For so many years, every time someone came up with a "Top 10 List of things X Should do" we've had to put up with the interminable witty "use Linux" or "use OS X" or "use Java" replies.
This time around however, I'd like to respectfully point out (as many other posters already have, although they've been mostly modded down as trolls) that every single thing this dude wants Java to do is already in... wait... C#.
Actually, I think this article was quite the exercise in hipocrisy. For every single point made in the article he could have added "C# already does this" at the end. I'm sure he came up with all those insightful recommendations thanks to a visit from the Angel Of Languages, instead of from intalling and using Microsoft Visual Studio.NET for a few months and reading the ECMA spec for C#. Yeah, I'm sure that was it.
Microsoft created C# (and.NET) to compete with Java at the enterprise level. I think it's obvious they're succeeding when one of the "leading voices" of Java cries out and demands the very things that are built into C#.
I actually hope Sun (yes, everyone here loves Java so much despite the fact that it is a language controlled by a single company, like... wait... C#) does all this to Java. That will make it a much more level playing field. But alas, they're paralyzed by the need to have backwards compatibility, which is important regardless of this guy's acid dreams. No company, not even Sun would risk their current user base to clean a language up. Sorry!
This is not the entire message, but it pretty much covers it. I removed the intro and market spiel and the "What you can do" section at the end.
It's interesting that I got this since I specifically asked Microsoft to stop sending me *anything* and they complied. At least until now. I guess they pulled out all the email addresses they've collected over the last 8 years.
-------------
As I've talked with customers over the last year - from individual consumers to big enterprise customers - it's clear that everyone recognizes that computers play an increasingly important and useful role in our lives. At the same time, many of the people I talk to are concerned about the security of the technologies they depend on. They are concerned about whether their personal data is being protected. Although they know that computers can do amazing things, they are frustrated that their technology doesn't always work consistently. And they want assurances that the high-tech industry takes these concerns seriously and is working to improve their computing experience.
Six months ago, I sent a call-to-action to Microsoft's 50,000 employees, outlining what I believe is the highest priority for the company and for our industry over the next decade: building a Trustworthy Computing environment for customers that is as reliable as the electricity that powers our homes and businesses today.
This is an important part of the evolution of the Internet, because without a Trustworthy Computing ecosystem, the full promise of technology to help people and businesses realize their potential will not be fulfilled. Ironically, it is the growth of the Internet and the advent of massive computing systems built from loose affiliations of services, machines, communications networks and application software that have helped create the potential for increased vulnerabilities.
There are already solutions that eliminate weak links such as passwords and fake email. At Microsoft we're combining passwords with "smart cards" to authenticate users. We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders. And we are making fundamental changes in the way we develop software, in our operational and business practices, and in our customer support efforts to make the computing experiences we provide more trustworthy.
For example, we've historically made our software and services more compelling for users primarily by adding new features and functionality. While we are continuing to invest significantly in delivering new capabilities that customers ask for, we are now making security improvements an even higher priority than adding features. For example, we made changes to Microsoft Outlook to block email attachments associated with unsafe files, prevent access to a user's address book, and give administrators the ability to manage email security settings for their organization. As a result of these changes, the number of email virus incidents has dropped dramatically. In fact, email viruses like the recent "Frethem" virus propagate only to systems that have not been updated - underscoring the importance of updating them regularly.
We are also undertaking a rigorous and exhaustive review of many Microsoft products to minimize other potential security vulnerabilities. Earlier this year, the development work of more than 8,500 Microsoft engineers was put on hold while we conducted an intensive security analysis of millions of lines of Windows source code. Every Windows engineer and several thousand engineers in other parts of the company were also given special training in writing secure software. We estimated that the stand-down would take 30 days. It took nearly twice that long, and cost Microsoft more than $100 million. We've undertaken similar code reviews and security training for Microsoft Office and Visual Studio.NET, and will be doing so for other products as well.
THE TRUSTWORTHY COMPUTING FRAMEWORK
Trustworthy Computing has four pillars: reliability, security, privacy and business integrity. "Reliability" means that a computer system is dependable, is available when needed, and performs as expected and at appropriate levels. "Security" means that a system is resilient to attack, and that the confidentiality, integrity and availability of both the system and its data are protected. "Privacy" means that individuals have the ability to control data about themselves and that those using such data faithfully adhere to fair information principles. "Business Integrity" is about companies in our industry being responsible to customers and helping them find appropriate solutions for their business issues, addressing problems with products or services, and being open in interactions with customers.
Creating a Trustworthy Computing environment requires several steps:
- Making software code more secure and reliable. Our developers have tools and methodologies that will make an order-of-magnitude improvement in their work from the standpoint of security and safety.
- Keeping ahead of security exploits. Distributing updates using the Internet so that all systems are up to date. Windows Update and Software Update Services, discussed below, provide the infrastructure for this.
- Early Recovery. In case of a problem, having the capability to restore and get systems back up and running in exactly the same state they were in before an incident, with minimal intervention.
FIRST STEPS TOWARD MORE TRUSTWORTHY COMPUTING
There is still much work that Microsoft and others in our industry must do to make computing more trustworthy. Here is a summary of some of the progress we've made, six months after my email to Microsoft employees:
- We have changed the way we design and develop software at all phases of the product development cycle. Our new processes should greatly minimize errors in software, and speed up the development process for new products and services.
