Slashdot Mirror

You mean UEFI Firmware Signing? Pick a vendor. What drives me mad is that Microsoft, in this space, makes software. THEY DON'T MAKE COMPUTERS, so why are they messing with any computer I might want to buy?

Or an example of Microsoft breaking competing Linux technologies in enterprise? It happens *every* *single* *time* they update anything. Microsoft doesn't want you useing any OSS software when their paid solution exists.

Though I agree with your sentiment there was an additional patch in the group (KB2553154) that was a security update that conveniently broke ActiveX controls and macros in Excel 2013. It wasn't just one incredibly bad patch.

I pity the poor vendors and their even poorer customers whose spreadsheets suddenly stopped working on December 10th.

You might want to look into BranchCache - http://technet.microsoft.com/e...

Aparently, this is how.

oh, no.. the .NET code is in the GAC and is just as crufty as COM. Even their best plans soon turn into old habits at Microsoft.

(if you really want to worry, take a look at the "I have no clue which assembly is actually loaded" way .NET decides what dlls to run using Probing heuristics

If you are a US citizen, I don't think you could get out of producing a document the court ordered you to supply by airmailing it to a confederate in another country. Similarly, if the data in question are related to Microsoft's US operations, then MS, being a corporation incorporated in the US, should be required to produce them.

And what do you think of MS's rebuttal of that position?

"Imagine this scenario. Officers of the local Stadtpolizei investigating a suspected leak to the press descend on Deutsche Bank headquarters in Frankfurt, Germany," Microsoft said. "They serve a warrant to seize a bundle of private letters that a New York Times reporter is storing in a safe deposit box at a Deutsche Bank USA branch in Manhattan. The bank complies by ordering the New York branch manager to open the reporter's box with a master key, rummage through it, and fax the private letters to the Stadtpolizei."

Allowing things like this is going down a similar road to "well if the CIA wants to torture foreign nationals, then they can't complain about foreign s[y agencies torturing US citizens"

Comparing an email account to a safe deposit box seems more than a little disingenuous because any free email service provider will make it clear as day that "your" information is theirs to do what they please with.

Anything in this privacy statement that the law does not require is just a PROMISE, and they can change their terms on a whim. They SAY "your content" but what puts them in the position to dictate the terms? Read "We may" and "We will not" as "We can"

http://www.microsoft.com/priva...
"We may share or disclose personal information with other Microsoft controlled subsidiaries and affiliates, and with vendors or agents working on our behalf. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal information in order to provide those functions. In such cases, these companies must abide by our data privacy requirements and are not allowed to use the information for any other purpose. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.
Finally, we may access, disclose and preserve your personal information, including your private content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:
comply with applicable law or respond to valid legal process from competent authorities, including from law enforcement or other government agencies;
protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement."

Yes I KNOW Microsoft (and Apple, Google, Yahoo, etc.) are TRYING to make the claim this is not their information to give away when it's inconvenient to do so, but they sure are hanging onto their right to do it aren't they all?

They paid frys and best buy to destroy copies of win 7 and office 2010 to force users to run an OS for tablets.

Maybe, but extended support for Windows 7 will be available until at least 2020. Microsoft's publicly stated policy is:

"Microsoft will offer a minimum of 10 years of support for Business, Developer, and Desktop Operating System (consumer or business) Software Products."

Everyone will constantly upgrade.

People might constantly update. Whether those updates are upgrades is a very different question. I've had plenty of so-called upgrades in recent years that left me obviously worse off than I was before.

Agile software development is here to stay

This has nothing to do with Agile software development. This is about cheap, nasty, rushed software development by organisations who can't or simply won't build software that lasts for use by people with real work to do. If Microsoft really does surrender to the same cheap junk philosophy in order to stay competitive in a market where people don't mind paying for cheap junk, we will all regret it in a few years.

no more 10 year old operating systems

Personally, I'd rather have an OS that can actually run the software I bought for more than five minutes. Fortunately, it seems that whatever the rhetoric being thrown around in this discussion, Microsoft have given clear public statements that are closer to my view on this one, so it would now be very difficult for them to renege on that with any OS they have shipped so far without risking significant legal trouble.

