XSS Browser Filter Mitigation

I’ve recently become interested in XSS or Cross Site Scripting which is the process of executing arbitrary javascript on a website. It’s fairly simple and is interesting if you try it on websites you visit as a habit. This however got fairly boring fairly quickly as there are XSS vulnerabilities everywhere, I found one in the Bank of Queensland’s website (which is now gone sadly).  Because of the prevalence of XSS vulnerabilities browsers such as chrome, safari and internet explorer have started protecting users against these attacks. This link: translate XSS will not work in chrome, safari or internet explorer but it will work in firefox. This has led me to an interesting topic, XSS Browser Filter Mitigation. That’s the process of executing arbitrary javascript despite the browser protection.

There are some well known bypasses for chrome (and safari), these include executing javscript when you have control over two variables: From There is an example on my own website: here That link spreads the XSS attack over the variables a and b, completely removing the protection of chrome and safari. However Internet Explorer protects against this. Another attack on chrome’s protection is by using its html cleanup to execute javascript: From Another example is on my website: here However internet explorer still defeats it.

These general attacks are extremely cool and much Kudos to the people who discovered them. I’ve been looking at specific attacks which get round these filters. By specific I mean they only target specific websites. So how does one get around XSS filtering. The thing I realised (someone may have helped me realise this, I don’t know/can’t remember) is that if any data undergoes translation from input to output then the browser can’t protect against it as the browser can’t be aware of the translation that it undergoes. This isn’t exactly amazing or groundbreaking but it is interesting. The very first thing I tried was to get an XSS attack working for chrome on http://www.motobit.com/util/base64-decoder-encoder.asp  The first step was to encode the attack into a base64 string. </textarea><script>alert(‘hi’)</script> gets encoded to PC90ZXh0YXJlYT48c2NyaXB0PmFsZXJ0KCdoaScpPC9zY3JpcHQ+ If you decode that string you will get an alert saying hi. So success! (Auto submit)

I’ve found interesting vulnerabilities since discovering this. This includes a pig latin translator and other translators. Converters are generally vulnerable. However one particular  specific attack made me very amused. It uses an SQL injection vulnerability (and yes if your website has an SQL Injection Vulnerability in it then you have a lot more problems than arbitrary javascript execution. The attack is against MoreRFID.com and it selects a hexstring and dumps it to the page. The link is here (remember kids, data theft is illegal).

I like these attacks because it firmly places the responsibility of protecting the page back on the web developer. Browser filtering should not be an excuse for poor security. If you are a web developer who takes data and manipulates it in someway you need to be aware of these types of attacks and always escape your output.

Starcraft

I’ve been playing Starcraft 2 recently. It’s a pretty cool RTS.  I’m pretty bad at it. But I have fun which is pretty much why I play games. However I have more fun when I win than when I lose.  It’s a little bit stupid really but I can get unreasonably angry at losing. I don’t feel it’s that beneficial at all to me so I try not. My response now is generally to GG (good game) and leave which actually tends to break my anger. I try this because there is one reason why I lost. I played worse than my opponent. It may be that I get cheesed but I didn’t scout it. It may be that my opponent went mass air but I went ground attacking units only. Regardless. It’s silly and stupid to get angry at the other person. It’s silly to be angry at myself when that won’t help me get any better and it certainly won’t help me enjoy the game. What’s really weird is that I don’t tend to get this angry in real life unless it’s about issues I find extremely concerning, namely people wanting to stop to loving people getting married. I don’t really consider starcraft worth getting angry over. Yet it is so compelling that I seem unable to help it sometimes

I find the most compelling aspect of starcraft to be the meta game. Starcraft has 3 races, each races has vastly different units and vastly different mechanics. What this means is that a huge amount of complexity arises, no game is the same. It’s hard to communicate how much this contributes to my enjoyment of the game but I’ll try to explain with an example. If you’ve ever played a card game you get given a random hand to begin with. This is what introduces compexity into the game. However it also doesn’t appear to be very fair. You could be dealt a very bad hand and auto-lose or you could be dealt and extremely good hand and win. With starcraft you don’t have randomness being used to give you your hand. You get given your hand and told to play the cards in any order you like. What’s great is that the way everything can diverge. Given the number of possible configurations there are still unexplored realms of the game. Every so often a jump is made as people realise that playing cards in a certain order yeilds better results than what currently happens. It’s this evolutionary nature of the game that is brilliant

