After reflection I must apologize. I work in corporate IT (have for seven years) and have not done much side work, so are right. After reading your post I had some flashbacks to a few side jobs I have done over the years - one absolutely hellish one in particular, where the network was obviously set up by a borderline retard. I am just used to my managed corporate environment where the thousand or so Windows machines we have "just work".
My point about 256MB of RAM being just fine on XP stands though.;)
"The fact is that *nix's dealt with mass propagating viruses No it didn't.
"...and auto excuting text formats 20 years ago." That's just spiffy, but auto-executing text formats are not the cause of malware propagation on Windows.
"Vista's security system at least in the betas could be bypassed by changing an entry in the registry. That's secure?" A registry key which you would need admin access to change.
"I've seen enough installs (My dept manages 5500 pcs) of IE7 " If "your department" really "managed" 5500 PC, and IE7 was soooo bad, why didn't you just stop it from being installed?
I mean, what the hell is a browser doing using 150 MB Ram upon being opened? On my machine IE7 takes of 19.5MB of RAM on first load with a blank page. It takes around 30MB if I load the default MSN page. I suspect these machines that you "manage" are loaded with malware and that 150MB of RAM is being taken up by the 25 different IE browser helpers that are installed. Either that or you are just lying.
"Our Dept is taxed enough trying to keep the machines functional," Microsoft is not to blame for you and your department's your shortcomings.
I had to support more than that many and I agree. I'm talking student computer labs so stability wasn't really the issue. It was security. We had this hokey program called "Winsheild" which was supposed to "secure" the computers against changes, but of course it was a complete joke.
After getting sick and tired of having to ghost the damn things every week just to keep them working, I moved the labs from Win9x to NT4 Workstation. After moving them to a NT based OS, the percentage of my time the labs took from me went from 75% to 5%. I was able to start doing more interesting and useful things with my time at work after that.
Win9x had it purpose. It moved Windows users to NT. That's all it was good for.
Understood. Some old email clients on Windows were certainly much more promiscuous that what you will see on UNIX-type desktops now. My point was only how trivial it would be to commandeer a UNIX type OS given the same conditions (lots of *dumb* users) as Windows.
As the parent said, migrating their userbase to their NT based OSs, while giving them 100% backward compatibility was *the* goal of Win9x. Anything other than that was (obviously) down the list of priorities. I'm not sure what the parent meant when he said stability, but I'm thinking (s)he meant moving them all to an OS that shared the same code base.
Moving users straight to an NT based OS would have caused backward compatibility problems, which would have discouraged users from migrating at all. Virtualizing old apps on top of NT would have caused huge performance issues due to the slowness of the hardware at the time, so that was not an acceptable solution either. Screwing customers over on backward compatibility, would have opened the door for viable competitors like Apple to move in and suck up a ton of their customers.
Win9x did one thing it was designed to do very well. It made the move to Win9x much less painful (from a compatibility standpoint at least) than a move straight to NT. Once most people were moved over to Win32 apps, Microsoft ushered in 2000 and then XP. Of course, 2000 and XP also had backward compatibility compromises in their extremely insecure defaults. Those compromises enabled compatibility with Win32 apps written with no security in mind.
Vista is the next step in the long migration path, as it removes the security compromises of Win2k and WinXP.
Royale was so many times more refined than Luna it was ridiculous (and never officially released, either). Royale was the theme for XP Media Center Edition. It was officially released, just not with XP Home/Pro. I like the Theme myself, and found that with a little registry chicanery you can make Royale the theme load even before you log in, so you never have to look at Luna again.
That doesn't make much sense to me. Thunderbird shouldn't be mucking with your attachments, and tar must preserve file attributes to fulfill it's purpose which is backup. I just did a quick test with thunderbird/KDE 3.5.4/FreeBSD 6.2 and it still works great. I even logged out and logged in as my sons account to retrieve the file.
Nice post. I knew Vista included better driver model which helped protect the machine from kernel panics, but I didn't know it took the driver completely out of kernel-land, and could restart the video driver on the fly in case of crashes. That's been a definite thorn in the side of NT/2K/XP.
Users of ATI cards rejoice!
I am running Vista on my work laptop, which is an Alienware with an ATI 9600 mobility. With XP, the %$#!*@ ATI driver/card would crap out every once in awhile and the laptop would revert to 4 color mode and force me to reboot. I have yet to see the video card crash on Vista, but if it does it looks like I might be saved from a reboot.
