Slashdot Mirror

http://slashdot.org/comments.pl?sid=1147437&cid=27056793 , that's where "The End of Days" admits to using multiple accounts to post here so he can "mod himself up" & create illusory supporters with that are registered accounts users to further "support himself" (& then to use AC posts on top of that as he has done here now & thru other threads this & last week)... for starters.

See here to others reading (this went to the mods here as well, and also on other websites where "The End of Days" has begun following me to as well):

http://slashdot.org/comments.pl?sid=1154933&threshold=-1&commentsort=0&mode=thread&pid=27137671

Where "The End of Days" here was caught admitting first (in the 2nd URL) to having multiple registered accounts here (to mod himself up no doubt & to make it appear as if he has supporters of his posts, you know the type: Online losers basically that think they're "smart" until they get caught & have to admit it as he has)

Personally @ this point?

I am NO psychiatrist, but, I think this guy "The End of Days" is seriously "unhinged" mentally!

He is buying his own trouble is all I can say, especially in he undoubtedly doing so more on another website where he has resorted to attempting to impersonate ME there:

http://dis.4chan.org/read/prog/1235936964/81-

AND, where others there, who are legitimate registered users, are "shooting him down", as I have seen others here do all week long & longer based on his post history (which he tried to hide, but is finding it is nigh impossible to do with a registered account, which makes him TRACKABLE as all get out, & it is the WHY of why I don't do a registered account here, so nutjobs like he cannot track me all to high hell here easily)

TO THE SLASHDOT MODERATORS/ADMINS/OWNERS:

Going to be submitting this your way, as I have to the folks @ 4chan.org, & also to their hosting provider, to nail this seriously brain-damaged idiot hopefully, AND, to hopefully teach he a lesson he really does apparently NEED to have taught he.

Unfortunate, but, 'bad children need discipline' I suppose for lack of a better expression.

(He is probably flipping IP's, not a big trick as we all know, or using anonymous proxies or TOR onion routers, but I think his 'registered account' may help you in ridding your forums of a SERIOUS pest)

APK

P.S.=> All the result of my tracking him here after he has harassed myself here on this site starting here ->

http://tech.slashdot.org/comments.pl?sid=1143349&threshold=-1&commentsort=0&mode=thread&pid=27012231

Where, there in a post I made that's been modded up as +2 interesting & also over @ Microsoft where myself & a few others are confronting Microsoft on it here ->

http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx?CommentPosted=true#commentmessage

Where MS are ASKING people for improvements they'd like to see in Windows 7, as well as on WHAT technical grounds (valid ones)... apk

"Why would I click on 'Start' to shut down?"

Because Microsoft actually carries out and pays attention to usability tests, and the usability tests said that's what people did to turn off their computer.

As a bonus, you can easily add web filtering and block things like Slashdot at work.

Actually, browsing Slashdot, The Old New Thing, lwn.net and so on has made me more productive overall. Preventing users from accessing "time wasters" is a losing strategy: not only is the blocking technically futile, but by treating employees like children, you kill morale. Instead of micromanaging their days, treat employees like responsible adults and evaluate them based on their work and its results.

If you've got firebug enabled, it tends to chew through memory more rapidly. Most of the memory issues are due to circular references between the DOM and javascript on Web 2.0y sites that do a lot of DOM manipulation: http://blog.grimpoteuthis.org/2005/01/dhtml-leaks-like-sieve.html

As far as I know, IE8 is the first browser to actually fix this problem, which is awesome: http://blogs.msdn.com/ben_anderson/archive/2009/02/25/circular-references-no-more.aspx

Actually calls for his firing have already started. When you see that The Win7 hype is just that, and when it comes to enterprise, which is where the big bucks are and where MSFT has always made boatloads of cash, that Win7 doesn't cut it anymore than Vista, I can't say that I blame them.