- Software Update Services (SUS) is a security management tool for business customers that enables IT administrators to quickly and reliably deploy critical updates from inside their corporate firewall to Windows 2000-based servers and desktop computers running Windows 2000 Professional and Windows XP Professional.
- Microsoft Baseline Security Analyzer is a new tool that customers can use to analyze Windows 2000 and Windows XP systems for common security misconfigurations, and to scan for missing security hot fixes and vulnerabilities on a variety of products, including newer versions of Internet Information Server, SQL Server and Office.
- In addition to providing customers with tools and resources to help them maximize the security of Windows 2000 Server environments, we are committed to shipping Windows.NET Server 2003 as "secure by default." We believe it's critical to provide customers with a foundation that has been configured to maximize security right out of the box, while continuing to provide customers with a rich set of integrated features and capabilities.
- The error-reporting features built into Office XP and Windows XP are giving us an enormous amount of feedback and a much clearer view of the kinds of problems customers have, and how we can raise the level of reliability in those products - and that of products made by other companies. As part of this effort, we recently created a secure Web site where software and hardware vendors can view error reports related to their drivers, utilities and applications that are reported through our system. This enables the vendors who work with us to identify recurring problems and address them far more quickly than in the past. All of our server software products will incorporate these error-reporting features in subsequent versions of the products.
- With Microsoft Windows Update, we are completing the customer-feedback loop based on the error-reporting features mentioned above. This globally available Web service delivers more than 300 million downloads per month of the most current versions of product fixes, updates and enhancements. When customers connect to the site, they can choose to have their computer automatically evaluated to check which updates need to be applied in order to keep their system up-to-date, as well as identify any critical updates to keep their system safe and secure.
- We are working on a new hardware/software architecture for the Windows PC platform, code-named "Palladium," which will significantly enhance users' system integrity, privacy and data security. This new technology, which will be included in a future version of Windows, will enable applications and application components to run in a protected memory space that is highly resistant to tampering and interference. This will greatly reduce the risk of viruses, other attacks, or attempts to acquire personal information or digital property with malicious or illegal intent. Our goal is for the Palladium development process to be a collaborative industry initiative.
- We've incorporated what is known as P3P (Platform for Privacy Preferences) technology in the Internet Explorer browser technology in Windows XP, which enhances a user's ability to set privacy levels to suit his or her needs. The P3P standard enables a user's browser to compare any P3P-compliant Web site's privacy practices to that user's privacy settings, and to decide whether to accept cookies from that site.
Identifying and addressing critical Trustworthy Computing issues will require significant collaboration across our industry. One example of the kind of cross-industry effort we need more of is the recent creation of the Web Services Interoperability (WS-I) Organization (http://www.ws-i.org/). Founded by IBM, Microsoft and other industry leaders including Intel, Oracle, SAP, Hewlett-Packard, BEA Systems and Accenture, WS-I's mission is to enable consistent and reliable interoperability of XML-based Web services across a variety of platforms, applications and programming languages. Among other things, WS-I will create a suite of test tools aimed at addressing errors and unconventional usage in Web services specifications implementations, which in turn will improve interoperability among applications and across platforms.
I was going to reply... and then I realized you must be some sort of blobbery infectious construct, slithering your way across the fat pipes of the Internet to end up here.
And still I replied. Damn.
Please check yourself into the nearest CDC office. I'll catch up with you later.
HAHAHAHAHAHAHA! You so funny! HAHAHAHAHAHAHA! You so original! You make me laugh! HAHAHAHAHAHAHAHA! You funny man! I like you jokes! HAHAHAHAHAHAHA! Wow...my sides are hurting with that funny, funny quip you just threw down on us like some clever maniacal funny man! You so funny! HAHAHAHAHAHAHAHAHA! Someone will probably mod you up as funny to show how funny you really are to the rest of us! Quip, quip says you! Everyone! Over here! Look at the funny man! He made a funny about Ctrl+Alt+Del! Get it?...Ctrl...Alt...Delete! HAHAHAHAHA! It's a reference to Windows...yes when you have to give it the three-fingered salute!...HAHAHAHAHA! Yes, I am not sure where this guy is from but boy is he funny! Who invited him to the party? We gotta have this guy over more often! Honey? Come down here a second and listen to this guy 'tell it like it is' in a really funny way. HAHAHAHAHAHAHAH! Clutch-Downshift-ParkingBrake, that's priceless. "...close program dialog..." Gold. Just pure gold. How do you do it? I mean, so many people post here at Slashdot, but then you see a funny gem like this. HAHAHAHAHAHAHA! Pure hilarity. When's the last time you actually used Ctrl+Alt+Del and so wittily remarked about it? Had you been using WinCE, NT4, W2K or XP this wouldn't apply at all and hence your joke would 'have no teeth' as it were. But the brilliance of you associating in Ctrl+Alt+Delete with the car functions had me splitting my sides. HAHAHAHAHAHAHAHA! You funny man. So clever, so very very clever. I'll bet you were the funny man in high school too. Wow. You still got it!
