Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
Re:Security flaws?Are you saying that no one anticipated exploits using buffer overflows five years ago? That no one knew about privilege separation? What about chroot?
Am I missing something here? All of these concepts are old news. Microsoft still makes these mistakes because it's *not a priority* for them. It doesn't seem that they actually use safe string handling techniques (despite having a technote on the subject), and their solution to problems is to rewrite the whole thing! Forget about incremental fixes when you throw the whole thing away.
Yes, modern browsers *should* be security-conscious. Microsoft has the responsibility to write secure code because we pay them to give us software that they claim is secure. Likewise, the Firefox team claims that Firefox is more secure than IE, which means that they need to back that claim up.
But that's beside the point: writing code that handles I/O appropriately is a basic requirement these days. When you're talking about networking, where nearly any person, anywhere on the network, can talk to your machine, you want to make damn sure that you've covered the basics: buffer overflows and privilege escalation.
-
IE vs Windows bugsIn a previous post I found 22 IE bugs by simply looking through all the 2005 Microsoft security bulletins. These don't include bugs that Microsoft hasn't even fixed. This probably isn't a complete list either (I did it in only 10 minutes or so, plus avoiding slashdot's lame lameness filters to post a nicely formatted list). There are lots of other bugs not covered by the bulletins, where they post "notices" (like the infamous "don't click on links, type them instead"). But even if I found them all, 22 is a lot more than 13. And most on that list of 22 allow remote code execution.
But within the bulletins, there are lots of bugs, like the one fixed by MS05-024 that aren't "technically" IE bugs. But the end result is that a malicious web page (or advert iframe) could do something nasty... usually execute arbritrary code (install spyware or a virus if the server is infected). If simply viewing a web page with IE allows an attack, I call that an IE bug, regardless of where the actual bug is located by Microsoft's way of thinking.
Notice how the "affected software" of MS05-024 is many versions of windows, but Internet Explorer isn't specificly mentioned. So when someone tallies IE bugs, this one probably doesn't make the list. But the "Vulnerability Details" section says:
Web View Script Injection Vulnerability - CAN-2005-1191:
A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability.
I can see how a journalist could do such poor research. But Symantec? Come on, I found 22 nasty IE bugs by just browsing though 40-some Microsoft bulletins. That Symantec only thinks there's 13 doesn't build much confidence in the supposed "market leader" of anti-virus products!
-
Re:Questions
IE can be downloaded, if you know how. One way to get all the client install files is to download and use the IE Administrators Kit.
But yeah, I can't pay my power bill unless I use IE, so I know you pain and think it's stupid, too. -
"Fuck you, Mac artists."From the FAQ:
Will there be a Macintosh version of Expression Graphic Designer?
No. Expression Graphic Designer will not available on the Macintosh platform.
Is Expression Graphic Designer a new version of Creature House Expression?
Expression Graphic Designer is a product based on the Creature House Expression products.
Expression was a very cool graphics package - it did natural media effects, like Painter, but it did them with infinitely editable and resizeable vector representations. The piece I did with the demo (using the default brushes that come with the program) a few years back, when too broke to buy a full copy, was a lot of fun. When I had cash available to buy the thing, Microsoft had eaten Creature House and taken Expression off the market.
Like a lot of artists, I use Macs. I was afraid that whatever Expression turned into would be Windows-only, but my reaction to this actual release is still a hearty "fuck you, Microsoft". -
Re:talk like a ninja day!OMG QUARTZ!!!! Do your stuff Apple lawsuit ninjas
Uhhh...quartz is a codename used internally for the project.
This link gives you the name as it will be released.
http://www.microsoft.com/products/expression/en/de fault.aspxI would also like to say thank you for suggesting we clog the courts up with more time wasting lawsuits, further wasting my tax dollars.
-
Mac Version Petition
-
Watch The Video
-
Re:Can't touch this!
It's great when you want to integrate it with Microsoft Remote Acess or Microsoft SQL Server or any of a dozen other Microsoft products, but try getting it to authenticate against opensource P2PP/PPP
It's trivial to authenticate a user with a single API call. -
Free Download
You can download a free version of Microsoft Expression "Acrylic Graphic Designer" if you feel like trying it. Here is a link... http://www.microsoft.com/products/expression/en/g
r aphic_designer/default.aspx -
Microsoft link
Here's Microsoft's page about it: http://www.microsoft.com/products/expression/en/d
e fault.aspx -
Re:Intelligent design?
