Slashdot Mirror

To FOREDECKER (an MS mgr.):

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

(AND, more importantly, since you claim to be a senior development mgr. @ Microsoft, what you plan to do about it (or, if you plan to @ least investigate their claims @ least))

They provide code for "unhooking" (making useless) the firewall(s) designed based from NDIS6... please, look into it, or @ least give us an idea of your intent in regards to this. Thanks.

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because in HOSTS files:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & using hosts thus, speeds you up online as well as a bonus for speed, not only safety (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? ) and, optionally also speeding ones' self up online as well, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!)

AND

b. HOSTS also make you SAFER online, no CPU or RAM + other forms of I/O burning use needed

(As seen in more complicated filter like iptables in Linux for example: Yes, no cpu burned there either, but that's just more complex than editing a text file like HOSTS is)

Nor does it involve communicating with a potentially compromiseable DNS server that uses RAM, CPU, & other I/O.

YOU can easily "Block out" known bad servers using HOSTS files, for security!

(From RELIABLE lists, that are easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy + WIKIPEDIA even)

Doing that, YOU CANNOT BE BURNED by many a malware!

A hosts file is on EVERY SYSTEM THAT USES A TCP/IP stack based on BSD ref. designs (not some fantasy land db that doesn't exist, but, instead in a HOSTS file you have already that is easily edited or downloaded from places like mvps.org or here -> http://en.wikipedia.org/wiki/Hosts_file [wikipedia.org] )

----

I noted this to you MS folks here on THIS site, and same here, on MS' own blogs on "Engineering Windows 7":

Welcome to our blog dedicated to the engineering of Microsoft Windows 7:

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

(Albeit there @ that blog, with a HELL of a LOT more technical detail on the comparison of the 3 part design of the older IP stack defense system (tcpip.sys surrounded by ipfltdrv.sys (gone now in WinVISTA/WinSrv2k8/Windows7), ipsec.sys, & ipnat.sys) & it is NOT AS EASY TO "UNHOOK" as is the "single/dual part only" based "WFP" (windows filtering platform) based firewalls now in VISTA/WindowsServer 2008 & Windows 7, per rootkit.com quoted above no less))

----

At MS' "Engineering Windows Blog" in the URL above? Well - I said pretty much the SAME stuff, & in that latter one? Well... I was "blown off" as was everyone else in the end!

(Hey - We're (guys like myself or others pointing out things we have noted) ONLY TRYING TO HELP MS)

NOW - I actually hope I am wrong, but...

Loads of a smaller HOSTS file, LINE BY LINE smaller, are entirely PROVABLE easily as being faster (in the File Open/Read/Flush-Close i-O cycle usin

"That said, I'd be interested in seeing answers (rather than responses like my own) to these questions." - by Hucko (998827) on Tuesday November 03, @02:16AM (#29960820)

Ok, HERE? We are in UTTER AGREEMENT - I have confronted Microsoft on their "Engineering Windows 7" blog:

----

Welcome to our blog dedicated to the engineering of Microsoft Windows 7:

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

----

(search "APK" there, you will see my posts on this, with FAR MORE TECHNICAL DETAIL and SOURCES from MS themselves no less, comparing the design of the new "WFP" based NDIS6 firewalls + port filtering methods, vs. those in older Windows NT-based OS such as Windows 2000/XP/Server 2003, which used a 3 part system)

AND, I did so there, with the exact points I enumerated above with even MORE DETAIL, because it was @ MS, & about engineering their new OS' no less!

(AND, the link IS in my initial post clearly boldly marked as such no less, as it is above now... & this is why I AM BAFFLED as to why you cannot figure out my sources & where I posted them etc. et al) + a user named FOREDECKER here on /., who claims to be a senior development mgr. @ Microsoft, & then these gents here who claimed to be MS employees as well...

I have REPEATEDLY confronted ALLEGED Microsoft personnel here & on other forums as well (only to get evasions or outright avoidance of my points also., if not "effete down mods" & being flamed/harassed/trolled by others about LAME things like 'writing style')

WELL - to those types, I can only say this:

PRODUCE YOUR PHD IN ENGLISH? I just *might* (might mind you) listen, but even IF they had a PHD in English, it is like resumes - 1 "expert on writing" will say it's fine, another will not (so, so much for writing critics, because beauty &/or readability IS in "the eye of the beholder" (and his brain too)).

Something's up though - because I have gotten NOTHING but evasions on both HOSTS files having 0 removed in HOSTS file as a possible blocking "IP ADDRESS" (when Microsoft in fact, DID put it into place in a Service Pack in Windows 2000, not its original shipping OEM model on CD mind you, & kept it there all the way into VISTA until MS "patch tuesday" on 12/09/2008) AS WELL AS ON ROOTKIT.COM's statements I quoted in my original post, and outline here also below...

http://www.rootkit.com/newsread.php?newsid=952 [rootkit.com]

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

====

"They, if true, are baffling." - by Hucko (998827) on Tuesday November 03, @02:16AM (#29960820)

Oh, they're TRUE alright - AND, quite easily verified as well, no less!