I'm sure it would support some sort of WSUS like functionality. Now instead of calling home for updates it can call home for updates and to ensure you are paid up. All that is different is where it calls home to and what gets loaded on the server providing the updates. It seems entirely doable.

You do realize that Windows 7's mainstream support will end 13 January 2015, and extended support on 14 January 2020?

http://windows.microsoft.com/e...

what are you supposed to do if nobody has an actual device of that platform? For example, since nobody owns a Windows Phone device, how are you supposed to develop for Windows Phone?

If nobody owns a Windows Phone device, why develop for it? Seriously, though, here's how.

.NET Framework is really two parts: the "built in libraries" and the CLR (common language runtime). When you install a Framework version, it installs only the CLR version it depends on, and not earlier ones (at least this is true at time of writing).

.NET Framework 1.0 runs on CLR 1.0, and .NET Framework 2.0 runs on CLR 2.0. Okay, this makes sense and is easy to follow.

Where it gets confusing is .NET Framework 3.0 and 3.5 -- both still run on CLR 2.0.

.NET Framework 4.0, 4.5, and 4.5.1 runs on CLR 4 (they actually just call it "4", not "4.0").

Source: http://msdn.microsoft.com/en-u...

What's makes this stupidly confusing is the compatibility: If you have .NET 3.5 installed, you can run a 2.0 application. If you have .NET 4.5 installed, you can run a 4.0 application, but you can't run a 3.5 application.

IMHO, if they had just used 2.1 and 2.2 instead of 3.0 and 3.5, this could be much less confusing: .NET 4 apps run on .NET 4, and .NET 2 apps would run on .NET 2. Maybe they're doing this from now on, but the fact that 3.x is really 2.0 has screwed this up. I also don't get why they skip to .5 but that's far less of an issue.

That said, this is the company that thinks 95+1 = 98, Vista+1 = 7, and 8+1 = 10.

Its the solution that's been touted for decades to the 'single sign on' solution. It does work - I know police forces and similar that use them without fuss.

There are plenty around, and sure you have to remember a pin, but its usually way less complicated than remembering a huge long password, plus its the start of a single-signon solution that no-one can argue against once you're using them.

If you use Windows, Microsoft has a lot of resources about smart card login

https://social.msdn.microsoft....

Based on this page, I would say that it doesn't work at all:

When you find an image that you want, go to the originating website for the image and determine the actual license for the image.

Here's one example. The SetLink() method. It isn't clear what a link is, or really why you would want to add one. It's also not particularly clear where to find that kind of information (the book doesn't mention anything about links).

He might make that claim, but I sure would. Haven't run into WebM yet.

You might have run into WebM without knowing it, depending on your browser. Quite a few sites use WebM in their HTML5 video support. Microsoft's Channel 9, for example, will serve WebM video if H.264 isn't supported by the browser. With Firefox 33, if I view Channel 9 with H.264 enabled I get H.264 video. If I disable H.264 support in Firefox then Channel 9 serves me a WebM video.

The biggest problem with C# (and the Microsoft ecosystem in general) is the lack of documentation.

lolwut

Maybe you missed all the critical remote code execution vulns Microsoft announced just this month.

https://technet.microsoft.com/en-us/library/security/ms14-nov.aspx

Four of the bulletins above are listed as critical remote execution. Two of them (schannel and OLE vulns) are very bad. The IE bulletin says it resolves 17 privately identified bugs.

As the previous poster said, Microsoft has placed convenience over security for many years now. They have improved dev processes a lot, but as you can see, many security folks still view MS as a liability.

Not to stray too far from the point, but I hope Linux distros arent repeating Microsoft's mistakes with feature-laden packages like systemd and its ilk. Tons of new features in an inchoate software package with no security audits? That is how Microsoft got its reputation for insecurity.

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
#
Source: https://technet.microsoft.com/...

Perhaps, but Europe isn't exactly the engine of growth powering the world, either. Maybe EuroParl should think about fixing employment and debt along its southern periphery instead of trying to dismantle Bing's competitor.

LOL the first post that mentions anything about the competition. Perhaps the EU is just trying to get special software seat costs for member countries from Redmond. A simple case of "the Mouse That Roared" strategy to get special treatment from the real monopolists on the block!