Your criticism of Java for making early, hasty changes is dead on, but I would like to think that the damage was lessened because the changes were mostly confined to libraries - deprecating APIs and the like. Had the changes been to language features, things would have gotten much nastier (as if AWT->Swing wasn't nasty enough!)
But all of these proposed changes are to the C# language proper, not libraries. I think that's an essential difference.
Stroustrup (did you call him "its inventor" because you couldn't spell it either? I had to look it up!) wrote in that link "Library extensions will be preferred to language extensions." Hooray! IMO, it's too little, too late for C++, but I'm happy that he's made that distinction. I hope that the C# folks get that message soon, because they haven't yet.
Compare their approach to LINQ (from, where, select, in, etc. all become keywords) to, say, Apple's new Predicates stuff, which accomplishes the same thing (or at least appears to) without relying on new keywords.
Regarding C++ sublanguages - ok, my Mozilla link wasn't very good. But I stand by my point, that any given project will cherry-pick C++ features to construct their own internal C++ subset. Boost makes heavy use of exceptions and templates; wxWidgets doesn't. The STL barely uses inheritance. If you're programming for Boost, you should try to avoid using catch to catch exceptions. If you're programming for SGI, you shouldn't use C++ strings. Etc.
Java doesn't have issues like these. Java programs by and large all make heavy use of exceptions and inheritance, and recommending that you avoid catch() or strings is unthinkable! Keeping the language features trim and widely relevant is a big help.
You're right that, in principle, new users can learn best practices and start writing in the corresponding shared subset of the language, and really good C++ programmers do. If it weren't so damned hard to become a really good C++ programmer, this might actually happen in practice. Until then, best-practice libraries like Boost will remain out of reach for the majority of C++ programmers
(Though Stroustrup acknowledges that C++ makes things "unnecessarily difficult" for newbies. Maybe there is yet hope.)
-
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Opt-In ActiveX is the best IE feature, ever
This, in fact, should reduce the IE's attack surface several-fold.
MS has made a huge mistake when IE 4.x-6.x relied on CATID_SafeForScripting/CATID_SafeForInitializing COM component categories to make decisions whether it's safe to use the COM component from a JavaScript/VBScript.
CATID_SafeForScripting is not needed when the COM component is accessed from a stand-alone .VBS/.JS script stored on the local machine (which is trusted to do anything anyway), yet a lot of MS and third-party components is in CATID_SafeForScripting for no reason at all.
IE has a kill bit feature which allows disabling certain scriptable COM components based on their GUIDs. And most IE security fixes are, in fact, just registry updates adding more of those "kill bits".
Examples: http://www.microsoft.com/technet/security/bulletin /fq99-032.mspx
http://www.microsoft.com/technet/security/bulletin /fq99-037.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-055.mspx
http://www.microsoft.com/technet/security/Bulletin /MS02-065.mspx
http://www.microsoft.com/technet/security/bulletin /ms02-055.asp
http://www.microsoft.com/technet/security/bulletin /ms03-038.asp
http://www.microsoft.com/technet/security/Bulletin /MS03-038.mspx
http://www.microsoft.com/technet/treeview/?url=/te chnet/security/bulletin/MS03-038.asp ... and many-many-many more of these holes (just search for "kill bit" with the quotes) -
Re:Wow
This program will stop all autoplay and do a bunch of other nice stuff.
http://www.microsoft.com/windowsxp/downloads/power toys/xppowertoys.mspx -
Re:Nice commentI prefer this comment:
A) If you're a mac user, or you have access to a mac, or you purchased the dual disc, you should have no problems... simply import the songs the same way as you always do.
Not trying to Mac-bash, but having only about 3% of the consumer market share does have it's advantages.
If the Apple and Windows userbases suddenly became equal, you'd see copy protection for both platforms. Why spend an equal amount of money for copy protection that's only going to affect 3% of your consumers vs 95%?
That said, the whole DMCA side of this is plain stupid. Microsoft designed Windows (this really *is* a feature :) so that you could bypass pesky autorun software by holding the SHIFT key (or just turning off on a per-drive basis). It's not a secret. Maybe Sony should sue Microsoft for not giving them a good way to prohibit users from exercising their fair use rights. That's a Slashdot article I want too see; Microsoft getting sued (yay!) but by Sony because they want strict media access control (boo!). -
Re:Open Invitation
Yes, Microsoft source is proprietary and is not available to the general public--but it *is* available. Many universities have access to Microsoft source code and have for many years.
http://www.microsoft.com/resources/sharedsource/Li censing/default.mspx
Having had access to the source for the past several years, I can tell you that there is almost no chance that it contains code violating any open source license (I have not looked at 100% of the code, so I can't be 100% certain). -
I think it's called...
