Slashdot Mirror

"Plus... we're announcing the very special gift that all PDC attendees will receive: a 160GB external USB2 hard drive with all of the bits! Could 'The Goods' get any cooler? They just did!"

http://channel9.msdn.com/posts/Dan/Countdown-to-PDC-2008-This-is-the-Software--Services-PDC-Plus-a-Hard-Drive-Chock-Full-oBits-is-a-PDC/

If you honestly think the the drive is completely filled with Windows OS+tools, you're quite naive.

The registry has lots of advantages over text-based configuration systems, especially on large networks that need central management. Raymond Chen, Windows guru, has written an article about this:

http://blogs.msdn.com/oldnewthing/archive/2007/11/26/6523907.aspx

Frankly, at this point, calling the registry "bloat" is simply ignorance of what it actually does, and how it actually works. The registry is *the* reason that large companies use Windows.

That's nothing. I made the "You may be a victim of software counterfeiting" screen my wallpaper.

Nov to July - skipped the hottest month of the year. Also it was new equipment - I'd be more interested to know what a varied daily temperatures does to the second half of server life than the first half. Or how well a server can handle a layer of frost.

I appreciate he's making a point to get funding and research going, which requires some powerpoint-simple attention-getters, I'm just not sure he's shown off anything past that.

I do like his emphasis on getting vendors to publish more detailled and aggressive specs (I really like that IBM used to list a "maximum altitude" for their CRTs - warranty void in Lhasa) but clearly that's at odds with his point of using inexpensive economically-expendable equipment.

[That's in the actual FA, not what /. linked.]
http://blogs.msdn.com/the_power_of_software/archive/2008/09/19/intense-computing-or-in-tents-computing.aspx

This is a news report on an interesting sales pitch. We've got no tech meat here.

XP Embedded SP2 has this funky Hibernate Once, Resume Many thing now. I don't know if it's possible to properly license the Embedded toolkit for personal use, but the technology is out there and it's interesting.

I suspect that one day a language more like haskell and less like C will end up being the most popular.

BTW that language may already be here. F# is Mozart in disguise - and its new computation expressions are a way to make monads palatable to C (and C#) programmers. There's no real need of strong maths to use computation expressions (although it might be required to *build* new types of computation expressions).

Right because upgrading Linux installations always works every time.

Not every time. You may have broken hardware, or you may erase half of distribution after installing it. Then it won't work.

Umm, you mean you try it and it fails and Linux apologists tell you you have broken or hardare or RTFM. And then you waste ages trying to find someone who actually knows what they are talking about.

Linux is about progress, not back compatibility and no one is willing to do the work to maintain old ABIs or filesystem formats. In fact they often deride Microsoft for caring about it.

In fact, you know absolutely nothing about Linux. ABI changes very slowly, and older versions will work with modern kernel, and may require old libraries that usually are provided in "compatibility" package for this very purpose.

Hmm, that's ok if someone bothers to do it. Otherwise you need to do it yourself. And my point is how many people are going to get it right for a 13 year old disti.

E.g. Firefox 3 won't work on Fedora Core 4 which is a lot newer than 13 years.
http://www.scienceforums.net/forum/showthread.php?p=417678

What Microsoft does is different -- it has SHITTY OLD INTERFACE, and it continues throwing shit into the newer and newer versions of its OS supposedly to provide compatibility with old shit, but really to avoid making any progress toward anything better. Instead of deprecating obviously bad systems such as most of Win32, everything new is either added or built on top of it. The reason for it is very simple -- it's very difficult to provide a compatibility layer on another platform that will imitate extremely bad, poorly designed, bug-ridden subsystem in a way that will support all "creative uses" and workarounds that accumulated over decades of evolution of such a massive engineering failure. If Windows wasn't that bad, Wine (or Windows interface under OS/2 before it, or Wabi,...) would be orders of magnitude more simple, and it would become "better Windows than Windows". With Windows being full of unmaintainable finicky crap every imitation of it necessarily has to be full of unmaintainable finicky crap.

