Slashdot Mirror

http://www.microsoft.com/download/en/details.aspx?id=28160

Hah! Just loaded Microsoft Visual Studio Express on to a new Windows 7 box, and discovered I couldn't compile some solutions as it wanted to write something in its installation folder during normal operation, C:\Program Files\blah blah blah.

This is a bug. More specifically, I suspect that this is a bug in the project in question (keep in mind that VS projects are actually MSBuild build scripts, and they can do anything - including, of course, hardcoding the output path to "C:\Program Files\"; the latter is relatively common for in-house business app projects, for the sake of ease of testing). But if it does that for a newly created solution, or if nothing in the project file indicates such hardcoding, then it's a bug in VS. I'd appreciate if you reported it here.

You should tell MS that it is now possible to disable synch for primary account, they don't know about this feature:

http://answers.microsoft.com/en-us/winphone/forum/wp7-sync/disable-synchronizing-contacts-windows-live

Not to mention that Android is a patent nightmare. Google willfully violated Microsoft, Apple and numerous other companies patents and copyrights when they built Android. And for what? So they can steal your personal information and sell it to the highest bidder, even if they ar e in china or russia. Just say NO to google!

Why would I rent a separate office? Because the space they are going to be offering is also going to be used by 9 other sets of strangers, all looking for an edge, all looking for other great ideas to "borrow" if they strike out after the original 3-month period.

So use a little discretion, it's really not that difficult.

And with dozens of new faces in one space (even if it's separate offices), that's a great way for equipment to develop feet. After all, it's not like they're going to be keeping "office hours".

Oh yeah, like there's no security, and you certainly wouldn't want to be taking your laptop or hard-drives home with you or anything like that, that's too hard.

1. Since they're going to be flooded with applications, you'd better have a working prototype already running.

No, you clearly don't need that at all, you're just speculating now that you have no facts to support that.
Your company does not necessarily need experience developing with Kinect, but the business concept does need to leverage Kinect capabilities as part of the final offering. Your team must also be willing to develop the technical skills required to bring your solution to a functioning prototype.
http://www.microsoft.com/bizspark/kinectaccelerator/

2. If you have a working prototype already running, why would you be looking for initial seed funding instead of going to a first round of investors? More $$$, less equity given up.

You probably value the audience you get through their presentation at the end as well as the skills for refining your prototype. But as above, that's not the stage they are looking for.

3. They want 6% of your business - not just that one project. So, if you come up with a second great idea, you're not free to develop that one on your own and reap all the bennies.

Of course you are, do you know nothing about business? Your ideas aren't tied to your business.

I've worked at VC-funded startups (including one that had $25 million to play with) - at each stage, the initial founders have to give up more and more, until in the end they own pretty much nothing.

Of course, if you go in with no understanding of the process that is likely to happen to you, if you know what you're doing that is pretty easy to avoid. So im not sure what you're suggesting here. And although you say you've worked for a VC-funded startups it's strange that you still seem incapable of answering the initial question.

Where does microsoft use jabber?

See this :

  http://www.microsoft.com/presspass/features/2009/oct09/10-01ucinterop.mspx

Again trying to avoid proving what you claimed. You're such a liar, and SO easy to prove you're a liar. PROVE that Oracle or Microsoft bribed someone.

Name names, dates, and the type of gift. Both Microsoft and Oracle have policies about that.

Oracle's Code of Ethics and Business Conduct - see page 13 - Gifts

Oracle employees generally may accept unsolicited gifts or other business courtesies from actual or potential customers, suppliers, or other business partners provided they are not of material value and are not given with the purpose of influencing oneâs judgment. It is never appropriate to solicit gifts or other courtesies directly or indirectly. If you are offered a gift or other business courtesy of material value from an individual, firm, or representative of a firm who has or seeks a business relationship with Oracle, you must demonstrate that the gift could not be construed as an attempt by the offering party to secure favorable treatment. You must obtain written approval from the Senior Vice President of your organization and from your Regional Compliance & Ethics Officer before accepting the gift.

As an example, on page 14 they say that if a vendor sends them a gift certificate at their home "because it's the holidays", they have to return it to the vendor along with a note explaining that Oracle's policy forbids it.

Microsoft's Code of Business Conduct

Microsoft prohibits corruption of government officials and the payments of bribes or kickbacks of any kind, whether in dealings with public officials or individuals in the private sector.

So, again, since Microsoft prohibits all bribes or kickbacks, even in the private sector, or gifts totaling more than $200 per year under any circumstances, put up or shut up.

