Gotta love permissions

Sure, I can field this one

1) First of all, there a multiple distributions of Linux. Some flaws are reported multiple times, because they use the same software.
2) The primary goal of Linux was never security. It's something it does on the side. If security is a concern to you, look into netBSD. Or tools you can use to harden your Linux installation, such as LIDS.
3) When you do all your business out in the open, it's easy for someone to count your dirty laundry
4) The software that most of these security advisories reported on are not Linux specific. Somehow, I doubt the flaw in Postgresql server win32 build is counted against Windows.
5) Windows have undisclosed bugs. For instance, the Samba team's found holes in MS SMB implementations. MS won't admit or fix the bug. The Samba team have never published what the bug was, because MS has never fixed it. Net result, no security advisory.
6) Linux distros come with a lot more software. When you're done installing Windows, what do you do? You start installing your applications. This is not something you have to do with Linux. Linux distros usually come with enough software to allow you to be productive. A compiler, a host of editors, an office suite, an SQL server...

But we're getting off-topic here. Of course, I'm not sure if there's anything left to be said about permissions. To summarize:

1) They Suck
2) They must be fixed.

Oh, Kris, if you're reading, I've never known the insertion of a script to change the creator. I always thought the Lindens favoured builders Can you tell me under what conditions that happens?

Comparing apples and oranges. How many security advisories are floating around Microsoft, on the "to be patched" list? We dont know .. so there is really no way of knowing what the true number of advisories are. The statistics you cited and referred to in that article are pure hand waving.

OF COURSE there will be more advisories for Linux et al. That meaans holes are getting patched and getting patched NOW, rather than remaining on the internal "to do" list. Do you have any idea what things are on the internal MS "to patch" list? I don't ... but the folks who reported them do... and their hacker counterparts. We hear about email viruses and web site defacements - because they are quite public. We do not, however, get to read stories about data theft on the more sensitive level (banks getting compromised etc.) - the high end major electronic crime - because such corporations and institutions do not want to shed bad light upon themselves .. and thus damage their stock value / bottom line. Guess what, though? It happens all the time.

As for empirical data, well I have as much as you... not much. Drawing upon my experience however (in computer security), I have seen "security through obscurity" fail enough times to discount it as a viable option. I definitely would not risk my professional reputation by advising a client it was at all effective. To do so would be unprofessional and irresponsible ... in my opinion, of course.

With regards,
Antagonistic Protagonist

It is interesting that when Microsoft patches a security flaw, they are somehow blamed for that as well ("It never should have existed in the first place, blah blah blah", but Linux and open source advisories are bugs being patched right now, and that is a noble thing. My point was that neither method of software development is without flaws, as humans are not without flaws. Eggy made a blanket statement about the security and bugginess of non-open source software, and that is what I was commenting on.

The Linux versus Windows debates remind me of the PC versus Mac debates of 15 years ago. It's gone far beyond factual common sense to become a trendy form of evangelism. It's silly. Tools are tools. Use what works best for you.

You are correct that all software is flawed in some way. Even mine

Now as far as Linux et al patching bugs now being noble .. I dont know. Nobility is not really an attribute I associated with software.

My post was made in regards to the security through obscurity point / counterpoint. I am of the opinion that it is not security at all and that is the crux of my argument.

Different people have different opinions on the matter. There are many folks who are far more educated / experienced than I who vehemently argue both sides. They all have valid points. Chip probably summed it up the best - use the right tool for the job. Even among the well educated, there is much disagreement about which tool is in fact the best for any particular job, though.

All that aside, the vast majority of security specialists do in fact agree that "security through obscurity" is not security at all. I agree with them.

With regards,
Antagonistic Protagonist

I was with you right up until the end. How can you speak for the vast majority of security experts? As you pointed out prior to that, I have seen both sides argued vehemently, and it will probably always remain that way, as the interests of private software companies and the open source community will always collide, and be hot button issues.

Fair enough, and I will stand corrected. Let me modify my statement to say "The vast majority of security experts whose work I have read or had dialogue with agree that security through obscurity is not security at all".

With regards,
Antagonistic Protagonist

Thank you, unlike some of the arrogant ramblings in this post, your posts are well thought out, and even in disagreeing with some of the points, I respect your opinion. Ironic from someone named Antagonistic...I find you anything but that

Thank you. I enjoy a good discussion, and I have learned that there are certain rules one must follow if one wishes to sit at the table where people get taken seriously.

As for my name ... well, the Antagonist and the Protagonist are really the same thing - it just depends on which side one is on at the moment

Plus, I like to play Devil's Advocate sometimes

-AP

Sure. I created a car... completely original, all prims, no textures or scripts or anything that might have fudged it. I asked someone in game if they could script it for me, since all my attempts at vehicle scripting have been, to say the least, laughabe!

He was reluctant to give me the script, and since I only wanted one drivable version for a friend, I just gave him mod rights to the vehicle via calling card. He dropped in his own script, and was from that point onwards listed as the creator of the car.

I havent tried this before or since, because I've tended to script everything (except vehicles) myself now. So I cant tell you if it was a fluke or what, but I know it happened twice at the time - I rezzed it twice thinking the behaviour was a bug first time round.

And I agree. The builder should be favoured. If I spend 80 hours creating a build and someone comes along and puts a quick one line rotation script in it, I don't see why it should become theirs!

I always thought there was more to opensource than the GPL. And I didn't ask you to rant about MS.

Where does a guy like me who just wrote an airplane script in the hopes that someone will take it and MAKE MONEY from it - fit into the open source movement.

I would also like to know what open source stuff you have in SL and would you mind if people used it to make money?