When you refer to the Windows security system, I assume you mean Access Control Lists.
No, I refer to the Windows security system. Which includes security contexts and priviliges (and elevation thereof), for example.
ACLs aren't unique to Windows. Linux started including them as an option a year or two ago. Trusted solaris has had them for ages. There's nothing wrong with ACLs per se (although they tend to be so complex that ordinary human beings find them hard to understand).
The standard *NIX owner, group, world set of permissions is not sufficient in many environments. A finer degree of control is often needed. ACLs provide that degree of control. ACLs are just a tool. You could do the same thing with ugo permissions and groups, but the things that would be trivial to do with ACLs would be hopelessly complicated to do with ugo - and to a certain extent that's true vice versa as well.
A SID is basically a globally unique user/group id. Some of the POSIX ACL implementations are already using SIDs. SIDs are the spawn of the devil. They make any kind of migration hopelessly complicated. Not to mention that SIDs are stored in each and every ACL, that means on pretty much each single system object. If you've ever had to run newsid to upgrade a backup domain controller to a primary BC, you'd see it's not all that great. Why a PDC would be identified by its SID rather than, say, an easily backed-up digital certificate in a single location is beyond me.
Ever reinstalled windows and then copied the user database (excluding system accounts) from the old hard drive over to the new one, and then the files (which happen to wind up with the correct uids/gids)? I have with linux.
Having some sort of username@systemname convention for globally uniqe usernames (after all, SIDs are pretty long too, so why not go varchar) would be much better.
If you want to bash on Windows security, the access control model isn't the place to do it. I was just saying they're different. Policies, now that's bashing territory, especially with AD groups (which aren't security groups) and all that jazz. Not to mention user priviliges and privilige elevation. Also, the UI for all the above just plain sucks.
There are issues in other areas but even the most recent POSIX efforts fall short of what NT4 provides in access control. While that's true in some respects (and not true in others; NT4's default permissions sucked ass) it would be nice if people (and corporations) would actually use all those features, and use them correctly.
X.509 revocations do exist, but since there really is no universal Public Key Infrastructure (for the non-security guru), or rather the browsers don't even TRY or HAVE A WAY to validate them in most cases they really don't mean much at all...
Both IE and moz can use OCSP (Online Certificate Status Protocol) - if the cert containes OCSP information (basically a URL where you can check whether the cert is revoked) the browser can check against that. Fully up-to-date windows systems actually do this by default, it's in the crypto libraries. Which caused some problems for Norton Antivirus earlier this year when their cert expired, their OCSP server wouldn't hand out an updated cert, and their liveupdate application silently(!) failed.
Why they were even using a public CA's cert, when there's no way for the end user to look at is, is another matter..
Microsoft's "patent for double clicking" pertains only to hardware buttons on palm sized devices, and only to the specific use of timed accesses. Sounds like double clicking, but it isn't -- the patent is on using one hardware button on a handheld to perform three distinct actions using three distinct input methods, not on any of the three methods.
A mouse is a device that I hold in my hand. I can click, double click, or hold the mouse button, which performs different actions (select, open and start drag mode). There's your prior art right there. Oh no, wait, they included the words "but on a new gizmo that didn't exist when all then prior art was going on"..
It's just another "but on the internet"/"but on a computer"/"but on a mobile phone" patent. Plain stupid.
A compromise could be to keep the unified file format but to allow the user to optionally configure applications to have their own registries which map onto some place in the big registry (probably HKCU/Software/Manufacturer/Product) and allow several such "mini-registries" to exist. This way your average user gets the simple approach, but with little or no extra programming effort in the application the flexibility of per-application configuration files can be approximated. You'd still need a special editor to change edit them, though.
Windows used to have INI files. Perhaps not ideal - in asmuch as they usually didn't contain any binary data and can't be changed on-the-fly as efficiently as the registry (though, do you really need/want to change the registry 100 times a second?), but in my view a good compromise between no standard configuration file at all, and the horrid registry.
It would help if applications were more self-contained, like on Mac OS/X, where you can simply move an application by moving its icon..
Given the mess that windows is now (with applications putting files in %systemroot% and writing their settings to HKEY_Local_Machine) they should at least come up with a way to have each application live in its own sandbox, where everything it writes to the registry or to system folders is actually stored in its own environment.
If it reads the registry or system folders, the application gets to see its own data, or, if there's none, gets read access to the systemwide registry and files..
That wouldn't work for things like DirectX (which isn't an application anyway, but a library), but it would fix DLL hell, as well as most evil registry problems.
