... and Visual Studio 2010 with ReSharper, and it's the most amazing thing ever... at least until the company decides to upgrade to 2012, which is ugly but it has a lot of new and really useful features.
I'm not going to rant since I know a lot of you would rather forget proprietary software exists, but the rest of the IDEs I have tried to use can't compare, and sometimes even get in your way.
Even then, most users are like "my computer is slow again, clean it for me" and don't care if it's slow because they didn't remember to skip the software bundled in most freeware apps nowdays, or because that app they saw in a banner that adds funny animated wallpapers is actually also stealing your processing power (and the electricity required for it). What I mean is, even when it affects usability, they don't really care about security, they just care about doing what they want to do, when they want to do it.
I suppose you have a point there. There is always VMs though, you can run a locked down XP on virtualbox or similar, and run the old apps that can't or won't be upgraded there. Of course there is always weird combinations, like a piece of hardware essential to the company that only works in old computers, but usually those are isolated cases, and can easily be treated differently. And of course there will always be an exception, but the exceptions are not really worth the effort.
The point is, as a corporation, it's not in Microsoft's best interests to continue to support a 12 year old product. New drivers are up to the hardware manufacturers, and in an the cases where the XP architecture doesn't allow the new devices, then there's not much that can be done. Supporting new driver models and new APIs is exactly what the new versions of the OS are for.
The lifespan of the XP platform was known 12 years ago, and they extended it as much as their policies allowed. If bad luck or bad planning on the customer's side means they can't continue doing business because there's no way they can upgrade the system, and the old systems are not secure anymore, then it's not their fault. Hell a lot of people still use DOS-based software because it has been tested and debugged for so long, upgrading would be a risk too great to take. Yet for most practical purposes, DOS is dead, and the world continues.
The customers tend to also be administrators of their own systems. I don't know how remote administration works, if that's what you meant, but non-privileged users sure shouldn't be trying to install drivers.
Looks a whole lot like Bitstream Vera Sans Mono / DejaVu Sans Mono (same letter shapes and very similar spacing), but lighter. I like the ExtraLight variant. The Light variant seems to have some kerning differences from ExtraLight, seems to be "rounded" differently, and looks somewhat wrong.
As I was trying to explain in the reply below, the time it takes to calculate the hash is meaningless. Relying on that time as a way to prevent intrusions would be like a bank using a maths puzzle to lock the safe, and then claiming that it takes too long to solve, so they would notice the attempt before it happens. It just doesn't work that way.
You have two strengths in preventing such intrusions: first is the exponential complexity of reversing the hashing process (brute forcing, unless the algorithm is proven broken), and second is the artificial delay used to prevent mass attempts at the password. There's attacks for everything, but if any of those 2 fail, everything fails.
If you rely on hashing speed to hash passwords, you are doing it wrong. computers get faster, constantly. It's not speed that matters, it's the number of possible combinations making it exponentially too large to brute force, relative to the time to calculate each hash. Who cares if you can calculate missions of hashes in one second, if you still need to spend longer than the age of the universe to get a reasonable number of inputs to use as a dictionary? It's just simpler to use a plain-text dictionary and perform the hashing element by element. In which case the hashing speed does not matter AT ALL, it's how many attempts the site allows before either locking you out or increasing the time between attempts too much.
As I understand it, that's why you salt the passwords AND use a user-specific string (based on username, email and/or similarly constant data) to introduce more variation so that they can't use generic rainbow tables or even site-specific rainbow tables.
Disclaimer: I'm not a security expert so don't expect what I'm saying to be accurate.
Dictionary attacks have nothing to do with breaking hashes. If you mean stuff like rainbow tables, that's specific to hashes used to store passwords, which doesn't even need anything > SHA-256, because passwords don't have that much entropy to begin with.
What you need for security are essentially too properties: the entropy in the hash system (how random the values seem to be, in relation to the input), and the collision resistance (how hard is it to generate two inputs that result in the same hash, AND how hard it is to generate an input for a given hash number).
