I think the biggest problem is how the Windows Automatic Update feature is turned on by default on everyone's machines.
Note that the Automatic Updates feature has three possible configurations.
1) Notify before downloading, notify before installing. This is the most conservative as user intervention is required twice along the way.
2) Download updates automatically, notify before installing. This is probably the best of the three options as it will trickle all updates down to your computer using unused bandwidth and then prompt you to install when everything is there. User still has FULL control over which patches get installed. This, by the way, is the default setting for Windows 2000 and Windows XP.
3) Download updates automatically, install them automatically on a preset schedule. For complete hands-off system administration, let Microsoft have full control over your machine. Not recommended but available anyway.
Of course it can be turned off completely or never installed in case you never want to deal with automatic patching.
If MS releases a bug fix, the only way to retrieve it is through Windows Update
The "Windows Update-only" patches are few and far between. Granted, WU is the most convenient way to patch but 95% of all patches are available from links in the Q-article. Usually the ones restricted to WU are the ones where licensing agreements prohibit public download, as in the case of the Java VM included in Windows.
you don't know what else they slipped in,
The Q-article associated with the patch always provides a patch manifest which details exactly which files are being replaced and with what version.
you often must have all the other service packs/hotfixes installed first
Service Packs have never had any prerequisites other than the OS itself. Generally the only prerequisite for a patch is one of the latest *two* service packs.
and (this is the really irritating part) it may change your EULA if you choose to install it. If you don't accept the new EULA, you don't get the exploit-fixing critical update you must have to keep your server clean.
EULA's have never changed in patches. The only time your core OS EULA changed was with the introduction of Win2000 SP3 and WinXP SP1, and even then the language was only so that the "Automatic Updates" feature could function properly. Did you know it's possible to not only turn this feature off if you so desire, but you may also elect to never install it in the first place? Just add
AutoUpdate=Off
to the [Components] section of your unattend.txt/winnt.sif file.
BYOPC, otherwise entitled How A Starving College Paid Less For More
Case $42 Foxconn 350W w/ USB ports Mobo $70 Asus A7N266-VM AA Proc $50 AMD Athlon XP 1700+ HSF $12 CPU Fan Diamond 2000 RAM $50 PNY 256 MB DDR 266
-coupon -$15
-MIR -$30 HDD $120 Maxtor 120 GB 7200 RPM
-coupon -$20
-MIR -$40
-refund -$25 for late delivery CDRW $60 Lite-On 52x24x52 CD-RW
-MIR -$50 Kybd $20 Microsoft Internet Keyboard
-refund -$20 for late delivery
Total: $224
Yes, I already had a mouse, so that didn't cost anything. The steals really were the Ram ($5) and the CDRW ($10) - a top of the line Lite-On burner. Most stuff was ordered online from Staples or Newegg. Staples ALWAYS phucks up delivery but usually it only takes an hour for them to pay for their mistakes. Newegg on the other hand despite being ~1000 miles away gets stuff here the 2nd day after I order.
I've since upgraded to a AMD 2.4 GHz and 2x512 RAM for fairly cheap by selling the family my parts and buying new ones. Oh and $40 for a Lite-On DVD-ROM. Got a 17" CRT for about $100 after rebate and I'm pretty happy. Now if I can just find a deal on an LCD...
Quite a few posters have pointed out that in the latest desktop version of OFOS (our favorite operating system) thumbnail view is turned on by default in folders containing mostly pictures, exposing the contents of the images to users who took no explicit action to open the images.
It may also be worth pointing out that if thumbnail view is turned on on the folder ABOVE said folder containing images, the icon for the subfolder will display a small "sampling" of that folder's image content. Not only do you not have to open the files explicitly, you may not even have to open the actual folder! It's blinding easy to stumble across content without looking for it.
When I'm asked to fix someone's computer, backing up and restoring all of the users documents is sometimes the best plan of action. I always confirm this explicitly with the user before taking any action, but even after that, I try to have the user there confirming everything I copy usually on a folder-by-folder basis. It's not worth my time and resources to copy the whold HDD (including gigs of temp files and OS data that will be reinstalled), but I'm not dissecting their latest research paper either. In any case, I usually take a very technical view of what I'm doing and most of the time can't remember any of the file/folder names I encountered.
For what they're made of, the discs are a bit overpriced here. For now the effect seems to be at least in part due to short supply - quite a few people got DVD recordable drives for Christmas or are buying new computers with the drives included. At my local office supply/computer store, a 3 pack of Memorex DVD-R discs cost me $13 - that's $4.33/disc. Buy no-name discs (Optimum 5-pack for $20) for a small discount, or the real way to save, buy in bulk. About the only brand that consistently works well for me (others will likely attest to this as well) is Ritek, and I like to get the 4x ones so as to reduce burning time. Rima.com has a terrible, ugly web site but they have great prices (comparatively anyway) - a 25-spindle for $2/disc or as low as $1.75/disc for a 100-spindle. Of course, I don't have $175 to blow on dvd-r's at the moment. I'm saving up for Lite-On's DVD recordable drive, due out in May or June, and hoping media prices drop dramatically on dvd media RSN (real soon now).
...is fundamentally flawed. We as consumers believe that when we pay $100 for an item with a $50 mail-in rebate at the checkout counter, we are actually handing our money to a responsible adult. We delude ourselves into thinking that because the cashier has a GED and a name badge that our money will be treated with care and direction. Herein lies the problem. I equate the "rebate processing center" with the gross motor skills of a toddler and the mental abilities of a 5-year old kindergartener. Please don't mod this up as funny as I am 100% serious. Let me explain.
Responsible, coherent adults would be able to open an envelope without spilling (and losing) the contents. I think you can imagine how 3 small pieces of paper would fare in the hands of a 3-year old. My experience shows that not stapling the receipt and UPC to the rebate form decreases my chances of receiving a check by approximately 50 - 75%. I *always* staple everything together.
A mature, healthy employee would be able to open perhaps hundreds of envelopes a day and input the name and address contained therein to a computer. Any parent of a kindergartener knows that important notes get sent home pinned to the child's back because of the tendency for such easily-distracted hands to part with said notes. I make photocopies of EVERYTHING I send in - the complete rebate form, receipt, UPC, serial numbers, you name it. Usually I do it right at the postal center and I make a note on my copy of when I sent it. This helps some slow-moving rebate centers to suddenly "find" my rebate submission.
A normal, honest adult would always inform me if he intended to default on a loan of any amount. A child's mind is much more likely to forget or dismiss thoughts of repayment. If I have to call someone up to "remind" them of their outstanding debt to me, I consider that more the behavior of an elementary school student than a responsible, helpful employee. Keep a file of your outstanding rebates and don't assume that the folks holding your money are any more responsible than the snot-nosed kid down the street.
I've found that meticulous preparation and documentation on my part, combined with rigorous follow-up has gotten my rebates every time. It helps to have the right mentality and to know who you're dealing with.
Someone should tell these guys about it. What they advertise as "ultra high speed internet access" is actually a great 100 Mbit LAN connection...to the other residents of the apartment complex. Connection to the internet? Capped at 64 kbps. Yes, you read that right... 64 kilobits per second. As in, slightly faster than your 56K modem. On a good day.