You say shit a lot. But it's sort of interesting that I can run Firefox 3 on Windows 2000, which is a lot older than FC4.

And that's because of all the work people like Raymond Chen do on making sure that software works after an upgrade. Because Microsoft want to sell you that upgrade. In the FOSS world no one gives a shit because there's no money in it. If some developer does some refactoring that inconveniences a user, the user goes to the community which is full of people like you yelling that they are idiots and the sort of work Raymond does is shit. That's why Linux has negligable market share

http://marketshare.hitslink.com/report.aspx?qprid=10

Hmm, doesn't that seem a bit of an ad hominem attack to you? Even if it were true how does it affect what I'm saying.

You and other Microsoft defenders have literally flooded this discussion with your comments. Obviously you are trying to create an impression of validity by posting large number of comments with unsupported claims instead of participating in a discussion.

I just like trolling people like you who will defend Linux without knowing anything about how much work good commercial companies put into migration plans and ABI stability. No one cares about that shit on Linux. If you want it to work you need to reinstall a new OS every few months.

If this is true, please tell me what embedded systems are. Then I will know what to avoid like plague because it's made by a person so hopelessly

Enterprise-level versions of Windows are fairly posix-compliant.

For all the others there's various libraries and environments like cygwin that support various degrees of Posix for Windows. It is easy to find a fork() for windows, or indeed posix threads, etc.

His joke references the fact that Excel was found to miscalcute certain calculations:

http://www.appscout.com/2007/09/excel_cant_multiply.php

And MS's response:

http://blogs.msdn.com/excel/archive/2007/09/25/calculation-issue-update.aspx

http://blogs.msdn.com/ie/archive/2008/03/11/ie8-and-loosely-coupled-ie-lcie.aspx

It's processes for IE8. Threads for IE7.

Are you sure it's not one thread per tab? That's what the person who did ie7 tabs seems to say:

One design decision worth calling out is that our current implementation is fully multithreaded. Each tab is on a separate thread, and the frame is also on its own thread. This has some impact on the overall footprint of IE, but we believe this will allow IE7 to feel faster and provide an overall better user experience.

From: http://blogs.msdn.com/ie/archive/2005/05/26/422103.aspx

... the fact that every tab and plugin will run as a separate process seems significant to me and something more than just a rebranding.

Where have we seen this before?

I imagine the first question on everyone's mind will be, "Why do we need a new web browser?" To which I imagine the truthful answer is: "We don't. At least not for technical reasons."

[snip]/quote>

I think you are clearly wrong on this.
IE is still the most frequently browser today.

pretty much sucks:

It cannot even remove cyclic references and it makes IE slower the more memory is used, because it uses a simple heuristics to decide when to start the GC (see the comments sections of link above)

Furthermore , until recently javascript implementations where much slower than other comparable languages, just check http://shootout.alioth.debian.org/.
There has been some really good progress recently for Firefox (http://arstechnica.com/news.ars/post/20080822-firefox-to-get-massive-javascript-performance-boost.html), but there's still work to be done (similiar GC problems).

Having to use a language in 2008 that has no notion of threads or processes also pretty much sucks.

Regards,
Markus ( Java performance blog )

If you've been dreaming of a multi-process browser for ages, you could start using IE8 on Windows! It lets you configure how many processes you want, from one process for all tabs+plugins through to a separate process for each tab/plugin. (And the "frame" running in a separate frame). http://blogs.msdn.com/ie/archive/2008/07/28/ie8-and-reliability.aspx

I'm not sure why your comment is a reply to mine, since it doesn't respond to any of the points I made. But what the heck, may as well.

... it seems the point of the article is that to get this fancy fontness (great, even more "sizzle" on the Web) you're presently going to have to get down with some MSFT DRM.

