Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
Re:Microsoft Rescue?It's a little late for integrating new tech into Vista, however Windows OneCare Live beta (U.S. only) is Microsoft's latest antivirus offering.
McAfee may have AOL, but I've never had a positive opinion of McAfee simply because I could never find the virus definions file date in their program.
-
Re:Give us what we went, not what you want to giveI wonder what MS's DRM terms are.
Let's take a look:You can restore backup licenses a limited number of times for legitimate purposes. When you restore your licenses, your computer must be connected to the Internet. The Player sends a unique hardware ID to Microsoft that enables the company to track how many times you restore your licenses.
...
If you exceed the maximum number of restore attempts that are permitted, the Microsoft service will not process any further restore attempts. Microsoft does this to discourage unauthorized replication of protected media files.
It's nice that Microsoft gets to decide whether your continued listening to music you paid for is "legitimate". But it gets better:You can restore your licenses on a maximum of two unique computers. If you replace hardware components in your computer or reinstall the operating system, Microsoft considers the changed computer to be a new unique computer.
The bottom line is, if you buy a WMA, you're not really buying anything. -
Re:I don't get it...
Why do so many people have problems installing the
.NET 2.0 framework? BFD. Install it once. Done. Never have to worry about it again. Why all the hate?
Because sometimes the installation fails and you have to piss around trying to make it work.
Here's one possible problem. Sometimes you get something more like this. Note that he didn't get any useful information at all in the error message, but had to go digging through an obscure (and undocumented) log file in a hidden directory to find a description in obscure terminology of the cause of his problem.
Installing .NET can be a real hassle. -
Re:I don't get it...
Why do so many people have problems installing the
.NET 2.0 framework? BFD. Install it once. Done. Never have to worry about it again. Why all the hate?
Because sometimes the installation fails and you have to piss around trying to make it work.
Here's one possible problem. Sometimes you get something more like this. Note that he didn't get any useful information at all in the error message, but had to go digging through an obscure (and undocumented) log file in a hidden directory to find a description in obscure terminology of the cause of his problem.
Installing .NET can be a real hassle. -
Re: I don't understand...
-
Re:I don't want to be stuck with one..
Er, how was the parent marked insightful? Mark parent down!
C# runs on the .NET platform which was openly standardized. The standards have been adopted by the ISO, the same body that determines the metric units and also manages the C++ language. Furthermore, a number of open source groups have begun implementing .NET for other platforms than Windows.
And last but not least, all of the patents that Microsoft has covering the .NET platform have been released for public use.
With open-source leaders such as Miguel de Icaza (founder of GNOME, Mono) involved in producing .NET implementations for OSes other than Windows, it's hard for me to believe you just said what you did if you're anything but completely ignorant. .NET will exist on as many platforms and OSes as people choose to implement it on. And it currently exists on many. -
Re:Portable Microsoft Officewhat you'd effectively have is Citrix. Except maybe replace the Citrix client with Internet Explorer.
They've already pretty much done that too. They have an active x control to connect to a remote desktop using IE.
http://www.microsoft.com/windowsxp/using/networki
n g/expert/russel_02January14.mspx -
THIS is the way to do it...
I wish more companies would do this. Granted, I don't play UT (or much of anything anymore) but I may pick it up again just to see how things have progressed. I feel that shipping early with a ton of bugs is a lot worse then shipping when ou feel everything is as sorted as it's going to get. No one is going to write a complicateed piece of software and not have bugs in it, but at least they can ship and minimise any possible showstoppers they would have if they were up against the wall with a ship date. Frankly, certain companies should think about this as well when announcing release dates or leaking info. Most everyone would like to have a polished product no matter how long they have to wait and, ultimately, where investors are involved, they will see fatter wallets from a successful, bug free launch then they will from a half-assed launch where everyone gives the product a bad name in the first month.
CliffH
-
Re:I love the questions they ask.
