You seem to be saying that this suggests that possession of a computer might be illegal, and is therefore ridiculous. But the cruxial term there is "intent", surely? And don't the prosecution have to prove that he intended to use the computer to commit forgery? Which would require showing for example that he was in the process of making fake drivers' licences or something similar?
The reason that this is important is that just about anything is adaptable to criminal use. The purpose of requiring the prosecution to show possession of relevant equipment is to provide an additional hurdle to proving intent. The intent is core.
Was this count (of which you said he was aquitted) there as an alternative to a count of which he was found guilty, such as actually using a forgery device? I am not a lawyer, but I am not sure you can be convicted both of intent to do a crime and of the crime itself: It's certainly unusual, and I think then even only if they show intent to commit additional crimes.
This is a pretty strange page. It has links to the standard C# related resources, such as GotDotNet, MSDN and.Net SDK Download page, links to books and articles about C# etc.
But the "Hot Topics" basically take each feature that C# has over java and trash-talks it. The Delegates page finishes "C# Best Practice: Prefer Interfaces to Delegates". Properties "Discourage use of properties". Boxing & unboxing (being added to Java with Tiger, IIRC) "C# Best Practice: Do not use boxing or unboxing".
The site also contains no clues as to the identity of the person controlling it, which is suspicious.
I do not think that this website is an attempt at honest critique. I think someone is trying to get a high Google listing (by linking to.Net resources) in order to more effectively slag off C#.
Context is all. The more you have the better informed you are.
(Now, I am not saying MSFT would have been a good investment over the last two years -- It lost 20%. But Red Hat lost 80% in the same time, and the three-month rally at the end of last year -- which accounts for nearly the whole of RHAT's gain over the 12 months -- doesn't merit a mexican wave.)
Analyse the data models you are importing to and from. Map fields across. This will probably amount to about 8 mappable fields over two tables. Identity, (username, password, full name parts) and Email Address (username, email alias) for the users, and some more for the recipients. I know of no easy way to map the passwords, nor to keep them synchronised between the two systems. You may be able to achieve the same ends using PAM for your POP3 authentication, delegating to your DC, but I can't tell you how, I am afraid.
Write some custom VB or Perl (using the ActiveState Win32 modules) to dump this info to a portable format (I suggest delimited text). Then import it into Unix by writing out suitable entries into/etc/passwd (or use useradd) and in/etc/mail/virtusertable or equivalents. More perl, in other words. Now you have migrated the users. You can do a similar process for the lists.
First make sure all users have the new POP3/SMTP services set up, and set as defaults. You can do this by hand, by sending them instructions (yeah, right) or more Perl and VBScript deployed using a group policy or as signed code using the scripting stuff in the resource kit.
This includes setting up Personal Folders (outlook.pst) files for each user.
My recommendation for POP3 settings is (advanced tab):
Leave a copy of the messages on the server.
Remove after 14 days.
Remove after you permanently delete them (not in Outlook2K).
Now point the incoming mail at the new POP3 server and wait for MX records to expire. You will want to wait at least 2xTTL because AOL tend to cache for longer than TTL. If you are foresighted (or have read ahead) you will have cut the progressively down to about five minutes, to enable you to do a rapid cutover (and, if necessary, a rollback). When you are happy all is OK, you can raise the TTL to a reasonable level again.
Users will now be getting their mail directly from the POP3 server, and sending via SMTP.
Do you need to take the current contents of their mailboxes too?
If so, the easiest way is to tell them you will be turning Exchange off, and that they must copy any mails they want to keep to their personal folders file. After some time has passed, and you have reminded everyone several times, turn Exchange off and wait to see if you get any complaints. If you do, you can turn it back on temporarily to let them do the copy.
Finally, I really suggest something like Netmeeting or SMS (or PCAnywhere or VNC... but I tend to go with vendor products, particularly when they are free, as Netmeeting is) to allow you to assist users who can't do it themselves.
