I believe the engine was relatively unmodified, but the objects were enhanced to support standard properties and methods in addition to microsoft specific ones.
JScript (windows scripting) 5.5 implemented Javacript 1.5, but did it poorly. IE 6.0 uses JScript 5.6 which was relatively more useful and closer to the standard. Everyone everywhere was updating their JScript or WSH or whatever to 5.6. Incremental updates to 5.7 and 5.8 made the JavaScript 1.5 implementation better.
So yes they improved the underlying engine, but they have not claimed to implement any new standards past JavaScript 1.5.
Further support - remember when ASP was popular, and every Microsoft web page was ASP? Then all of a sudden I start seeing redirects to ASPX pages and I think to myself, why does MS have to be different? Then they release ASP.NET to the world - most likely after internal testing using real scenarios such as "the company's internet presence and technical documentation repository".
I've disassembled enough Windows binaries to be able to say that the vast majority seem to be compiled with Microsoft tools. Certainly user-mode libraries and applications are. Kernel-mode binaries are harder to tell, so I can't conclusively say, but I'd give about 50/50 to Intel and Microsoft compilers. Intel specializes in compilers, while Microsoft merely gives it away with their IDE.
My final guess is they compile with both and run automated unit tests to check for bugs in their own compiler, or problems with Intel's compiler. Which one ships is almost irrelevant at that point since any differences should be identified.
The only reason they wouldn't use Intel's is because of the built-in intrinsics, which are annoying to port. So if they like their own intrinsics better, they'd use internal. If they like Intel's better, they'd probably copy the behaviour and still test with both.
The *last* headline they need to read is that Windows has some problem or vulnerability because their compiler is buggy.
Now don't mod this informative too - maybe insightful, but the part about usermode libraries being made with Microsoft tools seems rather obvious and irrelevant so I can't have informed you that much.
More likely, someone at a management meeting said "What does this mean to us?" and no one had an answer, so someone with that responsibility said "I'll form a team to go look at it." He got together with his highly paid coworkers over a 3 hour power lunch with martinis and found someone who wouldn't blink during the "I don't have funding or responsibility in this area" game, and assigned the investigation to them.
This person asked his team to conduct a technical review of the implementation, and in the process the team found a potential security risk.
That sounds more like big business operation to me, from a fortune <15 employee. Microsoft was #44 in 2008, so probably operates like big business.
Less likely is "Let's spend money on highly paid technical folks looking for ways to make a headline people will forget in a week." Possible, but less likely.
You have to admit, it's pretty hard to know in advance which distro you're on and which packages are going to be available, so you have to plan to try a whole pile of exploits before you find one that works. The biggest or most common vulnerabilities are usually found, fixed, and ready for update rather quickly, so the window of opportunity is smaller as well. If the attack fails, you're restricted to listening on high ports and any other potential damage is minimized.
So I'd say the fragmentation "problem" is what keeps *nix safe with fast updates a close second. You are correct in theory, but practice lags behind.
Ah yes, LView Pro. Very quick to drag and drop from a folder or search results or whatnot.
I remember disassembling it and patching it so I could drop a bunch of pictures on it and press either PGDN for the next image, or DEL to delete crappy photos. DEL asks if you're sure with no option to disable that - I removed that dialog call, and made it call the PGDN code instead, so I have no confirm dialog and no need to delete a file and then hit PGDN. Two choices - keep the file or delete it. I just didn't have enough code space to call ShGetSpecialFolder or whatever to send something to the recycle bin instead of delete, and it fit my needs reasonably.
After all of this work, I found IrfanView, which does a great job with slideshows - but you can't delete crappy files from a slideshow. It's one of those things you wouldn't realize IrfanView was missing without something like LViewPro before it. 500 vacation pics, slideshow, delete the unfixable ones - LView works (better with my patches but reasonably without), IrfanView doesn't.
It was cooler when it was open source. I stopped using it when they removed the source code download.
