* Posts by Richard Plinston

2608 publicly visible posts • joined 27 Apr 2009

Microsoft C# chief Hejlsberg: Our open-source Apache pick will clear the FUD

Richard Plinston

Re: Like Linux....

> ... you do realize the MSFT was one of the largest contributors to the Linux kernel at one point?*

It _was_ a top contributor for one month a few years ago. All on the 'contributions' were related to Microsoft virtualization so that Linux could run on Windows or vv.

Richard Plinston

Re: It is not a cancer

> Windows Phone is already ahead of IOS in 25 countries.

That happened in _one_ month when Nokia _shipped_ more phones than Apple to those countries because a) Apple did not ship to those countries or b) it was the month before Apple announced their new phone and shipments were delayed until the new production was up and running.

> And is still the fastest growing mobile platform year on year.

It was for _one_ quarter many months ago (2012Q3 - 2013Q3) and that was because in 2012Q3 WP7 had been killed dead and WP8 wasn't in production. Since 2013Q3 WP has been in decline and 2014Q1 unit figures were below 2013Q1.

> With the imminent release of the Lumia 930 - which imo is their first really comparable high end platform - and the recent reduction in license cost to zero, I think that's near certain to continue...

Most of Windows Phone has effectively been zero cost, or indeed negative, with MS paying a $billion per year to Nokia to cover licence fees. Nokia never sold enough to pay that back.

'Hashtag' added to the OED – but # isn't a hash, pound, nor number sign

Richard Plinston

Re: Pound sign

> The current most accepted theory is that it was originally "steorling" (Old English meaning roughly "a thing of a star") and comes from the AngloNorman coin which had a star on it.

"""The British numismatist Philip Grierson points out that the stars appeared on Norman pennies only for the single three-year issue from 1077-1080 (the Normans changed coin designs every three years), and that the star-theory thus fails on linguistic grounds:"""

While you, and others, may claim 'most accepted', it is most likely a convergence of both explanations.

The 92.5% silver purity is exactly that of the Easterlings (or Osterlings) coins used by the Hanse (or Hanseatic League). As this was much more widely used, and for far longer, many centuries, it is likely that this brought the term into much more widespread use than the earlier more limited one.

Richard Plinston

Re: Pound sign

> one tower pound (approx 350g) of Sterling Silver pennies.

And the 'Sterling' in silver comes from 'easterling' ie the trader men from the east (the Baltic), the Hanseatic League, this was the most reliable source of quality silver (and steel).

Richard Plinston

Re: Pound sign

> an older symbol used for the pound weight measure.

The symbol used for pound weight seems to have originated from a stylized lb* written in chalk. The octothorpe is only an approximation of this but seems to have been adopted for convenience, probably when typewriters started including it.

> swaps position with the sterling £

The best explanation for the use of 'sterling' for money or silver seems to originate as 'easterling' referring to traders from the east, ie the Hansa League in the Baltic, who had the best reputation for quality and reliability as well as the best steel, money and silver.

* lb is abbreviation for libra pondo

Microsoft poised to take Web server crown from Apache

Richard Plinston

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> The whole process is run as a webpage (<= big hint there) over http by httpd.

The whole process is run as a webpage over http by WHICHEVER WEBSERVER you connect to. SWAT _is_ a webserver and does not need, nor use, any other httpd server or webserver.

Richard Plinston

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> ".....Webmin will listen on port 10000 for http requests...." Webmin? LOL! Go have a look, buried in the menus of Webmin you will find - tada! - SWAT!

You will find a _link_ to swat, if it is installed. That link will contain the swat port number. so when that link is clicked in the browser the connection goes directly to swat (via xinetd and given the config allows it). It does _NOT_ go via port 80, 'httpd' or webmin.

> you still need a webserver of some form to handle the http requests,

SWAT _is_ a webserver (on port 901)

Webmin _is_ a webserver (on port 10000)

CUPS _is_ a webserver (on port 631)

You _do_not_need_ a webserver on port 80, nor 'httpd', to access those webservers. There is no need to run a general purpose webserver, such as Apache, in order to run those specialised webservers.

> and for Linux it is Apache that is the most popular choice, therefore it is Apache which will unquestioningly send requests on to port 901

_NO_IT_DOES_NOT_. Xinetd sends the requests to swat on port 901.

> and the potential security hole of SWAT if you haven't got your security sorted.

Only if is _deliberately_ installed AND _deliberately_ configured to be a) active, b) open to other machines, c) set so non-root users logins can write (if that is actually possible).

> That is handled at the setup stage by http, on port 80 (or whatever port your deluded AC buddy wants to set for http) and THEN handed over to port 901 for the transfer of data.

_NO_IT_IS_NOT_. An http request on port 901 _DOES_NOT_ go to port 80. Xinetd sends it to the webserver configured on port 901, swat is that webserver.

What you are confused by is that any webserver, or indeed any server, on any port will respond to a *connection request* by assigning an _unused_ port number to continue the conversation on until the request is completed.

So, for example, Apache will get a *connection request* on port 80 and then may assign, say, port 56382 to that conversation which will then be used while all the parts of the web pages are sent.

Swat will get *connection requests* on port 901 (without Apache, httpd, or port 80 involved at all) and will also assign an unused port to the conversation, maybe 41307.

Richard Plinston

Re: AC Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> "....That's why you can configure web servers to listen for http on port 9999 if you wanted to, and nothing on port 80, and if you specify http://domain.org:9999 then you'll get web pages." Only if your web service is running, you moron. No httpd and it doesn't matter what port you have specified.