Yet is the meta game reason enough to get angry? Not really. However all this talk of meta game makes me think of another question. Is getting angry reason enough to get angry at me being angry? Not really. The response that I should have to anger is inquiry. Why am I angry, does my anger bring me any benefit, should I make a blog post about it? Through this process of inquiry I find myself often becoming less angry because I realise being angry isn’t going to get me the result I want. Instead it makes me commit mistakes that often drive me from the result I want. I’ve actually found myself getting less angry in general after thinking about this. When I was younger I’d use to get really angry during those team building exercises you have on camps. In fact, most people got angry during them. there was no team building and a lot of friendship ruining. Which is stupid right? I don’t know when but I made a decision that I was going to have fun no matter what during those exercises. Everytime our group made a mistake I’d try and have a very bad joke that took the edge off it. Suddenly no matter how badly our team was doing we were enjoying ourselves a lot more. And I noticed we tended to do a lot better, we were alright to try something, make a mistake, and get back into trying to solve the problem.

I wish to leave you today with two quotes. One from my favourite Starcraft 2 casters Day[9] we you should check out on youtube: ‘When people tell me that life sucks I no longer believe them, I say “‘you’re being silly. Life is fantastic”‘ I disagree with this quote as I think life does suck for a lot of people. But it doesn’t suck for me. Why should I get angry when my life is so undeservedly good?

The other quote is from a book. It’s all about rationality. It’s called Harry Potter and the Methods of Rationality. This quote hasn’t made me stop thinking for quite a while.

“he’d found it tremendously amusing that the great and good Albus Dumbledore had been sitting there doing nothing as this poor innocent girl begged for help, while he had been the one to defend her. And he told me then that by the time good and moral people were done tying themselves up in knots, what they usually did was nothing; or, if they did act, you could hardly tell them apart from the people called bad. Whereas he could help innocent girls any time he felt like it, because he wasn’t a good person. And that I ought to remember that, any time I considered growing up to be good.”

Which can interestingly be considered an slightly more focused exploration of a previous quote from the book “if I always waited for perfect information before I acted, I would never do anything.”

I think the last quote says a lot about making decisions, it says a lot about the differences between being good or bad and it says a lot about the difference between a good action and a good person.

Also, watch this.

Stealing Someone’s Idea for Blogging in a Word

Plagiarism

 

Thanks to Beth (http://argonescence.wordpress.com) and Luke (“Plagiarism is fun”)

Or is that the other way round?

Regardless. I’m slightly irritated and here’s why.

Today I went into my mother’s work to help her with her website. She is a primary school teacher in a primary school. Naturally this means she has next to no money to make this site on. However the DET provides the hosting which is good. Her website actually looks quite nice for something designed in expression web. She has put a lot of work into but kept coming up wrong when she tried to implement a contact us page. This sort of page is a very simple job, you can use a wide range of server side languages to get it to work, my weapon of choice is PHP. Astute readers will have already picked the main problem out now however I will dwell briefly on a contributing factor to my rage.

Firstly the Teacher accounts aren’t administrators. This sucks fairly badly. I had to go ‘get’ the admin account to install anything, which I needed to do to give me some essential programs. Worse still is the highly restrictive environment not related to administrator privleges but still applied to teachers. They don’t have a run box, they don’t have cmd. Though they do have powershell but I’ve never used that so oh well. They also don’t have access to their own desktop. You can’t actually copy files to the desktop. I was not impressed. The DET stupid.

