Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
It turns out my information was outdated.
I have not checked the prices of comparable RedHat and Microsoft server offerings. It turns out that RedHat is still cheaper, but by a trivial amount. Compare the RedHat Store (see: Server Operating System Products) and Windows Server 2003 R2 Pricing. (Wouldn't it be nice if Slashdot support post annotation or editing?)
At any rate, Windows might still be a superior server platform thanks to the effectiveness of ActiveDirectory, fine-grained ACL, and so on. I am no Windows apologist (on the contrary, quite the advocate of open source solutions), but I fear Microsoft may be leaping far ahead of their competition in this space.
-
CardSpace anyone?
So far nobody has mentioned InfoCard/CardSpace. I think you will find that one of the major pushes for the new extended certificates is to improve the user experience with respect to security. Presently anyone can get an ordinary SSL certificate - a phishing site can easily obtain an existing SSL certificate that will allow them to fool more average joe users that no certificate at all. With an extended certificate a company's name, location and logo are also included as part of the certificate so it should be much easier for uneducated users to make the connection between the certificate and the organization whose site they are visiting and more difficult for the phishing sites to do so. So the new certificates provide a better way for websites to prove their identity to users and aim to provide a consistent way of presenting this information to users so that they can make a choice as to whether or not they trust a site.
For details see the section titled Improved User Confidence in the Identity of Web Applications in Introducing Windows CardSpace: http://msdn.microsoft.com/library/en-us/dnlong/ht
m l/introinfocard.asp/CardSpace is a Good Thing. Check out Kim Cameron's blog http://www.identityblog.com/ for ongoing coverage. Microsoft is doing everyone a big favor in the identity space - they fully acknowledge their mistakes of the past (e.g. Passport) and are very open in terms of what they are doing and how they are doing it. Further, the specifications behind all of this are unencumbered (see http://www.identityblog.com/?p=574/.
-
Re:Have they fixed this issue yet?
There is a nasty bug in Linux that makes the computer reboot every 49.7 days. The worst part is that this bug has been around for more than 10 years...
You're think about Windows 95 and NT, not Linux. Windows drivers used the number of milliseconds since boot as the primary timekeeping mechanism. When that wrapped around to zero, some drivers crashed. See http://support.microsoft.com/kb/216641 for more information on this bug.
Even though all of Microsoft's own code now properly handles the 49-day boundary, third-party code is still a problem on Windows systems. Most programs still use GetTickCount() as their primary sub-second timer, which returns that 32-bit milliseconds since boot. In fact, it was this very thing that shut down the LA air traffic control center some months back.
This has never been a problem with Linux. Linux doesn't use milliseconds as any internal time representation. Instead, it uses either the timeval structure, or jiffies. Jiffies are 100ths of a second, whereas a timeval is a set of two numbers representing both seconds since 1970, and nanoseconds in the current second.
Note that jiffies (in 32-bits) wrap around after 497 days, which used to cause a benign bug where the uptime display would wrap around to zero after that time period. No crash, though.
What good is a million eyes looking at the code if they are attached to half a million idiots?
I dare say they're not the idiots, here, sir.
-
Re:Have they fixed this issue yet?
-
Microst has the answer you seek
Microsoft has a free utility for you to use that can do the same stuff as Deep Freeze. Deep Freeze requires deep pockets, and that cant fly for many. https://www.microsoft.com/technet/prodtechnol/win
x ppro/maintain/sct/scthch01.mspx
Try it out, I have it in 6 sperate client networks and it is excellent. -
Re:there is no procedural or techical solution
On MS Exchange this is easy.
Auditing is only the first step. It does not stop the person from taking a backup copy of the Exchange databases home and export the mail with Quest Recovery Manager for Exchange.
So, even if you lock down your company like a government secure networks it all comes back to trust. They run background checks and grant security clearances for a reason. I have mine.
-
Re:there is no procedural or techical solution
On MS Exchange this is easy.
Auditing is only the first step. It does not stop the person from taking a backup copy of the Exchange databases home and export the mail with Quest Recovery Manager for Exchange.
