Ah come on, don't be silly. Of course physical access supercedes all other points; that's hardly the issue. Perhaps I should have qualified my point better. Additionally, if SYSKEY has been run against the SAM, this makes this kind of attack orders of magnitude more time consuming, but I think this is enabled by default these days (post NT4).
Yes, what you say is true, but in order to obtain LM hashes, you must be either a domain admin (for AD retrieval) or a local admin. We can then get into a chicken/egg type debate here, but I'm not trying to accuse you of FUD spreading but it seems your point has migrated from "windows sucks" to "windows admins suck". This may well be empirically true, but hardly the point, no?
Not sure I understand you. You seem to be implying that when LM auth is disabled (via local/group policy), it is still exploitable? This is news to me.
The first release of Windows NT, as architected by Dave Cutler of VAX/VMS fame, started at 3.1. The fact that 16bit Windows was at 3.1 at that point is irrelevent. NT was a complete rewrite, hence NT = New Technology. Therefore, it should really have been released as 1.0.
Now if someone decided to port activex over to this new plugin interface, then I'll be worried. But that'd be awfully difficult because, as I understand it, activex is depenedant on large chunks of the windows api.
Hehe, unless that person is a complete masochist with about 15 years to spare, this is not happening anytime soon. ActiveX is a layer on COM/DCOM, so in effect, it's not dependent on the Windows API. But Windows is the only platform that fully supports COM/DCOM.
In both the EJB (Java) and COM frameworks, distributed transactions are managed by an implementation of the Distributed Transaction Processing (DTP) model defined by the X/Open standards group in 1991. I also believe COM itself is entirely licensed to the Open Standards group, so this whole point is kind of ironic: ActiveX is already an open standard...
"What I would love to see is a return to the days when a development environment was automatically included with a system".
Wouldn't we all; but you can't have it both ways. Microsoft were spanked for bundling IE, and we cheered. Don't you think they'd be spanked even harder for bundling VS?
There is one exception: SQL Server 2005 Express. This appears to be free, like MSDE was. Limited to 1CPU, 1GB of ram and 4GB database size. Also has CLR,XML support.
The OS is the BIOS? Either you're trolling [but given your subject disclaimer, perhaps not], or you misunderstand the concept of abstraction layers, and their ordering. The BIOS cannot be dependent on Windows, it sits beneath the OS. The OS is dependent on it. Drivers, in effect, are mini-BIOSs in themselves. They abstract out the different hardware devices to a standard windows API. The BIOS that comes with your machine abstracts out the out-of-the-box components of your motherboard among other things. Sometimes windows drivers talk to the bios, but mostly they skip it altogether.
Yah, I concur. Doesn't look awfully credible, especially when you start using made-up words like "XTreme". That usually sets off the Snake Oil alarm bells for me. It's like seeing an advert for a loan shark^H^H^H^H^H agent, advertised with a new "Turbo Bonus Cashbuilder+ Plus" plan.
Hahaa, what complete FUD. So, I guess you're saying, m$ is, err, cheating?
Regardless of what you think (or the real reasons are), what matters on the desktop is _user experience_. If one user experiences a second-long startup time for Word, versus a 12 second load for Open Office.o, which app are they going pick?
> "Nascar? More like chariot races of Roman times."
With commentators saying things like "I don't care what universe you're from, that's gotta hurt!!!!" (exclamations added for repo of original delivery style): You've got to be kidding me?
> 'What else would you expect him to say? Something cool like "Some friend"?'
I don't fully understand the latter point, but I'll bite: What else would I expect him to say? Anything except what he said. The first 3 films got it right. There was no such appealing to the pathetic slug-like TV nation that is America today in episode 4/5/6. I almosts expected Anakin to wink at the camera and grin cheesily after delivering his lines. The film brims with parody. It's not what the majority of fans of the series want to see. There are plenty of express parodies on Star wars out there without Lucas himself joining the bandwagon.
> "The midichlorians only allow people to interact with the force, they are not the source. Besides, you're kind of repeating your previous point."
We don't need demystifying of the Force. It was fine the first time; you just accept it. I'm not repeating my point, I'm reinforcing it.
> "Luke's haircut throughout was a friggin bowl. And how about Han's fun little hairdo? Another bowl."
Ok, ok, so the bowl-headed children is a pet peeve of mine, but anyway, they gave Anakin a paduan/jedi like haircut when we was older; why o why must kids have bowl-heads in films? GRRRRR.
> "Natalie Portman in a torn form fitting suit will do in a pinch."
Agreed.
Overuse of CGI? That's at the bottom of the list; try:
- ridiculous references to modern times, like themeing the pod race like a nascar race, with stupid anachronistic quotes.
- more in-jokes referencing tv programs, like anakin saying "there's nothing to see here" a la police stereotype at a crime scene
- the removal of the wonder and mysticism of the force by explaining it scientifically, n.b. "midichloreans". This has the effect of forcing the viewer to treat everything that happens as having a real scientific reason, and there are plenty of ridiculous happenings that cannot be explained this way.
