Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
Re:Buy a Pre
The major difference is due to the fact that it's an M$ product it's APIs aren't open
Is that so?
they're buggy and overall the devices run slower and are less customizable.
Care to share an example? Sounds like you have plenty... or are you just recycling wrong, out-of-date groupthink? -
Re:Document formats...
yeah, because MS would NEVER publish their formats. go back to your little, dark hole
-
Re:There is a LOT that uses MS Office
It would take a pretty major change to add process integrity into WinXP. Basically, integrity is another type of security characteristic (along with owner and group) found in every process. Whenever a process wants to do something, Windows checks whether it has permission to do that thing, based on the security descriptors and access controls. For example, suppose your Windows process wants to open a file for writing. On XP, the ACL of the file is checked against the user and group of the process. On Vista and up, the integrity characteristic is also checked. This is how IE7/8's Protected Mode sandbox works - the browser runs as a Low Integrity process, and can't write to locations that aren't also marked as Low Integrity.
In the context of shatter attacks, Windows permits any window to pass messages to any other window, regardless of the traditional ACLs. However, on Vista and above, a Low Integrity process can't send messages to a window owned by a process with Medium, High, or System Integrity. Similarly, a process with Medium Integrity (most programs a user opens) can't send messages to windows owned by High Integrity processes (typically set by starting a process using UAC elevation). You get the idea.
http://en.wikipedia.org/wiki/Windows_Integrity_Control
http://en.wikipedia.org/wiki/User_Interface_Privilege_Isolation
http://msdn.microsoft.com/en-us/library/bb625963.aspx -
Re:It's very entertaining.
That's interesting, and I'll be reading more on it. It doesn't look like it would work in my environment, though. Most of my business involving this sort of scenario deals with a broad range of consumer-level systems running XP, by and large. Using slip-streamed install media, my actual time 'at the keyboard' for reinstall, optimization, and cloning is generally under 2 hours, though it takes a little more than that total for the process to be done. Still, I wonder: How much time does it take you to create and then apply an image using that technique? Reading this WAIK page - there's no support for XP SP3? That seems odd. Has the page just not been updated, or is that for real?
-
Re:There is a LOT that uses MS Office
You probably also knew about the message queue vulnerability... didn't you? A professional would know.
If you're talking about the one you cited, yes, for years. It's a very moderate vuln actually, even on XP / Windows Server 2003
And I wouldn't be too sure that 32 bit Vista or 7 could effectively patch the problem without changing the Win32 message queue and breaking compatibility. Do you have any references to cite this achievement?
Look at MSDN : http://msdn.microsoft.com/en-us/library/bb625963.aspx
Preferably one that explains why it isn't fixed in WindowsXP.
That is very simple: the changes are extensive, too big to be ported back.
I've read through your comment history a bit. You might as well add a signature that says "I'm a Microsoft shill."
Oh right, since I don't talk shit about MS like you do, I must be a Microsoft shill... Now I could go take a look at your comment history and tell you you're a [some insult], but what good would that be ? That would say more about me than you.
The reality is, I'm right and you're wrong, you had no idea what you were talking about and got caught red handed.
Calling others shills won't change any of that. -
Re:Escort
Yeah. Tell me about it. I was a MSR intern last year. Non-Research interns got the red carpet, while Research's got the shaft. On day one, HR told us, "We have several intern events planned this year, but not every group will go to each event. So if you hear that some interns are going rock climbing and you're not, don't worry. It will be made up with some hiking or wine tasting event. Same thing with baseball tickets. Different groups go on different days, so don't worry."
That police escort was to a private concert with Vampire Weekend, and like three other bands. Every attendees received a free Zune. (Granted, it's a Zune, but it's home electronics rather than a damn sweatshirt. and at the very least you can sell it on eBay.) The Research interns were pissed. HR's response "We told you not everyone will go to the same event. You have a boat cruise." My response: "They better be passing out free XBoxes at the dock."