So, even if you lock down your company like a government secure networks it all comes back to trust. They run background checks and grant security clearances for a reason. I have mine.
-
Delegation
With Active Directory it is possible to delegate control of subsets of an organization. Imagine a tree with various branches and sub-branches. You can delegate various administrative permissions to branches without allowing access to higher level nodes. I'm sure is something similar with Unix-style systems.
At any rate, since Exchange is fully integrated with Active Directory, organizations often give administrators control over only certain subsets of e-mail accounts. For instance, if Company has 5 offices there would be one or two primary admins, and perhaps one or two admins per office. Each office only has control over their respective accounts, while the primary admin has control over it all.
This is a fairly simply way of making it easier to manage a large organization's admin accounts. -
Re:If I want to contact Microsoft...
Try their community relations department for your country. Don't bother with sales or support -- they have work to do. You're looking for charitable donations, unless of course you're not a registered charity, in which case you're probably SOL.
-
CAPP/EAL4 Configuration Guide
Here you go:
http://www.microsoft.com/technet/security/default. mspx
http://www.microsoft.com/technet/security/prodtech /windowsxp/secwinxp/default.mspx
It is possible to make a Windows machine secure enough for military users, but then it isn't quite so easy to use anymore. -
CAPP/EAL4 Configuration Guide
Here you go:
http://www.microsoft.com/technet/security/default. mspx
http://www.microsoft.com/technet/security/prodtech /windowsxp/secwinxp/default.mspx
It is possible to make a Windows machine secure enough for military users, but then it isn't quite so easy to use anymore. -
Re:I'm confused
Microsoft is not the certificate authority here. You can get a code signing cert from a number of vendors.
Here's some more information from a 30-second google search:
http://www.microsoft.com/whdc/winlogo/drvsign/cros scert.mspx
http://www.microsoft.com/whdc/system/platform/64bi t/kmsigning.mspx -
Re:I'm confused
Microsoft is not the certificate authority here. You can get a code signing cert from a number of vendors.
Here's some more information from a 30-second google search:
http://www.microsoft.com/whdc/winlogo/drvsign/cros scert.mspx
http://www.microsoft.com/whdc/system/platform/64bi t/kmsigning.mspx -
Drivers for assistive input devices?
I want to have as few kernel mode device drivers as is possible. Printers should not require kernel mode, nor should video cameras etc. Only the bare essentials talking directly to the DMA interfaces should ever use kernel mode.
However, because of the architecture of the Windows input device framework, input device drivers do need to run in kernel mode and thus must be signed on 64-bit versions of Windows Vista OS. From FAQ: User-Mode Device Framework:
What are the constraints on user-mode drivers?
A user-mode driver cannot have kernel-mode clients because Windows does not allow calls from kernel mode to user mode. The majority of drivers for input, display, and most network and storage devices cannot be migrated to user mode because they have kernel-mode clients. For the same reason, user-mode drivers must be at the top of the device stack; they cannot attach to the middle of the stack. However, a stack can contain more than one user-mode driver; that is, a user-mode driver can have user-mode children.This has nasty implications for hobbyists who design custom assistive input devices for people with disabilities, as many cannot afford the $500 annual fee (plus whatever the state charge to establish and maintain a corporation) to get a VeriSign code signing certificate. Should such hobbyists band together and form a charity to administer code signing?
-
You sign your driver, silly
http://www.microsoft.com/whdc/system/platform/64b
i t/kmsigning.mspx
There's 4 ways to sign your bits for kernel mode running on x64- all the way from making your own test cert and booting windows in a test mode to getting a commercial CA to sign with. -
Re:Fonts
If you read farther up, that's because IE7 uses ClearType to smooth out the letters. You can install ClearType as an XP PowerToy from MS, too, so it'll apply system wide (including Firefox).
---John Holmes...