In fact - check for yourself (if you can code, it is EASY to do, by making a larger HOSTS file (relative term) & 1 version using 0 as a blocking "IP Address", another version using the less efficient line by line read 0.0.0.0 as a blocking address, & lastly a version using the least efficient 127.0.0.1 "loopback adapter" std. IP address for blocking out bad website or adbanners etc. et al).

E.G.->

----

Using 127.0.0.1 here, on a HOSTS file I have with 660,000 known bad servers in it?
I get a 22+mb sized HOSTS file

Using 0.0.0.0 here, on the SAME line entries in that HOSTS file I have with 660,000 known bad servers in it, albeit using 0.0.0.0 now instead of 127.0.0.1??
I get am 18+mb sized HOSTS file

Using 0.0.0.0 here, on the SAME line entries in that HOSTS file I have with 660,000 known bad servers in it, albeit using 0.0.0.0 now instead of 127.0.0.1??
I get am 18+mb sized HOSTS file

----

Actually, Win2000 is still under the extended support phase, so Microsoft still provides free security updates, as well as paid support. https://blogs.msdn.com/ie/archive/2005/03/29/403513.aspx

Windows 98 isn't, but from 5 to 11 years goes a long way.

"As a long time MS employee I can say that what the article says is only partially true. Because Ballmer is no businessman either.
He would rather save a dollar than earn 10. He is so focused on reducing costs that he leaves billions in the table to save millions.
His management style could make sense in a company whose main problem is low margins, but when you have >50% operating margins and your only threats come from your competitors being able to outinnovate you (in many cases, simply through investing more, such as in mobile), then focusing on cost is not only absurd, it is irresponsible. If it wasn't his money as well I would claim he's a crook. Since it is, he's just a jerk." - by Anonymous Coward on Saturday October 31, @10:48PM (#29939173)

Ok, that said by you? Couple things I wanted some answers out of MS folks about, which I got NOTHING BUT EVASIONS from them on here:

http://tech.slashdot.org/comments.pl?sid=1417741&threshold=-1&commentsort=0&mode=thread&cid=29934743

(from a user here named "ForeDecker" who claims to be a senior level dev mgr. @ MS - he won't respond either, & here is the "long & short of it" I wrote he)

BOTTOM-LINE, to FOREDECKER (an MS mgr.):

----

1.) TELL US WHY ROOTKIT.COM SAID THIS BELOW (who published code that shows how to EASILY "unhook" the new NDIS6 firewall in VISTA, Windows Server 2008, & Windows 7 no less) & why they said this:

http://www.rootkit.com/newsread.php?newsid=952

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

&

2.) Give us a SOLID answer to why 0 was removed in HOSTS then, because it:

a. 127.0.0.1 or even 0.0.0.0 HOSTS files only, vs. 0 blocking "IP" based ones, only makes for larger slower HOSTS file loads into memory (be that the local DNS client, or diskcache even) & hosts speed you up online (by blocking adbanners which have been shown to harbor malware, or isn't this indicative of that -> Anti-malvertising.com? ) and, by allowing one to hardcode in one's favorites to avoid potentially compromised DNS servers (ala Dan Kaminsky proof thereof!

AND

b. HOSTS also make you SAFER online, no CPU or RAM + other forms of I/O burning use needed (as in more complicated filter like iptables in Linux for example, no cpu burned there, just more complex than editing a text file like HOSTS) or a potential compromiseable DNS server that uses RAM, CPU, & other I/O. Block out known bad servers (easily found from Dancho Danchev of ZDNet, stopbadware.org, or even Spybot Search & Destroy)? YOU CANNOT BE BURNED, & a hosts file is on EVERY SYSTEM THAT USES A TCP/IP stack based on BSD ref. designs (not some fantasy land db that doesn't exist, but, instead in a HOSTS file you have already that is easily edited or downloaded from places like mvps.org or here -> http://en.wikipedia.org/wiki/Hosts_file )

----

and same here, on MS' own blogs on "Engineering Windows 7":

Welcome to our blog dedicated to the engineering of Microsoft Windows 7:

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

----

Where I said pretty much the SAME stuff, & in that latter one? Well... I was "blown off" as was everyone else in the end!

(Hey - we're ONLY TRYING TO HELP MS, & I actually hope I am wrong, but loads of a smaller HOSTS file, line by line smaller, are entirely PROVABLE easily, via anyone that can code that is

Well I dunno about that. Both DCL and the Dos batch file environment seem to be laughably crippled to me compared to a typical Unix shell enviroment.

