I think you put the case too strongly, although I see where you're coming from. It also seems to me that.NET refuses to play to its own strengths, and consequently does some things pretty well while really excelling at nothing.
The high resource requirements of.NET apps are, in part, because they're not interpreted, but JITed, after all, just like Java. If.NET were interpreted,.NET apps would probably be much lighter-weight.
The other advantages you list should be possible through the development of new libraries, new languages, and through evolutionary development of the existing Windows API.
I've never understood why MS went to the bother of building the VM without actually porting it to any other system.
Nah.
If one's human personality is migrated to a machine, then adjusting one's subjective timescale should be trivial. This would allow for subjectively fast travel or even (with a total shutdown, a cybernetic version of suspended animation) subjectively instantaneous travel. Subjective travel time becomes zero for all distances.
Creating perfect copies of one's personality, memory, and current emotional state also becomes trivial, which means one wouldn't even have to decide between staying here or traveling there. Because one could do both. At the same time.
It simply prevents the browser from launching any plugin at all for any reason -- until you turn plugins back on. Web sites that do plugin detection are told that you don't have any.
Turning plugins off doesn't mean you're secure against Trojan-plugins, if there are such things. And no, it won't un-install malware or undo damage.
But it does mean your computer isn't automatically downloading and running every single annoying Flash ad that you'd otherwise bump into. That is, I think, the primary purpose of the feature: to make the web less annoying. But it surely goes some way toward shielding you from malicious Flash as well. If you're hardly ever running Flash, you'll simply have fewer opportunities for Flash to do something bad.
It's not as convenient as the Flashblock add-on for Firefox, but in my experience it's more reliable.
I use this option frequently, so I've got it set up as a check-box on the Opera status bar.
But consider one very narrow aspect of this make-it-yourself-with-a-fancy-machine trend that we've actually got some real-world experience with: photo-printing.
A photo-printing service can crank out reams of ultra-high-quality laser-printed photos with a gigantic, capital-intensive piece of equipment. Due to the economies of scale, the cost per print is actually very low.
A personal inkjet photo-printer is slow, balky, finicky and has a voracious appetite for expensive supplies. Yet people buy and use them anyway, because they print -- or reprint, if they don't like the first result -- right here, right now.
There seems to be plenty of room in the marketplace for both of these options.
The forum post was written over two weeks ago (27 Jan), so it's not about something brand new. It clearly discusses an "SP1 RC," i.e. a Release Candidate, that is, a beta. Not SP1 final, not something automatically pushed through Windows Update.
None of the important points made in this story post are true. It's utter baloney. Worse than that, it's incredibly obviously baloney. This story should be deleted. Even if you hate Microsoft, libel isn't nice.
Strongly agree. The Loudness Wars have been ruining popular recordings for years longer than MP3 has been a signifigant force.
I'm convinced that most people who kvetch over the quality of MP3s haven't heard a good one. A good encoder, intelligently configured (translated: use LAME's high-bitrate presets, newbie) can produce amazingly good results. Even when I've expected to hear a difference between a CD and a high-quality MP3, I've usually been surprised to find that I really can't.
I don't understand how it offers anyone any useful protection from anything.
Suppose you download an installation package for some really neato whizbang gotta-have-it program. Like SuperDuperCutesyChat Deluxe, v9.0. Unbeknown to you, SuperDuperCutesyChat is a Trojan horse, laden with mal-ware of one kind or another.
When you run the installer, one way or another, you have to give the installer admin-level privileges. If your account is an admin account, you see a couple of UAC prompts. If your account is a user account, you get a privilege-escalation prompt and you have to enter the admin password.
Either way, the installer program runs with admin privileges, and can do anything to your system. It can install spy-ware, key-loggers, spam-bots -- anything and everything. If the bait program is something that plausibly requires network access (like SuperDuperCutesyChat) it's quite likely the user will obligingly open up the firewall for it, too.
Perhaps it's wrong to think of UAC as a security feature. It's really a convenience feature. It gives a user the chance to do something administrative without logging out, logging in as Administrator, etc. Even so, I don't care for it. When I install a program, I often want to re-arrange where the icons are in the Start menu or change the working directories, etc. If I do this sort of fiddling by logging in to the Administrator account with UAC off, I can do everything I need pretty smoothly. If I do the fiddling through a user account with UAC on, I have to type the password maybe a dozen times before I'm done. Creating and naming a folder in Program Files involves four dialog boxes and two password entries, for Pete's sake. That's not convenient.