In other words, it's a typical Microsoft product..:)
HAHAHAHAHAHAHA! You so funny! HAHAHAHAHAHAHA! You so original! You make me laugh! HAHAHAHAHAHAHAHA! You funny man! I like you jokes! HAHAHAHAHAHAHA! Wow...my sides are hurting with that funny, funny quip you just threw down on us like some clever maniacal funny man! You so funny! HAHAHAHAHAHAHAHAHA! Someone will even probably mod you up as funny to show how funny you really are to the rest of us! Quip, quip says you! Everyone! Over here! Look at the funny man! He made a funny about memory allocation! Get it...memory...allocation...HAHAHAHAHA! It's a reference to Microsoft products...yes, and the way they consume memory...HAHAHAHAHA! Yes, I am not sure where this guy is from but boy is he funny! Who invited him to the party? We gotta have this guy over more often! Honey? Come down here a second and listen to this guy 'tell it like it is' in a really funny way. HAHAHAHAHAHAHAH! Paraphrased from a Wrox book, that's priceless. "It's a typical Microsoft product." Gold. Just pure gold. And the smiley at the end? How did you come up with *that*!? How do you do it? I mean, so many people post on Slashdot but then you see a funny gem like this. HAHAHAHAHAHAHA! Pure hilarity. When's the last time you actually studied the CLR managed heap and so wittily remarked about it? Had you understood how.Net allocates, manages and frees memory then this wouldn't apply and hence your joke would 'have no teeth' as it were. But the brilliance of you tying in.NET memory allocation with other Microsoft products had me splitting my sides. HAHAHAHAHAHAHAHA! You funny man. So clever, so very very clever. I'll bet you were the funny man in high school too. Wow. You still got it!
VSS: not bad, actually. I love file locking, it seems pretty easy to tag various milestone releases, a reasonably clean interface, and easy access to pretty much everything I want to do. Some quirks but nothing major, very usable.
I'll help you burn some karma =)
VSS is the best SCM tool I've used as well (and I've tried them all), at least from a feature POV. The problem I've always had with it is the fact that it's not a client/server type application. The engine actually sits on your desktop and everything is done over the network directly to the file system on the repository server. To be fair, given this type of design it's actually amazing that it doesn't have more problems, but it just doesn't work well, especially for larger teams. Security is laughable and the automation services suck rocks.
The thing is, VSS is a hack on top of a port of a very old tool. The inside party line at MS is that they need a good C/S source control tool for.Net, but they don't know where to start - at one point they were talking about hacking VSS yet again. It think they need to use the basic VSS algorithms (the merge/diff are great) but completely rewrite the engine from the ground up.
I don't work for Sony, particularly like them or otherwise give a shit, though I think they make good consumer electronics. But this is nothing but FUD.
I have a Vaio PCG-F430 (older model) here that shipped with Win98. It's running Windows 200 Pro right now, and at one point it was also running Win2K Advanced server. I got it through a company-sponsored purchase program. I figured Vaio was better than no laptop, although I probably wouldn't have bought one if I was spending my own money. Still, I've had absolutely no problems other than an intermittent green ghost stripe in the LCD that appears when the thing is left in the car in 110F heat for too long. It disappears after the screen has cooled.
About four months ago I replaced the 2.5 inch hard drive. Not a single problem. I also upgraded the memory to 256MB. Not a problem.
Sony makes drivers and utilities (such as those that control the touch pad and so on) available from their web site, on a per model basis. That means that you can find your model and download replacements for every single piece of software that shipped with the laptop originally, from the sound card to the video card. If you haven't already, I'd recommend you visit Sony's web site. Bring some crow for muching.
Now, when I installed W2KAS I didn't even bother installing the utilities. Everything worked perfectly fine. And then with W2kPRO, I installed all of them. Guess what? Everything works fine.
I can say the same thing for late model Vaios since I helped a friend get rid of WinME and install W2K Pro on his. He didn't even bother installing the updated drivers, because everything was working fine, with the exception of the SD thing, which he wasn't using anyway. USB, FireWire, video, sound, NIC, PCMCIA, etc. Everything worked flawlessly the first time W2K booted up.
Perhaps you want to provide a link or two backing up your claims?
Until you actually suggest a new paradigm yourself you are absolutely, most certainly, beyond a doubt, trolling.
And unless you have something intelligent to say, or are otherwise inclined to insult me properly or just FOAD, please keep your insight to yourself. I forget where in the TOS (or whatever passes for that here) it says "all posts should include a heavy dose of valid arguments. Otherwise don't bother".
If it's so damn complicated for you to understand I was merely voicing a simple thought then you're absolutely, most certainly, beyond a doubt, stupid.
Re:So THAT'S where my Asian spam comes from!
on
Net-Nexus Seoul
·
· Score: 1
My two domains get about ~500 pieces of spam every day. Not a huge number as such things go, but sizeable given the number of active email addresses in them.
About 20% of those come from or are routed from open relays in.kr domains. Korea has a huge open relay problem, more so than, say, China.
The other big chunks of spam come from.cn,.ru,.es domains, mostly. The rest comes from US or european domains. At some point I was getting a ton of spam from Romania as well. Of course, there's always the US spammer relaying through these domains.
It's been a while since I analyzed this stuff though, so these numbers are probably not valid any more. I got tired of studying spam.
Those futuristic movie scenes where there's a PC in every corner... people doing everything through a computer screen. It's coming, and it's happening in Asia first.
What I think is amazing is the sense of community they've managed to maintain.
Of course, now I understand those stories where Korean kids kill each other on the streets because the other guy stole their Magick Mistery Flamethrower Wand. Or something.