On the bright side, I used my corporate discount and corporate debit card to buy this sweet 17" MacBook Pro. (Right back at you BillG and SteveB!)
What an ungrateful and obnoxious twit you are!
You get a PAID internship, room and board, something to stuff your resume with, and you are all set to SHIT on your benefactor? When does you Apple Internship begin. OH, they don't have one and didn't offer you one?
FU you jerk!!!
-
Re:telling nugget
MBA interns are likely program managers - these are the people in Microsoft who go and talk to the client, figure out requirements, and write them up for the developers. It's not really a technical job, although these people do have to at least ave a concept of what is possible within the system. I would also remind you that Microsoft has a business division.
-
Re:OK, let's talk perspective...
Take the raw numbers with a grain of salt - we (interns) don't get health insurance or stock offers, and most certainly don't have any job security. The seemingly high offers are simply what the industry values us at - Microsoft is far from the only company making internship offers like that, and they all have to compete with one another to get us. I can get cheap insurance through my university now, but in a year that kind of thing will be a big deal.
As for the salaries that Microsoft pays in general, that information isn't terribly hard to find online. If you've got experience* and preferably a degree (not strictly required, but most employees seem to have at least one), go ahead an apply. https://careers.microsoft.com/ (or https://careers.microsoft.com/careers/en/us/collegembahome.aspx for internships).
* While I don't deny that interns typically don't have a lot of experience, we pretty much all had some. It might be previous internships at other companies, or high school internships, or volunteer work, or research, or even something like a significant contribution to open source or something you'd developed independently, but I think we all had something. As for lack of credentials, I think one could argue that simply getting into the university programs we were in says something.
-
Re:OK, let's talk perspective...
Take the raw numbers with a grain of salt - we (interns) don't get health insurance or stock offers, and most certainly don't have any job security. The seemingly high offers are simply what the industry values us at - Microsoft is far from the only company making internship offers like that, and they all have to compete with one another to get us. I can get cheap insurance through my university now, but in a year that kind of thing will be a big deal.
As for the salaries that Microsoft pays in general, that information isn't terribly hard to find online. If you've got experience* and preferably a degree (not strictly required, but most employees seem to have at least one), go ahead an apply. https://careers.microsoft.com/ (or https://careers.microsoft.com/careers/en/us/collegembahome.aspx for internships).
* While I don't deny that interns typically don't have a lot of experience, we pretty much all had some. It might be previous internships at other companies, or high school internships, or volunteer work, or research, or even something like a significant contribution to open source or something you'd developed independently, but I think we all had something. As for lack of credentials, I think one could argue that simply getting into the university programs we were in says something.
-
Re:Escort
Yeah. Tell me about it. I was a MSR intern last year. Non-Research interns got the red carpet, while Research's got the shaft. On day one, HR told us, "We have several intern events planned this year, but not every group will go to each event. So if you hear that some interns are going rock climbing and you're not, don't worry. It will be made up with some hiking or wine tasting event. Same thing with baseball tickets. Different groups go on different days, so don't worry."
That police escort was to a private concert with Vampire Weekend, and like three other bands. Every attendees received a free Zune. (Granted, it's a Zune, but it's home electronics rather than a damn sweatshirt. and at the very least you can sell it on eBay.) The Research interns were pissed. HR's response "We told you not everyone will go to the same event. You have a boat cruise." My response: "They better be passing out free XBoxes at the dock."
On the bright side, I used my corporate discount and corporate debit card to buy this sweet 17" MacBook Pro. (Right back at you BillG and SteveB!)