Unfortunately, in some versions of Vista, UAC is tied to file and registry virtualization, which is a useful, convenient backwards-compatibility feature. Turn off super-annoying UAC, and super-useful file/registry virtualization goes with it.
I can understand why Microsoft made some of the choices they did. But the end results are not inspiring.
I don't disagree, but I think "the situation" is common in design and engineering of all kinds. The flexible nature of IT may result in more and faster-growing cruft, but continuity in the face of technological change (which is where cruft comes from) is important for any business endeavor. Backwards compatibility always trumps everything, despite the cruft it creates, whether you're talking about CPU architectures, internet protocols, user interface paradigms, keyboard layouts, biofuels, mechanical fasteners, building materials, transportation infrastructure, human languages, etc.
Even if you could scrap the entire existing IT infrastructure and start from scratch, in 30 years time it would be just as crufty as it is now.
I found Adobe Reader so slow, bloated, and annoying that I switched to Foxit Reader, which is much smaller and faster. Can anyone say if the vulnerability applies to Foxit as well?
If Eve or Mallory get to the wire first, then the "normal" wire state that Alice and Bob see will include their taps.
Eavesdropping on this wouldn't do any good. From an eavesdropper's point of view, there are three noise levels, two of which mean nothing and one of which means a bit has just been transferred from A to B or from B to A. An eavesdropper can't tell which direction the bit is going or what the value of the bit was.
Given that large power plants are extremely efficient (I believe approaching theoretical limits on efficiency in terms of input and output temperature, with "output temperature" being outside air temp)...
You'd think so, wouldn't you? But you'd be surprised. Most big coal and nuke plants, for example, only manage about 35% thermal efficiency. They actually produce more waste than useful energy. New "supercritical" coal-fired designs can push on towards 40%-50%, newer combined-cycle natural gas plants can reach 60% or so. None are very inspiring, efficiency-wise.
Combined-heat-and-power (CHP) plants are more impressive. They apply the waste heat from electricity production to some other purpose, like space heating or evaporative cooling. They can get into the 70%-80% range. Unfortunately, the waste heat from a power plant doesn't travel well, so there are only so many places where it makes sense to build a CHP plant.
That's one reason a simple, cheap way to turn low-temperature heat into electricity, even at a low efficiency level, would be exciting. There is loads of waste heat available, from power plants and from all sorts of other plants. If you could convert just 10% of the waste heat from six coal-fired plants, you'd have collected enough juice to completely replace a seventh plant.
...locking out w2k users with software that will run fine if not for an explicit OS version check is just unfair. If the software is capable of running on an OS, I expect it to run on that OS. I don't think that is asking too much.
Microsoft faces a monumental testing job for every piece of software they release. If they cut an OS from the lsit of supported configurations, that's a heap of testing they can avoid. It also means they don't have to worry about future updates being compatible with Windows 2000. In short, a smaller set of platforms is cheaper to develop for.
And I say this as a Windows 2000 user myself. Sure, I'd rather that MS continued to fully support 2000 until there's a genuinely superior option, but I think there are non-evil business reasons for ending such support.
It might be better if Opera simply maintained an client-side blacklist of fradulent sites/domains, which was updated in the background while the browser is running. That way they wouldn't have to track your browsing at all.
As several others have pointed out, Opera will be taking some pains to avoid doing anything that would even make it possible for them to track users. Not to go all Opera-fan-boy on you, but Opera has been relatively privacy-concious for longer than the other browser organizations. If you can formulate a serious privacy threat scenario, I bet they'd like to hear about it.
Checking only visited sites does two things: it provides the opportunity, at least, to respond very quickly to new phishing schemes, and it saves bandwidth, which is pretty much always a good thing. It's easy for many of us to become complacent about having broadband, but many people still use dialup. In fact, Opera Desktop includes some features that can make it an especially attractive choice for dial-up users; I wouldn't be surprised if Opera's market share is actually higher among the dial-up crowd.
If the EU thinks they have a problem with American cultural imperialism now, I wonder how they'll feel in a few years when the web is overflowing with the video blogs of a billion American, Chinese, and Indian teenagers, and EU kids are only allowed to watch.
This has got to be one of the stupidest ideas I've ever heard.
Ah, I see. The VM Size column isn't one that appears in a default install of Windows, one must turn it on under View | Select Columns.
Still, it's pretty clear that 50MB worth of data is not getting shuttled back and forth from the disk when I minimize and re-open Opera. It's far too fast and quiet for that. That memory is just getting marked as page-out-able, or something.