Either way the truth about why the EU are trying to oust Google is most likely well and truly hidden from the tech journalists and the tech journalists that are reporting on this perceived strategy to dismantle Google as a company are in the pocket of the people behind the scenes.

If Google is successfully dismantled and restricted in access by a segment of the internet as large as the domains of Europe then chances are what we will see happen in the future is new routing hardware and nodes being built. The results of breaking up Google in a big way will be a case of "All Roads Lead To Redmond" not Rome along with huge bandwidth cost increased not real competition as some officials in Europe may think.

The other possibility is that the net will split up and we will see disconnected local nets firewalled in the same way China does. This could be easily done with hardware based domain blocking technologies the way cell phones can be made to lock out competing providers network pipes.

Either way the network traffic and services including ad revenues will be controlled in Washington State instead of California. The revenues conveniently off shored by the lords of Redmond to avoid paying American corporate and state taxes regardless of which who is on the top of the heap.

Or just maybe Suse will get more money and build a competitor search engine based upon Bing's search engine software, perhaps this explains the recent love affair with Linux that is happening in Redmond.

The actual reported Windows version is a decimal:
http://msdn.microsoft.com/en-u...

Its synomymous with its kernel number (though that generally has further versioning, such as 6.1.7601.17592).

The reason Microsoft never bumped the version number is because of backwards compatibility. Whether intentionally or unintentionally, many programmers have misused the old Windows APIs that check version numbers in a way that breaks compatibility of their apps going forward. That is, they're checking against future version of Windows rather than previous versions, and as such, their programs would refuse to run if the internal version number had been bumped from 6 to 7 (or 8). Whenever that sort of thing happens, people inevitably blame the OS rather than the application that had the bug in the first place, and as such Microsoft has resorted to some rather extraordinary measures to preserve backward compatibility, even going so far as to intentionally replicate bugs in special program-specific compatibility modes.

The GetWindowsVersionEx() API function is overly-complicated and notoriously easy to accidentally misuse. It appears that Microsoft finally had enough of that, and depreciated it. It will now actually only report accurately up to Windows 8.1, even in future operating systems, to ensure people can't accidentally or intentionally misuse them. They've been replaced with a set of "too simple to possibly misuse" functions that look like the following:

IsWindowsXPSP2OrGreater()
IsWindows7OrGreater()
IsWindows8Point1OrGreater()

There's one function for each major OS version + service pack, and it only checks in an equal-to-or-greater fashion, as you almost always want to do for broad compatibility checks. Notice also how you can't even check against future Windows versions until new API functions are released. I think now that MS has this safer API in place and enough time has passed since the initial problems were detected, they can get the internal version number back in sync with the more visible public number.

There's probably some marketing push in there, because I've seen people (wrongly) claim that since it was just a minor version bump in previous versions, it proved that there were only minor changes to the kernel, blah, blah... Maybe it bothered some particularly anal developers, but I doubt many really cared. It's just an arbitrary number to check at the end of the day, and we're sort of used to dealing with those.

That's the reason given but it makes no sense. The Windows API doesn't give out names like that. The Windows 95 version was internally identified as version 4.0. Windows 98 was version 4.10. (ME was 4.90, and a separate flag indicates if the system was Windows NT-based, allowing programs to known the difference between Windows 95 (4.0) and Windows NT 4.0.)

So that explanation makes no sense.

Even more, if you check out the documentation on getting version information, the version returned is now tied to the application manifest as of Windows 8.1 anyway. So you'll only ever get version 6.2 (Windows 8) back unless you explicitly target later version of Windows, meaning the jump to version 10 can't cause problems with older software.

This whole "Windows 9*" check thing makes no sense. Well, except for Java applications, because Sun actually built Java to pull the version number and then translate it into a string rather than expose it via any public Java API. I guess the idea was that you shouldn't need to know the OS your Java app is running on, but as anyone who's done anything with Java knows, that never actually works in practice. As far as I know that's the only case where you'd ever be doing version checks against strings under Windows.

Mod parent up.

That's correct. The best known demonstration of this is the Microsoft Static Driver Verifier, which every signed driver since Windows 7 has passed. It's a proof of correctness system which checks drivers for buffer overflows, bad pointers, and bad parameters to the APIs drivers use. It works by symbolically tracing through the program, forking off a sub-analysis at each branch point. It can be slow, but it works.