1.- Make Linux desktop look like Microsoft Windows 2.- ??? 3.- Profit!!!
I'm not trolling, but I find it sad that everyone has to copy Windows (Microsoft copied Apple, which copied Xerox, blah, blah). Why can't someone come up with a new UI paradigm that works better? If anything, Open Source has the best chance to do this without spending $$$ in "focus groups" and so on. KDE and GNOME look so much like Windows I'm not even inclined to install the latest versions anymore. Not to put down the effort required to code this things, which is of course enormous. I just think the innovation is not there anymore.
The taskbar-desktop-menu thing should be thrown out. So what if it's a huge change? Most of us will adapt.
I have gotten exactly two blue screens in W2K Pro during the last two years. One was caused by a crappy Creative driver for their SB Live! card. The other was caused by a driver I tried to (stupidly) install to have one of those ancient Avatar Shark drives work through the parallel port, knowing full well that the drivers were written for W9x.
This is on a machine that is heavily used for development and gaming, and gets rebooted once every 28 days at 5:00 AM automatically, mostly out of habit than out of necessity.
It doesn't really matter how much you people want W2K to suck, the reality is it is the best OS ever put out by Microsoft. It took them about 10 years, and everything that came out before with the exception of NT4 was a piece of crap, but they did it.
I don't remember Linux coming out of Torvald's hard drive ready to rock and roll. It has taken it about as much time to become a viable OS - probably longer on the desktop than as a server.
Both are good alternatives, and most people use whatever fits their lifestyle, budget and technical acumen. But you sir, are a crack head troll if I ever saw one.
Go ahead and mod the fuck out of me. But I'd appreciate it if someone modded Mr. "C0LDFusion" -1337 h^xx0r extraordinare- out of existence as well.
He claims 90% of mexican congressmen can barely read and write.
An exaggeration to be sure, but unfortunately true to a certain extent. Then again, let me know when you come back from Mexico after working as a consultant for 7 years. I'd love to swap war stories.
You're partially right, but the BOS dance to Skip Rimsza's toot anyway. Keep in mind that Maricopa has a few support agreements with City of Phoenix... what are they expecting? For the city to retrain their staff just so the county can claim the moral high ground? I doubt it.
Considering how far the UI has come, its only got to be easier to migrate.
Oh, I agree. But getting there is the problem. Think about it - thousands of employees who can barely use Windows, all of the sudden thrust into the Gnome desktop... nah. It won't happen, sorry. It doesn't matter how much money they could save. And this of course is a problem *everywhere*, not just in a single Arizona county.
What do you think would happen if the BSA showed up at the mayor's office to check there lisences?
You'd be surprised. Most gov't MIS shops I've dealt with have very stringent software auditing rules. I've yet to see a blatant free-for-all piracy slugfest at the agencies. I've seen that sort of thing in private companies many times, of course.
For all of you Linux/BSD advocates that are obviously droooling over this oh-so-cool-good-vs-evil "stuggle"... I can categorically assure everyone that this will never happen. Never.
As someone who regularly consults at the county , city and AZ state agency level, I hate to inform ya'll that this is very much a Microsoft kinda town. Yep, you heard it here first.
Further, Maricopa county is small potatoes when compared to the state and city agencies/IT budgets. Scottsdale's (one of the valley's cities) CIO probably has four times the dough than the dude that runs the county's boxen. Not to mention Phoenix city proper. And Tempe, Chandler, Mesa, etc. etc. Oh, and the state government.
And of course, government agencies are the least prepared to transition an existing employee base to a brand new technology paradigm, regardless of the cost benefits this might theoretically bring (or how supposedly easy it is to switch to Linux/KDE/OSS Office suite).
It's called 'banker's rounding' (as opposed to what you were expecting, which is arithmetic rounding) and that's how the VB and VBScript runtime (and actually the COM runtime libraries themselves) are designed.
You may think it's a bug, or even hope it's a bug, but if you've bothered to RTFM you'd figured out in no time instead of submitting to/. for the world to ponder your programming prowess (even in VBScript, which is simple enough).
Here's a helpful link that should come in handy next time.
which is declared as "1". So if you do "lMyVar = vbNull", it is actually initialized to "1" *sigh*
*Sigh* indeed. This proves that you have absolutely no understanding of variants in COM. MyVariant = Null would have given you what you needed. If you've taken the time to look for 'vbNull' in the runtime library you'd even found out what it's actually used for. RTFM?
If (Null = Null) Then Debug.Print "True" Else Debug.Print "False"
"Goodie"? Null cannot be compared to anything. That's why there's an IsNull() function. RTFM.
Try to guess the output, yes it's "False";-)
Ha-ha. RTFM.
If (Not IsNull(pRS.Fields("PK_SomeValue"))) Then
Ever bothered to look into how COM/IDL define default member methods on objects? Or how VB uses them? Do you even know what a type library is? No. Do you know *what* you are testing against in that IsNull() call? I don't think so. RTFM.
Good thing you posted as an AC, d00d. I bet you're one of those quasi/semi/part-time "VB programmers", yes? It's so easy, anyone can do it kinda deal? Including, but not limted to, you? The very fact that you...
used to include scrun.dll in my visual basic projects (visual basic scripting support)
... shows you are nothing but a glorified script coder. Let me guess: you're really good with ASP, eh? Do you know why it's called "Scripting runtime"? Because it's supposed to be used from scripting languages that have no native I/O support. But I guess that would have required you to look at the VB file access functions in the help file, and actually learn how to use them. And *that* would have been just too much RTFM for one day.
