, create a view where all such entries are shown together.

I mini project would be to write a upnp based presence protocol. When someone is logged on, they show up.

A more integrated outlook

I'd like to see the different outlook data types exist in the normal file system. It seems that most of the items are just multiple name/value pairs with one actual content payload.Store the attributes in the file system, and let them be visible to the shell. Index server will take care of the indexing. When ever a directory is deemed to have enough of a certain type of item, then the shell will allow an additional view, like the filmstrip view. Each "type" has associated actions, and easy to edit forms....

Next, we add in the remoting support, and the ability to build a complete folder from multiple sources. This is useful for when you get a mix of "buissness" and "personal" data.