Windows has made a few changes batch files though - you can write a which.bat file that searches you path for the first match. Useful if you have several compilers for different platforms and several copies of make and want to make sure the right ones are being run.

http://blogs.msdn.com/oldnewthing/archive/2005/01/20/357225.aspx

@for %%e in (%PATHEXT%) do @for %%i in (%1%%e) do @if NOT "%%~$PATH:i"=="" echo %%~$PATH:i

Of course it is still primitive.

Mind you in Windows 7 you apparently get the PowerShell and it will be backported to XP and Vista.

http://en.wikipedia.org/wiki/Windows_PowerShell

Still batch files have a killer advantage that if you can express what you want to do in one, you know it will run without the user needing to install Perl or Powershell. If you want to solve a problem like which.bat solves on someone else's machine, that's actually quite useful.

Note that the title of TFS is "Microsoft Opening Outlook's PST Format", not "Microsoft Opened Outlook's PST Format".
The primary source says that " documentation is still in its early stages and work is ongoing".

Win7 has a fair number of new features, but let me ask you a question,

What is more important: Coding shiny new Gee Wiz features or making dramatic improvements to the underlying engineering of a system? Which would you rather support, mounds of eye candy or a thousand small improvements that make a system more responsive and more stable?

If you read the Engineering Windows 7 blog you can read out about dozens of changes that have gone into Windows 7 from the kernel on up. Some of them are directly noticable by end users, but a lot of other ones are not so immediately visible.

For example, I have a USB gaming headset. I plug it into the front USB port on my machine and I have good quality headphones + mic. In XP and Vista I had to exit out of whatever apps I was using and restart them to switch them over to the USB headset. Win7 can switch apps over between audio end points and inputs (basically sound cards) dynamically.

It is awesome, it is cool, but it sure isn't gee wiz shiny. Still though, it is something I appreciate, much more so then I likely would appreciate new eye candy.

What I am trying to say here is, just because Win7 doesn't have brand new seizure inducing GFX doesn't mean nothing has changed. It just means the changes are more subtle, and more focused on the overall under the covers quality of the OS.

Microsoft's "Engineering 7" blog has several telemetrics examples from Windows 7 vs. Vista.

This site has long ceased being a news-for-nerds site and is now a bash-MS-and-promote-alternatives-at-whatever-cost site. And the cycle feeds itself, with people here depending only on news and (highly moderated) comments here for their technology news and then spewing the same (wishful thinking) thing over and over again while getting modded up. The whole Vista DRM half truth comes to mind.

And this is a good series of videos to get indepth into design decisions etc. made behind Windows. http://channel9.msdn.com/shows/Going+Deep/

Why would Microsoft implement GCD when they already have ConcRT which appears to be a better (more scalable) implementation of the same functionality?

And while the NT 3.1 TCP stack was based on the BSD TCP stack, that TCP stack was replaced in Win95/NT4.

Though it has been exhaustively stated already, it bears repeating...so I'll repeat it: the .NET plugin or extension (whatever it is) does not allow users to disable or uninstall it via normal interfaces.

False. You could always disable it (by clicking the "Disable" button in Firefox Extension Manager, as usual). You couldn't uninstall it in the first version of the plugin, but that had been fixed a while ago by a patch (to the plugin).

Do you have a link for that? I'd be very interested to show more flaws in the design of .NET.

I know Chris Brumme's excellent weblog about the CLR has quite a few interesting things to say, and even more if you read between the lines in places, you know he wants to say "we screwed this up big time" and he does say that occasionally. With hindsight, they did make some technical mistakes - throwing objects instead of just exceptions, allowing .Net apps to run in IIS at all, thinking GC would remove the need for reference counting, and several marketing mistakes - telling everyone exceptions were very inexpensive (I recall one particularly misinformed MS drone telling me exceptions were free because it was all handled by the CLR... d'oh)(read the blog)

If ever there was an example of keeping it simple, .NET is it - as an example of what not to do. Hats off to Chris who I think is very intelligent and talented, but the scope and spec of what they asked of him was too awkward to make a perfect job of.

Do you have a link for that? I'd be very interested to show more flaws in the design of .NET.

I know Chris Brumme's excellent weblog about the CLR has quite a few interesting things to say, and even more if you read between the lines in places, you know he wants to say "we screwed this up big time" and he does say that occasionally. With hindsight, they did make some technical mistakes - throwing objects instead of just exceptions, allowing .Net apps to run in IIS at all, thinking GC would remove the need for reference counting, and several marketing mistakes - telling everyone exceptions were very inexpensive (I recall one particularly misinformed MS drone telling me exceptions were free because it was all handled by the CLR... d'oh)(read the blog)

If ever there was an example of keeping it simple, .NET is it - as an example of what not to do. Hats off to Chris who I think is very intelligent and talented, but the scope and spec of what they asked of him was too awkward to make a perfect job of.