-
Re:Comparisons with Other Technology?OK... so you think:
- Creating and destroying thread pools has negligible overhead, so Windows isn't losing much
- Having lots of threads running isn't a performance problem because any operating system will run out of memory before it can create enough threads to bog it down
My response:
- Can you find a thread pooling article that doesn't include something like "there is a lot of overhead associated with creating and destroying a thread that has nothing to do with the work that the thread was created to perform in the first place"? http://msdn.microsoft.com/en-us/magazine/cc164139.aspx
- It looks like
.Net/Windows performance peeks at ~20 concurrent threads per CPU. By 50 concurrent threads you've taken a 30% hit in execution time. http://aviadezra.blogspot.com/2009/04/task-parallel-library-parallel.html and http://msdn.microsoft.com/en-us/magazine/dd252943.aspx- Pools trying to tighten their number of threads on an unloaded system will take an even bigger hit; the difference between 5 and 20 concurrent threads can be several orders of magnitude.
You are simply wrong
-
Re:Comparisons with Other Technology?OK... so you think:
- Creating and destroying thread pools has negligible overhead, so Windows isn't losing much
- Having lots of threads running isn't a performance problem because any operating system will run out of memory before it can create enough threads to bog it down
My response:
- Can you find a thread pooling article that doesn't include something like "there is a lot of overhead associated with creating and destroying a thread that has nothing to do with the work that the thread was created to perform in the first place"? http://msdn.microsoft.com/en-us/magazine/cc164139.aspx
- It looks like
.Net/Windows performance peeks at ~20 concurrent threads per CPU. By 50 concurrent threads you've taken a 30% hit in execution time. http://aviadezra.blogspot.com/2009/04/task-parallel-library-parallel.html and http://msdn.microsoft.com/en-us/magazine/dd252943.aspx- Pools trying to tighten their number of threads on an unloaded system will take an even bigger hit; the difference between 5 and 20 concurrent threads can be several orders of magnitude.
You are simply wrong
-
Re:Let's change the definition!
Imagine a fork of Open Office
The problem is much bigger than that.
Microsoft sells Office as part of an office system.
Solutions for the Client, the Server, and the Web.
Exchange. Sharepoint and so on.
There is a Microsoft app for the loading dock. The point of sale.
Integrated accounting for $200. Accounting Professional Home Page
-
Re:Difficulty In Using
Because it is so clear on Microsoft website which of the four editions includes Remote Desktop functionality.
http://www.microsoft.com/windows/windows-vista/compare-editions/default.aspx
-
(Non) Reliability
It happens on a lot of levels and with lots of software. It is IMO one of the key issues which might hinder OSS to be adopted in a more professional way. Do note that I'm not stating that this is the case for each and every open source application out there, but there are a lot..
I've experienced this same kind of situation myself.. I'm a fan of the Java language and utilize this both professionally and as a hobby. Do note that I'm not a full time programmer. I've started out with NetBeans version 4.1 and basically kept following the developments around the IDE, now a full platform. The somewhat counter part of NetBeans, Sun Studio, offered support for UML diagrams. And it didn't took the NB developers too long to port UML support into NetBeans. And I can tell from personal experience that they did a really nice job. It wasn't perfect, it was still rough on the edges so to speak, with a few bugs here and there. But as long as you were familiar with the product you could do a lot. And the same applied to NetBeans.
Now all went relatively well until version 6 of NetBeans was released. That version became quite controversial even though I'll be the first to admit that they have done a really fine job. They basically rewrote the entire thing in order to clean out the code. As a semi-professional developer I can recognize and admire the technical impact this must have had. Don't get me wrong here. But as an end user I was appalled to see that several big and important features were gone all of a sudden. No more support for Bean Patterns (an option which made it easier to add or remove fields from a JavaBean), no longer would it offer an overview for JavaDoc (a separate window which would immediately show you what methods and fields you commented, which ones weren't consistent with the actual method or field and which still needed to be commented), and so on.
SO although it also offered a lot of new features (more modular support, support for other languages, etc) one of the primary basics was slightly crippled. Naturally all of this was fixed eventually, right now I'm also a very happy NetBeans 6.7.1 user and it does everything I need. Everything but one thing...