I tried to call them on it, but the apartment won't take responsibility ("we're not the network guys, we just pay for it") and the actual ISP won't either ("we just provide what they pay us for"). It infuriates me because I think the ISP is trying to pull a fast one on the apartment complex and the complex just doesn't know any better. Even the head technician claims that 64k is two to three times faster than 56k cause it's full-duplex (doesn't help my download speed) and ethernet means reduced latency (still doesn't help my big downloads).
Someone get Cogentco to come to Utah. Now *that's* what I consider "ultra high-speed internet!"
In the land before time, or rather, the world of software before Windows XP, Microsoft OS's didn't require activation, but they did require CD Keys. Mostly this was a fiasco as ANY legitimate cd key could be used ANY number of times for that version of the software. Many will remember the NT4 days and the ever-popular 111-1111111. Microsoft got smarter for Windows 2000, but not by much. The not-so-easily-forged 25 character cd key introduced with Windows 98 was used, which at the very least prevented people from making up cd keys. However, it was soon discovered that with a simple change of no more than TWO characters to an easily-editable text file, the cd key requirement could be eliminated! Toss those keys away! This one made it super convenient to install Windows, and the piracy raged on. This hole is still wide open, even with the latest service pack.
Microsoft did start wising up, however. Summer of 1999 saw the first ever "activation" efforts implemented in Microsoft Office 2000 in certain markets, notably US education, Australia, and New Zealand. This was a successful pilot program and with the release of Office 2000 SR-1 in summer of 2000, all retail versions of Office 2000 incorporated this technology (known back then as "registration.") This, too, however, was quite simple to defeat using a corporate install feature normally reserved for large-scale deployments.
The release of Windows XP saw another big step forward for Microsoft's anti-productivity tools (excuse me, "anti-piracy efforts"). Same 25-character cd keys, but you have to "check in" with Microsoft to verify you haven't handed the key out to 25 of your closest friends. Windows XP activation is actually quite a bit more lenient than most people realize... you can change a significant amount of hardware and not be forced to reactivate, and the biggest secret is that if you don't check in with MS Activation servers for a period of 4 months, they'll wipe your history clean and you can activate anew with ANY hardware configuration. Enough room for even the heaviest geek to make all the changes he wants.
Once again, however, product activation was easily defeated. It wasn't long (well before the retail release for that matter) before someone got ahold of a corporate copy (no activation required) and let it loose on the net. The biggest change with Windows XP was that the difference between retail and corporate versions was a whopping 10 files, including one that was almost 13 MB. Not so easy to make your retail copy activation-free, but it can be done. The ramifications were clear: there was to be no more swapping of retail and corporate keys. It was too easy for Joe User to find a few characters on the net and defeat all the anti-piracy efforts MS had spent months developing.
And here's where we connect with the article. First of all, cd keys to install Windows Server 2003 have been out since before it was originally posted on MSDN (which, by Microsoft's own admitting, was less than 4 hours after RTM). The problem was, all those cd keys were from retail distributions which required activation. Yes, a "reset" patch was quickly coded which virtually made the activation requirement non-existent, but these things have been known to have been "corrected" in service packs. The public was clamoring for a "corp" release, which would eliminate the activation altogether. Insiders had access to the corporate release but it was worthless without a key... a key somebody was probably going to lose their job for if they divulged it. Almost a week went by, and then early yesterday morning, a key was located and the corporate release has been forthcoming. This wasn't the first key and it's not the only key, but it is special in that it is the first "volume license," or "corporate" key to be released.
The article fails to mention that the key MUST be matched with a corporate release. Once again, the unique files from retail and corporate editions are about 13 MB, but those files can be found on the web in
It is indeed possible to create a multi-bootable Win2000 or XP CD with your own utilities on it. I followed the general instructions at this site to make my own Windows 2000 SP3 integrated Pro/Srv/AdvSrv CD, with bootable menu. The CD boots up and I can choose to install any version of Windows 2000, or I can choose the Win98 bootable floppy image to work with Dos utils. I include on the CD the floppy copies of Norton Ghost, Partition Magic, NTFSDos, McAfee, SpinRite, and a few other small utils. It's also got menu options to boot the floppy image of Tom's Most Boot (linux boot disk mentioned in an earlier post) or to simply boot from the HDD. I do the same thing with Windows XP.
It's a *very* complex process but if you put the effort in it's well worth it. The secret to making Win2000/XP do an unattended install is to make your unattended file name winnt.sif and put it in your i386 directory. No floppy needed like MS would have you believe. I do this mostly so I don't have to type that $@^# cd key every time I want to install a copy of Windows.
I haven't tried it yet but if you cut out the crap you don't need from Win2000 and WinXP (language files etc) you might be able to combine both those into a massive everything-in-1 CD.
I attended one of these events last semester at my school and they did the same basic thing. Everyone (600 or so) who showed up got a goodie bag with a paper pad and pen, poster, and copies of VS.net academic edition (more on this later) and Windows XP Pro.
The event was *obviously* geared to getting people excited about using Visual Studio.net and to get them to go home and try it out as soon as possible. The closest thing we heard about licensing was that we would "find copies of VS.net and Windows XP in our bags" in exchange for a "promise that they won't end up on eBay."
Our bags, however, did include a copy of a EULA for Visual Studio. The CD's are a set of 6 cd's: Visual Studio Academic Edition (AE), with plain brownish printing on the front - no hologram. The AE CD's are identical to the Visual Studio Pro product except for the extra "Student Tools" CD which has special learning projects and stuff geared more toward command line programs (since that's where beginning students usually start). The license included was a 4 page AE Eula dated December 2001 (part no. X08-69090) and an accompanying "addendum" dated February 2002 (part no. X08-74675) which spelled out that you could only install on up to 3 computers and that activation was mandatory. One clause states that "There are technological measures in this Product that are designed to prevent unlicensed or illegal use of the Product. You agree that we may use these measures." Basically, I'd say that if you can activate the thing, call that your "license" since these "technological measures" will "prevent unlicensed... use."
The copies of Windows XP we got were the standard media fulfillment "Illegal without separate license" hologram copies that you can get if you call up Microsoft and say you lost your CD. For a small fee ($15 - $25) they'll send you a new CD set. The Windows XP CD's included no license, but as we are all aware of, include the nefarious 1-computer only activation checks.
I couldn't believe that they were giving away the software so freely until I realized that the cd and the software within is of no worth if you can't activate it. I consider the cd key on the back to be the closest thing I have to a license as it is guaranteed to be unique and MS no doubt tracks what key ranges go to what venues.
Any character followed by a dash at the front of an MS email address denotes "not a full-time Microsoft employee." There are several classes of what is sometimes referred to as the "dash trash" at Microsoft.
v- means a contracted employee. They aren't employed directly by Microsoft but by an agency Microsoft has contracted with for manpower. Normally they stay up to one year, working on the more mundane jobs such as boring coding or testing. These types of employees wear the same sort of badges as regular FT employees but the border around their face is orange as opposed to the normal blue. Can be let go at any time but many apply for full-time positions before then. The "v" comes from one of the original agencies Microsoft used for manpower called "Volt."
t- is used for interns. They get the same blue border on their ID badges as the full-timers and most of the benefits. No, I don't know why they don't use "i."
a- is used for "admins." Not so much administrators as facilitators. They do things to keep the full-time employees happy. They get your office set up, make sure you have all the right hardware, arrange the Friday afternoon parties, etc.