If I remember correctly (wherever I heard it that is, not the event), the moon was formed out of part of the earth, in a collision with a massive body. Imagine a liquid droplet held together under it's own gravity, and then a splash!
the materials can be nearer to the edge and more likely to fail
Safety margins are a variable adjustable at will by engineers. Both types of rocket will be a safe as it is considered economic to be. This may mean that SSTO is not safe enough to use.
My point is, that it is not a matter of waiting for it to pan out: Failure rate is a decision by engineers, to the extent that available knowlege permits.
The validity of the exercise is compromised by his assumption that that multiple processes as opposed to multiple threads was the best choice for whatever his benchmark is supposed to model, and that if they are, RPC, COM or shared memory are not more appropriate to the IPC task. Windows has many ways of doing IPC and concurrent tasking, and most applications use other IPC methods than pipes. This failure of choice is an important reason why such like-for-like benchmarks are of little value.
In short, these "high-performance techniques" are high-performance on Linux only, the way he does it. On windows, other methods, not available on Linux, are more used.
One example of this is Microsoft's signed driver code of Windows 2000. We all know that creating such a policy is wrong...
Mod you +1 funny.
It is now, was always, and will continue to be in the near future, possible to install unsigned drivers. Go to:
Start->Settings->Control Panel-> System Applet-> Hardware Tab->
Driver Signing Button...
The dialog there presents you with three options:
Ignore - install all files regardless of file signature
Warn - display a message before installing an unsigned file
Block - prevent the installation of unsigned files
A sampling of other stories brings up discussions on O'Reilly and other places with some claims that the Dead encouraged bootlegging, but with the AP story saying "The band has never authorized bootlegged copies of its studio recordings." And again:
Under the April 1999 policy, though, the Dead declared that "no commercial gain may be sought by websites offering digital files of our music, whether through advertising, exploiting databases compiled from their traffic, or any other means."
That clearly rules out Napster, as (AFAIR) it was advertising-funded.
Holograms don't store the whole picture in each part. You've been reading too much Dorling Kindersley.
What makes a hologram is that the picture changes with the viewing angle, so that each eye gets a different image. The difference between a true hologram and those lenticular postcards (usually of statues of the Virgin Mary in my experience) is that the picture changes proportionally with the angle, wheras the postcards have only two pictures, and you need to ensure each eye is within the correct viewing space for the appropriate image.
If you cut a hologram in half, and then look right at an angle through the glass, you can often just about make out the objects which appear (when viewed head on) in the part you removed. Information (bits) have (has) been removed however, as the information about what that object looked like head on is no longer present in the remainder of the hologram -- only the information about what it looks like from that extreme angle. The additional information is stored in diffraction patterns in the depth of the photographic emulsion used for this type of gift-shop hologram, as well as across the height and breadth as in typical photographs.
Thus the illusion that "each part of the hologram contains all the information" is due to the fact that with typical holographic subjects most of the information is redundant, as it consists of images of the same object from slightly different angles.
In commercial storage, it is not likely that the bits will be used soley to provide redundancy in this way -- the point definitely is about getting more bits on.
Helicopters have a very low top forward airspeed, due to the rotor blades being limited by the speed of sound. The airspeed of the helicopter is therefore limited to the speed of sound minus the rotor tip speed.
With a tiltrotor system, the rotor tip speed is much less corrolated to airspeed, so the aircraft can go faster.
Running as System is NOT the same as running in Kernel space.
It means running without local security restrictions, and is precisely equivalent to running things as root. Administrator has reduced privilages compared to root or System.
The main (only?) reason to do this is if you need to do things with the privilages of other users, and even here NT provides proper impersonation facilities, so that's largely unneccessary if you are using an NT-supported authentication system, such as NTCR or X509 (I don't have a complete list, but you can write your own, like PAM in Linux -- if you trust yourself).
