The board of directors of yahoo has a fiduciary duty to their shareholders to maximize shareholder revenue. From the wikipedia article on fiduciary duty:
"A fiduciary duty is the highest standard of care at either equity or law. A fiduciary is expected to be extremely loyal to the person to whom they owe the duty (the "principal"): they must not put their personal interests before the duty, and must not profit from their position as a fiduciary, unless the principal consents."
The yahoo board legally can't allow their desire to remain independent to color their judgement. The cost of going public is that it's not your company any more, it's your shareholder's company.
Not really related to the topic but to answer the Win32 issues.
CreateWindow() returns when the window is created and initialized making it a one step operation instead of two. To wrap this in C++ you can pass your instance pointer for your C++ object as the lpParam argument to CreateWindow. When WM_CREATE gets sent to your new window you can get your instance pointer back out of the window creation structure. You can then call SetWindowLongPtr with GWLP_USERDATA to associate your object with the window and use GetWindowLongPtr to get it back out whenever your window proc function is called.
As far as CloseHandle() goes all kernel objects can be closed via CloseHandle(). It's just that some purely user mode routines overload the handle type and those pseudo handles aren't recognized by the kernel.
The article blamed a component named "Winserv" for causing the BSOD. Windows XP doesn't contain any component named "winserv". The first hit on google was for a random piece of spyware http://www.2-spyware.com/file-winserv-exe.html. I think CRN needs to work a bit harder at securing their systems.
Employment applications actually do have a valid purpose. It's a way for your prospective employer to get you to list your work experience, education, and so forth on a form where at the bottom you sign that any falsified information is reason for you to either not be hired or to be immediately terminated.
It's not broken. You have to be an admin to change that registry key. If you are already an admin it doesn't really matter since you could do more creative things like replace the keyboard driver.
Terms are the same as they've always been. Retail copies can be transfered to a 3rd party. It's only OEM copies which are not transferable.
4. TRANSFER-Internal. You may move the Product to a different
Workstation Computer. After the transfer, you must
completely remove the Product from the former Workstation
Computer. Transfer to Third Party. The initial user of the
Product may make a one-time transfer of the Product to
another end user. The transfer has to include all
component parts, media, printed materials, this EULA, and
if applicable, the Certificate of Authenticity. The
transfer may not be an indirect transfer, such as a
consignment. Prior to the transfer, the end user receiving
the transferred Product must agree to all the EULA terms.
No Rental. You may not rent, lease, lend or provide
commercial hosting services to third parties with the
Product.
Much easier is to stick the certificates for sites like xupiter, and gator in the untrusted certificates list. Then IE will automatically kill software signed by that certificate. When IE prompts you to install the ActiveX control you can view the certificate and I think one of the options is install. You can choose to install it to untrusted certs and then rest happy in the knowledge it will be a while before you see software from that company again trying to install itself.
It would help if the author understood windows...
on
Shattering Windows
·
· Score: 2, Interesting
This is not a security vulnerability in windows. In windows the security boundary for GUI objects is the window station/desktop. Within the same winstation or desktop you can send any message to any window you want. You can set ACLs on the window station to prevent low privileged users from accessing a window station or desktop. Services by default run in an isolated winsta/desktop on a per user basis (i.e. all the SYSTEM services share a winsta/desktop). No low privileged app can send anything to that desktop. If you check the let this service interact with the desktop option for a service then it is moved into the main user window station and desktop. That service can then present UI to the first user which logs into the system if it wants. The service also gets all the security risks of running in that desktop. If you choose that option then you get what you asked for and need to secure that code for running in the interactive session. Running this way also doesn't work with fast user switching or terminal server since you can have multiple users logged in at the same time. If a service wants to present UI to the user then it needs to run in a client server model and a process running in the user session and communicate back to the parent using COM/RPC/whatever.
Not likely. In order for a game to be played on the X-BOX it has to be cryptographically signed using the Microsoft private key. The odds of MS signing a Linux boot disk are a heck of a lot worse than the odds of you winning Powerball.
I think the only way you will get an X-Box booting Linux is if you are *really* good with a soldering iron and replace half the chips on the X-Box motherboard.
Yay, for journalistic integrity on Slashdot yet again. When this got sent around some X-Box lists I'm on last week we quickly found out this was a hoax. The "emulator" is some random files zipped up and all the "screen shots" very conveniently happen to be exactly the same as some posted on the web.
Not to mention that there is the minor problem that the SunRays require their own dedicated network. The units don't support routing so you are going to have to have all your machines on subnets physically connected to your central server. Given any geographic distributation (even across campus) at all that makes using SunRays hell. (Which is why my university has pretty much ignored the things).
There is also the security issue we ran in to. As close as we can tell the connection from the SunRay to the server is unencrypted. So if someone can install a sniffer then your network security is hosed. If you are running these things in a public environment like a library it wouldn't be very hard for someone to plug their laptop into the network and have a field day with your security.
This is fixed with XP and.NET server. In W2K and NT 4 TSE there is no way to go above 256 colors.