Looks like they are trying to make a business out of it, with the new Donate button and registered LLC. Not that I have a problem with that, I just like having the source to stuff I use. Most of the time I don't even unzip it - but knowing it's there is reassuring.
People like this, I usually say you're right, it isn't free. It comes bundled if you buy a computer with Linux. But for this software, the authors don't mind if you use it on Windows too.
Sound cards, ADC audio capture, USB electric guitars (wtf is that anyway), other misc packages. If the software is good, people will put it wherever is needs to be. I guess GIMP is more useful as a toolkit than an application.
To be fair, this is one of those summaries which contains the salient points and enough details that I can decide whether to wade through a fairly dense and thoroughly footnoted document. So we can at least say thanks for choosing something reasonable from the firehose, rather than a garbled mess of TLAs and obscure terms.
I won't see the movie immediately, but I'll pre-emptively say that the beeps were entirely unnecessary, inappropriate, or plain impossible, and no programmer worth their salt would make an interface that noisy. But I'm sure you were just following orders. You know who else was just following orders?
Seriously, I'm going to see it just for the beeps now, cos I'm intrigued how an informed person would accomplish this task as opposed to the mindless goons who think they know how computers work.
It depends on whose definition you use. The OSI apparently intends for all open source software to be free as well, which is why they approve licenses which follow that ideal. You seem to be implying that all open software is free. GP corrected you, correctly.
"Open source" conventionally means the source is open, so a lot of Microsoft's "shared source" falls under the term open source. It happens not to meet the OSI standard.
The entire point of this page is to spell that out, using of course definitions from a different person - Richard Stallman "Our" in this context refers to GNU. In contrast to the previous gnu.org link, this one states that they are different, though overlapping. http://www.gnu.org/philosophy/free-software-for-freedom.html
The official definition of "open source software," as published by the Open Source Initiative, is very close to our definition of free software; however, it is a little looser in some respects, and they have accepted a few licenses that we consider unacceptably restrictive of the users. However, the obvious meaning for the expression "open source software" is "You can look at the source code." This is a much weaker criterion than free software; it includes free software, but also includes semi-free programs such as Xv, and even some proprietary programs, including Qt under its original license (before the QPL).
To summarize, there are a lot of people who believe access to source code does not imply you can do with it as you will, Microsoft is usually in that boat. Others believe it should be implied that releasing it means others can use it as they wish, same as if they got a table and wanted to saw off a leg to fit the oddly curved floor, which meets the definition of Stallman and by representation GNU.
I would say that choosing a single definition of open source when it is well known that definitions vary is misrepresentation.
Comments are for bug fixes. You see what was in there and makes sense, and then there's a hackish line that makes no sense - so you comment that the data source has a bug and this is a workaround.
So your comment applies for new code, but then all of the bug fixes need explanation.
Re:Methodology fads
on
Becoming Agile
·
· Score: 4, Insightful
The only Agile Programming method is to trust your workers, and give them what they need to get it done.
My company said it was agile, but every process was waterfall with the names changed. More gates, more reviews, more layoffs and offshoring.
I could support my application 100% and have time for other development, but instead I have to train other teams (10 people at least at this point) and produce enough documentation that they can fire me when I get too expensive and hire a homeless guy to replace me.
Trust your coders, give them access they need. Then, when someone inevitably breaks your rules, hold them accountable. That's the key. Don't change the rules for everyone so you can answer "What have you done to prevent this from happening again?" The answer should be "We enforced our current policies, the person has had all access stripped, then terminated, and a reminder sent out."
I can't do agile development if.NET has built-in limitations which require a change request to an offshore server admin support group that doesn't even work my hours. So I sit idly until the workday ends, wake up the next morning and realize the sa team wants more information. I just bypass the whole thing and develop locally, but I can't always demo locally. If I could configure the box myself, I'd be able to document what I did so I can make an implementation guide, but I can't even do that - the dev servers are locked down. I am expected to document steps that I can't perform myself, nor test. That adds time to development.
Trust your coders, work closely with them, and get something working. Then plan for changes, because there will be design updates as well as requirement updates.