Microsoft's time to patch a remote hole where the attacker can gain complete access to your computer: two months. Open Source's time to patch a much less serious bug where the attacker can merely crash your computer: three days.
Percentage of IIS servers affected by the Microsoft vulnerability: 0.01%
Percentage of X-windows/XFS users that also run Mozilla and are affected: 100%
Stallman Points awarded for saying minor X bug that merely crashes your computer: 100
853 bytes of pure FUD read by 2.5 million people: priceless
There are things money can definitely buy. For everything else, there's Slashdot.
Slashdot Mirror
This time around however, I'd like to respectfully point out (as many other posters already have, although they've been mostly modded down as trolls) that every single thing this dude wants Java to do is already in... wait... C#.
Actually, I think this article was quite the exercise in hipocrisy. For every single point made in the article he could have added "C# already does this" at the end. I'm sure he came up with all those insightful recommendations thanks to a visit from the Angel Of Languages, instead of from intalling and using Microsoft Visual Studio.NET for a few months and reading the ECMA spec for C#. Yeah, I'm sure that was it.
Microsoft created C# (and .NET) to compete with Java at the enterprise level. I think it's obvious they're succeeding when one of the "leading voices" of Java cries out and demands the very things that are built into C#.
I actually hope Sun (yes, everyone here loves Java so much despite the fact that it is a language controlled by a single company, like... wait... C#) does all this to Java. That will make it a much more level playing field. But alas, they're paralyzed by the need to have backwards compatibility, which is important regardless of this guy's acid dreams. No company, not even Sun would risk their current user base to clean a language up. Sorry!
This is not the entire message, but it pretty much covers it. I removed the intro and market spiel and the "What you can do" section at the end.
.NET, and will be doing so for other products as well.
.NET Server 2003 as "secure by default." We believe it's critical to provide customers with a foundation that has been configured to maximize security right out of the box, while continuing to provide customers with a rich set of integrated features and capabilities.
It's interesting that I got this since I specifically asked Microsoft to stop sending me *anything* and they complied. At least until now. I guess they pulled out all the email addresses they've collected over the last 8 years.
-------------
As I've talked with customers over the last year - from individual consumers to big enterprise customers - it's clear that everyone recognizes that computers play an increasingly important and useful role in our lives. At the same time, many of the people I talk to are concerned about the security of the technologies they depend on. They are concerned about whether their personal data is being protected. Although they know that computers can do amazing things, they are frustrated that their technology doesn't always work consistently. And they want assurances that the high-tech industry takes these concerns seriously and is working to improve their computing experience.
Six months ago, I sent a call-to-action to Microsoft's 50,000 employees, outlining what I believe is the highest priority for the company and for our industry over the next decade: building a Trustworthy Computing environment for customers that is as reliable as the electricity that powers our homes and businesses today.
This is an important part of the evolution of the Internet, because without a Trustworthy Computing ecosystem, the full promise of technology to help people and businesses realize their potential will not be fulfilled. Ironically, it is the growth of the Internet and the advent of massive computing systems built from loose affiliations of services, machines, communications networks and application software that have helped create the potential for increased vulnerabilities.
There are already solutions that eliminate weak links such as passwords and fake email. At Microsoft we're combining passwords with "smart cards" to authenticate users. We're also working with others throughout the industry to improve Internet protocols to stop email that could propagate misleading information or malicious code that falsely appears to be from trusted senders. And we are making fundamental changes in the way we develop software, in our operational and business practices, and in our customer support efforts to make the computing experiences we provide more trustworthy.
For example, we've historically made our software and services more compelling for users primarily by adding new features and functionality. While we are continuing to invest significantly in delivering new capabilities that customers ask for, we are now making security improvements an even higher priority than adding features. For example, we made changes to Microsoft Outlook to block email attachments associated with unsafe files, prevent access to a user's address book, and give administrators the ability to manage email security settings for their organization. As a result of these changes, the number of email virus incidents has dropped dramatically. In fact, email viruses like the recent "Frethem" virus propagate only to systems that have not been updated - underscoring the importance of updating them regularly.
We are also undertaking a rigorous and exhaustive review of many Microsoft products to minimize other potential security vulnerabilities. Earlier this year, the development work of more than 8,500 Microsoft engineers was put on hold while we conducted an intensive security analysis of millions of lines of Windows source code. Every Windows engineer and several thousand engineers in other parts of the company were also given special training in writing secure software. We estimated that the stand-down would take 30 days. It took nearly twice that long, and cost Microsoft more than $100 million. We've undertaken similar code reviews and security training for Microsoft Office and Visual Studio
THE TRUSTWORTHY COMPUTING FRAMEWORK
Trustworthy Computing has four pillars: reliability, security, privacy and business integrity. "Reliability" means that a computer system is dependable, is available when needed, and performs as expected and at appropriate levels. "Security" means that a system is resilient to attack, and that the confidentiality, integrity and availability of both the system and its data are protected. "Privacy" means that individuals have the ability to control data about themselves and that those using such data faithfully adhere to fair information principles. "Business Integrity" is about companies in our industry being responsible to customers and helping them find appropriate solutions for their business issues, addressing problems with products or services, and being open in interactions with customers.