-
Limited Resource Security
I am a high school student at a school with an 'net admin' that somewhat lacks in knowledge, so I have been running their network and security for about a year now. Microsoft Shared Computer Toolkit was a great help in locking down the machines. I allowed access to basics such as Firefox and Open Office (the school isn't much into purchasing licenses so it opens opportunities for me to install open source software) and locked down everything else. Preferably each student would have their own account but with some networks (such as the one I run) this is not possible (to many students and not enough resources). So, I set aside a specific folder to which students can save documents. This folder is limited to 15MB to prevent storage of large files that they do not need access to. Then I have VNC and various keyloggers installed and the background image is a ULA stating that EVERYTHING they do will be monitored. This system seems to work fairly well, though it could use some improvement in some areas, but, for limited resources it is not to bad.
-
Re:Come on, did you really have to ask Slashdot?I noticed someone else recommended Deepfreeze but if you work for a school system you probably don't have any money to accomplish this so you may want to try and use the Free Microsoft Shared Computer users toolkit
Documentation: http://www.microsoft.com/technet/prodtechnol/winx
p pro/maintain/sct/default.mspxDownload: http://www.microsoft.com/windowsxp/sharedaccess/d
e fault.mspx -
Re:Come on, did you really have to ask Slashdot?I noticed someone else recommended Deepfreeze but if you work for a school system you probably don't have any money to accomplish this so you may want to try and use the Free Microsoft Shared Computer users toolkit
Documentation: http://www.microsoft.com/technet/prodtechnol/winx
p pro/maintain/sct/default.mspxDownload: http://www.microsoft.com/windowsxp/sharedaccess/d
e fault.mspx -
Re:Sounds like the right plan
1) If other A/V companies can do A/V software without kernel access, why do McAffee (or as some other slashdotter erroneously called it, McCafe) and Symantec need kernel access? Why are they so special?
In case people are wondering, yes, 64-bit Vista anti-virus software exists. See this post for details.
-
Re:I'm confused
Windows NT didn't use this model in recent releases (it might have done in the 3.5 days; I can't remember)
It never did, and there were never plans to. NT 3.5 was written in C (minus the HAL and a few parts of the kernel, which are assembly), and was source-compatible with Alpha and MIPS, neither of which support more than two privilege modes. Cutler wouldn't let the kernel become non-portable enough to depend on multiple CPU privilege levels. The kernel is designed such that any kernel mode code can dereference pointers anywhere in the kernel's address space (at PASSIVE_LEVEL anyway), and the current thread's user address space (if any). Drivers often operate in the calling thread's context (from user mode), an arbitrary context or in a system worker thread. Most data is stored in the kernel's heaps, and when an object is created, there's no telling which drivers may need to access it in the future. It'd be quite a lot of work to marshall those arbitrary pointers across driver-segment boundries. Apparently, the current kernel designers thought it'd about as much work as just running the drivers in user mode, hence the new User Mode Driver Framework. -
Jim Allchin of Microsoft responds
-
Re:Memory Upgrade Too
My point was that Windows XP (according to Microsoft's page on the matter) only truly supports 4GB even with PAE.
http://www.microsoft.com/whdc/system/platform/ser
v er/PAE/pae_os.mspx -
Re:IE7 Text Rendering
-
Have you considered MS Shared Computer Toolkit?
I got to this late, so one or more of the 200 replies before mine may have already mentioned it, but Microsoft's Shared Computer Toolkit (http://www.microsoft.com/windowsxp/sharedaccess/
d efault.mspx) is a great way of locking down computers. I use it in the labs at my middle school. -
Locking Down WindowsThere are a few ways to "lock" down windows.
If you have an windows domain the best is to the group policies and create individual accounts to track each of the students.
Group policy http://www.microsoft.com/technet/technetmag/issue
s /2005/05/LockDown/ will also give you a great deal of control over how much of the windows interface they have access to. For instance you can lock out the CLI, and where they can save files. Here is a link from Micro$oft on how to get started.If you don't have an active directory domain setup, you can still lock down the desktop by creating local policies http://www.windowsnetworking.com/articles_tutoria
l s/wxppspol.html, unfortunately you will need to apply these to each PC if all the hardware in the lab is the same, but it wouldn't be to difficult to create a locked down image using Ghost, and then image all the machines to be identical.Also, if the school can afford it buy a copy of websense http://www.websense.com/global/en/. It will keep the little buggers out of the internet, prevent them from downloading games, and even using chat programs.
