If you clear the audit log, there is a trail that you cleared it. If you overwrite the log with an exact copy of the existing log, then the audit log continues to write to the old log. When the computer is restarted, there is no indication of any wrong doing (the log shows it was legitimately restarted, but does not contain any events between when the copy occurred and the machine is restarted.
If you have physical access to the machine, you can do things when the machine is down, but the point here is what happens if you only have remote access and the machine is physically secured. If the audit daemon always has the log locked, there is nothing you can do. You can't install a rootkit without it being written to the audit daemon (and you would have to reload the kernel anyways so it would require an unauthorized restart).
So let me get this straight. Your solution to the problem of replacing in-use log-files is to introduce another log file that can be replaced? That's genius.
You are confusing security patches with hotfixes. They are not the same thing.
Hotfixes address a problem (a bug where the software does not do what its supposed to do) while security patches address a vulnerability (where the software generally does what its supposed to do, but has a flaw that can be exploited).
And regarding your comments, I said MS should make hotfix rollups, which address the long download and manual patching issues you bring up. This is not the same thing as a service pack though.
Windows Embedded *IS* Windows. They simply give you a tool that lets you remove various parts of it and customize the build to what you need. It's as much of a real-time OS as Windows is, which is to say it's not a hard real-time system (although there are hard real-time subsystems you can add to it).
As of Windows 8, which we're talking about, All versions of Windows are the same OS. Windows Embedded, Windows Desktop, Windows Server, Windows Phone, Windows RT (Tablet). they're all the same OS, just customized differently.
I didn't say it was solid because anyone was given access to it. That's a retarded conclusion to jump to.
I said it's solid in my own experience, and the experience of others I know are using it. Someone else said it can't be solid because it hasn't been released yet, and I said it has been released.
Not true. Imagine this scenario. You have a process that watches what a user does, and logs activity. root copies a new version of the log file on top of itself. The watchdog process keeps merrily writing to it's original copy that will disappear as soon as the computer is shut down.
You think there's no security issue with the fact that an app can write to files that the super user cannot see, or even know exist?
There are public technical colleges that are associated with community colleges, and their degrees transfer to a public university.
For example, in Minnesota, they have a number of public technical schools like Saint Paul College (used to be called Saint Paul Technical College), which is partnered with Inver Hills Community College to earn an accredited associates degree.
Not all classes will transfer, but most of the generals will. Psychology, Math, etc..
That depends on whether it's a public or private technical college.
Public technical colleges often can transfer to public universities because they're likewise accredited, and they have programs in place to accept those credits.
Private also depends, since many of those are also accredited. But they may not have transfer programs in place.
That's just it, nobody should be able to replace open log files, not even root. That's the case in Windows. Thus, key log files like the event log cannot get overwritten. Certainly, you can clear them, but doing so leaves a log trail that you cleared the log, and you would have to explain that to your security administrator.
Dude, It's been released for about 2 months. It just hasn't been for sale. Anyone with an MSDN or TechNet subscription has had access to the final release for quite some time.
Unix file semantics work because administrators are generally knowledgeable. They know they have to restart processes that use files that have been updated. They know they have to reboot if the kernel is updated, etc...
The problem is that this can lead to bizarre split-brain behavior where one app has the old file open and another has the new app open. This is particularly bad when it comes to security concerns, like log files. Someone can replace a log file with an edited version and any process that was writing to the log file will happily write to the open file, not the one you see.. thus log file entries are lost when the computer reboots or the service restarts.
Updates do not come randomly. It only checks for updates once a day unless you manually tell it to check for new updates. That allows you to do all the updates in sequence.
* Actual, physical USB ports?
* Actual, physical SD-Card storage?
* Actual, physical Keyboard (with Surface and Transformer-types) and ability to use any usb mouse/keyboard
* Full Bluetooth support (tethering, file transfer, messaging, etc..)
* non-proprietary connections to common devices like Monitors, Printers, etc..
* Ability to join a windows domain
* Ability to use Office
* The vast majority of commonly used iOS and Android apps are either already available or will be available in the next 6 months.
* Different hardware configurations (such as those that include not just capacitive touch but also high resolution graphics tablet technology with styluses)
* Competition (ie price wars)
Nope.. can't think of one reason.... but there are certainly a lot more.
Well, since Windows 8 introduces a whole new subsystem, I think it's pretty likely that SP1 will have a lot of subtle, and perhaps some not-so-subtle changes.
I think Metro will be improved a great deal, and they may introduce non-full-screen metro apps. Metro will probably also get more functionality is my guess.
But, I don't foresee a lot of fixes for major problems in SP1, probably more like a ton of fixes for small edge case situations that only affect a small percentage of people.
Yes, they've been working on it. But, it still happens, particularly with certain sub-technologies. The problem is that Windows update does a scan to see what patches are needed, then does them. But it may update with a patch that also needs an update. But Windows Update didn't know that until the patch was applied.