Do you have a link for that? I'd be very interested to show more flaws in the design of .NET.

I know Chris Brumme's excellent weblog about the CLR has quite a few interesting things to say, and even more if you read between the lines in places, you know he wants to say "we screwed this up big time" and he does say that occasionally. With hindsight, they did make some technical mistakes - throwing objects instead of just exceptions, allowing .Net apps to run in IIS at all, thinking GC would remove the need for reference counting, and several marketing mistakes - telling everyone exceptions were very inexpensive (I recall one particularly misinformed MS drone telling me exceptions were free because it was all handled by the CLR... d'oh)(read the blog)

If ever there was an example of keeping it simple, .NET is it - as an example of what not to do. Hats off to Chris who I think is very intelligent and talented, but the scope and spec of what they asked of him was too awkward to make a perfect job of.

Apparently: http://channel9.msdn.com/shows/Going+Deep/Mark-Russinovich-Inside-Windows-7/

Nah. Slashes are fine, but Microsoft should be sorry about backslashes!

You can thank IBM for that one (be sure to read Hans Spiller's comment to that blog post, too).

If anything, Microsoft tried to fight that decision back by supporting "/" for path separator as well (which lives to this day in Windows), and by providing the secret SWITCHAR option in config.sys that let you disable the use of "/" in command line switches for applications, so that "foo /bar" would unambiguously refer to directory "\bar", and not to switch "-bar". You can thank IBM for taking that feature out as well:

Much effort was made to keep the fact that SWITCHAR was in shipping systems a secret because it was suspected that when IBM found out they would make us take it out. This suspicion was proven correct. It took them almost 5 years to find it though, and none of the original DOS crew was still working on it.

Nah. Slashes are fine, but Microsoft should be sorry about backslashes!

You can thank IBM for that one (be sure to read Hans Spiller's comment to that blog post, too).

If anything, Microsoft tried to fight that decision back by supporting "/" for path separator as well (which lives to this day in Windows), and by providing the secret SWITCHAR option in config.sys that let you disable the use of "/" in command line switches for applications, so that "foo /bar" would unambiguously refer to directory "\bar", and not to switch "-bar". You can thank IBM for taking that feature out as well:

Much effort was made to keep the fact that SWITCHAR was in shipping systems a secret because it was suspected that when IBM found out they would make us take it out. This suspicion was proven correct. It took them almost 5 years to find it though, and none of the original DOS crew was still working on it.

Agreed, given Microsoft's backwards compatibility constraints. However, Microsoft made a terrible error: Microsoft opened a gaping hole in the UAC security model by --- wait for it --- not protecting the UAC-enabled switch with UAC.

This is both irrelevant and outdated. Here's why:

Irrelevant: this is only for Windows 7 beta - Vista didn't have the slider at all, just an on/off switch, and changing it required an UAC confirmation.

Outdated: after all the negative feedback in beta, this behavior was changed for release to always require an UAC confirmation for any UAC level change, regardless of the current level.

pthreads-win32 is excellent, but regrettably, LGPL licensed. It's interesting to note how complex it has to be to give you POSIX semantics --- pre-Vista win32 threading primitives are fundamentally flawed.

Vista, on the other hand, gives us brand-new innovative 21st-century Microsoft technologies like condition variables.

The situation with FILE_SHARE_DELETE is a little different than in Unix/Linux. If a process deletes a FILE_SHARE_DELETE file, the file is marked for deletion once the last handle to it is closed. However, its entry still exists in the file system, unlike in Unix. Another process could open the FILE_SHARE_DELETE file after a different process had deleted it, and if any of the processes clear the "delete on closing" flag, the file will not be deleted. Note that in order for the file to be used in this way, all processes involved must open it with the FILE_SHARE_DELETE flag. Citation.

- T

This is part correct, part wrong, and part outdated. In particular, branching by itself never blocked inlining, though complexity that results out of it may. Loops (i.e. any branching instruction that is potentially iterative - as there's no if/else or do/while/for on IL level) are not inlined. The detailed list is here, but note that this is pre-SP1.

JIT inliner was made more aggressive in 3.5 SP1, and will, in particular, inline methods with struct parameters.

Shouldn't Palm at least be checking to see if the apps are malware?

'cause Apple's application inspection regime has worked well to prevent malware, right?

If your platform security relies on code inspection to catch malware, you're setting yourself up for epic fail.

Is that functionality malware? From post #29585841,

I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:

- http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp Blackberry

- http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx Windows Mobile

- http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html [nokia.com] Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)

- http://developer.android.com/reference/android/telephony/TelephonyManager.html Android (requires permissions be granted to the app)

So it's malware on the iPhone, when it's a supported API on a number of other platforms, except Symbian.