Like I said before, it's more a scale issue: filesystems don't handle large quantities of files and directories with tiny dataums very well. Like someone else mentioned, Windows has to be compatible with the FAT filesystems, which are not equipped to handle 100k directories. It might be possible to compress the directory structure to require less containers, but then you'd start sacraficing security granularity and common format structure.
Backups: RegSaveKey
Network shares:Remote Registry service
Searching, see Edit->Find in regedit, or write your own search prog in code. It's not going to be any harder to walk the registry tree than a filesystem tree.
All kernel objects support auditing. See Edit->Permissions->Advanced->Auditing. Make sure object access auditing is enabled in the local security policy.
Editing, see regedit.
Diffing, export to a text reg and diff those.
Inline commenting vs external help is a matter of style. Microsoft has opted for external help, but there's nothing stopping you or anyone else from attaching extra string values to a key for commenting purposes only.
Windows already doesn't have a versioning filesystem (like VMS does), so any versioning system would have to be your own implmentation, registry or filesystem. -
Re:I love the questions they ask.
Like I said before, it's more a scale issue: filesystems don't handle large quantities of files and directories with tiny dataums very well. Like someone else mentioned, Windows has to be compatible with the FAT filesystems, which are not equipped to handle 100k directories. It might be possible to compress the directory structure to require less containers, but then you'd start sacraficing security granularity and common format structure.
Backups: RegSaveKey
Network shares:Remote Registry service
Searching, see Edit->Find in regedit, or write your own search prog in code. It's not going to be any harder to walk the registry tree than a filesystem tree.
All kernel objects support auditing. See Edit->Permissions->Advanced->Auditing. Make sure object access auditing is enabled in the local security policy.
Editing, see regedit.
Diffing, export to a text reg and diff those.
Inline commenting vs external help is a matter of style. Microsoft has opted for external help, but there's nothing stopping you or anyone else from attaching extra string values to a key for commenting purposes only.
Windows already doesn't have a versioning filesystem (like VMS does), so any versioning system would have to be your own implmentation, registry or filesystem. -
Kill Two Birds With One StoneSeriously though, unless you're a newbie programmer, I just suggest reading the C# language specifications, and browsing the web for tutorials on
.NET. -
Re:Nah....
If you use an Apple (or any Mac) Keyboard, you can remap scancode for windows; check here for more information. http://www.microsoft.com/whdc/device/input/w2ksca
n -map.mspx/.
I just remap apple key (command key or windows key) as another control key when I use windows. This way, I can use the same physical key for most of shortcuts (ctrl-c, x, v Vs. cmd-c, x, v etc). Personally, I prefer command key for these shortcus to control key because of my small hands. YMMV
Here's registry entry for the change I made.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Keyboard Layout]
"Scancode Map"=hex:00,00,00,00,00,00,00,00,04,00,00,00,1d,00 ,5b,e0,1d,00,5c,e0,\
38,e0,5d,e0,00,00,00,00 -
Browser != desktop
I can only imagine this was done as an extension because XUL Runner isn't finished yet.
I think using the browser as a host for other apps is cool, there will be a bubble in this as there is in so many other internet trends. Right now we're in the "Wow, let's write an extension because we can!" phase (partly because the only practical way to develop with Gecko is as such, see above). When everyone gets over the cool factor of it, the projects that actually enhance (or even relate to, for that matter) the browser experience will be distilled away from what should have been standalone apps in the first place.
As much as some people want to think the OS will become merely a life support system for the browser, it just isn't going to happen; the network is not the right place for some things, and if one program has everything, it inevitably becomes bloated and slow.
-
its a troll thread, but this is worth mention
Portable Open Office 2.0 weighs in at 144mb (unzipped/installed), giving you the entire suite in portable, usbkey usable goodness, while MS Office 2003 Pro requires 400mb. (Email client missing from open office? Portable Thunderbird weighs in a 9mb unzipped/installed)
Portable OO 2.0 w/ODF + Portable Thunderbird = 154mb
MS Office 2k3 pro = 400mb+ (oh and its not portable and requires activation after each install/reinstall)
Cheers. -
Re:Does MS view this as important?Which is another reason for having the MS specs FULLY AVAILABLE FOR FREE.