We have seen that under his watch he has gone from one idea to another like the whole company has ADHD, with Zune(trying to be Apple), trying to shell out WAY too much money for Yahoo(trying to be Google) and finally his very own Spruce Goose Vista, which even MSFT board members couldn't get to work with programs written by MSFT. His tenure has frankly been nothing but one failure after another, and mark my words, when Win7 comes out it will be just as bloated and slow and sell just as badly as Vista.

What the company desperately needs is a new leader that will focus on their core strengths instead of trying to be Apple. Their big money comes from corporations NOT home users who frankly as long as it doesn't crash and runs their games are happy little campers anyway. Yet instead of releasing a low resource backwards compatible enterprise OS it looks like with Win7 they are AGAIN releasing this giant bloated pig of a multimedia OS with more bling per square inch than something off of "pimp my ride". There is a REASON why you find lots of articles including on MSDN giving step by step instructions on turning Win2K8 into a workstation OS. Because WinVista is too damned bloated to be a good enterprise OS and frankly Win7 will most likely be more of the same.

They had better change their direction, starting with a good firing for Ballmer and the bringing in of someone from Office or Win2K8 that knows business. Because I have never seen this kind of mass abandonment of a MSFT OS ever, even when WinME came out. My customers happily pay me chunks of money to make Vista go away, and more and more SOHOs and SMBs are asking me "what do you know about this Linux thing?" and yet Ballmer still tries to force everyone into this multimedia nightmare of an OS instead of keeping business/home separated like it was for WinNT/Win9x. But he ain't Steve Jobs and Win7 ain't no OSX. If they don't change their direction, which I seriously doubt will happen under Ballmer, then their stock price and sales are going nowhere but down. I mean have you EVER seen companies BRAG about giving you the previous MSFT OS THREE YEARS after the new version came out? Nope, me neither.

By the way, does your post mean that we are agreed on my point about IE?

In my experience, IE crashes are almost always the fault of non-IE code, and an overwhelming majority of that is due to Flash. Try running in no-addon mode sometime and you may be surprised just how stable the browser itself is.

You might also be interested in this post from the IE team, which highlights where the most common crashes initiate (for IE8 on Win7 beta, anyway). Their analysis indicates well over half of IE crashes are actually due to 3rd-party components.

"when I first saw this article, I immediately thought "Bloat."" - by A. B3ttik (1344591) on Friday February 27, @10:48AM (#27012387)

On bloat (& more that's adversely affecting the IP Stack)?

Take a read:

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on

"when I first saw this article, I immediately thought "Bloat."" - by A. B3ttik (1344591) on Friday February 27, @10:48AM (#27012387)

On bloat (& more that's adversely affecting the IP Stack)?

Take a read:

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on

See my subject-line, because here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.) as examples thereof:

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall ge

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)...

Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature, especially for the concept of LAYERED SECURITY... so, why was it removed? The reasons given by the VISTA reskit in my p.s. below are COMPLETELY lame but, judge for yourselves later below. Read on...

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allow

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)...

Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature, especially for the concept of LAYERED SECURITY... so, why was it removed? The reasons given by the VISTA reskit in my p.s. below are COMPLETELY lame but, judge for yourselves later below. Read on...

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allow

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)...

This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filtering is

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx [msdn.com]

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ [windowsnetworking.com] )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filter

OF course Microsoft is defending FAT32 - I mean it's one of the new supported features of Windows 7!

Here are 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) which shouldn't be (& yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Filterin

"Windows 2008 suffers from the same atrocious network performance problems than Vista. DPCs made by the network drivers use too much CPU time when transfering data over a 100Mbps-1Gbps network link." - by this great guy (922511) on Saturday February 28, @08:25PM (#27026449)

Good points, & historically they've plagued VISTA (&, in the case of filecopies, even older MS OS to an extent/afaik) & in the case of media file playback being affected adversely in VISTA, it has to do with caching, & iirc, specifically caching of network reads regarding media files (don't quote me on the specifics here though, I don't use VISTA, but also read about what you stated around a year++ ago)...

Here are 2 more points for you to be aware of:

(2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.)