With the full code rewrite many modules also needed to change in order to be compliant with the new standards. Many succeeded, and many didn't. One of those was the UML plugin. Ironically enough for me it was NetBeans / Studio One which somewhat aroused my interest for UML diagrams. And when NetBeans 6.5 got released it was this particular feature which got totally crippled. It was hardly possible to create any decent diagrams, and to make matters worse the plugin now suddenly stopped supporting some (for me) important diagram types (like deployment, sequence, object). And so I eventually stuck to NetBeans 6.1 because I really needed UML support.
Until I suddenly noticed an article on the UML plugin webpage which mentioned Visual Paradigm. Its a company which developes UML modelling software, and one of their key products is the so called Smart Development Environment. And in my opinion its brilliant! Commercial, but brilliant.
This is a plugin which can embed itself in all of the major (Java) IDE's currently available; From Microsofts Visual Studio
.NET to IntelliJ IDEA right to Eclipse and naturally NetBeans. Although they do offer a free community license (free of charge with a few limitations when it comes to p -
Re:Awesome!
That's the wishful thinking. OSX is light years behind Windows when it comes to thread management: http://msdn.microsoft.com/en-us/library/ms681917(VS.85).aspx
-
Re:Comparisons with Other Technology?
That's great and all, but systems have been doing this for years. When I launch a thread on Linux I don't care where it ends up. The scheduler takes care of it. Same with Perl, pthreads, OpenMP and pretty much every other threading technology I've ever used.
What's new here?
With GCD, you don't "launch a thread". You "start a task", and how it is scheduled in a thread pool is up to the library. You don't muck around with locks, either - you define dependencies between tasks, and they're scheduled accordingly.
Why don't you just look at some examples of GCD use, and see for yourself? It really is much clearer to see the code in this case.
Microsoft has a very similar thing, by the way - Parallel Patterns Library - except that one is for C++ only, and uses C++0x lambdas rather than a (currently) proprietary C extension. But central ideas, and use patterns, are very similar.
-
Re:ext3
Completely wrong. There's nothing funny about the file permissions, because they use SIDs that are common across all Windows installations (the groups Administrators, Power Users, Users, Guests, etc. all use the same SID across every Windows NT version ever).
More about Well-known security identifiers in Windows operating systems.
So easy to be wrong. So hard to be right. -
Re:ext3
If you want to use get around some FAT limitations and still use FAT, there's ExFAT. However, Microsoft is selling licenses and hiding the specs behind an NDA.
-
Re:exFAT
...and microsoft page: http://support.microsoft.com/?kbid=955704
-
Re:Thanks
MS isn't a hardware company
The MS mouse, keyboard, webcam, fingerprint reader, wireless card, wireless router, Xbox and Xbox 360 (with related peripherals) in my home beg to differ on the notion that they do not brand hardware. http://www.microsoft.com/hardware/
-
Re:The problem with vista
According to the Microsoft Knowledge Base Article 931770 the fix is contained in SP1. Furthermore, the article which you linked to regarding posts on fixing slow file transfer is targeting probably unrelated causes/solutions such as old motherboard drivers, turning off thumbnails (obviously a slowdown will occur if you are trying to load thumbnails of 10000 remote pictures!), and turning off Remote Differential Compression (which probably speeds UP the transfer process by only copying file changes).
-
FUD
Telling me how much I'm worth on the black market of identity theft begs the question of whether HOW SECURE AM I FROM IDENTITY THEFT and does nothing more than add FUD to the identity theft discussion.
If you don't want your identity stolen, the right way to do that is to PREVENT YOUR IDENTITY FROM BEING STOLEN, not buy more software that may or may not patch more holes in the software you already have.
Social networking sites aren't the problem. People who freely give out confidential information are the problem.
Your computer isn't the problem. How you use it to make it easy for others to take your confidential information is the problem.Norton can't fix all the malware problems, and they can only do so AFTER they see the malware (either in concept or in the wild). Too often that's many many days after the problem is already too late. Their suggestions to use firewalls do nothing to prevent spyware installed through any number of known windows/adobe/vendor-of-the-day-hole from stealing your data in real time and delivering it where it will be used immediately to drain your accounts.