-
Firefox not effected?
Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
"How could an attacker exploit the vulnerability?
An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site."
http://www.microsoft.com/technet/security/advisory /912840.mspx
Hmmm, it would appear there is more than one way to apply a patch: install Firefox and Thunderbird. -
Re:That's It??
Drivers for just about any device that runs on an external bus are moving to user-land in Vista. This includes drivers for USB and firewire devices, which run in kernel-space in Linux. Video drivers are not moving to user-land in Vista, because Windows can achieve better graphics performance and GUI responsiveness by keeping them in kernel-space. You can read more about this stuff here.
In any case, given that Linux doesn't even have a driver abstraction layer analogous to the Windows HAL, it's a bit ridiculous for a Linux fanboy to complain about a lack of encapsulation in the Windows driver architecture.
-
Re:I love the questions they ask.
Why have this whole extra registry implementation and toolset when it's almost completely redundant with the filesystem and all the familiar tools that operate on the filesystem?
That's a good question.
My SOFTWARE registry hive has 99865 keys and 143228 values in it. User has 18154 keys and 106945 values. Added to SYSTEM, my registry contains a total of 131181 keys, and 291410 values. 131k keys is more than 10x larger than the 11584 files in my \WINNT directory. My main disk has 351k files in 20k directories; moving the registry structure there would mean six and a half times the number of directories and a 83% increse in files, assuming one file per value. I'd characterize my computer as one a typical developer would have.
It's not completely unreasonable, though: NTFS already stores files smaller than about 900 bytes directly in the MFT file record (space that would otherwise be wasted) and NTFS's extended attributes (or even file streams) would provide a nice implementation of key values, but there's still the issue of 6x directories for structure. Although they have the same basic structure, the scale of the registry and filesystem are each quite different. The registry sucks for large entries: the entire SOFTWARE hive is only 26MB, but then again filesystems traditionally suck at tiny files and directories. I suppose Microsoft could've added a special directory flag that optomizes for tiny directories. I suppose the hierarchy in the registry could be flattened/simplified to require less keys, but that would give up security granularity (but I'm sure some could give), and would require a very major overhaul at this point.
The registry hasn't changed much since it was first introduced in its modern form in NT 3.1, so let's look at how things were back then. I've got a VM of NT 3.51 with Office 97 and VB 5 on it. In SOFTWARE, SYSTEM, and USER, there are 12673 keys and 18851 values. Compared to 254 directories and 4k files, moving the registry to the filesystem would've meant 50x the directories and more than 4x the files (or extended attributes, assuming you could get apps to use 'em).
There's a reason that different types of databases exist. Filesystems are general purpose DBs that have direct access and handle large files well. SQLish table oriented databases are used for lots of things that flat files directly on the filesystem suck for. The registry is a specialized database for the high structure low leaf data that comprises config files. Windows is hardly the only software product that uses a special binary config database; see the 'registries' that Mozilla or Eclipse use for examples. Could they have been implemented directly in the file system? Sure... but would it've been the best way? -
Safety on the net
From Microsoft Security Advisory (912840):
"Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code."
Now there's some good advice. Don't go to any website you don't trust. So, how do you tell if a site is trustworthy without going to it? What if MSN search links to a dodgy site? Does their search engine check the sites it crawls for known exploits? How are you supposed to surf the web if you don't visit unfamiliar sites? Does that mean I should just stick to the sites I already trust? -
reality check
First of all, the video is unviewable even with Microsoft Media Player on Mac, but you can find a whitepaper describing the kernel changes here. Keep in mind that all of this is basically Microsoft advertising for developers; it's not taking a "hard look" at the kernel architecture, it's the kernel developers portraying their work in the best light.
What's interesting is how little innovation there actually is. They seem to be struggling with the complexity of the system and its dependencies (5500 components)--similar to the problems Linus is having, but multiplied many times over by greater complexity of the NT system architecture. Most of their actual improvements seem to be cleanups and performance enhancements.