Well, no. That wasn't the point of the article at all. Actually, there were so many links in the submitted summary that I'm not actually sure which one was supposed to BE "the article". But the issue runs something like this:

In the '90s Microsoft added downloadable font support to Internet Explorer. Nobody really used it, because it had crappy DRM, it was hard to use, it only worked in IE, and the fonts generally were rendered badly.

Fast forward ten years.

Last March when Safari 3.1 came out, it had support for proper non-DRMed font files. It supports plain old TrueType fonts, and also OpenType fonts (.ttf and .otf, respectively). If you happen to be using Safari, you can look at a demo. In general this made people happy (though not everyone, even among the people who don't live in mortal fear of anything more outre than Verdana).

Hakon Wium Lie, the CTO for Opera, has been agitating for this kind of support for years, and promptly announced that Opera will be supporting that in the near future. There's a link for that in the article above. Shortly Firefox got on board as well -- support for downloadable fonts is scheduled to be released in Firefox 3.1.

After years of waiting, it looks as though web designers are finally, FINALLY going to have the ability to use any font they want, not just the nine fonts from Microsoft's "Web Core Fonts" project. Not everyone thinks that's a good idea, particularly those who tremble at the thought of such power being put in the hands of crappy web designers. And I'll happily admit that there are lots of crappy web designers. But downloadable fonts appear to be on the verge of becoming a reality even so.

The DRM angle comes in because Microsoft has begun trying to get their crappy DRMed format adopted as a W3C standard. Part of their argument is that font foundries won't accept a non-DRM solution, and so Microsoft's solution needs to be the standard everyone uses. Of course that's thoroughly undercut by the fact that Microsoft themselves allow font linking in Silverlight, without DRM, though they do restrict it to same-domain linking.

It's the same old song Microsoft has been singing for years -- Embrace, Extend, Extinguish.

Actually, they probably won't get to the "Extinguish" part with this particular gambit. It's more likely that they'll fail to get EOT standardized, but refuse to support non-DRMed TTF/OTF files, so that it will be harder to use downloadable fonts in a cross-browser way. That is, the designer will have to generate a new font file in EOT format, and then re-generate the same EOT font file for every different domain it's needed on, and finally added a separate IE-only style sheet.

Most sites with modern CSS-based designs already have IE-only style sheets using conditional comments, so adding one more chunk of code there isn't a large resource drain if you're not using multiple domains. But it would be much nicer if they would just support non-DRMed font files that would work wherever. Fat chance of that, though.

I would have thought that too. Based on a workshop that I attended, developing C# apps for Windows Mobile is relatively straightforward. The SDK is free, but you need the professional version of Visual Studio (I haven't tried SharpDevelop yet. The presentations and workshop materials can be found here: http://blogs.msdn.com/mobilitymetro/

Absolutely.

I can't profess to know how Microsoft engineered this

Here's a blog post from the IE team that describes how the feature works, if you're interested in more. Basically, it creates a couple different processes, which are all separate from the main UI frame. This means one process can crash, bringing down all the tabs in that process, but the rest are unaffected.

I agree, I think it's a pretty exciting feature. It almost makes crashing your browser an enjoyable experience. (I managed to crash a tab when I installed the Adobe SVG plugin to see if I could get another point or two on the Acid3 test).

One negative side effect of this is that there is some overhead in creating new processes. This will probably lead to Slashdot complaining about how much memory IE uses and how bloated it is, but personally, I find the reliability gains worth it. Another positive side effect though is that it isolates the Javascript interpreters from each other, which keeps one misbehaving page from locking up the whole browser.

Regardless of whether disabling InPrivate is the best way to ensure you can track browsing within an organization, yes, InPrivate can be "configured and controlled via Group Policy." (It is confirmed by the IE8 team in the comments on the blog entry announcing the feature http://blogs.msdn.com/ie/archive/2008/08/25/ie8-and-privacy.aspx)

I'm still not impressed. I don't care how many whizzy-gig features Microsoft adds to their browser. It is still useless to developers until Microsoft installs standards support. And by standards support, we don't just mean fixing the broken setAttribute method. How about supporting a fucking decade old standards?!? Nope, still no mention of it. In fact, the bug on the issue was "closed by design".

