if either test signing is enabled or driver signature checking is disabled, Windows Media Player refuses to play protected songs and movies. Protection against rootkits my ass.
... you just have a limited set of things you care about.
If a character who gets killed shows up again, then they're a ghost, or they're a twin, or a con artist, or the death was faked. You don't go "it's only fiction", most of the time... you expect most movies to have more continuity and realism than Looney Tunes.
Movie studios spend millions on things like the texture of the wet street in night-time shots, because they know people know what a wet street looks like at night. Even movies with Bugs-bunny levels of realism go to huge lengths to get a character's clothes blowing the right way in the wind, and take a shot over when a legionary is caught wearing a wrist-watch. Because enough stupid mistakes will destroy any movie-goer's ability to immerse themselves in the story.
Just because you don't happen to care about this particular kind of mistake is no reason to dismiss the opinions of folks who do.
A lot of the stuff that's wrong with Windows XP was already known to be wrong as early as 1997, back when Windows XP's precursor was Windows NT 3.51 and the integration of Windows 95's shell was the big obvious change in Windows NT 4.0.
As a result, something that should have been fixed in Win 95 -- the way Windows slowly chokes on the leftovers of old programs -- remains a problem.
Something that should have been fixed in Windows 3.1, you mean. By 1997 this was a huge and obvious problem in Windows, and one that we'd already been fighting for five years.
Microsoft also did nothing to make the system registry -- the collection of settings that constitutes a single, system-wide point of failure -- less of a nightmare.
Relacing INI files with a binary encoded version of the same INI files (look at a registry dump some time) was obviously a huge step backwards... in 1994 or so.
Note, also, what Microsoft never thought to include in XP: anti-virus software...
Anti-virus software isn't necessary in a competantly written system. The OS and applications should be held responsible for keeping viruses out in the first place, rather than trying to catch them after the fact. In 1997 Microsoft completely blew it, introduced the greatest virus distribution system the world has ever known in the criminally incompetant "Active Desktop" and everything that it's spawned. The only "antivirus" I use now, and from 1997 to 2002 the most important standard "antivirus" for the systems I supported, was "no Internet Explorer or Outlook", and then later (as they started using the HTML control) "no Windows Media Player or Realplayer".
This stuff was obvious years before XP came out. A headline like "If Only We Knew Then What We Know Now About Windows XP" only means "it's not just the political reporters who can't remember what happened a few years ago".
Yes, he wrote horrid space opera, but the computers in Skylark were tremendously fast and powerful, small and cheap enough to throw away, and completely stupid. There's one scene in the Skylark series where Seaton (the hero, brilliant, handsome, caring, monogamous) and a super-intelligent humanoid are working on the control system for a new space ship. Seaton sits down and designs a control module, then another only slightly different, and another, marvelling at the ability of the alien force-based technology to aid his design... and when he finishes the first row he looks up to see his alien partner leaning back as row after row of controls are built automatically.
In that scene... written before computers even had a name... you have computers that are cheap, dumb, fast, small, and completely capable of being misused because they're dumb and fast. Of course at the same time the "brain" of the ship was single huge machine, but even there it was purely a tool. It wasn't a thinking machine, it was a control system.
Who guessed that they'd still be stupid, 50 years later, but so small and so cheap that they run coke machines?
Isaac Asimov.
Yes, Asimov wrote about supercomputers, but he also had pocket calculators in the '50s.
The real place to look for small and cheap computers in science fiction of the fifties and sixties are Star Trek's automatic doors and everyone's autopiloted cars.
For SciFi that gets things right, the key is to look for SciFi without Sci. Orwell, for instance: 1984 is amazingly prescient.
Orwell was writing about what was already happening in 1948. Which is why people have been saying "1984 is already coming true" since, well, it was written.
With that kind of shafting, I'd be pissed off too!
What shafting?
Walmart is getting a physical object that the studios have to package for DVD, produce, warehouse, distribute, and take back if defective. Walmart is getting extra content specially produced for DVD sales. Walmart is getting free standups and other advertising material.
Apple is getting a right-to-copy, they're taking on the costs of format conversion and QC, and they're not getting any extra content or marketing support.
I don't know whether $3.50 is a good or bad price for all that extra material, but I'm sure that if Walmart wants to take on the production, marketing, and distribution they'll be welcome to a cut rate.
