Slashdot Mirror

You're not going to want to hear this, but anyway ...

You could have *_avoided_* all of that if you just ran your box as a user, and elevated to admin when needed.

Mor info on the non-admin experience

IIS huh?

http://blogs.msdn.com/michael_howard/archive/2004/ 10/18/244181.aspx

I'm only going to comment on a couple of things here since I think nokilli already did a great job.

4. iApps - Free.
-- You do realize that Apple is only able to release these apps like this because Microsoft is currently in the spotlight as the evil incarnate distroyer of free market (when the opposite is more likely the case). If the EU is pissed because Microsoft has included a(n ohmygosh) media player, can you imagine where they'd be if Microsoft also tossed in an MPEG2 codec taking the food off tables of the poor programmers of PowerDVD, WinDVD, et. al? Apple can use its small marketshare to its advantage, by releasing freakin' cool apps but without having to worry about what the competitors think.

15. Intelligent user organization scheme
-- I simply do not understand the love over the *nix user permissions. Great, you have groups, I understand that, but with out the ACL's that Windows uses, how do you just randomly give someone access to a file? If I have a group, call it everyone_but_bob, and I have it associated with a file, and then I want to give bob access to that file but none of the other files already with the everyone_but_bob group, you have a significant headache to deal with. If you start running Windows in a Limited User role (which is what I'm sure you are really getting at), then ACL's are far more powerful. Take a look at Aaron Margosis' non-Admin Blog for some kickass advice on how to do this today.

1. Send zillions of emails containing enticing links.
2. Watch as zillions of sheeple open said links with Internet Exploder.
3. Ensure your site is equipped with the IE exploit du jour.
4. Install keylogger, steal identity.
5. ??? [obligatory, but unnecessary - why not spend this time in Zen-like meditation contemplating the nature of suffering?]
6. Open anonymous delivery address using stolen identity.
7. Visit any shopping site via r00ted Windows box and stolen credit card number.
8. Profit!

More seriously, why not go and tell the Internet Exploder people to get their house in order. If enough people complain then maybe they'll actually release a patch. Remember, they haven't released a patch for these vulnerabilities for NINETY-SEVEN DAYS.

Yet another critical IE vuln in the wild. What the hell are these guys up to? Go and give them hell and maybe they'll release a patch faster.

Microsoft

Yeah, this guy is sensible. Dismiss him with the contempt he deserves, and go do something more worthwhile - like reading Dilbert or hating on Intarweb Exploder...

Despite being repeatedly asked about them, the Internet Exploder team refuse to answer a simple question: Why have they not fixed their critical security vulnerabilities for over 90 days?

Despite being repeatedly asked about them, the Internet Exploder team refuse to answer a simple question: Why have they not fixed their critical security vulnerabilities for over 90 days?

Despite being repeatedly asked about them, the Internet Exploder team refuse to answer a simple question: Why have they not fixed their critical security vulnerabilities for over 90 days?

Despite being repeatedly asked about them, the Internet Exploder team refuse to answer a simple question: Why have they not fixed their critical security vulnerabilities for over 90 days?

Despite being repeatedly asked about them, the Internet Exploder team refuse to answer a simple question: Why have they not fixed their critical security vulnerabilities for over 90 days?

Despite being repeatedly asked about them, the Internet Exploder team refuse to answer a simple question: Why have they not fixed their critical security vulnerabilities for over 90 days?

I'm responsible for accessibility and user interface consistency across Visual Studio, hence my interest in this topic

It's interesting to note that blind users aren't the only ones who can benefit from screen readers. I was chatting with a program manager with dyslexia recently. She relies on JAWS a good deal of the time; it just makes things easier for her.

As far as more resources go in terms of Microsoft, Accessibility and everything else I highly recommend checking out these resources:

Enable

Sara Ford's old VS Accessibility blog

the new VS Accessibility blog

Blind Programming.com (check out the mailing lists too)

I'm responsible for accessibility and user interface consistency across Visual Studio, hence my interest in this topic

It's interesting to note that blind users aren't the only ones who can benefit from screen readers. I was chatting with a program manager with dyslexia recently. She relies on JAWS a good deal of the time; it just makes things easier for her.

