You should go read the bug again. If applications keep on re-writing the same file again and again, they will loose data. Here it is for your benefit...
"So the difference between 5 seconds and 60 seconds (the normal time if you're writing huge data sets) isn't *that* big, but for certain crappy applications that apparently write huge numbers of small files in users' home directories. This appears to be the case for both GNOME and KDE. Since these applications are rewriting existing files, and are apparently doing so *frequently*, the chances that files will be lost is high."
There was a certain pride associated with being an intellectual/creative/professorial person 300 years ago. Now, people are just out to screw each other. Blame overpopulation, blame materialism. Whatever.
Those that are not interested in money are ALREADY creating stuff and giving it away for free. A lot of times, this is like a hobby or something they do in their spare time. The number of people who are in it for the money hugely outweigh the others. Its just a fact of life.
Window messaging doesn't care what session a Window is in. How do I know? I've written software to do it
You cannot pass messages between sessions, otherwise you could mess with another user who was logged into... y'now his own session. This is such a basic fact, that you probably should reevaluate how you learned windows programming.
It's a GUID for hell sakes. They could of even made UAC look up the GUID action, but no, they just give you a GUID for details. Sorry, it's not a different philosophy, it's stupidity.
Huh? GUID Action? There is no such thing. A GUID is simply a unique ID. It doesn't mean anything till someone gives it meaning. It has been used to identify COM objects, but that has nothing to do with specific actions.
Application developers can request elevation any time and windows cant know what they are going to do with that elevation. Only the user can know that because they chose to do a particular operation which lead to the popup.
Obviously any program can mislead the user. The point is UAC is different from sudo. You can still get sudo like functionality on Vista, its just that its of no use because like I mentioned it elevates the entire process. So you end up running all the current programs as admin anyway. With the UAC annoyance, MS took a huge PR hit so that app devs could fix the apps.
They added API calls that will request UAC elevation through dialogs - I am doubtful of such claims.
Its not even a claim. Its what they hope will happen. They don't know or claim to know how its going to end up.
UAC is exploitable via the window messaging API, making it possible for malicious software to automatically accept UAC dialogs.
This is patently false. UAC dialogs are in their own session so you cant "OK" them programatically.
UAC adds annoying dialogs for things like copy operations, one after another "You will need admini.." "needs to have admnistr.." "are you sure you want to copy to this protected syst..".
Ya, you forgot to say its only for certain folders which contain program files. Do users on linux typically copy to ~/bin or ~/sbin everyday?
When kdesudo or gksudo pops up, it tells me the command it's executing, when UAC pops up... For example, when adjusting windows update settings:
There is a difference in philosophy here. UAC doesn't define a security boundary. Even if you OK ONE admin operation you might not want to OK another operation from the same program.
sudo basically gives the entire process admin rights and you're screwed if it does anything malicious.
Ya, UAC doesnt help if you just keep on clicking yes so its two different philosophies. It seems to me that MS took a gamble on some middle ground. They hope that application devs would fix apps so they wouldnt need the UAC popups and then in the next windows release they would make everyone by default limited user and use something like sudo.
They started the OS layering task long ago. MinWin was just one demonstration of that. (40 meg core - no dependencies) Watch out for the Microsoft-Windows-System-*-L1-1-0.dll files in Win7 .;)
One thing I've been curious about - on x86, is it possible to use the NX flag for things like embedded code?
Huh? The NX flag is already used by all the modern operating systems. If you enable Data Execution Prevention on XPSP2+ , the OS will crash any app that tries to execute "data". (A simple Instruction pointer on heap check)
So you're saying the test of a true pirate would be someone who downloads/uploads illegal software/media but never uses it himself? Stick it to the man..
To control your entire machine, you do not have to write a single line of code. You just have to be able to choose which code gets executed on it.
This is such a loose definition that it would seem each and every operating system that supports kernel mode programming would fall under this category. You have 100% raw control on any OS in kernel mode. You can do anything you want if you understand the h/w specs and how to communicate with the h/w. There is nothing that can stop you. If you encounter DRM in the display driver, its pretty simple - write your own kernel mode driver. (we already established pre-req that you know how to speak to the h/w)
I can choose to do whatever the hell I like with a linux system.