I can't recall now but I believe j- also means a contracted employee - possibly those in other areas not directly related to software development (ie hr/payroll/etc).
No dash, by the way, is used for full-time employees, or any alias that forwards to a group mailbox or to several people.
ROT13 is based on the fact that there are 26 alphabetic characters. By adding 13 to any character value, you get a letter exactly halfway 'later' in the alphabet. The advantage is that if you do it again, you get the original text.
The translation: An empty password will pass this check because the code uses the length of the user entry, not the length of the correct password. Other potential problems (buffer overflows, etc.) are left as an exercise for the reader. [Shameless plug: If you enjoy problems like this, have strong security experience, communicate well, and want a job at a fun (and profitable) company, visit http://www.cryptography.com/company/careers.html.]
I spent a few years overseas in the Philippines and rather like the system they have going there.
Anybody can make the actual cell phone but nearly everyone uses a Nokia. Price varies inversely proportional to the size but phones can be had for around $50 - $100. Buying the phone requires no contract, no ID, no commitment, no hassle, and most of all no forms. Just beg, borrow or steal your way into a phone.
Once you have the actual phone, it needs a "sim card" to function properly. This is basically just the gold-plated chip you see embedded in smart cards - but it's just the chip. This is the phone's identity - a phone number is associated with the sim card, and it can also store your phone number list and other small tidbits of information. These are usually under $10. They key point is the sim card is made to be user-replaceable. Once again, no activation, contract, or commitment required.
Sim card goes into back of phone, and all you need are some prepaid cards. There are really only 2 service providers, so you just have to buy a corresponding prepaid card (sold literally on and in between every street corner) from a reseller. When you type the 16-digit code from the back of the prepaid card into your phone, it authenticates and then stores the value onto your sim card.
The system is great because it's completely anonymous, there are no service fees, and most of all, changing phones is as easy as popping the sim card out of the back and into the new phone. Changing providers requires the purchase of a new sim card (= new phone number) but the competition is so stiff between the two that rates and coverage are virtually identical.
The major drawback to the system is that since the phone number can be replaced so easily and cheaply (simply buy a new sim card), theft is a major problem. The phones are all GSM phones which is some dumb acronym, but the Filipinos jokingly equate GSM with "Galing sa Magnanakaw" or "coming from a thief," since practically any phone on sale outside of a mall is stolen.
Yup, I was one of them. I landed an internship for the giant in the summer of 2000. Here's my take on what happened:
The Interviews: One phone interview with what I later learned was an HR rep took about 90 minutes. She mostly asked generic thinking questions, encouraging me to think aloud. Stuff like "If you could build your own movie theatre, what would it be like?" A couple of days later, I heard from an actual recruiter who said they'd like to interview me in person. At many of the larger schools, a Microsoft interviewing team will actually visit the campus, but in this case, they flew me up to Redmond. Got a sweet 4 day trip - one day to fly up, one day to interview, one day to hang in Seattle, and flew back on the last day. I will have to say that the interview day was without doubt the most grueling day of my entire life. I was directed to show up at campus at about 8:30 AM. Since I had been provided a rental car and hotel room about 3 minutes away, this wasn't a problem. I spent the first interview with another HR recruiter (Brian Schneider actually, who was quoted in the article). He mostly prepped me for the day, telling me to always remember who the audience was for anything I spoke about and to not worry about getting the right answer, just to talk through what I was thinking. I was then shuttled over another building, where the real interview process goes like this. You sit in the lobby, and someone comes out from the back. They take you back to their actual office and spend 45 minutes to an hour with you. After their questions, they lead you back to the lobby. There's two choices after that. If you did well, another employee will come and interview you. If you didn't, the next person to come out will call a shuttle for you back to the HR building, and your day is over. I wasn't that lucky. What they don't tell is that after every interview, the interviewer writes up a short spiel about you and passes the email thread along to your next interviewer. I spent the entire day in 5 interviews. They literally picked my brain to pieces. The only tough development question I was asked was how I would reverse a linked list and I wrote out some pseudo-code. (I wasn't, however, applying for a 'grunt' programmer position, although I do like to code.) The vast majority of the questions were "how you think" questions: how I would design an alarm clock with an unlimited budget, how elevator controls should work, justify my programming of a TV with 5 buttons. Also several "puzzle" questions which I usually had to think about but got an acceptable if not expected answer in the end. Everything was very laid back - the campus dress code is wear something, and everyone has carte blanch over how they decorate their office. I made it home after 6PM and pretty much just curled up in a ball and slept. They make it a point to get back to you in a week, and when they did, I was shocked at the salary. Let me just say that the article cuts the line a little low. (Although not everyone makes the same amount - you do better in a product group with an app that ships and makes money like Office or Windows, than you do in a business group that just manages internal affairs like payroll databases.)
The Summer: I had a blast. Every intern gets assigned a "mentor" who is more of a guide than a boss. You usually take a bit of his/her work and it actually gets assigned to YOU. Whatever decision YOU make is what stands. It's cool cause you can actually make a difference. Of course everything is still subject to peer review but I can recall some decisions I made. [Our product never actually shipped although some reincarnation of it may appear in the future...] The first day I showed up I had an actual office with my nameplate already on it and a computer hooked up and ready to go. I was free to do what I want, really. And contrary to the article, you work your own hours. Literally. I was provided subsidized housing and a subsidized rental car, as well as a pass card that would let me into any building on campus 24 hours a day 365 days a year. As long as I showed up for any meetings I was a part of, I could work as many or as few hours a day/week as I wanted. Still had to get the work done of course, and I did work some *long* weeks, especially when bug or demo deadlines were coming up. They also *threw* money at me. Every time I turned around, someone was dropping a "perk" off at my office... a designer fleece... a picnic backpack... cool stuff you actually use and not worthless corporate "gifts." Oh, and all the drinks are free all the time to all employees. The many kitchens are all constantly stocked with both a Pepsi and Coke fridge.
The Perks: We had free use of the buildings anytime. Quite a few times we hauled a DVD player down to a "conference room" (think small movie theatre size, not nonproductive-meeting-room size) and set it up on the giant projection screen for a movie night. I never got one peep from security, even when playing laser tag across the corporate campus from 11PM - 2AM with half a dozen other interns. Basically if you work there, have it your way. You have many of the same perks as full-timers as an intern. Free bus rides all over the city. This MS "benefit" card that got us and guests free or heavily discounted admittance to TONS of Seattle attractions. The MS shuttle system is designed to get employees to and from the separate buildings but they also make scheduled trips to various outlying areas. It's all free. Oh, and one of the best parts is the MS Company Store. Yes, every version of every software product MS has ever made is freely available on the corporate LAN, most of the time with those @$#& CD-keys disabled. But if you'd like a boxed copy with a real CD and that pamplet that passes as a manual these days, the company store has all current products at a heavy discount. Books and hardware are usually 50% off retail (I picked up quite a few of the Intellimouse Explorers) and software is 90 to 95% OFF retail. That means copies of Windows were $20-25, and full versions of Office were only slightly more. Felt good be legit for once.;)
The Barbecue: Yup, we went to Bill's. Met him, Melinda, and even the kids Jennifer and Rory. Played on their private beach. Swung on the swing set. Ate until we were gorged. Pretty much just hung out for the evening. The classic moment was when I had loaded my plate up (it's a buffet) and was walking back to my seat. A waitress passed by with a mouth-watering plate of the best looking fruit-topped cheese cake I'd ever seen. I immediately swung around, saying "I'm gonna make sure and get me a piece of that before it runs out!" The server just turned around, smiled, and said "Oh, don't worry, we never run out of anything." I was shocked but it turned out to be true. When I went to the dessert table later there was still plenty of everything.