That was the ‘minor’ problem. The major problem is the server. I came in expecting to write some php and leave. About half an hour later it became clear the server doesn’t appear to run php or python, or even asp{x}{.net} (Which I don’t actually know how to use but I ran through some tutorials to get a bit of an idea about how it worked.  So yay for new language, boo for the most useless language I have ever learnt. So the server doesn’t have any server side languages . This was so irritating, but being resourceful I decided to contact someone to find out how to get it installed. Well. I went to www.schools.nsw.edu.au to find out how to contact someone. Their contact us page is useless. The only thing close to general enquiries was the head office contact number. So I decided to call them. 5 minutes later someone picked up. So I let them know what I want and they go ‘not our problem, let me send you to the IT guys in North Ryde’ Which is fair enough, kind of what I expected. So I get onto the receptionist in North Ryde. She was completely useless, which is not what I wanted from the IT guys. I explained what I needed and she said. Do you know someone here?’ I said no. She said ‘I can’t make introductions, you need to know somebody.’ At this point I was thoroughly confused, I had got transferred to a brick wall, the reason I was calling them was because I didn’t have a good idea of who specifically to call. Not to be stopped however I asked ’Then how do teachers ever find out the information they need?” Fair enough question really, So she goes ‘Oh you’re a teacher? I can just forward you to the help desk.” I will take this opportunity to deny that the dent in the plaster wall that fits my head shape was actually caused by me.  Anyway an interactive menu system later I got onto some guy. I asked if he could find out how to get php onto the server. So he said sure, we’ll call you back after it’s solved. Cheerful but not what I wanted. Stupid, stupid beuracracy.

So that was sucky. But it gets worse. They sent my mum an email. It said. ISSUE RESOLVED: There is no PHP on the server. Thank you so much DET. You make life worth living. Anyway, I wasn’t beaten yet. I mentioned we could get some cheap hosting and make a form submission page which would redirect back to the original website. My mum said “But <some other school> can do it” So I decided to email them. And guess what. They were doing it the way I came up with to solve the problem.

So basically. In summary: The DET is useless. The hacky solution is hacky (and to be honest, a great (fairly mediocre) business idea. $10 bucks a year for a submission handler. You could get every school in Australia) Then my mood improved because some girl had a birthday and had brought chocolate crackles so heck yes. Then my mum paid me. I don’t know why, I was taking the day off work anyway to do some study, I certainly wasn’t expecting it. But it was very nice of her.

One final thing on the DET setup. They have Square monitors…. Which makes no sense, our eyes are horizontal, we see things horizontally, hence horizontal monitors. Sure they cost a bit more but they lead to increased productivity and are ergonomic. And for the love of whatever you hold most sacred. Please install google chrome. It actually works -_- -end rant.

Wix, Bane of my existence

As of November last year I began working at an IT security company as a programmer, needless to say at the start I was very overwhelmed by both the work and the culture. It was so jarring compared to High school. No-one was breathing down your neck, you could go to lunch whenever you felt hungry – basically you were free. It was very jarring and slightly odd.

However the culture was not a large issue as I enjoyed it a lot more than school, the real problem was the work. Throughout high school I’ve programmed hundreds of tiny, and several large, projects. They were normally entirely programmed by me with no thought as to programming style or any sort of success metric to evaluate them. The largest program I had coded had been a prefect voting system that had been rushed together in two weeks and only works by magic and super glue.  This was a massive contrast to being asked to write an installer in a language I didn’t know for a program I hadn’t written. It was quite daunting.

The language I didn’t know had a name: Wix. A name which should put the fear of god into anyone. I may be over dramatising but finding good information on Wix is like finding a needle in a haystack. After you find it, it’s still only a needle. The main point being, it’s very hard and very tiresome to get wix to do what you want it to do. There is lots of tiny stuff like setting GUIDs for each version of the installer so that you can update without issue. However one thing eluded me. A 64 bit switch.