No. You are completely _wrong_. You do not need anything listening on port 80, nor do you need 'httpd' nor Apache. I can write a program, or configure one, to listen on port 9999 and have that serve 'web pages' (or anything else that I wish) in response to http requests made on port 9999 _without_ there being any httpd program in the system.

And that is because xinetd does the work, not Apache.

Richard Plinston

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> if I turn off my webserver it doesn't matter what port you add on the end of the URL in a browser, you will not see any webpages, because there is nothing on port 80 to answer the request and push the connection to port 901.

That is completely and absolutely untrue. SWAT, for example, will listen on port 901 and respond to that regardless of the presence or absence of 'httpd'. Putting the port number on the URL _DOES_NOT_ send the request on port 80, nor does it send it to 'httpd', Xinetd routes it based on /etc/services (and depending on limitations in the appropriate firewall and config files) directly to the service, which in this case is swat.

Yes, I have been confused by your claims, but that is because I understand how it actually works, and not some mish-mash of your half-learned misunderstandings.

Richard Plinston

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> You do realise that all webservers, by default, listen on port 80 for http requests and then pass the request to any port you add on the end if the URL? Oh, you didn't? Please do point out the process you think is able to handle the http requests other than the process httpd?

Yes, a webserver, such as Apache or Nginx or many others, will listen on port 80 and usually also on port 443. You then confuse this with _all_ possible http servers. CUPS will listen on port 631 for http requests, Webmin will listen on port 10000 for http requests. These are all servers and will respond to http requests on the ports they listen to.

If a port number is added to an http request (such as https://localhost:10000) is _DOES_NOT_ go to port 80, nor to Apache, it goes to Webmin server directly (if it is running) or goes nowhere (if no server is listening on port 10000), it does not go to Apache or Nginx.

You have a fundamental misunderstanding of how http works. It is not 'http' that directs connections to a particular webserver, it is the port number. It is the browser that adds the default port numbers of 80 and 443 (for http and https) if no port is added. If a port number is added to the URL and Apache is not listening on that port then Apache does not see it. Apache is _not_ doing the routing.

If you were to actually look at an /etc/service file (which apparently you had not even heard of before) you would see the list of possible services where the port number is matched to service. This is _not_ handled by Apache, but by a lower level service: inetd or xinetd.

https://en.wikipedia.org/wiki/Xinetd.

> Please do point out the process you think is able to handle the http requests other than the process httpd?

Xinetd handles all connection requests and passes them out, as defined in the /etc/services and xinetd.d files to the appropriate server. This may be Apache for port 80 or CUPS for port 631 or ftpd for port 21.

How hard is that ?

Richard Plinston

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> ".....Apache _never_ exposes port 901...." No, web requests via http are never handled by Apache.... DUH! If you go read the Linux (and many UNIX) pages on setting up SWAT you will often see a line 'add and entry for swat in /etc/services

You are obviously unaware that different services are handled by different programs and you have never even looked at /etc/services. Connections on ports 80 and 443 are passed to Apache (if installed and activated), port 21 is passed to the ftp server (if installed and activated), port 3306 goes to MySQL, etc.

That is _why_ there are different ports, because there are different services provided by different programs. inetd is the program that receives the connections and passes them to the services based on the /etc/services configuration and on the various matching xinetd.d configuration files.

It happens that connections on port 901 are _not_ passed to Apache but go to SWAT if it has been installed _and_enabled_.

If you can't even understand this fundamental level of networking then you should not be posting at all.

> but several Linux distributions do not install SWAT by default ... several Linux distros DO install it by default?

1) SWAT is only ever installed _if_Samba_is_installed_. So when Samba is installed if may, or may not, install SWAT as well (which is the point made by the Samba team). So to prove your point you need to find out if Samba is installed _by_default_ and then determine if this also installs SWAT _by_default_.

2) NONE of them _activate_ it by default, which was your claim.

3-5) NONE of them configure it in demo-mode, open to the web, or able to write without a non-root login, which were also your claims.

You are _way_ out of your depth.

Richard Plinston

Re: Richard Plinston Levent Zillyboy Chris Wareham

> "....The Red Mist is blocking your reading skills...." The penguin feathers are blocking yours. Wise up - no OS is free of security issues, not even Linux. Blind denial only helps those trying to crack your systems.

I have never denied that OSes have security issues. I am denying that your claims about Apache and port 901, about 'SWAT active by default', about 'no password login by default', are completely untrue.

>As you admitted, you had to go check a server you set up for a client

I did check the server, but it was _not_ one that I set up, there was never the implication that I had done so. In fact I mentioned 'the installer' as a third party.

> as you didn't know if the proper security for SWAT had been set - not exactly a ringing endorsement.

It did not need to be 'set'. It was inactive by default in spite of your bogus claims.

Richard Plinston

Re: Richard Plinston Levent Zillyboy Chris Wareham

> You asked for distros with it bundled. And it was both bundled and active by default in older versions, as I showed with RHEL AS4, which you were unable to disprove

You do not seem to understand that there is a distinction between 'in the repository' and 'installed and active by default'. Here is actually what I asked:

"""So are some games "bundled into distros". Show me the distros that install SAMBA and SWAT "by default". Show me which distros enable these "by default"."""

I did disprove your claim that it was 'active by default'. More to the point you have not established _any_ of your claims at all, especially where you conflate Apache and SWAT. The configuration file was 'as installed' as shown by the file date/time. Whether the selection box for installing it was clicked by the installer or was already clicked would require me to go through the install process, which you obviously have never done.

