Slashdot Mirror

Office 97 will read .docx and .xlsx files if you install the converters from http://support.microsoft.com/k... New functionality won't work - eg new functions in Excel 2007 will give #NAME errors in 97, but otherwise it works fine.

cryptanalysis can break your encryption even without access to your encryption algorithm

I doubt it. That may have been true back when people used substitution ciphers and encrypted plain text. Today's ciphers scramble large blocks and precompress to increase data entropy. I seriously doubt anybody but a top-notch cryptoanalyst can decrypt even the simplest attempt at a cipher from anybody who knows anything at all about cipher design.

Such a cryptoanalyst is likely to be found only at some high level government agency like the NSA and he will likely be too busy to spare any time to decrypt your inane emails to your mistress. Consequently, I would postulate that if you design your own cipher and avoid becoming the next Snowden, your data will be just as safe as if you had used AES.

Which is how we end up with things like the weak Zip File and early MS-Office encryption. Companies think they can roll their own, or take shortcuts and end up with weak security.

Published algorithms have withstood scrutiny by actual experts, don't assume that your home-grown super-secret encryption will stand up to scrutiny - it may leave patterns in the data that can be exploited to decypt it

Ironically, this is exactly what I use Microsoft's own Skydrive for:

http://windows.microsoft.com/e...

Its free as in beer, but sadly, the host box has to be Windows so it might not be what you are looking for.

Microsoft doesn't use bind, silly. They use MS DNS Server.

Um...
"The bind function associates a local address with a socket."

http://msdn.microsoft.com/en-u...

It might have something to do with the ability of GPUs to crank through FFTs like nobody's business...

I was at Novell at the time during which the protocol basis for the commercial Internet was being decided. Novell was attempting to swing a deal with AT&T to get them to deploy a commercial network topology based on SPX/IPX; at the same time, Microsoft was attempting to get AT&T and Sprint, and whoever else they could get on board, to deploy a commercial network based on NetBIOS/NetBEUI.

It has been some time since I worked with both IPX and NetBEUI, but AFAIK they are single-segment protocols

Correct about NetBIOS and NetBEUI/NetBIOS Frames protocol or whatever you want to call it; incorrect about IPX, which is routable and is routed. And NetBIOS (the service) can also operate atop IPX as well as operating atop TCP/UDP.

based on broadcast.

Host/service-name-to-address lookup is done in NetBIOS Frames protocol using broadcasts. That's not the only way to do it with NetBIOS-over-TCP; it might not be the only way to do it with NetBIOS-over-IPX either.

(Terry, was Microsoft talking about using NBF? That probably deserved to die, for the reasons mentioned.)

I was at Novell at the time during which the protocol basis for the commercial Internet was being decided. Novell was attempting to swing a deal with AT&T to get them to deploy a commercial network topology based on SPX/IPX; at the same time, Microsoft was attempting to get AT&T and Sprint, and whoever else they could get on board, to deploy a commercial network based on NetBIOS/NetBEUI.

It has been some time since I worked with both IPX and NetBEUI, but AFAIK they are single-segment protocols

Correct about NetBIOS and NetBEUI/NetBIOS Frames protocol or whatever you want to call it; incorrect about IPX, which is routable and is routed. And NetBIOS (the service) can also operate atop IPX as well as operating atop TCP/UDP.

based on broadcast.

Host/service-name-to-address lookup is done in NetBIOS Frames protocol using broadcasts. That's not the only way to do it with NetBIOS-over-TCP; it might not be the only way to do it with NetBIOS-over-IPX either.

(Terry, was Microsoft talking about using NBF? That probably deserved to die, for the reasons mentioned.)

This would be good for customers since they'd have the source code available "just in case" (the vendor went under, or they wanted to make their own modifications for their own use), and the vendor would like this because they wouldn't be "giving the software away".

If I recall, Microsoft tried part that with their Shared Source licence. Of course, being Microsoft, slashdot responded with a resounding chorus of "evil! evil!" and assumed it must involve a secret plot to pee on Stallman's toothbrush, but they still offer it. https://www.microsoft.com/en-u...