One concrete example I have of this is that on a development server I used to administer we had ten or more separate Apache configurations running simultaneously on different ports but only one Apache binary in the filesystem. These Apache servers didn't interact in any way so we could be confident that they were simulating correctly the target environment aside from available system resources. I wouldn't know where to start doing that with Microsoft IIS...
Actually, Microsoft likes the registry so much, they gave IIS it's own registry; the metabase.
Apparently, it's stored as a file, %Systemroot%\System32\inetsrv\metabase.bin.
It's probably totally impossible to run the IIS service with an alternate %systemroot% environment variable (or reading from a different HKLM hive), or to run IIS as an application, or to even run more than one instance of IIS. Coz, like, you're not supposed to.
"Also, printerdrivers don't run in Ring 0. They do on NT (and on windows 2000/XP as well, if you install old drivers. There's no warning or nothing. Yay.)"
Please clarify your point. On NT/2k/XP all drivers run in Ring0. Why should printer drivers be different? Are you serious? Printer drivers do not need to access hardware in kernel mode at all! They just take some input form other application mode programs, reformat it, and dump it onto a parallel port, a USB port or TCP/IP.
The drivers for parallel or USB ports are actually quite distinct from the printer driver itself (in the case of TCP/IP; your laserjet printer driver doesn't install its own ethernet card drivers - yet it runs in kernel space). I'm talking about the printerdriver which does butt all more than convert the journal file(!) to postscript or pcl or whatever, and perhaps (if bidi is enabled) check for paperjams. That's before it even reaches the port monitor. That's how bad it is.
Just because a printer driver is called a driver doesn't mean it needs to be in kernel mode at all. They're not on other OSes.
Taking some input, reformatting it, and sending it over TCP/IP, that's pretty much the same kind of thing an e-mail program does. If I call it an e-mail "driver", would you run it in Ring 0?
Printer drivers in Windows 2000 and XP do not run in ring-0, unless you're installing old (Type 2) NT 4.0 drivers. The drivers that you get with windows 2000 and XP, and that you download from for example hp.com that are "designed for windows 2000/XP" are Type 3 printer drivers.
As far as security goes printers can be locked down just like any system object. This has nothing to do with the underlying driver though.
No the underlying driver is just a wonderfully complicated mechanism for introducing potention buffer over/underruns in Ring 0. By "printers" you mean printer queues/spools; actual printing is done by the spooling service under the SYSTEM account (which is bad enough in itself actually).
Running printer drivers in Ring 0 is also a great way of ensuring that 3rd parties can undermine the stability of your OS by writing crappy printer drivers. Plus, if you can get a user to install your printer driver which happens to contain malicious code, just think of all the havoc you can wreak. And unlike all other drivers, users are allowed to install printers by default - to prevent them from doing so requires changing the policy.
Having printer drivers running in kernel mode is insane. That's why windows 2000 and XP are moving away from Type 2 drivers.
"...no automatic provision for removing old laws..."
This is incorrect. Most laws written today with questionalbe sections have "sunset" provisions. The Patriot Act is full of them, which most people on/. should know (given the amount of anger directed at it, it seems reasonable to assume that everyone has studied it in detail...or at least read it (for the record, I have). Additionally, in cases of a conflict between two laws, the older laws are invalidated by the newer.
The original poster is right, in that there is no automatic or overall sunset law. There is no provision that says new laws ought to have sunset provisions, or that old laws lapse if they're not extended.
While it's true that newer laws precede older laws, they only invalidate the older laws if (and only if) they explicitly specify that the older law is repealed, or if the conditions of the newer law apply exactly equally compared to the conditions of the older law. For example, if a new law is passed that lists speed limits for motorcycles and cars, you're in luck if you drive a horse and buggy. A real fast, steroid taking horse.
And that's only in practice; the real people who decide that old laws are invalid are the judiciary and juries (in the form of Jury Nullification - look it up). But there is no formal process for throwing out old laws on the basis that it's better to have clear and simple rules, rather than accumulated cruft.
"The idea of restricting CPU's, or ANY form of computer software for that matter, is completly without justification."
Completely untrue. For a long time, the Wassenar agreements have prohibited exports of "dual use" technology, and this includes advanced technology. Naturally, as time goes on, the state of the art changes, so what was advanced technology yesterday, is not today. Continual review is needed.
Methinks he was talking about moral justification rather than legal justification. Once a bill has been passed into law it's legally justified by definition. (Except for Constitutional issues)
Or what if Germany decides it's a trade war, and retaliates by placing similar controls on AMD CPUs, and doesn't allow them to be exported to the US without a license?