> (on a client's box you admit you didn't even know the security profile of for a very well-known security issue - not reassuring as to your admin credentials). Yet you want to insist you have disproven the point? Male bovine manure.

It is not a machine that I administer, nor do I administer _any_ Samba sites , nor is Samba active on any machine that I do administer, so the 'issue' is of no concern to me or the client.

> ".....SWAT is _not_ part of Apache...." I never said it was,

Yes you did, you frequently conflated Apache and SWAT: you claimed: """ and the fact that activating Apache exposes port 901 """. Port 901 is the port for SWAT. AND """(b) turning on Apache without checking DOES leave port 901 open for an attack if the right SWAT security steps have not been taken. """ AND """ Many admins do not realise that leaving the default Apache install running allows anyone with the IP address of the system the ability to go directly to that [Samba] configuration file,"""

> As you admitted, you had to go check a server you set up for a client as you didn't know if the proper security for SWAT had been set - not exactly a ringing endorsement.

It is called 'gathering evidence', something that you seem unfamiliar with.

> And you're still trying to deny (a) it is an extensively documented issue,

What _is_ 'extensively documented', even in the one link that you supplied, is that SWAT is _NOT_ activated by default, despite your repeated bogus claims.

> and (b) turning on Apache without checking DOES leave port 901 open for an attack if the right SWAT security steps have not been taken.

Once again you conflate Apache with SWAT when they have no connection. Apache _never_ opens port 901 (unless explicitly configured for some unknown reason).

> I said it was common for admins to leave the Apache web service running without realising the possible security holes, including the SWAT/SAMBA issue.

And again your attribute Apache as somehow installing and activating Samba and SWAT when they are unrelated products (that both happen to be independently accessed by a browser).

> ".....SWAT is related to Apache (not true, but you continue to claim it)...." Stop lying just because you lost the argument. I never said that at all,

Yes you did, and repeatedly claimed it again, see your (b) above.

> You couldn't even prove this for RH AS4, let alone all the other even older distros, but you want to claim you have proven otherwise?

You have repeatedly made the claim, it is for you to prove. You are just waving aside the evidence, even the evidence in the link that you did provide.

> "....* SWAT, by default, requires no logging in (not true)...." Another lie, please post to where I said that.

Here it is: """ ".....SWAT requires logging in....." Only if you configure it to. """ and here: """On SAMBA (Linux and UNIX) the smb.conf file is presented out to the World as a web page on TCP port 901 via the SWAT without any protecting login mechanism and with permissions allowing anyone to edit the file."""

> "......SWAT, by default, can be accessed from other machines (not true)...." Not what I said, not even close. What I said was an insecure configuration of SWAT would allow any system with LAN access to the target server to go to the SWAT web page on port 901 and edit the SAMBA config.

What you said was: """the smb.conf file is presented out to the World as a web page on TCP port 901 via the SWAT without any protecting login mechanism and with permissions allowing anyone to edit the file.""". Which is and always was completely untrue.

And here, from that message, is another example of your conflating Apache and SWAT: """ I'm guessing by your response you did not realise what toys get exposed as soon as you turn on Apache?"""

If you want your rantings to be accepted then you need to _prove_ that in some distant past SWAT was installed by default, activate by default, in demo mode by default, was accessible beyond the localhost by default, and in any way was part of Apache. Good luck with _any_ of that.

Richard Plinston

Re: John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> and the fact that activating Apache exposes port 901

Apache _never_ exposes port 901 (unless someone explicity adds it to the config). You appear to be unable to distinguish between the http protocol and Apache as a web server for ports 80 and 443. There are many ports and each may have its own distinct server program.

> (http://www.samba.org/samba/history/security.html).

An actual link. Wonder of wonders!!

However, NONE of that support _any_ of your claims. They do refer to 'Clickjacking' and 'Cross-Site Request Forgery' which are the result of security issues in the _browser_client_, such as Internet Explorer.

If you had actually read any of the reports you may have LEARNED SOMETHING because you would have found:

""" Note that SWAT must be enabled in order for this

== vulnerability to be exploitable. By default, SWAT

== is *not* enabled on a Samba install.

"""

So even the links that you offer as support show your claims are wrong.

Richard Plinston

Re: Richard Plinston Levent Zillyboy Chris Wareham

> So first you admit SWAT and SAMBA are in the distros, even though you said they never were....

You appear to be unable to distinguish between your claim of "being installed and enabled by default" (which I said didn't happen) and being "in the distros".

> so either they came with it by default OR their admins were not as skilled as you the Linux community likes to think they are,

It is entirely possible that an admin (probably a click and pray Windows admin) could incompetently configure SWAT and/or deliberately put it into demo mode. That is whole lot different than your bogus claim that merely having Apache installed opens port 901 so that anyone on the net can change the Samba configuration - which is several layers completely wrong.

> So you can't say if it was bundled and enabled by default,

Your reading skills are lacking. I _did_ say it wasn't enabled by default.

> but then you can say xinetd.conf hasn't been configured since install (how?) - more than a little denial going on, it seems.

The /etc/xinetd.d/swat file - which is the appropriate configuration file has the date and time of the install, and is the same as all the other config files created during install and not edited since.

> more than a little denial going on, it seems.

There may be denial going on, but it is on your part, you seem unable to accept that your are clueless about the subject even to the point of mixing up Apache and SWAT.

> you're just adding to my argument that (a) the Apache webserver exposes security holes many Linux admins don't even know about

SWAT is _not_ part of Apache, nor does it normally run under Apache, they are completely products with different installs and different configurations. If you cant even get this right then you shouldn't be allowed near a computer.