To explain what this is, the program I had to write the installer for had 32 and 64 bit versions. Don’t worry about what makes them different, the important thing is that they are.  This meant that every time I wanted a new installer I had to rename everything for 64 bit and then for 32 bit. Futile searches on the internet turned up nothing, it wasn’t that no-one had done this before, the information just wasn’t there. Till today

Wix is a markup language. This means it uses english words to describe data. So an easy example is writing a markup language for a database of books. It would look like this

<Author Name = “Dianna Wynne Jones”>

<Book name = “Howl’s Moving Castle”/>

<Book name = “Archer’s Goon”/>

<Book name = “Charmed Life”/>

</Author>

The Author descriptors tell you that any books in the following bits of data are written by the same Author. It is possible to extend this so that the Book descriptors contain more information perhaps the year of publishing or ISBN. The main point is that it is very static. It’s all about hard coding data in. The Name Diana Wynne Jones will never mean anything different. It’s why webpages used to be static, they were all hard coded and static pieces of data, they are now more active due to new, non-static languages. This makes it difficult to write flexible or conditional code in your program.

Today I found out how to do that. Warning. If you’ve found the beginning dull it will only get worse. In Wix you have an descriptor that looks like this

<? define XXX = YYY ?>

So an example is

<?define Win64 = “no” ?>

An interesting thing to note is that this value is still hard coded, even though it is a variable it would be better described as a constant. It turns out there are several other <? .. ?>  descriptors in Wix. The ones of the most use are if, else and endif

The way to use them is such:

<?define Win64 = “no” ?>

<–! code setting up features and directories –>

<?if $(var.Win64) = “no” ?>

<file id=’32dll’ name = ‘program32.dll’ />

<?else ?>

<file id=’64dll’ name = ‘program64.dll’ />

<?endif ?>

This means that instead of changing the file name every time you can simply change the variable to a yes or no. This was brilliant.

Also in case you were wondering I haven’t been working on the Installer for three months. I’ve been doing other stuff as well, which I have enjoyed immensely and has really stepped up my programming knowledge and skills.

However if I’m _ever_ asked to write an installer with a dialogue box I will be forced to kill everyone. Those things look disgusting.

See you in 2 months! (which is when I’ll next write a blog post if the past is anything to go on)

NYE blog post.

This post is of entirely my own volition and beth did not in anyway force me to do this.

Skype-ing with  friends in New Zealand is fun Especially if you play certain skype games with them. Also Robert can’t feed chocolate to anyone. anyone at all. Also watching the Doctor Who special at NYE is a brilliant thing to do.

some resolutions.

• Don’t commit genocide.
• Finish GEB
• Increase my powers of rationality
• Get Beth drunk

In reverse priority

w00t

Thoughts

It’s been a while but now I have a physics exam on Thursday so now seems like a good time to make a blog post. It’s going to be a little collection of thoughts I’ve had recently.

The first is the projection fallacy. I have no idea if this is a) Technically a fallacy or b) one that I’ve thought of and that no-one else has. It seems fairly common. Anyway the projection fallacy to my mind works like this. You treat everyone you meet as yourself in a different context which leads to false predictions about their behaviour. An example of this happened whilst playing a game of celebrity heads, the celebrity was extremely hard yet the kid who was playing got it almost immediately. This lead another student to accuse the kid that he had simply looked over his shoulder. What was interesting to note was that the kid himself hadn’t looked over his shoulder at any point (I know this because I’m creepy like that). I then accused the accuser that he was simply saying what he would have done in that situation and that just because he would cheat didn’t mean he had to accuse everyone else of cheating. What amused me greatly was I basically did the same thing. I said to myself, In that scenario I would have accused the original kid as if I was playing the game. That’s like nested projectioning.

So how much does this make sense to you? Have you ever found yourself interpreting other’s actions and words as if they were simply you in a different context? If I notice myself doing this I try to stop. If I notice others doing it I try to see if it’s actually me thinking that I would be projectioning in that scenario. I find that having done this I can predict actions of people a lot better. If they aren’t all projections of me then I’m forced to think like them rather than thinking they think like me. Harder but more optimal

Second thought. Hamlet/Shakespeare in general is a lot cooler when not studying it. It’s easier to appreciate someone’s skill when you aren’t being forced too. I spent most of  engish raging at the teacher’s for going over the top and most of the time lying through their teeth about meaning in texts. I now can think about Hamlet in a positive light, in the way I want to.  Hamlet and Othello  still have weird problems with time but it’s easier to ignore it and just enjoy the play. I have also come to a new opinion about Romeo and Juliet. I spent a fair bit of my time going ‘what the hell, this isn’t love!’ However I have come to the conclusion that this was intentional and you can see it across Shakespeare’s plays as a fairly unifying theme. That is, False love is a destroyer of everything.