Microsoft Research reports that in about 5% of the cases, the Verifier cannot reach a decision. It can't find a bug, but it can't demonstrate the lack of one either. After 45 minutes of case analysis it gives up.

If your driver is such a mess that it's anywhere near undecidable, it's broken. Those drivers get rewritten with a less ambiguous design, usually by adding more run-time checks. Problem solved.

(Remember when driver bugs crashed Windows all the time? Notice that's not happening any more? That's why.)

"The affected component is available remotely to users who have standard user accounts with domain credentials" https://technet.microsoft.com/... Sounds like a "fun" new target for malware.

Microsoft Security Bulletin MS14-068 - Critical
https://technet.microsoft.com/en-us/library/security/MS14-068
Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
Published: November 18, 2014
Version: 1.0

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only. When this security bulletin was issued, Microsoft was aware of limited, targeted attacks that attempt to exploit this vulnerability.

This security update is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. The update is also being provided on a defense-in-depth basis for all supported editions of Windows Vista, Windows 7, Windows 8, and Windows 8.1. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting signature verification behavior in Windows implementations of Kerberos. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.

For more information about this update, see Microsoft Knowledge Base Article 3011780.

MS14-066 (along with the MS14-064 OLE fix) was released for POSReady 2009, so technically XP was patched for it. http://support.microsoft.com/k...

Along with MS-068, MS-075 was also skipped on 11 Nov. 2014 and is currently tagged as "Release date to be determined". Security Bulletins 2014

Maybe we can do this all over again next week.

With Apple continuing to make a more closed ecosystem [...] Should we be a bit more welcoming to Microsoft?

The "$99 per year recurring fee to run software you wrote on a machine you own" policy that Apple implemented in iOS was strikingly similar to the "$99 per year recurring fee to run software you wrote on a machine you own" policy that Microsoft had already implemented on Xbox 360.

Now Microsoft trying to be more open.

Case in point: Unlike Apple with the iPad, Microsoft has allowed for a free-of-charge developer license on Windows RT, where you pay only once it's time to upload your app to Windows Store.

Correct ME *IF* I am wrong/off guys (haven't had my coffee yet) but the article source says this about Windows 7:

PERTINENT QUOTE/EXCERPT:

"Windows 7

Bulletin Identifier
MS14-068

Aggregate Severity Rating
None

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
(No severity rating)[1]

Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
(No severity rating)[1]

[1]Severity ratings do not apply for this operating system because the vulnerability addressed in this bulletin is not present. This update provides additional defense-in-depth hardening that does not fix any known vulnerability. "

FROM -> https://technet.microsoft.com/...

APK

P.S.=> Same appears to go for Windows VISTA, & RT versions 8 + 8.1 as well - no threat/NO patch required... apk

The MailOnlne described the test as "Supporting Windows 8.1." Schoolboy becomes world's youngest qualified computer specialist after passing Microsoft Windows exam aged just FIVE

Yes, this is technician level. Doesn't claim to be anything else.

But IF the range and depth of the exam is equivalent to the MS Course of the same name, it is far from the trivial achievement that the geek with five to ten years of practical experience likes to pretend. Course 20688D: Supporting Windows 8.1

There is an entry-level technician grade exam Configuring Windows 8.1

which still implies an understanding of concepts and methods that will be quite alien to most five year olds, and every now and again trips up an adult who should know better,

The MailOnlne described the test as "Supporting Windows 8.1." Schoolboy becomes world's youngest qualified computer specialist after passing Microsoft Windows exam aged just FIVE

Yes, this is technician level. Doesn't claim to be anything else.

But IF the range and depth of the exam is equivalent to the MS Course of the same name, it is far from the trivial achievement that the geek with five to ten years of practical experience likes to pretend. Course 20688D: Supporting Windows 8.1

There is an entry-level technician grade exam Configuring Windows 8.1

which still implies an understanding of concepts and methods that will be quite alien to most five year olds, and every now and again trips up an adult who should know better,

Visual Studio uses MSBuild. (Comparable to Ant). Using the IDE has no impact on your ability to debug the build.

It is yet-another-tech Microsoft bailed on after it failed to get significant market from Flash and/or HTML5. It is on life support.