Send it here - they seem to encourage it. ;)

While Windows does take up a lot of space, it's not quite 32GB. The Surface Pro 64 comes with 37 GB free. Of the 27 used GB, 5.5GB is devoted to a recovery partition, which can be imaged to a USB and deleted from the on-board storage. Another 3GB is devoted to the hibernation file, which is deleted if you turn off hibernation. Finally about 1GB is devoted to pre-installed apps, which again you can delete. Windows itself takes about 15 - 17 GB.

I have a surface 2 (not pro), and I've heard that part of the reason there's so much space taken up is because there's also a recovery partition on there (hidden from the user), along with the actual install of the OS. So you basically end up with 2 copies of the initial install, which is why you're left with so little space. Apparently you can use a usb stick to create a recovery drive, and clear out the recovery partition and reclaim the space. Definitely something I want to try out.

You guys know that MS has downgrade rights for some OEM and for just about all Volume plans??

Here is the page : http://www.microsoft.com/oem/e...

For those that dont want to read the downgrade rights for Win 8 to Win7 are roughly
- Buy a machine that has Windows 8 *PRO* license
- Get *any* old WIndows 7 Pro DVD that is compabile with the license on your machine ( OEM for OEM / OpenVolume for OpenVolume )
- Install Windows 7 Pro
- Use *ANY* key appropriate for the OEM / OpenVolume version of Win7
- Activate online - if you have problems phone -
- done.

Really? This has to be explained to you? Some of us use more than one application simultaneously, often spreading out over multiple displays. In this case, starting new programs should not be a full screen focus grab.

I asked why you would need to see the active application and the open menu at the same time and you didn't provide me a situation

Using the mouse to ponderously scroll through piles of huge tiles on a huge display is tedious compared with a little menu in the corner.

Wouldn't the fact that the smaller menu has less items visible mean even more tedious scrolling?

Now if you don't like clicking through folders, I understand, but that is more the fault of vendors who insist on adding extra layers so as to get you to see their brand name regularly.

I love the false dichotomy that the Start Menu can be organized but the Start Screen can't

A nicely laid out start menu is far superior to any other convolution anyone has come up with.

Yeah pack it up for we have reached UI Utopia, anything else is a 'convolution'. Nevermind the fact that people were saying the same things about Windows XP's start menu when Windows 7 was in development

.

Really? This has to be explained to you? Some of us use more than one application simultaneously, often spreading out over multiple displays. In this case, starting new programs should not be a full screen focus grab.

I asked why you would need to see the active application and the open menu at the same time and you didn't provide me a situation

Using the mouse to ponderously scroll through piles of huge tiles on a huge display is tedious compared with a little menu in the corner.

Wouldn't the fact that the smaller menu has less items visible mean even more tedious scrolling?

Now if you don't like clicking through folders, I understand, but that is more the fault of vendors who insist on adding extra layers so as to get you to see their brand name regularly.

I love the false dichotomy that the Start Menu can be organized but the Start Screen can't

A nicely laid out start menu is far superior to any other convolution anyone has come up with.

Yeah pack it up for we have reached UI Utopia, anything else is a 'convolution'. Nevermind the fact that people were saying the same things about Windows XP's start menu when Windows 7 was in development

.

Hmmm I seem to recall a complaint that the NSA (and others) couldn't break Skypes' encryption and wanted help.

https://www.schneier.com/blog/...

It was popular with the crooks.

http://www.theregister.co.uk/2...

Then an investment group Silver Lake Partners gained controlling interest.

http://en.wikipedia.org/wiki/S... (interesting crew there)

Then no more complaints or request for help by the NSA.

A couple years later Skype was acquired by Microsoft,

http://www.microsoft.com/en-us...

It's a fascinating coincidence.

Innit.