This sort of demand-spreading doesn't require high tech, like hydrogen and fuel cells. It can be done (and has been done) with flywheel batteries, ultracapacitors, compressed air systems, etc.
How are people gauging Windows memory consumption for these different applications? I don't think Task Manager is really telling the whole story.
If you want to see a neat memory trick with Opera 9, try browsing for a while, opening a bunch of tabs, etc. Open up Task Manager and note what it reports Opera is using, probably in the 30 to 70 MB range. Leaving all the Opera tabs open, click on Opera's "minimize window" button. Watch as Task Manager decides Opera's memory consumption has fallen into the single-digit MB range. Open Opera's window up from the taskbar again, and note that its memory consumption rises, but only to a fraction of its previous high.
I have no idea what this means. The most important thing I know about Windows' memory management is that it's so crazy-complicated that it's beyond my understanding.
UAC annoying? Not really... It takes 2 seconds to disable it if you don't like it. Windows R, msconfig, disable UAC, reboot.
The story points out that OSX's similar warning/permission system has more granularity; if you want to skip alerts when the user changes the date/time, but leave the alerts enabled for other things, that can be done.
That sounds a lot more useful than an all-or-nothing system like UAC, because its likely that OSX will be checking some things, whereas many Vista installs will end up with UAC disabled completely.
You don't just make/var/log a compressed filesystem...
I'm no MS fanboy, but... suppose the OS in question had some sort of directory-compression scheme that had a seven-year track record of impressive stability and effectiveness? Why not use it?
Disk compression earned a terrible rep back in the 90s, when DOS/Windows and Windows 95 themselves were so unstable there was no chance that it could work properly. But MS finally got it right when they swiped tech from Stacker and included directory compression in NTFS. I've never heard of anyone having a problem with it until now.
Back when I up my home Windows 2000 box, disk space was less cheap and I was more poor, so I've got some compressed folders to un-compress. Curse you, Microsoft! Stop screwing up the few things you've done well!
Slashdot Mirror
I think you put the case too strongly, although I see where you're coming from. It also seems to me that .NET refuses to play to its own strengths, and consequently does some things pretty well while really excelling at nothing.
The high resource requirements of .NET apps are, in part, because they're not interpreted, but JITed, after all, just like Java. If .NET were interpreted, .NET apps would probably be much lighter-weight.
Garbage collection is such a huge win, I'd be willing to pay almost any price.
But why does it require a complete virtual machine system, and all the weight and complexity that implies? It's my understanding that there are compiled languages that support garbage collection.
The other advantages you list should be possible through the development of new libraries, new languages, and through evolutionary development of the existing Windows API.
I've never understood why MS went to the bother of building the VM without actually porting it to any other system.
Nah. If one's human personality is migrated to a machine, then adjusting one's subjective timescale should be trivial. This would allow for subjectively fast travel or even (with a total shutdown, a cybernetic version of suspended animation) subjectively instantaneous travel. Subjective travel time becomes zero for all distances. Creating perfect copies of one's personality, memory, and current emotional state also becomes trivial, which means one wouldn't even have to decide between staying here or traveling there. Because one could do both. At the same time.
It simply prevents the browser from launching any plugin at all for any reason -- until you turn plugins back on. Web sites that do plugin detection are told that you don't have any.
Turning plugins off doesn't mean you're secure against Trojan-plugins, if there are such things. And no, it won't un-install malware or undo damage.
But it does mean your computer isn't automatically downloading and running every single annoying Flash ad that you'd otherwise bump into. That is, I think, the primary purpose of the feature: to make the web less annoying. But it surely goes some way toward shielding you from malicious Flash as well. If you're hardly ever running Flash, you'll simply have fewer opportunities for Flash to do something bad.
It's not as convenient as the Flashblock add-on for Firefox, but in my experience it's more reliable.
I use this option frequently, so I've got it set up as a check-box on the Opera status bar.
You're not wrong.
But consider one very narrow aspect of this make-it-yourself-with-a-fancy-machine trend that we've actually got some real-world experience with: photo-printing.
A photo-printing service can crank out reams of ultra-high-quality laser-printed photos with a gigantic, capital-intensive piece of equipment. Due to the economies of scale, the cost per print is actually very low.
A personal inkjet photo-printer is slow, balky, finicky and has a voracious appetite for expensive supplies. Yet people buy and use them anyway, because they print -- or reprint, if they don't like the first result -- right here, right now.