By design? By fucking design?!?! BULLSHIT. Microsoft does not want to be interoperable with other Web Browsers. Period. If Microsoft really wanted to turn around their image in the market, they can start with something as stupidly simple as supporting addEventListener, removeEventListener, and dispatchEvent. I don't even care if the code looks like this:

Element.prototype.addEventListener = function(name, callback, capture) { attachEvent("on"+name, callback); }

^That's fucking WRONG and it would STILL be an improvement!

Microsoft can take their God damn browser and shove it where the sun don't shine for all I care. They have shown such incredible disdain for their customers, that I have to wonder why their even trying to hide it from the market.

*DEEP BREATH*

Microsoft, you are transparent. Your juvenile attempts at lock-in are NOT working and will NOT work. All you're going to do is piss off the people recommending software to grandma, grandpa, mom, dad, sisters, cousins, next door neighbors, school teachers, bosses, subordinates, government agencies, etc. IE will continue to lose market share. It won't be much longer before the alternative browsers reach critical mass. Many websites already show Firefox maintaining parity or even surpassing Internet Explorer. If you actually want to WIN the market, try competing for a change!

Can I get an AMEN?

And if I upgrade to IE8, I can't test against IE7 or IE6.

You should be able to test against IE7 using IE8's compatibility mode

There is difference between ad blocking and tracking blocking.

This identifies 3rd party code that keeps track of users browsing habits, and allows the user to reject being tracked.

Google would be hurt by this, as Google is NOT just about displaying ads, but displaying 'contextual' ads that it gets from not only the site content but the user viewing the site, based on the user's browsing history stored at Google.

Check out the Channel9 interview for more information and the intent of this.
http://channel9.msdn.com/posts/Charles/IE-8-Beta-2-Privacy-is-about-more-than-cookies/

It would be 'easy' to paint MS as being evil, but in reality, this is a feature that 'exposes' the evil that exists all over the web, from pixel tracking systems to full ad user tracking systems like Google uses.

If Google or other online advertisers wants to display Ads, and not be affected by this, then display Ads and STOP TRACKING USERS along with the Ads.

LO f'n L

http://blogs.msdn.com/photosynth/

Maybe they should run Linux?

Fair enough about Python libraries, but my point wasn't about bundled libs, its libs that are available. If you had every python library available in a c++ package, would you still consider c++ lacking in this way? Those libs are available, you may have to use google a little to find them though :)

ah no. GC doesn't allow you to stop thinking. Otherwise you get 'soft leaks' (ie objects still referenced when you think they're deleted), non-memory resources hanging around when you'd rather they were collected, memory buildup that does affect performance when it comes to cleanup, application hang while the GC does its work, to name the few I can think off off my head.

You even need reference counting in some cases - see SafeHandle in .NET for one they had to put in.

RAII is the design pattern you want.

If you think GC provides a silver bullet for your memory management problems, you're going to be disappointed one day. Just ask the Princeton university DARPA challenge team what they think.

Hmm, interesting. It looks like MSIE 7 does do privilege separation, along with a couple other protections. I stand corrected. In my defense, I do not have Vista, so I was unaware of this.

It is not about "We head Microsoft", it is about the fact that something like WordWrapLikeWord95 should not exist in an ISO standard.

Slashdotters are so ignorant on OOXML yet speak so authoritatively on the subject.

WordWrapLikeWord95 isn't in the ISO standard as an opaque concept like it was in the ECMA standard. WordWrapLikeWord95, et al, are fully detailed in the ISO standard as to exactly what you'd need to do to implement them, should you wish to do so. (Those settings have also been deprecated, only for use when reading the small percentage of old documents that originally used those settings; new documents should not use them, period.)
http://blogs.msdn.com/brian_jones/archive/2008/01/18/suppresstopspacingwp-compat-settings-1.aspx

This article explains it.