This has more to do with the standardized way patches are issued rather than Windows Update itself. Because MS issues patches individually, rather than updating older patches to include newer ones as well.. this sometimes happens.
The problem is that patches are applied individually, and they need to be applied in a specific order. When some patches need to update in-use files, the patcher has no good way to identify that those files are already patched (because they're waiting as temporary files to be renamed over an in-use file).
Linux typically has a lot more metadata available, and they also tend to do full package updates rather than incremental file updates.. so they need only get the latest kernel package and all intermediate updates are automatically part of that.
Since WIndows isn't distributed as packages, this is not really an option.
While that's been traditionally good advice. The last two releases have been pretty stable out of the gate. SP1 has still been very welcome, but there have been few showstopper type bugs in either release.
To be honest, NT4, 2000, and XP *NEEDED* all those service packs. This was before the great Security turnaround in 2003 that delayed the release of WIndows Server 2003, and resulted in the massive XP SP2 release.
Since then, Windows has had far less need of service pack because the code tends to be more solid.
SP1 is almost always a necessity though. The initial release of the OS tends to have enough niggly bugs that get fixed in SP1. I would argue that Vista SP2 was not really a service pack, but rather just a hotfix rollup. There were no new features introduced in SP2 (as it should be).
7 was pretty damn solid out of the gate though, still 7 SP1 had almost 1000 hotfixes and security patches (though a good portion of them related to specifically server functionality).
Windows 7 and Windows 8 have been pretty solid out of the gate. I don't see why MS wouldn't supply hotfix rollups for 7, but does it really need SP2? Only those people that want MS to provide Windows 8 features on 7 think so.
Before that, Microsoft had a "sample" that you could compile to access Oracle through EF. But, it's really not MS's job to provide drivers for every database out there, and technically, wouldn't you want a driver from Oracle rather than whatever Microsoft thinks is good enough?
Slashdot Mirror
If you clear the audit log, there is a trail that you cleared it. If you overwrite the log with an exact copy of the existing log, then the audit log continues to write to the old log. When the computer is restarted, there is no indication of any wrong doing (the log shows it was legitimately restarted, but does not contain any events between when the copy occurred and the machine is restarted.
If you have physical access to the machine, you can do things when the machine is down, but the point here is what happens if you only have remote access and the machine is physically secured. If the audit daemon always has the log locked, there is nothing you can do. You can't install a rootkit without it being written to the audit daemon (and you would have to reload the kernel anyways so it would require an unauthorized restart).
So let me get this straight. Your solution to the problem of replacing in-use log-files is to introduce another log file that can be replaced? That's genius.
You are confusing security patches with hotfixes. They are not the same thing.
Hotfixes address a problem (a bug where the software does not do what its supposed to do) while security patches address a vulnerability (where the software generally does what its supposed to do, but has a flaw that can be exploited).
And regarding your comments, I said MS should make hotfix rollups, which address the long download and manual patching issues you bring up. This is not the same thing as a service pack though.
Wrong, moron.
Windows Embedded *IS* Windows. They simply give you a tool that lets you remove various parts of it and customize the build to what you need. It's as much of a real-time OS as Windows is, which is to say it's not a hard real-time system (although there are hard real-time subsystems you can add to it).
As of Windows 8, which we're talking about, All versions of Windows are the same OS. Windows Embedded, Windows Desktop, Windows Server, Windows Phone, Windows RT (Tablet). they're all the same OS, just customized differently.
Wow. That's a bizarre leap in logic.
I didn't say it was solid because anyone was given access to it. That's a retarded conclusion to jump to.
I said it's solid in my own experience, and the experience of others I know are using it. Someone else said it can't be solid because it hasn't been released yet, and I said it has been released.
Not true. Imagine this scenario. You have a process that watches what a user does, and logs activity. root copies a new version of the log file on top of itself. The watchdog process keeps merrily writing to it's original copy that will disappear as soon as the computer is shut down.
You think there's no security issue with the fact that an app can write to files that the super user cannot see, or even know exist?
There are public technical colleges that are associated with community colleges, and their degrees transfer to a public university.
For example, in Minnesota, they have a number of public technical schools like Saint Paul College (used to be called Saint Paul Technical College), which is partnered with Inver Hills Community College to earn an accredited associates degree.
Not all classes will transfer, but most of the generals will. Psychology, Math, etc..
That depends on whether it's a public or private technical college.
Public technical colleges often can transfer to public universities because they're likewise accredited, and they have programs in place to accept those credits.
Private also depends, since many of those are also accredited. But they may not have transfer programs in place.
That's just it, nobody should be able to replace open log files, not even root. That's the case in Windows. Thus, key log files like the event log cannot get overwritten. Certainly, you can clear them, but doing so leaves a log trail that you cleared the log, and you would have to explain that to your security administrator.