It all boils down to hiring people who can code either quickly or generically, so that when something changes they can respond - and then allowing them to respond.
I realize I missed your point. If half of your code is sanitizing and security checking, the exposed surface area is no larger and the vulnerability is not affected. Most of what went into Vista compared with XP is security-related code, and I believe it is not proportionally more vulnerable than XP. So no, lines of code are not correlated with attack surface.
The attack surface is really defined by the number of interfaces, both public and private. If you can get malicious code to a private interface by passing bogus data to a public interface, that's almost guaranteed to be exploitable, even if it's just a DOS. Turn off file and print sharing and the attack area drops. Turn off the infamous netbios and samba ports and the attack area drops. You're not dropping lines of code, you're turning off interfaces. Add more lines of code to sanity check these interfaces and the attack surface remains the same.
I'd be more worried about the number of required processes, especially the service-level ones which are new and poorly documented. Services are priviliged, so you need more code around them, not less. "Background Intelligent Transfer Service" is just a trickle download app - does it need to run as a service? "ATI Hotkey Poller" - it's not Microsoft, but somewhere along the way ATI decided the only way to check for system-wide hotkeys was to install a service. ClipBook viewer - yet another way to share data between computers. FTP publishing - just a simple app that listens on port 21, requires a service which can run privilaged code? IIS? File indexing - all I have to do is get you to SAVE a malicious file. Not open it, just put it where it gets indexed, and if it has a vulnerability you're owned. Theme support is a service - thank goodness it only runs digitally signed themes and there is no workaround that millions of users applied to run custom themes, right? And this is just from the XP list - Vista doubles that, at least.
ReactOS is not mature enough, it does not have a lot of sanitizing in place, lots of functionality is unchecked because the idea right now is to get it working according to Microsoft's documentation, not secure. So it's a red herring.
In truth, the OS should provide the minimum amount of functionality to run applications, and handle context switching and coordinate resource access. I'm not sure if Linux distros with all of their freeware pushed Microsoft to include every type of application under the sun, or if it's just wanting control of all avenues of userland, but there's just way too much functionality - too many interfaces - to lock down. 7 is supposed to be a better Vista, so maybe they fixed that, but as always new code will be the least tested part of the OS, and will probably be where you find vulnerabilities. After so many years of XP support, I'd expect any legacy XP code to be rock solid, and I'd expect to see more vulnerabilities specific to Win7/IE8.
You don't need ReactOS to prove your point - the difference between Vista and XP is enough. The number of background applications run as services exploded in Vista... and as a nice side effect, it's nearly impossible, even with Process Explorer, to see what is slowing down your machine.
Usually it's disk I/O from background processes like antivirus, windows update (anyting MSI related seems to totaly hog the system), or file indexing. But lots of the time it's just one of 10 services.exe or svchost.exe entries, with 10 or more services attached, doing something, somewhere.
If you like XP then the answer is no, it doesn't need to be that complicated. A lot of the extra code and design in Vista is security-related, so maybe the answer is double-no. And if they started good design with Windows 98 instead of waiting for XP and then sitting on it for 6 years maybe the answer is no, a good OS can be much simpler and more elegant.
Ignorance of the law is no excuse... So how's that explanation going to work if you have to buy the laws? I'm in jail because I couldn't afford to buy the $200 rule book.
Ah yes, your counterargument technically meets the criteria, however is so unlikely that you have outed yourself as a complete idiot.
Running/potable water is one of those things that sets "developing" countries from "world power" countries, and no governmnet would shut that down without a really good reason.
You're talking about a monarchy where you decide to shut off the water. That's no government, and completely unrelated.
From what I understand: GDI functions are in the kernel for speed reasons - constantly switching to usermode just to draw things slows down the system.
Vista moved it into userspace, and lots of users complained about slowness. Looking at the vulnerability details, this just gives you privilage elevation on Vista (and related servers), not remote code execution.
For Windows 7, MS moved GDI back into the kernel, with some redesign. So they apparently fixed this issue when they returned GDI to user mode.