There's maybe one show in any given month that I'm really interested in watching.
Four weekly episodes, that's $10 per episode.
Before I got married, I didn't even own a TV. I've got cable internet, and it's fantastic, and the TV belongs to the wife and kids, and I catch one show a week at most. If I have to pay $8 a month more because I can't catch that show when it's on, or get it recorded, that's a bargain.
Certainly not by an order of magnitude (and marketshare pretty much covers that disparity on its own).
No, it's not an order of magnitude worse than any other browser component. It's much much worse than that.
Before Microsoft introduced the HTML control the very idea that it would be possible to have code downloaded and executed with full local permissions simply by viewing a document was a bad joke. Literally. There was a virus hoax going around called the "GOOD TIMES" virus that was clearly a hoax because everyone in the industry knew that nobody would be so stupid as to ship software that could do that, at least without it being a bug that would be immediately fixed and never re-introduced. Good Times was a classic urban legend on the Internet, funny once, but by 1997 system admins were long tired of their users asking about it.
Not only did Microsoft do that, but they published an official API to support it, and they refused to back the API out after the worst flood of viruses ever showed up taking advantage of it. They refused to take it out when (for unrelated reasons) the DoJ was demanding that they take it out. It's still in there, and on top of that they've extended the original fundamentally broken design to.NET and other components. They've added thousands of complex rules and restrictions about it, and added lots of ever-changing and confusing dialogs to warn people that it was being used, but they've refused to fix it.
There is nothing even vaguely as bad as ActiveX in any other HTML display component implemented anywhere. By anyone. There are individual bugs that have to be fixed... but once fixed, they're fixed for good, because plugging a buffer overflow doesn't involve removing a published API. Internet Explorer has those kinds of problems as well, but no other browser, mail program, or any other application using any other browser component than the MS HTML control is within several orders of magnitude at risk of the kinds of attacks the the Microsoft HTML control opens them up to. The very worst cases (and I've written about THOSE elsewhere) are negligable problems by comparison.
And the idea that anyone with your obvious competance would consider this as anything less than an utterly damning flaw in IE, Outlook, WMP, Realplayer, and any other application that uses the HTML control is incomprehensible to me. How can you possibly condone making "Good Times" real?
Every generation has some prominent figure putting his entire foot in his mouth saying something along the lines of "Pretty much everything that can be invented has been invented.".
He didn't say that.
Try "within 20 years pretty much everything that can be obviously patented (is that an oxymoron or what?) in the current land-grab will have been patented and expired". Which is so completely different than what you said that I can't imagine what patent medicine you're on.
"Being widely reused by the system" is *the whole freaking point* of using shared components like IE.
Yeh, I know, I got that.
What that means, though, is that when there's a deep fundamental unfixable security flaw inherent in the design of the HTML control, that's a deep fundamental unfixable security hole in the OS.
You haven't explained how it's different to its contemporaries on other systems
I have explained at great length how making the HTML control attempt to figure out whether a document its presenting is trusted or not (rather than putting that decision in the hands of the application that called it) is inherently insecure... oh, roughly two to the infinity minus one times over the past 8 or so years. I have explained, similarly, how the API makes it impossible for a calling application to make that determination... maybe as often.
And I'm not alone on this. This is something that is so completely obvious to anyone with any experience in computer security that it's hard to imagine that everyone at Microsoft in a position to decide policy is so incompetant that it escaped their notice. You shouldn't need to watch wave after wave of attacks totally blow by Microsoft's appalling patchwork of "security zones" to figure it out.
Gecko and KHTML do not suffer from the same flaw. It's possible for an application using these components to be secure from "cross zone" attacks, because there is no mechanism to bypass a strict application-level sandbox available to documents using these components unless the application that called them inserted it.
This is not actually possible with he HTML control.
Are you similarly ambivalent towards glibc on Linux ?
As a matter of fact, the complexity of glibc does bother me, but I'm not aware of any similar deep security flaws in glibc that would require re-writing parts of every application that used it, so I can't say I'm "similarly ambivalent". I'm not "ambivalent" towards the HTML control in any sense. It's not a love-hate situation in any way, bucko, it's a straightforward contempt-hate one.