OTOH, this is good for Palm - we'll soon be inundated with Norton Antivirus for WebOS, McAfee Antivirus for WebOS, etc. Just like Symbian and I believe WinMo have. After all, we can't have another Liberty virus that afflicted PalmOS devices. (This was named after the Liberty Game Boy Emulator for PalmOS).

And I suppose, good for developers of fart apps, flashlight apps, and other spam apps. Last one was particularly interesting. Helps the Pre's app numbers, though.

I agree that updates to IDE & toolchain that introduce new dependencies for binaries produced by that toolchain shouldn't be silent. On the other hand, installing the application on a clean system (for every OS you support, and counting each major Windows version separately) and checking if it runs is one of the most basic tests that every new build of the product should go through. It's trivial to automate, too (if the installer is written properly and allows for silent installation) so there's no excuse not to do it even if you're a 1-man team.

Good news: in Visual C++ 2010, CRT will no longer use SxS (instead they'll do the same thing Win32 guys are doing and guarantee back-compat with updates, and change the filename if they cannot do that).

Microsoft takes backwards compatibility very seriously.

Yes, Microsoft takes backwards compatibility and pushes it to the level of ridiculous idiocy when they patch the OS and keep the old bugs in order to get some ancient application to run on the newest version of Windows. Because you can't really expect your customers to upgrade their apps, or the incompetent third-party programmers to get their act together, right? Don't believe me? Just read The Old New Thing blog by Raymond Chen.

Everyone (even Windows programmers) should read Ulrich Drepper's piece on how to write shared libraries. (Warning: PDF.) (Likewise, even free software developers should read Raymond Chen's blog.)

What I'm saying is that without a way to accurately import/export files in AutoCAD's DWG format, getting 99.99999% of AutoCAD users to jump ship at all will likely be an exercise in futility. After all, what is "needed" by one engineer as a dealbreaker is never used by another. If Microsoft had a rough time getting a double-digit percentage of MS Word features that EVERY tester used (citation: http://blogs.msdn.com/jensenh/archive/2008/03/12/the-story-of-the-ribbon.aspx), I assure you that if AutoCAD could point out more than 2% of features that every engineer used, I'd be shocked, because there are so many different engineering fields that use AutoCAD on a daily basis. It's used everywhere from designing microcircuits to entire factories, and everything in between.

I don't know if you've ever seen the full-blown AutoCAD suite at work, but it's complicated. It's written for engineers, by engineers. The "Preferences" dialog is one of the largest, most extensive prefs dialog I've ever used. Think every option from every prefs box in every Adobe app put together, and you've got a basic idea. A 2D scale drawing is fairly straightforward and would probably translate to SuperDuperOpenCADzilla fairly well. I don't know the program well enough to give an example of a complicated drawing, but I know that the program can do 3D modeling and rendering, raytracing, and installs SQL Server Express as part of the installation process. While the Wikipedia article states that the DWG file format is a de facto standard for CAD drawings (and they do offer a free viewer which can display DWG files), I'm pretty certain that a program that is fully capable of the same things that AutoCAD is capable of, and able to perfectly import and export AutoCAD documents, and do so at a lower price (not an acorn's chance in a squirrel saloon it could be GPL'd), without activation, and only a minimal learning curve would become the new standard for CAD within a year, at which point we'd see a Slashdot heading to the extent of "Autodesk back in court suing SuperDuperOpenCADzilla out of existence". It'd be Psystar all over again.

In summary, there likely is a market for it, and the more crap that Autodesk charges to get away with (along with a 1/(x>0) graph of must-have features each annual release), there will be less and less incentive for customers to buy their product. Soon enough they'll be running solely on momentum, but as long as there's enough money in the bank to make it a suicide run to release a feature-complete AutoCAD alternative that can properly read and write DWG files, I unfortunately don't see it happening.

Run as a limited user, locked down. You'd be surprised how safe you'll be.

I'm glad it's not me who posted this. I'm a broken record to all my Windows-using friends (which basically means all my friends), telling them how easy it is to set up a stable Windows install. Limited User Accounts on XP have been keeping me virus-free for nearly three years, now. No third-party AV, no third-party firewalls.

InB4 "but how can you tell you're not infected ?". I'm a Windows developer and have been for 15 years. I know how to discover suspicious activity. AV products offer little protection against zero-day exploits and can give you a false sense of security.

I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:

- http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp Blackberry

- http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx Windows Mobile

- http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)

- http://developer.android.com/reference/android/telephony/TelephonyManager.html Android (requires permissions be granted to the app)

I'll admit Sharepoint is a success when it works with browsers other than IE.

It does, partially. To get the full experience, IE and ActiveX are required. But FF, Safari, etc all work on a basic level.
Apparently, SharePoint 2010 will support FF natively
"A standards based browser such as Internet Explorer 7, Internet Explorer 8 or Firefox 3.x will be required to author content."