- atrocious over acting on the part of Hayden Christensen and Euan McGregor. Hayden for his emotionless portrayal, and McGregor for blatantly trying to retrofit McGuinness's voice style and coming off sounding like he's holding in a sh*t the whole time.
- that ridiculous "bowl" haircut on young anakin. Can't we have one american movie without a bowl-haircut child in it, please?
Then again, I'm talking generically here, about 3rd party s/w, like zonealarm. I'm not saying _all_ f/w s/w is like this. I'm sure there's crap out there that loads up from the startup program group...
"Too bad the firewall software loads *last* in the startup sequence, leaving a gaping hole of anywhere from 20 seconds to two minutes (on a slow machine) when your machine is on the net and unprotected. And during the height of worm activity, that's *more than enough* time to get infected."
Don't presume to think that because you see the system tray icon for the firewall _GUI_ appearing that this is the moment the firewall loads. This is certainly not the case. The firewall is a kernel level driver that loads before the networking subsystem, or as soon as possible after. This can be verifed with free tools (or a little RTFM). Check out the NT tools on www.sysinternals.com; there is one in particular that will show you the load order of device drivers.
Good point, and acknowledged; I was aware of the irony in my post, but at least it wasn't lost completely on the slashbot horde. Frankly, I'm sick to death of IIS/Apache comparisons. There is no fair comparison. Depending on the interests of the comparator, someone will choose IIS 3, or apache 1, or include PHP etc etc to prove their respective points. This will not be the last post on the topic for sure, but I was just trying to show how it's not so black & white.
Anyhow, good to have people like yourself post reasoned replies.
Slashdot Mirror
Ah come on, don't be silly. Of course physical access supercedes all other points; that's hardly the issue. Perhaps I should have qualified my point better. Additionally, if SYSKEY has been run against the SAM, this makes this kind of attack orders of magnitude more time consuming, but I think this is enabled by default these days (post NT4).
- Oisin
Yes, what you say is true, but in order to obtain LM hashes, you must be either a domain admin (for AD retrieval) or a local admin. We can then get into a chicken/egg type debate here, but I'm not trying to accuse you of FUD spreading but it seems your point has migrated from "windows sucks" to "windows admins suck". This may well be empirically true, but hardly the point, no?
- Oisin
- Oisin
You wouldn't feel guilty of downright FUD spreading by saying that, no? ;)
Not sure I understand you. You seem to be implying that when LM auth is disabled (via local/group policy), it is still exploitable? This is news to me.
Please elaborate.
- Oisin
The first release of Windows NT, as architected by Dave Cutler of VAX/VMS fame, started at 3.1. The fact that 16bit Windows was at 3.1 at that point is irrelevent. NT was a complete rewrite, hence NT = New Technology. Therefore, it should really have been released as 1.0.
- Oisin
So, what else can they sue?
CDR/CDRW discs: they facilitate recording pirated music;
Sound Card manufacturers: they facilitate ripping;
Loudspeaker makers: we can hear pirated music through this equipment.
My ears -- yes! sue my ears. They faciliate hearing this music!
Emm, I'm digging now, ehh; why not sew my lips shut too. I can whistle a tune without paying royalties.
See where this is going? DO YOU? DOOO YOU???
- Oisin
Now if someone decided to port activex over to this new plugin interface, then I'll be worried. But that'd be awfully difficult because, as I understand it, activex is depenedant on large chunks of the windows api.
Hehe, unless that person is a complete masochist with about 15 years to spare, this is not happening anytime soon. ActiveX is a layer on COM/DCOM, so in effect, it's not dependent on the Windows API. But Windows is the only platform that fully supports COM/DCOM.
In both the EJB (Java) and COM frameworks, distributed transactions are managed by an implementation of the Distributed Transaction Processing (DTP) model defined by the X/Open standards group in 1991. I also believe COM itself is entirely licensed to the Open Standards group, so this whole point is kind of ironic: ActiveX is already an open standard...
-Oisin
"What I would love to see is a return to the days when a development environment was automatically included with a system".
Wouldn't we all; but you can't have it both ways. Microsoft were spanked for bundling IE, and we cheered. Don't you think they'd be spanked even harder for bundling VS?
- Oisin
It looks like it's aimed at squarely replacing MSDE. It will be free, as in speech, like MSDE was.
- Oisin
The compilers have always been free, or at least for as long as I can remember. This is about an IDE.
- Oisin
There is one exception: SQL Server 2005 Express. This appears to be free, like MSDE was. Limited to 1CPU, 1GB of ram and 4GB database size. Also has CLR,XML support.
- Oisin
The OS is the BIOS? Either you're trolling [but given your subject disclaimer, perhaps not], or you misunderstand the concept of abstraction layers, and their ordering. The BIOS cannot be dependent on Windows, it sits beneath the OS. The OS is dependent on it. Drivers, in effect, are mini-BIOSs in themselves. They abstract out the different hardware devices to a standard windows API. The BIOS that comes with your machine abstracts out the out-of-the-box components of your motherboard among other things. Sometimes windows drivers talk to the bios, but mostly they skip it altogether.