Windows Server 2003 Compute Cluster Edition.
link -
Re:Wait a minute
The problem with the GPL is that if you use even a few lines of GPL code, you have to release the whole thing under the GPL..
Really? I guess you have never used Windows Services for UNIX? SFU contains GPLed code. Strange. MS has not had to release the entire SFU code base. Wait. Could the whole GPL-cancer crap just be some MS-FUD? I would bet yes. If the FUD MS has said is true, why don't I have access to the whole MS Windows XP code base? -
rsync on Windows
If at all, the clients can rsync from me, and as rsync does not run natively on windows, we can't rely on rsync, imho.
All one needs to run a Cygwin binary in general is the cygwin1.dll library. rsync in particular requires cygpopt-0.dll from the libpopt0 package. It can be daemonized with srvany.exe and instsrv.exe from the Windows 2003 Resource Kit. You might have to adjust the timestamp window to account for client time zones or the two-second resolution of FAT32, but it doesn't require exceptional wizardry. -
Re:MPI is how MS Implemented...
just wait to look the windows mpi stack, basically, from the faq, if one node is down, the entire cluster is down.
-
Re:So tell me, do I have this correct?
Microsoft calls OSS viral
You have it wrong. Microsoft has said that they consider the GPL viral, not OSS in general and have used BSD-licensed code plenty of times in the past as well as releasing a few things from their software repository under open source licenses. -
Re:Want companies to adopt GIMP?
Actually, as a precursor to Automatic Updates, Microsoft did put out the Critical Update Notification Tool. There are a few references left on microsoft.com.
-
Re:Want companies to adopt GIMP?
Actually, as a precursor to Automatic Updates, Microsoft did put out the Critical Update Notification Tool. There are a few references left on microsoft.com.
-
Re:The Complete Cluster Edition?
Heh. It's actually the Compute Cluster Edition, but spelling and Slashdot go together like mercury and water...
-
Right Hand/ Left Hand
I get the feeling Microsoft is a little schizophrenic about OSS whenever I see this sort of thing. Aside from the (frequently pointedout) inclusing of BSD networking components, Microsfot has a couple other dealings with the OSS community that didnt invovle bashing. One of the stranger things I've come across has to be Allegance, a MMO-like space sim that Microsoft Open Souced after it tanked commercially. Appaerntly people still play it.
-
Re:bigger #s dont always mean better
Sure, a shorter releaese cycle may seem better, but is it really? Correct me if I am wrong, but it is the short release cycle and shareholders constant demands for "more more more" that got MS office to be the bloatware that it is today; honestly, what can anyone do in todays MS office that couldnt be done in Office 2000? http://www.microsoft.com/office/editions/prodinfo
/ compare.mspx I have found many more uses in Word 2003 than in 2000. -
Re:Such a pity
Well, I get it now. I checked out the pictures, and now I see why VS.NET 2005 is the greatest of all.
-
Mod parent down.Net runtime which comes with the compilers has been a free download since it came out.
-
Re:Hrmph.
I have always felt that Linux is a nice operating system (for hobbyists and geeks), but there are some areas where it is seriously lacking, especially when compared to its main competitor, Microsoft Windows.
* File sharing. Windows has long been superior when it comes to making large amounts of files available to third parties. Even early versions of Windows automatically detected and made available all directories thanks to the built in NetBIOS-powered file sharing support. But Microsoft has realized that this technology is inherently limited and has added even better file sharing support to its Windows XP operating system. Universal Plug and Play will make it possible to literally access any file, from any device! I think universal file sharing support needs to be built into the Linux kernel soon.
* Intelligent agents. With innovations like Clippy, the talking paperclip and Microsoft Bob, Microsoft has always tried to make life easier for its customers. With Outlook and Outlook Express, Microsoft has built a framework for developers to create even smarter agents. Especially popular agents include "Sircam", which automatically asks the users' friends for advice on files he is working on and the "Hybris" agent, which is a self-replicating copy of a humorous take on "Snow-White and the Seven Dwarves" (the real story!). Microsoft is working on expanding this P2P technology to its web servers. This project is still in the beta stage, thus the name "Code Red". The next versions will be called "Code Yellow" and "Code Green".