There seems to be plenty of room in the marketplace for both of these options.
The forum post was written over two weeks ago (27 Jan), so it's not about something brand new. It clearly discusses an "SP1 RC," i.e. a Release Candidate, that is, a beta. Not SP1 final, not something automatically pushed through Windows Update.
None of the important points made in this story post are true. It's utter baloney. Worse than that, it's incredibly obviously baloney. This story should be deleted. Even if you hate Microsoft, libel isn't nice.
Shame on Slashdot for falling for this.
Strongly agree. The Loudness Wars have been ruining popular recordings for years longer than MP3 has been a signifigant force.
I'm convinced that most people who kvetch over the quality of MP3s haven't heard a good one. A good encoder, intelligently configured (translated: use LAME's high-bitrate presets, newbie) can produce amazingly good results. Even when I've expected to hear a difference between a CD and a high-quality MP3, I've usually been surprised to find that I really can't.
I don't understand how it offers anyone any useful protection from anything.
Suppose you download an installation package for some really neato whizbang gotta-have-it program. Like SuperDuperCutesyChat Deluxe, v9.0. Unbeknown to you, SuperDuperCutesyChat is a Trojan horse, laden with mal-ware of one kind or another.
When you run the installer, one way or another, you have to give the installer admin-level privileges. If your account is an admin account, you see a couple of UAC prompts. If your account is a user account, you get a privilege-escalation prompt and you have to enter the admin password.
Either way, the installer program runs with admin privileges, and can do anything to your system. It can install spy-ware, key-loggers, spam-bots -- anything and everything. If the bait program is something that plausibly requires network access (like SuperDuperCutesyChat) it's quite likely the user will obligingly open up the firewall for it, too.
Perhaps it's wrong to think of UAC as a security feature. It's really a convenience feature. It gives a user the chance to do something administrative without logging out, logging in as Administrator, etc. Even so, I don't care for it. When I install a program, I often want to re-arrange where the icons are in the Start menu or change the working directories, etc. If I do this sort of fiddling by logging in to the Administrator account with UAC off, I can do everything I need pretty smoothly. If I do the fiddling through a user account with UAC on, I have to type the password maybe a dozen times before I'm done. Creating and naming a folder in Program Files involves four dialog boxes and two password entries, for Pete's sake. That's not convenient.
Unfortunately, in some versions of Vista, UAC is tied to file and registry virtualization, which is a useful, convenient backwards-compatibility feature. Turn off super-annoying UAC, and super-useful file/registry virtualization goes with it.
I can understand why Microsoft made some of the choices they did. But the end results are not inspiring.
I don't disagree, but I think "the situation" is common in design and engineering of all kinds. The flexible nature of IT may result in more and faster-growing cruft, but continuity in the face of technological change (which is where cruft comes from) is important for any business endeavor. Backwards compatibility always trumps everything, despite the cruft it creates, whether you're talking about CPU architectures, internet protocols, user interface paradigms, keyboard layouts, biofuels, mechanical fasteners, building materials, transportation infrastructure, human languages, etc.
Even if you could scrap the entire existing IT infrastructure and start from scratch, in 30 years time it would be just as crufty as it is now.
I found Adobe Reader so slow, bloated, and annoying that I switched to Foxit Reader, which is much smaller and faster. Can anyone say if the vulnerability applies to Foxit as well?
If Eve or Mallory get to the wire first, then the "normal" wire state that Alice and Bob see will include their taps.
Eavesdropping on this wouldn't do any good. From an eavesdropper's point of view, there are three noise levels, two of which mean nothing and one of which means a bit has just been transferred from A to B or from B to A. An eavesdropper can't tell which direction the bit is going or what the value of the bit was.
You'd think so, wouldn't you? But you'd be surprised. Most big coal and nuke plants, for example, only manage about 35% thermal efficiency. They actually produce more waste than useful energy. New "supercritical" coal-fired designs can push on towards 40%-50%, newer combined-cycle natural gas plants can reach 60% or so. None are very inspiring, efficiency-wise.
Combined-heat-and-power (CHP) plants are more impressive. They apply the waste heat from electricity production to some other purpose, like space heating or evaporative cooling. They can get into the 70%-80% range. Unfortunately, the waste heat from a power plant doesn't travel well, so there are only so many places where it makes sense to build a CHP plant.
That's one reason a simple, cheap way to turn low-temperature heat into electricity, even at a low efficiency level, would be exciting. There is loads of waste heat available, from power plants and from all sorts of other plants. If you could convert just 10% of the waste heat from six coal-fired plants, you'd have collected enough juice to completely replace a seventh plant.