> (you yourself don't even know if your RHEL4 client was so configured, you had to go check - not good security practice),

The Red Mist is blocking your reading skills. It is my client's RHEL4 server, not my machine. I always look for _evidence_ to back up my statements which you seem to fail to do, merely saying 'Google for it' or claiming 'denial' for not accepting your unsupported assertions.

As for claiming that 'checking is not good security practice' I am sure that the rest of the forum will have a good laugh over that one.

> I suggest YOU go do some Web reading on SAMBA

And once again you merely wave the 'go and search' because, presumably, you can't actually find an actual reference that supports your claims yet again.

The layers that you have to show are your bogus claims:

* SWAT is related to Apache (not true, but you continue to claim it)

* SWAT is installed _and_enabled_ by default (not true)

* SWAT, by default, requires no logging in (not true)

* SWAT, by default, can be accessed from other machines (not true)

* SWAT allows non-root login to change the Samba config (it does not)

Richard Plinston

Re: Richard Plinston Levent Zillyboy Chris Wareham

>> ".....Show me the distros that install SAMBA and SWAT "by default"....

> there are plenty of distros still containing both by default

Many distros have Samba and SWAT in their repos, your claim was that they _installed_ and _enabled_ these "by default", and that this allowed them to be accessed from the internet without a login.

> Yahoogle of "linux distro swat samba"

And if you had done that you would not have found anything to back up your claims. For example for Ubuntu Server is tells you that to get Samba and SWAT it is necessary to:

sudo apt-get instal samba smbfs samba-doc swat xinetd

sudo update-inetd --enable 'swat'

sudo dpkg-reconfigure xinetd

and then enter of change the configuration. How does this match your _bogus_ "by default" ?

> And if I recall correctly, both SAMBA and SWAT were bundled in and active when deployed in even enterprise distros at least as late as RHEL AS 4

As it happens I have a client that still runs a RHEL4 box or two that I can access from my desk. They do not use Samba or SWAT but it is installed. Whether this was 'by default' or was selected from the installation list I can't say but it definitely is _not_ active. The xinet.d config file is exactly as installed and has 'disable = yes' and 'only_from = localhost' so it is _not_ active and even if it was activated it is not accessible from outside that machine. Your uninformed claims are completely bogus.

You may also note, if you read anything about the product, that logging in as anything other than root will limit the facilities and _prevent_ updating the Samba configuration. The plain text password issue is easily overcome by using stunnel (or running under Apache with https). As the default is localhost only then this is not an issue.

>>> Many admins do not realise that leaving the default Apache install running allows anyone with the IP address of the system the ability to go directly to that configuration file

That is completely uninformed and bogus. Apache does _not_ install SWAT or v.v. they are completely independent unless deliberately configured.

>>> you did not realise what toys get exposed as soon as you turn on Apache?

Not only bogus and misleading, but also a bare-faced lie.

Richard Plinston

Re: Richard Plinston Levent Zillyboy Chris Wareham

> ".....SWAT requires logging in....." Only if you configure it to.

I just did a clean install from the repo and this is the config file as installed. First SWAT is disabled by default, then it will only run from the localhost, it will not allow connection from any other machine.

The only way to avoid it asking for a logon is to change to demo mode using a runtime option:

Usage: swat [OPTION...]

-a, --disable-authentication Disable authentication (demo mode)

# default: off

# description: SWAT is the Samba Web Admin Tool. Use swat \

# to configure your Samba server. To use SWAT, \

# connect to port 901 with your favorite web browser.

service swat

{

port = 901

socket_type = stream

wait = no

only_from = 127.0.0.1

user = root

server = /usr/sbin/swat

log_on_failure += USERID

disable = yes

}

> ".....SWAT has little to do with Apache....." True, it is just the two are often bundled into distros and installed (and enabled) by default.

So are some games "bundled into distros". Show me the distros that install SAMBA and SWAT "by default". Show me which distros enable these "by default".

The Ubuntu documentation shows that neither SAMBA nor SWAT are installed by default and must be installed by sudo apt-get. SWAT is not enabled and must, at least, have the 'disable = yes' changed to 'no'.

Richard Plinston

Re: Levent Zillyboy Chris Wareham

> SWAT without any protecting login mechanism

SWAT requires logging in.

"""Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user, the only permission allowed is to view certain aspects of configuration """

> leaving the default Apache install running ... as soon as you turn on Apache?

SWAT has little to do with Apache. It does not need to use Apache or vice versa. It is possible to configure Apache to run SWAT as a cgi but this is unnecessary and is not normal on Linux or Unix. If this is done then it doesn't use port 901.

Richard Plinston

Re: Nick Kew Deja vu again

> many IIS servers run on corporate intranets and therefore are not visible on the Web at all, making IIS's real share of the webserver market even larger than the Netcraft survey suggest.

All my corporate clients run Apache on Red Hat for their internal web servers and for the web facing server.

Richard Plinston

Re: Majority has decided what is the eb server of choice....

> ... for parked domains

Exactly. If you want a web server for sites with no content and no traffic then IIS is perfect. You can also, apparently, get it paid for by MS.

Missed it? Here's the latest on Microsoft's mobile strategy

Richard Plinston

> Windows Phone year on year market share % is still growing faster than any other platform.

You continue to peddle this. While it was true for one quarter many months ago*, since then the unit sales and market share are in decline, as acknowledged by Nokia themselves.

