TimeThis : Elapsed Time : 00:00:00.090 TimeThis : Elapsed Time : 00:00:00.100
The timer ticks every.010 seconds, so you're only seeing a difference of one timer tick. This program isn't taking long enough to meaningfully compare speed optimization anyway. (9 or 10 ticks? Most of that is probably just process start/stop overhead and disk access.)
Visualc++_hello.exe's file size is 3584 bytes. Gcc_hello.exe's file size is 5120 bytes.
GCC doesn't pack the segments quite as well, you'd need a much larger program to compare actual code size. On very small programs, msvc will always produce smaller files than gcc, but that has very little to do with the actual code.
The coders who would just look at you funny if you suggested that they use a command-line tool.
You say that, buy I bet you'd look at me funny if I suggested that you write all your code in asm. Sure, you may be able to do it, but why? And then if you don't excersize that particular skill for a while, it takes longer to remember how.
Windows people tend to write their papers in MS Word, and only MS Word... because that's what everyone else uses. It is a more conformist culture (this isn't a judgment, it's simply a fact!)
This is not "Windows people." This is "people."
It's not so much that Windows users are a strange subset of the population as that Unix users are. Most people want to just get their work done, they don't particularly care how. So they just use what everyone else uses, because it obviously works for them and it saves time trying to worry about it.
I am, at this very moment, editing a letter using GNU nano and a CGI I scripted in Perl to format it nicely for printing and/or PDFing. I'm not using MS Office, or even OpenOffice.
And I'm using LiteStep (free) on Windows, have a few documents open in SciTE (free), have a HydraIRC (free) client running, and am typing into Mozilla FireFox (free). A while ago I used PuTTY (free) to run a script on my server. I don't know why, I have Perl (free) installed here.
We're both weird, and we're on different sides of the pool. There's just a lot more "average people" using Windows.
You can download Microsoft's command-line C/C++/C# compilers for free
Last time I checked, the free compiler does not do optimization, which means there's no benefit over gcc. You're better off going with Dev-C++
Don't forget either that the basic Visual C++/C# package is only $99.
and according to Microsoft's web site, that doesn't include an optimizing compiler either. What makes them think that anything that doesn't do optimization can be called "standard"? Who, besides students, would want that? Especially considering that gcc will do that just as well for free...
It looks like their cheapest optimizing C++ compiler is $1079 (MSRP, of course), so it would actually be cheaper to buy the "standard" version for the IDE and Intel's compiler.
which there is. As everyone and their mother has said, hold down shift and right click. Ooh, "run as..."!
Not to mentio windows has no sudo
Also comes in command line flavor! runas/user:<UserName> program
or su
Well, not that I'm aware of, but you can use runas on cmd.exe or explorer (possibly depeding on settings)
The OS supports it, it's just not needed often enough for a command. Windows' security model allows much finer-grained control than Unix.
or even a terminal worth a damn
Granted, it's not as powerful as Unix shells, but cmd.exe is much better than command.com. Then you can write scripts in javascript or (blech) vbscript using wsh.
without cygwin
You get equivalents for a good number of Unix commands as native win32 executables. Many are distributed by Microsoft, although you have to hunt a little to find them, and of course there's UnxUtils.
You forgot the `capability to print (bang out) on sheet metal'...
Say, how about a laser printer that uses a CO2 laser? Don't bother with toner, just turn the power way down and char the text into the paper. Turn the power back up and cut through steel.
Or maybe you'd need one of those cutting tools that uses little plastic beads in a high-pressure stream of water. Custom shaped birthday cakes and your resume carved out of a granite slab.
I paid $290 for Windows 2000 Professional a few years ago. It still serves me well.
Why not Linux? (or *BSD) Well, Windows has a better virtual desktop manager for one thing.
I've got a spare computer here, and I've been trying to install various *BSD and Linux distros. Maybe I have some sort of hardware problem, but nearly every one has failed to install, and none seem to have a sensible failure mode in their installer. (OpenBSD installed flawlessly, although that didn't include setting up X)
Mandrake 9.2 (I think 9.2...) finally installed, with KDE. I found it awkward, less stable, and less functional compared to Windows. Of course part of the functionality was because it failed to install with some of the extra goodies enabled, and I had to restart the entire install process whenever one optional piece failed... eventually I got fed up and just disabled them all.
I'd never use Windows for a server, but it seems to still be the best thing for me on a desktop machine.
Sounds like an issue with NX bit implementation on A64... this protects memory that is tagged as data from being executed (which protects against buffer overrun exploits, which are 50% of the MS security issues).
Not really. Not alone anyway.