Creating a Trustworthy Computing environment requires several steps:
- Making software code more secure and reliable. Our developers have tools and methodologies that will make an order-of-magnitude improvement in their work from the standpoint of security and safety.
- Keeping ahead of security exploits. Distributing updates using the Internet so that all systems are up to date. Windows Update and Software Update Services, discussed below, provide the infrastructure for this.
- Early Recovery. In case of a problem, having the capability to restore and get systems back up and running in exactly the same state they were in before an incident, with minimal intervention.
FIRST STEPS TOWARD MORE TRUSTWORTHY COMPUTING
There is still much work that Microsoft and others in our industry must do to make computing more trustworthy. Here is a summary of some of the progress we've made, six months after my email to Microsoft employees:
- We have changed the way we design and develop software at all phases of the product development cycle. Our new processes should greatly minimize errors in software, and speed up the development process for new products and services.
- Software Update Services (SUS) is a security management tool for business customers that enables IT administrators to quickly and reliably deploy critical updates from inside their corporate firewall to Windows 2000-based servers and desktop computers running Windows 2000 Professional and Windows XP Professional.
- Microsoft Baseline Security Analyzer is a new tool that customers can use to analyze Windows 2000 and Windows XP systems for common security misconfigurations, and to scan for missing security hot fixes and vulnerabilities on a variety of products, including newer versions of Internet Information Server, SQL Server and Office.
- In addition to providing customers with tools and resources to help them maximize the security of Windows 2000 Server environments, we are committed to shipping Windows
- The error-reporting features built into Office XP and Windows XP are giving us an enormous amount of feedback and a much clearer view of the kinds of problems customers have, and how we can raise the level of reliability in those products - and that of products made by other companies. As part of this effort, we recently created a secure Web site where software and hardware vendors can view error reports related to their drivers, utilities and applications that are reported through our system. This enables the vendors who work with us to identify recurring problems and address them far more quickly than in the past. All of our server software products will incorporate these error-reporting features in subsequent versions of the products.
- With Microsoft Windows Update, we are completing the customer-feedback loop based on the error-reporting features mentioned above. This globally available Web service delivers more than 300 million downloads per month of the most current versions of product fixes, updates and enhancements. When customers connect to the site, they can choose to have their computer automatically evaluated to check which updates need to be applied in order to keep their system up-to-date, as well as identify any critical updates to keep their system safe and secure.
- We are working on a new hardware/software architecture for the Windows PC platform, code-named "Palladium," which will significantly enhance users' system integrity, privacy and data security. This new technology, which will be included in a future version of Windows, will enable applications and application components to run in a protected memory space that is highly resistant to tampering and interference. This will greatly reduce the risk of viruses, other attacks, or attempts to acquire personal information or digital property with malicious or illegal intent. Our goal is for the Palladium development process to be a collaborative industry initiative.
- We've incorporated what is known as P3P (Platform for Privacy Preferences) technology in the Internet Explorer browser technology in Windows XP, which enhances a user's ability to set privacy levels to suit his or her needs. The P3P standard enables a user's browser to compare any P3P-compliant Web site's privacy practices to that user's privacy settings, and to decide whether to accept cookies from that site.
Identifying and addressing critical Trustworthy Computing issues will require significant collaboration across our industry. One example of the kind of cross-industry effort we need more of is the recent creation of the Web Services Interoperability (WS-I) Organization (http://www.ws-i.org/). Founded by IBM, Microsoft and other industry leaders including Intel, Oracle, SAP, Hewlett-Packard, BEA Systems and Accenture, WS-I's mission is to enable consistent and reliable interoperability of XML-based Web services across a variety of platforms, applications and programming languages. Among other things, WS-I will create a suite of test tools aimed at addressing errors and unconventional usage in Web services specifications implementations, which in turn will improve interoperability among applications and across platforms.
And still I replied. Damn.
Please check yourself into the nearest CDC office. I'll catch up with you later.
HAHAHAHAHAHAHA! You so funny! HAHAHAHAHAHAHA! You so original! You make me laugh! HAHAHAHAHAHAHAHA! You funny man! I like you jokes! HAHAHAHAHAHAHA! Wow...my sides are hurting with that funny, funny quip you just threw down on us like some clever maniacal funny man! You so funny! HAHAHAHAHAHAHAHAHA! Someone will probably mod you up as funny to show how funny you really are to the rest of us! Quip, quip says you! Everyone! Over here! Look at the funny man! He made a funny about Ctrl+Alt+Del! Get it? ...Ctrl...Alt...Delete! HAHAHAHAHA! It's a reference to Windows...yes when you have to give it the three-fingered salute!...HAHAHAHAHA! Yes, I am not sure where this guy is from but boy is he funny! Who invited him to the party? We gotta have this guy over more often! Honey? Come down here a second and listen to this guy 'tell it like it is' in a really funny way. HAHAHAHAHAHAHAH! Clutch-Downshift-ParkingBrake, that's priceless. "...close program dialog..." Gold. Just pure gold. How do you do it? I mean, so many people post here at Slashdot, but then you see a funny gem like this. HAHAHAHAHAHAHA! Pure hilarity. When's the last time you actually used Ctrl+Alt+Del and so wittily remarked about it? Had you been using WinCE, NT4, W2K or XP this wouldn't apply at all and hence your joke would 'have no teeth' as it were. But the brilliance of you associating in Ctrl+Alt+Delete with the car functions had me splitting my sides. HAHAHAHAHAHAHAHA! You funny man. So clever, so very very clever. I'll bet you were the funny man in high school too. Wow. You still got it!