* Version numbers. Linux has real naming problems. What's the difference between a 2.4.19 and a 2.2.17 kernel anyway? And what's with those odd and even numbers? Microsoft has always had clear and sophisticated naming/versioning policies. For example, Windows 95 was named Windows 95 because it was released in 1995. Windows 98 was released three years later, and so on. Windows XP brought a whole new "experience" to the user, therefore the name. I suggest that the next Linux kernel releases be called Linux 03, Linux 04, Linux 04.5 (OSR1),
Linux 04.7B (OSR2 SP4 OEM), Linux 2005 and Linux VD (Valentine's Day edition). Furthermore, remember how Microsoft named every upcoming version of Windows after some Egyptian city? Cairo, Chicago and so on. I think that the development kernels should be named after Spanish cities to celebrate Linux' Spanish origins. Linux Milano or Linux Rome anyone?
* Multi-User Support. This has always been one of Microsoft's strong sides, especially in the Windows 95/98 variants, where passwords were completely unnecessary. Microsoft has made the right decision by not bothering the user
with a distinction between "normal" and "root" users too much -- practice has shown that average users can be trusted to act responsibly and in full awareness of the potential consequences of their actions. After all, if your operating system doesn't trust you, why should you trust it? (To be fair, Linux is making some progress here with the Lindows distribution, where users are always running as root.)
With Windows XP, Microsoft has again improved multi-user support. Not only does Windows XP come with a large library of user pictures that are displayed on the login screen, such as a guitar and a flower, i -
Insert \\ Magic Bullet ?Are there any examples of insertion? What to do with null fields? I haven't had time to study all the stuff yet...
So, in wrap up, how far does this take us to the Brooks' "Magic Bullet" for programming? Does further tying data structure into code still provide the clean separation between code and data required by good design? Can I prevent my data definitions from proliferating all through my source base so when the DBA re-does the database I'm not stuck with obsolete and broken applications?
And can I do stored procedures and give up SQL entirely or will DBA's need to learn both SQL and a new
.NET language in addition to all their existing admin tools?Can I use Reflection to inquire of the structure of the data and generate code to manage the database? Or are the older solutions still the best for this?
In what other ways will SQL-server and
.NET become more tightly integrated? And when will the both become part of the Operating System like IE, with all the attending benefits?I see the polymorphism angle (XML/Databases/Arrays) but is there a way to inherit data definitions? To subclass them?
And when will the WMI, the Windows hierarchy in a GUI application, the programs own class hierarchy through Reflection, and the HTML-DOM be accessible through these new interfaces, or have I just run aground on the shoals of logic and imagination? A bridge too far? How about the files in a directory, or is that just WMI again?
What tools and hacks will be need to deal with volatile (externally modified) dynamic data? SQL-server has some of it's own but coders still need to specify read-with-lock from read-without-lock. All the other data except for arrays and some XML is volatile (subject to modification by other threads or CPU's). Different data sources have different volatility models (db's, WMI, processes running on the OS, nodes on the net).
-
This was __news__ on tuesday
I sumbitted news reguarding C# 3.0 announcements on tuesday when it first happened, but my story was immediately rejected. Slashdot desperately needs a meta moderation system for story submission to enable wiki-like corrections in the story summaries for a short period before the story goes live and to look out for moderation abuses such as suppressing stories that lack an anti-Microsoft spin.
Here is the original submission:
With Visual Studio .NET 2005 and the .NET 2.0 run-time not even out of beta, Microsoft has released the C# Version 3.0 Specification (doc format) at their Professional Developers Conference 2005. New features include SQL-like and XQuery-like query expressions, implicit (on initialization) typing, lambda expressions and more. The primary focus of the language extensions are encompassed by The LINQ Project which aims to bridge the gap between the object-oriented and relational worlds in a simple and type-safe way. -
This was __news__ on tuesday
I sumbitted news reguarding C# 3.0 announcements on tuesday when it first happened, but my story was immediately rejected. Slashdot desperately needs a meta moderation system for story submission to enable wiki-like corrections in the story summaries for a short period before the story goes live and to look out for moderation abuses such as suppressing stories that lack an anti-Microsoft spin.