The Secret: All in all, the intern program is lucrative so as to benefit MS, not you. An internship for them is basically an extended interview. They like to give internships to those who are one summer away from graduation. That way, if you do well over your three months, they can snap you up right after graduation. If you don't, well, they only lost 3 months worth of salary on you. It's all about finding the top talent.
Because the value of Windows Update doesn't lie in the fact that it gives you the patches. Its value to consumers is that it will automagically detect what kind of system you have and provide a list of the necessary patches. Yes, it also conveniently lets you install all of them with just one more click, but Microsoft already offers all their patches in downloadable.exe form. The problem is that every time a patch comes out, a user must read the accompanying documentation, determine whether their system is vulnerable, and apply the patch. And this is no easy task. There are patches for Windows (no brainer), Office (mostly a no-brainer) [these are usually obtained at Windows Update's little sister site, Office Update], Internet Explorer (easy enough), IIS (do you know whether it's installed?), the Java Virtual Machine (getting a little tricky now), the HTML Help subsystem (woah), the MDAC components that probably got installed when you installed Windows (what luser knows what MDAC is?), and the FrontPage Server Extensions (sounds like Office, no? don't worry, it's conveniently included in Windows). Oh and if that wasn't hard enough, there are patches that supercede patches, late, missing, or broken patches, patches you think you have to apply twice, the list just doesn't end. Windows Update in its current incarnation can get rid of the user hassle for most of that by moving all of the guesswork out of the luser's hands and into Microsoft's engineers' hands.
Personally, I find the whole patch thing ridiculous. I tried to stay abreast of the current security patches by subscribing to the security mailing list and making my own decision about whether a patch applies. It's impossible. Every time you think you've gotten it right, there's another patch to figure into the situation. I use Windows Update to find out what updates I need, but since the home connection is ridiculously slow, I just make a list and download the.exe's from http://download.microsoft.com. (Search by the KB article #). As long as you save them, the syntax for installing them quietly is mostly uniform, and you can apply them with little hassle next time you install.
This makes me think that this wasn't just a simple human error by a $6/hr data entry clerk but in fact a serious flaw in some programming logic somewhere. Same thing happened to me in reverse. I got a new ATM card in the mail, started withdrawing money within a few days. I was using online banking so I realized by the end of the week that none of the money was coming out of my account. Called them up but they wouldn't tell me whose account my card was linked to for security reasons (despite sending the card and PIN to my address...can you spot which one is the real security risk?). In talking to the family, found out it was actually coming out of my (teenage) brother's account. They eventually straightened everything out by crediting his account but it wasn't easy. Could see a bad SQL statement causing something like this but not being detectable because it only happens within families...? The moral is find another bank.
I believe there's a tool that lets you examine your installation to see what service packs are installed and which aren't. I remember vividly running it last summer and discovering that I was up to date. Tellingly, I can't even find it in their site today.
The tool you refer to is the Microsoft Baseline Security Analyzer. The latest version is 1.1, but Russ of NTBugtraq fame recommends you use a custom definition file in this situation:
I sympathize with those admin'ing Windows boxen. Here's what I've come up with.
The reason your second javavm fix doesn't work before you reboot is that you're already applying an old fix [vm-sfix3.exe]. This is the patch associated with KB article 329077 and Security Bulletin MS02-052. This patch is superceded by MS02-069. After much back and forth with Microsoft Support, I was able to promise my firstborn son in exchange for the following line, which will install the fix quietly and with no reboot:
If you're not satisfied with the default, then by all means change it more to your liking! When I use IE6, I move the toolbars around so they're all on one line. Menu first, small button toolbar next (reduced to back, forward, stop, refresh, home, and print), address bar next. That's 3 *bars on one horizontal line. Turn off the Go button and "lock" the bars to get maximum space for your address bar. Turn off the status bar (in the view menu) and you have quite a large area for browsing. Much more efficient use of screen real estate.
I like the google toolbar myself but you can accomplish much the same thing by going to the search pane (F3 if you're already turned off the button), clicking customize, then click the "Autosearch" button at the bottom. Change it to Google sites and then back out of everything. Then just search from the address bar.
Are you mad that Microsoft is targeting your hobby and livelihood, or are you mad that they're successful at it? Surely there are other (unethical|aggressive) groups (albeit smaller, but that's just the point) targeting your beloved projects, what makes Microsoft the object of your hate?
Well in 1999 when Windows 2000 finished up, the Windows management started working on a roadmap to upcoming Windows versions. Previous codenames were based on cities (Chicago, Memphis, et al.) but for the new ones, the codenames Whistler and Blackcomb were chosen. Both of these are large ski resorts north of MS-headquarters in Canada. Whistler turned out to be Windows NT 5.1 (Windows XP) released in late 2001 (guess where the ship party was at), and Blackcomb is rumored to be NT6.
The Longhorn name, incidentally, (given to the version of Windows that will release between the two) comes from the name of the bar you stop at when traveling between the two mountains...
(2) Did she actually buy XP Pro and Office XP, or did she get that for free as an M$ contractor? That's some pricey software; she must be one hell of a freelance writer to afford it.
Info from a former Microserf: MS Employees (and contractors) are entitled to make purchases at the MS Company Store [physical store on Microsoft campus] or the Online Store at heavy discounts. Full retail packaged copies of all current Microsoft software products are available at substantial discounts. Most software is 90-95% off (yes, that's a 90-95% discount) normal published prices. Makes most of the software worth buying considering you get the media, manuals, and support as there is NO difference between the copies sold at your favorite computer retailer, except that the software has a giant sticker on it "Microsoft Company Store Purchase, Not to be Sold" along with your employee ID number (written when you purchase it). There's also a limit for software purchases... $1000 a year for full-time employees IIRC.
Hardware and books are also available for about 50% off. I'm guessing everything comes out to about cost as is standard for most corporate benefits programs.
Of course, if she was at work, every single Microsoft product ever published, most that haven't, and most works-in-progress are available for free, instant download from network servers.
Slashdot Mirror
I think the biggest problem is how the Windows Automatic Update feature is turned on by default on everyone's machines.
Note that the Automatic Updates feature has three possible configurations.
1) Notify before downloading, notify before installing. This is the most conservative as user intervention is required twice along the way.