HAHAHAHAHAHAHA! You so funny! HAHAHAHAHAHAHA! You so original! You make me laugh! HAHAHAHAHAHAHAHA! You funny man! I like you jokes! HAHAHAHAHAHAHA! Wow...my sides are hurting with that funny, funny quip you just threw down on us like some clever maniacal funny man! You so funny! HAHAHAHAHAHAHAHAHA! Someone will even probably mod you up as funny to show how funny you really are to the rest of us! Quip, quip says you! Everyone! Over here! Look at the funny man! He made a funny about memory allocation! Get it...memory...allocation...HAHAHAHAHA! It's a reference to Microsoft products...yes, and the way they consume memory...HAHAHAHAHA! Yes, I am not sure where this guy is from but boy is he funny! Who invited him to the party? We gotta have this guy over more often! Honey? Come down here a second and listen to this guy 'tell it like it is' in a really funny way. HAHAHAHAHAHAHAH! Paraphrased from a Wrox book, that's priceless. "It's a typical Microsoft product." Gold. Just pure gold. And the smiley at the end? How did you come up with *that*!? How do you do it? I mean, so many people post on Slashdot but then you see a funny gem like this. HAHAHAHAHAHAHA! Pure hilarity. When's the last time you actually studied the CLR managed heap and so wittily remarked about it? Had you understood how .Net allocates, manages and frees memory then this wouldn't apply and hence your joke would 'have no teeth' as it were. But the brilliance of you tying in .NET memory allocation with other Microsoft products had me splitting my sides. HAHAHAHAHAHAHAHA! You funny man. So clever, so very very clever. I'll bet you were the funny man in high school too. Wow. You still got it!
I'll help you burn some karma =)
VSS is the best SCM tool I've used as well (and I've tried them all), at least from a feature POV. The problem I've always had with it is the fact that it's not a client/server type application. The engine actually sits on your desktop and everything is done over the network directly to the file system on the repository server. To be fair, given this type of design it's actually amazing that it doesn't have more problems, but it just doesn't work well, especially for larger teams. Security is laughable and the automation services suck rocks.
The thing is, VSS is a hack on top of a port of a very old tool. The inside party line at MS is that they need a good C/S source control tool for .Net, but they don't know where to start - at one point they were talking about hacking VSS yet again. It think they need to use the basic VSS algorithms (the merge/diff are great) but completely rewrite the engine from the ground up.
I sure hope they come up with something soon.
Good to see nothing has changed.
I have a Vaio PCG-F430 (older model) here that shipped with Win98. It's running Windows 200 Pro right now, and at one point it was also running Win2K Advanced server. I got it through a company-sponsored purchase program. I figured Vaio was better than no laptop, although I probably wouldn't have bought one if I was spending my own money. Still, I've had absolutely no problems other than an intermittent green ghost stripe in the LCD that appears when the thing is left in the car in 110F heat for too long. It disappears after the screen has cooled.
About four months ago I replaced the 2.5 inch hard drive. Not a single problem. I also upgraded the memory to 256MB. Not a problem.
Sony makes drivers and utilities (such as those that control the touch pad and so on) available from their web site, on a per model basis. That means that you can find your model and download replacements for every single piece of software that shipped with the laptop originally, from the sound card to the video card. If you haven't already, I'd recommend you visit Sony's web site. Bring some crow for muching.
Now, when I installed W2KAS I didn't even bother installing the utilities. Everything worked perfectly fine. And then with W2kPRO, I installed all of them. Guess what? Everything works fine.
I can say the same thing for late model Vaios since I helped a friend get rid of WinME and install W2K Pro on his. He didn't even bother installing the updated drivers, because everything was working fine, with the exception of the SD thing, which he wasn't using anyway. USB, FireWire, video, sound, NIC, PCMCIA, etc. Everything worked flawlessly the first time W2K booted up.
Perhaps you want to provide a link or two backing up your claims?
You mus be korea
And unless you have something intelligent to say, or are otherwise inclined to insult me properly or just FOAD, please keep your insight to yourself. I forget where in the TOS (or whatever passes for that here) it says "all posts should include a heavy dose of valid arguments. Otherwise don't bother".
If it's so damn complicated for you to understand I was merely voicing a simple thought then you're absolutely, most certainly, beyond a doubt, stupid.
About 20% of those come from or are routed from open relays in .kr domains. Korea has a huge open relay problem, more so than, say, China.
The other big chunks of spam come from .cn, .ru, .es domains, mostly. The rest comes from US or european domains. At some point I was getting a ton of spam from Romania as well. Of course, there's always the US spammer relaying through these domains.
It's been a while since I analyzed this stuff though, so these numbers are probably not valid any more. I got tired of studying spam.
What I think is amazing is the sense of community they've managed to maintain.
Of course, now I understand those stories where Korean kids kill each other on the streets because the other guy stole their Magick Mistery Flamethrower Wand. Or something.
Not this is funny... please mod up =)
I don't know how the alternative would look of course... If I did I would be sitting on a beach, earning 15% =)
But I'm sure it doesn't look like the stuff we have now.