Countries don't usually start trade wars over a foreign nation NOT exporting things that can be easily made domestically. Not importing the domestic stuff, or dumping the foreign stuff, now that's when things start to get interesting..
Perhaps he doesn't feel the need to be indexed in the MSN seach function. Spiders and visitors cost bandwidth, and if your target audience is very different from your average MSN search user (*cough* <aol>me too</aol>) then it couldn't hurt either websurfers or the webmaster to block it, right?
Mark Russinov is the guy from wininternals who have some very cool utilities for windows - frequently mentioned in the microsoft knowledge base. If you're looking for windows utilities to show processes, logged on users, open file handles/mutexes etc., don't look no further.
Having said that, the talk was about the kernel. Obviously the differences between a GNU/linux distribution and a Windows variant run very deep.
My pet peeve about windows is the registry. Sure, the staggering number of sometimes quite byzantine file formats of all those different/etc/ and ~/.somethingrc files can be quite daunting, but it's so much better than the registry in real life situations where things can go wrong and you want to edit stuff by hand or restore stuff, it's just not funny.
The biggest difference in the kernel would have to be security. Windows has a lot riding on their weird security system with it's SIDs and groups (which isn't enough to actually lock down your users, you need to use funky policies for that), whereas linux usually tries to get by with a simple uid/gid combination. Of course, if you'd want to, you could SELinux the kernel up beyond recognition, when it comes to security. (Try to do that on windows).
Also, printerdrivers don't run in Ring 0. They do on NT (and on windows 2000/XP as well, if you install old drivers. There's no warning or nothing. Yay.)
Why? Cars have to be registered and insured. Typically, things that are registered (cars, guns, people, etc) have to be uniquely identifiable. Without a VIN or some similar system of identification, such registration would not be possible.
Typically, insured things need to get damaged before you can claim insurance.
"Yeah, sure, that was the Ford with VIN 123456789 that I was paying insurance on, unlike my other 2 identical cars which have different VINs - but the VIN appears to have been destroyed in the accident".
If you were to charge back/seize money on accounts used by spammers, that would spoil the profits of an entire spamrun, not just the potential income from the clueless who buy after x amount of time. Also, spammers already use "bullet-proof" hosting in China etc. so their sites won't get pulled.
There ought to be no such thing as a "bullet-proof" credit card acquirer or bank when it comes to spamming, but at the moment they all are. Besides, you need to use a domestic bank/acquirer (which is not so when it comes to websites) so it's a lot easier to legislate those than to go after internet resources like mail and web servers, which are a dime a dozen and you can use one in whichever country you like to hide in.
And if it gives spammers an incentive to commit fraud (e.g. use other people's accounts, fake identities), then all the better, that should wake up the Feds to start some serious prosecution.
The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.
Yet they can freeze assets of suspected terrorists? Not to mention small time dope dealers.
Spammers need to get paid in some way, too. That means that they will have US bank/merchant accounts. Those can be frozen, assets can be seized.
Seizing assets happens in the war on drugs, but not when it comes to a white collar crime like spamming; by far a less "victim-less" crime.
Credit card charges can be charged back to the acquirer (even if the dumb customer is satisfied). Acquirers can change their merchant contracts to prohibit spamming today.
Profits made by mortgage intermediaries that don't care that their leads are spam-generated can be garnered (the leading mortgage banks could decide to include an anti-spamming clause in the contracts they offer intermediaries today).
Meanwhile, mortgage lenders and credit card acquirers remain complicit, even though they do crack down on other types of crime - namely fraud, which would cost them the most money, as opposed to the crime of spamming where the costs is borne by society at large.
They're just out to make a quick buck, bless 'em..
The MDA2/XDA2/iMate2/Qtek2020 (HTC Himalaya) also supports wifi, but only as an SDIO card option. Which means you can't extend the memory storage beyond the present 128MB RAM (with backup battery) and approx 15MB flash.
The apps that come with the MDAs are not necessarily included with the XDA/iMate/Qtek, but you can usually upgrade your own device with any vendor's ROMs, or even customize them, thanks to the people at xda-developers. Special kudos to xda-developer Willem/itsme.
SIP VOIP apps are available for pocketpc, even skype is, and depending on how much you pay for your data traffic (e.g. an unlimited plan) it might already work out cheaper than regular calls.