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have a GOOD SOLID TECHNICAL answer as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ )

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of th

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx [msdn.com]

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ [windowsnetworking.com] ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generall

"2k3 just works. Does anyone have a compelling reason to use 2k8?" - by bdsesq (515351) on Saturday February 28, @12:41PM (#27023705)

I don't & mainly because of these 2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Fil

"I run a few 2k8 servers and must say that there are very few features that distinguish it from 2k3" - by itzdandy (183397) on Saturday February 28, @12:24PM (#27023603) Homepage

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that a

2 security features Microsoft has PULLED (port filtering) &/or crippled (for efficiency in HOSTS files) shouldn't be & yet, are.

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

QUESTION: Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their descendant, in Windows 7?

See - I posted on Microsoft/Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

APK

P.S.=> I found the (imo) rather flimsy reasoning behind WHY the PORT FILTERING gui controls were allegedly removed in Windows VISTA, Server 2008, & Windows 7, after consulting with Mr. Mitch Tulloch ( http://www.windowsnetworking.com/Mitch_Tulloch/ ) ... here tis:

From Chapter 27 of the Vista Resource Kit that explains the rationale for removing the TCP/IP Filtering UI:

----

"Windows XP Service Pack 2 actually has three different firewalling (or network traffic filtering) technologies that you can separately configure, and which have zero
interaction with each other:

Windows Firewall that was first introduced in Service Pack 2

TCP/IP Filtering, which is accessed from the Options tab of the Advanced
TCP/IP Properties sheet for the network connection

IPsec rules and filters, which you can create using the IPsec Security
Policy Management MMC snap-in

On top of this confusion, Windows Server 2003 Service Pack 1 had a fourth network traffic filtering technology that you could use: the Routing and Remote Access Service(RRAS), which supported basic firewall and packet filteringthe problem, of course, is that when more than one of these firewalls is configured on a computer, one firewall can block traffic that another allows"

----

Lame reasoning imo!

I say this, because it is TRIVIAL to create exceptions rules in most any software (or hardware based) firewall generally, & to match that in Port Fil

Actually Mr too cowardly to even have an account, I am a Windows repairman who has made his living with MSFT products sine the days of Win3.1 and am pretty fucking tired of seeing the company whose products I service and support pissed down the drain by Mr. "I want to be Apple so damned bad it hurts!" Ballmer. Of course I am not the only one that think Mr. Ballmer should be righteously fired for his incompetence, and as it gets closer to relase date we are seeing that Win7 is looking more and more like "Vista SE" instead of the new direction which was sorely needed in the company.

What we NEED is to go back to the division we had during the WinNT/Win9x days, where the business OS was a low resource backwards compatible OS with low system requirements so you don't need a gamer rig for your secretary. What it appears we will get AGAIN is another bloated as hell giant pig of an OS with more bling than you can shake a stick at because Ballmer wants to be Steve Jobs. But news flash, Steve Ballmer ain't Steve Jobs and Windows ain't OSX. You can run Leopard just fine on 5 year old machines, in fact according to my Mac friends they even run a little FASTER with the new version.

Compare that to Windows where you need a dual core with 3GB of RAM just to keep Vista from feeling like a 486 struggling to run Win98. I mean it is pretty fucking sad when I have WinXP running smooth and easy on a 733MHz with 384MB of PC100 RAM and Vista ran like a dead elephant on my 3.6GHz HT enabled P4 with 2Gb of RAM. The Vista codebase either needs to be stripped down and rebuilt or tossed over their shoulder into the trash. The consumer has spoken and they don't want it. Putting lipstick on the pig ain't gonna turn pork chops into steak and it ain't gonna sell Vista SE...errr Win7 either.

If they are determined to be Apple then put out the "Apple extra bling" edition for the home users and give us "Win2K10 Professional" for the business users that just want to get their work done without the bloat. Otherwise all of the businesses who got burned with Vista are going to start looking elsewhere. Why do you think there are all these sites including on MSDN showing how to make 2K8 into a desktop OS? Because for the enterprise Vista ain't cutting it and neither will Win7.