- Oisin
Yah, I concur. Doesn't look awfully credible, especially when you start using made-up words like "XTreme". That usually sets off the Snake Oil alarm bells for me. It's like seeing an advert for a loan shark^H^H^H^H^H agent, advertised with a new "Turbo Bonus Cashbuilder+ Plus" plan.
- Oisin
Hahaa, what complete FUD. So, I guess you're saying, m$ is, err, cheating?
Regardless of what you think (or the real reasons are), what matters on the desktop is _user experience_. If one user experiences a second-long startup time for Word, versus a 12 second load for Open Office.o, which app are they going pick?
It really is that simple.
- Oisin
Way to go botching the html: try here instead.
Jamie "JWZ" Zawinksi (of Netscape dadadodo. It can come up with some pretty funny stuff, he also talks about Boroughs "cut up" theory. - Oisin
> In that everyone who enjoyed episodes 4-7
:D
I'm not trying to be pedantic -- but I am -- but is there one I've not seen yet?!
> "Nascar? More like chariot races of Roman times." With commentators saying things like "I don't care what universe you're from, that's gotta hurt!!!!" (exclamations added for repo of original delivery style): You've got to be kidding me? > 'What else would you expect him to say? Something cool like "Some friend"?' I don't fully understand the latter point, but I'll bite: What else would I expect him to say? Anything except what he said. The first 3 films got it right. There was no such appealing to the pathetic slug-like TV nation that is America today in episode 4/5/6. I almosts expected Anakin to wink at the camera and grin cheesily after delivering his lines. The film brims with parody. It's not what the majority of fans of the series want to see. There are plenty of express parodies on Star wars out there without Lucas himself joining the bandwagon. > "The midichlorians only allow people to interact with the force, they are not the source. Besides, you're kind of repeating your previous point." We don't need demystifying of the Force. It was fine the first time; you just accept it. I'm not repeating my point, I'm reinforcing it. > "Luke's haircut throughout was a friggin bowl. And how about Han's fun little hairdo? Another bowl." Ok, ok, so the bowl-headed children is a pet peeve of mine, but anyway, they gave Anakin a paduan/jedi like haircut when we was older; why o why must kids have bowl-heads in films? GRRRRR. > "Natalie Portman in a torn form fitting suit will do in a pinch." Agreed.
Overuse of CGI? That's at the bottom of the list; try:
- ridiculous references to modern times, like themeing the pod race like a nascar race, with stupid anachronistic quotes.
- more in-jokes referencing tv programs, like anakin saying "there's nothing to see here" a la police stereotype at a crime scene
- the removal of the wonder and mysticism of the force by explaining it scientifically, n.b. "midichloreans". This has the effect of forcing the viewer to treat everything that happens as having a real scientific reason, and there are plenty of ridiculous happenings that cannot be explained this way.
- atrocious over acting on the part of Hayden Christensen and Euan McGregor. Hayden for his emotionless portrayal, and McGregor for blatantly trying to retrofit McGuinness's voice style and coming off sounding like he's holding in a sh*t the whole time.
- that ridiculous "bowl" haircut on young anakin. Can't we have one american movie without a bowl-haircut child in it, please?
- no nekkid carrie fisher.
- mind-numbing script. need I go on?
Then again, I'm talking generically here, about 3rd party s/w, like zonealarm. I'm not saying _all_ f/w s/w is like this. I'm sure there's crap out there that loads up from the startup program group...
- Oisin
"Too bad the firewall software loads *last* in the startup sequence, leaving a gaping hole of anywhere from 20 seconds to two minutes (on a slow machine) when your machine is on the net and unprotected. And during the height of worm activity, that's *more than enough* time to get infected."
Don't presume to think that because you see the system tray icon for the firewall _GUI_ appearing that this is the moment the firewall loads. This is certainly not the case. The firewall is a kernel level driver that loads before the networking subsystem, or as soon as possible after. This can be verifed with free tools (or a little RTFM). Check out the NT tools on www.sysinternals.com; there is one in particular that will show you the load order of device drivers.
- Oisin
Simple!
D.O.U.O.S.V.A.V.V.M.
Do Other Users On Slashdot View A Very Visible Message?
- Oisin
It's worse than that, it's VBScript...
Global Dimming is easy to explain:
' Globally dim cack.
Dim cack
cack = 5
Sub PrintCack()
Print cack
End Sub
- Oisin
Good point, and acknowledged; I was aware of the irony in my post, but at least it wasn't lost completely on the slashbot horde. Frankly, I'm sick to death of IIS/Apache comparisons. There is no fair comparison. Depending on the interests of the comparator, someone will choose IIS 3, or apache 1, or include PHP etc etc to prove their respective points. This will not be the last post on the topic for sure, but I was just trying to show how it's not so black & white.
Anyhow, good to have people like yourself post reasoned replies.
- Oisin