> Microsoft announced the end of life of Silverlight 5 in 2021

Reference:

* http://support2.microsoft.com/...
* http://en.wikipedia.org/wiki/M...

What the hell is this, then?

The Lync thing I'm talking about it only for online meetings. It's a part of Lync implemented as a web app and for some reason if you aren't on Windows it's your only choice if you want to see what other people are presenting. The place I work at doesn't actually use Lync for generic telephony. (Although they do have some form of half-assed integration where someone calling my office phone will, in fact, cause a Lync desktop app notification to appear. I just can't answer the call using Lync because our VoIP system isn't actually Lync.)

would work nicely with the open source .NET. I can't wait.

.NET apps use XML config files. Read the Application Settings Overview MSDN article for more information.

No other site covers Microsoft so much.

If you think Slashdot is bad, you should see this one :- www.microsoft.com

Best advice.

Selected math oriented reading list:

A Book of Abstract Algebra -- Pinter One of the best book I read. Next read Algebra -- Artin
Information Theory, Inference and Learning Algorithms -- MacKay
Iterative Error Correction: Turbo, Low-Density Parity-Check and Repeat-Accumulate Codes -- Sarah Johnson Amazing book (most in the domain are uselessly and horrifyingly complex). I advise to read beforehand the here-down Plank paper.

Introduction to Calculus and Analysis vol I -- Courant Vol II/1 Vol II/2 Best book I know for Calculus/Analysis

The Feynman Lectures on Physics Not math nor computer science but makes you a better scientist.

Selected must read papers:

Time, Clocks, and the Ordering of Events in a Distributed System --Lamport
How to Share a Secret -- Adi Shamir
A Tutorial on Reed-Solomon Coding for Fault-Tolerance in RAID-like Systems -- James S. Plank

Indeed!

A few years back, I was implementing Leslie's Bakery Algorithm. (Which, to be sure, you should look up his original paper, not the bastardizations you sometimes find in textbooks. That paper and more are available here.)

In my implementation, I wanted to SIMD-ize one of the steps to make it more efficient. I thought the transformation was valid, but wasn't certain, so I emailed Dr. Lamport. I was pleasantly surprised when Leslie actually replied to my email.

And yes, the transformation was valid. *whew* Our multiprocessor DSP software got a little faster that day.

Anyway, there's some fascinating stuff on his page full of papers. The link again: http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html

Indeed!

A few years back, I was implementing Leslie's Bakery Algorithm. (Which, to be sure, you should look up his original paper, not the bastardizations you sometimes find in textbooks. That paper and more are available here.)

In my implementation, I wanted to SIMD-ize one of the steps to make it more efficient. I thought the transformation was valid, but wasn't certain, so I emailed Dr. Lamport. I was pleasantly surprised when Leslie actually replied to my email.

And yes, the transformation was valid. *whew* Our multiprocessor DSP software got a little faster that day.

Anyway, there's some fascinating stuff on his page full of papers. The link again: http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html

http://www.microsoft.com/investor/reports/ar13/financial-review/balance-sheets/index.html

C#'s primitive types actually aren't. They're really structs with overloads for math operators.

This is both true and false. Struct Int32 is magically mapped to int and vice versa, but go look at the definition of that struct inside the framework. Notice the field of type "int" inside? If they were truly one and the same, this would've been infinitely recursive, but it's not.

In practice, CLR distinguishes between primitives and structs, but allows you to treat one as the other transparently. And C# obscures it even further by always treating Int32 as alias for int, basically.

Anyway, all this is not particularly relevant to what GP said. The point is that in C#, you can have collections of value types, be they primitives or structs. In Java, the only value types are primitives, and generics don't work with them at all. And, of course, heap-allocated boxed wrappers in Java are much more heavyweight then C# structs, which can live on the stack or even in a register.

C# generic collections allow primitive types to be used for type parameters, and always without performance loss due to runtime downcasting like in Java.

C#'s primitive types actually aren't. They're really structs with overloads for math operators. For example, int is a System.Int32.

No, the benefit C# has here is that it only has one number representation.

Java's int is a real primitive... but as you noticed, Java's Collections don't work on primitives. So, Java has to convert it to the equivalent object.

Since Java doesn't let you do operation overloads on types, you have to convert it back to a primitive before you can most things with it.