I'm not saying you're an idiot, I'm just saying that if I wanted to find something about someone, I'd go to Wikipedia or Google or something. Most people would. Maybe you wouldn't, and that's fine. But from what I'm looking at, most people would probably characterize you as an idiot for failing to use these resources. I noticed that you have not, and continue to not claim to be a non-idiot. therefore, I have to ask, and all I'm doing here is asking questions, are you a world-class idiot, or just a locally famous one? And maybe I'm wrong, you could be a reasonable guy. But I think every one who reads this comment would agree, you pretty much look like a retard. Yet you continue to ignore the question and talk about other things like what this has to do with you an your country - that's a personal thing. I'm not here to tell you what to think, I'm not here to spoon-feed you predefined partisan rhetoric, I'm just looking at the information available and putting two and two together.
We've had our 1-800 number at the bottom of the screen the whole time and you have not called in to refute anything I've said, so I suppose we can all step back and say "point taken". I wish you the best, thanks for being on the show today. Next up - why haven't you disclaimed communism? Are you secretly a communist?
Someone, somewhere, is going to use this to fuck us all in the financial sector. And not in the good way. And by "financial sector" I mean unlubed arsehole with a cactus.
Microsoft employee feeling defensive? That there are so many platforms for Windows says yeah, it's complex. The operating system controls flow of opcodes to the processor and doesn't care which tools you use to create the binary. Once the parameters are in the kernel, you are at the mercy of Microsoft's documentation and correctness of implementation.
Ignore toolset, library, everything else and write W32 ASM, or if you have some balls write ASM using kernel only. You do already, ok I'll buy that. It's still gratuitiously complex. Why do you think they have so many different ways of interacting with the OS?
So let me rephrase. The difficulty in developing for MS has always been the vague, multipurpose error messages. One component fails, maybe with a specific return code. The calling component doesn't return the returned error directly, because its interface is not defined to return that type of error. The outer calling component does the same thing. Instead of "function x returned invalid in pointer" you get simply "something somewhere was not correct." Documentation won't help you, only trial and error and beating your head against a wall. Or disassembly/live debugging.
It comes down to - if you wnt to make some truly solid and functional software, be prepared to debug at the KERNEL level. Userland won't cut it. To me, that's gratuitously complex.
I upgraded to Vista due to company policy. Opening Word 2007 causes an instant crash, on both new and old files - even things I created yesterday.
I loaded IDA Free, got the crash address out of the event viewer, disassembled and did a static analysis of the problem. 15 minutes later, I deleted all of my printers. Open Word, no crash.
First point is, it's possible to resolve your own problems.
Second point is, a guy taking support calls had this problem for three weeks while people tried to fix it, and came up with the same answer - delete printers and re-add.
Third point is, what the HOLY FUCK does a printer driver have to do with displaying a document? I know, they're all integrated into the GDI abstraction so you can print/draw regardless of the output device, blah blah horseshit. Removing and re-adding the printer driver works for about a week - it's a network printer, and I've switched to different ones with different models.
There is a lot you can do, if you know what you're doing. But you have to know, which means you have to learn, which means you have to have a lot of problems. The first instinct I have now is to fire up a disassembler - google is an afterthought. That's a terrible indictment of the quality of software. Even worse, I find what Im looking for. I'm not a cracker, i'm a pissed off Windows slave.
To GP: this might not seem like rational thought to you, but it solves problems quickly. This is just an application crashing - I could go to OO.o or ABIWord or something else. When an API fouls up for no apparent reason, you can't just go hex editing because loads of drivers are now signed, so you're stuck.
Slashdot Mirror
I believe the engine was relatively unmodified, but the objects were enhanced to support standard properties and methods in addition to microsoft specific ones.
JScript (windows scripting) 5.5 implemented Javacript 1.5, but did it poorly. IE 6.0 uses JScript 5.6 which was relatively more useful and closer to the standard. Everyone everywhere was updating their JScript or WSH or whatever to 5.6. Incremental updates to 5.7 and 5.8 made the JavaScript 1.5 implementation better.