The latest figures for 2014Q1 at http://communities-dominate.blogs.com/ have:

3 (3) . . Windows Phone . . 6.2 M . . . 2.2 % . . . . . ( 2.9 %) . . . . . . Samsung, Nokia

Where the bracketed figure is previous quarter. The unit sales is less than 2013Q1.

The most interesting figure is that Nokia smartphones unit sales (_not_ including Asha) is greater than the WP figure. This apparently is Android X phones of around 1 million. Even this doesn't leave many WP from the other makers.

10 (9) . Nokia (Microsoft) . 7.1 M . . . 2.5% . . . . . . . ( 2.9% ) . . . . . . Windows, Android

* Your claim is probably the single 2012Q3 to 2013Q3 gain than shows growth because in 2012Q3 WP7 had just been dumped and the WP8 phones were not available so the numbers were very low, while in 2013Q3 they were flogging off the last of the unsold WP7s and were offering the 520 at less than cost price.

But you will still repeat your nonsense claims and will not update to reality.

Swiftkey: We just want to be free - Apple didn't bump us

Richard Plinston

Re: Commentard Fail

> at least it keeps 'em off the streets

You do understand the concept of 'mobile' don't you ?

Apple is KILLING OFF BONKING, cries mobe research dude

Richard Plinston

Re: Re. Sync per Bonk

> One possible use would be ...

Panasonic use NFC to connect an Android phone to their latest cameras over WiFi so the phone acts as a remote control and/or can send photos directly to a PC or to an internet site (Facebook or a cloud service).

I am also looking at using NFC in a client's warehouse for recording worker and job activities.

Jellybean dominates Play, still seated atop rising KitKat

Richard Plinston

> the consequences of Samsung phones no longer being Android phones should be fairly self-evident in terms of Android sales.

We have an actual example of a company relying on the brand name and switching the OS wholesale, there is no need to draw imaginary conclusions from speculation.

Previously, "the vast majority of consumers either [bought] an iPhone or a [Nokia] phone". Nokia changed the OS and went from number one to almost out of the top ten.

In the unlikely case that Samsung changed suddenly from mainly Android to mainly Tizen without an Android compatibility layer (ie could not run Android apps) then the most likely outcome is that it would have little to no effect on Android sales, buyers would just change to another of the many brands.

Microsoft's NEW OS now runs on HALF of ALL desktop PCs

Richard Plinston

Re: Cue...

> All *nix are more or less POSIX compliant systems. Sure, there are some differences among them - but they want to be POSIX compliant. That's mean they have a lot of similar API. The same way Linux is not Unix but looks very much alike. And BSD is another Unix clone.

You are confused. There are various 'BSDs' but they originate from the actual AT&T UNIX codebase and, in fact, much code developed by Berkeley was incorporated into AT&T Unix. It is not a 'clone'.

POSIX defines the _Application_Programming_Interface_ (plus other stuff), not the 'kernel interface'. In practice this means that a set of C libraries can provide the API for the system to be compliant and yet the OS kernels can be completely different. Even Windows NT/2000 could claim to be POSIX compliant.

This does not mean that it would be easy for Google to replace Linux with Windows, or even with one of the BSDs, especially as Android does not rely on or claim POSIX compliance and only implements a subset via the Bionic C library.

Your claim that Google could do something (that you have never done) easier than doing something else (which you have also not done) is completely spurious:

"""it would be easier for Google to replace say the Linux kernel with a *BSD one, that replacing the Java VM with something else"""

Especially as you rely, incompetently, on POSIX and that Google a) never used a 'Java VM' it used Dalvik and b) it _is_ replacing Dalvik with ART.

Richard Plinston

Re: Cue...

> It's funny that you say Android is Linux, but Dalvik is not Java. Something is something only when you like it?

Do try and read what I wrote instead of incompetently making up what you prefer to use as an argument.

Android is 'based on Linux', Android is a 'Linux OS', Android is a 'Linux distro'. It is you who wants to conflate 'Linux' (the kernel) with 'Android' (the OS) and then argue that it is not. I have not seen anyone claim that Android is _only_ Linux.

You may also note, if you care to read more closely, that I said that the 'Dalvik VM' is not a 'Java VM'. This is obviously a technical issue that is quite beyond you. That the Java language can be compiled to produce byte code for the Dalvik VM does not make Dalvik a 'Java VM'. Many languages can be used to create byte code for either.

> Everything could be compiled into Java byte code.

It could be, but then it could be compiled into Python byte code, or (as some Java language compilers do) directly into machine code. In fact the main difference between Dalvik and ART is that Dalvik runs the JIT compiler at run time as required and ART runs it at install time and thus the 'VM' actually only sees machine code.

> When I wrote "services" I meant OS services. Not all OS services are implemented at the kernel level. It's funny, for example, that Linux fanboys still complain that Windows moved the GUI "services" from user mode to kernel mode. Not everything an OS offers is in the kernel, and an OS is far more than its kernel. But probably you never wrote an OS so you can't understand, especially if you've been brainwashed by Linux worshippers.

I am not sure that it is "Linux fanboys" that 'complain' about the GUI services being moved into kernel mode, it is more likely that security experts did, or Windows users. It does make it more difficult to change the GUI to something that they might prefer.

> an OS is far more than its kernel

I am not sure what your point is, I certainly didn't say it wasn't. But an OS does not have to encompass a specific set of services. Many of the largest computers do not have a GUI. In fact even Windows Server can be installed without a GUI. It happens that the Linux kernel does not include GUI services so that the user can choose which they want, or none if just a text interface, or no UI, is required. That means that applications access the GUI services via libraries, such as GTK or Qt, or via the API provided by Android, or Mono, or .NET.