Examples 1. Romeo and Juliet: Romeo and Juliet meet one night and then profess true love to each other. One of them pretends to commit suicide and then the other one commits it for real and then the original one commits it for real and the entire city goes to war. Possibly not the best summary ever but I think you can see that the love there wasn’t perhaps the most true of all and the end result was fairly bad

Example 2. Othello: Othello confesses that he truly loves Desdemona. He then kills her out of jealousy that could simply be overcome by asking her outright. Then Othello commits suicide.

Example 3. Hamlet: Hamlet loves Ophelia. Then treats her like an object. Gertrude apparently loves King Hamlet, yet jumps into the bed of Claudius straight after he gets murdered ‘With such dexterity to these incestuous sheets’ (disclaimer I didn’t check that quote) Ophelia commits suicide or becomes insane and dies because of that. Hamlet gets killed by Ophelia’s sister. Gertrude gets killed by Claudius and Hamlet kills Claudius

So I think that there may be a common theme here, firstly Shakespeare is a macabre character and secondly he has a slight thing against false love. I may be reading far too much into it. Something I hope never to do but is also possible. Whatever you think though, don’t think I’m trying to shove this down your throat. If you have a different opinion then you have a different opinion, let me seek to persuade you but never let me force you to choose something different.

Third thought. I’m legally allowed to vote and I don’t want to. Mainly because I think it’s stupid to vote in a system where the correct result is voted on by the most amount of people. If you took that seriously Obama would be a muslim. The earth changed from being flat to being spherical once more people believed that. Just because most people believe it’s right doesn’t make it so. Imagine if scientific research was delegated to voting on it. Everyone could just vote on whether gravity was the best theory. It wouldn’t matter if it got the right result, they got it in the wrong way. Likewise with politics, politics is (should) be about serving the countries best long term interests. In the case of Australia it appears to be, serve the short term interest so that the government can be re-elected next election. This is hopelessly foolish. The main problem I see is that most people don’t have a clue. That makes them easy targets to convince. You say a simple argument and you win their support, you point out a negative point about your opposition and you win their support. People vote for ‘Liberal’ or ‘Labor’ they don’t vote for policies. This is so irrational and confusing to me. In the words of Shakespeare ‘A rose by any other name would smell as sweet’ Who cares if you’re voting for a party called Liberal, labor, the shooter’s party? It doesn’t matter what they are called. It matters what their policies are. I’d vote for the Hitler-Communism alliance party if the party had policies that were better than any of the other.

I’m sure I’ve thought more but whatever. Leave a comment if you have any thoughts yourself. I am confident that my loyal readers shall be able to pick apart exactly why I’m wrong. And Go!

Rationality; We Get Just A Tad Fangirly (via An Infusion of Ethereality)

Ok So the we in this post includes myself. Just so you know I’m not ripping the whole thing off. I wrote part of that review

We wrote out a thoughtful and considered review for our current favourite fic. It's rather marvellous, if we do say so ourselves. And hence must be posted here, for true fangirly glory. — Hello, We're big fans of this fic, and of your other work on yudkowsky and lesswrong, and perhaps spend rather a lot of our time exploring ideas that seem relevant. Specifically relevant to this chapter is a discussion we had earlier, as to the factors that in … Read More

via An Infusion of Ethereality

Shopping is Painful

If you aren’t with awesome people who buy fezzes or bowties or top hats or canes or pink toilet seats or cucumbers or nail polish or an octopus with you. It is especially painful if after walking around for two hours you realise you can’t find the product in any of the stores you visit and the layout of the shopping centre is really poor. Welcome to my Wednesday

To back up at bit (yay non-linear blogpost?) I was in Hornsby to get my sister a Doctor Who T-shirt for her birthday. I had it on good observational authority that they existed (looking at you Beth’s sister) and I was determined not to lose. Anyway I now know Hornsby shopping centre fairly well, enough to hate it. After 2 hours of searching everywhere I couldn’t find a t-shirt.  This was a bit of a bummer. I wish more stores were like book stores, having a searchable catalogue. This surely couldn’t be too hard to achieve. They already have barcodes which tell the computer what the price is and the name of the item. Surely the data is already there. Now implement it. It would have saved me so much effort. Anyway I gave up searching for one and decided to make one myself via a printing shop.