So yes they improved the underlying engine, but they have not claimed to implement any new standards past JavaScript 1.5.
Further support - remember when ASP was popular, and every Microsoft web page was ASP? Then all of a sudden I start seeing redirects to ASPX pages and I think to myself, why does MS have to be different? Then they release ASP.NET to the world - most likely after internal testing using real scenarios such as "the company's internet presence and technical documentation repository".
I've disassembled enough Windows binaries to be able to say that the vast majority seem to be compiled with Microsoft tools. Certainly user-mode libraries and applications are. Kernel-mode binaries are harder to tell, so I can't conclusively say, but I'd give about 50/50 to Intel and Microsoft compilers. Intel specializes in compilers, while Microsoft merely gives it away with their IDE.
My final guess is they compile with both and run automated unit tests to check for bugs in their own compiler, or problems with Intel's compiler. Which one ships is almost irrelevant at that point since any differences should be identified.
The only reason they wouldn't use Intel's is because of the built-in intrinsics, which are annoying to port. So if they like their own intrinsics better, they'd use internal. If they like Intel's better, they'd probably copy the behaviour and still test with both.
The *last* headline they need to read is that Windows has some problem or vulnerability because their compiler is buggy.
Now don't mod this informative too - maybe insightful, but the part about usermode libraries being made with Microsoft tools seems rather obvious and irrelevant so I can't have informed you that much.
More likely, someone at a management meeting said "What does this mean to us?" and no one had an answer, so someone with that responsibility said "I'll form a team to go look at it." He got together with his highly paid coworkers over a 3 hour power lunch with martinis and found someone who wouldn't blink during the "I don't have funding or responsibility in this area" game, and assigned the investigation to them.
This person asked his team to conduct a technical review of the implementation, and in the process the team found a potential security risk.
That sounds more like big business operation to me, from a fortune <15 employee. Microsoft was #44 in 2008, so probably operates like big business.
Less likely is "Let's spend money on highly paid technical folks looking for ways to make a headline people will forget in a week." Possible, but less likely.
You have to admit, it's pretty hard to know in advance which distro you're on and which packages are going to be available, so you have to plan to try a whole pile of exploits before you find one that works. The biggest or most common vulnerabilities are usually found, fixed, and ready for update rather quickly, so the window of opportunity is smaller as well. If the attack fails, you're restricted to listening on high ports and any other potential damage is minimized.
So I'd say the fragmentation "problem" is what keeps *nix safe with fast updates a close second. You are correct in theory, but practice lags behind.
PS Source code is available, you just need to unpack it.
http://www.hex-rays.com/idapro/idadownfreeware.htm
Ah yes, LView Pro. Very quick to drag and drop from a folder or search results or whatnot.
I remember disassembling it and patching it so I could drop a bunch of pictures on it and press either PGDN for the next image, or DEL to delete crappy photos. DEL asks if you're sure with no option to disable that - I removed that dialog call, and made it call the PGDN code instead, so I have no confirm dialog and no need to delete a file and then hit PGDN. Two choices - keep the file or delete it. I just didn't have enough code space to call ShGetSpecialFolder or whatever to send something to the recycle bin instead of delete, and it fit my needs reasonably.
After all of this work, I found IrfanView, which does a great job with slideshows - but you can't delete crappy files from a slideshow. It's one of those things you wouldn't realize IrfanView was missing without something like LViewPro before it. 500 vacation pics, slideshow, delete the unfixable ones - LView works (better with my patches but reasonably without), IrfanView doesn't.
Proves the point - all apps are open-source :)
It was cooler when it was open source. I stopped using it when they removed the source code download.
Looks like they are trying to make a business out of it, with the new Donate button and registered LLC. Not that I have a problem with that, I just like having the source to stuff I use. Most of the time I don't even unzip it - but knowing it's there is reassuring.
People like this, I usually say you're right, it isn't free. It comes bundled if you buy a computer with Linux. But for this software, the authors don't mind if you use it on Windows too.