Reading the tortured history of this case was a real eye-opener. I hadn't really thought about the lengths that some people will apparently go to steal from the community, lie to regulators, and engage in what must have been a very expensive legal fight.

You've got to wonder what the motivation is. Is there really that much money in model train software? Or is this someone who has money to throw at whatever they want?

Dig around a bit... and you find some interesting things.

It seems Katzer and his parnter have made a sizable donation to the University of Oregon in the tune of "$1.25 million for computer labs, software and a technology endowment fund." That's a nice chunk of change to throw around. Where does it come from?

It's interesting to note that Katzer shows up in a number of roles from software development to a model train store. I suspect ongoing concerns are something along the lines of his LinkedIn profile:

Matt Katzerâ(TM)s Summary

KAMIND Associates delivers Microsoft solutions for small business customers since 1998. We solve your IT problems with the following solutions â" eCommerce sites for samll business using Microsoft Commerce Servers, Microsoft Small Business Server and Microsoft Retail Management System (POS) Solutions for specialty retailers. As part of our service model, we work with customers to develop an integrated IT services plan that solves the customers need and results in long term bottom line savings.

That seems pretty straight forward. But there's some other oddities out there. Take this blog entry of a Microsoft manager for example:

Matt Katzer runs an ISV called KAM Industries. They build software for the REALLY big railroads - railroad yard automation, engine automation, that kind of thing. Software that makes really big, heavy stuff move when and where itâ(TM)s supposed to. Matt told me that they also do similar stuff for model railroads â" HO, N, and O-scale stuff. They can completely automate, and simulate very complex setups.

If that werenâ(TM)t cool enough, Matt has built all this on top of Microsoft technologies - .NET Framework, the Compact Framework, WMI (okay, not REALLY MS tech, but it counts), XML, Windows Server 2003, etc.

Eh, what? Is this more than model trains or was Katzer simply exaggerating to impress?

Side note is a comment on the blog:

Matt Katzer was my first manager at Intel and the reason that I moved out to Oregon to work for Intel.

You are just a linux fanboy and don't even know or care to know what MS does apart from OS.
Microsoft velocity - distributed cache
ASP.NET MVC
Microsoft sandcastle - automatic documentation generation
etc...
Sure Vista was a let-down, but things are getting done. Windows 2008 server fixes most of the problems people have with vista. And contrary to popular belief, newer Microsoft OS just don't crash because of software problems. Period. They don't. I have 3 months uptime on my desktop computer. Running windows. When i was using linux i had to restart X all the time.
Other great things MS has done? THE best IDE for software developers. Other IDEs don't come even close to visual studio. (Maybe slickEdit for C/C++)
Office and accompanying products (MS Project, visio,...) Why is everyone copying them?

Actually, you can develop games for the xbox360 relatively cheap. For 99 bucks, they will give you the license. The XNA development kit is free for anyone (at least the express version, which is partially stripped down).

Last I knew, MS was giving a one year membership license to XNA away for free on their dreamspark site for students. They were also giving away the XNA 2.0 development kit (full version). It's worth at least checking out if you have an interest in console development (even if it's the xbox360 and not the PS3).

http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx

From the link you posted.

Because of the number of legacy servers on the web (e.g. those that serve all files as text/plain) MIME-sniffing is an important compatibility feature.

You may say they shouldn't have done it in the first place. But even now when they want to fix it, they cant because of the shitstorm people kick when they are asked to fix their servers.

The article was light on details, but it sounds like an extension of a known attack, and if this is the case, then it's not Windows, but Internet Explorer. Internet Explorer ignores the Content-Type header in various circumstances, in violation of the HTTP 1.1 specification.

This matters because services like Facebook serve these fake "images" provided by their users to Internet Explorer and explicitly tell Internet Explorer that they are images. Internet Explorer then happily ignores them and tries to guess what type of file it is on its own. If the file looks a bit like HTML and you click on a link to it, Internet Explorer will happily execute Java and JavaScript on that page within the security context of the domain serving it.