I've seen one and it was VC10 (Visual Studio 2010).

http://archive.msdn.microsoft.com/KB2280741

In my opinion, the best keyboard for over a decade is the "whatever the cheapest keyboard Microsoft is selling".
Currently it's this: http://www.microsoft.com/hardware/en-us/p/wired-keyboard-200/JWD-00046

It's wired.
It has all the keys, all in the usual place, all actual clickable buttons.
It doesn't have RSI-inducing wrist-rests.
It isn't colored like a rainbow.
It doesn't bend in contortionist ways.
It doesn't have a "shutdown" button you accidentally hit every once in a while.

I've been through multiple iterations of this "cheapest MS keyboard", and they're all good.
(When MS software finally croaks, their hardware division will still be going strong).

Some other brands have similar keyboards too, also cheap and also better than the more expensive keyboards.

With keyboards, as you go up in price, you go down in usability.

I'll bet it persists in Vista, 7, 8 and 8.1 or it's prodigy would exhibit the problem. I just looked over the patch Tuesday fixes from this week and there's no mention of anything for SVCHOST however there is a nice memory leak that's been around for a long time in oleaut32.dll. http://support.microsoft.com/kb/2870467

I guess they don't take advantage of static or runtime analysis tools at MSFT.

Suppose if they didn't get it over the holiday and it wasn't done by April 8th, they could have perhaps saved themselves all the bother and turned off all update checks

Windows Server 2003 is supported longer than Windows XP despite using the same update mechanism and nearly the same kernel. Extended support for Windows Server 2003 ends on 7/14/2015, and this problem will only get worse for servers over the last two and a half years of extended support. So there's a benefit for making a fix for Windows Server 2003. And if the same fix applies to Windows XP, it doesn't cost Microsoft that much to release the fix for both, and the gesture of goodwill could help deter companies from switching to GNU/Linux or OS X instead of buying Windows 8.1 + Classic Shell.

"Microsoft Security Essentials is antivirus software. By definition it must have the authority to remove, isolate, disable, and delete software from your computer. "

It must by definition remove, isolate, and disable malware. Claiming that whatever it removes is fair game is absurd. Maybe I run an old buggy version of something on purpose. I mean, I know that nobody would ever do that, but just imagine if it actually happened. By your logic, M$ can and should remove XP from all systems immediately, as it is an old version known to have many security holes.

What did you think it did? You have the option of not running it.

The technical information doesn't exactly say it removes TOR or any particular version:

Additional information
The Sefnit family is known to use Tor or SSH provided by PuTTY as its C&C communication channel.

Some variants add a Tor service under the display name "Tor Win32 Service". This a legitimate service that is used by the trojan to anonymize it’s network traffic.

Since August 2013, there has been a considerable increase in the Tor network's incoming connecting users - this is believed to be as result of the Sefnit family using Tor for its C&C communication. This is shown in the following graph from the Tor metrics portal:

Some people find TOR using a Chrome browser. Should they have the authority to remove that too only to tell you about it later in a blog?

Who knew?

"Malicious Software Removal Tool" has been a Windows update for years. (Since 2005 http://en.wikipedia.org/wiki/Windows_Malicious_Software_Removal_Tool) What did you think it did? You have the option of not running it. If the update is selected / run it is a local program run one time after updates are installed that "checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month."

http://www.microsoft.com/en-ca/download/malicious-software-removal-tool-details.aspx

You are correct. Tunderbolt is essentially an extension to Displayport that includes PCIe. My bad.

I know that SATA does DMA, unlike USB, but I'm not clear on how much control can be initiated from the outside. A quick search suggests that it's safe.

I found this, which discusses the issue further:
      http://support.microsoft.com/kb/2516445
It talks about dealing with 1394 and Thunderbolt DMA attacks.

I doubt there's much you can do to prevent a DMA attack through a laptop's docking port, though you might be able to disable the card slot (Express Card, PCMCIA, or whatever it is now).

It just sucks that MS doesn't make a 32b, legacy, low footprint OS for those that need to run old software.

First, you can get Win 7 Pro in a 32 bit version. And let's not forget about this?

Its a common fallacy that server side stuff if just shuffling disk to network, hence the (current, but fading) popularity of node.js

What I find in all systems that are not trivial is that the middle tier gets a lot of processing bundled into it - read that disk or DB data, and fiddle with it, often combining it with other data sources and then send it down to a client. That fiddling requires quite a bit of processing.