In fact with most languages services are almost always accessed via libraries that are layered on top of the kernel.

> Windows RT and Win32 are both built on the same kernel, sure - but that doesn't mean they are the same OS.

And that means they are both 'Windows OSes' that have different GUIs (and some other services), just as, say, Android and Ubuntu are both 'Linux OSes' that have different GUIs (and other services). Actually, in some cases, you can run a version of Ubuntu on an Android base, using just the one kernel, and have both GUIs.

"""Both Ubuntu and Android run at the same time on the mobile device, without emulation or virtualization, and without the need to reboot. This is possible because both Ubuntu and Android share the same kernel (Linux).[2]"""

Richard Plinston

Re: Cue...

> You got used to call "Linux" whatever use a Linux as a kernel,

Where did you get that from ? I call the kernel 'Linux' and if is is a complete OS (plus lots of other stuff) I call it a 'Linux distro'. Android is a 'Linux distro'.

> but that doesn't make an OS "Linux"

The kernel makes it a 'Linux OS' when other stuff is added. Android adds that other stuff, Fedora adds that other stuff.

> As I wrote, it would be easier for Google to replace say the Linux kernel with a *BSD one, that replacing the Java VM with something else - and most Android "services" needs you to call the Java API, not the kernel one.

You are confused even more. BSD has a different interface. While, say, KDE runs on both Linux distros and on various BSD distros that does not mean that the Linux KDE, or any other Linux program, will just run on BSD, a compatibility layer is required.

Android does not run a 'Java VM', it runs a completely different 'Dalvik VM'. It may happen that Java code can be compiled to run on the Dalvik VM. But then Scala code can also be compiled to run on the Dalvik VM. There is no reason that other languages can also run, eg Python, Lua, Javascript run on my Androids.

Contrary to your claim there _is_ a new VM developed by Google that can replace the current "Java VM" [sic] on Android 4. It is called ART (Android run Time).

> and most Android "services" needs you to call the Java API, not the kernel one.

Of course the services are not in the kernel. That is like using MS Office as a service is done by calling the Office API and not the Windows kernel. Similar Google services may also run on other OSes, such as Windows, and again they are not accessed by calling the Windows kernel.

On Android the Google services are optional and are not part of the OS. For example Amazon has Android (though with a different name) but no Google Services, though they could be added by the user.

> Win32 API and WinRT API are enough different to make them two different operating systems - just sharing a name because the maker is the same.

And yet both Win 8 and Win RT are said by MS to be built on the same kernel, just as Android and Fedora are built on the same Linux kernel.

Richard Plinston

Re: I'm not sure they'll care!

> Both Windows 7 and Windows 8 help the MS bottom line

While the revenue to MS from _new_ machines may be similar it is less likely that Win7 users will provide additional revenue to MS in the near future. The plan for Win8 is to get users to buy from Windows store for both Windows applications and Metro apps, to _demand_ Metro UI on their phones and tablets and to move to a new world domination by MS.

It always has been that the biggest threat to MS revenues is old versions of Windows (except Vista of course).

Richard Plinston

Re: Its not suprising..(Just use Classic Shell!)

> It will make everything look and feel like Windows 7

Then there is no point in spending the money to buy, test, validate all the applications (and buy new versions) and install Win8 only to change it to be like 7.

Just stay with 7.

Richard Plinston

Re: Its not suprising..

>> "Oh, and driving a manual vehicle

> it is however more of an intellectual challenge than clicking on big square icons instead of little square icons.

In this country one can get a driving license for automatic gearbox cars or a different one that covers all cars (but the test must be sat in a manual car). The reason is that to drive a manual car requires _training_ that is different from automatics.

And that is the point, Windows 8 will require _training_, or time for self-training. Not only because it looks different but because all the automatic muscle reactions that have been learned now cause confusion and new ones must be relearned. This is time and cost.

Richard Plinston

Re: Windows 8, the triumph of marketing over common sence.

> in order to leverage that dominance they decided to totally change the GUI and make the desktop GUI like their new phone GUI. How does that even begin to make sense?

Windows Phone was not selling and consultants told them that the reason was because the WP UI was 'unfamiliar'. They put Metro on Windows 8, without the option, in order to make Metro 'the most familiar UI'. Then, according to the consultants, users would be _demanding_ phones and tablets with that familiar UI. Once more they would be back on the path to world domination.

Richard Plinston

Re: Cue...

>> Android is not Linux

> An OS is not the kernel alone.

You are confused, mainly about what 'Linus' is. Linux is the kernel that is used by all 'Linux' distros. Android has a Linux kernel, SUSE has a Linux kernel, Fedora has a Linux kernel, .. and they are all the same kernel. So Android _is_ a Linux distro (plus a lot of other stuff), exactly the same as Ubuntu is Linux plus a lot of other stuff.

Android happens to run a Dalvik VM but it is not the only way of running apps. For example there is C4droid which provdies C and C++ and a GNU environment.

The difference is much the same as, say, Windows 7 and Windows RT. If you think they are both 'Windows' then Android and Ubuntu and both 'Linux'.

Google: Use this tool if you want your search query quashed

Richard Plinston

Searchable ?

Is Google going to make these requests searchable ?

Web sites may want to know who is requesting removal of their search results.

The British are coming! The British are coming! And they're buying Surface fondleslabs

Richard Plinston

Re: Shipments

> I stopped reading when it mentioned shipments.