2) Download updates automatically, notify before installing. This is probably the best of the three options as it will trickle all updates down to your computer using unused bandwidth and then prompt you to install when everything is there. User still has FULL control over which patches get installed. This, by the way, is the default setting for Windows 2000 and Windows XP.
3) Download updates automatically, install them automatically on a preset schedule. For complete hands-off system administration, let Microsoft have full control over your machine. Not recommended but available anyway.
Of course it can be turned off completely or never installed in case you never want to deal with automatic patching.
If MS releases a bug fix, the only way to retrieve it is through Windows Update
The "Windows Update-only" patches are few and far between. Granted, WU is the most convenient way to patch but 95% of all patches are available from links in the Q-article. Usually the ones restricted to WU are the ones where licensing agreements prohibit public download, as in the case of the Java VM included in Windows.
you don't know what else they slipped in,
The Q-article associated with the patch always provides a patch manifest which details exactly which files are being replaced and with what version.
you often must have all the other service packs/hotfixes installed first
Service Packs have never had any prerequisites other than the OS itself. Generally the only prerequisite for a patch is one of the latest *two* service packs.
and (this is the really irritating part) it may change your EULA if you choose to install it. If you don't accept the new EULA, you don't get the exploit-fixing critical update you must have to keep your server clean.
EULA's have never changed in patches. The only time your core OS EULA changed was with the introduction of Win2000 SP3 and WinXP SP1, and even then the language was only so that the "Automatic Updates" feature could function properly. Did you know it's possible to not only turn this feature off if you so desire, but you may also elect to never install it in the first place? Just add
AutoUpdate=Off
to the [Components] section of your unattend.txt/winnt.sif file.
BYOPC, otherwise entitled How A Starving College Paid Less For More
Case $42 Foxconn 350W w/ USB ports
Mobo $70 Asus A7N266-VM AA
Proc $50 AMD Athlon XP 1700+
HSF $12 CPU Fan Diamond 2000
RAM $50 PNY 256 MB DDR 266
-coupon -$15
-MIR -$30
HDD $120 Maxtor 120 GB 7200 RPM
-coupon -$20
-MIR -$40
-refund -$25 for late delivery
CDRW $60 Lite-On 52x24x52 CD-RW
-MIR -$50
Kybd $20 Microsoft Internet Keyboard
-refund -$20 for late delivery
Total: $224
Yes, I already had a mouse, so that didn't cost anything. The steals really were the Ram ($5) and the CDRW ($10) - a top of the line Lite-On burner. Most stuff was ordered online from Staples or Newegg. Staples ALWAYS phucks up delivery but usually it only takes an hour for them to pay for their mistakes. Newegg on the other hand despite being ~1000 miles away gets stuff here the 2nd day after I order.
I've since upgraded to a AMD 2.4 GHz and 2x512 RAM for fairly cheap by selling the family my parts and buying new ones. Oh and $40 for a Lite-On DVD-ROM. Got a 17" CRT for about $100 after rebate and I'm pretty happy. Now if I can just find a deal on an LCD...
Quite a few posters have pointed out that in the latest desktop version of OFOS (our favorite operating system) thumbnail view is turned on by default in folders containing mostly pictures, exposing the contents of the images to users who took no explicit action to open the images.
It may also be worth pointing out that if thumbnail view is turned on on the folder ABOVE said folder containing images, the icon for the subfolder will display a small "sampling" of that folder's image content. Not only do you not have to open the files explicitly, you may not even have to open the actual folder! It's blinding easy to stumble across content without looking for it.
When I'm asked to fix someone's computer, backing up and restoring all of the users documents is sometimes the best plan of action. I always confirm this explicitly with the user before taking any action, but even after that, I try to have the user there confirming everything I copy usually on a folder-by-folder basis. It's not worth my time and resources to copy the whold HDD (including gigs of temp files and OS data that will be reinstalled), but I'm not dissecting their latest research paper either. In any case, I usually take a very technical view of what I'm doing and most of the time can't remember any of the file/folder names I encountered.
For what they're made of, the discs are a bit overpriced here. For now the effect seems to be at least in part due to short supply - quite a few people got DVD recordable drives for Christmas or are buying new computers with the drives included. At my local office supply/computer store, a 3 pack of Memorex DVD-R discs cost me $13 - that's $4.33/disc. Buy no-name discs (Optimum 5-pack for $20) for a small discount, or the real way to save, buy in bulk. About the only brand that consistently works well for me (others will likely attest to this as well) is Ritek, and I like to get the 4x ones so as to reduce burning time. Rima.com has a terrible, ugly web site but they have great prices (comparatively anyway) - a 25-spindle for $2/disc or as low as $1.75/disc for a 100-spindle. Of course, I don't have $175 to blow on dvd-r's at the moment. I'm saving up for Lite-On's DVD recordable drive, due out in May or June, and hoping media prices drop dramatically on dvd media RSN (real soon now).
...is fundamentally flawed. We as consumers believe that when we pay $100 for an item with a $50 mail-in rebate at the checkout counter, we are actually handing our money to a responsible adult. We delude ourselves into thinking that because the cashier has a GED and a name badge that our money will be treated with care and direction. Herein lies the problem. I equate the "rebate processing center" with the gross motor skills of a toddler and the mental abilities of a 5-year old kindergartener. Please don't mod this up as funny as I am 100% serious. Let me explain.
Responsible, coherent adults would be able to open an envelope without spilling (and losing) the contents. I think you can imagine how 3 small pieces of paper would fare in the hands of a 3-year old. My experience shows that not stapling the receipt and UPC to the rebate form decreases my chances of receiving a check by approximately 50 - 75%. I *always* staple everything together.
A mature, healthy employee would be able to open perhaps hundreds of envelopes a day and input the name and address contained therein to a computer. Any parent of a kindergartener knows that important notes get sent home pinned to the child's back because of the tendency for such easily-distracted hands to part with said notes. I make photocopies of EVERYTHING I send in - the complete rebate form, receipt, UPC, serial numbers, you name it. Usually I do it right at the postal center and I make a note on my copy of when I sent it. This helps some slow-moving rebate centers to suddenly "find" my rebate submission.
A normal, honest adult would always inform me if he intended to default on a loan of any amount. A child's mind is much more likely to forget or dismiss thoughts of repayment. If I have to call someone up to "remind" them of their outstanding debt to me, I consider that more the behavior of an elementary school student than a responsible, helpful employee. Keep a file of your outstanding rebates and don't assume that the folks holding your money are any more responsible than the snot-nosed kid down the street.
I've found that meticulous preparation and documentation on my part, combined with rigorous follow-up has gotten my rebates every time. It helps to have the right mentality and to know who you're dealing with.
Someone should tell these guys about it. What they advertise as "ultra high speed internet access" is actually a great 100 Mbit LAN connection...to the other residents of the apartment complex. Connection to the internet? Capped at 64 kbps. Yes, you read that right... 64 kilobits per second. As in, slightly faster than your 56K modem. On a good day.