If they put in their oar with the add-ons theory and it actually works, then they've beat the odds and saved lots of man-hours.
They've been trying to do that since 1997, with more and more layers of bandaids every time around, and with Microsoft's well-wishers hopefully saying "maybe they'll beat the odds this time". By now using the active content components of IE is less convenient for user and developer alike than the old "sandbox and plugin" model that they rejected because it was to inconvenient ever was, and they STILL haven't beaten the odds. And they've wasted FAR more man-hours than they ever might have saved.
One definition of insanity is doing the same thing over and over again after you've seen it doesn't work. Microsoft is not a sane company.
The MS HTML control is used throughout the system, by more components than I can think of, including the default shell. That may be running in user mode, but it's run by so many applications that it needs to be considered part of the OS. Microsoft claims it is... that was the whole basis of their second go-round with the Department of Justice, the one that would have led to them being broken up as a company if Bush hadn't won the election in 2000 and called off the dogs.
That "protected" mode is pretty close to what would be "normal user" mode in any other operating system.
An exploit running in that mode is still running native code, it can still make any network connections it wants, it can create files, it can write to the registry, it can perform buffer overflow attacks on system calls, it can drop executable files and scripts in "Temporary Internet Files" and execute them.
A real sandbox environment is one where there is no mechanism to execute native code (even after asking the user in an approval dialog), where there is no mechanism to create files, to write to non-volatile storage visible outside the session, to establish network connections, to open windows, to create processes...
Because once you can do that, you're penetrated. And once you're penetrated, you're fucked.
Thirty years ago the first "cyberpunk" novels were being written, and one of the things that the writers of these novels suggested was that you'd be able to run programs on other people's computers even if they didn't have a reason to trust you, and this would be considered "OK". As a technically oriented SF reader I thought that was a dumb idea then, but it was OK as SF. It would never happen in the real world.
Twenty years ago the first email "worms" showed up. Obviously they were a temporary abberation. The authors of mail programs were acting to close the holes in the programs that let them propogate, and a little simple level of common sense would make them a thing of the past. Right?
Ten years ago there was a hoax going around called the "GOOD TIMES" virus, about an email worm that could infect you just by opening a message. Even if you were (as everyone should be) careful about running attachments, you could be infected. That could never happen, nobody would be so stupid as to allow code to run in email, or to have mail scripts that were powerful enough to do that...
Nine years ago Microsoft merged the browser and the desktop, and we've been fucked ever since. Until Microsoft backs out of that and everything that comes out of it, they're never going to have a secure system.
On the one hand, they didn't count intel as mac, so market share's up 0.6% not down 0.2% by their measure.
On the other hand, at least they're measuring market share by use and not sales.
On the gripping hand, I expected Apple's market share to be down significantly now because of the uncertainty over the Intel switch and the very real teething problems, so even down a little would be better than I was expecting.
On the... damn, out of hands. On the other other hand, it's kind of irritating that "Intel" seems to translate to "good" in people's minds...
if either test signing is enabled or driver signature checking is disabled, Windows Media Player refuses to play protected songs and movies. Protection against rootkits my ass.
No further comment necessary.
If the only choice one has in a personal computer, is a crappy PC, then there is likely some injustice involved.
...
Well, there you have it.
You can get a crappy PC running Windows, or a crappy PC running Linux, or pay 40% more for a less crappy but less powerful PC running Mac OS X.
You can't get a PC running AmigaDOS, BeOS, OS/2, the Xerox Star office system,
I guess you're too young to remember the '80s when there really was competition in desktop computers. You think what we've got now is competition.
... you just have a limited set of things you care about.
If a character who gets killed shows up again, then they're a ghost, or they're a twin, or a con artist, or the death was faked. You don't go "it's only fiction", most of the time... you expect most movies to have more continuity and realism than Looney Tunes.
Movie studios spend millions on things like the texture of the wet street in night-time shots, because they know people know what a wet street looks like at night. Even movies with Bugs-bunny levels of realism go to huge lengths to get a character's clothes blowing the right way in the wind, and take a shot over when a legionary is caught wearing a wrist-watch. Because enough stupid mistakes will destroy any movie-goer's ability to immerse themselves in the story.
Just because you don't happen to care about this particular kind of mistake is no reason to dismiss the opinions of folks who do.