The most iresome trouble with these handsets is that the OS can be very buggy. I know it might seem like Microsoft-bashing, but they've really stuck to some of the worst features of windows for their embedded windowsCE/pocketpc platform. It has a registry! Which even has a HKEY_USERS key, even though it's empty because it's a single user device (and HKCU is not backed up by syncing). Also, DLL hell exists on the platform. Apps need to be installed and will try to install files in default locations. The package management is woeful, like in it's big brother. And back-ups frequently do not work.
The best thing about it, is the extensibility and the LARGE number of applications and tools available for it. The developer community seems to be bigger than the EPOC community was, or the Palm developer community. This in spite of the fact that the platform lacks easy scripting, and you're basically stuck to either handcrafting c++ or going the VB.NET route. Rather daunting, either way.
Pocket outlook is very nice, too bad activesync will only sync with regular outlook (you get a copy, although it comes with product activation).
Webbrowsing over gprs is a joy, though it is a shame there is no opera for pocketpc, if only to give it a whirl.
Oh, and parent poster.. If you don't have time to play with it.. Send it to me please?;-)
People may have a legit reason to want a data connect with the given countries, and it usually is a violation of privacy law to do such detection without the customer wanting it.
No it's not. If it were, 56Kbps modems wouldn't work, because they depend on the telephone exchange to detect that it's a modem connecting, and to set up a data call. All telephone companies use systems that do this. Rejecting data calls by policy is most certainly built into all the digital exchanges.
Most European countries even filter out data calls to ISPs to offload on a separate IP network, bypassing the voice infrastructure from the exchange on.
There might be some regulatory impediment to implementing filtering (since telcos must provide a line suitable for both voice and modem traffic) but it's most certainly no privacy issue, and detecting data calls happens automatically anyway.
Yahoo did not, I repeat did *not* try to "block" third party IM clients "several times last year". *All* they did was upgrade their protocol for better reliability/etc (I have personally noticed the increase in reliability/refresh rate etc). It is up to the 3rd party developers to upgrade their protocols if Yahoo decides to do so.
Right. It's an unfortunate side-effect. They're also forcing all their users that DO use the Yahoo! approved clients to upgrade to their new client. A client with more bloat, more featuritis. No choice for the lowly user in all this. Yet the entire value of their messenger service is the number of people on it. That's the only reason 3rd party apps are made; people want to talk to other people who are on the Yahoo network. Instead of recognizing their users, even if they don't pay for the privilege of using the network, as a valuable asset, they treat them like, well, sheeple. Especially if you happen to be on a third party client.
Even AOL treats third party clients better, by "supporting" an oudated version of their protocol. It might not have all the whizz-bang features, but it keeps even those damn geek hippies on the network, which is a good thing for all those involved, really.
How would you feel if Microsoft suddenly changed the "hotmail" protocol, so you could send e-mail to any one on hotmail, or receive any from them? Even if it's your girlfriend, or your mother?
How about if your telephone company suddenly won't let you connect to the bad side of town? All those free phonecalls cost em, you know?
So, if you think there are enough people like you who are getting the shaft and that there is demand for what you want, start your own ISP or whatever and tap that market yourself. If you do and you don't make money, well, it looks like the ISPs were making the right business decision regarding their pricing models for their services.
Sure. As soon as you sign up your first million subscribers paying in advance you can start rolling out your own network.
Unbundling is also about allowing competitors to use the ILEC/cable operators network at a fair price (as opposed to "whatever the market won't bear" - ILECs aren't that stupid).
And get this. Unbundling works. I've got DSL through my ILEC, but I could go with 2 or 3 competitors. As a result, my ILEC hasn't started charging through the roof (like they actually DID do until the competition showed up).
Slashdot Mirror
When you refer to the Windows security system, I assume you mean Access Control Lists.
No, I refer to the Windows security system. Which includes security contexts and priviliges (and elevation thereof), for example.
ACLs aren't unique to Windows. Linux started including them as an option a year or two ago.
Trusted solaris has had them for ages. There's nothing wrong with ACLs per se (although they tend to be so complex that ordinary human beings find them hard to understand).
The standard *NIX owner, group, world set of permissions is not sufficient in many environments. A finer degree of control is often needed. ACLs provide that degree of control.
ACLs are just a tool. You could do the same thing with ugo permissions and groups, but the things that would be trivial to do with ACLs would be hopelessly complicated to do with ugo - and to a certain extent that's true vice versa as well.
A SID is basically a globally unique user/group id. Some of the POSIX ACL implementations are already using SIDs.