I tried to call them on it, but the apartment won't take responsibility ("we're not the network guys, we just pay for it") and the actual ISP won't either ("we just provide what they pay us for"). It infuriates me because I think the ISP is trying to pull a fast one on the apartment complex and the complex just doesn't know any better. Even the head technician claims that 64k is two to three times faster than 56k cause it's full-duplex (doesn't help my download speed) and ethernet means reduced latency (still doesn't help my big downloads).
Someone get Cogentco to come to Utah. Now *that's* what I consider "ultra high-speed internet!"
In the land before time, or rather, the world of software before Windows XP, Microsoft OS's didn't require activation, but they did require CD Keys. Mostly this was a fiasco as ANY legitimate cd key could be used ANY number of times for that version of the software. Many will remember the NT4 days and the ever-popular 111-1111111. Microsoft got smarter for Windows 2000, but not by much. The not-so-easily-forged 25 character cd key introduced with Windows 98 was used, which at the very least prevented people from making up cd keys. However, it was soon discovered that with a simple change of no more than TWO characters to an easily-editable text file, the cd key requirement could be eliminated! Toss those keys away! This one made it super convenient to install Windows, and the piracy raged on. This hole is still wide open, even with the latest service pack.
Microsoft did start wising up, however. Summer of 1999 saw the first ever "activation" efforts implemented in Microsoft Office 2000 in certain markets, notably US education, Australia, and New Zealand. This was a successful pilot program and with the release of Office 2000 SR-1 in summer of 2000, all retail versions of Office 2000 incorporated this technology (known back then as "registration.") This, too, however, was quite simple to defeat using a corporate install feature normally reserved for large-scale deployments.
The release of Windows XP saw another big step forward for Microsoft's anti-productivity tools (excuse me, "anti-piracy efforts"). Same 25-character cd keys, but you have to "check in" with Microsoft to verify you haven't handed the key out to 25 of your closest friends. Windows XP activation is actually quite a bit more lenient than most people realize... you can change a significant amount of hardware and not be forced to reactivate, and the biggest secret is that if you don't check in with MS Activation servers for a period of 4 months, they'll wipe your history clean and you can activate anew with ANY hardware configuration. Enough room for even the heaviest geek to make all the changes he wants.
Once again, however, product activation was easily defeated. It wasn't long (well before the retail release for that matter) before someone got ahold of a corporate copy (no activation required) and let it loose on the net. The biggest change with Windows XP was that the difference between retail and corporate versions was a whopping 10 files, including one that was almost 13 MB. Not so easy to make your retail copy activation-free, but it can be done. The ramifications were clear: there was to be no more swapping of retail and corporate keys. It was too easy for Joe User to find a few characters on the net and defeat all the anti-piracy efforts MS had spent months developing.
And here's where we connect with the article. First of all, cd keys to install Windows Server 2003 have been out since before it was originally posted on MSDN (which, by Microsoft's own admitting, was less than 4 hours after RTM). The problem was, all those cd keys were from retail distributions which required activation. Yes, a "reset" patch was quickly coded which virtually made the activation requirement non-existent, but these things have been known to have been "corrected" in service packs. The public was clamoring for a "corp" release, which would eliminate the activation altogether. Insiders had access to the corporate release but it was worthless without a key... a key somebody was probably going to lose their job for if they divulged it. Almost a week went by, and then early yesterday morning, a key was located and the corporate release has been forthcoming. This wasn't the first key and it's not the only key, but it is special in that it is the first "volume license," or "corporate" key to be released.
The article fails to mention that the key MUST be matched with a corporate release. Once again, the unique files from retail and corporate editions are about 13 MB, but those files can be found on the web in
It is indeed possible to create a multi-bootable Win2000 or XP CD with your own utilities on it. I followed the general instructions at this site to make my own Windows 2000 SP3 integrated Pro/Srv/AdvSrv CD, with bootable menu. The CD boots up and I can choose to install any version of Windows 2000, or I can choose the Win98 bootable floppy image to work with Dos utils. I include on the CD the floppy copies of Norton Ghost, Partition Magic, NTFSDos, McAfee, SpinRite, and a few other small utils. It's also got menu options to boot the floppy image of Tom's Most Boot (linux boot disk mentioned in an earlier post) or to simply boot from the HDD. I do the same thing with Windows XP.
It's a *very* complex process but if you put the effort in it's well worth it. The secret to making Win2000/XP do an unattended install is to make your unattended file name winnt.sif and put it in your i386 directory. No floppy needed like MS would have you believe. I do this mostly so I don't have to type that $@^# cd key every time I want to install a copy of Windows.
I haven't tried it yet but if you cut out the crap you don't need from Win2000 and WinXP (language files etc) you might be able to combine both those into a massive everything-in-1 CD.
I attended one of these events last semester at my school and they did the same basic thing. Everyone (600 or so) who showed up got a goodie bag with a paper pad and pen, poster, and copies of VS.net academic edition (more on this later) and Windows XP Pro.
... use."
The event was *obviously* geared to getting people excited about using Visual Studio.net and to get them to go home and try it out as soon as possible. The closest thing we heard about licensing was that we would "find copies of VS.net and Windows XP in our bags" in exchange for a "promise that they won't end up on eBay."
Our bags, however, did include a copy of a EULA for Visual Studio. The CD's are a set of 6 cd's: Visual Studio Academic Edition (AE), with plain brownish printing on the front - no hologram. The AE CD's are identical to the Visual Studio Pro product except for the extra "Student Tools" CD which has special learning projects and stuff geared more toward command line programs (since that's where beginning students usually start). The license included was a 4 page AE Eula dated December 2001 (part no. X08-69090) and an accompanying "addendum" dated February 2002 (part no. X08-74675) which spelled out that you could only install on up to 3 computers and that activation was mandatory. One clause states that "There are technological measures in this Product that are designed to prevent unlicensed or illegal use of the Product. You agree that we may use these measures." Basically, I'd say that if you can activate the thing, call that your "license" since these "technological measures" will "prevent unlicensed
The copies of Windows XP we got were the standard media fulfillment "Illegal without separate license" hologram copies that you can get if you call up Microsoft and say you lost your CD. For a small fee ($15 - $25) they'll send you a new CD set. The Windows XP CD's included no license, but as we are all aware of, include the nefarious 1-computer only activation checks.
I couldn't believe that they were giving away the software so freely until I realized that the cd and the software within is of no worth if you can't activate it. I consider the cd key on the back to be the closest thing I have to a license as it is guaranteed to be unique and MS no doubt tracks what key ranges go to what venues.
Any character followed by a dash at the front of an MS email address denotes "not a full-time Microsoft employee." There are several classes of what is sometimes referred to as the "dash trash" at Microsoft.
v- means a contracted employee. They aren't employed directly by Microsoft but by an agency Microsoft has contracted with for manpower. Normally they stay up to one year, working on the more mundane jobs such as boring coding or testing. These types of employees wear the same sort of badges as regular FT employees but the border around their face is orange as opposed to the normal blue. Can be let go at any time but many apply for full-time positions before then. The "v" comes from one of the original agencies Microsoft used for manpower called "Volt."
t- is used for interns. They get the same blue border on their ID badges as the full-timers and most of the benefits. No, I don't know why they don't use "i."
a- is used for "admins." Not so much administrators as facilitators. They do things to keep the full-time employees happy. They get your office set up, make sure you have all the right hardware, arrange the Friday afternoon parties, etc.
