Hahahah! The bit about the honeydipper is hilarious! I have
a septic system and when it isnt working, Ill pay those guys anything. I unclogged
it myself last winter and I dont want to do it again...
Im the same way about my foredecker handle. Its not anonymous in any
mayterial way, but
there is separation from work. Thats why I use my Wordpress blog now and will only
use my msdn blog for pure work stuff.
In any case, Id really enjoy meeting you. Next week is really busy for me, but
anytime after the 19th would be fine. Im trying to figure out howyou can send
me an email without publishing any of my email address on a public forum. None of
the sites I use seem to have a way that lets someone send me email without
logging in. Perhapse you have a facebook account and can
contact me using that.
Or, we can just arrange someting here.& Im happy to have a beer
or a drink so any of the local restaurants or bars is fine with me.
No problem:) Negative perceptions are hard to erase over time. While its still Windows, Windows has adanced tremendously since XP-SP1.
Just curios - how do Linux developers avoid these problems? For example, what 'safe' buffer and string magnment tools do you use? What are the static analysis tools used?
We do exactly what you describe. Secuirty is super-high priority for us. We spend a lot of time on it. Feature work does not trump or take a higher priority than security work.
I can tell you it is way, way more cost effective to do (as you say) "stomp on that kind of thing as you go".
I'm not sure what buffer overflows you are refering to. We're very careful to use the bounds checked type of copies you are referring to. There are many ways to do this. The safe string copy functions are one, so is the new secure CRT. String handling C++ classes are anohter.
Of course, its impossible to claim that there are no 'run of the mill' buffer overlows in Windows XPSP2, Vista, Win7. But we went to great lenghts to avoid them. This includes code reviews, and the use of automated tools (static analysis) among others. But there are very, very few.
Of course, there are still things that need to be fixed and they may be due to simple coding errors, or they may be more complex.
Good Golly Molly! You just made all that up.... how do I know? Because I've been in the middle of that kind of work in Windows for over 6 years.
The design work you described is all done by the core product teams. My team did a bunch of it directly for Vista and W7.
On another note, do you really want to call people fucked up individuals? Really? Would you say that to them directly if we were all together in a pub having a beer? Feel free to dislike MSFT as much as you would like. But with little exception, the people here are pretty groovy folks.
No, we don't have a set of rigid coding standards. Team's have coding standards (mine has one). Teams can be as small as a few people, or as large has many tens of poeple, or a bit more. But there is no Windows or MSFT wide coding standard.
This is especially true for the simply typographic stuff (tabs, spaces, where curly braces go, etc).
Note, there are widely followed best practices. But these are not mandated. They are followed because its the right thing to do.
Sigh.... the CRT string APIs in the CRT have been banned for a long time. We don't use them any more - this also means getting rid of them. Same for a lot of other old bad practices.
Note, this isn't a W7 thing,this all happened 8 years ago for XP SP2.
Dude - there are security problems in lots of non MSFT code too. Just Bing (or google) for (Apach || Linux || Adobe || !Microsoft) && "Security Vulneratbility"*.
You think MSFT are the only people that occasionally have buffer overrun bugs?
The marketing department doesn't make these kinds of decisions, neither does the PR team. Yes, they may be involved but these things are decided (we use the term 'drivin') by the product teams.
Im unclear on what you are arguing about. Im not arguing with you and Im
not asking you to apologize for anything.
Of course, larger files take longer to load.
In any case, like I said before. I appreciate your questions and points about
the host file. They are interesting and Im working on finding an answer. Again,
please be patient.
At this point, I dont know why the 0 thing was removed from the hosts file
parser. Maybe it was an oversight, maybe there was a good reason for it. Maybe
you are right and it needs to be supported again.
On another note, I have a few questions for you.
How many entries do you have in your HOSTS file?
What OS are you running and is it 64 or 32 bit?
How do you manage such a large HOSTS file? Do you edit by
hand? Do you have tools that do it? If so, what tools?
You mention the proper channels. Again, I encourage you to use
Microsoft Connect. Thats the
proper channels. Im only doing this because its interesting.
Slashdot anonymous posts are most definitely not the proper channels.
I still think you and the other Anonymous Coward are the same guy.
Yup, you caught me red handed. I'm a frequent mis-typo-ist. I live with it...
Again, I didn't criticize your spelling or grammar. Its your polemic, and now very argumentative and picayune style.
It’s almost as if you are trying to win some court room trial. I told you in my original post that I sent email about this internally and to be patient in waiting for an answer.
Despite your pushy and obnoxious approach - I think you have a really interesting question and raise some good points. I also see that your motives are generally helpful in nature.
So, really - you are spending way to much time sending me these long re-re-re-iterated replies. I get it, you don't like that the '0' address is going from the Windows hosts file implementation. It’s your time, but its not helping me help you.
My appologies for not being more specific: I should have said: "I'm not going to reply lengthly replies to here on Slasdhot."
