Paul Dupuis wrote:
On 4/15/2016 7:37 AM, Tiemo Hollmann TB wrote:
I have the first customers following this advice and tell me that my
software is completely out of date. I am loosing customers.
When will LiveCode provide the new Mac & Windows compatible media player?
It was one of the crowdfunding aims and I haven't heard much about it
anymore.
Since Windows remains the world's most popular desktop OS by an order of
magnitude over the second-leading OS, I strongly support anything that
brings reliable video playback to that platform.
If Linux can come along for the ride so much the better, and ultimately
the Kickstarter goal of restoring and enhancing video playback on all
platforms will happen at some point.
But if a shorter term workaround is needed, favoring Windows is not a
mistake. No matter what OSes we use to develop on, for most of us the
majority of our income comes from Windows.
And because our revenue as LiveCode developers is what provides revenue
for LiveCode Ltd., Windows is the most important platform for the company.
This discovered vulnerabilities are real, but I can't help but wonder
how much of this statement from Homeland Security is retaliatory for
Apple's stand against the FBI. DHS has rarely issued such a strongly
worded statement for other end of life software with known vulnerabilities.
http://www.theverge.com/2016/4/14/11436932/uninstall-quicktime-windows-apple-stops-support
People are indeed sometimes petty, and all human organizations are prone
to pettiness. But I've known a few FBI employees and my impression is
they're up against the same challenges of working in any other large
organization, and simply don't have time to devote to pettiness for its
own sake.
The FBI and DHS regularly release vulnerability reports, such as last
year's two reports on vulnerabilities in Java. Indeed, the Java reports
should make it clear that this ongoing practice of reporting
vulnerabilities is far from vendor-specific: many federal agencies have
an almost disproportionately favorable view of Oracle products, but that
doesn't stop them from reporting vulnerabilities that benefit the
general public.
Every software will eventually reach end-of-life (EOL), and when it does
responsible vendors notify their customs of the implications and options
for upgrading.
This vulnerability notice would ideally be coming from the vendor, and
be unnecessary from any third party.
For a company whose marketing is often focused on security, it's been
surprising to many that Apple appears to have a policy of not explicitly
notifying their customers when software reaches EOL.
Consider Snow Leopard: when it stopped receiving critical security
updates this had to be reported by the tech press, because Apple
provided no notice for their customers:
Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable
to attacks
<http://www.computerworld.com/article/2487996/malware-vulnerabilities/apple-retires-snow-leopard-from-support--leaves-1-in-5-macs-vulnerable-to-at.html>
Microsoft gives many years' advance notice of OS EOL; Ubuntu lets you
know the EOL date for every version even before it's released.
Apple would do well to join the other OS vendors in being more
forthcoming with its customers about EOL and its implications.
What Apple should do in response just to annoy DHS and the FBI is patch
Quicktime for Windows.
Personally, I believe Cook's response to the FBI requests has been not
only appropriate, but ultimately most beneficial for the FBI, whether
the FBI realizes it or not.
We've done government-mandated security limits here in the States
before, back in the '90s, and we're still paying the price for that in
vulnerabilities that affect even federal systems today.
Cook noted that what the FBI was asking for simply doesn't exist at this
time, and that they're disinclined to create it. Ultimately, since all
systems are imperfect, the FBI found another way to solve their problem
and both teams get to save face.
On this issue there may be other reasons why it might benefit Apple to
deliver another round of security enhancements for QT/Win, but mostly
for the benefit of their customers.
If they stick with EOL for that package, let's hope at very least they
start informing their customers more clearly about the implications of
EOL for their software going forward. Their current policy of relative
silence on EOL is as unnecessary as it is damaging.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