Also, FYI:
Internet Explorer runs neither in Kernel Space (I assume you mean kernel mode) nor as System, but as a user-mode process with the privilages of the user who started it.
The default installation of IIS has not run as System for about four years (maybe more, not sure, but at least four). Now it runs as IUSR_, which is a normal user and uses impersonation to check for file access privilages.
I don't know about Exchange, but I would be surprised if it ran a system these days.
Since Windows 2000 microsoft have had sandboxing of arbitrary processes with Job objects.
(FWIW, a Job object is a container for processes which can impose multiple restrictions on all children. Obvious, overdue stuff such as memory and processor quotas are included, but so is the ability to restrict which USER (windowing) objects a process can have access to. In principle this allows you to run untrusted GUI apps with lower privilages without the DOS/intrustion problems that come from features such as the clipboard, DDE, COM and so forth. Unfortunately you have to do this programattically, and MS don't appear to have done anything much with it yet from the perspective of the end user).
And of course system calls have always had restrictions on them, (though not on a per-function basis) via user rights.
I'm with you there. That's my standard operating procedure.
I do my classes the same way, copying the headings from my design document as comments for the functions I need and then filling them in as I get to them.
It saves referring to the design document all the time since the headings are descriptive, and since I include the section numbers, it speeds up referring to them when I need to.
The Microsoft system of printer sharing is based on having a printer-specific driver for each printer. This permits the application to invoke a printer-specific options page for any printer, past, present or future, without having to decide which printers they wish to support. It also allows the printer to support a variety of spool formats, from plain text to PCL, PostScript and GDI.
It also in turn allows printer manufacturers to add new, arbitrary features to their printers to control things like color models, printing multiple pages in one, draft modes of different types, control of different dithering models used when printing graphics, control over paper input trays, collation, stapling, and so on and so forth. The user is not forced to use the lowest common denominator, because the manufacturer supplies the GUI.
But if the manufacturer can't be bothered to produce a driver...
For what it's worth, I'll bet you can get it to work using a driver for another printer made by the same manufacturer on the client machine, if you can be bothered. Try the manufacturers website. They often have step-by-step instructions for this sort of thing. I'm assuming you are the same AC...
Firstly MS RPC is not "on top of" DCE RPC. It is an implementation of DCE RPC. Secondly if you make an RPC call, it can go over a variety of transports -- one of the great things about DCE RPC. Most windows boxes from NT4.0 onwards are configured to use IP by default.
Some more errors:
RAP is not a layer in the stack for most of what you describe, only for the actual RAP functions, such as NetShareEnum. Most operations (such as open/read/lock) don't use it at all.
Named Pipes are not "on top of" transactions. Transactions are an option for Named Pipes.
Named pipes aren't on top of SMB. They are one of the things you can open using SMB, i.e. a type of file in a special part of the filesystem. The analogy is with character or block fifos in unix.
I might as well say:
MIME on top of
HTTP on top of
TCP on top of
IP on top of
Ethernet on top of
voltages on copper wires
If you reduced it all down to copper wires imagine how efficient it could be! All you'd need is different voltages! Just code your application to read directly from an ADC!
MS Clients can't authenticate against standard Kerberos servers because they require a list of domain groups that the authenticated user belongs to, which is not provided by the Kerberos protocol. Since the first version of NT domain groups have been supported and since the first version of NTLM they have been provided with the original authentication token. This is because it requires less server resources (authentication and group lists come from the same database, so it is a saving to do both at the same time) and less network traffic (one rounddtrip instead of two).
AFAIK non-MS kerberos clients obtain these group lists via a directory service query, where they support domain groups at all.
To support authentication against SAMBA servers, the SAMBA guys just have to supply a packet in the extension field containing an empty group list, which should be trivial to reverse engineer. Alternatively if they want to use group lists they can use the documented SSPI API to write an authentication service that uses standard Kerberos together with a Directory Service query to provide the information Windows requires to authenticate. Additionally small amount of inspection of code and data packets should also reveal the wire format used, to enable the full functionality without an SSPI plugin.