Cryptographic Hashes are used for a lot other purposes, and many of them DO require to be fast, and have a very high collision resistance. The most notable may be generating signatures for cryptographic purposes (to verify a message was sent by the entity that claims to have sent it, generally).
Other than the occasional vulnerability (which any other OS also has), most security issues within a windows environment come from user negligence. Failure to use non-administrator accounts for non-admin-related proceses, forgetting to setup correct access lists for the important data, ignoring the default set of services (many of which are not used by most people, and most of which could be disabled or at least configured to run in their own user account with specific permissions),... are not Microsoft's fault. They are user lazyness.
I count myself in that set (lazy users), but I'm also not paranoid about security. If I was, I would do all of the above, and more. Trust is a chain, and a chain is only as strong as the weakest link, and at the moment the weakest link are social networks. When we willingly give our personal data to corporations we know intend on monetizing that data, computer security becomes irrelevant.
Agreed. MSE is the the only free antivirus worth anything. The rest are being monetized and try to trick you into buying the paid ones, if they don't just plain suck. Also the only one I don't feel is slowing down my computer. Before MSE, I just didn't use any, the AV was worse than the rare virus infection.
Specially before taking pictures and videos of military installations. It doesn't matter if it's for a video game, you just don't take pictures of military bases without the military getting paranoid about it.
Anything is a valid currency if people give a value to it. If you spend money to get bitcoin (electricity used to run the gpu), and use bitcoin to buy stuff, then it means bitcoin is a currency.
Also he stole bits, not pixels. Digital bits can be coins the same way real coins are metal that's put into the shape of a coin.
One of the DRM iterations managed to keep the games unpirated for over a week, which made it worth the cost for them (cost being some legit users unable to play after they had purchased the games).
Prince of Persia (whole series), Assassin's Creed 2 & Brotherhood, Rayman Origins & Legends, From Dust,... and that's just the ones I liked the most. IMO, Ubisoft is, at the moment, the best game publisher.
Yes, it has changed since the early 2000s. I have given up on installing "alternative" OSes natively, and I also keep a bunch of VMs instead, with Windows 7 as the host. I rarely use them, but I have an old XP installation, an Xubuntu installation, an then some other VMs I created for fun, like old alpha of Haiku, or Windows 98 SE.
The "ignore and hope it goes away" mentality is why it has been in development for 16 years and the progress is so slow. The average Windows user doesn't even know what source code is, and the average Linux user seems to have some sort of hate for Microsoft and everything they do. Which means Windows users don't care, and Linux users hiss like a cat at the mention of the project. That leaves a very small amount of people interested in the project, out of which only a handful have the experience to get involved in the development.
The idea of ReactOS is to be able to reuse the user software, but more importantly the drivers, since most of the consumer devices have Windows drivers that work properly and are supported by the companies that built the device. And do that while reimplementing as many of the system libraries as possible in open source code.
I will admit that I AM biased towards the Windows side of the OS world, nowadays. Part of the reason is that for whatever reason all my attempts at using Unix-based/inspired OSes (that includes multiple flavours of Linux, and Mac OS X) since around the year 2000 have ended in a lot of frustration and me having to repartition my HDD and put the latest version of Windows at the moment back in the HDD. But even when things still appeared to work, I have never been able to agree with the ideas of the POSIX design. That means I am interested in the ReactOS project, and I wish they had more people and resources so they were able to advance faster, and I even donated some money for it, but unless a lot more people to the same, or some organization decides to invest in the project, it will continue to be only a "semi-obscure OS that most people just ignore or hope it goes away".
I have never felt those leaks everyone seems to get, but regardless the recent (10+) versions of Firefox have been removing most of the leaks. And many of them weren't happening in the core any more, they were in poorly coded extensions.
Slashdot Mirror
... and Visual Studio 2010 with ReSharper, and it's the most amazing thing ever... at least until the company decides to upgrade to 2012, which is ugly but it has a lot of new and really useful features.
I'm not going to rant since I know a lot of you would rather forget proprietary software exists, but the rest of the IDEs I have tried to use can't compare, and sometimes even get in your way.