You keep trying to weasel out of proving what you said. Prove your claim that Oracle or Microsoft engage in bribes via inappropriate gifts, since both companies have policies against bribes, including gifts. Name ONE instance, since you (falsely) claim to have seen this when you (allegedly) "worked for telcos, banks, and insurance."

Also no logic. Are you a chick?

Riiiight, after all, women are not logical .... and yet, you're the one who keeps looking like an idiot, trying to lie his way out of things. Oh, and now we can add misogynist to the list of your character flaws.

Again trying to avoid proving what you claimed. You're such a liar, and SO easy to prove you're a liar. PROVE that Oracle or Microsoft bribed someone.

Name names, dates, and the type of gift. Both Microsoft and Oracle have policies about that.

Oracle's Code of Ethics and Business Conduct - see page 13 - Gifts

Oracle employees generally may accept unsolicited gifts or other business courtesies from actual or potential customers, suppliers, or other business partners provided they are not of material value and are not given with the purpose of influencing oneâs judgment. It is never appropriate to solicit gifts or other courtesies directly or indirectly. If you are offered a gift or other business courtesy of material value from an individual, firm, or representative of a firm who has or seeks a business relationship with Oracle, you must demonstrate that the gift could not be construed as an attempt by the offering party to secure favorable treatment. You must obtain written approval from the Senior Vice President of your organization and from your Regional Compliance & Ethics Officer before accepting the gift.

As an example, on page 14 they say that if a vendor sends them a gift certificate at their home "because it's the holidays", they have to return it to the vendor along with a note explaining that Oracle's policy forbids it.

Microsoft's Code of Business Conduct

Microsoft prohibits corruption of government officials and the payments of bribes or kickbacks of any kind, whether in dealings with public officials or individuals in the private sector.

So, again, since Microsoft prohibits all bribes or kickbacks, even in the private sector, or gifts totaling more than $200 per year under any circumstances, put up or shut up.

You keep trying to weasel out of proving what you said. Prove your claim that Oracle or Microsoft engage in bribes via inappropriate gifts, since both companies have policies against bribes, including gifts. Name ONE instance, since you (falsely) claim to have seen this when you (allegedly) "worked for telcos, banks, and insurance."

Also no logic. Are you a chick?

Riiiight, after all, women are not logical .... and yet, you're the one who keeps looking like an idiot, trying to lie his way out of things. Oh, and now we can add misogynist to the list of your character flaws.

Excel has a few bugs but for the most part it's very capable.

Care to name some of those bugs? I have not come across a single one!

You can't google Excel bugs???

http://it.slashdot.org/story/07/09/24/2339203/Excel-2007-Multiplication-Bug
http://www.joelonsoftware.com/items/2007/09/26b.html
http://social.technet.microsoft.com/Forums/en-US/excel/thread/f2850183-e8f5-4a3e-a0b1-5a154347f3e9/

>Then they started that horrible OEM recover CD

These were offered to OEMs at discount because it's not a full license.

See "How does a company qualify to become a direct Microsoft OEM? It seems that the larger companies currently have an unfair advantage compared with smaller OEMs." from their Licensing FAQ.

Static share price for the past decade, but:

revenue:
2000: 22.96 billion
2011: 69.94 billion (ms ends their year on 6/30.. so this is 6/30/10 - 6/30/11)

profits:
2000: 9.42 billion
2011: 23.15 billion

Yep.. shareholders are stupid. Not Microsoft's fault they don't want to reward their success.

2000 income announcement
2011 income statement

Reading via word shape has been tested since the 80s: See "The Psychology of Reading" by Taylor & Taylor (1989), or read this: http://www.microsoft.com/typography/ctfonts/wordrecognition.aspx Apparently one part of the brain looks at global word shape, and another starts reading letters from the beginning and end of the word at the same time, and they both collectively converge on a mutually-consistent hypothesis. But word shape reading is faster and often pre-empts the local feature (letter) reading process.

Microsoft, of all places, has a pretty good webpage on this.

Check out the "Model 1: Word Shape" section, in which this theory is described as "oldest model in the psychological literature, and is likely much older than the psychological literature"

There's some other interesting sections there too, like the moving window study.

As it happens, I might know where to find Daleks and Cybermen. But think: has The Doctor taught us nothing? How many times have we seen minor megalomaniacs and rubber-suited monsters attempt to involve more dangerous beings in their conquests only to find themselves hopelessly out of their depth when the chips were down? Remember the Felinian Globulons of Tabulus 3? No? That's because they never made it to Doctor Who -- the Daleks killed them all, then the Cybermen repurposed the bodies. Seriously, you're better off sticking yourself in the Pandorica now, and planting something 10 years in the future to wake you up. By that time, the movie will be a distant memory available only through the TARDIS databank, or IMDB..