SIDs are the spawn of the devil. They make any kind of migration hopelessly complicated. Not to mention that SIDs are stored in each and every ACL, that means on pretty much each single system object. If you've ever had to run newsid to upgrade a backup domain controller to a primary BC, you'd see it's not all that great. Why a PDC would be identified by its SID rather than, say, an easily backed-up digital certificate in a single location is beyond me.
Ever reinstalled windows and then copied the user database (excluding system accounts) from the old hard drive over to the new one, and then the files (which happen to wind up with the correct uids/gids)? I have with linux.
Having some sort of username@systemname convention for globally uniqe usernames (after all, SIDs are pretty long too, so why not go varchar) would be much better.
If you want to bash on Windows security, the access control model isn't the place to do it.
I was just saying they're different. Policies, now that's bashing territory, especially with AD groups (which aren't security groups) and all that jazz. Not to mention user priviliges and privilige elevation. Also, the UI for all the above just plain sucks.
There are issues in other areas but even the most recent POSIX efforts fall short of what NT4 provides in access control.
While that's true in some respects (and not true in others; NT4's default permissions sucked ass) it would be nice if people (and corporations) would actually use all those features, and use them correctly.
X.509 revocations do exist, but since there really is no universal Public Key Infrastructure (for the non-security guru), or rather the browsers don't even TRY or HAVE A WAY to validate them in most cases they really don't mean much at all...
Both IE and moz can use OCSP (Online Certificate Status Protocol) - if the cert containes OCSP information (basically a URL where you can check whether the cert is revoked) the browser can check against that. Fully up-to-date windows systems actually do this by default, it's in the crypto libraries. Which caused some problems for Norton Antivirus earlier this year when their cert expired, their OCSP server wouldn't hand out an updated cert, and their liveupdate application silently(!) failed.
Why they were even using a public CA's cert, when there's no way for the end user to look at is, is another matter..
Microsoft's "patent for double clicking" pertains only to hardware buttons on palm sized devices, and only to the specific use of timed accesses. Sounds like double clicking, but it isn't -- the patent is on using one hardware button on a handheld to perform three distinct actions using three distinct input methods, not on any of the three methods.
A mouse is a device that I hold in my hand. I can click, double click, or hold the mouse button, which performs different actions (select, open and start drag mode). There's your prior art right there. Oh no, wait, they included the words "but on a new gizmo that didn't exist when all then prior art was going on"..
It's just another "but on the internet"/"but on a computer"/"but on a mobile phone" patent. Plain stupid.
A compromise could be to keep the unified file format but to allow the user to optionally configure applications to have their own registries which map onto some place in the big registry (probably HKCU/Software/Manufacturer/Product) and allow several such "mini-registries" to exist. This way your average user gets the simple approach, but with little or no extra programming effort in the application the flexibility of per-application configuration files can be approximated. You'd still need a special editor to change edit them, though.
Windows used to have INI files. Perhaps not ideal - in asmuch as they usually didn't contain any binary data and can't be changed on-the-fly as efficiently as the registry (though, do you really need/want to change the registry 100 times a second?), but in my view a good compromise between no standard configuration file at all, and the horrid registry.
It would help if applications were more self-contained, like on Mac OS/X, where you can simply move an application by moving its icon..
Given the mess that windows is now (with applications putting files in %systemroot% and writing their settings to HKEY_Local_Machine) they should at least come up with a way to have each application live in its own sandbox, where everything it writes to the registry or to system folders is actually stored in its own environment.
If it reads the registry or system folders, the application gets to see its own data, or, if there's none, gets read access to the systemwide registry and files..
That wouldn't work for things like DirectX (which isn't an application anyway, but a library), but it would fix DLL hell, as well as most evil registry problems.
One concrete example I have of this is that on a development server I used to administer we had ten or more separate Apache configurations running simultaneously on different ports but only one Apache binary in the filesystem. These Apache servers didn't interact in any way so we could be confident that they were simulating correctly the target environment aside from available system resources. I wouldn't know where to start doing that with Microsoft IIS...
:-)
Actually, Microsoft likes the registry so much, they gave IIS it's own registry; the metabase.
Apparently, it's stored as a file, %Systemroot%\System32\inetsrv\metabase.bin.
It's probably totally impossible to run the IIS service with an alternate %systemroot% environment variable (or reading from a different HKLM hive), or to run IIS as an application, or to even run more than one instance of IIS. Coz, like, you're not supposed to.
VMware would be the easiest solution, I guess.