This is where the story really starts. Due to trials I didn’t have my laptop. Due to laziness I didn’t pack any USBs in my bag. All I had was one USB which didn’t actually work. I didn’t know that yet. First problem was getting to a computer with internet access. Obvious choice seems like the library. Given that I lost my library card AND have a $20 fine on it I didn’t feel that now was the best time. So I found an internet cafe. $2 for half an hour. I got online and held correspondence talks with a tumblr blog and a normal conversation on gmail. The conclusion was reached.

That image on a t-shirt. I then stuck my USB into the computer and saved the image to it. Except the computer didn’t actually accept the USB. I tried several USB slots. I had 5 minutes left to make a decision. Go home empty handed or go home with an awesome t-shirt. It took no time at all. I went to the counter and spent $20 on a new USB. It’s a pretty awesome USB. So I save the image to the USB and leave.

I then go to the shirt printing place and give them the USB. They can’t get the USB to load. So we try several times. It doesn’t work. So I leave and think about what I could do next. Either go home now and cut my losses or go to the internet cafe again and email to the shop. I didn’t like either option. Going to the internet cafe again would mean I couldn’t purchase the shirt with the cash I had. So I thought of one more option. Print the image out and then take it back to the photo place to be made into the t-shirt. This left me with enough cash to buy the shirt. I then went to the nearest store with a Photo Printing machine. I then printed the photo off. Or rather waited 15 minutes for the photo to print.

I finally take the photo up to the printing place. I’m assured that it will get transformed to A4 size on the shirt and then I go to JB hi-fi to kill time. I end up watching Doctor Who on this little TV stand they have. After a while I begin to think that the TV looks small and not that secure. So I look round the back of it just to see if this was true. Not to steal it, just to see if it was possible. Of all times for a member of staff to come round it had to be then. Anyway I explained my boredom and that I was just watching Doctor Who. He left me alone after that. Then I went back to the store and got the shirt. Finally. It was now 10 to 3. I had left for Hornsby at 11:30. I had waste so much time on this it wasn’t funny. So I went home really angry which wasn’t that smart.

I became calmer and realised what an excellent story this would make. Hopefully Alice can forgive me for not making one for ages (Sorry) I also took a photo of the shirt and printed photo.

One final thought. I hope it fits.

Logical victory is logical?

I have recently developed something against people with very strong biases now. I use to be like that. I use to fangirl Windows like no tomorrow. I also use to be really Liberal (Australian political party that’s conservative) . No longer. Anyway I was reading this article ”Throwing down the gauntlet: Prove that Linux is not user-friendly“  I didn’t particularly like it so I wrote a response and it turned into a massive text dump. I’m sure I’m exceptionally wrong with my arguments so if those of you who read this feel like picking it apart that would be awesome. I also feel bad for the start bit.

lol have you heard of the saying ‘you can’t prove the negative’? Jack I’m 17 and I think you argue like a 12 year old, devoid of logic and utterly sure that you can’t be proven wrong. Don’t lay down this challenge if you aren’t actually willing to change your mind. As I said the own-ness of proof is on the positive. You can’t prove linux isn’t user friendly, you have the responsibility to prove the user friendliness of linux, which I’m happy to admit you tried to do.

That said I want to begin by pointing out that you should be talking about user friendliness not functionality, quality not quantity. All operating systems can perform the basic functions you mentioned. That isn’t the point. The point is how well the user can access those functions and how well the software makes the experience of doing so. But that doesn’t test the user friendliness of the operating system, that tests the user friendliness of the software. You saying that open office is a word processor doesn’t prove that Linux is user friendly. All it says is that it can perform one of the main functions. It doesn’t prove it does this in a friendly way.