-
Securing Windows for a lab
I run a grad-school lab, and what we do sounds a lot like what you need.
I think you're saying that you have a single account on each machine that every student logs in as. If that's the case, enable the "Guest" account, and let students use that (passwordless) account to log in. the Guest account has the tightest restrictions, and most of the things you can change as Guest get wiped away by a simple reboot. This is what we do, with the systems set to automatically log in as Guest - see http://www.kellys-korner-xp.com/win_xp_passwords.
h tm for details.If I'm wrong, and you need individual accounts for each student, then you'll need Windows XP Pro on every machine and some flavor of domain controller (SaMBa does a dandy job for us). Make your student accounts members of the "Domain Guests" group, and viola!
One other note: ditch the "administrator" account. It's trivial to find tools that will let a person reset the password of the default "administrator" account. Create another administrator-level account, then delete or disable "administrator".
This being Slashdot, somebody of course suggested that you "put Linux on it", but in this case they might be on the right track. We have a general-use lab that is running Ubuntu with Crossover Office, and the users are happy as clams (and these aren't techies, folks - these are writers, pastors, and chaplains). We use a single shared unprivileged account with automatic login (similar to what I described above for Windows), and everything works beautifully. It's also more stable than the Windows lab, which makes everybody happy!
-
Re:Check out the microsoft shared computer toolkit
i'll second this, although We use a domain to set user permissions, but it would work without domains using gpedit.msc
Basically, make an admin account (call it "school user" for example) and Password protect it install everything using that account, secure using gpedit.msc, Remove CREATOR OWNER permissions on the C:\, C:\program files, C:\windows and C:\windows\system32 folders then log out.
From there, log into administrator (the real one) copy the "school user" profile into the Default user profile using the Users profiles settings found in system properties Giving "everyone" access when you copy the profile, then change the permission manually in the "default user" profile so that everyone cannot write to it. Then make a third user account. Use compmgmt.msc to make that account a member of the guests and users groups. (make sure that guest accounts will delete once they log out. It's in gpedit.msc somewhere) optionally hide both administrator and "school user" and log out of administrator.
Log into the third account and test everything. it should not allow you to install anything if done correctly or write anywhere except for the third user profile. once you log out it should delete the profile (sometimes it doesn't for some reason. This helps with that a lot) and the settings should be safe.
Of course I'm assuming XP Pro. I'm pretty sure XP Home doesn't have these utils available. -
Lock it down hardDealing with destructive high school students one of the things I have to do. Here's a few things to keep in mind.
- Use a domain.
- Put all desktop and menu items in the netlogon/All Users folder.
- After creating the user's profile and it's copied to the server, rename ntuser.dat to ntuser.man (means mandatory). Set Samba to disallow write access. This will prevent them from writing changes back to the server.
- Use the administrative templates to lock down everything that can possibly locked down. If you don't, some bastard will change it and you'll have to fix it. This can be scripted.
- Make use of whatever lockdown features are available in your software. Believe me, you'll need it.
- Install the Shared Computer Toolkit. It provides many addition lockdown features. Anoying thing about it, though, is that it requires the computer to be "validated". Not just activated. Make use of it's "Disk Protection" feature.
- Disable access to everything you possibly can, except what's needed.
- Use optical mice. Keep many extras. Expect buttons to be torn off. Expect mice to be regularly stolen, so use cheap ones. Also expect paper or other garbage to be jammed into the sensor. That also applies to floppy drives and cdrom drives.
- Keep many extra keyboards. Be prepeared to spend time every week putting the keys back in the correct order. Keys will also be stolen.
Most of the student won't try to break things, but a few assholes will so you have to make sure they can do the least amount of damage possible. Unless, of course, you feel like cleaning things up daily.