The cmd environment in Windows is not *that* bad. It's a bit hokey, but it's sufficient for most any task. I recently converted a bunch of shell scripts from our HPUX box over to Windows cmd. It wasn't as bad as I thought it would be.
Just for kicks, while back I wrote a simple shell script, set the executable flag and zipped it up using ark. I emailed the archive to myself and opened it up in KMail. Since KDE is a highly functional desktop environment, saving the attachment, and unzipping it was an easy as it is in Windows XP. After unzipping it, I double-clicked on it. KDE dutifully executed the shell script, which created another script in my ~/.kde/autostart/ directory. There are other places where I could have placed the script besides the autostart directory that would have achieved the same end.
What's interesting about KDE, is that when you double click on a shell script, it executes, but you don't see it, as KDE doesn't bother to open up a konsole/xterm window for the script. The same happens with shell scripts in ~/.kde/autostart/.
The whole exercise was to "infect myself" on a UNIX-type OS in a way similar (most Windows email worms today require the user to unzip and execute) to the way many Windows users infect themselves.
From there, all I would need to set up shop as a spam bot would be a tiny, pre-compiled SMTP mailer, which I could download from http://i.own.ju/ or embed into the shell script, Loki installer style and use wget to retrieve commands. Throw in common exploits that pop up in programs like firefox, kmail, flash, java, etc, and you have yourself a whole new bot platform with the added bonus of a better network stack.
The whole goal of NT was to replace UNIX, not reinvent it again like so many others had done. I don't see how wanting to create something other than just another UNIX clone shows a lack of humility.
OK perhaps I embellished a bit. But the point of my reply was to call you on your assertion that UNIX doesn't do things the way it does because it's "the way they did it before".
Doing things because "that's how it's always been done" is *the* UNIX way.
"But the Unix world, which predates both Windows and MS-DOS, has NOT done it this way - EVER Is that supposed to be a joke or troll? If not, spare the world your revisionist history.
This is the difference between an OS designed for true industrial use and one that is a bolt-on to a single user, mostly trusted environment system. UNIX was designed so some bored programmer at Bell Labs could play his favorite game, "space command". It was an unstable, insecure piece of junk for the first several years of it's existence.
"Therefore, it IS a design problem. And it WILL be hard to fix."
And UNIX people know this, as it took decades to fix their OS.
If the app you are going to run doesn't have one then beware. There are also some generic security mailing lists that are not product specific, like ISN. Bookmark your app's page on Secunia and check it every once in awhile. Secunia also has a mailing list that will mail you advisories.
...I must ask what you mean when you said PHP and ASP are "structurally similar". I'm assuming you mean vbscript, (as an ".asp" page can actually be written in many different languages), and I don't see much similarity between them, at least as far as their syntax.
Since the question of this story is rather pointless, I'll go slightly off topic.
One thing that RIM is "crippling" is 911 systems across the nation. My wife and I both have one of those new Blackberry 8100 Pearl smartphones. It's really nice, except for one major flaw. When the phone is locked, pressing the scroll wheel once, rolling it down and pressing it again automatically makes a call to 911 - and there is no way to turn it off. It may seem like with three actions required (press, roll, press), it wouldn't be that easy to accidentally make a call, but my two year old son disagrees. He has made at least ten 911 calls over the last week on mine and my wifes phones combined and a couple of times the calls were triggered when the phone was just sitting in my pocket.
With all of our previous phones, we would lock them and if my son picked them up it would be no big deal. Now, we are forced to either have our phones on us at all time, or put them on the top of the fridge or some other extremely inaccessible place.
I've put a request in to RIM to make it so you can disable that feature in their next software update. Hopefully they listen.
It's sad that it took this many posts for someone to finally post this.
Anyone who is savvy enough to download this patch thingy should (hopefully?) be savvy enough to just turn the dang firewall on before plugging in the Ethernet cable.
...from what I've gathered from the comments (of course I didn't RTFA).
* The card supports the standard packet processing offloading that higher-end NICs have for years. * The card can act as a firewall, which enables the user to turn of all software firewalls.
It seems to me, one could just buy a $50 broadband router or build their own mono0wall/ipcop router, and throw in a $20 3c905 card and get the same results for a lot less money.