Here is the original submission:
With Visual Studio .NET 2005 and the .NET 2.0 run-time not even out of beta, Microsoft has released the C# Version 3.0 Specification (doc format) at their Professional Developers Conference 2005. New features include SQL-like and XQuery-like query expressions, implicit (on initialization) typing, lambda expressions and more. The primary focus of the language extensions are encompassed by The LINQ Project which aims to bridge the gap between the object-oriented and relational worlds in a simple and type-safe way. -
This was __news__ on tuesday
I sumbitted news reguarding C# 3.0 announcements on tuesday when it first happened, but my story was immediately rejected. Slashdot desperately needs a meta moderation system for story submission to enable wiki-like corrections in the story summaries for a short period before the story goes live and to look out for moderation abuses such as suppressing stories that lack an anti-Microsoft spin.
Here is the original submission:
With Visual Studio .NET 2005 and the .NET 2.0 run-time not even out of beta, Microsoft has released the C# Version 3.0 Specification (doc format) at their Professional Developers Conference 2005. New features include SQL-like and XQuery-like query expressions, implicit (on initialization) typing, lambda expressions and more. The primary focus of the language extensions are encompassed by The LINQ Project which aims to bridge the gap between the object-oriented and relational worlds in a simple and type-safe way. -
This was __news__ on tuesday
I sumbitted news reguarding C# 3.0 announcements on tuesday when it first happened, but my story was immediately rejected. Slashdot desperately needs a meta moderation system for story submission to enable wiki-like corrections in the story summaries for a short period before the story goes live and to look out for moderation abuses such as suppressing stories that lack an anti-Microsoft spin.
Here is the original submission:
With Visual Studio .NET 2005 and the .NET 2.0 run-time not even out of beta, Microsoft has released the C# Version 3.0 Specification (doc format) at their Professional Developers Conference 2005. New features include SQL-like and XQuery-like query expressions, implicit (on initialization) typing, lambda expressions and more. The primary focus of the language extensions are encompassed by The LINQ Project which aims to bridge the gap between the object-oriented and relational worlds in a simple and type-safe way. -
Because of LINQ
The examples above (var i = 5, etc.) are pretty simple and I agree, not particularly useful.
The place where var is useful is when you're writing LINQ code. When you're writing LINQ statements you are effectively building objects on the fly. You don't know what the object will look like when you write the LINQ statement, but you also want to make sure that once it's assigned it's fixed to that type and you get the benefits of it being "strong" through the rest of your code.
There are tons of examples of this over at http://msdn.microsoft.com/vcsharp/future/linqsampl es/projection/default.aspx#anonymous1. Here's one:
public void Linq10() {
int[] numbers = { 5, 4, 1, 3, 9, 8, 6, 7, 2, 0 };
string[] strings = { "zero", "one", "two", "three", "four", "five", "six", "seven", "eight", "nine" };
var digitOddEvens =
from n in numbers
select new {Digit = strings[n], Even = (n % 2 == 0)};
foreach (var d in digitOddEvens) {
Console.WriteLine("The digit {0} is {1}.", d.Digit, d.Even ? "even" : "odd");
}
}
Neil -
Microsoft and innovation:Software Factories
The ultimate goal of Microsoft.
http://lab.msdn.microsoft.com/teamsystem/workshop/ sf/default.aspx
The latest Visual Studio and chapter 16 of "Software Factories: Assembling applications with patterns, models, frameworks, and tools" reenforce this. -
Re:Can someone explain the advantages of C# over V
Theoretically, I could add comments to a brace that indicate what type of structure ends at the respective point, but that's a waste of time, and if I modify an algorithm, then the function of those closing braces may change.
Why would you need such a thing?
Reading your comments, my first reaction is that if you don't know which blocks end where, your blocks are too big. Whenever I start wondering which closing brace is which, it's time to do an Extract Method refactoring. -
Re:Why implicitly typed locals?I almost forgot. Another good reason to have the ability to have the var type-inference is the C# 3.0-feature anonymous types.
It allows you to write:var v = new { Answer = 42, NotTheAnswer = 32 };
The usefulness of this isn't immediately apparent, before you look at query projections:
Console.WriteLine("The Answer is: {0}", v.Answer);public void Linq9() {
The example is stolen from the LINQ examples at http://msdn.microsoft.com/vcsharp/future/linqsamp
string[] words = { "aPPLE", "BlUeBeRrY", "cHeRry" };
var upperLowerWords =
from w in words
select new {Upper = w.ToUpper(), Lower = w.ToLower()};
foreach (var ul in upperLowerWords) {
Console.WriteLine("Uppercase: {0}, Lowercase: {1}", ul.Upper, ul.Lower);
}
}l es/.