If you've wondered why these types of services force you to save images when you try to view them outside of the context of a web page, now you know why. It's because it's the only reliable way to ensure that Internet Explorer doesn't execute it. Think of it as a straight-jacket to stop a mentally ill person from hurting themselves.

It's okay though, Microsoft are fixing the issue in Internet Explorer 8. By making Internet Explorer respect the HTTP 1.1 specification? Of course not! By adding a new proprietary header attribute.

You are apparently talking about black-box testing. For starters, you need a security team to perform penetration testing on the apps in a production-like environment. But if you have home-grown software, you need to address the problem of insecure systems being built by your programmers. The programmers need to understand application security. For a somewhat theoretical but still practical treatment, I recommend my own book, High-Assurance Design (Addison-Wesley, 2005). You should also check out Michael Howard's book and his blog. And then there are Gary McGraw's books which address process. - Cliff

A very entertaining and interesting presentation is the story of the ribbon http://blogs.msdn.com/jensenh/archive/2008/03/12/the-story-of-the-ribbon.aspx It gives a lot of examples of user interface design practices. This includes watching users and building in tools to track usage and some advice on testing with users. You can also higher a user experience consultant to do user experience and usability tests. They can provide grounded feedback based on interview and observations. There are also a lot of other material on the topic. Look under Uesr Experience, Human Computer Interface, or Interactive Design. Some companies offer 1 to 3 day courses in various cities. I have not tried this but they are probably OK to getting started yourself. Obviously there is no magic bullet but there are existing systems to keep from going off in the wrong direction and starting with the big picture.

Yeah, but the new one is pretty good. Learn about it before complaining. http://blogs.msdn.com/murrays/

This is somewhat off topic, but Murray Sargent, whose blog you linked to, is one smart guy. How many people can simultaneously claim to be a theoretical laser physicist and a software engineer?

Layer on top of this the fact that in Office 2007 Microsoft has created a totally new equation editor that isn't compatible with its old editor.

Yeah, but the new one is pretty good. Learn about it before complaining. http://blogs.msdn.com/murrays/

I use both Word (2007) and LaTeX. I think you're completely and utterly wrong, and I note the complete lack of specifics in your post. Just consider this entry from the Microsoft Office Team Blog. Create a 3 column table to number an equation! You've got to be kidding me.

Layer on top of this the fact that in Office 2007 Microsoft has created a totally new equation editor that isn't compatible with its old editor. How long will this one last? Maybe they're finally turning Word into a capable, consistent tool, but it will take several more versions to be sure.

Making complicated tables in LaTeX is a pain, I'll grant that. But why don't you tell us exactly what it is that makes the latest version of Word such a capable tool for creating lengthy, cross-referenced, equation-laden documents.

It's Enhanced Write Filter... not WDP. WDP is the same feature used in Windows SteadyState... it's just a different acronym for the exact same thing. Sorry. Linky: http://blogs.msdn.com/astebner/archive/2004/12/01/273462.aspx

http://blogs.msdn.com/vijaysk/archive/2008/02/11/using-windows-server-2008-as-a-super-desktop-os.aspx

A lot of people forget that C has very strong typing (that you can get round it with a cast doesn't detract from that fact that *you* have to perform that cast, you cannot accidently pass the wrong type in)

Some 'safer' features, such a GC to name a fashionable one, only shift the source of errors to a different place - GCs happily use up lots of memory, happily hang the system while they collect, and often you end up (like the Princeton DARPA team) assuming things are dealt with when they get 'stuck' in memory because there's a reference hanging around somewhere). I mean, a GC is fine for most things, but I'd still want a better form of memory management to be used first, and I certainly wouldn't want a GC used in a nuclear bomber. At least Sun's Java licence knows to make that explicitly clear.