"Truly when a password is reset there needs to be a way to make sure that the next person that logs on is in fact the user the password was reset for."
Windows supports smart card authentication, which can include retina/fingerprint/PIN mechanisms to ensure that only the user who is supposed to use it uses it.
"Really, who the heck is going to read security warnings all day long anyways?"
Slashdot Mirror
Ooh! Ooh! Can I be modded down to?
I'll even add my Karma bonus to the post so you'll have to mod me down multiple times to get it to -1!
Since you obviously haven't read the moderation instructions, here are some suggestions on how you might want to mod my post:
* Offtopic
* Flamebait
* Overrated
Hi, I'm the karma whoring AC you replied to...
;)
After reflection I must apologize. I work in corporate IT (have for seven years) and have not done much side work, so are right. After reading your post I had some flashbacks to a few side jobs I have done over the years - one absolutely hellish one in particular, where the network was obviously set up by a borderline retard. I am just used to my managed corporate environment where the thousand or so Windows machines we have "just work".
My point about 256MB of RAM being just fine on XP stands though.
I had to support more than that many and I agree. I'm talking student computer labs so stability wasn't really the issue. It was security. We had this hokey program called "Winsheild" which was supposed to "secure" the computers against changes, but of course it was a complete joke.
After getting sick and tired of having to ghost the damn things every week just to keep them working, I moved the labs from Win9x to NT4 Workstation. After moving them to a NT based OS, the percentage of my time the labs took from me went from 75% to 5%. I was able to start doing more interesting and useful things with my time at work after that.
Win9x had it purpose. It moved Windows users to NT. That's all it was good for.
Understood. Some old email clients on Windows were certainly much more promiscuous that what you will see on UNIX-type desktops now. My point was only how trivial it would be to commandeer a UNIX type OS given the same conditions (lots of *dumb* users) as Windows.
As the parent said, migrating their userbase to their NT based OSs, while giving them 100% backward compatibility was *the* goal of Win9x. Anything other than that was (obviously) down the list of priorities. I'm not sure what the parent meant when he said stability, but I'm thinking (s)he meant moving them all to an OS that shared the same code base.
Moving users straight to an NT based OS would have caused backward compatibility problems, which would have discouraged users from migrating at all. Virtualizing old apps on top of NT would have caused huge performance issues due to the slowness of the hardware at the time, so that was not an acceptable solution either. Screwing customers over on backward compatibility, would have opened the door for viable competitors like Apple to move in and suck up a ton of their customers.
Win9x did one thing it was designed to do very well. It made the move to Win9x much less painful (from a compatibility standpoint at least) than a move straight to NT. Once most people were moved over to Win32 apps, Microsoft ushered in 2000 and then XP. Of course, 2000 and XP also had backward compatibility compromises in their extremely insecure defaults. Those compromises enabled compatibility with Win32 apps written with no security in mind.
Vista is the next step in the long migration path, as it removes the security compromises of Win2k and WinXP.
That doesn't make much sense to me. Thunderbird shouldn't be mucking with your attachments, and tar must preserve file attributes to fulfill it's purpose which is backup. I just did a quick test with thunderbird/KDE 3.5.4/FreeBSD 6.2 and it still works great. I even logged out and logged in as my sons account to retrieve the file.
Could this be a "linuxism" at work?
Nice post. I knew Vista included better driver model which helped protect the machine from kernel panics, but I didn't know it took the driver completely out of kernel-land, and could restart the video driver on the fly in case of crashes. That's been a definite thorn in the side of NT/2K/XP.
Users of ATI cards rejoice!
I am running Vista on my work laptop, which is an Alienware with an ATI 9600 mobility. With XP, the %$#!*@ ATI driver/card would crap out every once in awhile and the laptop would revert to 4 color mode and force me to reboot. I have yet to see the video card crash on Vista, but if it does it looks like I might be saved from a reboot.
The cmd environment in Windows is not *that* bad. It's a bit hokey, but it's sufficient for most any task. I recently converted a bunch of shell scripts from our HPUX box over to Windows cmd. It wasn't as bad as I thought it would be.
