I'll second that. As well as the regular cleanups advocated elsewhere on this story (defrag (inc registry), prune startup crap with autoruns) you will accumulate a lot less crap if you run as non-admin.
I ripped this quote from somewhere... START
Q. Why is Windows so insecure?
A. Because everyone runs as Administrator.
Q. Why does everyone run as Administrator (even when they know better)?
A. Because they don't understand security and are afraid they will be prevented from doing things.
Q. Why don't they understand security?
A. Because they run as Administrator, bypassing all security.
LOOP TO START
This microsoftie blog has lots of good info about running as non-admin. It can be painful to switch, but once you do, you won't regret it.
Minidisk isn't a total disaster, apart from the marketing side of things.
Technically, it was ahead of its time. If they opened up the format and released PC drives for them they would have completely replaced floppy disks, and also owned the portable music player market long before apple came out with the ipod.
I've got a minidisk player that I use every day. I get 5 hours of music on one minidisk, the player is smaller than an ipod and the battery lasts about 40 hours.
The only problem with it is I can't connect it to my PC.
Even though each device in your network/home has a publicly reachable IP6 address, you would be crazy to not have a firewall that blocked incoming connections to those devices that you didn't authorise.
Even if your home has an ip6 fridge, toaster, webserver, mailserver and game console, you would still have everything connected to the outside world via some sort of router.
Each device could still access the outside world, the router would block unexpected incoming connections to these devices and traffic coming back into your network would be easily routable without the nightmare that is NAT.
I think the GP post's point is the loader should be written in a managed language... and I agree. Eventually I think we'll see unmanged code regarded in the same way as inline assembly is today - great for the places where you need absolue balls to the wall performance, but otherwise stay away from it.
Lets face it, except for corner cases managed code is usually within a few % of the same speed as unmanaged code, and that few % isn't always on the slow side either.
Of course its possible to write crap managed code, but its a hellava lot easier to write good managed code than good unmanaged code.
No, he's dead right. Managed code is not vulnerable to buffer overflow/underflow attacks. If one occours, the runtime (java or.net) will detect it and raise an exception before any data is corrupted.
To claim that no such cases exist only proves that you only play with toy databases, instead of working with real ones.
Don't be so pompus. Recently I worked with a database containing all the census results for New Zealand. Ok, its not as large as the US, but its still not trivial.
The DBA who built & loaded the database from the raw CSV data we got from the department of stats really knew his shit. The database was structured with a table containing the questions, and a table containing the unit measures (each data point data was given for several ranges - for neighbourhoods, for suburbs/towns, for cities and also nationally.
The census results data was in a table that had a question ID, a measure ID, a year, and the figure. I forget how big the db was in the end, about 1.5gb or something. The strucure made it really easy to write the queries that extracted data for several detail levels (neighbourhood, suburb, city, national) which was how the reporting app worked.
Yeah, I know what you mean, I work in the real world too. A lot of the time we have to work with some awful database structures, and we just have to grin and bear it.
Doesn't make it right tho... If you are given a clean sheet to design a system as the grandparent post suggested (questionare) and you put the results in one table with a row for each question, then you deserve to work with fucked-up systems for the rest of your life.
I can think of a lot of reasons to have 100 columns, it simply depends on what you're working with - and it is perfectly normalized
I've got mod points but I just have to give them up to reply to this....
You're wrong. I agree totally with the grandparent post. You DON'T need 100 columns, ever. If you have that many columns you should be breaking the table up into several tables with 1:1 joins. Seriously. There will always be some fields that aren't needed. Make the rows smaller by putting commonly used fields in one table, rarely used rows in the other.
And your example of a questionaire (1 row per answer, one column per question) is not even close to normalised. What happens if there is a new question? you have to alter the schema. what happens if some questions are not answered? you'd have to have nulls, and wasted space.
A much better structure is to have a table of questions, and a table of responses (with something like a response id, and maybe an identifier on who answered the questionare) and a question-answer table with each row pointing at a response and a question, and giving the answer that person gave for that question.
I'm a fan of greg bear because even though he streches physics, as you say, he doesn't take it too far, and everything in the book is logically consistent. Moving Mars is probably my favourite all-time book, closely followed by queen of angels.
Microsoft has ALWAYS said processes running with elevated priviledges such as localsystem should NOT display any UI, because its not that hard for an app to subvert another app running in the same desktop context.
I don't think norton's is vulnerable to this particular problem, AFAIK the window that pops up is running under the same context as the logged on user.
This is the same thing that chris paiget(sp?) puplicised with his "shatters" attacks, which posted an invalid message to a windows message queue that contained a callback to a function defined in the data that was sent to the message queue.