Its one reason why Microsoft went as native-code as it did a couple of years back, their 'Casablanca' project (now released as C++ REST Services) because someone measured how much electricity their cloud services were sucking up with managed code (and to be fair, .NET is less resource intensive than many script-based languages) and they needed something more efficient. (Either that or someone noticed how seriously faster C WWS web services were compared to .NET WCF services :-) )

All the places I've worked that do serious stuff, base their distributed services over 3 tiers - the usual web presentation (or sometimes thick desktop) calling a middle tier business logic layer that calls the DB. The middle tier does all the heavy lifting, so its never just IO shuffling.

I'm sure many websites simply call a web server that calls a DB and does the mapping of data to UI in the client via javascript, but its not the most efficient way of presenting that, especially if there's a lot of data, or it needs processing.

Maybe there;'s a distinction to be made between the "website" devs and the "professional" devs in the type of systems they develop. I think its a shame the "website" style where everything is placed in the web server (bad security choice that) should be designed with 3 tiers from the start, and for these types of system, a C++ based service layer is not any more difficult than any other language to develop for. .NET, its easy to develop for, which is why everyone seems to be using it. Its not nice when it goes wrong (like the bug I struggle with today - reading event log entries returns null on my colleague's box, for no F*** good reason.. damn you Microsoft) but even Microsoft knows its their RAD tool, not the one that should be used for performance or resource efficient systems. To put it another way, .NET is the new Visual Basic - where VB used to be used, .NET fills that gap. The trouble is, it also attempts to fill every other gap (but I guess VB devs back in the day used to do that anyway)

Java.. no need for that anywhere IMHO :-)

IIRC it already does.

Despite of that I believe there are plenty of dependencies and assumptions by the other software running in the machine that explorer.exe is the installed shell that it is not realistic that the replacement would be without issues.

" A ten year old Windows XP machine can run all the latest browsers,"

Have you even managed/used XP? It is incapable of running even IE 9 which is 3 years old.
http://windows.microsoft.com/en-CA/internet-explorer/products/ie-9/system-requirements

I of course agree that apple obsoletes everything too quickly, but now is time for xp to die. Power PCs death was quite a few years ago now.

Or which platform is the best in terms of supporting indie developers creating games designed around local multiplayer? [...] PC with or without steam is probably the best.

This is what I meant. So as I understand it, the route to market is to start on PC without Steam, then submit games to Greenlight once they gain traction, then try consoles. Am I right? But several Slashdot users have repeatedly told me that nobody other than a hardcore geek wants to connect a PC to a TV to play local multiplayer games. To me, the Steam Machine (a Linux PC designed for set-top use) appears to be the most viable way to turn this around.

And windows RT isn't a PC.

Someone should tell that to whoever manages Microsoft's web site. I too was surprised when Microsoft described RT tablets as Windows RT PCs.

Actually MS do decide sometimes - or at least they release required specs and checking tools (upgrade adviser) and sometimes your machine cannot be upgraded.
One of my PCs is about to go there - on XP and insufficient spec to upgrade to win7. But then, the machine is 12+ years old, and although it still does everything it did when it was bought, and just as well as it did then, my phone probably has more memory and more CPU power.

The big thing that MS does do well is provide EOL dates well ahead of time for the software you have, so you at least know when the software+hardware you've got will stop being supported (if the hardware doesn't die first). http://support.microsoft.com/gp/lifeselectindex

As far as I know, Apple doesn't give out any information like this at all (or at least I can't find it), so you have no idea how long you've got before you have to buy a new shiny...

Which window manager handles such a large display best? Modern desktop environments, whether we talk about Gnome or Windows or Mac OS X, tend to work best when you let one window take over the entire screen.

Windows actually handles this pretty well with the Snap feature.

All you have to do is press Win+Left to get a window to take up exactly the left half of the screen, or Win+Right to take up just the right half. So having two windows side-by-side is very quick and easy. Also, if you vertically resize a window to touch the top or bottom of the screen, it will automatically size to fill the whole vertical space, while retaining its horizontal dimensions.