This would affect.NET, Java, etc. However I'm sure that there is a way to fix this for these types of application!
And that's why. If the system call that JIT compilers use to switch protection off can be found, you can just manufacture a call to it on the stack, and make it return into your buffer.
This changes the exploit from:
[buffer] [return address] [code] [points into buffer]
to:
[buffer] [return address] [code] [address of system call] [parameters] [points into buffer]
Slightly more difficult, but not terribly useful by itself. Now if they put that system call in an ASCII armour area, or moved it around a lot, that would do the trick.
Re:My system for spam.
on
Gates on Spam
·
· Score: 1
Sure but it's be a severe impact on the speed with which they'd be able to send out messages.
Yeah, nobody needs mailing lists anyway, right?
Remember that not all mass mailing is spam, this is a fatal flaw in the majority of proposed solutions.
One simple thing average users can do is to give people they communicate with some special keyword they should always add to messages they send you with an attachment. It doesn't have to be anything special - even a company name would do. The idea is no mass-mailing worm would know to include it.
There have been worms that resent randomly selected files from your mailbox. This would cut down on faked "From:" addresses for people that you recognize, but not from the infected machine or from random strangers.
So we chose to 'microwave' our cash, over $1000 in twenties in a stack, not spread out on a carasoul. Do you know what exploded on American money?? The right eye of Andrew Jackson on the new twenty, every bill was uniform in it's burning... Isnt that interesting?
So you stick them in a pile, so that the corresponding places on each bill lines up and they all burn through in the same place? No way!
So is this just W^X for the stack then? That's a little disappointing...
Self-modifying code of course becomes essentially impossible with W^X, but with modern processors, pipelining, cached decoded instructions, etc. self-modifying code isn't a good idea anyway. It will kill performance, which makes it mostly useless. (JIT compilers might be hurt to some degree)
But it doesn't really stop someone from exploiting a buffer overflow. You just need to synthesize a call on the stack to the system call that enables execute on that page, and make it return into the buffer:
Old exploit: call: [buffer][ret addr] ret: [xxxxxx][addr in buffer]
New exploit: call: [buffer][ret addr] ret: [xxxxxx][addr of sys call][params][addr in buffer]
In other words, it makes it more difficult, but not impossible.
Now if you put the syscall in an ASCII-armor region, or move it around, that might make it impossible to exploit directly. (Just making the syscall refuse to return into the memory it's changing permissions on doesn't help.)
If the.exe is statically linked perhaps, otherwise, you're going to have all kinds of library problems when moving the sam app between win 95, win 98, win 2k, and win XP.
That's funny, I do it all the time with no such problems. You do have to use GetProcAddr if you want to use features that don't exist in the older versions, but that's far from difficult. Sometimes there'll be some subtil change in behavior in things like common dialogs, but nothing earthshattering.
Microsoft goes to a LOT of trouble to make sure existing applications still work on a new version of Windows, because if you DID have to recompile all your apps, you'd be screwed. And then no one would upgrade.
Drivers are almost certainly a different story of course, especially since they changed driver architectures completely in there. Still, they can't go breaking everything too often or, once again, you're screwed if you need to recompile it. Especially if you're using expensive hardware from a company that has since gone out of business.
That's one of those downsides of closed source, you have to maintain binary compatibility.
OpenOffice.org's file format is XML. Multiple XML files and other binary files (graphics, etc.) are all stored into a Zip file. OOo files are typically much smaller than the same document in say, Word.
That's not saying much, Word saves two copies of the document in each file. Make the mistake of adding OLE support when creating a project in MSVC and you can get the same effect.
An XML file will not compress more than a well-designed binary format, it has more data in it. If space is critical, do not use XML.
But then space is not critical for IM...
Re:How to filter the worm:
on
More MyDoom Gloom
·
· Score: 2, Informative
That's not really a good idea if you don't understand the format of Win32 executables and zip files.
"TVqQAAMAAA" = 4D 5A 90 00 03 00 00 0x
The first two bytes are "MZ", which will be the same on every dos and windows executable (except.com files). Matching against that part gains you nothing. You might as well just block by file extension.
The rest are just bits of the header, which are hardly specific to this program. It would be better to check against part of the file that was actually code.
"UEsDBAoAAA" = 50 4B 03 04 0A 00 00 0x
Again, the first two bytes are a signature, in this case "PK", which identifies it as a zip file. The 03 04 is then a marker to tell it what sort of record follows, best case you're only matching against 3.5 bytes that are actually relevant.
One thing that was slightly big for some inexplicable reason a few years ago was fuzzy logic. Basically instead of true or false you'd have a real number between 0 and 1 (or -1 and 1). This sounds like an excellent application.