Also, IE9 is not an automatically deployed update, you need to select to install it.

Many WSUS setups are in 'auto approve' setup, the big OEMs even setup Windows Update to not only update recommended updates but optional ones too - This is where IE ends up being automatically installed without prompting.

This is so much a problem that Microsoft provides a toolkit to disable it.

However I've lost count as to how many patches have come out for Windows 7 for "a vulnerability in which an unauthorized remote attacker can break into Windows and take control over it." Whether Seeing those notices but without detailed descriptions doesn't exactly give me a "warm and fuzzy feeling" about the OS. And I don't like having to research these vulnerabilities first, before the patches are installed -- that seems backwards. On Debian I can look at the package changelog.gz file that comes with the package (in /usr/share/doc/[package]/changelog.gz) after it's installed and read a description of how the package was changed, and if it was for a vulnerability there's usually also a CVE reference number to read more about vulnerability if I want to.

Open Windows Update, click on "View update history" and you can then check each one and the link to the KB article explaining it. I suppose what you have to remember is that Windows is primarily a desktop OS for end users who won't understand that information anyway, and making it too easy would probably just lead to confusion. I know that sounds condescending but having worked with end users I have come to appreciate just how much hassle that sort of thing generates. And to be fair Debian doesn't exactly put it front and centre either.

This is good information -- thanks. And yes, I agree with you about Debian in this regard -- although it's good that the information is there, it took me several years to find out about it when I finally started looking into the development side of things, and there's a good chance many users of Debian would never find out about it. The Debian Reference and Debian FAQ mention changelog files, but doesn't specifically mention that references to security vulnerabilities are listed in them. Unfortunately you have to read them for yourself to find that out, and most people never look at them.

You can also get a nice monthly summary with a fair bit of detail here: http://technet.microsoft.com/en-us/security/bulletin/ms11-nov

That's not bad, although I'm not likely to look there every month (as I don't use Windows very often) -- but still it's a good resource to know about.

Apologies if I misinterpreted your tone, you seemed pretty reasonable but it just bugs me when people start bringing up problems with Windows XP when we are two generations removed and Microsoft have put it on extended life support. Sure, some people still use it, but few other OS vendors still support decade old releases.

I'm trying to give correct information, but I've been dealing with these issues with Windows since Windows 3, so in my mind "Windows" doesn't just mean Windows 7, and talking about XP still seems fair being that it remains commonly in use. [And while we're on the subject of the new versions of Windows, even discussing these issues might violate the End User License Agreement that these new versions come with. :-/] But I"m also not trying to be "a stick in the mud". ;-)

However I've lost count as to how many patches have come out for Windows 7 for "a vulnerability in which an unauthorized remote attacker can break into Windows and take control over it." Whether Seeing those notices but without detailed descriptions doesn't exactly give me a "warm and fuzzy feeling" about the OS. And I don't like having to research these vulnerabilities first, before the patches are installed -- that seems backwards. On Debian I can look at the package changelog.gz file that comes with the package (in /usr/share/doc/[package]/changelog.gz) after it's installed and read a description of how the package was changed, and if it was for a vulnerability there's usually also a CVE reference number to read more about vulnerability if I want to.

Open Windows Update, click on "View update history" and you can then check each one and the link to the KB article explaining it. I suppose what you have to remember is that Windows is primarily a desktop OS for end users who won't understand that information anyway, and making it too easy would probably just lead to confusion. I know that sounds condescending but having worked with end users I have come to appreciate just how much hassle that sort of thing generates. And to be fair Debian doesn't exactly put it front and centre either.

You can also get a nice monthly summary with a fair bit of detail here: http://technet.microsoft.com/en-us/security/bulletin/ms11-nov

Apologies if I misinterpreted your tone, you seemed pretty reasonable but it just bugs me when people start bringing up problems with Windows XP when we are two generations removed and Microsoft have put it on extended life support. Sure, some people still use it, but few other OS vendors still support decade old releases.

See subject-line above, lol... says it ALL! Plus, even how to patch for Duqu? Even easier -> MicrosoftFixit50792.msi from http://technet.microsoft.com/en-us/security/advisory/2639658

* YES - That stalls it dead, & iirc, it's been PATCHED already as of that "FixIt" tool above, for the most part, & yes, it works...