About supplying email alias to MSFT people: It's just the wrong thing - on many lelves - for me to post the email address of MSFT employees on any public forum.
The most effective way for you to get in touch with teams at MSFT and to have an actionable conversation with them is to use the Microsoft connect site.
Also, i belive I said in another post somewhere that I enabled no-login comments on my blog. So, you don't need a wordpress login to comment.
Ok, its fine that you want to protect your IP address and not be tracked. That's cool.
I'll continue to post longer repsonses on my blog, and short ones here.
Dud - you are so the APK guy. Its pretty hilarious that you are posting as two differenet people.
Note, I wasn't critizing your (or APK's) spelling or grammer - but the overall polimic and disjoint style. I'm a bad speller... I live with it:)
Ill respond to you on
my blog.
Please be patient. You have three long posts for me to consider and I
have a lot going on right now.
Im sure it takes you time to look for and reply to every single one
of my slashdot posts. You can do one (or both) of the following things to make
it easier for me (or others) to spot your messages:
Get a slashdot login. That way, I can easily spot your posts
and not confuse them with other posts from Anonymous Cowards.
Post comments on
my blog.
Note, I adjusted the settings so people do not have to login
to Wordpress to leave comments.
Also, did you have a chance to get signed into
Microsoft Connect and apply for a connect
relationship with the Windows networking team?
What deep design flaws are you referring to? This isnt a rhetorical
question. Id like to know what you mean.
I suspect things you are considering a design flaw:
Were true for XP and is not true of Win7 (and probably vista).
Are not windows specific things but general OS things.
Are much more subjectively a design flaw than objectively one.
Note, I completely agree that that in absolute terms, Windows systems are the
most infected.
But, that doesnt mean there is proof in the pudding. I
assert that OSX and Linux are not any more secure, or less secure than Windows7.
Two things play first order roles with respect to security
The behavior of the user. If the user does stupid things, bad
things happen.
The surface are of the OS footprint. Windows has a HUGE foot
print: many hundreds of millions of actively running systems.
Malware developers are going to focus on exploiting large numbers of users who
behave foolishly, on the largest install base of systems.
Now, I completely agree that Windows can improve with respect to. security (and other
areas of course). But in the grand scheme of things, its really
very secure.
I argue that if Linux became as popular as windows that it would face
security problems at a similar scale.
What is happening with the iPhone and malware is anecdotal evidence of this.
What do you mean BS? That list is a pretty good summary of what's new in W7?
You may be happy with running on old version of Linux or BSD, but the rest of the world moves on.
Operating systems (yes, including Linux) get better over time, more features, supporting more hardware, getting more efficient: general becoming more useful.
The car analogy holds here - fine for you if you want to continue to drive your old 1978 VW Bettle. I much prefer my 2009 Beetle - so do most people.
Slashdot Mirror
Hahahah! The bit about the honeydipper is hilarious! I have a septic system and when it isnt working, Ill pay those guys anything. I unclogged it myself last winter and I dont want to do it again...
Im the same way about my foredecker handle. Its not anonymous in any mayterial way, but there is separation from work. Thats why I use my Wordpress blog now and will only use my msdn blog for pure work stuff.
In any case, Id really enjoy meeting you. Next week is really busy for me, but anytime after the 19th would be fine. Im trying to figure out howyou can send me an email without publishing any of my email address on a public forum. None of the sites I use seem to have a way that lets someone send me email without logging in. Perhapse you have a facebook account and can contact me using that.
Or, we can just arrange someting here.& Im happy to have a beer or a drink so any of the local restaurants or bars is fine with me.
-Foredecker
No worries :)
What is a 'blind link'?
-Foredecker
Oh, do you mean these :)
Microsoft Exchange Server 2010 Protocol Documentation
Here is the announcement from Feb 2008: Microsoft Makes Strategic Changes in Technology and Business Practices to Expand Interoperability.
Bing is your friend.
-Foredecker
No problem:) Negative perceptions are hard to erase over time. While its still Windows, Windows has adanced tremendously since XP-SP1.
Just curios - how do Linux developers avoid these problems? For example, what 'safe' buffer and string magnment tools do you use? What are the static analysis tools used?
-Foredecker
We do exactly what you describe. Secuirty is super-high priority for us. We spend a lot of time on it. Feature work does not trump or take a higher priority than security work.
I can tell you it is way, way more cost effective to do (as you say) "stomp on that kind of thing as you go".
-Foredecker
I'm not sure what buffer overflows you are refering to. We're very careful to use the bounds checked type of copies you are referring to. There are many ways to do this. The safe string copy functions are one, so is the new secure CRT. String handling C++ classes are anohter.
Of course, its impossible to claim that there are no 'run of the mill' buffer overlows in Windows XPSP2, Vista, Win7. But we went to great lenghts to avoid them. This includes code reviews, and the use of automated tools (static analysis) among others. But there are very, very few.
Of course, there are still things that need to be fixed and they may be due to simple coding errors, or they may be more complex.
-Foredecker
That's exaclty right.