I happen to use Fedora 13 and Windows 7 (I use windows 7 primarily for a reason I’ll deal with later) and I find that using Open Office on either system is tiring and tedious. I find Microsoft Office to be far more user friendly, I can perform tasks I wish to quicker and easier than in Open Office. I don’t think this has anything to do with the operating system user friendliness, I simply wanted to show that saying that linux has functionality does not prove it has user friendliness.

Your comment about browsers was also along similar lines, that somehow because you have 8 browsers installed that means linux is more user friendly. Again this is simply not true. It isn’t how many ways that you solve the problem, It’s the best solution which matters. In my opinion I find chrome to be the best solution. It is available on both Linux and Windows. I prefer the windows version as it is less buggy, this is due to the linux version being newer I assume. Clearly it is not dependant on the operating system but the software.

So what does make an operating system user friendly? I personally believe it is how you access these programs and the framework they come in. How easily you can accomplish the tasks that get you to solving problems. I would put forward that windows 7 is far superior to linux in this. I can’t prove linux is not user friendly but I can show you examples of stuff I consider user friendly  and that linux lacks it. That isn’t to say that user friendliness only occurs if the operating system behaves in certain ways but simply that these ways are user friendly

Accessing programs. I find Windows 7 superior to Fedora 13 in every way. I find that the Windows 7 task bar is intuitive where as the Fedora 13 panel and it’s task bar feel like I’m using Windows XP. The windows 7 task bar has large, easily clickable icons to launch programs that I use frequently, by right clicking or left clicking and dragging upwards I can access a recently opened list, program functions and other options than just merely starting it. The icons are easily pinned to stay their after the application closes and the icons are easily rearrangeable. Contrast this to Fedora’s panel. It has small icons and they can do the bear minimum, If I wish to rearrange them instead of a smooth process I can sometimes open the launcher in the program I am trying to switch it with. The Icons in the Window’s taskbar also are where the program is ‘stored’ when minimized. On Fedora you need a whole other taskbar. Neither intuitive or friendly. Windows manages to hold more programs in the task bar, making it more organised. Fedora’s taskbar looks cluttered when I only have a couple of programs open.

Hardware, you used an example of Linux’s support for an older printer as proof of user friendliness. Which it is indeed evidence for however I must provide a counter example. My laptop is approximately 9 months old and has special functions controls (Touch volume control etc) and includes a small button which locks the touchpad when pressed. Using windows this functions as expected, however when using Linux the computer freezes. This behaviour is not user friendly. Windows can cope, Linux cannot. I am not trying to say that this invalidates that example you raised but I wish to say that it shows that the example is not actually proof of user friendliness in hardware. Yes linux has support for old hardware but if it wants to be used on new computers it will need to support new hardware. Your example doesn’t really deal with user friendliness of the operating system, especially not as a whole.

Also in hardware, that I can and do use as an example of it not being user friendly in certain instances, is the fan of my computer. When running windows it is normally silent or off. This is for basic word processing and internet. However the moment I boot into linux the fan because unpleasantly loud. This is not an operating system being friendly it is an operating system being irritating. These example don’t prove it isn’t user friendly, they are showing instances of non friendly behaviour in which Windows consistently outperforms it.

I don’t think this post can prove linux isn’t userfriendly but it can show where your proofs of friendliness are wrong and also where linux isn’t being friendly. Hopefully this helps. It may also help to consider the factual evidence. A free operating system with a dedicated user base who know how to solve complex issues are ‘losing’ to an operating system which costs money. You said it yourself, market share is not a reason. If it isn’t then what is? It has to come down to the operating system. I find linux less user friendly (under my own guidelines) than windows. The actual evidence is in front of you. Linux is less popular than windows. You can’t actually argue with the evidence. It won’t fight back if you try though.

As I keep saying You can’t prove the negative. Your challenge renders arguments invalid simply by being and to be completely honest it is a little childish. I enjoy using linux and windows but I prefer windows for the reasons I stated above, and many more. Hopefully this made sense

Anyway so that was it. Please destroy it. That would make me feel better