OTOH, you can also run apache on windows
"Also, printerdrivers don't run in Ring 0. They do on NT (and on windows 2000/XP as well, if you install old drivers. There's no warning or nothing. Yay.)"
Please clarify your point. On NT/2k/XP all drivers run in Ring0. Why should printer drivers be different?
Are you serious? Printer drivers do not need to access hardware in kernel mode at all! They just take some input form other application mode programs, reformat it, and dump it onto a parallel port, a USB port or TCP/IP.
The drivers for parallel or USB ports are actually quite distinct from the printer driver itself (in the case of TCP/IP; your laserjet printer driver doesn't install its own ethernet card drivers - yet it runs in kernel space). I'm talking about the printerdriver which does butt all more than convert the journal file(!) to postscript or pcl or whatever, and perhaps (if bidi is enabled) check for paperjams. That's before it even reaches the port monitor. That's how bad it is.
Just because a printer driver is called a driver doesn't mean it needs to be in kernel mode at all. They're not on other OSes.
Taking some input, reformatting it, and sending it over TCP/IP, that's pretty much the same kind of thing an e-mail program does. If I call it an e-mail "driver", would you run it in Ring 0?
Printer drivers in Windows 2000 and XP do not run in ring-0, unless you're installing old (Type 2) NT 4.0 drivers. The drivers that you get with windows 2000 and XP, and that you download from for example hp.com that are "designed for windows 2000/XP" are Type 3 printer drivers.
As far as security goes printers can be locked down just like any system object. This has nothing to do with the underlying driver though.
No the underlying driver is just a wonderfully complicated mechanism for introducing potention buffer over/underruns in Ring 0. By "printers" you mean printer queues/spools; actual printing is done by the spooling service under the SYSTEM account (which is bad enough in itself actually).
Running printer drivers in Ring 0 is also a great way of ensuring that 3rd parties can undermine the stability of your OS by writing crappy printer drivers. Plus, if you can get a user to install your printer driver which happens to contain malicious code, just think of all the havoc you can wreak. And unlike all other drivers, users are allowed to install printers by default - to prevent them from doing so requires changing the policy.
Having printer drivers running in kernel mode is insane. That's why windows 2000 and XP are moving away from Type 2 drivers.
"...no automatic provision for removing old laws..."
/. should know (given the amount of anger directed at it, it seems reasonable to assume that everyone has studied it in detail...or at least read it (for the record, I have).
This is incorrect. Most laws written today with questionalbe sections have "sunset" provisions. The Patriot Act is full of them, which most people on
Additionally, in cases of a conflict between two laws, the older laws are invalidated by the newer.
The original poster is right, in that there is no automatic or overall sunset law. There is no provision that says new laws ought to have sunset provisions, or that old laws lapse if they're not extended.
While it's true that newer laws precede older laws, they only invalidate the older laws if (and only if) they explicitly specify that the older law is repealed, or if the conditions of the newer law apply exactly equally compared to the conditions of the older law. For example, if a new law is passed that lists speed limits for motorcycles and cars, you're in luck if you drive a horse and buggy. A real fast, steroid taking horse.
And that's only in practice; the real people who decide that old laws are invalid are the judiciary and juries (in the form of Jury Nullification - look it up). But there is no formal process for throwing out old laws on the basis that it's better to have clear and simple rules, rather than accumulated cruft.
Most fabbing equipment meanwhile, is made by a Dutch company, ASML/ASMI (or maybe they're two companies. Philips spin-offs, anyway.)
"The idea of restricting CPU's, or ANY form of computer software for that matter, is completly without justification."
Completely untrue. For a long time, the Wassenar agreements have prohibited exports of "dual use" technology, and this includes advanced technology. Naturally, as time goes on, the state of the art changes, so what was advanced technology yesterday, is not today. Continual review is needed.
Methinks he was talking about moral justification rather than legal justification. Once a bill has been passed into law it's legally justified by definition. (Except for Constitutional issues)
Or what if Germany decides it's a trade war, and retaliates by placing similar controls on AMD CPUs, and doesn't allow them to be exported to the US without a license?
Countries don't usually start trade wars over a foreign nation NOT exporting things that can be easily made domestically. Not importing the domestic stuff, or dumping the foreign stuff, now that's when things start to get interesting..
Actually, I get msn.com.sg ;-)
MSN messenger is also a source. Zillions of free ads (for MS) promising sordid details on celebrity sex life, that end up being disappointingly bland.
Why prevent a spider from crawling your page?
Just because it's associated with Microsoft?