The biggest problem with C is dynamic memory allocation. The way to fix it is, simply, not to use dynamic memory allocations! You can easily write C/C++ code where everything is on the stack, everything is a local variable. Ok, the other problem with C is array bounds checking - especially C-style strings, but you can still use fixed-length types and your own non null-terminated copy functions.

Modern, easy-to-use languages give you the illusion of safety - but really they just sweep the problems under the rug so you don't notice. Even some things that are designed to make your code safer, often require as much care as before

In short, it doesn't matter what you use, you have to think about it and you should never, ever assume someone else has fixed all your problems for you.

...and it just doesn't work well.

The 16-bit subsystem. It's time. Ten years ago you could run NT 3.51 without loading the 16 bit subsystem, and it worked fine. Some legacy apps wouldn't run. Any of those left?

You'd apparently be surprised, given the lengths that MS goes to to maintain backwards compatibility. (Example. Another example.) Now, not starting up Win16 unless someone does run an old app is one thing. (I think they already do this, don't they?) But it would be an insanely bad idea for MS to drop it.

Trusted drivers other than ones that need to do DMA directly. Drivers for USB devices should be running as user level services, without the ability to crash the machine. Printer "drivers" have no need for privileges; they're just filters. Only drivers that need to do DMA should have any special memory access privileges.

Like all Linux USB drivers use libusb, and the only ones in the kernel are class drivers, right?

Non-USB mouse and keyboard port support. Again, it's time.

Why on earth would you drop support for old hardware, especially if it costs you little or nothing to keep it in? It's not like unused drivers eat memory.

Codecs running in kernel mode. No, the codecs and the DRM do not need to run in kernel mode.

Given that the OS is designed to not let you control your own system, I'd say that DRM does have to run with super-duper permissions. But since when do codecs run in kernel mode? Admittedly, my Windows knowledge is pretty rusty, but this seems like a really weird thing to do.

Implicit Internet Explorer invocation. The user's browser of choice is invoked when necessary, not IE.

I can see potential problems when help documents are rendered in possibly-wrong ways depending on your browser. Most of the time--when you're specifically clicking a web link or opening a .url shortcut--it does open your browser of choice, if I recall correctly.

Hidden files. More of a headache than a feature, and too popular with attackers.

You can already enable viewing of hidden files in Explorer. If you want to blame an OS feature which seems to have no purpose whatsoever other than working as an attack vector, try NTFS forks. (It's used in XP SP2 to store information on where an executable was downloaded from, apparently.)

Autorun for media. No running stuff from an inserted disk until a dialog has asked the user if they want to run it.

Users pretty much invariably click "okay" to dialogs that pop up--adding a dialog, in general, makes users crankier and doesn't improve security. Autorun was introduced, despite being a security nightmare, because telling people to run start, run, "D:\SETUP.EXE", got very, very old.

The 16-bit subsystem. It's time. Ten years ago you could run NT 3.51 without loading the 16 bit subsystem, and it worked fine. Some legacy apps wouldn't run. Any of those left?

You'd apparently be surprised, given the lengths that MS goes to to maintain backwards compatibility. (Example. Another example.) Now, not starting up Win16 unless someone does run an old app is one thing. (I think they already do this, don't they?) But it would be an insanely bad idea for MS to drop it.

Trusted drivers other than ones that need to do DMA directly. Drivers for USB devices should be running as user level services, without the ability to crash the machine. Printer "drivers" have no need for privileges; they're just filters. Only drivers that need to do DMA should have any special memory access privileges.

Like all Linux USB drivers use libusb, and the only ones in the kernel are class drivers, right?

Non-USB mouse and keyboard port support. Again, it's time.

Why on earth would you drop support for old hardware, especially if it costs you little or nothing to keep it in? It's not like unused drivers eat memory.

Codecs running in kernel mode. No, the codecs and the DRM do not need to run in kernel mode.