This used to be a major problem on Windows - i.e., in the early days of USB (be it XP, Win2K, or WinMe or 98SE) plugging a device (such as a printer) into a different port would force it to be redetected, search for and install a driver, etc. then you'd end up with multiple devices installed. It was downright brain-dead in how it handled USB, whereas on Mac OS and OS X It Just Worked(TM), and when Linux gained USB functionality, there It Just Worked(TM).

Using the devices unique serial number is a good idea, but not every usb device has a unique number.

Some manufacturers managed to make batches of devices that all have the same serial number.

See Raymond Chen's Blog post on USB from 2004 for details of how usb devices are enumerated by Windows.

I had horrible problems trying to get inherit to work in IE before I googled it and found out that it was impossible. This and http://blogs.msdn.com/cwilso/archive/2006/08/10/694584.aspx have left me in rather an unbalanced position when it comes to IE.

It's been proven there are next to difference between how different layouts affect your typing.

Possible responses:

1. [Trivial] What?

2. [Condescending] Try typing that again.

3. [Pedantic] [Citation needed.]

4. [Professional] It's been shown that the differences are trivial among those first learning to touch-type. Move an experienced, 60 wpm QWERTY typist to another layout, though, and watch him suffer. I've been reading Jensen Harris' blog on the ribbon UI and, frankly, I don't believe a word of his claims that the ribbon is easier to use. His data is based on self-selected users sending data on their real-world activities, plus focus groups, but doesn't include critical factors like:
      (a) using the ribbon, do users not just press buttons but complete their work faster using the ribbon?
      (b) what is the time delay before a function is invoked (indicative of how hard it was to find)?
      (c) how often was a function invoked in error?
      (d) how do these factors vary with user experience with earlier versions of the tool -- keeping in mind that nearly all users of the tool will not be naive users, but experienced users that will have to be re-trained in its use?

It's clear from his blog that the ribbon was invented due to the increasing number of functions placed in MS apps, like Word, and their belief that the menu system was suffering from overload. Jensen also notes that the great majority of these functions are very rarely invoked (in about equal amounts of rarely), yet dismisses accusations that their software has become "bloatware". This leads into something I have long suspected, which is that the MS application business model (of making increasingly sophisticated versions of the basic apps) is unsustainable. I mean, look to the future -- at this rate of increase, Word 2020 will have 500 functions. This is needed in a word processor? A point has to be (or maybe already has been) reached at which one needs separate programs for a floor wax and a dessert topping.

As I said, I'm just not buying it.

disclaimer: I use a Mac, I've never used the Ribbon UI, and I'm an HCI professor. These two facts make me competent to talk about it.

In short: Microsoft (which I do not support usually) people has done a lot of work usability-wise (see the end of this msg): no it's not eye-candy.

It's ok for some people used to the old interface to complain: they have to learn new ways of interacting, it's costly, but the designer's bet is that it will pay off in terms of efficiency at the end. ALL interfaces need users to learn before (hopefully) becoming efficient. Changing for changing will only oblige users to forget what they've learnt. But changing for more efficiency is valuable, and that's what Ribbon designers claimed they have done, and it seems the processus they have used to design the thing is good. I think you can't blame them for that.

A link about the story of the Ribbon: http://blogs.msdn.com/jensenh/archive/2008/03/12/the-story-of-the-ribbon.aspx

In summary:

word 1: 50- menu items Word 2003: 250+ (not counting toolbars, small property windows etc)
something has to be done
design took five years

Designers have:
Visited people at their workplace
Visited people in their home
Invited people into our labs for freeform working and discussion
amassed over 10,000 hours of video of people using Office, Over 3 billion data sessions collected from Office users ~2 million sessions per day
Over the last 90 days, theyâ(TM)ve tracked 352 million command bar clicks in Word
tracked nearly 6000 individual data points

Analysis:
Which commands do people use most?
How are commands commonly sequenced together?
Which commands are accessed via toolbar, mouse, keyboard?
Where do people fail to find functionality theyâ(TM)re asking for(in newsgroups, support calls,etc.)?

They also iterate a lot to find new solutions, and they evaluate the solutions until they were satisfying.

Here is the reference you are talking about: http://blogs.msdn.com/jensenh/archive/2008/03/12/the-story-of-the-ribbon.aspx I doubt anyone who have watched this would say ribbon is unintuitive eyecandy.

Good thing that the ribbon takes up the exact same amount of space as the old toolbars and menu did, then: http://blogs.msdn.com/jensenh/archive/2006/04/17/577485.aspx

The document viewing area by default in Word 97 and Word 2007 is literally the exact same, except 2007 actually gives you slightly more space horizontally. PowerPoint is the exact same. The only significat difference is that you do lose a row with Excel, but as someone who works with Excel on a daily basis, I'd gladly take the ribbon over the menu any day. Additionally, you can collapse the ribbon (double-click a tab or hit Ctrl+F1) to save space. I'd guess this would save at least as much space as collapsing the old two-row Word toolbar into one, if not more.