But believe what you will, but mark my words: Win7 will fail,just as Vista did. Then maybe Ballmer will be fired and we will have a decent OS by Win8. But I can't keep buying copies of XP for my customers for forever and they have made it clear there will be NO Vista for them.

"Let me know when security is one of those features." - by Huntr (951770) on Friday February 27, @10:08AM (#27011787)

As far as security features you mentioned? Microsoft has PULLED 1 very good one (more in how efficient it can be, as it is in older OS by MS like Windows 2000/XP/Server 2003), & totally removed another - read on:

Thus, I have a question to ask...

Do ANY of you folks have an answer, a GOOD SOLID TECHNICAL answer, as to WHY these cripplings have been implemented in VISTA, Server 2008, & most likely their
descendant, in Windows 7:

----

1.) The removal of being able to use 0 as a blocking IP address in a HOSTS file

(vs. 0.0.0.0 or 127.0.0.1, which are bigger, slower on load into the local DNS Cache (as well as slower flushes via ipconfig /flushdns) & also occupy more RAM once loaded, for NO GOOD REASON - 0 blocks as well as the other 2 do, & is smaller + faster!)

In this case, this happened on 12/09/2008 Microsoft "Patch Tuesday" updates, it wasn't LIKE that before then!

E.G.-> Here, using 0 as my blocking IP address in a FULLY normalized (meaning no repeated entries) HOSTS file with nearly 650,000 bad sites blocked in it, I get a 14++mb sized HOSTS file... using 0.0.0.0 it shoots up to 18++mb in size (& even worse using 127.0.0.1, to around the tune of 24++mb in size)... Here? This is SENSELESS bloat creation as the result!

&

2.) The removal of IP Port Filtering GUI controls for it via Local Network Connections properties "ADVANCED" section

(This is up there w/ when MS removed the GUI checkbox after NT 4.0 for IP Forwarding, only, this time, the difference is (and, it's a PAIN) is that it is NOT a single 1 line entry to hack via regedit.exe, but FAR MORE COMPLEX to do by hand)... Port Filtering is a USEFUL & POWERFUL security (& to a degree, speed also) enhancing feature!

Afaik, on THIS case (vs. #1 above)? It has always been that way in VISTA &/or Windows Server 2008... & not just the result of a Patch Tuesday modification.

----

I posted on Mr. Sinofsky's (?) blog -> http://blogs.msdn.com/e7/archive/2009/02/25/feedback-and-engineering-windows-7.aspx

AND, I have YET to get a SOLID TECHNICAL ANSWER on those things going on in VISTA, Server 2008, & probably Windows 7 as well, that justify doing so...

(They're things I'd really LIKE to get an answer to, as to WHY Microsoft has done the 2 things in my list above, to the above noted versions of Windows)

Sorry Microsoft - I really like your OS & softwares, but this time? Well - Both of those being done? EXTREMELY STUPID!

APK

P.S.=> Does ANYONE know why these STUPID things were done to the latest/greatest versions of Windows? I don't...

Otherwise, consider this "ammo" you 'anti-microsoft/anti-Windows' *NIX fans here can use, because @ this point? I wouldn't blame you IF you did... & hopefully??

It helps FORCE MS to undo them... because, I will be COMPLETELY FORTHRIGHT about this much: They're 2 reasons I won't upgrade beyond Windows Server 2003... apk

That's funny, I read this blog post from Microsoft today that detailed some of the changes made since the beta, all thanks to feedback from said beta.

It's quite a sizeable list and apparently only a small amount of the changes made so far. Considering nobody outside of Redmond (With the exception of a few select partners) is supposed to have access to anything other the beta, who's actually making the claim that the feedback is falling on deaf ears? Sounds to me like Microsoft IS actually listening for once.

Newest changes coming in the RC http://blogs.msdn.com/e7/archive/2009/02/26/some-changes-since-beta.aspx

Microsoft DID document a number of otherwise undocumented APIs. And they have internal processes to ensure that Microsoft programs like Office, FoxPro, Visual C++ etc dont call anything thats undocumented, see this:
http://blogs.msdn.com/calvin_hsia/archive/2005/01/26/361033.aspx

They did later document lots of network protocols but that was the EU and not the US that got them to do it.