You can only do so _BECAUSE_ someone has already written the code (aka tools) necessary for you to execute certain modules/programs/patches/drivers whatever. You are still not in control. You're merely the Gate Keeper of what you let execute. This definition is very ambiguous. Unless you are in charge of the actual kernel mode process that interacts with the hardware all you're doing is handing over control to helper functions.
I have more trust in it because the code can be (and has been) seen by multiple people, I can inspect it and change it to do what I like.
Why are we heading towards a closed-open source argument? This is offtopic.
but by the sounds of it nobody is ever in control of a car (unless they built the engine, starting by smelting the iron ore)
Jeez. The engine/otehr car components are _NOT_ modifiable while the car is running. (unless you chip your car or do something out of the ordinary i.e. not what average consumers buy)
OTOH, With computers you can decide anything from which pointers go into which register or which stack variable gets loaded when and where or how much memory a particular program should be able to access, each of these decisions is possible on the fly. You can unload a shared library if you don't like its location and rebase it in memory, etc. You get the picture.
Hmm.. then you're using an awfully funny definition of control.
Under your definition of control, You just choose what executes, but you have no control over what the piece of code actually does (since you didn't write it, how are you sure it does what it says it does?). If it does what it says it does, then all is good, if not you just offloaded the trust onto a piece of code you didn't write and expect it to do the task X.
I think the bigger problem is you can't substantiate any of your claims. Unless there is a Harvard Business Review-type article that I've somehow missed.
Thats a good question. But do you also ask yourself how statisticians can poll 1000 odd people and get a very accurate reading on 300 million?:) (I'm talking about the pre US elections polling)
Statistics can get fairly complicated and each poll can be model accurately with a low enough margin of error. As a simple example you can give different weights to statistics of browsers from different websites and them compile a grand total. So while given _ANY_ statistic you can find something wrong with it, you cant simply dismiss it as being inaccurate.
Actually, these days.. "backdoors" aren't so obvious to look for. A simple buffer overrun could turn into an exploit. In the case of C++, exception records on the stack could be manipulated using exploits in code totally unrelated to the actual place of interest so that a nice helper function of your choosing gets called during stack unwind when there is an exception during execution..
Heck, if you got mad skillz, you could potentially corrupt server memory by messing with the powergrid of the building. I plan to do this before I die.
------------
"Solar winds predicted this week, use only the highest quality of tinfoil's to wrap your disks in and protect your data!"
Or maybe it just shows that you're incapable of thinking up other alternatives?
The antitrust law is complicated enough that you should consider whether you understand it yourself.
Several of such laws from that time period are very vague in their wording because those words can mean multiple things in today's context. Lawyers (on both sides) being clever, have ways to get around this using various techniques.
A monopoly means one seller. This is the definition in economics and it cannot change. If you read the anti trust ruling, the judge has ruled that the domain here is Operating Systems using Intel processors and their clones. A very narrow definition. Next, you have to define what constitutes a monopoly. The wording here is a bit imprecise, it uses terms like "control" of market or "market power", which can mean millions of different things, depending on the context. Again Lawyers find ways to twist meanings to their use.
Ok Next, you have to define "harming the competition" and separate that from "competition". Competing it self could be defined as "harming the competition". Great !. Now we get into legal messes where every side throws additional legalese making the whole thing a mess. I still cant understand it.
Next, The judge ruled that because Microsoft spent $100 million on developing IE _AND_ then bundled it for free, it harmed the competition. But the counter question is, why would a monopoly have to blow $100 million to improve a product when they are the monopoly? I'm over simplifying it based on some notes I have of this when I looked into it years ago. I have some more thoughts on this but it gets into complicated legal terms which would be sure to bore anyone reading it.
Slashdot Mirror
The point is when there is a system crash or lockup, you expect the the old version of the file, not 0 byte files.
I suspect people beta testing a kernel would run into this often..
You should go read the bug again. If applications keep on re-writing the same file again and again, they will loose data. Here it is for your benefit...