My impression is that the Vista kernel and system libraries are still playing catch-up with Linux in terms of modularity, performance, and functionality. -
Re:I love the questions they ask.
Yep, it seems like they're trying to get away from the registry for these sort of config files. The suggested way of storing user specific settings for your application is in an XML config file, in the user's Documents and Settings directory.
They provide a "Configuration Application Block" with the .Net framework to make this easier - here's a bit of dry and boring documentation about it if you'd like :-)
http://msdn.microsoft.com/library/default.asp?url= /library/en-us/dnpag2/html/config.asp -
Re:I love the questions they ask.
I personally think the Windows Registry is the software implementation of the saying "putting all eggs in one basket".
Kinda like how putting all your filesystem metadata in one database is the software implementation of the saying "putting all eggs in one basket"? The registry is a binary hierarchical database optomized for config (small entries), broken into mountable volumes (registry hives), journalled and with hot backup functions. A filesystem is a binary hierarchical database optomized for large files, often journalled and with hot backup functions. If you want backups, see ntbackup: the "System State" option includes all the machine's hives. System restore also makes backups of the system hives. -
"Official" MS response
So why has a third-party lone programmer beat a multi-billion software company to patch their own software?
from http://www.microsoft.com/technet/security/advisory /912840.mspx
Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.
I think I'm going to be sick. -
Microsoft Security Advisory (912840)
On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform. http://www.microsoft.com/technet/security/advisory /912840.mspx
all Microsoft's security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time
Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources.
An attacker who successfully exploited this vulnerability could only gain the same user rights as the local user
Advisory Status: Issue Confirmed, Security Update Planned -
Re:Please, kill the registry...
Hmm... Well, assuming you have the source and are ready to start porting code, it's just about changing the behavior of a number of well documented API calls. You can make a library out of it with your own preferred behavior to make the code reusable. Actually, I'd be surprised if someone hadn't already done so and posted it somewhere on the web.
It's hardly a lock-in method when it's both documented methods and it's easy to find out what happens -- the Windows registry is hardly rocket science, but more like a tree of settings that can have a few different data types. -
Direct link to video
-
Re:Does MS view this as important?
Well Mike Nash, Corporate Vice President, Microsoft Security Business Unit whos job was created when Microsoft formed the Security Business Unit as part of its Trustworthy Computing initiative -- the company-wide effort that aims to provide safe, private and reliable computing experiences for everyone.
http://www.microsoft.com/presspass/features/2003/a pr03/04-14rsanash.mspx
Also a couple of other people think it's more than piracy!
http://en.wikipedia.org/wiki/Trusted_Computing
might want to expand your opinion on "Trusted Computing" a bit.
Cheers, -
Re:How could they let this slip?
No, that's wrong. You're probably confusing the fact that the BES used to ship with MSDE, the free/lite version of SQL Server. MSDE as a product has been replaced with SQL Server 2005 Express.
Eric
Some BlackBerry stuff (not much) -
Re:What did they do wrong
You couldn't be more wrong, DEP works with intel as well
If you would look at microsoft's kb http://support.microsoft.com/kb/875352, you would see that AMD supports it in the form of the NX bit and Intel uses the XD bit -
I read MS's Press release....Read the Microsoft Security Article about it. It's basically a bunch of crap but they are saying:
If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems.
My question in all of this is if it's fixed in this "OneCare" thing, then what's the difference in the rollout to everyone else? Please, God, tell me this isn't some stupid marketing ploy (the delay that is) to get more people on this damn OneCare thing...
Xserv -
Re:Does MS view this as important?They try to address some of this in the official advisory. (Paraphrased below)
What about 3rd party solutions?
Wait. MS'll patch it next week. We'll do it in 23 languages and thoroughly test it.Why is it taking so long?
Our team of "designated product specific security experts" look at the problem, figure out how big it is, then how to fix, then fix it, then test the fix, then port it to all the affected platforms and languages. -
Re:Does MS view this as important?