The question: Is BitLocker safe for really secure work?
Does the military have anything to say about its suitability for classified work? If so, the question has already been studied and answered.
Only one person I know changed the XP interface back to Classic, and he's a cranky fellow.
Me too, but that cranky fellow is me, so that counts for extra.
...locking out w2k users with software that will run fine if not for an explicit OS version check is just unfair. If the software is capable of running on an OS, I expect it to run on that OS. I don't think that is asking too much.
Microsoft faces a monumental testing job for every piece of software they release. If they cut an OS from the lsit of supported configurations, that's a heap of testing they can avoid. It also means they don't have to worry about future updates being compatible with Windows 2000. In short, a smaller set of platforms is cheaper to develop for.
And I say this as a Windows 2000 user myself. Sure, I'd rather that MS continued to fully support 2000 until there's a genuinely superior option, but I think there are non-evil business reasons for ending such support.
0.1% of Windows desktops is still a lot of desktops.
As several others have pointed out, Opera will be taking some pains to avoid doing anything that would even make it possible for them to track users. Not to go all Opera-fan-boy on you, but Opera has been relatively privacy-concious for longer than the other browser organizations. If you can formulate a serious privacy threat scenario, I bet they'd like to hear about it.
Checking only visited sites does two things: it provides the opportunity, at least, to respond very quickly to new phishing schemes, and it saves bandwidth, which is pretty much always a good thing. It's easy for many of us to become complacent about having broadband, but many people still use dialup. In fact, Opera Desktop includes some features that can make it an especially attractive choice for dial-up users; I wouldn't be surprised if Opera's market share is actually higher among the dial-up crowd.
If the EU thinks they have a problem with American cultural imperialism now, I wonder how they'll feel in a few years when the web is overflowing with the video blogs of a billion American, Chinese, and Indian teenagers, and EU kids are only allowed to watch.
This has got to be one of the stupidest ideas I've ever heard.
Ah, I see. The VM Size column isn't one that appears in a default install of Windows, one must turn it on under View | Select Columns.
Still, it's pretty clear that 50MB worth of data is not getting shuttled back and forth from the disk when I minimize and re-open Opera. It's far too fast and quiet for that. That memory is just getting marked as page-out-able, or something.
This sort of demand-spreading doesn't require high tech, like hydrogen and fuel cells. It can be done (and has been done) with flywheel batteries, ultracapacitors, compressed air systems, etc.
How are people gauging Windows memory consumption for these different applications? I don't think Task Manager is really telling the whole story.
If you want to see a neat memory trick with Opera 9, try browsing for a while, opening a bunch of tabs, etc. Open up Task Manager and note what it reports Opera is using, probably in the 30 to 70 MB range. Leaving all the Opera tabs open, click on Opera's "minimize window" button. Watch as Task Manager decides Opera's memory consumption has fallen into the single-digit MB range. Open Opera's window up from the taskbar again, and note that its memory consumption rises, but only to a fraction of its previous high.
I have no idea what this means. The most important thing I know about Windows' memory management is that it's so crazy-complicated that it's beyond my understanding.
The article appears to be the first of a series:
Maybe on Wednesday they'll explain how to prevent this sort of thing. That would be good.
Not me. Imitation isn't the same as innovation, but it's better than making something crappy from scratch.
UAC annoying? Not really ... It takes 2 seconds to disable it if you don't like it. Windows R, msconfig, disable UAC, reboot.
The story points out that OSX's similar warning/permission system has more granularity; if you want to skip alerts when the user changes the date/time, but leave the alerts enabled for other things, that can be done.
That sounds a lot more useful than an all-or-nothing system like UAC, because its likely that OSX will be checking some things, whereas many Vista installs will end up with UAC disabled completely.
You don't just make /var/log a compressed filesystem...
I'm no MS fanboy, but... suppose the OS in question had some sort of directory-compression scheme that had a seven-year track record of impressive stability and effectiveness? Why not use it?
Disk compression earned a terrible rep back in the 90s, when DOS/Windows and Windows 95 themselves were so unstable there was no chance that it could work properly. But MS finally got it right when they swiped tech from Stacker and included directory compression in NTFS. I've never heard of anyone having a problem with it until now.
Back when I up my home Windows 2000 box, disk space was less cheap and I was more poor, so I've got some compressed folders to un-compress. Curse you, Microsoft! Stop screwing up the few things you've done well!