You could also get an Active Directory domain and push the restrictions that way. I prefer to script it since I prefer to have my servers run Linux. -
Shared Computer Toolkit WDP
It's free, and designed for XP and schools and libraries. It's pretty easy to install and configure too, if you know how to repartition your drive using Partition Magic. I use it, so reply if you want hints on getting it to work. You need WPA, and Hive cleanup service installed for it to go. It lets AV programs update, and Grisoft gave me a script to make it work with the SCT Windows Desktop Protection. Just reboot, and changes are gone, unless you save them first. Have the computers update overnight, because it doesn't work when people need to use the computer.
-
Check out the microsoft shared computer toolkit
http://www.microsoft.com/windowsxp/sharedaccess/d
e fault.mspx/
Is a good place to start for newbies. Or if these are XP pro machines you can use gpedit.msc (start->run->gpedit.msc)
If these are XP home machines try this http://www.dougknox.com/xp/tips/xp_home_sectab.htm / -
Re:Memory Upgrade Too
It all depends, but during Java development, 1Gig can become very cramped. 2Gig is okay, and alas Windows limits you to 3Gig in the first place (And only using a special switch). I have 4Gig in my personal workstation, but I only found out about that Windows limitation later. *sigh* I suspect that such limits do not exist on Linux or Mac OS X.
-
Re:Will it be on autoupdate ?
No. It will be available here, however.
-
Re:Have they released a SenderID SDK?
Email clients are not what SenderID is for: it's for mail servers, to reject the spam before it even gets into the user's cue.
SenderID can be implemented on both mail servers and clients.
Unfortunately SenderID is not only patented, the Microsoft license prevents other people from modifying it for other uses. This means it should not and cannot be used in Sendmail, Postfix, or other open source MTA's due to license restrictions.
Wrong: http://www.microsoft.com/interop/osp/default.mspx
SenderID is also cryptographic. This prevents software with it integrated from being exported to "restricted" companies, due to the strange rules about encryption being a material of war.
SenderID has no cryptography. You're thinking DomainKeys.
SenderID is also fundamentally broken: SPF rejects spam messages in a way that is very lightweight and free to implement (publish a TXT record in your domain's DNS), and rejects the message before its contents are even sent, based on the "FROM" line used for email bounces.
Incorrect. Both SenderID and SPF are based off of DNS TXT records. The primary difference between the two is that SenderID validates that the FROM field has not been forged, while SPF validates that the return path has not been forged.
SenderID requires purchased keys from Microsoft, and requires the MTA to accept the email message to process the SenderID key, which seriously burdens the server.
SenderID basically has nothing to do with SPF or anti-spam: it has to do with selling keys for bulk emailers, legitimate or not, to send bulk email while avoiding anti-spam messages. Its presence in a message is actually a very powerful sign that the message is spam, just as those "Haiku" messages in email headers used to be.
SenderID has no cryptography. You purchase nothing from Microsoft. You're thinking DomainKeys.
Unfortunately, the creators of SPF accepted Microsoft sponsorship and involvement with SenderID to get Microsoft support, integrating SPF-like features into Hotmail and other Microsoft tools in order to get a larger user base, but unfortunately accepting a corrupt influence that has actively hindered the acceptance of SPF.
Blah blah blah, insert Microsoft is teh big evil rant here. You should learn what you're talking about before complaining about something it doesn't do. -
Re:ehum?
-
Re:ehum?
-
Re:An old slogan comes to mind
I wouldn't be surprised if the ONLY reason they used this against Amazon, is because Amazon does the same thing to others.
Then be very surprised. IBM has a long history of strong-arming other companies with its patent portfolio and extracting license money from them. In fact, Marshall Phelps (who now works for Microsoft fwiw), turned IBM's sleeping patent portfolio into a $1+ billion profit.
-
Re:CSS Opacity
As can be read on MSDN:
"From Internet Explorer 5 to Internet Explorer 6, This element is a windowed control and does not support the z-index attribute or zIndex property.