When MS took a $900million writedown on its stock of Surface last year it was said that this was at $150 per unit. So they had 6 million units left over that weren't selling. At the time they were not selling these through distributors, now they are. It may be that this growth in _shipments_ is a mix of original and generation 2 Surface into distributors at knock-down prices in order to get headlines.

Much like the unrepeated 'WP beats Apple in 25 countries' was _shipments_, mostly to places that Apple didn't ship to, and when Apple was 'between products' with a new one due.

Cyber crims smash through Windows into the great beyond

Richard Plinston

Re: king of foo

> "But surely MS do something fundamentally wrong when it comes to security?"

There are many things that Microsoft _designed_ into Windows that led directly to security problems. Some of these have been fixed, but many are just papered over by popping up a 'yes/no' dialog that then turns the blame onto the user.

* Inserting a Floppy, CD or USB drive executes code on that device with no further user action. (mostly fixed now)

* Opening an email, or in some cases merely selecting it so it can be deleted, can cause attachments to be opened. For certain types of attachment this will cause code inside it to be executed - by design, such as Office macros, - or by flaws such as image handling.

* File 'types' are hidden by default so that 'knickers.jpeg.exe appears to be an image that the user can safely click on.

* Any file that is .exe is executable. A file that is downloaded does not need anything else other that it be a (hidden) .exe to be run.

* ActiveX. No more need be said.

* Users running as admin.

Other systems don't have these designed in security failures.

Bing's the thing in Microsoft's push for cheap Windows devices

Richard Plinston

Re: So where are the Whiteknighting MicroSoft Shister-Team

> That they cannot do this is precisely my point: Google's current all or nothing licencing for Android apps prohibits OEMs from competing with Google.

That is completely untrue. For example Amazon competes with Google even though it uses Android (though it cannot use that name). Nokia/Microsoft also competes with Android-X. While Google does license its services on an 'all or nothing' basis, that does not prevent Android code being used to compete, nor does it prevent OEMs _adding_ additional services.

There is nothing to prevent an Android phone from having Google services _and_ HERE. Granted, the Google apps are to be more prominent and HERE would make the device more expensive.

It just makes more commercial sense to let the user get the app himself and pay for it separately should they require it because otherwise the additional cost would deter others who do not require it.

Richard Plinston

Re: Microsoft, Bing, Windows 8.1

> @Bob Vistakin - I think you forget that MS is one of the largest contributors to Linux.

@The Vogan/AC: you really should try to keep more up to date rather than cherry picking obsolete information. Microsoft _did_ 'contribute' to Linux a couple of years ago. Your 'is' is entirely misinformation. The 'contribution' was entirely out of self-interest.

"""After making headlines with its unexpectedly voluminous contributions to the Linux kernel in 2012, Microsoft has all but disappeared from the Linux development scene, according the latest report from the Linux Foundation."""

"""Redmond's contributions logged in the 2012 report were almost entirely devoted to adding support for Microsoft technologies to the Linux kernel. Specifically, Microsoft maintains the kernel drivers for its Hyper-V virtualization hypervisor"""

http://www.theregister.co.uk/2013/09/16/linux_foundation_kernel_report_2013/

Microsoft: Pssst, small resellers, want to sling our cloud?

Richard Plinston

Re: It's what you might call a limited offer....

> Microsoft has the majority of server systems as can be clearly seen from various statistical sources.

If you actually believe that then you are unaware of how the statistics are created.

For example: The netcraft statistics of total web domains has been manipulated by Microsoft paying hosting sites to put their parked domains onto Windows Servers, or at least giving them machines and software to do so. This boosts the 'total domains' statistics by hundreds of thousands with no content and no traffic. Look at the 'active sites' for a more realistic view of the distribution.

For example: The 'server market' is measured by dollar revenue. OEMs selling fully built and licenced Windows Servers dominate this statistic while in-house built Linux and BSD servers, such as those at Amazon, Google and many other large sites, or even small ones, do not show up at all. It is reputed that when Microsoft took over Skype it replaced the 50,000 supernodes out in the community with 10,000 Linux servers in-house. I bet those never showed up in the 'statistics'.

http://arstechnica.com/business/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft/

So you reckon Nokia-wielding Microsoft can't beat off Apple?

Richard Plinston

Re: strange article

> Very different OS,

Actually both Windows Mobile (including its ancestors) and WP7 were the same underlying OS: Windows CE. WP8 may have a different kernel but is indistinguishable from WP7 to the casual observer (or potential customer).

> vastly smaller market,

Yes, MS did well when there were no competitors.

> irrelevant to Windows Phone's current position.

Windows Phone is irrelevant to the current market.

Richard Plinston

Re: strange article

> So a different OS a decade ago had different numbers. What a surprise.

It shows the decline of Microsoft's phone from 23% to 3%. This has been _in_spite_ of replacing the OS twice (WM -> WP7 -> WP8) to get more features and possibly _because_ of dumping the old developers.

> See also the latest figures from May 2014 which cover Q1 2013 - Q1 2014

The report claims that WP have sold more units YoY Q1. It also shows that the WP _smartphone_ market share declined. Your reference includes dumbphones (which declined) in order to diminish the problem that WP unit sales % increased less than the total smartphone market % increased.

"""Nokia writes in the Q1 2014 results:

"The year-on-year and sequential declines in discontinued operations net sales in the first quarter 2014 were primarily due to lower Mobile Phones net sales and, to a lesser extent, lower Smart Devices net sales."