2.- ???
3.- Profit!!!
I'm not trolling, but I find it sad that everyone has to copy Windows (Microsoft copied Apple, which copied Xerox, blah, blah). Why can't someone come up with a new UI paradigm that works better? If anything, Open Source has the best chance to do this without spending $$$ in "focus groups" and so on. KDE and GNOME look so much like Windows I'm not even inclined to install the latest versions anymore. Not to put down the effort required to code this things, which is of course enormous. I just think the innovation is not there anymore.
The taskbar-desktop-menu thing should be thrown out. So what if it's a huge change? Most of us will adapt.
This is on a machine that is heavily used for development and gaming, and gets rebooted once every 28 days at 5:00 AM automatically, mostly out of habit than out of necessity.
It doesn't really matter how much you people want W2K to suck, the reality is it is the best OS ever put out by Microsoft. It took them about 10 years, and everything that came out before with the exception of NT4 was a piece of crap, but they did it.
I don't remember Linux coming out of Torvald's hard drive ready to rock and roll. It has taken it about as much time to become a viable OS - probably longer on the desktop than as a server.
Both are good alternatives, and most people use whatever fits their lifestyle, budget and technical acumen. But you sir, are a crack head troll if I ever saw one.
Go ahead and mod the fuck out of me. But I'd appreciate it if someone modded Mr. "C0LDFusion" -1337 h^xx0r extraordinare- out of existence as well.
And?
Check out all the comments this guy has posted.
I suppose I feel flattered.
He claims 90% of mexican congressmen can barely read and write.
An exaggeration to be sure, but unfortunately true to a certain extent. Then again, let me know when you come back from Mexico after working as a consultant for 7 years. I'd love to swap war stories.
Say hi to Santa for me.
You're partially right, but the BOS dance to Skip Rimsza's toot anyway. Keep in mind that Maricopa has a few support agreements with City of Phoenix... what are they expecting? For the city to retrain their staff just so the county can claim the moral high ground? I doubt it.
Oh, I agree. But getting there is the problem. Think about it - thousands of employees who can barely use Windows, all of the sudden thrust into the Gnome desktop... nah. It won't happen, sorry. It doesn't matter how much money they could save. And this of course is a problem *everywhere*, not just in a single Arizona county.
What do you think would happen if the BSA showed up at the mayor's office to check there lisences?
You'd be surprised. Most gov't MIS shops I've dealt with have very stringent software auditing rules. I've yet to see a blatant free-for-all piracy slugfest at the agencies. I've seen that sort of thing in private companies many times, of course.
As someone who regularly consults at the county , city and AZ state agency level, I hate to inform ya'll that this is very much a Microsoft kinda town. Yep, you heard it here first.
Further, Maricopa county is small potatoes when compared to the state and city agencies/IT budgets. Scottsdale's (one of the valley's cities) CIO probably has four times the dough than the dude that runs the county's boxen. Not to mention Phoenix city proper. And Tempe, Chandler, Mesa, etc. etc. Oh, and the state government.
And of course, government agencies are the least prepared to transition an existing employee base to a brand new technology paradigm, regardless of the cost benefits this might theoretically bring (or how supposedly easy it is to switch to Linux/KDE/OSS Office suite).
Sorry, I had to break the news.
You may think it's a bug, or even hope it's a bug, but if you've bothered to RTFM you'd figured out in no time instead of submitting to /. for the world to ponder your programming prowess (even in VBScript, which is simple enough).
Here's a helpful link that should come in handy next time.
Hope that helps. And RTFM/Google next time!
which is declared as "1". So if you do "lMyVar = vbNull", it is actually initialized to "1" *sigh*
*Sigh* indeed. This proves that you have absolutely no understanding of variants in COM. MyVariant = Null would have given you what you needed. If you've taken the time to look for 'vbNull' in the runtime library you'd even found out what it's actually used for. RTFM?
If (Null = Null) Then Debug.Print "True" Else Debug.Print "False"
"Goodie"? Null cannot be compared to anything. That's why there's an IsNull() function. RTFM.
Try to guess the output, yes it's "False" ;-)
Ha-ha. RTFM.
If (Not IsNull(pRS.Fields("PK_SomeValue"))) Then
Ever bothered to look into how COM/IDL define default member methods on objects? Or how VB uses them? Do you even know what a type library is? No. Do you know *what* you are testing against in that IsNull() call? I don't think so. RTFM.
Good thing you posted as an AC, d00d. I bet you're one of those quasi/semi/part-time "VB programmers", yes? It's so easy, anyone can do it kinda deal? Including, but not limted to, you? The very fact that you...
used to include scrun.dll in my visual basic projects (visual basic scripting support)
RTFM.
- Percentage of IIS servers affected by the Microsoft vulnerability: 0.01%
- Percentage of X-windows/XFS users that also run Mozilla and are affected: 100%
- Stallman Points awarded for saying minor X bug that merely crashes your computer: 100
- 853 bytes of pure FUD read by 2.5 million people: priceless
There are things money can definitely buy. For everything else, there's Slashdot.PI ANAL TO
Hope this helps.
SV: Probably. I lifted many of the insights from Slashdot posts.
The last chapter is called The Next Frontier: The DMCA, Frist Prost, Natalie Portman and The Battle For The Goatse Trademark. How Far Hot Grits?