A lot of the stuff that's wrong with Windows XP was already known to be wrong as early as 1997, back when Windows XP's precursor was Windows NT 3.51 and the integration of Windows 95's shell was the big obvious change in Windows NT 4.0.
...
As a result, something that should have been fixed in Win 95 -- the way Windows slowly chokes on the leftovers of old programs -- remains a problem.
Something that should have been fixed in Windows 3.1, you mean. By 1997 this was a huge and obvious problem in Windows, and one that we'd already been fighting for five years.
Microsoft also did nothing to make the system registry -- the collection of settings that constitutes a single, system-wide point of failure -- less of a nightmare.
Relacing INI files with a binary encoded version of the same INI files (look at a registry dump some time) was obviously a huge step backwards... in 1994 or so.
Note, also, what Microsoft never thought to include in XP: anti-virus software
Anti-virus software isn't necessary in a competantly written system. The OS and applications should be held responsible for keeping viruses out in the first place, rather than trying to catch them after the fact. In 1997 Microsoft completely blew it, introduced the greatest virus distribution system the world has ever known in the criminally incompetant "Active Desktop" and everything that it's spawned. The only "antivirus" I use now, and from 1997 to 2002 the most important standard "antivirus" for the systems I supported, was "no Internet Explorer or Outlook", and then later (as they started using the HTML control) "no Windows Media Player or Realplayer".
This stuff was obvious years before XP came out. A headline like "If Only We Knew Then What We Know Now About Windows XP" only means "it's not just the political reporters who can't remember what happened a few years ago".
E. E. Smith.
Yes, he wrote horrid space opera, but the computers in Skylark were tremendously fast and powerful, small and cheap enough to throw away, and completely stupid. There's one scene in the Skylark series where Seaton (the hero, brilliant, handsome, caring, monogamous) and a super-intelligent humanoid are working on the control system for a new space ship. Seaton sits down and designs a control module, then another only slightly different, and another, marvelling at the ability of the alien force-based technology to aid his design... and when he finishes the first row he looks up to see his alien partner leaning back as row after row of controls are built automatically.
In that scene... written before computers even had a name... you have computers that are cheap, dumb, fast, small, and completely capable of being misused because they're dumb and fast. Of course at the same time the "brain" of the ship was single huge machine, but even there it was purely a tool. It wasn't a thinking machine, it was a control system.
Who guessed that they'd still be stupid, 50 years later, but so small and so cheap that they run coke machines?
Isaac Asimov.
Yes, Asimov wrote about supercomputers, but he also had pocket calculators in the '50s.
The real place to look for small and cheap computers in science fiction of the fifties and sixties are Star Trek's automatic doors and everyone's autopiloted cars.
For SciFi that gets things right, the key is to look for SciFi without Sci. Orwell, for instance: 1984 is amazingly prescient.
Orwell was writing about what was already happening in 1948. Which is why people have been saying "1984 is already coming true" since, well, it was written.
That's not really your choice to make for people
Would you mind going back in this exchange and pointing out where I'm making someone else's choice for them?
and money wasted is a bad thing no matter what...
I'm inclined to interject roars of laughter and broad guffaws here. If I was on TV the laugh track would do it for me.
it's Wal-Mart vs. the movie studios
Walmart vs Apple, Shirley.
if america is eventually culturally shifted to this new "paradigm", people will end up paying MORE to corporations, and receiving LESS.
Paying more and receiving less television?
This is only a problem if television is considered a social good. Personally, I'm skeptical.
With that kind of shafting, I'd be pissed off too!
What shafting?
Walmart is getting a physical object that the studios have to package for DVD, produce, warehouse, distribute, and take back if defective. Walmart is getting extra content specially produced for DVD sales. Walmart is getting free standups and other advertising material.
Apple is getting a right-to-copy, they're taking on the costs of format conversion and QC, and they're not getting any extra content or marketing support.
I don't know whether $3.50 is a good or bad price for all that extra material, but I'm sure that if Walmart wants to take on the production, marketing, and distribution they'll be welcome to a cut rate.
sounds like you shouldn't be paying for cable.
If I wasn't getting better internet that way, and if I wasn't getting it for the wife and kids, I wouldn't be.