Right - its a typo... ( I just whipped that off too qickly). It is "driven".
The design work you described is all done by the core product teams. My team did a bunch of it directly for Vista and W7.
On another note, do you really want to call people fucked up individuals? Really? Would you say that to them directly if we were all together in a pub having a beer? Feel free to dislike MSFT as much as you would like. But with little exception, the people here are pretty groovy folks.
- Foredecker
http://blogs.msdn.com/e7/archive/2009/04/25/engineering-windows-7-for-graphics-performance.aspx
http://blogs.technet.com/markrussinovich/archive/2009/10/22/3288577.aspx
-Foredecker
This is especially true for the simply typographic stuff (tabs, spaces, where curly braces go, etc).
Note, there are widely followed best practices. But these are not mandated. They are followed because its the right thing to do.
-Foredecker
Note, this isn't a W7 thing ,this all happened 8 years ago for XP SP2.
You think MSFT are the only people that occasionally have buffer overrun bugs?
HAHAHAHAHAHHAAHAH....
* Note, boolean logic here is faux
The marketing department doesn't make these kinds of decisions, neither does the PR team. Yes, they may be involved but these things are decided (we use the term 'drivin') by the product teams.
No worries APK. Its good to meet you as well. Its your IP address to control.
Hi APK,
Im unclear on what you are arguing about. Im not arguing with you and Im not asking you to apologize for anything.
Of course, larger files take longer to load.
In any case, like I said before. I appreciate your questions and points about the host file. They are interesting and Im working on finding an answer. Again, please be patient.
At this point, I dont know why the 0 thing was removed from the hosts file parser. Maybe it was an oversight, maybe there was a good reason for it. Maybe you are right and it needs to be supported again.
On another note, I have a few questions for you.
You mention the proper channels. Again, I encourage you to use Microsoft Connect. Thats the proper channels. Im only doing this because its interesting. Slashdot anonymous posts are most definitely not the proper channels.
Thanks
- Foredecker
I still think you and the other Anonymous Coward are the same guy.
Yup, you caught me red handed. I'm a frequent mis-typo-ist. I live with it...
Again, I didn't criticize your spelling or grammar. Its your polemic, and now very argumentative and picayune style.
It’s almost as if you are trying to win some court room trial. I told you in my original post that I sent email about this internally and to be patient in waiting for an answer.
Despite your pushy and obnoxious approach - I think you have a really interesting question and raise some good points. I also see that your motives are generally helpful in nature.
So, really - you are spending way to much time sending me these long re-re-re-iterated replies. I get it, you don't like that the '0' address is going from the Windows hosts file implementation. It’s your time, but its not helping me help you.
-Foredecker
My appologies for not being more specific: I should have said: "I'm not going to reply lengthly replies to here on Slasdhot."
About supplying email alias to MSFT people: It's just the wrong thing - on many lelves - for me to post the email address of MSFT employees on any public forum.
The most effective way for you to get in touch with teams at MSFT and to have an actionable conversation with them is to use the Microsoft connect site.
Also, i belive I said in another post somewhere that I enabled no-login comments on my blog. So, you don't need a wordpress login to comment.
Ok, its fine that you want to protect your IP address and not be tracked. That's cool.
I'll continue to post longer repsonses on my blog, and short ones here.
Best Regards -Foredecker
Dud - you are so the APK guy. Its pretty hilarious that you are posting as two differenet people. Note, I wasn't critizing your (or APK's) spelling or grammer - but the overall polimic and disjoint style. I'm a bad speller... I live with it :)
Best Regards
Foredecker
Ya - I know. But someting in me couldn't resist. I suppose its character flaw... :)
Hi APK - thanks for the posts. I see them.
A few things.
Also, did you have a chance to get signed into Microsoft Connect and apply for a connect relationship with the Windows networking team?
Thanks,
Foredecker
What deep design flaws are you referring to? This isnt a rhetorical question. Id like to know what you mean.
I suspect things you are considering a design flaw:
Note, I completely agree that that in absolute terms, Windows systems are the most infected.
But, that doesnt mean there is proof in the pudding. I assert that OSX and Linux are not any more secure, or less secure than Windows7. Two things play first order roles with respect to security
Malware developers are going to focus on exploiting large numbers of users who behave foolishly, on the largest install base of systems.
Now, I completely agree that Windows can improve with respect to. security (and other areas of course). But in the grand scheme of things, its really very secure.
I argue that if Linux became as popular as windows that it would face security problems at a similar scale.
What is happening with the iPhone and malware is anecdotal evidence of this.
What do you mean BS? That list is a pretty good summary of what's new in W7? You may be happy with running on old version of Linux or BSD, but the rest of the world moves on. Operating systems (yes, including Linux) get better over time, more features, supporting more hardware, getting more efficient: general becoming more useful. The car analogy holds here - fine for you if you want to continue to drive your old 1978 VW Bettle. I much prefer my 2009 Beetle - so do most people.
great post