These just isn't a sensible way (that I can think of) to reference the anonymous type with the same degree of type safety. -
Re:Why implicitly typed locals?C# 3.0 also gains anonymous value types. You can do something like:
var c = new {Name = "Fred Bloggs", Age = 12};
Now, what type is c? It's an anonymous struct type, with two members - Name and Age. As it's anonymous, it's obviously not possible to declare it using the standard syntax.The language is still strongly, statically typed, though - the following would throw a compile-time error:
c.Dept = "CS";
Now, as to why this construct was added to the language in the first place: these anonymous types are useful when using LINQ to query a data source:var expr = people.Select(p => new {
expr and item are both given the appropiate type for the data they contain, with no need to explicity define the types. Most of the benefits of strong static typing are retained with this approach, and there's no need to define a type to store data for every weird query you run against the database.
p.Name, BadCoder = p.Age == 11
});
foreach (var item in expr)
Console.WriteLine("{0} is a {1} coder",
item.Name,
item.BadCoder ? "bad" : "good");One benefit that is lost is the ability to share these types across assembly boundaries, which might be an issue in real, three-tier applications. On the other hand, if there's a need to pass data directly from the database to the client application, what's the point of having the middle tier in the first place? So, this might turn out to be a non-issue.
(My examples were taken or adapted from this white paper, which is an overview of the LINQ project, including the new syntax added to C# 3.0.)
-
Re:Why implicitly typed locals?
Why implicitly typed variables? Anonymous types.
Today, you have C# code that looks like this:
MyClass o = new MyClass();
Which you could replace with var:var o = new MyClass();
However, with anonymous types, you can have code that looks like this:
var o = new { Product='Beverage', Price='0.60' };
Without var, what type would you declare this variable? You could declare it as object, but to access the object's Product and Price properties, you would still need to cast the variable to some type, and what type would that be?
Anonymous types and implicitly typed local variables are C# language infrastructure to support LINQ, new language constructs to support type-safe access to relational and XML data stores in C# itself, rather than requiring code using separate class libraries like System.Data and System.Xml to access that data.
Check out http://msdn.microsoft.com/netframework/future/lin
q /default.aspx for more details on the LINQ project. -
PDC Keynote, day 1
For anyone interested in development on Windows, or the possible future direction of Mono, I recommend checking out the PDC Keynote for day 1. The duration is about 3:20, and you'll see demonstrations of the 5219-build of Vista, a lot of Avalon apps, four great architects at Microsoft doing live coding (showcasing LINQ, Indigo (WCF), Avalon (WPF) and Atlas, among other things) and a lot of interesting information about where things are heading.
A lot of it is market-speak and sales, but it is a developer conference. The link can be found here: http://www.microsoft.com/events/executives/billgat es.mspx (Click on the "On-Demand Webcast"-link. High up on the page.) -
Re:Let us see it first!
I have two double-boot machines Windows XP and Mandrake Linux. I would love to swith to the classic Windows look and feel on the XP side. Don't know how. Can you help me ?
http://support.microsoft.com/default.aspx?scid=kb; en-us;294309&sd=techCheers
Steve
-
Re:Left hand, right hand (former Microsoftie here)You're assuming that the CLR security setup is like ActiveX; it's not.
The CLR proves zonal security, which can be set at the enterprise, machine and user levels. By default you get Full Trust, Skip Verification, Execution, Nothing, Local Intranet, Internet and Everything. Don't like those zones? You can create your own and provide the conditions for an executable or loaded assembly to be placed in them. For example I have c:\sandbox\internet in the Internet zone. Any CLR exec I drop in there runs under that zone, despite being on the local hard drive, which by default has Full Trust.
Better still you have CAS, which allows you to specify what permissions you need. The permissions are granular and you can create your own should you need to. If the zone your code is starting in does not have the permissions you request the CLR will not run it. You can also request optional permissions, so if you optionally request to save to local hard drives, and you don't get it, you can remove that menu option/functionality.
So there is a CLR sandbox, there has always been a CLR sandbox. It's not ActiveX.