I wouldn't call it hundreds.
Even so, it probably just a few code libraries to check against as I doubt they check against each and every title listed here:
http://support.microsoft.com/gp/lifeselect
Probably their main concern is the Enterprise level support they have to comply with and NOT rush a patch out. -
More details
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.securityfocus.com/bid/16074
http://www.microsoft.com/technet/security/advisory /912840.mspx
http://www.symantec.com/avcenter/venc/data/pf/pwst eal.bankash.g.html -
Re:A couple of Hundred Dollars!
> Something tells me, between tech support
> and corporate infrastructure, very little
> of that cost is the "microsoft tax".
Maybe you can elaborate on that "something":
http://www.microsoft.com/presspass/press/2005/0ct0 5/10-27Q1EarnPR.mspx
'' ... Management offers the following guidance for the
full fiscal year ending June 30, 2006:
Revenue is expected to be in the range of $43.7 billion
to $44.5 billion. ...''
$43,700,000,000 ... where do you think all that money
is coming from? Even the money that comes from Office
is relying on having Windows on the box in order to run
it. Ugh.
If it does happen that Google are planning to fund large
scale manufacture of cheap Internet-enabled media-capable
devices excluding MSFT, especially if they maintain their
traditions of open-ness, that is potentially of massive
importance in a world currently full of closed and crypto-
locked platforms. -
Re:Can't change IE security level
Try this on your wifes machine: Disable image-loading in IE. http://support.microsoft.com/kb/153790
-
Re:Over/Under
The 's' in Microsoft shouldn't be capitalised. Check what they use on their website.
-
Re:Viking results and Martian life
The MS results were of limited sensitivity.
That could well be said of most MS publications/releases of late (e.g. http://www.microsoft.com/technet/security/advisory /912840.mspx) -
Re:Some won't
If all you need to do is compile a project the Visual Studio express edition ought to be good enough. It's free but doesn't come with all of the extras that Visual Studio Architect comes with.
It can be downloaded from http://msdn.microsoft.com/vstudio/express/default. aspx -
Re:How do I avoid it? Fixes?
This is the cause for a simple reason: Imagine you're a programmer making an app that runs properly as a less-privileged user. You do a little developing. You log out. You log back in as a less-privileged user. You test the app, using printf as the main debugging tool. You log out. You log back in. You restart the IDE and get everything back like it was. You do a little developing. And so forth. It's a waking nightmare of the type formerly encountered only in H.P. Lovecraft stories.
...as much as i do enjoy Lovecraft, i believe that a better informed developer would probably just use RunAs to avoid such a scenario.
Microsoft's tools punish you for trying to do the right thing, because they want bad software so the customers expect to be on an upgrade treadmill.
rubbish
-
I'm hereby moderating this entire SITE (-1, Troll)
This is getting ridiculous. I'm sure I'm not the only one who's noticed a precipitous decline in the quality of stories here (not that they were USDA Grade A to begin with), accompanied by more frequent-- and more obvious-- trolling on the parts of the "Editors".
I'm not a big fan of unregulated free markets (since I've seen what they lead to), but the editor who let a sneaky jab at free markets into the story text itself needs to be smacked. That was a troll, period. A blatant, bridge-dwelling, club-wielding troll.
No, I take that back. All the "Editors" need to be smacked. This is getting fucking ridiculous.
SlashDot: Trolls for nerds, stuff that was reported on the AP Newswire 5 days ago... -
So is there a patch ?or not ?
according to Microsoft
If you are a Windows OneCare user and your current status is green, you are already protected from known malware that tries to attack this possible vulnerability.
That sounds like they must have some kind of patch out there, or are they hoping to get more users "hooked" on OneCare ?Otherwise, this statement doesn't make sense
:Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Maybe I'm being picky, but I think all their customers have a quite urgent need, right now !Written from the sublime security of Fedora Core, thanks.
-
Re:Programmers?
Actually, Windows will try to avoid running code in the wrong location. It works better with hardware (CPU) support, but it does also have a software component.