Even then, most users are like "my computer is slow again, clean it for me" and don't care if it's slow because they didn't remember to skip the software bundled in most freeware apps nowdays, or because that app they saw in a banner that adds funny animated wallpapers is actually also stealing your processing power (and the electricity required for it). What I mean is, even when it affects usability, they don't really care about security, they just care about doing what they want to do, when they want to do it.
I suppose you have a point there. There is always VMs though, you can run a locked down XP on virtualbox or similar, and run the old apps that can't or won't be upgraded there. Of course there is always weird combinations, like a piece of hardware essential to the company that only works in old computers, but usually those are isolated cases, and can easily be treated differently. And of course there will always be an exception, but the exceptions are not really worth the effort.
The point is, as a corporation, it's not in Microsoft's best interests to continue to support a 12 year old product. New drivers are up to the hardware manufacturers, and in an the cases where the XP architecture doesn't allow the new devices, then there's not much that can be done. Supporting new driver models and new APIs is exactly what the new versions of the OS are for.
The lifespan of the XP platform was known 12 years ago, and they extended it as much as their policies allowed. If bad luck or bad planning on the customer's side means they can't continue doing business because there's no way they can upgrade the system, and the old systems are not secure anymore, then it's not their fault. Hell a lot of people still use DOS-based software because it has been tested and debugged for so long, upgrading would be a risk too great to take. Yet for most practical purposes, DOS is dead, and the world continues.
The customers tend to also be administrators of their own systems. I don't know how remote administration works, if that's what you meant, but non-privileged users sure shouldn't be trying to install drivers.
"Hoops" is one click on a warning screen. This is XP not Vista/7 x64.
Better: MDRWFS
... AMD is complaining because they can't make the GPUs efficient enough to fit the limits and still be competitive with NVidia's.
The sign of retarded parents is not teaching them when it is OK to play games and when they should stop.
New as in "previously unidentified" not as in "recently appeared".
What the subject says.
Looks a whole lot like Bitstream Vera Sans Mono / DejaVu Sans Mono (same letter shapes and very similar spacing), but lighter. I like the ExtraLight variant. The Light variant seems to have some kerning differences from ExtraLight, seems to be "rounded" differently, and looks somewhat wrong.
As I was trying to explain in the reply below, the time it takes to calculate the hash is meaningless. Relying on that time as a way to prevent intrusions would be like a bank using a maths puzzle to lock the safe, and then claiming that it takes too long to solve, so they would notice the attempt before it happens. It just doesn't work that way.
You have two strengths in preventing such intrusions: first is the exponential complexity of reversing the hashing process (brute forcing, unless the algorithm is proven broken), and second is the artificial delay used to prevent mass attempts at the password. There's attacks for everything, but if any of those 2 fail, everything fails.
If you rely on hashing speed to hash passwords, you are doing it wrong. computers get faster, constantly. It's not speed that matters, it's the number of possible combinations making it exponentially too large to brute force, relative to the time to calculate each hash. Who cares if you can calculate missions of hashes in one second, if you still need to spend longer than the age of the universe to get a reasonable number of inputs to use as a dictionary? It's just simpler to use a plain-text dictionary and perform the hashing element by element. In which case the hashing speed does not matter AT ALL, it's how many attempts the site allows before either locking you out or increasing the time between attempts too much.
As I understand it, that's why you salt the passwords AND use a user-specific string (based on username, email and/or similarly constant data) to introduce more variation so that they can't use generic rainbow tables or even site-specific rainbow tables.
Disclaimer: I'm not a security expert so don't expect what I'm saying to be accurate.
Dictionary attacks have nothing to do with breaking hashes. If you mean stuff like rainbow tables, that's specific to hashes used to store passwords, which doesn't even need anything > SHA-256, because passwords don't have that much entropy to begin with.
What you need for security are essentially too properties: the entropy in the hash system (how random the values seem to be, in relation to the input), and the collision resistance (how hard is it to generate two inputs that result in the same hash, AND how hard it is to generate an input for a given hash number).