I'd be interested in what hardware it was bundled with. So interested I found this page actually:
http://audacity.sourceforge.net/download/bundlers
Sound cards, ADC audio capture, USB electric guitars (wtf is that anyway), other misc packages. If the software is good, people will put it wherever is needs to be. I guess GIMP is more useful as a toolkit than an application.
To be fair, this is one of those summaries which contains the salient points and enough details that I can decide whether to wade through a fairly dense and thoroughly footnoted document. So we can at least say thanks for choosing something reasonable from the firehose, rather than a garbled mess of TLAs and obscure terms.
I won't see the movie immediately, but I'll pre-emptively say that the beeps were entirely unnecessary, inappropriate, or plain impossible, and no programmer worth their salt would make an interface that noisy. But I'm sure you were just following orders. You know who else was just following orders?
Seriously, I'm going to see it just for the beeps now, cos I'm intrigued how an informed person would accomplish this task as opposed to the mindless goons who think they know how computers work.
It depends on whose definition you use. The OSI apparently intends for all open source software to be free as well, which is why they approve licenses which follow that ideal. You seem to be implying that all open software is free. GP corrected you, correctly.
"Open source" conventionally means the source is open, so a lot of Microsoft's "shared source" falls under the term open source. It happens not to meet the OSI standard.
The entire point of this page is to spell that out, using of course definitions from a different person - Richard Stallman "Our" in this context refers to GNU. In contrast to the previous gnu.org link, this one states that they are different, though overlapping. http://www.gnu.org/philosophy/free-software-for-freedom.html
To summarize, there are a lot of people who believe access to source code does not imply you can do with it as you will, Microsoft is usually in that boat. Others believe it should be implied that releasing it means others can use it as they wish, same as if they got a table and wanted to saw off a leg to fit the oddly curved floor, which meets the definition of Stallman and by representation GNU.
I would say that choosing a single definition of open source when it is well known that definitions vary is misrepresentation.
No Volfenstein for you!
Comments are for bug fixes. You see what was in there and makes sense, and then there's a hackish line that makes no sense - so you comment that the data source has a bug and this is a workaround.
So your comment applies for new code, but then all of the bug fixes need explanation.
The only Agile Programming method is to trust your workers, and give them what they need to get it done.
My company said it was agile, but every process was waterfall with the names changed. More gates, more reviews, more layoffs and offshoring.
I could support my application 100% and have time for other development, but instead I have to train other teams (10 people at least at this point) and produce enough documentation that they can fire me when I get too expensive and hire a homeless guy to replace me.
Trust your coders, give them access they need. Then, when someone inevitably breaks your rules, hold them accountable. That's the key. Don't change the rules for everyone so you can answer "What have you done to prevent this from happening again?" The answer should be "We enforced our current policies, the person has had all access stripped, then terminated, and a reminder sent out."
I can't do agile development if .NET has built-in limitations which require a change request to an offshore server admin support group that doesn't even work my hours. So I sit idly until the workday ends, wake up the next morning and realize the sa team wants more information. I just bypass the whole thing and develop locally, but I can't always demo locally. If I could configure the box myself, I'd be able to document what I did so I can make an implementation guide, but I can't even do that - the dev servers are locked down. I am expected to document steps that I can't perform myself, nor test. That adds time to development.
Trust your coders, work closely with them, and get something working. Then plan for changes, because there will be design updates as well as requirement updates.
It all boils down to hiring people who can code either quickly or generically, so that when something changes they can respond - and then allowing them to respond.
I realize I missed your point. If half of your code is sanitizing and security checking, the exposed surface area is no larger and the vulnerability is not affected. Most of what went into Vista compared with XP is security-related code, and I believe it is not proportionally more vulnerable than XP. So no, lines of code are not correlated with attack surface.
The attack surface is really defined by the number of interfaces, both public and private. If you can get malicious code to a private interface by passing bogus data to a public interface, that's almost guaranteed to be exploitable, even if it's just a DOS. Turn off file and print sharing and the attack area drops. Turn off the infamous netbios and samba ports and the attack area drops. You're not dropping lines of code, you're turning off interfaces. Add more lines of code to sanity check these interfaces and the attack surface remains the same.