Dude, you better get yourself checked. I think you're suffering for brain damage. Or do you use Linux? That might explain it.

>Friday, June 10, 2005 8:49 AM by LarryOsterman

[....] But Microsoft does have lawyers. And they have stated that looking at GPL'ed code requires approval. [...]

http://blogs.msdn.com/larryosterman/archive/2005/06/09/427309.aspx

It seems they have added "X-UA-Compatible: IE=EmulateIE7" to the HTTP header of the pages on microsoft.com. Why is microsoft.com on the Compatibility View list, then?

• Does it mean "X-UA-Compatible: IE=EmulateIE7" was not there yet when the IE team generated the current version of the Compatibility View list?
• Does it mean they forgot to add "X-UA-Compatible: IE=EmulateIE7" to some pages?
• There is a small difference between adding "X-UA-Compatible: IE=EmulateIE7" and being listed on the Compatibility View list. Does it mean adding "X-UA-Compatible: IE=EmulateIE7" was not enough to render microsoft.com correctly on IE 8?

Any ideas?

It's because Add-Remove is trying to guess a whole lot of missing information.
http://blogs.msdn.com/oldnewthing/archive/2004/07/09/178342.aspx

One without the guessing:
http://aaronlawrence.fastmail.fm/AddRemove.html

>as long as the form submits to an HTTPS page, your login credentials are still SSL-encrypted.

No, If any part of a page is not encrypted then an attacker can effectively strip all encryption from the entire page. See this page from a Microsoft Internet Explorer programmer: http://blogs.msdn.com/ie/archive/2005/04/20/410240.aspx
and this page about airpwn where attendees at a security conference had the images in their web pages turned upside down.
http://www.informit.com/guides/content.aspx?g=security&seqNum=158

Say for example you're using an unsecured wireless access point at an Internet cafe. There can be an attacker five miles away with a high gain antenna listening for someone to log into their bank by a login page that only encrypts the password. When your computer sends out the request for your bank's page, if the hacker's computer is fast enough, it can impersonate the wireless access point and send a version of your bank's login page with the password encryption stripped and the password redirected to whatever computer your attacker wants. When the real server finally responds to your request a few milliseconds later, your computer will think it's a mistaken duplicate and ignore it. This is not a theoretical attack, it has been publicly demonstrated. Your first login attempt may fail as the password is redirected to the attacker, but once your attacker has your password, he can return things to normal so your second login attempt will succeed. You'll just think you mistyped the password on the first try.

> The solution is user education.

The idea of user education fails miserably with the all too common problem of the Dancing Bunnies:
at the end of the day, the user still wants to see the dancing bunny, and they'll do whatever's necessary to bypass your carefully constructed barriers in order to see the bunny

some of the security work in IE7 relies on operating system functionality in XPSP2 that is non-trivial to port back to Windows 2000

I agree but I doubt they will follow through with it. It is more likely they will rely on some kind of marker you can put in sites designed to be standards compliant.

You didn't track IE8 development, it seems - that's how they originally wanted to do it (you'd have to have a META element to indicate that you're standards compliant, and without it it'd use IE7 compat mode), but after heavy criticism for this decision, they have changed it to standard-compliant mode by default, with a META declaration to allow the page to request compat mode by itself, and a button on the toolbar for the user to have manual control over compat mode if needed.

IE8 passes ACID 2:

http://blogs.msdn.com/ie/archive/2007/12/19/internet-explorer-8-and-acid2-a-milestone.aspx

But in September, IE8 lags in the ACID 3 test:

http://www.anomalousanomaly.com/2008/03/06/acid-3/

The closer they all get to standards (any standards) the better.

What if we could just define which rendering engine to use in pages, e.g. IE7 or IE8 in a meta tag...

Oh if we only could!