The Cisco bug doesn't explain the outage
on
Code Red Refunds?
·
· Score: 1
I have DSL service from QWest in the Seattle area and lost service for about 24 hours during this outage. The problem most certainly was not Code Red on the DSL modem. Before this announcement I had killed the web server on the modem and upgraded the firmware. During the outage I must have power cycled the modem a dozen times vainly hoping it would work and I could check my e-mail. When I called QWest tech support in the afternoon they told me that the service was down for a few hours for "Server Upgrades" to deal with Code Red. I tried calling back later that night and spend an hour and a half on hold before giving up. I think QWest screwed up on the back end and used the Code Red attack on the Cisco modems as a convenient excuse. Simply unplugging waiting a few seconds and then plugging it back in would fix (until the next attack) any Cisco 675 modem.
Pardon me if I don't see what the story is here. MSDN subscriber downloads are for paying customers of Microsoft to download various Microsoft products. You already have to have an account with Microsoft to use the subscriber downloads. Microsoft already has personal contact information for you as an MSDN subscriber since they need to send you your monthly shipments. Microsoft isn't getting any new information about you that they didn't have before.
This also does not affect everyone who wants to develop on windows. The MSDN documentation is free and is not under any sort of documentation. This only effects people already paying Microsoft a couple thousand a year for MSDN.
I actually will admit that I like this change. It means there is one less password I need to remember. As a MSDN subscriber I am already a customer of Microsoft and what is the difference between having to establish an account directly with MSDN or using one via Passport? I think it makes much more sense that Microsoft has one unified logon system for their website. Microsoft using its influence to have passport be used on other sites is an entirely different matter than using it for their own sites authentication.
OK, so I can't turn VirtuaDub into COM component. But if I register it with COM+ and run it in a seperate process, then it's OK?
I think this is where the GPL really starts to break down. If you create something as an out of process COM server then it lives in its own exe and its own process space. This seems to me to be closer to the fork()/exec() model and not covered under the GPL. The interesting part of this is the client doesn't notice the difference between an in-process COM server and an out of process server. The Windows COM libs take care of all the details. Given that inproc/out of proc are the same in the client it seems somewhat pointless to distinguish between them in the GPL. Also there is the fact that if the COM server has a type library built in to it your app never needs to see any headers from the GPL'd code. Visual Studio has a wizard to extract the info from a type library and create the headers on the fly for you.
And that's why there is MSDN. If you provide Microsoft with $2000 a year (ooh subscriptions) you get all Microsoft OS's and business apps for use in developing applications for them.
The intersting part of the MSDN license is that while you pay anually that's just for getting updates. You can still use the software you already have when the license expires...
I personally have seen a couple presentations on the X-Box (directly from the X-Box team) and it most assuredly is based on a stripped down Win2k kernel. The SDK boxes first boot into Windows and then switch over to the game. While it is quite likely that you can make an X-Box boot in to Linux that's not what MS is using for the games. They aren't stupid. Did you think they would be willing to take the PR hit from not running their own OS on the machine.
Slashdot Mirror
"A fiduciary duty is the highest standard of care at either equity or law. A fiduciary is expected to be extremely loyal to the person to whom they owe the duty (the "principal"): they must not put their personal interests before the duty, and must not profit from their position as a fiduciary, unless the principal consents."
The yahoo board legally can't allow their desire to remain independent to color their judgement. The cost of going public is that it's not your company any more, it's your shareholder's company.
Not really related to the topic but to answer the Win32 issues.
CreateWindow() returns when the window is created and initialized making it a one step operation instead of two. To wrap this in C++ you can pass your instance pointer for your C++ object as the lpParam argument to CreateWindow. When WM_CREATE gets sent to your new window you can get your instance pointer back out of the window creation structure. You can then call SetWindowLongPtr with GWLP_USERDATA to associate your object with the window and use GetWindowLongPtr to get it back out whenever your window proc function is called.
As far as CloseHandle() goes all kernel objects can be closed via CloseHandle(). It's just that some purely user mode routines overload the handle type and those pseudo handles aren't recognized by the kernel.
The article blamed a component named "Winserv" for causing the BSOD. Windows XP doesn't contain any component named "winserv". The first hit on google was for a random piece of spyware http://www.2-spyware.com/file-winserv-exe.html. I think CRN needs to work a bit harder at securing their systems.
And how exactly were you planning on doing the key management for IPSec? :)
Employment applications actually do have a valid purpose. It's a way for your prospective employer to get you to list your work experience, education, and so forth on a form where at the bottom you sign that any falsified information is reason for you to either not be hired or to be immediately terminated.
It's not broken. You have to be an admin to change that registry key. If you are already an admin it doesn't really matter since you could do more creative things like replace the keyboard driver.
Try 4.2 billion. That's not a great return on investment...
Terms are the same as they've always been. Retail copies can be transfered to a 3rd party. It's only OEM copies which are not transferable.