As far as more resources go in terms of Microsoft, Accessibility and everything else I highly recommend checking out these resources:

Enable

Sara Ford's old VS Accessibility blog

the new VS Accessibility blog

Blind Programming.com (check out the mailing lists too)

Office 12 will have open, XML formats, by default. We got the message. http://channel9.msdn.com/ShowPost.aspx?PostID=7332 9

Yes you can.

You just have to know what you're doing, as I suggested in my post.

Well, it's not quite as bad as you claim. I do run as an ordinary user. Aaron Margosis' blog is a great starting point to educate yourself, and I think his PrivBar for Explorer and IE is essential. Create a separate account for each user with admin privs, and use that only for situations that require it. Keeping things like IE and Outlook to a non-Admin account are imperative if you want to mitigate the risk of infection by a trojan.

Running Windows as LUA http://blogs.msdn.com/aaron_margosis/archive/2004/ 07/24/193721.aspx Learn it. Live it. Love it.

In case you never read it before the non-admin blog has a few tips on reducing the amount of back and forth switching ( http://blogs.msdn.com/aaron_margosis/ ).

I've been running as non admin for a good while now. There are plenty of hoops to jump through to get some things done and Microsoft has a long way to go still to make the entire thing painless, but it's doable if you're willing.

Must admit, I don't use VPN to work from a home machine, I don't know. But I'd guess that if you log on locally to a machine that you set up yourself you can decide whether or not your an admin, so you can use fast user switching. Connected to a domain, the domain admin makes that decision, so you can't.

In the VPN case, I don't know what the solution is, but I guess it will annoy a few people no matter what.

Hmm, it turns out that the excellent Old New thing has an entry on it

http://blogs.msdn.com/oldnewthing/archive/2003/11/ 21/55799.aspx

Must admit, I don't use VPN to work from a home machine, I don't know. But I'd guess that if you log on locally to a machine that you set up yourself you can decide whether or not your an admin, so you can use fast user switching. Connected to a domain, the domain admin makes that decision, so you can't.

In the VPN case, I don't know what the solution is, but I guess it will annoy a few people no matter what.

Hmm, it turns out that the excellent Old New thing has an entry on it

http://blogs.msdn.com/oldnewthing/archive/2003/11/ 21/55799.aspx

"I know that I have a huge bias here, but I really think that MS is doing a really great thing when it comes to RSS. The beautiful part of it is that amount of work that an application developer no longer has to do. I think that RSS is going to be so much broader because MS is putting the work they are doing into the platform. The nice part is that this is not novel work... soon you'll see these kind of platform investments in every platform. The surprising part is that any one else could have done the work first, but MS did. I think this may be the first time in a long time that MS has done something big that other people will emulate. Because knowing what RSS is and parsing XML for a dev is absolutely useless. It's like knowing how to handle a TCP/IP packet. It's the start of a brand new world. And when you can synch your databases, web directories, book marks, photos, calendars, reports, contacts, sales pipelines and everything else you can think of over RSS, you can have announcements like this to thank for kicking it off."

take a look at this link for info on how to run as admin with explorer

http://blogs.msdn.com/aaron_margosis/archive/2004/ 07/07/175488.aspx

this blog has many other useful tips for running as limited user

Actually the best way is to use Fast User Switching. Have an Admin account and your normal one. Do Adminy stuff in the Admin account and everything else in the normal one. Once you get used to it, it's a couple of keystrokes to flip between the two. Unlike Run As, the two zones are on different desktops, which means that you're invulnerable to Shatter attacks windows running with admin privileges

Here's a good blog with much more info

Some people even prefer this to su.

Video: http://channel9.msdn.com/ShowPost.aspx?PostID=8053 3

I agree totally.