Then, a FINAL fix is issued on MS Patch Tuesday upcoming as I understand that has not issued like it was supposed to this month last week!

Additionally - Most antivirus tools detect for it, & there's probably even removal tools in them (would have to work like my technique below does though imo @ least, vs. a rootkit using ring 0/rpl 0/kernelmode drivers & rogue bootsectors too)...

PLUS, want to detect for & REMOVE IT, if you have been "hit" by it? EASY & 3-5 minutes of your time, here, courtesy of "yours truly":

http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054

It works... & has in the past for me vs. the allegedly "indestructible rootkit" that used hello_tt.sys a few weeks/months back as well while I did it for a paying customer...

(Especially since these rootkits are both of "blended threat" type tech utilizing both bogus bootsectors & protective drivers, similar design in BOTH? The technique in the link above, JUST WORKS)...

APK

P.S.=> No need to thank me (lol, "pats self on back") either...

This level of "techie work" in this field? Child's Play!

Especially when compared to programming & design of applications, which is what I usually am about professionally...

... apk

C# and Java both have atomic operations in the standard library. See Interlocked.CompareExchange, and java.util.concurrent.atomic for examples.

Multi-threaded programming is particularly easy in those languages, because a lot of their internals are inherently thread-safe. For example, strings are read-only, so they can be passed around risk free. Similarly, mark & sweep garbage collection is thread-safe, and doesn't suffer from the rare but complex to debug memory leaks that occur with reference counting. It's also faster -- there's garbage collectors in common use now in the Java world that significantly outperform malloc. Throw in the overheads of atomic increment/decrement required for thread-safe reference counting in the C/C++ world, and suddenly things can tip towards Java in a big way.

I do C# mostly myself, and I've found that because it makes multi-threading so easy and safe (compared to C/C++), that I use it much more often than I would otherwise. Even if it's a tad slower than C, the ability to liberally sprinkle multi threading throughout the code makes the end result a lot more parallel, and hence overall faster or more responsive.

Take a look at the new await and async keywords about to be added to .NET v4.5. They allow traditional serial code to be converted to a thread-pooled asynchronous version with what amounts to about two dozen additonal characters of code!

Meanwhile, C and C++ have poor support for multi-threading, especially if code needs to be portable. There's basically no threading standard library to speak of, or even a threading aware memory model!

C# and Java both have atomic operations in the standard library. See Interlocked.CompareExchange, and java.util.concurrent.atomic for examples.

Multi-threaded programming is particularly easy in those languages, because a lot of their internals are inherently thread-safe. For example, strings are read-only, so they can be passed around risk free. Similarly, mark & sweep garbage collection is thread-safe, and doesn't suffer from the rare but complex to debug memory leaks that occur with reference counting. It's also faster -- there's garbage collectors in common use now in the Java world that significantly outperform malloc. Throw in the overheads of atomic increment/decrement required for thread-safe reference counting in the C/C++ world, and suddenly things can tip towards Java in a big way.

I do C# mostly myself, and I've found that because it makes multi-threading so easy and safe (compared to C/C++), that I use it much more often than I would otherwise. Even if it's a tad slower than C, the ability to liberally sprinkle multi threading throughout the code makes the end result a lot more parallel, and hence overall faster or more responsive.

Take a look at the new await and async keywords about to be added to .NET v4.5. They allow traditional serial code to be converted to a thread-pooled asynchronous version with what amounts to about two dozen additonal characters of code!

Meanwhile, C and C++ have poor support for multi-threading, especially if code needs to be portable. There's basically no threading standard library to speak of, or even a threading aware memory model!

MicrosoftFixit50792.msi from http://technet.microsoft.com/en-us/security/advisory/2639658

* YES - That stalls it dead, & iirc, it's been PATCHED already as of last Tuesday's "MS Patch Tuesday", every 2nd tuesday of the month...

PLUS, want to detect for & REMOVE IT, if you have been "hit" by it? EASY & 3-5 minutes of your time, here:

http://it.slashdot.org/comments.pl?sid=2523490&cid=38046054

It works... & has in the past for me vs. the allegedly "indestructible rootkit" that used hello_tt.sys a few weeks/months back as well while I did it for a paying customer...

APK

P.S.=> How is it working then, if it is NOT exploiting using macros? Wouldn't matter though - the patch via FIX IT exists, and again - I do believe it's been patched LAST WEEK in fact, per MS "patch tuesday" that just passed & antivirus tools now detect for it as well, etc./et al

... apk

XP SP2 was the first time a (laughable) effort was actually made to enforce some security. With SP2, enforcing security on sensitive API calls meant something trivial like inserting a pop up dialog box to ask the user for confirmation. All you had to do to bypass it was send a button click message to that window's message pump, no user interaction required!