Which crime?

If your car's driving application happens to be running on Windows 8 Pro OEM when it blue-screens and flattens a pedestrian crossing full of nuns, then you've already agreed that the selected OS wasn't even fit-for-purpose (to the Grand Parent's point as well);

The manufacturer or installer, and Microsoft, exclude all implied warranties, including those of merchantability, fitness for a particular purpose, and non-infringement. If your local law does not allow the exclusion of implied warranties, then any implied warranties, guarantees, or conditions last only during the term of the limited warranty and are limited as much as your local law allows. If your local law requires a longer limited warranty term, despite this agreement, then that longer term will apply, but you can recover only the remedies that are described in this agreement.

I.e. "Current laws make the driver of a car responsible for any mayhem caused by that vehicle." Microsoft wasn't driving your car - they've never even seen it before.

It needs to be the programmer (and the companies that profit from the software) that own the liability for the actions of that code. That will require a change to the law.

let's rule out Microsoft on this one, ok?

You forget, they lived only to face a new nightmare...

Microsoft Robotics Developer Studio 4: Microsoft® Robotics Developer Studio 4 is a freely available .NET-based programming environment for building murderous robotics applications.

https://www.microsoft.com/en-us/download/details.aspx?id=29081

“Your clothes. Give them to me. Now.”

There's a scanf used when loading BDF fonts that can overflow using a carefully crafted font. Watch out for those obsolete early-90s bitmap fonts.

And watch out for scanf(). There's a reason Microsoft brought scanf_s() and others, which the official C11 standard adopted later too.

Oh and MS has a standard for vehicles too. We can see how far that went.

Yep. Closing in on 15 million installs, and used in nearly 20 cars and trucks, including the best selling vehicle in America. Seems to have gone quite far!

If you pay attention:

Windows and Excel are registered trademarks.
Word is not.

Source: http://www.microsoft.com/en-us/legal/intellectualproperty/Trademarks/EN-US.aspx

Java, C#, and JavaScript all have graphics and canvas component libraries. All these libraries render graphics differently on different systems. In the C++ universe, programmers have had to use 3rd-party libs like Qt, so a C++ standard library for graphics is long overdue.

MAX_PATH is a Windows API limitation. You can get around it by using Unicode aware versions of some functions, but since that has limitations, too, you can't just swap to those without adding a new set of problems.

There is a lot of Windows software that suffers from this same limitations, most of them just don't talk about it. git is just taking the less troublesome of the two bad options presented by the OS. The standard workaround is to map a drive letter to some subset of the path when it grows large enough to hit this limit. As for the 80's calling, this part of the Windows code is in fact still worrying about 8.3 file names from DOS too...

This can be used for simply concentrating the graphics resources in the area that the eyes are focused. Microsoft Research was showing something like this off at last years SIGGRAPH conference. They are claiming an acceleration factor of 5-6 when using the eye tracking.

Their paper can be found here: http://research.microsoft.com/apps/pubs/default.aspx?id=176610

Having stood by and watched while someone was using the system, it was interesting to see their eye dart around the screen and the little high-quality circle that (presumably) was synchronized with the movements.

As I recall, MS made the decision to save money by not including codec licenses with every Windows install. Instead, they want you to purchase the media pack upgrade - a pretty sour move, I'll agree.

Just one more reason to hate Windows 8, along with the fact that if something goes wrong and you need to boot Safe Mode: good luck.

If you're familiar with previous versions of Windows like Windows 7, Windows Vista, or Windows XP, you may remember that you could force the loading of what was then called the Advanced Boot Options menu by pressing F8. This is no longer possible in Windows 8.

In fact, even the widely publicized SHIFT+F8 option, which supposedly works to force Advanced Startup Options to appear (and ultimately Startup Settings and Safe Mode), only works on very slow computers. The amount of time that Windows 8 looks for SHIFT+F8 is so small on most Windows 8 devices and PCs that it borders on impossible to get it to work.

MSFT must agree Win 8 is shit, which is why its support is ending in just 2 years in January 2016. The preinstall aspect must explain why its market share grew despite the pending doom.