I watched that video over at http://channel9.msdn.com/ShowPost.aspx?PostID=8053 3 and was just annoyed at their excitement (excrement?) over their great new innovation!

When's Bill gonna line up the drones for their cool aide, all Jim Jones style? These people won't hesitate.

... creepy freaks.

This is a good move by MSFT, but their lack of respect for web developers is ridiculous.

Markus Mielke, quite possibly the most braindead member of humanity ever to use a computer, seems to think that separating content from presentation is wrong. See here for details. Even worse, the article he links says the reason is that CSS3 is not ready. This is despite the fact that the IE team won't even support CSS 2.1 fully in IE7! Yes, they might have fixed Peekaboo and Guillotine, but how about :hover for all elements? Or any semblance of support for floating elements? And they simply seem incapable of giving a straight answer!

Dave Massy, senior program manager and all round idiot, in comments to this article, says that support for MathML and SVG should be left to 'experts', never answering the very pertinent query about why Microsoft isn't an expert in web technologies.

Why not go over to the IEBlog and let them have a piece of your mind?

This is a good move by MSFT, but their lack of respect for web developers is ridiculous.

Markus Mielke, quite possibly the most braindead member of humanity ever to use a computer, seems to think that separating content from presentation is wrong. See here for details. Even worse, the article he links says the reason is that CSS3 is not ready. This is despite the fact that the IE team won't even support CSS 2.1 fully in IE7! Yes, they might have fixed Peekaboo and Guillotine, but how about :hover for all elements? Or any semblance of support for floating elements? And they simply seem incapable of giving a straight answer!

Dave Massy, senior program manager and all round idiot, in comments to this article, says that support for MathML and SVG should be left to 'experts', never answering the very pertinent query about why Microsoft isn't an expert in web technologies.

Why not go over to the IEBlog and let them have a piece of your mind?

This is a good move by MSFT, but their lack of respect for web developers is ridiculous.

Markus Mielke, quite possibly the most braindead member of humanity ever to use a computer, seems to think that separating content from presentation is wrong. See here for details. Even worse, the article he links says the reason is that CSS3 is not ready. This is despite the fact that the IE team won't even support CSS 2.1 fully in IE7! Yes, they might have fixed Peekaboo and Guillotine, but how about :hover for all elements? Or any semblance of support for floating elements? And they simply seem incapable of giving a straight answer!

Dave Massy, senior program manager and all round idiot, in comments to this article, says that support for MathML and SVG should be left to 'experts', never answering the very pertinent query about why Microsoft isn't an expert in web technologies.

Why not go over to the IEBlog and let them have a piece of your mind?

Video: http://channel9.msdn.com/ShowPost.aspx?PostID=8053 3

Dean then started to talk about the power of the enclosure element in RSS 2.0. What is great about it is that it enables one to syndicate all sorts of digital content. One can syndicate video, music, calendar events, contacts, photos and so on using RSS due to the flexibility of enclosures.

Amar then showed a demo using Outlook 2003 and an RSS feed of the Gnomedex schedule he had created. The RSS feed had an item for each event on the schedule and each item had an iCalendar file as an enclosure. Amar had written a 200 line C# program that subscribed to this feed then inserted the events into his Outlook calendar so he could overlay his personal schedule with the Gnomedex schedule. The point of this demo was to show that RSS isn't just for aggregators subscribing to blogs and news sites.

I just watched the channel 9 video and it looks to me like they're doing some really interesting stuff with RSS.

The extensions they're talking about are cleanly done, and actually useful.

They're also talking about a central RSS feed list within Windows, which several apps can talk to in order to extract data. So you don't have to have a list managed by thunderbird, a separate one managed by firefox, etc. - you just grab it from the OS, and you don't need to worry about fetching, parsing and so on - it just becomes a data store.

ISTM that this has good implications for users and developers. Would be a good thing to have in other OS platforms too.

And when you can synch your databases, web directories, book marks, photos, calendars, reports, contacts, sales pipelines and everything else you can think of over RSS, you can have announcements like this to thank for kicking it off.

http://channel9.msdn.com/ShowPost.aspx?PostID=8053 3

Amazingly good discussion and demos!