I can't recall now but I believe j- also means a contracted employee - possibly those in other areas not directly related to software development (ie hr/payroll/etc).
No dash, by the way, is used for full-time employees, or any alias that forwards to a group mailbox or to several people.
ROT13 is based on the fact that there are 26 alphabetic characters. By adding 13 to any character value, you get a letter exactly halfway 'later' in the alphabet. The advantage is that if you do it again, you get the original text.
]
See http://www.allthingsuseless.com/rot13.php to play around with it.
The translation:
An empty password will pass this check because the code uses the length of the user entry, not the length of the correct password. Other potential problems (buffer overflows, etc.) are left as an exercise for the reader. [Shameless plug: If you enjoy problems like this, have strong security experience, communicate well, and want a job at a fun (and profitable) company, visit http://www.cryptography.com/company/careers.html.
I spent a few years overseas in the Philippines and rather like the system they have going there.
Anybody can make the actual cell phone but nearly everyone uses a Nokia. Price varies inversely proportional to the size but phones can be had for around $50 - $100. Buying the phone requires no contract, no ID, no commitment, no hassle, and most of all no forms. Just beg, borrow or steal your way into a phone.
Once you have the actual phone, it needs a "sim card" to function properly. This is basically just the gold-plated chip you see embedded in smart cards - but it's just the chip. This is the phone's identity - a phone number is associated with the sim card, and it can also store your phone number list and other small tidbits of information. These are usually under $10. They key point is the sim card is made to be user-replaceable. Once again, no activation, contract, or commitment required.
Sim card goes into back of phone, and all you need are some prepaid cards. There are really only 2 service providers, so you just have to buy a corresponding prepaid card (sold literally on and in between every street corner) from a reseller. When you type the 16-digit code from the back of the prepaid card into your phone, it authenticates and then stores the value onto your sim card.
The system is great because it's completely anonymous, there are no service fees, and most of all, changing phones is as easy as popping the sim card out of the back and into the new phone. Changing providers requires the purchase of a new sim card (= new phone number) but the competition is so stiff between the two that rates and coverage are virtually identical.
The major drawback to the system is that since the phone number can be replaced so easily and cheaply (simply buy a new sim card), theft is a major problem. The phones are all GSM phones which is some dumb acronym, but the Filipinos jokingly equate GSM with "Galing sa Magnanakaw" or "coming from a thief," since practically any phone on sale outside of a mall is stolen.
Yup, I was one of them. I landed an internship for the giant in the summer of 2000. Here's my take on what happened:
;)
The Interviews: One phone interview with what I later learned was an HR rep took about 90 minutes. She mostly asked generic thinking questions, encouraging me to think aloud. Stuff like "If you could build your own movie theatre, what would it be like?" A couple of days later, I heard from an actual recruiter who said they'd like to interview me in person. At many of the larger schools, a Microsoft interviewing team will actually visit the campus, but in this case, they flew me up to Redmond. Got a sweet 4 day trip - one day to fly up, one day to interview, one day to hang in Seattle, and flew back on the last day. I will have to say that the interview day was without doubt the most grueling day of my entire life. I was directed to show up at campus at about 8:30 AM. Since I had been provided a rental car and hotel room about 3 minutes away, this wasn't a problem. I spent the first interview with another HR recruiter (Brian Schneider actually, who was quoted in the article). He mostly prepped me for the day, telling me to always remember who the audience was for anything I spoke about and to not worry about getting the right answer, just to talk through what I was thinking. I was then shuttled over another building, where the real interview process goes like this. You sit in the lobby, and someone comes out from the back. They take you back to their actual office and spend 45 minutes to an hour with you. After their questions, they lead you back to the lobby. There's two choices after that. If you did well, another employee will come and interview you. If you didn't, the next person to come out will call a shuttle for you back to the HR building, and your day is over. I wasn't that lucky. What they don't tell is that after every interview, the interviewer writes up a short spiel about you and passes the email thread along to your next interviewer. I spent the entire day in 5 interviews. They literally picked my brain to pieces. The only tough development question I was asked was how I would reverse a linked list and I wrote out some pseudo-code. (I wasn't, however, applying for a 'grunt' programmer position, although I do like to code.) The vast majority of the questions were "how you think" questions: how I would design an alarm clock with an unlimited budget, how elevator controls should work, justify my programming of a TV with 5 buttons. Also several "puzzle" questions which I usually had to think about but got an acceptable if not expected answer in the end. Everything was very laid back - the campus dress code is wear something, and everyone has carte blanch over how they decorate their office. I made it home after 6PM and pretty much just curled up in a ball and slept. They make it a point to get back to you in a week, and when they did, I was shocked at the salary. Let me just say that the article cuts the line a little low. (Although not everyone makes the same amount - you do better in a product group with an app that ships and makes money like Office or Windows, than you do in a business group that just manages internal affairs like payroll databases.)
The Summer: I had a blast. Every intern gets assigned a "mentor" who is more of a guide than a boss. You usually take a bit of his/her work and it actually gets assigned to YOU. Whatever decision YOU make is what stands. It's cool cause you can actually make a difference. Of course everything is still subject to peer review but I can recall some decisions I made. [Our product never actually shipped although some reincarnation of it may appear in the future...] The first day I showed up I had an actual office with my nameplate already on it and a computer hooked up and ready to go. I was free to do what I want, really. And contrary to the article, you work your own hours. Literally. I was provided subsidized housing and a subsidized rental car, as well as a pass card that would let me into any building on campus 24 hours a day 365 days a year. As long as I showed up for any meetings I was a part of, I could work as many or as few hours a day/week as I wanted. Still had to get the work done of course, and I did work some *long* weeks, especially when bug or demo deadlines were coming up. They also *threw* money at me. Every time I turned around, someone was dropping a "perk" off at my office... a designer fleece... a picnic backpack... cool stuff you actually use and not worthless corporate "gifts." Oh, and all the drinks are free all the time to all employees. The many kitchens are all constantly stocked with both a Pepsi and Coke fridge.
The Perks: We had free use of the buildings anytime. Quite a few times we hauled a DVD player down to a "conference room" (think small movie theatre size, not nonproductive-meeting-room size) and set it up on the giant projection screen for a movie night. I never got one peep from security, even when playing laser tag across the corporate campus from 11PM - 2AM with half a dozen other interns. Basically if you work there, have it your way. You have many of the same perks as full-timers as an intern. Free bus rides all over the city. This MS "benefit" card that got us and guests free or heavily discounted admittance to TONS of Seattle attractions. The MS shuttle system is designed to get employees to and from the separate buildings but they also make scheduled trips to various outlying areas. It's all free. Oh, and one of the best parts is the MS Company Store. Yes, every version of every software product MS has ever made is freely available on the corporate LAN, most of the time with those @$#& CD-keys disabled. But if you'd like a boxed copy with a real CD and that pamplet that passes as a manual these days, the company store has all current products at a heavy discount. Books and hardware are usually 50% off retail (I picked up quite a few of the Intellimouse Explorers) and software is 90 to 95% OFF retail. That means copies of Windows were $20-25, and full versions of Office were only slightly more. Felt good be legit for once.