Point is, iTunes Store is for people like me. I don't buy albums - I buy tracks. I don't pay for cable - I buy shows.
Cable is $40 a month.
There's maybe one show in any given month that I'm really interested in watching.
Four weekly episodes, that's $10 per episode.
Before I got married, I didn't even own a TV. I've got cable internet, and it's fantastic, and the TV belongs to the wife and kids, and I catch one show a week at most. If I have to pay $8 a month more because I can't catch that show when it's on, or get it recorded, that's a bargain.
Yeah, and that's, uh, extremely discouraging to any would-be patriots of our age, I do believe.
Of any age.
I'm not saying this is good.
I'm simply saying it's necessary.
Certainly not by an order of magnitude (and marketshare pretty much covers that disparity on its own).
.NET and other components. They've added thousands of complex rules and restrictions about it, and added lots of ever-changing and confusing dialogs to warn people that it was being used, but they've refused to fix it.
No, it's not an order of magnitude worse than any other browser component. It's much much worse than that.
Before Microsoft introduced the HTML control the very idea that it would be possible to have code downloaded and executed with full local permissions simply by viewing a document was a bad joke. Literally. There was a virus hoax going around called the "GOOD TIMES" virus that was clearly a hoax because everyone in the industry knew that nobody would be so stupid as to ship software that could do that, at least without it being a bug that would be immediately fixed and never re-introduced. Good Times was a classic urban legend on the Internet, funny once, but by 1997 system admins were long tired of their users asking about it.
Not only did Microsoft do that, but they published an official API to support it, and they refused to back the API out after the worst flood of viruses ever showed up taking advantage of it. They refused to take it out when (for unrelated reasons) the DoJ was demanding that they take it out. It's still in there, and on top of that they've extended the original fundamentally broken design to
There is nothing even vaguely as bad as ActiveX in any other HTML display component implemented anywhere. By anyone. There are individual bugs that have to be fixed... but once fixed, they're fixed for good, because plugging a buffer overflow doesn't involve removing a published API. Internet Explorer has those kinds of problems as well, but no other browser, mail program, or any other application using any other browser component than the MS HTML control is within several orders of magnitude at risk of the kinds of attacks the the Microsoft HTML control opens them up to. The very worst cases (and I've written about THOSE elsewhere) are negligable problems by comparison.
And the idea that anyone with your obvious competance would consider this as anything less than an utterly damning flaw in IE, Outlook, WMP, Realplayer, and any other application that uses the HTML control is incomprehensible to me. How can you possibly condone making "Good Times" real?
As for their being a shortage of patentable things whlle progress keeps rolling, that's just silly.
Read for content.
I didn't say there was a shortage of patents, I said that the current crop of "obvious patents" (which is still an oxymoron) will get mined out.
That doesn't mean that "there's a sortage of patentable things".
That doesn't mean that "software patents aren't a problem".
12% of new laptop sales isn't enough people?
The "market share" dog don't hunt, coward.
typical thumbdrive: 256MB, about, well, about the size of a child's thumb.
When they were introduced, a thumb drive was typically 4-16MB, and cost $50-100, and a floppy disk was 1.4MB and cost 50c.
What thumb drives delivered a killer blow to was Zip and MO drives, at $15 for 20MB to 100MB, and half a dozen incompatible formats.
What killed the floppy was CD burners.
Every generation has some prominent figure putting his entire foot in his mouth saying something along the lines of "Pretty much everything that can be invented has been invented.".
He didn't say that.
Try "within 20 years pretty much everything that can be obviously patented (is that an oxymoron or what?) in the current land-grab will have been patented and expired". Which is so completely different than what you said that I can't imagine what patent medicine you're on.
people need to be held more accountable for their voting actions
I am quite unable to comprehend the confusion in the mind that would lead one to make such a statement.
"Being widely reused by the system" is *the whole freaking point* of using shared components like IE.
Yeh, I know, I got that.
What that means, though, is that when there's a deep fundamental unfixable security flaw inherent in the design of the HTML control, that's a deep fundamental unfixable security hole in the OS.
You haven't explained how it's different to its contemporaries on other systems
I have explained at great length how making the HTML control attempt to figure out whether a document its presenting is trusted or not (rather than putting that decision in the hands of the application that called it) is inherently insecure... oh, roughly two to the infinity minus one times over the past 8 or so years. I have explained, similarly, how the API makes it impossible for a calling application to make that determination... maybe as often.