Use linux. Use FireFox. Use anonymizers. Don't store passwords anywhere other than your head.
Don't use Windows. Don't use Internet Explorer or Outlook. Don't keep all your passwords in the browser.Here's an excellent example of a "strong password checker" that is in fact TERRIBLE: http://www.microsoft.com/protect/yourself/password/checker.mspx
Hint: try aaaaaa$A There are two problems with this "strong password checker". The first is it assumes a password CANNOT be strong unless it has elements of letters, numbers, and either special characters or uppercase letters. The second is it assumes that at 8 characters a password containing members of those sets is strong, and that at 14 characters it is "the best". This implies that aaaaaaaaaaaa$A is a stronger password than "You'llneverguessmypassphrasebutI'llrememberit!"Norton needs FUD so they can sell more of their products.
We as
/. readers don't like FUD. Not from SCO, not from MS, ...and not from Norton.Stop the FUD when you see it.
E
-
Re:No way, man
No, it seriously is. Not only is it dead easy to navigate, but you can just type php.net/function_name_here, and it'll redirect you to the documentation for that function.
You can actually do a similar thing for MSDN when working with
.NET class library. For example, to open documentation for System.String, you go to http://msdn.microsoft.com/en-us/library/system.string.aspx. -
Re:Better Late than never?http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx
Today, they have XP listed as affected with the same impact as Win 2003 (DoS), just with a "low" rating and no patch. Windows 7 and Windows 2008 R2 are the only non-affected software.
-
Re:Maybe try fixing it...
You don't need one website group in charge od all updates. Just a UI spec that everyone who does updates is required to keep to. Or a CMS that enforces a company theme and standard navigation on every page.
Can the XBOX pages really be consistent with Office and Windows sections? Did this guy even think about what he was comparing?
No they can't. And that's why (quite rightly) Xbox stuff is on http://xbox.com/ not http://microsoft.com./ And hence Xbox content was not considered a point of inconsistency in the review. The pages that ARE on http://microsoft.com/ should be consistent, and they are not. That's the point. So yes, this guy thought about what he was comparing rather more thoroughly than you did.
-
Re:Maybe try fixing it...
You don't need one website group in charge od all updates. Just a UI spec that everyone who does updates is required to keep to. Or a CMS that enforces a company theme and standard navigation on every page.
Can the XBOX pages really be consistent with Office and Windows sections? Did this guy even think about what he was comparing?
No they can't. And that's why (quite rightly) Xbox stuff is on http://xbox.com/ not http://microsoft.com./ And hence Xbox content was not considered a point of inconsistency in the review. The pages that ARE on http://microsoft.com/ should be consistent, and they are not. That's the point. So yes, this guy thought about what he was comparing rather more thoroughly than you did.
-
Re:Discoverable URLs
What if you wanted to learn about Internet Explorer? You need to go to microsoft.com/windows/internet-explorer/default.aspx. Who could have guessed that without a search engine?
You DID try out microsoft.com/ie before posting though, right?
-
Re:Discoverable URLs
www.microsoft.com/office redirects to http://office.microsoft.com/en-us/default.aspx
www.microsoft.com/office2007 redirects to http://www.microsoft.com/office/2007-rlt/en-US/Office
www.microsoft.com/zune redirects to http://social.zune.net/home.aspx?culture=en-us
this does not inspire confidence.
-
Re:Discoverable URLs
www.microsoft.com/office redirects to http://office.microsoft.com/en-us/default.aspx
www.microsoft.com/office2007 redirects to http://www.microsoft.com/office/2007-rlt/en-US/Office
www.microsoft.com/zune redirects to http://social.zune.net/home.aspx?culture=en-us
this does not inspire confidence.
-
Re:Confused by sharing across computers
Could it be because Windows XP Home (still a very widely distributed version among Windows-using households) only allows 5 simultaneous connections and Apple wanted to keep things simple? This way if iTunes on OSX supports more that's great, and if it doesn't there's no harm done.