But the problems lie much deeper. For example, CreateFile has a lot of access flags, but it's such a boneheaded system that the only hassle free way to allow more than one process to read/write the same file concurrently is to always open the file with the strongest access rights available. That's because once a file is open, the next process that tries to open it can't override the existing access modes. Crazy, eh?

That's like having a door with a fancy biometric hand sensor but now your friend can't walk through it at the same time as you, because his DNA isn't compatible with yours. So you either walk through the door one person at a time and close it/reopen it halfway through, or the first person to get to the sensor disables the DNA checks so you can both walk through together.

MSDN is full of impressive sounding security systems that programmers do their best to ignore, because they're unusable.

Chief Alchemist to the Court of Gates, perhaps?

Microsoft Research does actually release some stuff for public use from time to time, you know.

Well, Microsoft is doing something like that with 360. And they if someone have the financial muscle, and content providers don't look at them at such a bad light that they do Google.

In fact, there is not any alternative at all if you receive visio files. You can even open them to look at them.

I'm assuming you meant "You can't even open them...", otherwise your post doesn't make sense. Anyway, there is a free viewer to open them and view them. Runs inside IE, which isn't ideal, but works fine. I used to use it all the time.

I upgraded from 10.10 to 11.04, and kept the "Ubuntu Classic" desktop. Pretty much the GNOME 2 desktop + Ubuntu's little touches I've had since... 4.10? Upgraded to 11.10, and now the login UI has changed drastically, and forces me to Unity. At least, until I can figure out how to select a new login session type, then it's back to Ubuntu Classic for me (unless they've flat out taken it from me right under my feet.)

Or maybe one of the other desktop session types I have (had?) installed. KDE? XFCE? LXDE? Maybe I'll feel IRIX-y and go with MaXX. Or the generic GNOME2 session that's not the Ubuntu Classic desktop... oh, the options, if only this new login UI had some obvious drop-down like the old GDM prompt.

Oh, here's one! I could fork Ubuntu and name the fork after my ex, Virginia. Then rip off Microsoft nomenclature and call the login UI "GINA", for "Graphical Login and Authentication". Not to mention that "Gina" is short for "Virginia". Replace "MS" with "VA" - the state initalism for "Virginia" (the state). I'd end up with VAGINA. The "Virginia Linux Graphical Login and Authentication library". Or you could take that in a few other ways... I'll leave that to the reader to figure out :)

There have been MVC frameworks for HTML/Javascript clients for many years. I've create a few HTML LOB application that have DI, unit testing of controllers and Moq'ing of data.

http://msdn.microsoft.com/en-us/library/dd394709.aspx

There is no better satisfaction in deploying a new application version in less than a few minutes at a corporate global enterprise system. The days of loading thousands of client applications are coming to an end.

Silverlight DRM isn't tied to Silverlight; there are implementations of WMDRM & PlayReady (mostly the second specification) across loads of devices including the Roku & various Android phones.

"Microsoft has already extracted per-device royalty agreements for Android products from at least 10 companies, including Samsung, the world's largest smartphone maker, HTC, Compal Electronics (whose customers include Dell, HP and Toshiba), Quanta Computer, Wistron, General Dynamics Itronix, Velocity Micro, Onkyo, Acer, and Viewsonic."

Wow. Those deals are secret, all right. If you want the terms for licensing check here Typical industry terms are 1% of gross profit on the product per patent. I guess there must be at least one moron around here.

1. What exactly is different b/w Windows XP and Windows 7 user interface wise? That Start isn't spelled out in the lower left hand corner? For someone who has been using XP forever, as you say, how difficult is it to figure out that the button on the lower left hand corner is the same? And then users like you complain about 'dumbing down' the interface? The reason you have these DEs for retards like gnome3 and unity is people for whom going from XP to 7 is like Moses' journey to the promised land.
2. Compared to Windows 8, the Vista interface was much better. You had everything you had in XP, you could even use the XP menu if you liked, and you could disable the sidebar if you wanted. The Sidebar was a lot less intrusive than the Metro boxes that fill up the entire screen. Too bad that Vista was such a resource hog, otherwise, user interface wise, it was a major improvement.

Normally the generic form is a source-code tarball

Have fun.