"""

So Nokia itself states that YoY Q1 had _lower_ net sales in 'Smart Devices'. As Nokia is 90% of WP the figures in your reference may be questioned. Perhaps thay added in the Android-X pre-sales.

http://communities-dominate.blogs.com/.a/6a00e0097e337c883301a511ad1f30970c-pi

Richard Plinston

Re: When Nokia teaches Microsoft about phones

> In turn, for example, it could not have separate ringtones for callers, which is a feature 99% of the consumer users care of.

There was an app for that: http://www.crochik.com/mycontacts/

> Probably the N9 was a better attempt, but it came too late - people already switched to Apple or Samsung.

While the N900 was primarily a small tablet (following on from the N770 and N800) with phone capabilities added, the N9 was designed primarily as a phone that could run similar apps to those of the N900.

The only thing that held back the N9 (and the N950) was that Elop stomped on it because it made WP look poor by comparison.

Richard Plinston

Re: strange article

> A more useful observation would be that Windows Phone had 3-4% of the global handset market last year and is growing faster than any other platform.

"""In Q1 2004, Windows Mobile accounted for 23% of worldwide smartphone sales."""

While there was growth, in particular 2013Q3 was well above 2012Q3*, since then the volume _and_ market share has dropped. 2013Q4 was less than 2013Q3 and 2014Q1 was less than 2013Q4 and less than 2013Q1.

As for 'growing' faster than _any_other_ this is simply wrong. FirefoxOS and Jolla's Sailfish went from nothing to something which is way more growth.

* 2012Q3 was a particularly low point when WP7 was deadended and WP8 was not in full production. 2013Q4 was particularly a high point because bargain bin WP7s were still being sold off cheaply and the low end WP8s were being sold at a loss to try to gain market share. Projecting those points, as you do, shows that you have zero understanding of the market and grasp incompetently at figures that are obsolete. Even Nokia acknowledged that their volumes and market share have been in decline for half a year.

Richard Plinston

Re: where I stopped reading...

Corrected for you:

Xbox 360 was _losing_ bundles of money long before Android was on the scene.

It seems as if your sole source of 'information' is a brain implant with a direct feed from Redmond's 'marketing' department.

http://www.gamefront.com/the-ps3-and-xbox-360-have-made-huge-losses-up-to-8-billion/

Richard Plinston

Re: When Nokia teaches Microsoft about phones

> Maemo ... putting a Linux OS into a small portable device, but it was an ugly unfriendly device for most users who weren't interested in running an SSH shell.

You appear to know nothing about Linux or, especially, Maemo. Contrary to your dogma it never required an SSH shell.

Richard Plinston

Re: I disagree in part

> Android users invest far less in their app than iOS users. Which makes switching from Android cheaper.

You seem to have some odd ideas about spending.

Buying apps is _not_ an 'investment', it is just spending money: ie a cost.

Android users spend less money on apps for several reasons:

* Many Android phones are used only as 'feature phones' or just 'phones'. The users have no need for apps, they are not addicted to Twitter or FacePalm. They buy inexpensive Androids because they are not much more than dumbphones.

* Many Android apps are free (see F-Droid) where equivalents for iPhone or WP would cost.

Your conclusion that "Switching from Android would be cheaper" is complete nonsense. If the Android user had free Android apps that would cost money elsewhere then that is not 'cheaper'.

Richard Plinston

Re: I disagree in part

> all the money you have invested in apps

It isn't an 'investment', at best it is a cost.

Microsoft Surface 3 Pro: Flip me over, fondle me up

Richard Plinston

Re: Shame really...

> two killer punches nothing else has: Full sized USB port and a proper charging socket

I have a 10" tablet that has a charging port plus _two_ USB ports, one is host, the other client. Plus I use a bluetooth keyboard/cover/stand. Using bluetooth means that I can have the tablet in portrait and/or have the keyboard (or a full sized one) on my knee while the screen is, say, on the airline tray.

> numpties: you can't trust 'em with micro to full USB adapter leads.

Why ? Do they try to use the wrong end ? Do they have difficulty knowing which way to use a pencil ?

Microsoft’s 'FIRST NOKIA' arrives at £89

Richard Plinston

Re: Might consider this

> it gives me a choice of about 5 or 6 apps to open it in

And you probably installed 4 or 5 of them yourself. So which do you want to use ? Choose one, set it as default, then complain that it won't use the others you installed.

'Microsoft Research slides' show touch-enabled Office - report

Richard Plinston

Re: Sorry to ruin the party

> Hmm. Mechanics and surgeons seem to manage OK.

Mechanics and Surgeons don't operate with their fingers, they use tools such as spanners, screwdrivers and scalpels which keep their hands away from the point of operation and leaving a clear view.

Oracle vs Google redux: Appeals court says APIs CAN TOO be copyrighted

Richard Plinston

Re: Probably the death knell of the "industry"

> Nokia returned to profit before they sold their phone division to Microsoft from several years of losses, so clearly going Windows Phone actually turned them around

Nokia, the whole company, did make a small profit. The phone division, the part sold to Microsoft, still made a loss in spite of being given a $billion a year. Yes, going WP did "turn them around", from being the largest phone company to nearly dropping off the top ten*.

> Yep - at the last count I saw, Windows Phone now outsells Apple's iPhone in 25 countries.

Yes, but that is because you only look at stats that support your spin. In that particular case it was for a very short time last year just before the new iPhone was released. Most of those countries are ones that Apple doesn't ship to.

> Google are not spanking Oracle in any market segments I am aware of

Given that you seem to only being aware of what comes over your direct feed from MS marketing then it is not surprising that you don't know about J2ME/Java ME.

* Nokia are 9th in smartphones for 2013 - http://communities-dominate.blogs.com/