You claim the registry is "100x" more secure and robust but then don't explain why. Permissions? Flat-files have that. Robust? If one flat file goes, the whole thing doesn't corrupt.
Individual keys and branches in the registry can have permissions applied to them. Its possible to give an account read permissions to some areas of the registry, update permissions to some and none to the rest. With flat files you'd have to split your settings into multiple files to get the same result.
Also, lots of people are bitching about the danger of "registry corruption". I've been using windows before the registry came along (in win 95), and I've never seen a corrupted registry. Never. Windows keeps several copies of the registry around to fall back on incase the main copy goes bad, but I can't recall ever even needing that.
...just because you're one of those militant Windows developers who defends the crumbling Windows architecture doesn't make your loud opinion any more correct.
What makes your opinion any more valid than the parent poster? I'm another windows developer who "defends the crumbling Windows architecture". I imagine if you took a survey of windows developers you'd find the majority of people who actually know the system don't condem it. Yes, windows does have its problems. What OS doesn't? Any good developer should be able to see the good and bad side of windows. The Registry was a grand idea, which has some real-world drawbacks. Its hard to move settings from one machine to another, and crap from deleted applications etc builds up over time. And Microsoft is moving on -.Net Apps usually use XML configuration files, not the registry.
If a developer doesn't want to use the registry, then they don't have to. Its not a requirement, not even for "militant" developers. Some things are best stored in the registry, some things are better in XML files or even flat files.
Or go on supporting a design that lets malware bury anything it wants and manipulate the system. A single store of the entire computer's configuration values in one object is completely ridiculous.
Firstly, malware can only manipulate the registry and system because its running as admin. The registry isn't the cause of windows insecurity, the fact that everyone runs as Admin is. A normal user account has read-only access to system-wide settings in the registry.
And also when it comes to cleaning out malware etc. then having everything in the registry actually makes things easier. Rather than looking in dozens of "plugins" directories and/or dozens of seperate configuration files everything is nicely organised in the registry and can be quickly checked. Applications like Autoruns (from sysinternals) and HijackThis will examine your registry and show you what apps are running on startup or caputring system hooks.
I remember reading once about the development of crash bandicoot (the first one) on the PS1. Apparently they wrote some impressive tools to sort out the order everything was placed on the CD in, as the CD drive was only 2x or 4x or something, and was slower than average when seeking too.
GTA San Andreas on the xbox suffers from loading stuff from the disk, its quite a bad problem. The Xbox version of the game has more detailed models and textures than the PS2, and hence there is more data to load.
The game is designed so it streams everything it needs off the disk as you move around, instead of having distinct areas that are loaded individually (while you watch a loading screen) when you cross the border.
This works very well, but if you are travelling at high speed you can get ahead of the load process, and objects start appearing right beside (or infront) of you instead of in the distance - not so good.
I've got a modchip, and I've copied the game to my HD and I run it from there and because of the faster load/seek times you never see objects loading. Plenty of people without modchips are bitching about this problem, and I had a quick play off the original and yep, its as annoying as hell.
Hardly any developers took any real advantage of it other than being a giant memory card
Not true. Halo is a good example - when you first load a level, its slowwww (remember the blue bar moving across the screen). Next load, its fast.
Of course, the xbox DVD drive is as slow as hell (largely because of the crap ribbon cable, apparently), and doesn't even use DMA. Proper DMA support should reduce the need to cache data.
There must be at least a million cellphones in Manhattan. I'd say its safe to say that each cellphone would send an average of one text message a day.
So there are already somewhere in the rough ballpark of 1 million text messsages being sent a day. Possibly many more, probably no less. that equates to 41,000 per hour, or 72 per second, on average.
Now of course the texts aren't spread evenly over those 24 hours. The majority of those messages will be sent during 12 hours of the day, which would mean during those 12 hours the average texts/second would be pretty close to the number of texts they say would overload the network.
Process explorer from SysInternals queries the performance counters of.Net apps, showing some interesting figures. A couple of the metrics shown are % time in JIT and % time in GC (relative to the total CPU time of course)
They are very interesting. Start a reasonably complex app, and do stuff for the first time. % time in JIT will probably be 1% (and keep dropping.)
I reccommend you read the night's dawn trilogy by Peter F Hamilton. Its a damn good read, and its very dark and gritty. In Hamilton's view of the future humankinds dark side is magnified by wealth and technology, and some very, very bad things happen.
Slashdot Mirror
Gee, thanks for the hand there captain obvious. I hadn't spotted that.
On this page, check out the smart tag on "hubble telescope" on the caption for the picture of Ceres
Wonder what the reserve is like. And what about the shipping?