Dude, It's been released for about 2 months. It just hasn't been for sale. Anyone with an MSDN or TechNet subscription has had access to the final release for quite some time.
Yes, because replacing in-use files is a stability and security nightmare, particularly when dealing with non-knowledgable users.
I can't imagine how that would happen, unless you didn't reboot after you installed updates. Or you installed a new app afterwards.
Unix file semantics work because administrators are generally knowledgeable. They know they have to restart processes that use files that have been updated. They know they have to reboot if the kernel is updated, etc...
The problem is that this can lead to bizarre split-brain behavior where one app has the old file open and another has the new app open. This is particularly bad when it comes to security concerns, like log files. Someone can replace a log file with an edited version and any process that was writing to the log file will happily write to the open file, not the one you see.. thus log file entries are lost when the computer reboots or the service restarts.
Autopatcher doesn't do that. In fact, Autopatcher is not that different from Windows Update, although it does give you a bit more control.
Updates do not come randomly. It only checks for updates once a day unless you manually tell it to check for new updates. That allows you to do all the updates in sequence.
How about:
* Actual, physical USB ports?
* Actual, physical SD-Card storage?
* Actual, physical Keyboard (with Surface and Transformer-types) and ability to use any usb mouse/keyboard
* Full Bluetooth support (tethering, file transfer, messaging, etc..)
* non-proprietary connections to common devices like Monitors, Printers, etc..
* Ability to join a windows domain
* Ability to use Office
* The vast majority of commonly used iOS and Android apps are either already available or will be available in the next 6 months.
* Different hardware configurations (such as those that include not just capacitive touch but also high resolution graphics tablet technology with styluses)
* Competition (ie price wars)
Nope.. can't think of one reason.... but there are certainly a lot more.
Well, since Windows 8 introduces a whole new subsystem, I think it's pretty likely that SP1 will have a lot of subtle, and perhaps some not-so-subtle changes.
I think Metro will be improved a great deal, and they may introduce non-full-screen metro apps. Metro will probably also get more functionality is my guess.
But, I don't foresee a lot of fixes for major problems in SP1, probably more like a ton of fixes for small edge case situations that only affect a small percentage of people.
Funny how everyone called Windows XP the Fischer Price OS. Now, it's the most popular thing ever.
Yes, they've been working on it. But, it still happens, particularly with certain sub-technologies. The problem is that Windows update does a scan to see what patches are needed, then does them. But it may update with a patch that also needs an update. But Windows Update didn't know that until the patch was applied.
This has more to do with the standardized way patches are issued rather than Windows Update itself. Because MS issues patches individually, rather than updating older patches to include newer ones as well.. this sometimes happens.
The problem is that patches are applied individually, and they need to be applied in a specific order. When some patches need to update in-use files, the patcher has no good way to identify that those files are already patched (because they're waiting as temporary files to be renamed over an in-use file).
Linux typically has a lot more metadata available, and they also tend to do full package updates rather than incremental file updates.. so they need only get the latest kernel package and all intermediate updates are automatically part of that.
Since WIndows isn't distributed as packages, this is not really an option.
Pro Tip: Install SP1 manually first, then do Windows Update.
While that's been traditionally good advice. The last two releases have been pretty stable out of the gate. SP1 has still been very welcome, but there have been few showstopper type bugs in either release.
To be honest, NT4, 2000, and XP *NEEDED* all those service packs. This was before the great Security turnaround in 2003 that delayed the release of WIndows Server 2003, and resulted in the massive XP SP2 release.
Since then, Windows has had far less need of service pack because the code tends to be more solid.
SP1 is almost always a necessity though. The initial release of the OS tends to have enough niggly bugs that get fixed in SP1. I would argue that Vista SP2 was not really a service pack, but rather just a hotfix rollup. There were no new features introduced in SP2 (as it should be).
7 was pretty damn solid out of the gate though, still 7 SP1 had almost 1000 hotfixes and security patches (though a good portion of them related to specifically server functionality).
Windows 7 and Windows 8 have been pretty solid out of the gate. I don't see why MS wouldn't supply hotfix rollups for 7, but does it really need SP2? Only those people that want MS to provide Windows 8 features on 7 think so.
There's no such thing as a Linq driver for Oracle. Linq is not a database technology. It's a *DATA* technology.
You need a database technology for Linq to do database work, such as Linq to Sql or Linq to Entities.
I assume you mean you needed an Entity Framework driver for Oracle, and Oracle does provide one... However it's only been available for about 2 years.
http://www.oracle.com/technetwork/topics/dotnet/index-085163.html
Before that, Microsoft had a "sample" that you could compile to access Oracle through EF. But, it's really not MS's job to provide drivers for every database out there, and technically, wouldn't you want a driver from Oracle rather than whatever Microsoft thinks is good enough?
I shouldn't bother asking (because when people make these general statements, they never back them up when queried)...
But what Libraries in Java are you referring to that you are forced to buy in .net?