Space, my friend, is not an issue. (Not to mention that Mozilla isn't really going to the "ribbon," anyway, but that's another story.)

Watch it. This was created to solve real, serious usability problems. If you donâ(TM)t like it, provide your own solutions. Lists of hierarchical menus is not a good solution.

That said, the title of this story is completely misleading. If you read the quote, the idea is not to use the Ribbon in Firefox, but to use something less menu-driven, similar to the Ribbon.

The link you are probably looking for is this one:

http://blogs.msdn.com/jensenh/archive/2006/11/10/the-office-2007-ui-bible.aspx

It's a link to Jensen Harris's Office 2007 blog, where he collects all the articles he wrote about the Office 2007 UI (the "ribbon"), explains WHY it is the way it is, provides (IMHO) rather insightful comparisons against the old menu & toolbar paradigm, and generally does a good job of explaining why they chose the ribbon over the "status quo" of toolbars and menus.

That said, a ribbon-based UI is not always the answer - like toolbars and menus, it can be abused by people who don't think UI design through carefully enough, but it is a clever and intuitive answer to "option overload."

Good to know, but sql 2005 has an advantage over sql 2000 in that it's actually supported. These things are important when running production systems.

Geez, do you even read? Not only is SQL Server 2000 still supported, but its predecessor, SQL Server 7, is still supported.

http://blogs.msdn.com/sqlreleaseservices/archive/2008/02/15/end-of-mainstream-support-for-sql-server-2005-sp1-and-sql-server-2000-sp4.aspx

At my work the sysadmin refuses to upgrade from SQL Server 2000 Standard Edition (which had its support discontinued several years ago

Not true. You can still get tech support for SQL Server 2000:

http://blogs.msdn.com/sqlreleaseservices/archive/2008/02/15/end-of-mainstream-support-for-sql-server-2005-sp1-and-sql-server-2000-sp4.aspx

In fact, extended support for the previous version, SQL Server 7, ends 2010-12-31.

(some businesses really, really, really don't want to change SQL server versions)

though he still hasn't installed the latest service pack from 2004 or so),

Ok, that is pretty dumb.

despite the fact that we have a budget (and need) for a high end clustered system with a nice pretty SAN.

You can cluster with SQL 2000. And even without a cluster, it will run nicely on a SAN.

The execs are now pushing it because we're getting deadlocks constantly, but the admin insists that if everyone would stop using the database to do anything, we'd be fine, and refuses to upgrade.

Deadlocks can sometimes be avoided by adjusting your SQL code.

Frankly, the best reason to upgrade from SQL 2000 is native 64-bit versions, which lets you use LARGE amounts of memory for your DB. Not to mention DB mirroring.

Because it was tried. And it was discovered that users don't read.

Well an ARM netbook would be good for Linux. The problems is the vast majority of the market is x86/x64 Windows. Even if Windows were ported, the application will not be. And frankly even if they were they'd probably run slower on a 2Ghz ARM than they would on an 2Ghz Atom.

Now ARM based phones are a great idea. I've got a Windows Mobile phone and there are loads of applications for it and performance is fine. However applications for Windows Mobile are much, much less bloated than for desktop Windows. From what I've seen desktop Linux applications have suffered the same bloating over the years. E.g. Firefox is not quick on an Atom and will be worse on an ARM.

Actually I don't really care about battery life - all my machines are laptops but I always use them plugged in. Basically I don't really buy power consumption as something which will drive a switch away from x86. Even if it started to happen, Intel could just work a bit harder on power consumption - in most Atom machines the chipset uses more power than the processor. Actually I'm not even sure if x86 is more power consuming than ARM and even if it is the power consumption of a laptop is mostly things like the display and storage. Those will consume the same power regardless of CPU architecture.

E.g. if you look at the pie chart in the Base Hardware Platform section here -

http://blogs.msdn.com/e7/archive/2009/01/06/windows-7-energy-efficiency.aspx

The CPU is only consuming about 9% of the total average power.

If you mean an App Store SDK, not sure what that is, but I'd bet MS will host 3rd-party apps soon.

If you mean a development SDK, they've already released one:

http://blogs.msdn.com/xna/archive/2009/09/15/xna-game-studio-3-1-zune-extensions.aspx

Look for SDK support for NVidia graphics soon.

I agree with this guy, Zune game programming could be a great educational platform:

http://blogs.msdn.com/alfredth/archive/2009/09/16/zune-hd-as-a-programming-teaching-platform.aspx.