The APIs are all there: Implement it. Why anyone think's it is Microsoft's job to do it is beyond me.
Slashdot Mirror
You seem to be saying that this suggests that possession of a computer might be illegal, and is therefore ridiculous. But the cruxial term there is "intent", surely? And don't the prosecution have to prove that he intended to use the computer to commit forgery? Which would require showing for example that he was in the process of making fake drivers' licences or something similar?
The reason that this is important is that just about anything is adaptable to criminal use. The purpose of requiring the prosecution to show possession of relevant equipment is to provide an additional hurdle to proving intent. The intent is core.
Was this count (of which you said he was aquitted) there as an alternative to a count of which he was found guilty, such as actually using a forgery device? I am not a lawyer, but I am not sure you can be convicted both of intent to do a crime and of the crime itself: It's certainly unusual, and I think then even only if they show intent to commit additional crimes.
Yes, it kind of makes you think they have competition from other hoaxers; some who are still getting kicks from psyching out the simple minded.
There is an interesting account of that here: What Happened on Mars?
This is a pretty strange page. It has links to the standard C# related resources, such as GotDotNet, MSDN and .Net SDK Download page, links to books and articles about C# etc.
But the "Hot Topics" basically take each feature that C# has over java and trash-talks it. The Delegates page finishes "C# Best Practice: Prefer Interfaces to Delegates". Properties "Discourage use of properties". Boxing & unboxing (being added to Java with Tiger, IIRC) "C# Best Practice: Do not use boxing or unboxing".
The site also contains no clues as to the identity of the person controlling it, which is suspicious.
I do not think that this website is an attempt at honest critique. I think someone is trying to get a high Google listing (by linking to .Net resources) in order to more effectively slag off C#.
RHAT vs. MSFT....
It all depends where you pick your origin. So Red Hat did better over 12 months (rjamestaylor Sig).
12 Months: RHAT comes out ahead.
Take a look at this to compare:
6 Months: MSFT comes out ahead.
24 Months: MSFT comes out ahead.
Red Hat's whole trading history: MSFT comes out ahead. Big time.
Context is all. The more you have the better informed you are.
(Now, I am not saying MSFT would have been a good investment over the last two years -- It lost 20%. But Red Hat lost 80% in the same time, and the three-month rally at the end of last year -- which accounts for nearly the whole of RHAT's gain over the 12 months -- doesn't merit a mexican wave.)
Troll, or Flamebait, not insightful.
First make sure all users have the new POP3/SMTP services set up, and set as defaults. You can do this by hand, by sending them instructions (yeah, right) or more Perl and VBScript deployed using a group policy or as signed code using the scripting stuff in the resource kit.
This includes setting up Personal Folders (outlook.pst) files for each user.
My recommendation for POP3 settings is (advanced tab):
Do you need to take the current contents of their mailboxes too?
If so, the easiest way is to tell them you will be turning Exchange off, and that they must copy any mails they want to keep to their personal folders file. After some time has passed, and you have reminded everyone several times, turn Exchange off and wait to see if you get any complaints. If you do, you can turn it back on temporarily to let them do the copy.
Finally, I really suggest something like Netmeeting or SMS (or PCAnywhere or VNC... but I tend to go with vendor products, particularly when they are free, as Netmeeting is) to allow you to assist users who can't do it themselves.
Good luck!
If I remember correctly (wherever I heard it that is, not the event), the moon was formed out of part of the earth, in a collision with a massive body. Imagine a liquid droplet held together under it's own gravity, and then a splash!
Safety margins are a variable adjustable at will by engineers. Both types of rocket will be a safe as it is considered economic to be. This may mean that SSTO is not safe enough to use.
My point is, that it is not a matter of waiting for it to pan out: Failure rate is a decision by engineers, to the extent that available knowlege permits.