I'd be more worried about the number of required processes, especially the service-level ones which are new and poorly documented. Services are priviliged, so you need more code around them, not less. "Background Intelligent Transfer Service" is just a trickle download app - does it need to run as a service? "ATI Hotkey Poller" - it's not Microsoft, but somewhere along the way ATI decided the only way to check for system-wide hotkeys was to install a service. ClipBook viewer - yet another way to share data between computers. FTP publishing - just a simple app that listens on port 21, requires a service which can run privilaged code? IIS? File indexing - all I have to do is get you to SAVE a malicious file. Not open it, just put it where it gets indexed, and if it has a vulnerability you're owned. Theme support is a service - thank goodness it only runs digitally signed themes and there is no workaround that millions of users applied to run custom themes, right? And this is just from the XP list - Vista doubles that, at least.
ReactOS is not mature enough, it does not have a lot of sanitizing in place, lots of functionality is unchecked because the idea right now is to get it working according to Microsoft's documentation, not secure. So it's a red herring.
In truth, the OS should provide the minimum amount of functionality to run applications, and handle context switching and coordinate resource access. I'm not sure if Linux distros with all of their freeware pushed Microsoft to include every type of application under the sun, or if it's just wanting control of all avenues of userland, but there's just way too much functionality - too many interfaces - to lock down. 7 is supposed to be a better Vista, so maybe they fixed that, but as always new code will be the least tested part of the OS, and will probably be where you find vulnerabilities. After so many years of XP support, I'd expect any legacy XP code to be rock solid, and I'd expect to see more vulnerabilities specific to Win7/IE8.
You don't need ReactOS to prove your point - the difference between Vista and XP is enough. The number of background applications run as services exploded in Vista... and as a nice side effect, it's nearly impossible, even with Process Explorer, to see what is slowing down your machine.
Usually it's disk I/O from background processes like antivirus, windows update (anyting MSI related seems to totaly hog the system), or file indexing. But lots of the time it's just one of 10 services.exe or svchost.exe entries, with 10 or more services attached, doing something, somewhere.
If you like XP then the answer is no, it doesn't need to be that complicated. A lot of the extra code and design in Vista is security-related, so maybe the answer is double-no. And if they started good design with Windows 98 instead of waiting for XP and then sitting on it for 6 years maybe the answer is no, a good OS can be much simpler and more elegant.
Ignorance of the law is no excuse... So how's that explanation going to work if you have to buy the laws? I'm in jail because I couldn't afford to buy the $200 rule book.
Sounds like pauper's prison to me.
Ah yes, your counterargument technically meets the criteria, however is so unlikely that you have outed yourself as a complete idiot.
Running/potable water is one of those things that sets "developing" countries from "world power" countries, and no governmnet would shut that down without a really good reason.
You're talking about a monarchy where you decide to shut off the water. That's no government, and completely unrelated.
(I threw a U in there and replaced 3 with 133t E, and relies on british spelling apparently)
Cad Copped Moms Cheque
Comp Mod Spaced Cheque
Champ Ceded Cop Mosque
Chap Ceded Comp Mosque
Mac Cheque Comps Doped
Camp Coded Cheque Mops
Camp Comped Cheque Dos
Sod Comped Camp Cheque
Pomp Coded Cheque Scam
Dammed Cop Cops Cheque
Damp Coed Comps Cheque
Damp Codes Comp Cheque
Squad Emceed Comp Chop
Quad Specced Chemo Mop
Quad Specced Emo Chomp
Quad Specced Chop Memo
Quad Secede Chomp Comp
Quad Schemed Cope Comp
Quad Coed Sec Comp Hemp
http://wordsmith.org/anagram/anagram.cgi?anagram=hpedscompaquEcomdec&t=1000&a=n
From what I understand: GDI functions are in the kernel for speed reasons - constantly switching to usermode just to draw things slows down the system.