Perhaps he doesn't feel the need to be indexed in the MSN seach function. Spiders and visitors cost bandwidth, and if your target audience is very different from your average MSN search user (*cough* <aol>me too</aol>) then it couldn't hurt either websurfers or the webmaster to block it, right?
Mark Russinov is the guy from wininternals who have some very cool utilities for windows - frequently mentioned in the microsoft knowledge base. If you're looking for windows utilities to show processes, logged on users, open file handles/mutexes etc., don't look no further.
/etc/ and ~/.somethingrc files can be quite daunting, but it's so much better than the registry in real life situations where things can go wrong and you want to edit stuff by hand or restore stuff, it's just not funny.
Having said that, the talk was about the kernel. Obviously the differences between a GNU/linux distribution and a Windows variant run very deep.
My pet peeve about windows is the registry. Sure, the staggering number of sometimes quite byzantine file formats of all those different
The biggest difference in the kernel would have to be security. Windows has a lot riding on their weird security system with it's SIDs and groups (which isn't enough to actually lock down your users, you need to use funky policies for that), whereas linux usually tries to get by with a simple uid/gid combination. Of course, if you'd want to, you could SELinux the kernel up beyond recognition, when it comes to security. (Try to do that on windows).
Also, printerdrivers don't run in Ring 0. They do on NT (and on windows 2000/XP as well, if you install old drivers. There's no warning or nothing. Yay.)
Why? Cars have to be registered and insured. Typically, things that are registered (cars, guns, people, etc) have to be uniquely identifiable. Without a VIN or some similar system of identification, such registration would not be possible.
Typically, insured things need to get damaged before you can claim insurance.
"Yeah, sure, that was the Ford with VIN 123456789 that I was paying insurance on, unlike my other 2 identical cars which have different VINs - but the VIN appears to have been destroyed in the accident".
On the other hand, which european nation that was[ not -ed.] created after 1800 does not have an illegitimate king somewhere in its history?
Why, San Marino, the world's oldest republic of course..
So, should the dumb couple be sued for everything they own? Should I turn them over to the FTC? How do you separate the willful from the dumb?
If I stupidly walk in front of a truck, do I not bleed?
If you were to charge back/seize money on accounts used by spammers, that would spoil the profits of an entire spamrun, not just the potential income from the clueless who buy after x amount of time. Also, spammers already use "bullet-proof" hosting in China etc. so their sites won't get pulled.
There ought to be no such thing as a "bullet-proof" credit card acquirer or bank when it comes to spamming, but at the moment they all are. Besides, you need to use a domestic bank/acquirer (which is not so when it comes to websites) so it's a lot easier to legislate those than to go after internet resources like mail and web servers, which are a dime a dozen and you can use one in whichever country you like to hide in.
And if it gives spammers an incentive to commit fraud (e.g. use other people's accounts, fake identities), then all the better, that should wake up the Feds to start some serious prosecution.
The problem is that the worst these people are setting themselves up outside of US jurisdiction, so that FTC and company just can't get to them. Any spammer who doesn't is excessively stupid. There's nothing that the US courts can take from them... and I just don't think offering 20% of $0 is going to do much anyway.
Yet they can freeze assets of suspected terrorists? Not to mention small time dope dealers.
Spammers need to get paid in some way, too. That means that they will have US bank/merchant accounts. Those can be frozen, assets can be seized.
Seizing assets happens in the war on drugs, but not when it comes to a white collar crime like spamming; by far a less "victim-less" crime.
Credit card charges can be charged back to the acquirer (even if the dumb customer is satisfied). Acquirers can change their merchant contracts to prohibit spamming today.
Profits made by mortgage intermediaries that don't care that their leads are spam-generated can be garnered (the leading mortgage banks could decide to include an anti-spamming clause in the contracts they offer intermediaries today).
Meanwhile, mortgage lenders and credit card acquirers remain complicit, even though they do crack down on other types of crime - namely fraud, which would cost them the most money, as opposed to the crime of spamming where the costs is borne by society at large.
They're just out to make a quick buck, bless 'em..
And I'd have to add to that..
;-)
The MDA2/XDA2/iMate2/Qtek2020 (HTC Himalaya) also supports wifi, but only as an SDIO card option. Which means you can't extend the memory storage beyond the present 128MB RAM (with backup battery) and approx 15MB flash.
The apps that come with the MDAs are not necessarily included with the XDA/iMate/Qtek, but you can usually upgrade your own device with any vendor's ROMs, or even customize them, thanks to the people at xda-developers. Special kudos to xda-developer Willem/itsme.