To model reality, I think you'd need two weights: trustworthiness and naivete (sp?). You need to be able to say "I trust X about 80%, but I trust their opinion of others only about 60%." Then to get the trustworthiness of someone once removed, you multiply the two corresponding values. (and maybe take the maximum of conflicting values)
So if you trust X's opinions by 90% and X trusts Y to 90%, you would be assumed to trust Y to 81%.
Say you have a friend B who's very trustworthy, but way too trusting of other people, so you only trust their opinion to 20%. If they trust C to 90%, the system would only assume that you trust C to 18% (failing any other indications).
As for my color camera having the same effective resolution equivalent to 1 mp, I just don't see how you figure that out, the highest resolution images I can take are somewhere above 2000x1600 (I forget the exact resolution) which equates to around 3 million pixels in the image
It's interpolating. My 4MP digital camera has 2272x1704 pixels, but 1/4 of them are read, 1/4 are blue, and iirc 1/2 are green. The camera interpolates between adjacent pixels of the same color, then combines them to make one large full-color image. So it really gets somewhere between the the "effective" 1 or 2MP and the total 4MP. (note that this is not the same a digital zoom, since each channel has samples that are slightly offset from the others)
That means 1 out of 10 innocent passengers will be harrassed as suspected terrorists and 1 out of 10 terrorists will be allowed through.
No, it means that 1 out of 10 innocent passengers will be harrassed and 1 out of 10 terrorists will have to learn how to trick it. A guilty person can learn how to fool a lie detector, but an innocent person has no reason to.
I was wondering about that... I remember a few years ago there were a few places preselling Duke Nukem Forever, release date and all. (even unofficial box art...)
Slashdot Mirror
That's odd... Microsoft seems to claim otherwise on their site, unless they're just being very misleading...
But it looks like those blurbs are from Microsoft's "Features Overview", which is not specific to the Standard version.
unlike spam, it's quite possible to detect 100% of known viruses with no false positives.
Even the ones that spread inside of encrypted zip files?
Of course those can't autoexecute (without becoming detectable), but they seems to be spreading just fine.
TimeThis : Elapsed Time : 00:00:00.090
.010 seconds, so you're only seeing a difference of one timer tick. This program isn't taking long enough to meaningfully compare speed optimization anyway. (9 or 10 ticks? Most of that is probably just process start/stop overhead and disk access.)
TimeThis : Elapsed Time : 00:00:00.100
The timer ticks every
Visualc++_hello.exe's file size is 3584 bytes.
Gcc_hello.exe's file size is 5120 bytes.
GCC doesn't pack the segments quite as well, you'd need a much larger program to compare actual code size. On very small programs, msvc will always produce smaller files than gcc, but that has very little to do with the actual code.
The coders who would just look at you funny if you suggested that they use a command-line tool.
You say that, buy I bet you'd look at me funny if I suggested that you write all your code in asm. Sure, you may be able to do it, but why? And then if you don't excersize that particular skill for a while, it takes longer to remember how.
Windows people tend to write their papers in MS Word, and only MS Word... because that's what everyone else uses. It is a more conformist culture (this isn't a judgment, it's simply a fact!)
This is not "Windows people." This is "people."
It's not so much that Windows users are a strange subset of the population as that Unix users are. Most people want to just get their work done, they don't particularly care how. So they just use what everyone else uses, because it obviously works for them and it saves time trying to worry about it.
I am, at this very moment, editing a letter using GNU nano and a CGI I scripted in Perl to format it nicely for printing and/or PDFing. I'm not using MS Office, or even OpenOffice.
And I'm using LiteStep (free) on Windows, have a few documents open in SciTE (free), have a HydraIRC (free) client running, and am typing into Mozilla FireFox (free). A while ago I used PuTTY (free) to run a script on my server. I don't know why, I have Perl (free) installed here.
We're both weird, and we're on different sides of the pool. There's just a lot more "average people" using Windows.
You can download Microsoft's command-line C/C++/C# compilers for free
Last time I checked, the free compiler does not do optimization, which means there's no benefit over gcc. You're better off going with Dev-C++
Don't forget either that the basic Visual C++/C# package is only $99.
and according to Microsoft's web site, that doesn't include an optimizing compiler either. What makes them think that anything that doesn't do optimization can be called "standard"? Who, besides students, would want that? Especially considering that gcc will do that just as well for free...
It looks like their cheapest optimizing C++ compiler is $1079 (MSRP, of course), so it would actually be cheaper to buy the "standard" version for the IDE and Intel's compiler.
do the spiders have it out for him?