The validity of the exercise is compromised by his assumption that that multiple processes as opposed to multiple threads was the best choice for whatever his benchmark is supposed to model, and that if they are, RPC, COM or shared memory are not more appropriate to the IPC task. Windows has many ways of doing IPC and concurrent tasking, and most applications use other IPC methods than pipes. This failure of choice is an important reason why such like-for-like benchmarks are of little value.
In short, these "high-performance techniques" are high-performance on Linux only, the way he does it. On windows, other methods, not available on Linux, are more used.
Mod you +1 funny.
It is now, was always, and will continue to be in the near future, possible to install unsigned drivers. Go to:
Start->Settings->Control Panel-> System Applet-> Hardware Tab-> Driver Signing Button...
The dialog there presents you with three options:
I'm not really sure this supports the point that Napster is OK.
The first three articles are these:
Grateful Dead ungrateful for song piracy
Grateful Dead takes no-nonsense approach to digital piracy
Pirating, Like the Doo-Dah Man
A sampling of other stories brings up discussions on O'Reilly and other places with some claims that the Dead encouraged bootlegging, but with the AP story saying "The band has never authorized bootlegged copies of its studio recordings." And again:
That clearly rules out Napster, as (AFAIR) it was advertising-funded.
Yes it is.
Holograms don't store the whole picture in each part. You've been reading too much Dorling Kindersley.
What makes a hologram is that the picture changes with the viewing angle, so that each eye gets a different image. The difference between a true hologram and those lenticular postcards (usually of statues of the Virgin Mary in my experience) is that the picture changes proportionally with the angle, wheras the postcards have only two pictures, and you need to ensure each eye is within the correct viewing space for the appropriate image.
If you cut a hologram in half, and then look right at an angle through the glass, you can often just about make out the objects which appear (when viewed head on) in the part you removed. Information (bits) have (has) been removed however, as the information about what that object looked like head on is no longer present in the remainder of the hologram -- only the information about what it looks like from that extreme angle. The additional information is stored in diffraction patterns in the depth of the photographic emulsion used for this type of gift-shop hologram, as well as across the height and breadth as in typical photographs.
Thus the illusion that "each part of the hologram contains all the information" is due to the fact that with typical holographic subjects most of the information is redundant, as it consists of images of the same object from slightly different angles. In commercial storage, it is not likely that the bits will be used soley to provide redundancy in this way -- the point definitely is about getting more bits on.
Helicopters have a very low top forward airspeed, due to the rotor blades being limited by the speed of sound. The airspeed of the helicopter is therefore limited to the speed of sound minus the rotor tip speed.
With a tiltrotor system, the rotor tip speed is much less corrolated to airspeed, so the aircraft can go faster.
A sampling of the posts returned by Google showd that nearly all of them say "Al Qaeda hacked microsoft" or "Microsoft targeted by al qaeda".
For what it's worth.
IE doesn't get its own API in the Kernel. Nope, not at all, not ever, none etc.
That would be a Bill of Attainder, which would be explicitly illegal under the US constitution.
Running as System is NOT the same as running in Kernel space.
It means running without local security restrictions, and is precisely equivalent to running things as root. Administrator has reduced privilages compared to root or System.
The main (only?) reason to do this is if you need to do things with the privilages of other users, and even here NT provides proper impersonation facilities, so that's largely unneccessary if you are using an NT-supported authentication system, such as NTCR or X509 (I don't have a complete list, but you can write your own, like PAM in Linux -- if you trust yourself).
Also, FYI:
Internet Explorer runs neither in Kernel Space (I assume you mean kernel mode) nor as System, but as a user-mode process with the privilages of the user who started it.
The default installation of IIS has not run as System for about four years (maybe more, not sure, but at least four). Now it runs as IUSR_, which is a normal user and uses impersonation to check for file access privilages.
I don't know about Exchange, but I would be surprised if it ran a system these days.
Since Windows 2000 microsoft have had sandboxing of arbitrary processes with Job objects.