Watching the development of IE8, the teams is taking great pains to make sure that site authors and owners have an overall say about how their page is rendered with respect to new IE standards-compliance. You can use both a META tag as well as a HTTP header to tell IE8 to use either the new rendering engine (default) or to fall back to the IE7 standards. Companies can also specify compatibility options using GPOs which should help keep older intranet sites working.

I think it's a pretty good tradeoff between pushing for modern standards and not "breaking the web". Yes, it is largely IE's fault that there are so many non-conforming sites out there, but compatibility is important regardless, especially for "offline" sites which cannot be fixed easily or cheaply (CD help files, embedded web servers, etc). At least by having the new rendering mode the default it will encourage standards compliance (or at least IE's [admittedly improving] version of it.)

why is my damn phone a different device when I plug it into a different USB port?

That is not the fault of Windows but of the device. USB devices are supposed to include a serial number. If they do then Windows can tell it is the same device plugged in elsewhere. If not then it has to assume there could be multiple devices. A second reason is a consequence of Windows backwards compatibility. Because there is a device name space (eg COM9 for serial like devices such as phones) each one has to be plumbed appropriately. If your phone was COM7 last time then you want it to be the same this time. Sure Windows could drop backwards compatibility, but that is one of the major reasons people use it - because their programs work and keep working. (Did you know that the Visicalc binary from 1982 works just fine on XP? It dates from before DOS even supported subdirectories!) There is a lot of interesting reading at Raymond Chen's blog including an article on this very topic as well as how important backwards compatibility is to Microsoft. Glad I only use Windows for gaming and to update my Blackberry's software. Twins :-)

why is my damn phone a different device when I plug it into a different USB port?

That is not the fault of Windows but of the device. USB devices are supposed to include a serial number. If they do then Windows can tell it is the same device plugged in elsewhere. If not then it has to assume there could be multiple devices. A second reason is a consequence of Windows backwards compatibility. Because there is a device name space (eg COM9 for serial like devices such as phones) each one has to be plumbed appropriately. If your phone was COM7 last time then you want it to be the same this time. Sure Windows could drop backwards compatibility, but that is one of the major reasons people use it - because their programs work and keep working. (Did you know that the Visicalc binary from 1982 works just fine on XP? It dates from before DOS even supported subdirectories!) There is a lot of interesting reading at Raymond Chen's blog including an article on this very topic as well as how important backwards compatibility is to Microsoft. Glad I only use Windows for gaming and to update my Blackberry's software. Twins :-)

why is my damn phone a different device when I plug it into a different USB port?

That is not the fault of Windows but of the device. USB devices are supposed to include a serial number. If they do then Windows can tell it is the same device plugged in elsewhere. If not then it has to assume there could be multiple devices. A second reason is a consequence of Windows backwards compatibility. Because there is a device name space (eg COM9 for serial like devices such as phones) each one has to be plumbed appropriately. If your phone was COM7 last time then you want it to be the same this time. Sure Windows could drop backwards compatibility, but that is one of the major reasons people use it - because their programs work and keep working. (Did you know that the Visicalc binary from 1982 works just fine on XP? It dates from before DOS even supported subdirectories!) There is a lot of interesting reading at Raymond Chen's blog including an article on this very topic as well as how important backwards compatibility is to Microsoft. Glad I only use Windows for gaming and to update my Blackberry's software. Twins :-)

If your driver supports a Stereo Mix source, then you can enable it in the Recording mixer. You do have to right-click on the background and uncheck the "hide disabled devices" box though, which can be tricky to find (there's probably another way but that's the one I'm familiar with).

Or, you can just download the free and open source loopback device example posted by one of the Windows audio devs:
http://blogs.msdn.com/matthew_van_eerde/archive/2008/12/16/sample-wasapi-loopback-capture-record-what-you-hear.aspx

It relies on the Stupidity 0.99995b RC12 Gold API, and it is here to stay.

I'd say it's not so much stupidity than human psychology, and that most people aren't educated to recognize these dangers. I'll refer you to what security and user interface designers refer to as the
Dancing Bunnies problem.