I wouldn't put it past them, I know computers hate me.
even if it were there
/user:<UserName> program
which there is. As everyone and their mother has said, hold down shift and right click. Ooh, "run as..."!
Not to mentio windows has no sudo
Also comes in command line flavor!
runas
or su
Well, not that I'm aware of, but you can use runas on cmd.exe or explorer (possibly depeding on settings)
The OS supports it, it's just not needed often enough for a command. Windows' security model allows much finer-grained control than Unix.
or even a terminal worth a damn
Granted, it's not as powerful as Unix shells, but cmd.exe is much better than command.com. Then you can write scripts in javascript or (blech) vbscript using wsh.
without cygwin
You get equivalents for a good number of Unix commands as native win32 executables. Many are distributed by Microsoft, although you have to hunt a little to find them, and of course there's UnxUtils.
You forgot the `capability to print (bang out) on sheet metal'...
Say, how about a laser printer that uses a CO2 laser? Don't bother with toner, just turn the power way down and char the text into the paper. Turn the power back up and cut through steel.
Or maybe you'd need one of those cutting tools that uses little plastic beads in a high-pressure stream of water. Custom shaped birthday cakes and your resume carved out of a granite slab.
Either way, I want one.
I paid $290 for Windows 2000 Professional a few years ago. It still serves me well.
Why not Linux? (or *BSD) Well, Windows has a better virtual desktop manager for one thing.
I've got a spare computer here, and I've been trying to install various *BSD and Linux distros. Maybe I have some sort of hardware problem, but nearly every one has failed to install, and none seem to have a sensible failure mode in their installer. (OpenBSD installed flawlessly, although that didn't include setting up X)
Mandrake 9.2 (I think 9.2...) finally installed, with KDE. I found it awkward, less stable, and less functional compared to Windows. Of course part of the functionality was because it failed to install with some of the extra goodies enabled, and I had to restart the entire install process whenever one optional piece failed... eventually I got fed up and just disabled them all.
I'd never use Windows for a server, but it seems to still be the best thing for me on a desktop machine.
Sounds like an issue with NX bit implementation on A64 ... this protects memory that is tagged as data from being executed (which protects against buffer overrun exploits, which are 50% of the MS security issues).
.NET, Java, etc. However I'm sure that there is a way to fix this for these types of application!
Not really. Not alone anyway.
This would affect
And that's why. If the system call that JIT compilers use to switch protection off can be found, you can just manufacture a call to it on the stack, and make it return into your buffer.
This changes the exploit from:
[buffer] [return address]
[code] [points into buffer]
to:
[buffer] [return address]
[code] [address of system call] [parameters] [points into buffer]
Slightly more difficult, but not terribly useful by itself. Now if they put that system call in an ASCII armour area, or moved it around a lot, that would do the trick.
Sure but it's be a severe impact on the speed with which they'd be able to send out messages.
Yeah, nobody needs mailing lists anyway, right?
Remember that not all mass mailing is spam, this is a fatal flaw in the majority of proposed solutions.
One simple thing average users can do is to give people they communicate with some special keyword they should always add to messages they send you with an attachment. It doesn't have to be anything special - even a company name would do. The idea is no mass-mailing worm would know to include it.
There have been worms that resent randomly selected files from your mailbox. This would cut down on faked "From:" addresses for people that you recognize, but not from the infected machine or from random strangers.
So we chose to 'microwave' our cash, over $1000 in twenties in a stack, not spread out on a carasoul. Do you know what exploded on American money?? The right eye of Andrew Jackson on the new twenty, every bill was uniform in it's burning... Isnt that interesting?
So you stick them in a pile, so that the corresponding places on each bill lines up and they all burn through in the same place? No way!
So is this just W^X for the stack then? That's a little disappointing...
Self-modifying code of course becomes essentially impossible with W^X, but with modern processors, pipelining, cached decoded instructions, etc. self-modifying code isn't a good idea anyway. It will kill performance, which makes it mostly useless. (JIT compilers might be hurt to some degree)
But it doesn't really stop someone from exploiting a buffer overflow. You just need to synthesize a call on the stack to the system call that enables execute on that page, and make it return into the buffer:
Old exploit:
call: [buffer][ret addr]
ret: [xxxxxx][addr in buffer]
New exploit:
call: [buffer][ret addr]
ret: [xxxxxx][addr of sys call][params][addr in buffer]
In other words, it makes it more difficult, but not impossible.
Now if you put the syscall in an ASCII-armor region, or move it around, that might make it impossible to exploit directly. (Just making the syscall refuse to return into the memory it's changing permissions on doesn't help.)