I don't believe Microsoft has any plans to ever sue anyone using Mono, and I absolutely don't believe it's Microsoft's responsibility to make a linux version of .NET. That said, your little link is disingenuous as you are not allowed to use that source code to create Linux packages, or really use it to create any modified version at all. Here are the relevant parts of the license under which that source is released, with additional emphasis placed by me:

The Microsoft Reference Source License (MS-RSL) is the most restrictive of the Microsoft source code licenses. The license prohibits all use of source code other than the viewing of the code for reference purposes...Microsoft commonly uses this license for developer libraries where modification is not required to make use of the source code. In these cases, the importance of transparency is based on the need for developers to more deeply understand the inner workings of the source code...The license limits the source code release to use on the Windows platform only.

The full license text, lest I be accused of taking words out of context, is here.

Normally the generic form is a source-code tarball

Have fun.

I don't believe Microsoft has any plans to ever sue anyone using Mono, and I absolutely don't believe it's Microsoft's responsibility to make a linux version of .NET. That said, your little link is disingenuous as you are not allowed to use that source code to create Linux packages, or really use it to create any modified version at all. Here are the relevant parts of the license under which that source is released, with additional emphasis placed by me:

The Microsoft Reference Source License (MS-RSL) is the most restrictive of the Microsoft source code licenses. The license prohibits all use of source code other than the viewing of the code for reference purposes...Microsoft commonly uses this license for developer libraries where modification is not required to make use of the source code. In these cases, the importance of transparency is based on the need for developers to more deeply understand the inner workings of the source code...The license limits the source code release to use on the Windows platform only.

The full license text, lest I be accused of taking words out of context, is here.

Normally the generic form is a source-code tarball

Have fun.

Sorry but you don't sound knowledgable about this subject you're choosing to speak about.

Well at least I can spend 3 seconds in google.

You might have strong emotional feelings or some kind of faith-based belief

Cute.

The did release a cross-platform (running on FreeBSD) implementation of .NET 1.0... "from the start".

Microsoft has been losing market share over the past decade or so precisely because it was not forward thinking!

I suggest you spend some time at research.microsoft.com

If you disagree, what other explanation do you have?

It is hard to maintain a near monopoly. Earnings per share are up about 5x in the last decade. They ain't doing too bad.

"Deliberately introducing flaws": I don't know where the actual failure in their code was, but truetype rendering is done by a full virtual machine. This isn't an exaggeration. Do chase that link: that machine is not simple, not by any measure. They're firing up an arbitrary user-supplied VM image in the kernel, and yes I say that constitutes a conscious introduction of a security flaw. Nobody could possibly have thought that was safe.

True but obviously irrelevant statements "have no bearing" on the point. You might as well have said the air is cleaner now than it was then because we've had the EPA longer. It's true, but it's got nothing to do with them gratuitously importing an interpreter for an unusual, sophisticated VM into their kernel and then using that interpreter to run arbitrary VM images from userland. I gots a little clue for you: that was never, ever, ever safe, and they knew it. They did it deliberately.

The do.

http://research.microsoft.com/en-us/projects/singularity/

Nothing came of it.

Until about a year or two ago the xbox division was loosing money (a *LOT* of money). They buried in with another division to bury the loss. I owned some their stock for a couple of years. Was bored and read the prospectus. After 4 years of flat growth I dumped them.

TFA also doesn't point out that they already have a workaround that is as simple as clicking a button that says "fix it". No CLI mess, no trying to explain it to Suzy the checkout girl, the CLI is also listed if you want to do that, but for everyone else there is this simple fix it page.

I don't know about everyone else but I'll be testing this on my own system for a few hours and if there are no adverse effects i'll be shooting an email to my users with the link.

The world was a different place in the early days of NT 4

Arguably true... but only for the monolithic win 9x series releases, which aren't relevant to this topic since the NT kernel was developed independently within Microsoft by Dave Cutler from DEC. It was Microsoft's first truly modern operating system. As many comm enters above me have mentioned NT originally did have functions such as font rendering in userspace due to its heavy hardware abstraction. As the pending issues with 9x loomed however MS could read the writing, on the wall; porting 9x to Unicode (it was ANSI throughout, a separate "Layer for Unicode" had to be used to run Unicode programs on 9x machines) as well as supporting newer hardware (AHCI, USB, true Plug and Play) was going to be nearly impossible (the attempt was called Windows ME). So Microsoft began with NT4 to prep for the mass migration from 9x. Since the average consumer at the time didn't want to drop $3k for a workstation that would be able to run the NT model correctly, Microsoft made some compromises to the OS for the sake of speed.