-
Here's my three step program:
1. Don't use the MSN client, use something like Gaim.
2. Don't use the MSN protocol, use something like Jabber, ICQ or Yahoo!
3. Don't use Windows, use something like Linux.
Hey, works for me. And has for years. And not just for safety reasons either, among other things, you should never ever feed the trolls! -
Re:How do I avoid it? Fixes?Ha! You're right. Until I order my Mac (after macworld next week) I'm still using XP sometimes on my machine that dual boots with Linux. I checked into setting up a 'user' (non-administrator) account on XP. According to this page:
Note - Some programs might not work properly for users with limited accounts. If so, change the user's account type to computer administrator, either temporarily or permanently.
That right there is Microsoft's solution. Absolutely breathtaking.... -
RSS Needs a Use Other Than News Delivery
As I see it, RSS is useful for delivery of content that is in an article form, much like submissions on
/.. But in order for RSS to be more widespread, it needs to be seen as much more than a news/article delivery system.
Microsoft has attempted to do this with Simple Sharing Extensions, which allows for the multi-direction syndication of content. Read the FAQ.
Where I work, I wrote a reporting system that was to automatically deliver hourly stats on employee performance on an hourly basis to managers on the last working day of the month. Since the aggregation of data that the report utilized was submitted by a number of people, I just wrote up a quick web interface for them to submit their data with. On the hour, I had a cronjob recreate the RSS feed with the new data included and voila, instant report.
Since it was delivered via RSS, it was a trivial matter of using XSL to export results to other formats such as text/html/etc. -
RSS Needs a Use Other Than News Delivery
As I see it, RSS is useful for delivery of content that is in an article form, much like submissions on
/.. But in order for RSS to be more widespread, it needs to be seen as much more than a news/article delivery system.
Microsoft has attempted to do this with Simple Sharing Extensions, which allows for the multi-direction syndication of content. Read the FAQ.
Where I work, I wrote a reporting system that was to automatically deliver hourly stats on employee performance on an hourly basis to managers on the last working day of the month. Since the aggregation of data that the report utilized was submitted by a number of people, I just wrote up a quick web interface for them to submit their data with. On the hour, I had a cronjob recreate the RSS feed with the new data included and voila, instant report.
Since it was delivered via RSS, it was a trivial matter of using XSL to export results to other formats such as text/html/etc. -
Re:Why?
Cite please? http://msdn.microsoft.com/library/default.asp?url
= /library/en-us/fileio/fs/portal.asp says: "[Transactional NTFS] is available in Windows Vista and Windows Server 'Longhorn'." -
Developers, stop using ...POP-UP windows!
From MS' site: 4: Block pop-up windows in your browser
My credit union requires that I allow pop-ups! I don't know how many times I've gone to legitimate websites and scratched my head for a while trying to figure out why I wasn't seeing anything - all because I'm blocking pop-ups! Firefox tells you with that little message on top of the window, but you know how it is, after a while, you don't notice it anymore.
-
Re:How do I avoid it? Fixes?
Microsoft suggests to unregister the problem dll.
start->run
regsvr32 -u %windir%\system32\shimgvw.dll
http://www.microsoft.com/technet/security/advisory /912840.mspx -
Re:What about places like new zealand?It is a DRM issue - it appears that Windows Vista will only play DVDs if you have a drive capable of region coding (a RPC2 drive, i.e. DRM-supported).
From Microsoft:
Every CSS-licensed DVD-Video playback device must be set to a single region. There are two types of DVD-ROM drives:
RPC Phase 1 (hereafter referred to as RPC1). RPC1 drives do not have built-in hardware support for region management. For these drives, Windows maintains the region change count information, and the region can be set only once.
RPC Phase 2 (RPC2). RPC2 drives maintain the region change count information in hardware, and in general the region of such drives can be changed up to five times by the end user.
If you buy a new drive, it will be RPC2. However, many people flash their drives to RPC1 with unofficial firmware, thus enabling playback of any DVD with current versions of Windows. Windows Vista will not.