Vista moved it into userspace, and lots of users complained about slowness. Looking at the vulnerability details, this just gives you privilage elevation on Vista (and related servers), not remote code execution.
For Windows 7, MS moved GDI back into the kernel, with some redesign. So they apparently fixed this issue when they returned GDI to user mode.
Again, just my understanding, could be wrong.
I'm not saying you're an idiot, I'm just saying that if I wanted to find something about someone, I'd go to Wikipedia or Google or something. Most people would. Maybe you wouldn't, and that's fine. But from what I'm looking at, most people would probably characterize you as an idiot for failing to use these resources. I noticed that you have not, and continue to not claim to be a non-idiot. therefore, I have to ask, and all I'm doing here is asking questions, are you a world-class idiot, or just a locally famous one? And maybe I'm wrong, you could be a reasonable guy. But I think every one who reads this comment would agree, you pretty much look like a retard. Yet you continue to ignore the question and talk about other things like what this has to do with you an your country - that's a personal thing. I'm not here to tell you what to think, I'm not here to spoon-feed you predefined partisan rhetoric, I'm just looking at the information available and putting two and two together.
We've had our 1-800 number at the bottom of the screen the whole time and you have not called in to refute anything I've said, so I suppose we can all step back and say "point taken". I wish you the best, thanks for being on the show today. Next up - why haven't you disclaimed communism? Are you secretly a communist?
Most likely it was a comment - someone making threats or suspicious allusions.
Assuming they host comments, I've never been there.
Someone, somewhere, is going to use this to fuck us all in the financial sector. And not in the good way. And by "financial sector" I mean unlubed arsehole with a cactus.
Microsoft employee feeling defensive? That there are so many platforms for Windows says yeah, it's complex. The operating system controls flow of opcodes to the processor and doesn't care which tools you use to create the binary. Once the parameters are in the kernel, you are at the mercy of Microsoft's documentation and correctness of implementation.
Ignore toolset, library, everything else and write W32 ASM, or if you have some balls write ASM using kernel only. You do already, ok I'll buy that. It's still gratuitiously complex. Why do you think they have so many different ways of interacting with the OS?
So let me rephrase. The difficulty in developing for MS has always been the vague, multipurpose error messages. One component fails, maybe with a specific return code. The calling component doesn't return the returned error directly, because its interface is not defined to return that type of error. The outer calling component does the same thing. Instead of "function x returned invalid in pointer" you get simply "something somewhere was not correct." Documentation won't help you, only trial and error and beating your head against a wall. Or disassembly/live debugging.
It comes down to - if you wnt to make some truly solid and functional software, be prepared to debug at the KERNEL level. Userland won't cut it. To me, that's gratuitously complex.
I upgraded to Vista due to company policy. Opening Word 2007 causes an instant crash, on both new and old files - even things I created yesterday.
I loaded IDA Free, got the crash address out of the event viewer, disassembled and did a static analysis of the problem. 15 minutes later, I deleted all of my printers. Open Word, no crash.
First point is, it's possible to resolve your own problems.
Second point is, a guy taking support calls had this problem for three weeks while people tried to fix it, and came up with the same answer - delete printers and re-add.
Third point is, what the HOLY FUCK does a printer driver have to do with displaying a document? I know, they're all integrated into the GDI abstraction so you can print/draw regardless of the output device, blah blah horseshit. Removing and re-adding the printer driver works for about a week - it's a network printer, and I've switched to different ones with different models.
There is a lot you can do, if you know what you're doing. But you have to know, which means you have to learn, which means you have to have a lot of problems. The first instinct I have now is to fire up a disassembler - google is an afterthought. That's a terrible indictment of the quality of software. Even worse, I find what Im looking for. I'm not a cracker, i'm a pissed off Windows slave.
To GP: this might not seem like rational thought to you, but it solves problems quickly. This is just an application crashing - I could go to OO.o or ABIWord or something else. When an API fouls up for no apparent reason, you can't just go hex editing because loads of drivers are now signed, so you're stuck.