Also, objects tend to be heavier than structs.

I wish MS the best but the best thing they could is keep the gimp hidden behind the gloryhole

Good luck with that. GIMP is already far more capable than Microsoft Paint, and Microsoft's other image editor is overspecialized toward editing photographs, such as red eye correction, color correction, cropping, and rotation. It's not for actually painting. Does Microsoft have anything to compete with Paint Shop Pro, let alone Photoshop? If not, I'll only have to keep using GIMP 2.8.x on my Windows 8.1 box at work.

I don't think he was talking about software

Yes: Roslyn. Open sourced back in April. Currently in development for C# 6.

The Roslyn page on MSDN has links to nuget packages and their git repo.

They are stored as XML files. See Application Settings Overview for more information.

I wish MS the best but the best thing they could is keep the gimp hidden behind the gloryhole

Good luck with that. GIMP is already far more capable than Microsoft Paint, and Microsoft's other image editor is overspecialized toward editing photographs, such as red eye correction, color correction, cropping, and rotation. It's not for actually painting. Does Microsoft have anything to compete with Paint Shop Pro, let alone Photoshop? If not, I'll only have to keep using GIMP 2.8.x on my Windows 8.1 box at work.

There is a DMA component, a quick search reveals they haven't fixed that either yet.

You mean that drivers can determine whether they, themselves, require DMA? That's no worse than the device having DMA itself; in fact, it's damn sight better, given that Firewire device doesn't even have to identify itself, let alone have that identity accepted by the system, to gain that level of access, meanwhile a USB device must identify itself as a device whose driver required DMA, that driver must be present, and it must emulate that device well enough to fool the driver into actually talking to it; the bar is a fair bit higher with USB than DMA.

The problem lies in that USB trusts the device to be what it says it is, even if that is more than one thing.

That's all fine and dandy, the device still has to fool the driver, as well, whereas the OHCI 1394 specification (aka Firewire) allows for devices for performance reasons to bypass the operating system and access physical memory directly without any security restrictions.. In case Wikipedia isn't a strong enough source for you, here is the actual specification. A Firewire or Thunderbolt device or, as you correctly point out, ecpressCard, PCI, PCI-express (though you're really repeating yourself with that list) device doesn't even need OS or driver cooperation to be rejected by your system, it just pops on the bus and says "Let me see this RAM" and gets what it wants. Hell, it can do that repeatedly until it finds the bit of vulnerable code it's after and immediately turn around and overwrite it with an exploit. Actually, there's nothing stopping it from using that method to exploit your OS' I/O stack to allow itself to write arbitrary files on disk. All with no drivers, or authentication.

If you're worried about USB, you need to be terrified about the other busses in your system.

I was referring to WIred's story[...] ... which provides the same details about the same thing (BadUSB). So, then, I was right? You were talking about BadUSB? Good.

The slow down is a direct result of the design of USB serial communications.

Then why don't I see an issue with it when I connect 2 portable drives (bare enclosures in which I've put a couple of Samsung SSDs) via a USB hub? Also, if not a hub, why did you say:

"Hook 2 devices up to a USB 3 hub, watch yourself get lower than USB 2 speeds"?

I'd figure there'd be no reason to mention a hub if you didn't use one.

Did you just get caught debating dirty? Yes, yes you did. Bad Gr8Apes! No soup for you!

haven't tested personally, but it looks good, and doesn't require any "roll-your-own" crap.

http://azure.microsoft.com/en-...

If you run AD, you should probably run ADFS. http://msdn.microsoft.com/en-u...

It runs on top of AD, and provides standards-based SSO for users. It works nicely with Google Apps.

It's a bit complex to set up, but there are articles like http://www.huggill.com/2012/01... . Basically, ADFS is a SAML Identity Provider and Google Apps is a SAML Service Provider. So when users go to log into Google using your domain, they are redirected to ADFS to log in, which validates them against AD, then redirects them back to Google. Then when they access any other service that you have SSO with, the user doesn't have to re-authenticate.

You can do the same thing with Ping Federate. If nothing else, you can get quotes from both. But if you get educational pricing from MS, ADFS is likely cheaper. ADFS doesn't cost anything (other than paying for the servers and OS) - the expensive part is buying the AD CALs for everyone doing SSO, which you already have.