The main workaround is to have users work in a sandbox. That way, if they blow something up, it's just their sandbox. The sandbox could be their home directory, or a virtual machine. Windows historically didn't sandbox (defaults to admin rights, which changed in Vista). Unix does (user permissions).

I find it hilariously ironic, because Windows has a sophisticated permission system (ACLs) by default since (at least) Windows 2k, whereas most Distributions I know still default to the User/Group/Other bits.

Everything at http://blogs.msdn.com/ is guaranteed ridiculously satirical and over the top.

My understanding of the PGO process is limited to an explanation of the the Microsoft VC++ compiler and linker. I was told that the profile was used by the linker to arrange memory in the most efficient manner possible, but nothing about how it affected the uninstrumented compilation of the code.

The person who told me about it also recorded a video interview explaining the front end / back end interaction in their compiler, and you can view it at http://beta.channel9.msdn.com/shows/Going+Deep/Louis-Lafreniere-VC-backend-compiler/ (I haven't seen it yet, but I assume he's saying the same things he told me.)

Certainly it could be used to make efficient compiler decisions, and that's probably what is making up the difference in performance the people are seeing on Linux systems with no swap space.

Firstly, the reason why a lot of extraneous services start up in Windows when you do a fresh install is given here: Service Controller. If you watch the interview, you'll see there are problems in pre-7 Windows determining exactly what needs to run. Some of these issues are fixed in 7.

Next, this whole debate is somewhat stale; what you mean by an Operating System is not the same as a general user's understanding of what an OS is. The whole Windows Kernel is something like 25mb on disk. I'm not sure about Linux, but the minimum system required to get up and running is probably of a similar order of magnitude. For the user, the operating system is a whole lot more than a kernel, it's a whole load of applications, ease-of-use widgets/applets and an entire basic framework of applications to get you up and running (at the very least).

With respect to RAM, you should hold fire until you know what the OS is actually doing with it. I have 2gb of RAM and Windows 7 reports that 700mb are free and 800mb are "cached". I'm running a few apps at the moment, but as far as I'm concerned the OS can use as much RAM as it wants on the assumption that the OS knows better how my RAM should be used than I do (not always the case, but in general it's true for the average user).

Your logic would be spot on if Microsoft's Mac offering were indeed direct ports of their Windows counterparts. But they are not.

One of the major reasons the MBU exists is because of the horribly ill-fated idea of throwing out the Mac-native Word for Mac 5.0/5.1 and using the Word for Windows 2.0/3.0 codebase to come up with Word 6.0 for both Mac and Windows. (You can read details of this debacle directly from a MBU employee).

The majority of Microsoft's Mac products are complete re-implementations of the features in their Windows counterparts (and the reason why there is not complete feature-parity between the two versions).

I think the reason that the MBU has such high profit margins is that are fewer "cooks in the kitchen" relative to Microsoft's Windows-related projects. It's a small group of dedicated employees who are in the unenviable position of trying to make great Mac software while being viewed by some on the outside as just more drones from the evil Windows empire.

No, only "Word 6" was directly converted from Windows (as a test) and it was a disaster on Mac scene.

Office 08 for Mac is built on XCode and they even had same problems as open source people because of a way more strict gcc coming with Xcode 3. It was a funny read to see MS struggling with GNU software, thanks to Apple ;)

If you ignore the "I hate M$" comments, their Office blog is really interesting sometimes. http://blogs.msdn.com/macmojo/

Some screenshots there tells me it is a pure Cocoa application.

This leaves you with a shell running with full admin rights but which still uses your existing profile and account, bypassing the vast majority of the issues with runas. I usually leave the shell running in the background (it defaults to white text on red background, for easy identification. The whole thing works well, as long as you control physical access. Script can be found here http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx/

Actually no. You're wrong. Try knowing something about what you're talking abouut.

I do, which is why I'm right.

DirectX 10 would require fundamental changes to the XP driver model and kernel to work, after which you'd have done a significant chunk of the work to get Vista.