Apple is all about making things work with a minimum of fuss. Nowadays people have several computers at home and the average Joe won't be able to understand why it doesn't just work if you aren't upfront about it. http://support.microsoft.com/kb/314882 -
Re:It is harder ...
Compare http://developer.apple.com/mac/library/navigation/ and http://developer.apple.com/mac/library/documentation/Cocoa/Conceptual/ObjectiveC/Introduction/introObjectiveC.html to http://msdn.microsoft.com/en-us/library/2x7h1hfk.aspx [Looking at the ObjC page, I have to say that it isn't what I'd expect from Apple; and the MSDN site has gotten better lately.]
-
Re:Discoverable URLs
Your post applies to, *maaaybe*, 0.05% of the population who not only directly types in URLs (instead of using bookmarks/search/address bar history), but also types in URLs they've never seen before. So while it's a valid point, it's not worth any web developer's time to think about.
Despite that, http://microsoft.com/ie works. As does http://microsoft.com/office and http://microsoft.com/windows . Hell, even http://microsoft.com/sql goes directly to SQL Server 2008.
So it's not worth any web developer's time to think about, *and* you're flat-out wrong. Kudos.
-
Re:Discoverable URLs
Your post applies to, *maaaybe*, 0.05% of the population who not only directly types in URLs (instead of using bookmarks/search/address bar history), but also types in URLs they've never seen before. So while it's a valid point, it's not worth any web developer's time to think about.
Despite that, http://microsoft.com/ie works. As does http://microsoft.com/office and http://microsoft.com/windows . Hell, even http://microsoft.com/sql goes directly to SQL Server 2008.
So it's not worth any web developer's time to think about, *and* you're flat-out wrong. Kudos.
-
Re:Discoverable URLs
Your post applies to, *maaaybe*, 0.05% of the population who not only directly types in URLs (instead of using bookmarks/search/address bar history), but also types in URLs they've never seen before. So while it's a valid point, it's not worth any web developer's time to think about.
Despite that, http://microsoft.com/ie works. As does http://microsoft.com/office and http://microsoft.com/windows . Hell, even http://microsoft.com/sql goes directly to SQL Server 2008.
So it's not worth any web developer's time to think about, *and* you're flat-out wrong. Kudos.
-
Re:Discoverable URLs
Your post applies to, *maaaybe*, 0.05% of the population who not only directly types in URLs (instead of using bookmarks/search/address bar history), but also types in URLs they've never seen before. So while it's a valid point, it's not worth any web developer's time to think about.
Despite that, http://microsoft.com/ie works. As does http://microsoft.com/office and http://microsoft.com/windows . Hell, even http://microsoft.com/sql goes directly to SQL Server 2008.
So it's not worth any web developer's time to think about, *and* you're flat-out wrong. Kudos.
-
Re:Discoverable URLs
Not true. You can go to http://www.microsoft.com/internetexplorer and it will helpfully search the microsoft website for IE. It uses bing though, so results are crappy... but it does list the correct URL.
-
Re:Discoverable URLs
Say you want to learn about Safari. You go to apple.com/safari, as you'd expect. What if you wanted to learn about Internet Explorer? You need to go to microsoft.com/windows/internet-explorer/default.aspx
Really? You really think so? Funny, it worked just fine for me.
Try it. Just type in http://microsoft.com/ie in your address bar, press Enter and see what happens.Who could have guessed that without a search engine?
Obviously not you, since it seems you didn't even try it.
-
Discoverable URLs
I personally feel that user-discoverable URLs are the biggest usability strengths of Apple's web site over Microsoft's. Say you want to learn about Safari. You go to apple.com/safari, as you'd expect. What if you wanted to learn about Internet Explorer? You need to go to microsoft.com/windows/internet-explorer/default.aspx. Who could have guessed that without a search engine? What about the page for, say, information on a Macbook Pro vs. Microsoft Office? One of these is easily guessable from a consistent URL scheme, the other is not. Easily being able to find content is just as important as good, clear content.