Just for kicks, while back I wrote a simple shell script, set the executable flag and zipped it up using ark. I emailed the archive to myself and opened it up in KMail. Since KDE is a highly functional desktop environment, saving the attachment, and unzipping it was an easy as it is in Windows XP. After unzipping it, I double-clicked on it. KDE dutifully executed the shell script, which created another script in my ~/.kde/autostart/ directory. There are other places where I could have placed the script besides the autostart directory that would have achieved the same end.
What's interesting about KDE, is that when you double click on a shell script, it executes, but you don't see it, as KDE doesn't bother to open up a konsole/xterm window for the script. The same happens with shell scripts in ~/.kde/autostart/.
The whole exercise was to "infect myself" on a UNIX-type OS in a way similar (most Windows email worms today require the user to unzip and execute) to the way many Windows users infect themselves.
From there, all I would need to set up shop as a spam bot would be a tiny, pre-compiled SMTP mailer, which I could download from http://i.own.ju/ or embed into the shell script, Loki installer style and use wget to retrieve commands. Throw in common exploits that pop up in programs like firefox, kmail, flash, java, etc, and you have yourself a whole new bot platform with the added bonus of a better network stack.
The whole goal of NT was to replace UNIX, not reinvent it again like so many others had done. I don't see how wanting to create something other than just another UNIX clone shows a lack of humility.
OK perhaps I embellished a bit. But the point of my reply was to call you on your assertion that UNIX doesn't do things the way it does because it's "the way they did it before".
Doing things because "that's how it's always been done" is *the* UNIX way.
"Therefore, it IS a design problem. And it WILL be hard to fix."
And UNIX people know this, as it took decades to fix their OS.
Mailing lists.
If the app you are going to run doesn't have one then beware. There are also some generic security mailing lists that are not product specific, like ISN. Bookmark your app's page on Secunia and check it every once in awhile. Secunia also has a mailing list that will mail you advisories.
Ok. Since the only two web scripting languages I've ever used were php and asp/vbscript, I had never considered that obvious similarity.
...I must ask what you mean when you said PHP and ASP are "structurally similar". I'm assuming you mean vbscript, (as an ".asp" page can actually be written in many different languages), and I don't see much similarity between them, at least as far as their syntax.
No, but I'd be sure to leave them out if I was watching your kids.
Since the question of this story is rather pointless, I'll go slightly off topic.
One thing that RIM is "crippling" is 911 systems across the nation. My wife and I both have one of those new Blackberry 8100 Pearl smartphones. It's really nice, except for one major flaw. When the phone is locked, pressing the scroll wheel once, rolling it down and pressing it again automatically makes a call to 911 - and there is no way to turn it off. It may seem like with three actions required (press, roll, press), it wouldn't be that easy to accidentally make a call, but my two year old son disagrees. He has made at least ten 911 calls over the last week on mine and my wifes phones combined and a couple of times the calls were triggered when the phone was just sitting in my pocket.
With all of our previous phones, we would lock them and if my son picked them up it would be no big deal. Now, we are forced to either have our phones on us at all time, or put them on the top of the fridge or some other extremely inaccessible place.
I've put a request in to RIM to make it so you can disable that feature in their next software update. Hopefully they listen.
It's sad that it took this many posts for someone to finally post this.
Anyone who is savvy enough to download this patch thingy should (hopefully?) be savvy enough to just turn the dang firewall on before plugging in the Ethernet cable.
"I just go to WallyWorld/ChinaMart and get me the cheapest 4.2 gig DVDs money can buy, "
That would be a great plan if Taiyo Yuden DVDRs ordered via the web actually cost more than the cheap-ass ones you buy at bigboxmart.
He must be using the on-board NIC Bigfoot tested their product against.
...from what I've gathered from the comments (of course I didn't RTFA).
* The card supports the standard packet processing offloading that higher-end NICs have for years.
* The card can act as a firewall, which enables the user to turn of all software firewalls.
It seems to me, one could just buy a $50 broadband router or build their own mono0wall/ipcop router, and throw in a $20 3c905 card and get the same results for a lot less money.
"Truly when a password is reset there needs to be a way to make sure that the next person that logs on is in fact the user the password was reset for."
Windows supports smart card authentication, which can include retina/fingerprint/PIN mechanisms to ensure that only the user who is supposed to use it uses it.
"Really, who the heck is going to read security warnings all day long anyways?"
I imagine someone who is paid to.