This is being handled differently than Vista SP1, which was really a disguised upgrade of Vista to Server 2008's codebase but it didn't involve an actual heavyweight OS upgrade & software reinstall (which seems to be the case for going from Win 8 to 8.1).

You can get free updates for Windows XP from http://update.microsoft.com/

How about WinXP 64-bit?
It supports 128GB ram.

the new MS Office still runs on XP.

Office 2013 does not run on Windows XP. Or Vista for that matter. Link.

Now it's a matter of people getting jacked out of what they paid for sooner than a reasonable expectation, on hardware that won't even run the upgrade. Completely screws up your flow. Now it's not their fault. Sorry for ruining your party.

It's certainly their fault. MS publishes the EOL dates for OSes and has been extending XP's EOL from many many years even though they didn't have to. People expecting updates till the end of time is not Microsoft's fault, everyone likes free stuff. The EOL dates are here. http://support.microsoft.com/lifecycle/default.aspx?LN=en-us&x=15&y=15&c2=14019 If you buy Windows 7 or 8 expecting support till 2050, it's certainly your fault if MS fails to meet your expectation.

Not to mention, a huge chunk of XP users are using pirated installs, especially in places like China. Which other company supports OSes for so long? Buy an Apple computer for 4 times the price in 2001 and it would've gone out of support in a few years. How many years does an Android phone get supported with updates? 2?

Not to mention that XP users are holding back web and application development. It's time to move on.

On a slightly related note, there is a very nice Microsoft Research paper on password theft and bank fraud, and who actually gets affected.
I will admit that most of what I actually thought of this subject was quite wrong.

Linkage: http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf

not messing with boot devices plus its UEFI locked anyway.
here is a relevant link
http://answers.microsoft.com/en-us/surface/forum/surf2-surfupdate/bit-locker-recovery-key-requested-at-boot-time/109217fd-3a04-41ca-818d-6826dc195611

FYI, those backup tools exist, though tape backup was sadly removed a while back. They're not part of Windows Explorer, nor should they be IMO. In Windows 7 it's in the control panel, and named Backup and Restore. Fuck Windows 8.

Where do you get the images?

From Microsoft.

The issue of passwords being stored unencrypted on media has come up before with Android email passwords, Pidgin passwords and so on. If your attacker can bypass filesystem permissions you are already in a world of pain. One way to mitigate this would be to use a password protected keychain/keyring but this only works if you don't automatically unlock it...

Say that I want my Windows machine to automatically log in as a user when I turn it on. Because of the way Windows works it needs to be able to unlock my account (almost certainly to be able to unlock credential stores that would be otherwise locked), which means that when I enable Windows auto-login my password is going to be saved into the registry in plain text.

Perhaps Mac OS X can magically do better? Well not really - OS X XOR's your password with a fixed key and saves into /etc/kcpassword. For an attacker this is not a big hurdle over what Windows does. Unless your password is available OS X would be unable to unlock your keychain and all sorts of things would have to start prompting you if they wished to work.

If the keys to reverse the encryption are stored alongside the encrypted object you have not gained any more security but are just obfuscating your data - an attacker can simply steal both at the same time, run the decryption algorithm and use the object. To be secure you need to have something your attacker doesn't have access to which is at odds with unattended operation. If you want to have something happen completely unattended (i.e. from power on) fashion you are going to need ALL the information available in a directly usable form at some point and it's going to have to be "unprotected". While saving things like hashes are bit better (as they don't reveal the underlying password which may have been reused elsewhere) someone can still steal the hash and use it as is for accessing that service and in many cases a hash is no good as challenge response is being used to prevent the whole secret from having to be passed.

I do have one question though - what do OS X and Windows when you save things like WiFi/802.11x passwords that are accessible to every user? To what extent do they try and protect their system "keychains" and wouldn't such protection be obfuscation?

It's Bouma, not Bauma, named for Herman Bouma. It is recognizing words by their shape, rather than by the individual letters. The calssic exmaple is how we recongise words easily even when the lettres are mixed up.