"So the difference between 5 seconds and 60 seconds (the normal time if you're writing huge data sets) isn't *that* big, but for certain crappy applications that apparently write huge numbers of small files in users' home directories. This appears to be the case for both GNOME and KDE. Since these applications are rewriting existing files, and are apparently doing so *frequently*, the chances that files will be lost is high."
https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/317781/comments/45
And calm down !!
There was a certain pride associated with being an intellectual/creative/professorial person 300 years ago. Now, people are just out to screw each other. Blame overpopulation, blame materialism. Whatever.
Those that are not interested in money are ALREADY creating stuff and giving it away for free. A lot of times, this is like a hobby or something they do in their spare time. The number of people who are in it for the money hugely outweigh the others. Its just a fact of life.
What would be the relevant ads for them? :D
Window messaging doesn't care what session a Window is in. How do I know? I've written software to do it
You cannot pass messages between sessions, otherwise you could mess with another user who was logged into ... y'now his own session. This is such a basic fact, that you probably should reevaluate how you learned windows programming.
It's a GUID for hell sakes. They could of even made UAC look up the GUID action, but no, they just give you a GUID for details. Sorry, it's not a different philosophy, it's stupidity.
Huh? GUID Action? There is no such thing. A GUID is simply a unique ID. It doesn't mean anything till someone gives it meaning. It has been used to identify COM objects, but that has nothing to do with specific actions.
Application developers can request elevation any time and windows cant know what they are going to do with that elevation. Only the user can know that because they chose to do a particular operation which lead to the popup.
Obviously any program can mislead the user. The point is UAC is different from sudo. You can still get sudo like functionality on Vista, its just that its of no use because like I mentioned it elevates the entire process. So you end up running all the current programs as admin anyway. With the UAC annoyance, MS took a huge PR hit so that app devs could fix the apps.
They added API calls that will request UAC elevation through dialogs - I am doubtful of such claims.
Its not even a claim. Its what they hope will happen. They don't know or claim to know how its going to end up.
UAC is exploitable via the window messaging API, making it possible for malicious software to automatically accept UAC dialogs.
This is patently false. UAC dialogs are in their own session so you cant "OK" them programatically.
UAC adds annoying dialogs for things like copy operations, one after another "You will need admini.." "needs to have admnistr.." "are you sure you want to copy to this protected syst..".
Ya, you forgot to say its only for certain folders which contain program files. Do users on linux typically copy to ~/bin or ~/sbin everyday?
When kdesudo or gksudo pops up, it tells me the command it's executing, when UAC pops up... For example, when adjusting windows update settings:
There is a difference in philosophy here. UAC doesn't define a security boundary. Even if you OK ONE admin operation you might not want to OK another operation from the same program.
sudo basically gives the entire process admin rights and you're screwed if it does anything malicious.
Ya, UAC doesnt help if you just keep on clicking yes so its two different philosophies. It seems to me that MS took a gamble on some middle ground. They hope that application devs would fix apps so they wouldnt need the UAC popups and then in the next windows release they would make everyone by default limited user and use something like sudo.
They started the OS layering task long ago. MinWin was just one demonstration of that. (40 meg core - no dependencies) Watch out for the Microsoft-Windows-System-*-L1-1-0.dll files in Win7 . ;)
One thing I've been curious about - on x86, is it possible to use the NX flag for things like embedded code?
Huh? The NX flag is already used by all the modern operating systems. If you enable Data Execution Prevention on XPSP2+ , the OS will crash any app that tries to execute "data". (A simple Instruction pointer on heap check)
Storing / creating the string would be slower. You would have to count the tokens in the string before you could store it.
So you're saying the test of a true pirate would be someone who downloads/uploads illegal software/media but never uses it himself? Stick it to the man..
This is what the OP defined it as
To control your entire machine, you do not have to write a single line of code. You just have to be able to choose which code gets executed on it.
This is such a loose definition that it would seem each and every operating system that supports kernel mode programming would fall under this category. You have 100% raw control on any OS in kernel mode. You can do anything you want if you understand the h/w specs and how to communicate with the h/w. There is nothing that can stop you. If you encounter DRM in the display driver, its pretty simple - write your own kernel mode driver. (we already established pre-req that you know how to speak to the h/w)
I can choose to do whatever the hell I like with a linux system.