No, it wasn't. NT4 was released in 1996. By that time, many people here on /. had been exploiting bugs like that for 10 or 20 years already. Granted, mostly for fun or to cheat in (single-player) games, but still...

NT4 already had a security architecture. There was a different place available (basically anywhere outside ring0) and it should have been put there, and it definitely should have been obvious to anyone with three grams of brains that stuff like this doesn't belong into ring0.

You however are making the assumption that everybody in Microsoft talks to each other. A most incorrect assumption. The reality is most likely that WinDiv (The division responsible for the OS) made the assumption that fonts would not be loaded from insecure sources, e.g. Word documents. The Office division however faced the problem of what do you do when some user uses a font that is not on another users system? So they made the decision to allow the embedding of fonts into the file format, along with a bunch of other really bad decisions in hindsight (remember the Melissa virus?) that would have been caught if they had had the same security reviews as WinDiv did. To compound the problem, Office used unpublished and most likely unhardened APIs (it probably still does in parts) that allowed it the capabilities to do things like on the fly font loading something that wasn't exposed to the rest of us until Windows 2000 (NT 5.0). My point being that at the time it WAS a safe decision as far as WinDiv was concerned. Should they have been a little more careful with those unpublished APIs... yes they should have, it would have prevented a lot of anti-trust issues, but they weren't. So here we are with yet another security bug.

I manage quite a few ESX clusters with VC and quite a few HyperV clusters with SCVMM and the HyperV console. The total managed is about 50 ESX servers and about 50 HyperV servers (about 15 clusters each). The biggest cluster for each is 8 individual nodes. I find VC 100X easier and quicker to use. Maybe I'm just "used to it" because I've been using it since the old ESX 2.x before it was called Virtual Center but I've been managing Windows clusters since then as well.

The ESX install is a piece of cake compared to ESX. Anyone can install ESX, boot up with the ISO, add some IP and VC info and done. Windows 2008 R2 SP1 Data Center is not that easy. I've done a few clusters on the above with the core version and built scripts and use group policies to automate a lot of it but it still requires at least 30 minutes to 60 minutes per physical node depending on the hardware to get it all going. The ONLY thing HyperV is even remotely close or better on in server virtualization is the initial licensing price. On the virtual desktop side, we run several installations of both VMView and HyperV (and recently testing XenServer) with the later being controlled and managed by Xen. Xen over HyperV or Xenserver is tricky to get going (Xen requires a bunch of supporting servers) but once it is, the end user experience with them is much better than with VMView. It is easier to manage as well.

Shops that have big VMWare server farms and experience managing them might just use VMView because they are familiar with it and it is good enough for most virtual desktop environments. With retrained desktop engineers or cross trained ESX guys, you can get a really good virtual desktop setup with Xen.

Short story, I can see Xen/Xenserver/HyperV taking market share from VMWare in the virtual desktops, those products are not even close to VMWare in server virtualization yet though.

It doesn't mean anything with respect to patents as such. However, Ecma-334 (C#) and Ecma-335 (CLR) are covered by Microsoft community promise, which is basically a patent disclamer for implementers with a "patent MAD" clause:

"Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation, to the extent it conforms to one of the Covered Specifications, and is compliant with all of the required parts of the mandatory provisions of that specification ("Covered Implementation"), subject to the following:

This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain, or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of any Covered Specification, then this personal promise does not apply with respect to any Covered Implementation made or used by you. To clarify, "Microsoft Necessary Claims" are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement the required portions (which also include the required elements of optional portions) of the Covered Specification that are described in detail and not those merely referenced in the Covered Specification."

It doesn't mean anything with respect to patents as such. However, Ecma-334 (C#) and Ecma-335 (CLR) are covered by Microsoft community promise, which is basically a patent disclamer for implementers with a "patent MAD" clause:

"Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation, to the extent it conforms to one of the Covered Specifications, and is compliant with all of the required parts of the mandatory provisions of that specification ("Covered Implementation"), subject to the following:

This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain, or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of any Covered Specification, then this personal promise does not apply with respect to any Covered Implementation made or used by you. To clarify, "Microsoft Necessary Claims" are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement the required portions (which also include the required elements of optional portions) of the Covered Specification that are described in detail and not those merely referenced in the Covered Specification."

Not sure on exactly what you are looking for, but you could possibly use Remote Server Administration Tools for Windows 7.

I use it to manage the Hyper-V server at my company. You can modify or create VMs, as well as connect to them. I haven't had any issues with it not working. Unless I misunderstood what you meant.