I'll second that. As well as the regular cleanups advocated elsewhere on this story (defrag (inc registry), prune startup crap with autoruns) you will accumulate a lot less crap if you run as non-admin.
I ripped this quote from somewhere...
START
Q. Why is Windows so insecure?
A. Because everyone runs as Administrator.
Q. Why does everyone run as Administrator (even when they know better)?
A. Because they don't understand security and are afraid they will be prevented from doing things.
Q. Why don't they understand security?
A. Because they run as Administrator, bypassing all security.
LOOP TO START
This microsoftie blog has lots of good info about running as non-admin. It can be painful to switch, but once you do, you won't regret it.
Minidisk isn't a total disaster, apart from the marketing side of things.
Technically, it was ahead of its time. If they opened up the format and released PC drives for them they would have completely replaced floppy disks, and also owned the portable music player market long before apple came out with the ipod.
I've got a minidisk player that I use every day. I get 5 hours of music on one minidisk, the player is smaller than an ipod and the battery lasts about 40 hours.
The only problem with it is I can't connect it to my PC.
"Or he could try a Perl obfuscator"
People have written perl obfuscators? Why? I've never seen perl code that needed an obfuscator.
Even though each device in your network/home has a publicly reachable IP6 address, you would be crazy to not have a firewall that blocked incoming connections to those devices that you didn't authorise.
Even if your home has an ip6 fridge, toaster, webserver, mailserver and game console, you would still have everything connected to the outside world via some sort of router.
Each device could still access the outside world, the router would block unexpected incoming connections to these devices and traffic coming back into your network would be easily routable without the nightmare that is NAT.
I think the GP post's point is the loader should be written in a managed language... and I agree. Eventually I think we'll see unmanged code regarded in the same way as inline assembly is today - great for the places where you need absolue balls to the wall performance, but otherwise stay away from it.
Lets face it, except for corner cases managed code is usually within a few % of the same speed as unmanaged code, and that few % isn't always on the slow side either.
Of course its possible to write crap managed code, but its a hellava lot easier to write good managed code than good unmanaged code.
No, he's dead right. Managed code is not vulnerable to buffer overflow/underflow attacks. If one occours, the runtime (java or .net) will detect it and raise an exception before any data is corrupted.
Don't be so pompus. Recently I worked with a database containing all the census results for New Zealand. Ok, its not as large as the US, but its still not trivial.
The DBA who built & loaded the database from the raw CSV data we got from the department of stats really knew his shit. The database was structured with a table containing the questions, and a table containing the unit measures (each data point data was given for several ranges - for neighbourhoods, for suburbs/towns, for cities and also nationally.
The census results data was in a table that had a question ID, a measure ID, a year, and the figure.
I forget how big the db was in the end, about 1.5gb or something. The strucure made it really easy to write the queries that extracted data for several detail levels (neighbourhood, suburb, city, national) which was how the reporting app worked.
Yeah, I know what you mean, I work in the real world too. A lot of the time we have to work with some awful database structures, and we just have to grin and bear it.
Doesn't make it right tho... If you are given a clean sheet to design a system as the grandparent post suggested (questionare) and you put the results in one table with a row for each question, then you deserve to work with fucked-up systems for the rest of your life.
Umm, WHAT?
Back AWAY from the crack pipe, buddy.
Your comment makes no sense. How can a language be relational? SQL a functional language designed to query a relational structure.
I've got mod points but I just have to give them up to reply to this....
You're wrong. I agree totally with the grandparent post.
You DON'T need 100 columns, ever. If you have that many columns you should be breaking the table up into several tables with 1:1 joins. Seriously. There will always be some fields that aren't needed. Make the rows smaller by putting commonly used fields in one table, rarely used rows in the other.
And your example of a questionaire (1 row per answer, one column per question) is not even close to normalised. What happens if there is a new question? you have to alter the schema. what happens if some questions are not answered? you'd have to have nulls, and wasted space.
A much better structure is to have a table of questions, and a table of responses (with something like a response id, and maybe an identifier on who answered the questionare) and a question-answer table with each row pointing at a response and a question, and giving the answer that person gave for that question.
Yeah, I liked hyperion.
I'm a fan of greg bear because even though he streches physics, as you say, he doesn't take it too far, and everything in the book is logically consistent. Moving Mars is probably my favourite all-time book, closely followed by queen of angels.
How about most Greg Bear novels?
Microsoft has ALWAYS said processes running with elevated priviledges such as localsystem should NOT display any UI, because its not that hard for an app to subvert another app running in the same desktop context.
I don't think norton's is vulnerable to this particular problem, AFAIK the window that pops up is running under the same context as the logged on user.