(FWIW, a Job object is a container for processes which can impose multiple restrictions on all children. Obvious, overdue stuff such as memory and processor quotas are included, but so is the ability to restrict which USER (windowing) objects a process can have access to. In principle this allows you to run untrusted GUI apps with lower privilages without the DOS/intrustion problems that come from features such as the clipboard, DDE, COM and so forth. Unfortunately you have to do this programattically, and MS don't appear to have done anything much with it yet from the perspective of the end user).
And of course system calls have always had restrictions on them, (though not on a per-function basis) via user rights.
I'm with you there. That's my standard operating procedure.
I do my classes the same way, copying the headings from my design document as comments for the functions I need and then filling them in as I get to them.
It saves referring to the design document all the time since the headings are descriptive, and since I include the section numbers, it speeds up referring to them when I need to.
Cheers,
Ben Liddicott
The Microsoft system of printer sharing is based on having a printer-specific driver for each printer. This permits the application to invoke a printer-specific options page for any printer, past, present or future, without having to decide which printers they wish to support. It also allows the printer to support a variety of spool formats, from plain text to PCL, PostScript and GDI.
It also in turn allows printer manufacturers to add new, arbitrary features to their printers to control things like color models, printing multiple pages in one, draft modes of different types, control of different dithering models used when printing graphics, control over paper input trays, collation, stapling, and so on and so forth. The user is not forced to use the lowest common denominator, because the manufacturer supplies the GUI.
But if the manufacturer can't be bothered to produce a driver...
For what it's worth, I'll bet you can get it to work using a driver for another printer made by the same manufacturer on the client machine, if you can be bothered. Try the manufacturers website. They often have step-by-step instructions for this sort of thing. I'm assuming you are the same AC...
Firstly MS RPC is not "on top of" DCE RPC. It is an implementation of DCE RPC. Secondly if you make an RPC call, it can go over a variety of transports -- one of the great things about DCE RPC. Most windows boxes from NT4.0 onwards are configured to use IP by default.
Some more errors:
- RAP is not a layer in the stack for most of what you describe, only for the actual RAP functions, such as NetShareEnum. Most operations (such as open/read/lock) don't use it at all.
- Named Pipes are not "on top of" transactions. Transactions are an option for Named Pipes.
- Named pipes aren't on top of SMB. They are one of the things you can open using SMB, i.e. a type of file in a special part of the filesystem. The analogy is with character or block fifos in unix.
I might as well say:If you reduced it all down to copper wires imagine how efficient it could be! All you'd need is different voltages! Just code your application to read directly from an ADC!
You bought a printer from Microsoft? No? Well it was on the Hardware Compatibility List, right? No?
Some printers don't support network sharing. That's not an MS issue, it's a vendor issue.
MS Clients can't authenticate against standard Kerberos servers because they require a list of domain groups that the authenticated user belongs to, which is not provided by the Kerberos protocol. Since the first version of NT domain groups have been supported and since the first version of NTLM they have been provided with the original authentication token. This is because it requires less server resources (authentication and group lists come from the same database, so it is a saving to do both at the same time) and less network traffic (one rounddtrip instead of two).
AFAIK non-MS kerberos clients obtain these group lists via a directory service query, where they support domain groups at all.
To support authentication against SAMBA servers, the SAMBA guys just have to supply a packet in the extension field containing an empty group list, which should be trivial to reverse engineer. Alternatively if they want to use group lists they can use the documented SSPI API to write an authentication service that uses standard Kerberos together with a Directory Service query to provide the information Windows requires to authenticate. Additionally small amount of inspection of code and data packets should also reveal the wire format used, to enable the full functionality without an SSPI plugin.
The APIs are all there: Implement it. Why anyone think's it is Microsoft's job to do it is beyond me.
If you squeeze optical fibres the leak light, so no problem there.
For chips, I would think you'd have to design in ports specifically for monitoring, as is done for regular chips anyway.