The Barbecue: Yup, we went to Bill's. Met him, Melinda, and even the kids Jennifer and Rory. Played on their private beach. Swung on the swing set. Ate until we were gorged. Pretty much just hung out for the evening. The classic moment was when I had loaded my plate up (it's a buffet) and was walking back to my seat. A waitress passed by with a mouth-watering plate of the best looking fruit-topped cheese cake I'd ever seen. I immediately swung around, saying "I'm gonna make sure and get me a piece of that before it runs out!" The server just turned around, smiled, and said "Oh, don't worry, we never run out of anything." I was shocked but it turned out to be true. When I went to the dessert table later there was still plenty of everything.
The Secret: All in all, the intern program is lucrative so as to benefit MS, not you. An internship for them is basically an extended interview. They like to give internships to those who are one summer away from graduation. That way, if you do well over your three months, they can snap you up right after graduation. If you don't, well, they only lost 3 months worth of salary on you. It's all about finding the top talent.
Because the value of Windows Update doesn't lie in the fact that it gives you the patches. Its value to consumers is that it will automagically detect what kind of system you have and provide a list of the necessary patches. Yes, it also conveniently lets you install all of them with just one more click, but Microsoft already offers all their patches in downloadable .exe form. The problem is that every time a patch comes out, a user must read the accompanying documentation, determine whether their system is vulnerable, and apply the patch. And this is no easy task. There are patches for Windows (no brainer), Office (mostly a no-brainer) [these are usually obtained at Windows Update's little sister site, Office Update], Internet Explorer (easy enough), IIS (do you know whether it's installed?), the Java Virtual Machine (getting a little tricky now), the HTML Help subsystem (woah), the MDAC components that probably got installed when you installed Windows (what luser knows what MDAC is?), and the FrontPage Server Extensions (sounds like Office, no? don't worry, it's conveniently included in Windows). Oh and if that wasn't hard enough, there are patches that supercede patches, late, missing, or broken patches, patches you think you have to apply twice, the list just doesn't end. Windows Update in its current incarnation can get rid of the user hassle for most of that by moving all of the guesswork out of the luser's hands and into Microsoft's engineers' hands.
.exe's from http://download.microsoft.com. (Search by the KB article #). As long as you save them, the syntax for installing them quietly is mostly uniform, and you can apply them with little hassle next time you install.
Personally, I find the whole patch thing ridiculous. I tried to stay abreast of the current security patches by subscribing to the security mailing list and making my own decision about whether a patch applies. It's impossible. Every time you think you've gotten it right, there's another patch to figure into the situation. I use Windows Update to find out what updates I need, but since the home connection is ridiculously slow, I just make a list and download the
This makes me think that this wasn't just a simple human error by a $6/hr data entry clerk but in fact a serious flaw in some programming logic somewhere. Same thing happened to me in reverse. I got a new ATM card in the mail, started withdrawing money within a few days. I was using online banking so I realized by the end of the week that none of the money was coming out of my account. Called them up but they wouldn't tell me whose account my card was linked to for security reasons (despite sending the card and PIN to my address...can you spot which one is the real security risk?). In talking to the family, found out it was actually coming out of my (teenage) brother's account. They eventually straightened everything out by crediting his account but it wasn't easy. Could see a bad SQL statement causing something like this but not being detectable because it only happens within families...? The moral is find another bank.
The way I read it, they've acted nine months too early. We've just barely finished December 2002.
The tool you refer to is the Microsoft Baseline Security Analyzer. The latest version is 1.1, but Russ of NTBugtraq fame recommends you use a custom definition file in this situation:
I HIGHLY recommend anyone interested in this read Eric Schultze's post to NTBugtraq.
The reason your second javavm fix doesn't work before you reboot is that you're already applying an old fix [vm-sfix3.exe]. This is the patch associated with KB article 329077 and Security Bulletin MS02-052. This patch is superceded by MS02-069. After much back and forth with Microsoft Support, I was able to promise my firstborn son in exchange for the following line, which will install the fix quietly and with no reboot:
It also seems your list is a little outdated - Security Bulletin MS03-001 came out 3 days ago and applies to Windows XP.
Oh, and in case that's not enough, Microsoft forgot a patch in Windows XP SP1, so you better get that one as well.
If you're not satisfied with the default, then by all means change it more to your liking! When I use IE6, I move the toolbars around so they're all on one line. Menu first, small button toolbar next (reduced to back, forward, stop, refresh, home, and print), address bar next. That's 3 *bars on one horizontal line. Turn off the Go button and "lock" the bars to get maximum space for your address bar. Turn off the status bar (in the view menu) and you have quite a large area for browsing. Much more efficient use of screen real estate.
I like the google toolbar myself but you can accomplish much the same thing by going to the search pane (F3 if you're already turned off the button), clicking customize, then click the "Autosearch" button at the bottom. Change it to Google sites and then back out of everything. Then just search from the address bar.
Are you mad that Microsoft is targeting your hobby and livelihood, or are you mad that they're successful at it? Surely there are other (unethical|aggressive) groups (albeit smaller, but that's just the point) targeting your beloved projects, what makes Microsoft the object of your hate?
...by a long shot. Check out their service agreement. A whopping 237 paragraphs, 31,999 words, and 202,556 characters.
Well in 1999 when Windows 2000 finished up, the Windows management started working on a roadmap to upcoming Windows versions. Previous codenames were based on cities (Chicago, Memphis, et al.) but for the new ones, the codenames Whistler and Blackcomb were chosen. Both of these are large ski resorts north of MS-headquarters in Canada. Whistler turned out to be Windows NT 5.1 (Windows XP) released in late 2001 (guess where the ship party was at), and Blackcomb is rumored to be NT6.
The Longhorn name, incidentally, (given to the version of Windows that will release between the two) comes from the name of the bar you stop at when traveling between the two mountains...
Clever? Or just taking the metaphor too far?
From the faq.
2. Where are you going to store all those CDs?
One million CDs is about 17 tons (we've done our homework). They will be stored in our High-Tech Secure Storage Facility: MyBackYard(tm)
(2) Did she actually buy XP Pro and Office XP, or did she get that for free as an M$ contractor? That's some pricey software; she must be one hell of a freelance writer to afford it.
Info from a former Microserf: MS Employees (and contractors) are entitled to make purchases at the MS Company Store [physical store on Microsoft campus] or the Online Store at heavy discounts. Full retail packaged copies of all current Microsoft software products are available at substantial discounts. Most software is 90-95% off (yes, that's a 90-95% discount) normal published prices. Makes most of the software worth buying considering you get the media, manuals, and support as there is NO difference between the copies sold at your favorite computer retailer, except that the software has a giant sticker on it "Microsoft Company Store Purchase, Not to be Sold" along with your employee ID number (written when you purchase it). There's also a limit for software purchases... $1000 a year for full-time employees IIRC.
Hardware and books are also available for about 50% off. I'm guessing everything comes out to about cost as is standard for most corporate benefits programs.
Of course, if she was at work, every single Microsoft product ever published, most that haven't, and most works-in-progress are available for free, instant download from network servers.