This is the same thing that chris paiget(sp?) puplicised with his "shatters" attacks, which posted an invalid message to a windows message queue that contained a callback to a function defined in the data that was sent to the message queue.
Pretty close. ISpyBuy, a large ASP.Net reference app that microsoft ships to show ASP.Net best practices runs unmodified on Mono.
Individual keys and branches in the registry can have permissions applied to them. Its possible to give an account read permissions to some areas of the registry, update permissions to some and none to the rest. With flat files you'd have to split your settings into multiple files to get the same result.
Also, lots of people are bitching about the danger of "registry corruption". I've been using windows before the registry came along (in win 95), and I've never seen a corrupted registry. Never. Windows keeps several copies of the registry around to fall back on incase the main copy goes bad, but I can't recall ever even needing that.
What makes your opinion any more valid than the parent poster? I'm another windows developer who "defends the crumbling Windows architecture". I imagine if you took a survey of windows developers you'd find the majority of people who actually know the system don't condem it. Yes, windows does have its problems. What OS doesn't? Any good developer should be able to see the good and bad side of windows.
The Registry was a grand idea, which has some real-world drawbacks. Its hard to move settings from one machine to another, and crap from deleted applications etc builds up over time. And Microsoft is moving on -
If a developer doesn't want to use the registry, then they don't have to. Its not a requirement, not even for "militant" developers. Some things are best stored in the registry, some things are better in XML files or even flat files.
Firstly, malware can only manipulate the registry and system because its running as admin. The registry isn't the cause of windows insecurity, the fact that everyone runs as Admin is. A normal user account has read-only access to system-wide settings in the registry.
And also when it comes to cleaning out malware etc. then having everything in the registry actually makes things easier. Rather than looking in dozens of "plugins" directories and/or dozens of seperate configuration files everything is nicely organised in the registry and can be quickly checked. Applications like Autoruns (from sysinternals) and HijackThis will examine your registry and show you what apps are running on startup or caputring system hooks.
Ahhh so THATS what a photon looks like. I hadn't seen one before.
I remember reading once about the development of crash bandicoot (the first one) on the PS1. Apparently they wrote some impressive tools to sort out the order everything was placed on the CD in, as the CD drive was only 2x or 4x or something, and was slower than average when seeking too.
GTA San Andreas on the xbox suffers from loading stuff from the disk, its quite a bad problem. The Xbox version of the game has more detailed models and textures than the PS2, and hence there is more data to load.
The game is designed so it streams everything it needs off the disk as you move around, instead of having distinct areas that are loaded individually (while you watch a loading screen) when you cross the border.
This works very well, but if you are travelling at high speed you can get ahead of the load process, and objects start appearing right beside (or infront) of you instead of in the distance - not so good.
I've got a modchip, and I've copied the game to my HD and I run it from there and because of the faster load/seek times you never see objects loading. Plenty of people without modchips are bitching about this problem, and I had a quick play off the original and yep, its as annoying as hell.
Not true. Halo is a good example - when you first load a level, its slowwww (remember the blue bar moving across the screen).
Next load, its fast.
Of course, the xbox DVD drive is as slow as hell (largely because of the crap ribbon cable, apparently), and doesn't even use DMA. Proper DMA support should reduce the need to cache data.
D'oh - you're right. My bad, don't know how that happened. its 12/second, not 70...
There must be at least a million cellphones in Manhattan. I'd say its safe to say that each cellphone would send an average of one text message a day.
So there are already somewhere in the rough ballpark of 1 million text messsages being sent a day. Possibly many more, probably no less.
that equates to 41,000 per hour, or 72 per second, on average.
Now of course the texts aren't spread evenly over those 24 hours. The majority of those messages will be sent during 12 hours of the day, which would mean during those 12 hours the average texts/second would be pretty close to the number of texts they say would overload the network.
Cheers for the interesting info RE:Carlos Hathcock :)
I had never heard of him so I did a quick google search, he sounds like quite a guy.
The wikipedia article on him mentions a canadian sniper recently broke his record though, by taking out a teleban fighter at 2400m.
Process explorer from SysInternals queries the performance counters of .Net apps, showing some interesting figures. A couple of the metrics shown are % time in JIT and % time in GC (relative to the total CPU time of course)
They are very interesting. Start a reasonably complex app, and do stuff for the first time. % time in JIT will probably be 1% (and keep dropping.)
The % time in GC normally sits around 1%.
I reccommend you read the night's dawn trilogy by Peter F Hamilton. Its a damn good read, and its very dark and gritty. In Hamilton's view of the future humankinds dark side is magnified by wealth and technology, and some very, very bad things happen.