If you teach kids to write Zune games, you're teaching them how to write xbox and windows games too.

If you mean an App Store SDK, not sure what that is, but I'd bet MS will host 3rd-party apps soon.

If you mean a development SDK, they've already released one:

http://blogs.msdn.com/xna/archive/2009/09/15/xna-game-studio-3-1-zune-extensions.aspx

Look for SDK support for NVidia graphics soon.

I agree with this guy, Zune game programming could be a great educational platform:

http://blogs.msdn.com/alfredth/archive/2009/09/16/zune-hd-as-a-programming-teaching-platform.aspx.

If you teach kids to write Zune games, you're teaching them how to write xbox and windows games too.

By "not opening up software development" do you mean "they updated XNA to support the Zune HD"? http://blogs.msdn.com/xna/archive/2009/09/15/xna-game-studio-3-1-zune-extensions.aspx

There was a video showing the features of Excel Web App, Powerpoint Web App, and Word Web App here on channel 9: http://channel9.msdn.com/posts/dtzar/Office-Live-Applications-First-Look/ They look a little slow and not as responsive as Google Docs, but they do have more feature. Interesting to see the final product.

Even if you use contemporary hardware. I fired up an old Win95 box a few months ago [...]

You have to use contemporary hardware. Win95 fails to boot if you have more than about 480MB, apparently.

You can blame Larry Osterman for that one.

Legit users, of course, don't have to worry because Windows will never stop working for them (there are some exceptions, but those are typically solved quickly)

I bet you also believe that 'if you have nothing to hide, you have nothing to fear', right?

I don't give a flying monkey crap about Microsoft's profits; I care about my software randomly not working because some crappy 'validation' software decides that I'm a criminal. More than that, I care about the whole concept of being treated as a criminal until proven innocent by a company that I've paid money to for the product I'm using.

You may be happy to bend over for big corporate profits, but I'm increasingly fed up with this crap -- not just from Microsoft but from other companies who decide to prevent software I've purchased from running until I beg them to fix their god-damn piece of crap 'validation'/'activation'/DRM bullshit -- to the extent that I'm now doing my best to completely eliminate Windows and commercial software which contains this kind of shit from my home.

• Windows product key
• PC manufacturer
• Operating System version
• PID/SID
• BIOS information (make, version, date)
• BIOS MD5 Checksum
• User locale (language setting for displaying Windows)
• System locale (language version of the operating system)
• Office product key (if validating Office)
• Hard drive serial number

It may be a tad bit disturbing to have all that information being broadcast, but some of it makes sense. Windows Activation is tied to a computer and its hardware, and what WGA is supposed to do is verify that the activation is legit, they'd (presumably) need to broadcast the same information to the WGA servers to verify that activation (since we all know activation can be faked/bypassed).

Microsoft also needs to create a disincentive for people who pirate their software. WGA, besides nagging the user that they have an illegal copy, also prevents optional and recommended updates from being installed, prevents Office users from downloading templates, and prevents the download of certain products/services that would be free to paying customers.

So why is "phoning home" okay? Why not do it once and be done with it? Every day crackers find ways to get around Windows' copy protection. As a developer, Microsoft needs to stay ahead of that and tailor their systems to counter-act innovation on the crackers' part. The opposite is also true: falsely-flagged copies need to be unflagged, or customers will suffer due to them being marked as a false positive. Either way, Microsoft has not kept this a secret, and even promised to reduce checking to once every two weeks (and that was way back in 2006).

I know a lot (probably most) of you guys on here will disagree with me, but I see this as a necessary evil that Microsoft has to perform, and if I were in their shoes, I'd go about it similarly (perhaps be a bit less intrusive). The fact of the matter is, WGA only negatively affects people who either pirated software, or were the victims of software piracy. The privacy argument, in my opinion, is a strawman. If you buy a PC from Dell, it's most likely they already have all that information (save for BIOS MD5 checksum, probably) linked to your customer account. If you buy a PC from Best Buy with a credit card, that purchase information is already linked with the product serial number, which is probably linked with all the serial numbers of the hardware that went into the thing. I don't see how this can be any different than that, other than the fact that Microsoft has it instead of Dell or Best Buy.

Orly? You DO know that the it was called the "system tray" up until Windows XP, don't you? It was even instantiated by a process called systray.exe. Even MSDN is littered with its own references to it being the "system tray", like here.

Raymond Chen says:

Why do some people call the taskbar the "tray"? Short answer: Because they're wrong.

And so are you.

Then there is this shiny bit:

  The common response is to use the notification area (often incorrectly called the "system tray") to provide ready access to these running-but-windowless applications.

Orly? You DO know that the it was called the "system tray" up until Windows XP, don't you? It was even instantiated by a process called systray.exe. Even MSDN is littered with its own references to it being the "system tray", like here.

That's wrong.