You can only do so _BECAUSE_ someone has already written the code (aka tools) necessary for you to execute certain modules/programs/patches/drivers whatever. You are still not in control. You're merely the Gate Keeper of what you let execute. This definition is very ambiguous. Unless you are in charge of the actual kernel mode process that interacts with the hardware all you're doing is handing over control to helper functions.
I have more trust in it because the code can be (and has been) seen by multiple people, I can inspect it and change it to do what I like.
Why are we heading towards a closed-open source argument? This is offtopic.
but by the sounds of it nobody is ever in control of a car (unless they built the engine, starting by smelting the iron ore)
Jeez. The engine/otehr car components are _NOT_ modifiable while the car is running. (unless you chip your car or do something out of the ordinary i.e. not what average consumers buy)
OTOH, With computers you can decide anything from which pointers go into which register or which stack variable gets loaded when and where or how much memory a particular program should be able to access, each of these decisions is possible on the fly. You can unload a shared library if you don't like its location and rebase it in memory, etc. You get the picture.
Hmm.. then you're using an awfully funny definition of control.
Under your definition of control, You just choose what executes, but you have no control over what the piece of code actually does (since you didn't write it, how are you sure it does what it says it does?). If it does what it says it does, then all is good, if not you just offloaded the trust onto a piece of code you didn't write and expect it to do the task X.
I'll sell you MS Office for $15. Want it? I can also throw in Visual Studio for another $10.
(Free shipping !)
I think the bigger problem is you can't substantiate any of your claims. Unless there is a Harvard Business Review-type article that I've somehow missed.
Actually they did both. Maybe you should go read the article. :)
Secondly, where did you get these figures from?
Thats a good question. But do you also ask yourself how statisticians can poll 1000 odd people and get a very accurate reading on 300 million? :) (I'm talking about the pre US elections polling)
Statistics can get fairly complicated and each poll can be model accurately with a low enough margin of error. As a simple example you can give different weights to statistics of browsers from different websites and them compile a grand total. So while given _ANY_ statistic you can find something wrong with it, you cant simply dismiss it as being inaccurate.
You might find these linux interesting:
http://www.oreillynet.com/linux/blog/2007/10/how_can_linux_market_share_be.html
http://ubuntuforums.org/showthread.php?t=598383
http://en.wikipedia.org/wiki/Sampling_(statistics)
Actually, these days .. "backdoors" aren't so obvious to look for. A simple buffer overrun could turn into an exploit. In the case of C++, exception records on the stack could be manipulated using exploits in code totally unrelated to the actual place of interest so that a nice helper function of your choosing gets called during stack unwind when there is an exception during execution..
Heck, if you got mad skillz, you could potentially corrupt server memory by messing with the powergrid of the building. I plan to do this before I die.
------------
"Solar winds predicted this week, use only the highest quality of tinfoil's to wrap your disks in and protect your data!"
Or maybe it just shows that you're incapable of thinking up other alternatives?
The antitrust law is complicated enough that you should consider whether you understand it yourself.
Several of such laws from that time period are very vague in their wording because those words can mean multiple things in today's context. Lawyers (on both sides) being clever, have ways to get around this using various techniques.
A monopoly means one seller. This is the definition in economics and it cannot change. If you read the anti trust ruling, the judge has ruled that the domain here is Operating Systems using Intel processors and their clones. A very narrow definition. Next, you have to define what constitutes a monopoly. The wording here is a bit imprecise, it uses terms like "control" of market or "market power", which can mean millions of different things, depending on the context. Again Lawyers find ways to twist meanings to their use.
Ok Next, you have to define "harming the competition" and separate that from "competition". Competing it self could be defined as "harming the competition". Great !. Now we get into legal messes where every side throws additional legalese making the whole thing a mess. I still cant understand it.
Next, The judge ruled that because Microsoft spent $100 million on developing IE _AND_ then bundled it for free, it harmed the competition. But the counter question is, why would a monopoly have to blow $100 million to improve a product when they are the monopoly? I'm over simplifying it based on some notes I have of this when I looked into it years ago. I have some more thoughts on this but it gets into complicated legal terms which would be sure to bore anyone reading it.