-
TCP/IP Filtering stalls this bug in Windows 2000
See subject-line, & this quote from the pages @ MS on how to "mitigate" this type of attack (easily done really):
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
"To help protect from network-based attempts to exploit this vulnerability, enable advanced TCP/IP filtering on systems that support this feature"
I cover how to do that (& really, EVERYONE should on Windows 2000/XP/Server 2003, because it acts as another "layer" of defense, for "layered security" above & beyond std. firewalling, because it uses ipfltdrv.sys, which acts PERFECTLY FINE alongside all other defenses)
I cover a LOT of this here, & IP FILTERING'S VERY EASY TO SETUP (you may want to refer to the IANA ports list though, for YOUR particular needs, it does help):
-----
HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus, make it "Fun-to-Do", via CIS Tool Guidance (& beyond):
http://www.tcmagazine.com/forums/index.php?s=33555fc937017deab726a927c1c4a7fd&showtopic=2662
(You MAY want to look @ points #3 - #5 there, they cover IP Filtering, IPSec, & more... specifically in regards to this, & protecting yourself vs. it, on Windows 2000... it SHOULD work, according to MS, & it is JUST GOOD "LAYERED SECURITY" anyhow!)
-----
Now, the IP FILTERING (ipfltdrv.sys) works PERFECTLY FINE alongside ipnat.sys (firewall driver), & ipsec.sys (IP Security Policies) too... all of them, alongside TCP FILTERING, work fine "all @ once"/"concurrently"... + of course, alongside tcpip.sys, the base IP driver)
The 3 other drivers work @ DIFFERENT LAYERS of the IP stack around tcpip.sys, making them function PRETTY MUCH like a "Zone Defense"/"Greek Phalanx", so if you take 1 down? The others are STILL IN THE WAY... it's neat - too bad MS did away with that w/ VISTA onwards now using the single layer (& thus, single "lock" only) WFP + NDIS6, which even the folks @ ROOTKIT.COM are stating is "much easier to unhook & bypass" vs. the older model whose architecture I just laid out...))
APK
P.S.=> Enjoy, that OUGHT to help you Windows 2000 folks out there, vs. this "bug"... do I think MS could fix it? Sure, but it'd "hurt business"... replace RDR20.DLL with MSWSOCK.DLL (for LSP/Layered Service Providers), the latter being what XP/Server 2003/VISTA onwards use, & it could be fixed imo... but, "that's business" for you! apk
-
Windows 2000 (W2K) SP4...
http://www.microsoft.com/technet/security/bulletin/ms09-048.mspx mentioned no updates for Windows 2000 SP4 because it requires a major change in operating system (OS). If no fixes, then what will stop it? Hardware routers and/or software firewalls for those who still use it?
-
Re:IP Reasons for SMB2
SMB 1.0 is covered by at least one patent, and Microsoft has applied for a patent on SMB 2.0.
Neither protocol is covered by the Open Specification Promise or the Community Promise.
So, yes, there's a potential patent issue looming here. The EU judgment quoted below is interesting in that it only requires Microsoft allow use of the interoperability information on "reasonable and non-discriminatory" terms, which means they could simply charge the same amount for a license to the Samba developers as they do to other companies. Depending on the nature of the patent license, that could run afoul of the GPL (if the license fee is per distributed copy, for instance, or only allows software distribution by the patent licensee -- both of which would restrict the redistribution rights of subsequent users and violate the GPL's terms).
Frankly, I feel they ought to put SMB under the Open Specification Promise, but it's entirely possible there's some patents lurking there that are licensed by Microsoft that'd make that impossible.
-
Similar to the dotless IP vulnerability
Back in October 1998, Microsoft fixed a vulnerability in Internet Explorer 4 where a dotless IP address (represented as a single, unsigned 32-bit integer, which was legal in IPv4) would be treated as being on the local network rather than on the Internet at large. Basically, their programmers took a shortcut and assumed "no dots = local". (MS98-016)
This was re-introduced in IE 5 three years later and had to be fixed AGAIN. (MS01-051)
I've been waiting to see if they end up re-introducing this one, or if they learned their lesson well enough the last time.