The question is: How much is going to take IE6 to be ACID2 compliant?

The question is: How much is going to take IE7 to be ACID2 compliant?

The question is: How much is going to take IE8 to be ACID2 compliant?

Yes, it will be the default for Office 12, and it will be backported for Office XP and 2000 as a patch, read it here.

Compatible or not, historical reasons or not IE7 would be the time ti finaly do the right thing, guess they are going to do. At least they aren't sticking Mozilla/5.0 there...

Monad looks to have lots of hooks into the Windows kernel and various low level functions that simply aren't available as an independent utility.

What? MSH has absolutely nothing to do with the Windows kernel. Perhaps you've mistaken its "native" access to things like the registry as "hooks into the Windows kernel". That functionality is not "built-in", but available through a default set of "providers". You can write your own provider to add new functionality. Similarly, most of the functionality of the shell itself is not built-in, but provided by a bunch of default cmdlets (small bits of code either provided in a .NET assembly or even written as a MSH script that perform some task). Where in unix you'd write an application like grep or a small script to process some data, in MSH you'd write a cmdlet. Like unix providing you many useful bits by default like grep, awk, cut, or sed, MSH provides a bunch of useful cmdlets by default like select-object, where-object, or sort-object.

Off-topic about names: Monad/MSH follows a "verb-noun" standard. Thus what would be "sort" in unix is "sort-object" in MSH (beause it "sorts" a bunch of "objects"). As many others have pointed out, you can use aliases to make these names shorter (MSH ships with a bunch of default aliases to provide both dos-like and unix-like functionality).

The "X11 sucks" thing is sort of a red herring. The real problem is that these things just don't look, feel or behave like Mac programs. Microsoft learned this lesson about 10 years ago with Word 6, and it's incredible to me that other big projects (e.g. Firefox) are treading the same doomed path today.

In Windows, you can run javascript standalone as a text app with cscript.exe as in cscript blah.js. (Recently noticed this in an example.)

They've already fixed the PNG alpha channel bug and it will be part of Internet Explorer 7.0.

You can have PNG transparency in Internet Explorer today, it's been possible since the 90s. Transparent is when the alpha channel is 0 (completely invisible).

Typical slashdot ignorant idiot.

IEBlog on PNG transparency
"The modifications to IE's image pipeline were required because transparency in IE has historically only included palette based transparency or binary transparency. The data structures and image formats necessary to pass around more complex transparency information were not available. Adding this information to the pipeline involved touching how all of the image decoders worked and were displayed. Additionally, functionality to perform the alpha blending needed to be hooked in."

Remember that IE6 is feature frozen right now, and is in a state of security fixes only. All of the new stuff is going into IE7.

Believe me, I would rather just use a different browser (one has security holes of its own. As much as the creators of firefox would like to believe they have the perfect browser, any major piece of software is going to have bugs.

The smart developers call these bugs... features :)

The truth is though, most people don't know about anything other then ie. Why else would it show up with more then 80% of the hits on the websites we run. People don't like change. They like ie because it works out of the box with Windows. No extra installing, no "scary" configurations, no extra work on their part. If you want to convince people not to use ie, don't post messages on /. discussing the various security holes involved with png images. Go out and convince MS to stop packaging it with their os. Make people have to do a little work to get on the internet. Maybe then they'll start to think a little about what they are doing.

...as well as Google maps, I reckon. Here, see for yourself - this product is based on Terraserver (read, superb terrain photography) and blended nicely with Mappoint. And it is likely to be free.

But back to our topic: I think the next "who" Google must buy is be Microsoft ;-P

It wouldn't surprise me if Microsoft actually lose money on certification itself, since the big win would be reducing system crashes and support calls. Ie the whole driver certification programme is more of an investment than an expense.