If the .exe is statically linked perhaps, otherwise, you're going to have all kinds of library problems when moving the sam app between win 95, win 98, win 2k, and win XP.
That's funny, I do it all the time with no such problems. You do have to use GetProcAddr if you want to use features that don't exist in the older versions, but that's far from difficult. Sometimes there'll be some subtil change in behavior in things like common dialogs, but nothing earthshattering.
Microsoft goes to a LOT of trouble to make sure existing applications still work on a new version of Windows, because if you DID have to recompile all your apps, you'd be screwed. And then no one would upgrade.
Drivers are almost certainly a different story of course, especially since they changed driver architectures completely in there. Still, they can't go breaking everything too often or, once again, you're screwed if you need to recompile it. Especially if you're using expensive hardware from a company that has since gone out of business.
That's one of those downsides of closed source, you have to maintain binary compatibility.
One dot is the current directory.
/. would be... the root directory.
Two dots is the parent directory.
/ is the root directory.
DOS actually has the exact same notation, except that each drive has its own root, and the slashes are backwards of course.
That's not the way to calculate ratios that show bias. That just shows that search.msn.com gives you far fewer results.
What you want to compare is this:
(for the sake of laziness, using your data)
@ google:
"linux" 12,500,000
"microsoft" 9,470,000
ratio: about 33:25
@ msn:
"linux" 429
"microsoft" 3856
ratio: about 9:80
So what, is RTFM a new mobile phone standard? I can't keep up with all this stuff...
OpenOffice.org's file format is XML. Multiple XML files and other binary files (graphics, etc.) are all stored into a Zip file. OOo files are typically much smaller than the same document in say, Word.
That's not saying much, Word saves two copies of the document in each file. Make the mistake of adding OLE support when creating a project in MSVC and you can get the same effect.
An XML file will not compress more than a well-designed binary format, it has more data in it. If space is critical, do not use XML.
But then space is not critical for IM...
That's not really a good idea if you don't understand the format of Win32 executables and zip files.
.com files). Matching against that part gains you nothing. You might as well just block by file extension.
"TVqQAAMAAA" = 4D 5A 90 00 03 00 00 0x
The first two bytes are "MZ", which will be the same on every dos and windows executable (except
The rest are just bits of the header, which are hardly specific to this program. It would be better to check against part of the file that was actually code.
"UEsDBAoAAA" = 50 4B 03 04 0A 00 00 0x
Again, the first two bytes are a signature, in this case "PK", which identifies it as a zip file. The 03 04 is then a marker to tell it what sort of record follows, best case you're only matching against 3.5 bytes that are actually relevant.
One thing that was slightly big for some inexplicable reason a few years ago was fuzzy logic. Basically instead of true or false you'd have a real number between 0 and 1 (or -1 and 1). This sounds like an excellent application.
To model reality, I think you'd need two weights: trustworthiness and naivete (sp?). You need to be able to say "I trust X about 80%, but I trust their opinion of others only about 60%." Then to get the trustworthiness of someone once removed, you multiply the two corresponding values. (and maybe take the maximum of conflicting values)
So if you trust X's opinions by 90% and X trusts Y to 90%, you would be assumed to trust Y to 81%.
Say you have a friend B who's very trustworthy, but way too trusting of other people, so you only trust their opinion to 20%. If they trust C to 90%, the system would only assume that you trust C to 18% (failing any other indications).
As for my color camera having the same effective resolution equivalent to 1 mp, I just don't see how you figure that out, the highest resolution images I can take are somewhere above 2000x1600 (I forget the exact resolution) which equates to around 3 million pixels in the image
It's interpolating. My 4MP digital camera has 2272x1704 pixels, but 1/4 of them are read, 1/4 are blue, and iirc 1/2 are green. The camera interpolates between adjacent pixels of the same color, then combines them to make one large full-color image. So it really gets somewhere between the the "effective" 1 or 2MP and the total 4MP. (note that this is not the same a digital zoom, since each channel has samples that are slightly offset from the others)
That means 1 out of 10 innocent passengers will be harrassed as suspected terrorists and 1 out of 10 terrorists will be allowed through.
No, it means that 1 out of 10 innocent passengers will be harrassed and 1 out of 10 terrorists will have to learn how to trick it. A guilty person can learn how to fool a lie detector, but an innocent person has no reason to.
Is any software really at the point where we can install it and forget about it?
Well sure, there's that one... oh, what's called...
I was wondering about that... I remember a few years ago there were a few places preselling Duke Nukem Forever, release date and all. (even unofficial box art...)
I think we all know how far that got.