As Joel Spolsky points out, this is exactly what happens when you rewrite software. The old software had lots of bug fixes. If your development shop made a particular mistake once, it's likely to do it again when you reimplement. It's unclear whether this was the case for IE 5 (no idea if that area of the code was rewritten), but it seems like this may have bitten Microsoft with the teardrop vulnerability.
-
Similar to the dotless IP vulnerability
Back in October 1998, Microsoft fixed a vulnerability in Internet Explorer 4 where a dotless IP address (represented as a single, unsigned 32-bit integer, which was legal in IPv4) would be treated as being on the local network rather than on the Internet at large. Basically, their programmers took a shortcut and assumed "no dots = local". (MS98-016)
This was re-introduced in IE 5 three years later and had to be fixed AGAIN. (MS01-051)
I've been waiting to see if they end up re-introducing this one, or if they learned their lesson well enough the last time.
As Joel Spolsky points out, this is exactly what happens when you rewrite software. The old software had lots of bug fixes. If your development shop made a particular mistake once, it's likely to do it again when you reimplement. It's unclear whether this was the case for IE 5 (no idea if that area of the code was rewritten), but it seems like this may have bitten Microsoft with the teardrop vulnerability.
-
Re:IP Reasons for SMB2Did you read the link?
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp ) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx ). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com..
I checked both the Open Specification Promise and the Community Promise and SMB2 is not covered by either. Just because Microsoft published the spec doesn't mean they won't sue you for patent infringment.
-
Re:IP Reasons for SMB2Did you read the link?
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp ) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx ). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com..
I checked both the Open Specification Promise and the Community Promise and SMB2 is not covered by either. Just because Microsoft published the spec doesn't mean they won't sue you for patent infringment.
-
Re:IP Reasons for SMB2
No, it won't. The specs are right here.
"No, it won't" what? Possibly spell problems for the Samba team? From your link:
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com
...Emphasis mine. So I'll correct myself, it may spell trouble for the Samba team. It's not clear. Which is essentially what I said. Do you really think iplg@microsoft.com will grant the Samba team a written license or possibly a patent license?
Why do they use the ambiguous language quoted above if this is an open technology I'm not suppose to fear implementing? I mean, haven't we been threatened over this sort of thing before? It's not clear to me why Microsoft stops other products from interfacing with theirs (product lock in?) but I'm not about to give them the benefit of the doubt. -
Re:IP Reasons for SMB2
No, it won't. The specs are right here.
"No, it won't" what? Possibly spell problems for the Samba team? From your link:
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com
...Emphasis mine. So I'll correct myself, it may spell trouble for the Samba team. It's not clear. Which is essentially what I said. Do you really think iplg@microsoft.com will grant the Samba team a written license or possibly a patent license?
Why do they use the ambiguous language quoted above if this is an open technology I'm not suppose to fear implementing? I mean, haven't we been threatened over this sort of thing before? It's not clear to me why Microsoft stops other products from interfacing with theirs (product lock in?) but I'm not about to give them the benefit of the doubt. -
Re:IP Reasons for SMB2
No, it won't. The specs are right here.
"No, it won't" what? Possibly spell problems for the Samba team? From your link:
Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting iplg@microsoft.com
...Emphasis mine. So I'll correct myself, it may spell trouble for the Samba team. It's not clear. Which is essentially what I said. Do you really think iplg@microsoft.com will grant the Samba team a written license or possibly a patent license?
Why do they use the ambiguous language quoted above if this is an open technology I'm not suppose to fear implementing? I mean, haven't we been threatened over this sort of thing before? It's not clear to me why Microsoft stops other products from interfacing with theirs (product lock in?) but I'm not about to give them the benefit of the doubt. -
Re:IP Reasons for SMB2
No, it won't. The specs are right here.