Given that the OS is designed to not let you control your own system, I'd say that DRM does have to run with super-duper permissions. But since when do codecs run in kernel mode? Admittedly, my Windows knowledge is pretty rusty, but this seems like a really weird thing to do.

Implicit Internet Explorer invocation. The user's browser of choice is invoked when necessary, not IE.

I can see potential problems when help documents are rendered in possibly-wrong ways depending on your browser. Most of the time--when you're specifically clicking a web link or opening a .url shortcut--it does open your browser of choice, if I recall correctly.

Hidden files. More of a headache than a feature, and too popular with attackers.

You can already enable viewing of hidden files in Explorer. If you want to blame an OS feature which seems to have no purpose whatsoever other than working as an attack vector, try NTFS forks. (It's used in XP SP2 to store information on where an executable was downloaded from, apparently.)

Autorun for media. No running stuff from an inserted disk until a dialog has asked the user if they want to run it.

Users pretty much invariably click "okay" to dialogs that pop up--adding a dialog, in general, makes users crankier and doesn't improve security. Autorun was introduced, despite being a security nightmare, because telling people to run start, run, "D:\SETUP.EXE", got very, very old.

I wasn't really aware of datamining until a lecture not too long ago, given by a handful of enthousiasts and I was sold; just possible implementations and new approuches to the way we approach data is just mindblowing and is just so freaking cool.
The subject seems soo specific yet its implemenation in our large databases becomes more important and relevant.

SQLServer datamining
Datamining blog
XMLA

How about F# "productization"? And the C-omega, which beget LINQ and Parallel LINQ?

Can you prove it? Rootkits? Priviledge escallation? Malware != virus != bot ... Anyone? Even if it were true, it does not prove your tactic is a good one... you just might have been lucky...

All the time I used to spend running AVG free, AdAware, Spybot S&D, I would scan regularly and come up with nothing. Month after month. I still occasionally scan the entire drive but it still comes up blank. Running as a Limited User is pretty good protection against all sorts of malware. http://blogs.msdn.com/aaron_margosis/pages/TOC.aspxRead Aaron Margosis's weblog.

Ditching firewall(neither for private nor public IP) is not a good idea. First, there are many programs that open ports. And second, there isn't a day that my outer perimeter isn't under constant attacks.

I agree. That's why I run with the XP SP2 Firewall (waaaaaaaay better than the original XP ICF) straight out of the box. I don't use any third-party firewalls like Zone Alarm any more.

There are solutions for each one of those circumstances:

1. You never open links in search results to sites you have never been to? - If you are running windows using Firefox or IE there have been many cases of 0 day exploits

Run your browser with lower privileges (even if you are a not an administrator, which by itself thwarts most of the virus, which expect otherwise, run it with a constrained token). See http://blogs.msdn.com/nigelwa/archive/2005/07/29/445155.aspx. Additionally, IE7 protected mode under Vista has an excellent record.

2. Do you not use any USB storage devices? - Just this Christmas I purchases a digital photo frame for a family member that had built in storage. low and behold when I went to preload it with photos it was already infected with a virus that was set to use auto play to install.

This one is straight-forward: just deactivate auto-run.

3. You 100% trust EVERY thing your friends or family send you? Document infections are still somewhat common. I suppose using Open office would get you around macro infections but you also might not be able to open company documents then.

This may be a bit more problematic, but macros are usually not set to be run by default. If you are paranoid, you can always run Office apps with less privileges.

Sun is somewhat more quiet, but you can still tell by the fact that Java is getting full-fledged closures soon, and Fortress is built for parallel architectures from ground up (so much so that "for" loop defaults to parallelizing, unspecified-order version).

From Xbox team blog:

One of the first questions I get when someone hears I work on Xbox is "So, what operating system do you guys use? Windows 2000, right?" I am honestly not sure where the Win2K misperception comes from, but Xbox runs a custom operating system built from the ground up.

Raymond Chen (well known Microsoft blogger) linked to Joel on Software today about Why the MS Office file formats are so complicated