This will help you:

You'll have to excuse me if I don't consider the tech equivalent of the Weekly World News as a reliable source of information. Especially when they're talking about Microsoft.

Here, try something that actually has a bit of real information and testing behind it. Here's more.

Actually no. You're wrong. Try knowing something about what you're talking abouut.

I do, which is why I'm right.

DirectX 10 would require fundamental changes to the XP driver model and kernel to work, after which you'd have done a significant chunk of the work to get Vista.

This will help you:

You'll have to excuse me if I don't consider the tech equivalent of the Weekly World News as a reliable source of information. Especially when they're talking about Microsoft.

Here, try something that actually has a bit of real information and testing behind it. Here's more.

As a proprietary product, I am unable to prove or disprove what is or is not in Windows.

Sure you can. You can sniff for leaks. That's how people found out about the "personal information" in WGA.

You're not seriously going to do a line-by-line code review of Windows, even if you had the source. It would take you months or years. It would take you even longer in Linux, Nobody's going to do a line-by-line review of that either. AND NOBODY EVER HAS. Show me the line-by-line code review of Fedora 10.

We do, however, have plenty of evidence that "NSA Key" does not have an adequate explanation,

No, we don't. NSA uses it's own special sauce separate from FIPS for encryption/signing/etc. That special sauce is in Windows so NSA can use it. You need to turn it on with registry keys and it doesn't implement anything remotely similar to a backdoor. It affects logins, EFS, and network filesharing.

WGA does send personal information despite microsoft's claims to the contrary,

What personal information is that? It sends system details. It DOESN'T send the Owner or Company strings which is the ONLY "personal information" stored in a standard Windows install. Unless you consider what motherboard you have installed to be "personal information". Link:
http://blogs.msdn.com/wga/archive/2007/03/07/wga-notifications-and-download-and-install-telemetry.aspx

By whom? Not by me. Not under circumstances that I trust. By the same people who've requested its inclusion in the first place, perhaps?

The University of Washington has done a code review of Windows 2000 and I think XP. And more importantly, the European Union has the source and their special masters have been doing a code review as part of the antitrust and other lawsuits against Microsoft. Like you, they're paranoid of the supposed "NSA backdoor". I think the British government has done the same thing independently. So have the Australians. Links:
http://www.microsoft.com/presspass/press/2003/jan03/01-14GSPrelease.mspx
http://www.microsoft.com/resources/sharedsource/default.mspx

There's also the fact that the Windows 2000 source has leaked and independents reviewed that and found no backdoors.

It is a server intended for very broad access to the system, however it is proprietary and impossible to audit. So you can't check the access execution path to verify that it is secure.

You can't attach a debugger? You can find out everything it's doing pretty easily.

More over, it uses AES encryption which, while fairly secure in theory, does not prevent MITM and does not prevent eavesdropping.

AES is the most widely-used algorithm in encryption today. If you've got a problem with AES you've got a big problem with encryption in general.

All you need to do is get the password and that's easier than you think.

Please tell me how it's "easier" to crack passwords on RDP than SSH. Assume password ONLY on SSH. I'm not aware of any known vulnerabilties on the password engine so you have to brute force it. Limit login attempts to 3. What's the problem?

Even WITH the passphrase, you can't eavesdrop and if properly configured, can't do an MITM with ssh.

Not true, but I don't want to get into it. What you're talking about is probably pre-sharing private keys rather than passwords. As I said before, Remote Desktop has just about every feature of SSH, including this one.

I never said there weren't other problems. I consider the default name for those paths to be hideous. Plus with the ridiculous and horrible limitation that is MAX_PATH in so many Win32 components, that is path real estate that we can't afford to spend. Parts of Win32 go to great lengths to work around MAX_PATH, including searching for shorter surrogate paths to use instead. .NET, foolishly built on Win32, has the same problems.

At least they changed the defaults to "Users", "Documents" and "AppData", etc in Vista.

I was responding to the specific complaint that profile paths were arcane and not understandable.