Cryptographic Hashes are used for a lot other purposes, and many of them DO require to be fast, and have a very high collision resistance. The most notable may be generating signatures for cryptographic purposes (to verify a message was sent by the entity that claims to have sent it, generally).
Some people will switch regardless, because newer is better. Others will not, because if it's not broken, don't fix it.
Then you can go guess which political parties they favour based on the choice!
Other than the occasional vulnerability (which any other OS also has), most security issues within a windows environment come from user negligence. Failure to use non-administrator accounts for non-admin-related proceses, forgetting to setup correct access lists for the important data, ignoring the default set of services (many of which are not used by most people, and most of which could be disabled or at least configured to run in their own user account with specific permissions), ... are not Microsoft's fault. They are user lazyness.
I count myself in that set (lazy users), but I'm also not paranoid about security. If I was, I would do all of the above, and more. Trust is a chain, and a chain is only as strong as the weakest link, and at the moment the weakest link are social networks. When we willingly give our personal data to corporations we know intend on monetizing that data, computer security becomes irrelevant.
Agreed. MSE is the the only free antivirus worth anything. The rest are being monetized and try to trick you into buying the paid ones, if they don't just plain suck. Also the only one I don't feel is slowing down my computer. Before MSE, I just didn't use any, the AV was worse than the rare virus infection.
I do have a clue, and I still want it to die.
Specially before taking pictures and videos of military installations. It doesn't matter if it's for a video game, you just don't take pictures of military bases without the military getting paranoid about it.
Anything is a valid currency if people give a value to it. If you spend money to get bitcoin (electricity used to run the gpu), and use bitcoin to buy stuff, then it means bitcoin is a currency. Also he stole bits, not pixels. Digital bits can be coins the same way real coins are metal that's put into the shape of a coin.
One of the DRM iterations managed to keep the games unpirated for over a week, which made it worth the cost for them (cost being some legit users unable to play after they had purchased the games).
Prince of Persia (whole series), Assassin's Creed 2 & Brotherhood, Rayman Origins & Legends, From Dust, ... and that's just the ones I liked the most. IMO, Ubisoft is, at the moment, the best game publisher.
Yes, it has changed since the early 2000s. I have given up on installing "alternative" OSes natively, and I also keep a bunch of VMs instead, with Windows 7 as the host. I rarely use them, but I have an old XP installation, an Xubuntu installation, an then some other VMs I created for fun, like old alpha of Haiku, or Windows 98 SE.
The "ignore and hope it goes away" mentality is why it has been in development for 16 years and the progress is so slow. The average Windows user doesn't even know what source code is, and the average Linux user seems to have some sort of hate for Microsoft and everything they do. Which means Windows users don't care, and Linux users hiss like a cat at the mention of the project. That leaves a very small amount of people interested in the project, out of which only a handful have the experience to get involved in the development.
The idea of ReactOS is to be able to reuse the user software, but more importantly the drivers, since most of the consumer devices have Windows drivers that work properly and are supported by the companies that built the device. And do that while reimplementing as many of the system libraries as possible in open source code.
I will admit that I AM biased towards the Windows side of the OS world, nowadays. Part of the reason is that for whatever reason all my attempts at using Unix-based/inspired OSes (that includes multiple flavours of Linux, and Mac OS X) since around the year 2000 have ended in a lot of frustration and me having to repartition my HDD and put the latest version of Windows at the moment back in the HDD. But even when things still appeared to work, I have never been able to agree with the ideas of the POSIX design. That means I am interested in the ReactOS project, and I wish they had more people and resources so they were able to advance faster, and I even donated some money for it, but unless a lot more people to the same, or some organization decides to invest in the project, it will continue to be only a "semi-obscure OS that most people just ignore or hope it goes away".
I have never felt those leaks everyone seems to get, but regardless the recent (10+) versions of Firefox have been removing most of the leaks. And many of them weren't happening in the core any more, they were in poorly coded extensions.