4. TRANSFER-Internal. You may move the Product to a different
Workstation Computer. After the transfer, you must
completely remove the Product from the former Workstation
Computer. Transfer to Third Party. The initial user of the
Product may make a one-time transfer of the Product to
another end user. The transfer has to include all
component parts, media, printed materials, this EULA, and
if applicable, the Certificate of Authenticity. The
transfer may not be an indirect transfer, such as a
consignment. Prior to the transfer, the end user receiving
the transferred Product must agree to all the EULA terms.
No Rental. You may not rent, lease, lend or provide
commercial hosting services to third parties with the
Product.
Much easier is to stick the certificates for sites like xupiter, and gator in the untrusted certificates list. Then IE will automatically kill software signed by that certificate. When IE prompts you to install the ActiveX control you can view the certificate and I think one of the options is install. You can choose to install it to untrusted certs and then rest happy in the knowledge it will be a while before you see software from that company again trying to install itself.
This is not a security vulnerability in windows. In windows the security boundary for GUI objects is the window station/desktop. Within the same winstation or desktop you can send any message to any window you want. You can set ACLs on the window station to prevent low privileged users from accessing a window station or desktop. Services by default run in an isolated winsta/desktop on a per user basis (i.e. all the SYSTEM services share a winsta/desktop). No low privileged app can send anything to that desktop. If you check the let this service interact with the desktop option for a service then it is moved into the main user window station and desktop. That service can then present UI to the first user which logs into the system if it wants. The service also gets all the security risks of running in that desktop. If you choose that option then you get what you asked for and need to secure that code for running in the interactive session. Running this way also doesn't work with fast user switching or terminal server since you can have multiple users logged in at the same time. If a service wants to present UI to the user then it needs to run in a client server model and a process running in the user session and communicate back to the parent using COM/RPC/whatever.
Not likely. In order for a game to be played on the X-BOX it has to be cryptographically signed using the Microsoft private key. The odds of MS signing a Linux boot disk are a heck of a lot worse than the odds of you winning Powerball.
I think the only way you will get an X-Box booting Linux is if you are *really* good with a soldering iron and replace half the chips on the X-Box motherboard.
Yay, for journalistic integrity on Slashdot yet again. When this got sent around some X-Box lists I'm on last week we quickly found out this was a hoax. The "emulator" is some random files zipped up and all the "screen shots" very conveniently happen to be exactly the same as some posted on the web.
Can a PC DVD drive even read an X-Box disk?
There is also the security issue we ran in to. As close as we can tell the connection from the SunRay to the server is unencrypted. So if someone can install a sniffer then your network security is hosed. If you are running these things in a public environment like a library it wouldn't be very hard for someone to plug their laptop into the network and have a field day with your security.
This is fixed with XP and .NET server. In W2K and NT 4 TSE there is no way to go above 256 colors.
I have DSL service from QWest in the Seattle area and lost service for about 24 hours during this outage. The problem most certainly was not Code Red on the DSL modem. Before this announcement I had killed the web server on the modem and upgraded the firmware. During the outage I must have power cycled the modem a dozen times vainly hoping it would work and I could check my e-mail. When I called QWest tech support in the afternoon they told me that the service was down for a few hours for "Server Upgrades" to deal with Code Red. I tried calling back later that night and spend an hour and a half on hold before giving up. I think QWest screwed up on the back end and used the Code Red attack on the Cisco modems as a convenient excuse. Simply unplugging waiting a few seconds and then plugging it back in would fix (until the next attack) any Cisco 675 modem.
This also does not affect everyone who wants to develop on windows. The MSDN documentation is free and is not under any sort of documentation. This only effects people already paying Microsoft a couple thousand a year for MSDN.
I actually will admit that I like this change. It means there is one less password I need to remember. As a MSDN subscriber I am already a customer of Microsoft and what is the difference between having to establish an account directly with MSDN or using one via Passport? I think it makes much more sense that Microsoft has one unified logon system for their website. Microsoft using its influence to have passport be used on other sites is an entirely different matter than using it for their own sites authentication.
I think this is where the GPL really starts to break down. If you create something as an out of process COM server then it lives in its own exe and its own process space. This seems to me to be closer to the fork()/exec() model and not covered under the GPL. The interesting part of this is the client doesn't notice the difference between an in-process COM server and an out of process server. The Windows COM libs take care of all the details. Given that inproc/out of proc are the same in the client it seems somewhat pointless to distinguish between them in the GPL. Also there is the fact that if the COM server has a type library built in to it your app never needs to see any headers from the GPL'd code. Visual Studio has a wizard to extract the info from a type library and create the headers on the fly for you.
The intersting part of the MSDN license is that while you pay anually that's just for getting updates. You can still use the software you already have when the license expires...
I personally have seen a couple presentations on the X-Box (directly from the X-Box team) and it most assuredly is based on a stripped down Win2k kernel. The SDK boxes first boot into Windows and then switch over to the game. While it is quite likely that you can make an X-Box boot in to Linux that's not what MS is using for the games. They aren't stupid. Did you think they would be willing to take the PR hit from not running their own OS on the machine.