As of Internet Explorer 7 or later, this element is windowless and supports the z-index attribute and the zIndex property. The SELECT element does not require a strict doctype to enable windowless functionality." -
IE5/6 already has this
of sorts its called Persistant Storage
http://msdn.microsoft.com/workshop/author/persiste nce/overview.asp
but any kind of persistant storage (flash local object, unexpiring cookies) will be abused by advertising and tracking companies, just like cookies where a good idea to begin with , now they are even detected by antirus and spyware apps i bet the original designers never imagined that when they designed them and just like modern day cookies it will be detected as unwanted and removed by apps
until they solve the abuse factor its not something people will want in a hurry -
Teaching others about new features in IE7.
You have implemented a new GUI and new security features; these have been examined, praised, and lambasted on just about every tech site out there, so those of us "in the know" are aware of all of the changes and their implications. You also have resources like the quick reference sheet available to help new users of IE7. These are all well and good, but they'll be of no use to anyone who does not know about them or how to use them.
What I want to know is this: how will you spread word of the new changes and features to neighbor Joe or Grandma Smith -- will you rely on word-of-mouth from the technocracy, or do you trust that your features are transparent enough that they will easily understand the difference between, say, types of SSL certificates provided by sites? -
Re:This is NOT the same thing
I'm convinced that the days are numbered on all of these signature-based anti-virus applications. It's what Marcus Ranum refers to as "Enumerating Badness". There is nearly infinitely more malicious code than trustworthy code. Why bother trying to discover them all?
And by definition, signature-based AV requires at least one customer organization getting infected before the signatures can be distributed to customers. How many customers will be dumped on before they wake up and realize that taking an inventory of all legitimate applications and technically enforcing a policy that allows only those to run is a much more effective approach at maintaining an infrastructure? Signature-based AV is the easy-chair of the Windows Admins.
If you really want to know what value AV vendors have added to the IT world it's that IT organizations have effectively "outsourced" the inventory functions of identifying good vs. bad software. Whether Microsoft wipes them off the face of the planet or not, it's really irrelevant: very soon organizations will inventory their legitimate code and implement a "Default Deny" policy where no code can execute except what is explicitly allowed, instead of vice versa. Why will they? Because the Finance guys will finally figure out how it works. Signature-based AV = Lazy Admins. Smart CFOs will drive the end of Symantec and McAfee (or the diversification of their product line).
Microsoft already has a tool that could (with tweaking and better deployment tools) one day put all the AV vendors out of business, if this new SDL delivers as expected (Vista will of course be the first OS under the new SDL) and the number of privileged-service exploits is reduced.
The real topic of interest here in this thread is that slashdot readers/critics like to knock Microsoft whether they they are susceptible to malware OR whether they are making efforts to eradicate it. Funny how the critics don't complain about how Symantec and McAfee have been bumped out of the Mac OSX AV business ...
-Tim -
Re:This is NOT the same thing
I'm convinced that the days are numbered on all of these signature-based anti-virus applications. It's what Marcus Ranum refers to as "Enumerating Badness". There is nearly infinitely more malicious code than trustworthy code. Why bother trying to discover them all?
And by definition, signature-based AV requires at least one customer organization getting infected before the signatures can be distributed to customers. How many customers will be dumped on before they wake up and realize that taking an inventory of all legitimate applications and technically enforcing a policy that allows only those to run is a much more effective approach at maintaining an infrastructure? Signature-based AV is the easy-chair of the Windows Admins.
If you really want to know what value AV vendors have added to the IT world it's that IT organizations have effectively "outsourced" the inventory functions of identifying good vs. bad software. Whether Microsoft wipes them off the face of the planet or not, it's really irrelevant: very soon organizations will inventory their legitimate code and implement a "Default Deny" policy where no code can execute except what is explicitly allowed, instead of vice versa. Why will they? Because the Finance guys will finally figure out how it works. Signature-based AV = Lazy Admins. Smart CFOs will drive the end of Symantec and McAfee (or the diversification of their product line).