The tool package can be found at http://www.microsoft.com/download/en/details.aspx?id=7887

Hyper V is the virtualization software where enabling remote management requires you to either
a) use an unsupported utility to enable remote management: http://archive.msdn.microsoft.com/HVRemote
or
b) Go through a multipage web article: http://blogs.technet.com/b/jhoward/archive/2008/03/28/part-1-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx
or
c) spend way too much time mucking around.

After all that don't be surprised if remote management still doesn't always work, or some little change somewhere could break it.

In contrast, with VMware it mostly just works (I'm not too fond of the recent remote consoles but it's still better than HyperV).

If you've figured out an easy reliable way to get Hyper V remote management to work do let me know. Some people at work are complaining that it stopped working for them.

Depends on which version of Office you are referring to.

Symbolic links aka Junctions were added in Windows XP so it is a decade old at least. What is missing was a good built in tool to use them but that is what Mark Russinovich is for.

Each FS have their merits. I don't really need to have README.TXT, Readme.txt, readme.txt coexist in the same folder at the same time so I prefer that part of FAT32/NTFS anyway.

If I understood you correctly, since Word Macros as VBA (VB for applications scripting), said macros can use the AddressOf method for external lib calling (which allows for callback functions correct address pointer retrieval for data coming out of said methods) -> http://msdn.microsoft.com/en-us/library/aa165194(v=office.10).aspx

"The article says kernel exploit. Many user-land calls are wrappers for kernel-land functions.." - by DeadCatX2 (950953) on Wednesday November 02, @01:05PM (#37922290)

Now, using what you stated - some of which I am NOT SURE what you meant (see next quote below)? You're correct that many Win32 API calls are just "fronts" to Native NtAPI calls (many in NTDLL.DLL in fact). That's where what I wrote above can help (for callback functions).

"If this was some undocumented API call in Word, then the exploited function might not validate inputs very well." - by DeadCatX2 (950953) on Wednesday November 02, @01:05PM (#37922290)

Uhm... MOST of the time, exploits done from MS' compound OLE doc structures (Excel, Word, etc.) use VBA to generate macros (bogus ones too)... so, as far as "validating inputs" (which is easy enough to do in VB for various datatypes filtering, on say/for example, keypress events), & especially from callback methods that go thru the Win32 API and even into the native NtAPI layer API??

The AddressOf method, helps...

APK

P.S.=> This has been true since OfficeXP in fact... but, do you mind being a BIT MORE SPECIFIC on your "validating inputs" portion I quoted above though? apk

Wow, I didn't know that Microsoft was giving out copies of their development system, aka Microsoft Visual C++ (or whatever).

Actually they do:
Visual C++ Express
There are also free editions for c#, vb.net, etc.

Discussing the price of developer tools isn't really a useful argument -- where do you stop? Do you compare prices of the computer? What about electricity and internet access? Office space? Clearly those aren't relevant.

Although your overall point is accurate -- for commercial development, overhead of $99 + 30% is quite reasonable. Like many other posters have said, if that fee is breaking you, you have already failed.

(That being said, as a hobbyist, it bothers me that I have to pay a yearly fee of $100 to run my hobby code on my device)

I'm not talking about GUI at all. http://stackoverflow.com/questions/167414/is-an-atomic-file-rename-with-overwrite-possible-on-windows

That's not just a file-vs-directory issue, it's a rename() vs. MoveFile() issue. If the target exists, rename() attempts to remove it, but MoveFile() fails. That's even true for files. For files, but not directories, MoveFileTransacted() can be told to overwrite the target if it exists (I say "overwrite" because the description of MoveFileTransacted() says "If a file named lpNewFileName exists, the function replaces its contents with the contents of the lpExistingFileName file").

Oh, and if a required attempt by rename() to remove the destination fails, the rename() fails, so the target directory had better be empty if you're moving something in its place. If you're renaming or moving a directory, and the destination doesn't exist, and the source and destination are on the same file system, both rename() and MoveFile() are atomic, even if the directory being moved is non-empty.

In any case, it's not as if this is Not A Problem on UN*X and A Problem on Windows, much less being solely due to MoveFile() not supporting atomic moves of directories within a file system if the target name already exists.

See the VB example here to marshall namespace commands in powershell http://msdn.microsoft.com/en-us/library/microsoft.powershell.commands.filesystemcmdletproviderencoding.aspx

APK

P.S.=> Now "That's what I'm talking about" @ least, & what was said is correct on PowerShell being able to use VB like syntax... apk