Some of us know enough about computers to debug system crashes, and pinpoint the problems so we can avoid buying hardware from vendors who write crap drivers again. For most people, however, it isn't a possibility, and the only way for the developers of an OS to be certain drivers are good is to write them themselves (like most Linux/BSD drivers). We can't have the proverbial cake and eat it too. :-(

There's a difference between 30 years of bad design, none of which has ever been discarded, and a 30 year old design that's been refined, repaired, with bad ideas like multiplexed files and System V networking and maybe a hundred different IOCTL and FCNTL calls discarded and replaced.

In 1975 the PDP-11 had a complex instruction set and 8 16-bit data registers. That was actually pretty advanced for a processor: in 1975 Intel's top of the line CPU had a relatively simple instruction set and 3 16-bit register pairs for data. In 1980 the x86 had a complex instruction set and had upgraded to 4 16-bit data registers, while the VAX (which replaced the PDP-11 as the most common UNIX platform) had a complex instruction set and 16 32-bit data registers. By 1995 the x86 had a complex instruction set and 8 32-bit data registers, while a typical RISC processor running UNIX had 32 to 64 data registers, 32-64 bits wide. In 2005 the x86 still has 8 32-bit data registers, and the main reason the Opteron (x86-64) gets better performance than Intel processor is that it's got 16 of them... like the VAX did in 1980.

Which is why little companies or unimportant divisions of big companies can spend a fraction of the resources on their processors and still keep up with and often surge ahead of Intel's heroic efforts to make the x86 go fast.

In 1975 the big OS for personal computers was this new thing called CP/M. In 1980 IBM came out with a new personal computer, and Microsoft bought a clone of CP/M and improved it a bit and called it MS-DOS. Within a year you had a choice of real CP/M or this clone of CP/M to run on it.

In 1983 Bill Gates released MS-DOS 2.0, which incorporated features from Microsoft's high-end OS, Xenix, Microsoft's port of UNIX to the 8086. There were obvious differences, for example CP/M had used "/" as an option character because the folks at Digital Research and Microsoft were used to DEC's mainframe and mini OSes which used "/" that way... so MS-DOS 2 used "\" for the path separator so old CP/M software would still run, although it did make it more of a pain to use file names in Microsoft's newly-released C compilers because "\" was the escape character.

Microsoft abandoned Xenix within a couple of years because Macintosh and Windows became his new big idea. So they never regularised the path separators, and people are still finding security holes in Windows programs today because of this decision made in CP/M 30 years ago.

But... MS-DOS now had Xenix file handles and error codes. Now it happened that both MS-DOS and UNIX returned an error code of 2 when you tried to open a file that didn't exist. And in both MS-DOS and UNIX file handle 2 was standard error, where error messages were written. But... in Xenix, the return from an "open" when an error occurred was -1, and an error code was returned as a separate value in a variable called "errno" (these days "errno" is usually a macro or a function that returns the error from the current thread). In MS-DOS there was a separate error flag, and the return value from the call was either the file handle or the error number.

This turned out to be a problem: one MS-DOS program made a mistake parsing a file name and tried to open a zero-length string as a file. It failed to check the error flag on opening a file and treated what it returned as a file handle, so by chance it wrote a message to file handle 2 when it got an error code of 2, and the combination of these two bugs meant the program seemed to work. In Windows 95, the return code changed to a 3 and the program quit working.

When someone at Microsoft figured this out, rather than say "fix your program" Microsoft changed Windows to return error code 2 when this particular combination of events occured. This special case code is still in Windows today. Windows is full of special cases like this, so that some 25 year old program that probably nobody uses any more won't hang. Microsoft co

I think the bigget problem is that the programmers would *LIKE* to be architects, but they don't get the time. Or they do manage to draw up a solid blueprint and then the client writes all over it in crayon as the concrete is being poured. Reminds me of that amusing essay If Building Architects had to work like Software Architects.

3-5 more years to complete and they already have shirts with the logo on it. http://channel9.msdn.com/ShowPost.aspx?PostID=2679 5

Guess we know why Windows costs so much.