Microsoft already has a tool that could (with tweaking and better deployment tools) one day put all the AV vendors out of business, if this new SDL delivers as expected (Vista will of course be the first OS under the new SDL) and the number of privileged-service exploits is reduced.
The real topic of interest here in this thread is that slashdot readers/critics like to knock Microsoft whether they they are susceptible to malware OR whether they are making efforts to eradicate it. Funny how the critics don't complain about how Symantec and McAfee have been bumped out of the Mac OSX AV business ...
-Tim -
Re:Can anyone say iPod?
"It is BECAUSE it cannot guarantee swapping by the OS, so as a hack, you allocate far less memory than is physically available in the hopes that Windows will not swap."
Umm, nope. You can lock pages into memory using Win32 -- if you're using AWE to allocate memory it is never swapped out. http://technet2.microsoft.com/WindowsServer/en/lib rary/00284c8d-7a42-40f2-8a01-8de61dccd8c91033.mspx ?mfr=true
"AWE allows an application to reserve portions of real memory that cannot be paged out to the paging file or otherwise manipulated except by the reserving application. AWE will keep this data in real memory at all times. Because the memory manager does not manage this memory, it will never be swapped out to the paging file. The application is completely responsible for handling the memory."
AWE allows allocating huge amounts of memory - in excess of the 4GB virtual address space each process has (although you can only allocate out of physical ram, it is aimed at many-gigabyte servers; it does work perfectly fine on XP.)
(Okay, DDJ asserts that AWE is the only way to lock pages into memory; nevertheless, AWE has been around since Windows 2000.)
Also, stop and think about MacOS 9 memory managment. An obivous reason why that feature was not included in MacOS 9 versions of photoshop is because the MacOS 9 allocated memory to the program at start up - remember, you change the amount of RAM allocated by using Get Info in the finder? Adobe didn't need to implement this "hack" BECAUSE IT WAS PART OF THE OPERATING SYSTEM.
The real reason why Photoshop uses its own scratch disks instead of Windows or MacOS (or MacOS X) VMM is simple. The scratch disk system supports multiple exabytes of space - you require a 64 bit operating system and a 64 bit native version of photoshop to handle that amount of space using the OS's VMM, and 64 bit just isn't common on either Windows or Mac.
If you think about the amounts of data that photoshop could potentially work with (huge billboards, multiple layers, 16 bits per channel with several undo levels) it's not surprising that Photoshop may need to work with very large data sets.) -
Re:For the same reason it's always happened...Microsoft ends up releasing low-quality software that has serious security glitches.
Not anymore. Microsoft announced it will fully spend 4 years on its next XP Service Pack to make it really safe and secure.
Hmmm, SP1 in no longer supported and 2008 is an awful long time from now to still run SP2
... maybe we should just get Vista in 2006! -
Re:It's the encrypting file systemWindows has had support for EFS since Win2k, but the BitLocker feature in Vista is different.
http://www.microsoft.com/technet/windowsvista/secu rity/bittech.mspx -
Re:Vista feature
That would be BitLocker.
-
It's the encrypting file system
and it has been around since Win 2000.
It's not really "full disk" encryption, as it applies to a single file or folder.
See http://www.microsoft.com/technet/prodtechnol/winxp pro/deploy/cryptfs.mspx for more -
It's the encrypting file system
and it has been around since Win 2000.
It's not really "full disk" encryption, as it applies to a single file or folder.
See http://www.microsoft.com/technet/prodtechnol/winxp pro/deploy/cryptfs.mspx for more -
Re:It should be done.
1) Ignorance -- it is not a built-in feature in Windows
actually, the Encrypting File System is built into anything WinXP and after.
http://www.microsoft.com/technet/prodtechnol/winxp pro/deploy/cryptfs.mspx
But the technology sucks because they have no centralized key management that can be done easily for home users. Even in the enterprise its kinda tricky. -
Re:messed up link ..
it meant that everyone had control of the meeting, Alex Eckelberry
"Live Meeting enables multiple presenters to work together in a meeting with one presenter assigned as the Active Presenter"