And I'm not alone on this. This is something that is so completely obvious to anyone with any experience in computer security that it's hard to imagine that everyone at Microsoft in a position to decide policy is so incompetant that it escaped their notice. You shouldn't need to watch wave after wave of attacks totally blow by Microsoft's appalling patchwork of "security zones" to figure it out.
Gecko and KHTML do not suffer from the same flaw. It's possible for an application using these components to be secure from "cross zone" attacks, because there is no mechanism to bypass a strict application-level sandbox available to documents using these components unless the application that called them inserted it.
This is not actually possible with he HTML control.
Are you similarly ambivalent towards glibc on Linux ?
As a matter of fact, the complexity of glibc does bother me, but I'm not aware of any similar deep security flaws in glibc that would require re-writing parts of every application that used it, so I can't say I'm "similarly ambivalent". I'm not "ambivalent" towards the HTML control in any sense. It's not a love-hate situation in any way, bucko, it's a straightforward contempt-hate one.
Historically true. But I question that "must" with a "why?" Is it not possible to break free from that cycle?
The best we've come up with is a mechanism to try and ensure the patriots get vindicated posthumously.
If they put in their oar with the add-ons theory and it actually works, then they've beat the odds and saved lots of man-hours.
They've been trying to do that since 1997, with more and more layers of bandaids every time around, and with Microsoft's well-wishers hopefully saying "maybe they'll beat the odds this time". By now using the active content components of IE is less convenient for user and developer alike than the old "sandbox and plugin" model that they rejected because it was to inconvenient ever was, and they STILL haven't beaten the odds. And they've wasted FAR more man-hours than they ever might have saved.
One definition of insanity is doing the same thing over and over again after you've seen it doesn't work. Microsoft is not a sane company.
What "deep connections" ?
The MS HTML control is used throughout the system, by more components than I can think of, including the default shell. That may be running in user mode, but it's run by so many applications that it needs to be considered part of the OS. Microsoft claims it is... that was the whole basis of their second go-round with the Department of Justice, the one that would have led to them being broken up as a company if Bush hadn't won the election in 2000 and called off the dogs.
That "protected" mode is pretty close to what would be "normal user" mode in any other operating system.
An exploit running in that mode is still running native code, it can still make any network connections it wants, it can create files, it can write to the registry, it can perform buffer overflow attacks on system calls, it can drop executable files and scripts in "Temporary Internet Files" and execute them.
A real sandbox environment is one where there is no mechanism to execute native code (even after asking the user in an approval dialog), where there is no mechanism to create files, to write to non-volatile storage visible outside the session, to establish network connections, to open windows, to create processes...
Because once you can do that, you're penetrated. And once you're penetrated, you're fucked.
Thirty years ago the first "cyberpunk" novels were being written, and one of the things that the writers of these novels suggested was that you'd be able to run programs on other people's computers even if they didn't have a reason to trust you, and this would be considered "OK". As a technically oriented SF reader I thought that was a dumb idea then, but it was OK as SF. It would never happen in the real world.
Twenty years ago the first email "worms" showed up. Obviously they were a temporary abberation. The authors of mail programs were acting to close the holes in the programs that let them propogate, and a little simple level of common sense would make them a thing of the past. Right?
Ten years ago there was a hoax going around called the "GOOD TIMES" virus, about an email worm that could infect you just by opening a message. Even if you were (as everyone should be) careful about running attachments, you could be infected. That could never happen, nobody would be so stupid as to allow code to run in email, or to have mail scripts that were powerful enough to do that...
Nine years ago Microsoft merged the browser and the desktop, and we've been fucked ever since. Until Microsoft backs out of that and everything that comes out of it, they're never going to have a secure system.
On the one hand, they didn't count intel as mac, so market share's up 0.6% not down 0.2% by their measure.
On the other hand, at least they're measuring market share by use and not sales.
On the gripping hand, I expected Apple's market share to be down significantly now because of the uncertainty over the Intel switch and the very real teething problems, so even down a little would be better than I was expecting.
On the... damn, out of hands. On the other other hand, it's kind of irritating that "Intel" seems to translate to "good" in people's minds...