SIP VOIP apps are available for pocketpc, even skype is, and depending on how much you pay for your data traffic (e.g. an unlimited plan) it might already work out cheaper than regular calls.
The most iresome trouble with these handsets is that the OS can be very buggy. I know it might seem like Microsoft-bashing, but they've really stuck to some of the worst features of windows for their embedded windowsCE/pocketpc platform. It has a registry! Which even has a HKEY_USERS key, even though it's empty because it's a single user device (and HKCU is not backed up by syncing). Also, DLL hell exists on the platform. Apps need to be installed and will try to install files in default locations. The package management is woeful, like in it's big brother. And back-ups frequently do not work.
The best thing about it, is the extensibility and the LARGE number of applications and tools available for it. The developer community seems to be bigger than the EPOC community was, or the Palm developer community. This in spite of the fact that the platform lacks easy scripting, and you're basically stuck to either handcrafting c++ or going the VB.NET route. Rather daunting, either way.
Pocket outlook is very nice, too bad activesync will only sync with regular outlook (you get a copy, although it comes with product activation).
Webbrowsing over gprs is a joy, though it is a shame there is no opera for pocketpc, if only to give it a whirl.
Oh, and parent poster.. If you don't have time to play with it.. Send it to me please?
How well is Linux support for Barcode Readers? I've been thinking of getting one.
Most barcode readers actually have ps/2 (pass-through) keyboard connectors. So they're compatible with whatever OS uses keyboards.
People may have a legit reason to want a data connect with the given countries, and it usually is a violation of privacy law to do such detection without the customer wanting it.
No it's not. If it were, 56Kbps modems wouldn't work, because they depend on the telephone exchange to detect that it's a modem connecting, and to set up a data call. All telephone companies use systems that do this. Rejecting data calls by policy is most certainly built into all the digital exchanges.
Most European countries even filter out data calls to ISPs to offload on a separate IP network, bypassing the voice infrastructure from the exchange on.
There might be some regulatory impediment to implementing filtering (since telcos must provide a line suitable for both voice and modem traffic) but it's most certainly no privacy issue, and detecting data calls happens automatically anyway.
Yahoo did not, I repeat did *not* try to "block" third party IM clients "several times last year". *All* they did was upgrade their protocol for better reliability/etc (I have personally noticed the increase in reliability/refresh rate etc). It is up to the 3rd party developers to upgrade their protocols if Yahoo decides to do so.
Right. It's an unfortunate side-effect.
They're also forcing all their users that DO use the Yahoo! approved clients to upgrade to their new client. A client with more bloat, more featuritis. No choice for the lowly user in all this. Yet the entire value of their messenger service is the number of people on it. That's the only reason 3rd party apps are made; people want to talk to other people who are on the Yahoo network. Instead of recognizing their users, even if they don't pay for the privilege of using the network, as a valuable asset, they treat them like, well, sheeple. Especially if you happen to be on a third party client.
Even AOL treats third party clients better, by "supporting" an oudated version of their protocol. It might not have all the whizz-bang features, but it keeps even those damn geek hippies on the network, which is a good thing for all those involved, really.
How would you feel if Microsoft suddenly changed the "hotmail" protocol, so you could send e-mail to any one on hotmail, or receive any from them? Even if it's your girlfriend, or your mother?
How about if your telephone company suddenly won't let you connect to the bad side of town? All those free phonecalls cost em, you know?
To be fair, hotmail now has filters (hidden away in options) and lists mail "from my contacts" separately.
Many people are utterly startled when they find out hotmail has filters.. You can even apply them to old mail, not just new incoming messages.
So, if you think there are enough people like you who are getting the shaft and that there is demand for what you want, start your own ISP or whatever and tap that market yourself. If you do and you don't make money, well, it looks like the ISPs were making the right business decision regarding their pricing models for their services.
Sure. As soon as you sign up your first million subscribers paying in advance you can start rolling out your own network.
Unbundling is also about allowing competitors to use the ILEC/cable operators network at a fair price (as opposed to "whatever the market won't bear" - ILECs aren't that stupid).
And get this. Unbundling works. I've got DSL through my ILEC, but I could go with 2 or 3 competitors. As a result, my ILEC hasn't started charging through the roof (like they actually DID do until the competition showed up).
Of course, that's only in Europe..
A foot is a really sensible length for a ruler - there aren't nearly as many practical uses for a metre rule.
I thought you called those contractions a yardstick?