What exactly about my comment is bullshit? Up until recently most linux distributions would come out of the box with security being dependent on the classic CHMOD filesystem security. I can only assume (hope) the ACL kernel patches have made it into newer mainstream linux distributions.
I'm well aware of OS security. My comment had nothing to do with BSD, or any other OS outside of Linux.
There's a reason for user mode and kernel mode. Just because the "system" CAN have full permissions to everything, doesn't mean that it should!
And MS has agreed with this since NT4. Remove your user account from the Administrator group and. surprise, your system is fully protected, and spyware/viruses aren't a problem because executables cannot modify system folders or system registry. In fact, Win2k/Xp/2k3 have much richer access implementations than the unix filesystem protection in vanilla linux distribution -- you'll need to get the ACL kernels for matching capabilities.
The real problem is the MS marketing dept, which opted to not confuse Grandma and make accounts Admin by default. Longhorn will make accounts limited by default, and in addition when logged in as admin it will drop priviledges of all apps that don't need admin priviledges (like IE), which is pretty cool.
Security is, and always has been, a goal with Firefox.
I agree that firefox is more secure, but I'm always intrigued with these kinds of comments like the one above... How does Firefox's development cycle differ from other products that makes it such a secure offering? (lets exclude MS from this discussion) Firefox's development seems like a pretty standard OSS model. Why should I hedge my bets on Firefox and not some other OSS browser, or an alternative like Opera which doesn't seem to have as many vulnerabilities posted on Slashdot?
I'm a dev on Longhorn, and believe it or not, at least for our project, we have a lab running linux and OSX machines, as well as tons of other networked appliances, to make sure our new stuff communicates with succesfully with their stuff. Plenty of us run linux servers at home.
Doom 3 was a poor game. It amounts to hours and hours of running down cramped hallways, encountering monsters that other than visually don't really differ much. It gets really boring really quick.
The game feels more like one long technology demo, than something built to provide compelling entertainment. And even being a technology demo, the results are less than impressive. The vast, lush environments in HL2 make the cramped environments in Doom 3 look quaint in comparison, even if the Doom 3 engine, with its real time lighting, is ultimately more advanced. I wonder if Doom 3 can even handle environments that have the same scope as HL2. The portions of Doom 3 that take place on the outside of Mars look really bad. Hell ends up being a bit more impressive, but it quickly reverts back to the familiar small enclosed envirnoment.
Hopefully the Quake 4 team will be able to make a more compelling game.
The DS is an unforgivably underpowered portable (in terms of processor and graphics). The two screens a gimmic that gets old after a few days. It's wireless capibility is pretty nifty, but the games are very underwhelming.
The PSP is essentially a PDA that can play music, movies, and can play games with graphics/features somewhere between the PS1 and PS2.
Re:Too many fronts for Microsoft
on
Gates on Google
·
· Score: 1
You seem to assume that all the projects within microsoft are managed by a small group of people, and so it becomes impossible to do each one well. The fact is, each product has their own buildings, their own management, their own developers, etc... As you go up eventually the heirarchy starts going down to the few VPs and such, but in general you do have each group focused on their own product, and as far as that group is concerned they are trying to do 'one thing well'. Maybe a lot of them are failing, but there's no indication that were that team it's own company, it would be any different.
NVIDIA Geforce cards have had 512mb of RAM for a few months now, with similar caveats from reviewers that it really doesn't make a huge difference in performance.
Our production win2k3 servers have uptimes that are only interrupted by security upgrade reboots. What applications are you referring to when it comes to memory leaks?
Cartridges also meant that for a game maker, they'd have to spend upwards of $5-$10 per copy of the game, while CDs, even back then, were within the.25 -.50 range. Attach that price to the stringent licensing price of Nintendo itself, and the hard-to-program-for SDK, and it didn't make a lot of sense to make games for the console.
sigh... i should have written my post more carefully. My example was purposefully very simple. A system like the one I described would be very easy to implement in a regular database, with a handful of tables and a few stored procedures. I would have hoped the poster of the 'go simple' idea would have gone ahead and explained how such a system would have been done directly on a filesystem -- an idea that seems absolutely ridiculous.
Re:Atomicity in filestores is a great benefit
on
The Future of Databases
·
· Score: 2, Informative
Does reiserFS support atomicity at the group level? Can I edit a group of 30 files, and only once the modifications are done for those 30 files do we commit it to the file system, and in any other case none of the files change? That is a major feature of a transactional database, where you can modify various tables simultaneously and if at any point there are issues, all the data is easily restored by doing a roll-back.
Sorry, I was a bit unclear in my post. I meant that I'd like the original poster to clarify what they mean. Given the example I pose, how exactly would you 'go simple' and use reiserfs instead of a full SQL system that handles this problem perfectly?
This random example just server to clarify what you mean -- How implement a airline database that has entries for 1,000,000 customers, 150,000 flights a year, and 12,000,000 reservations a year? and what would a query look like to find an open flight on a particular date range, and register a reservation? And how would doing all this on a ReiserFS be any less prone to data corruption than an often backed up database?
Has there been any info leaked about the PS3 SDK? Programming a game on a massively parallel platform like the CELL can't be easy, especially for a console industry used to a fairly traditional hardware environment.
In many respects, the Saturn failed because the SDK was just too hard to work with, as did the N64 (although that also had the cartridge limitation to further pull it down).
Given that it seems like the PS3 will surely trounce the Xbox360 in HW capabilities, I wonder whether ease of development will have the final say on who has the better gaming platform.
You know we develop features in subgroups, right?:) It's still a lot of code, but the WSI team (windows security initiative) is pretty big, and the people assigned to your modlue are fairly familiar with the code by the time it is ready to ship, given that we've had security reviews with them during every milestone.
It's interesting to look into vulnerabilities within MS products pre and post their 2003 security push. Before 2003 their products were shamefully insecure. In 2003 they stopped all development for a month while the whole company underwent extensive security training, and re-vamped their development process. Since then their software has steadily hardened. I think the company gets a ton of flac now a days particularly for the bad taste it left in our mouthes in the early 2000's, but there's not much recognition of the solidness in their new offerings. I know it may be counter intuitive to say this on a thread discussing an MSN vulnerability, but seriously the vulnerability is pretty tame -- a link sent in a message.
IIS5 was a travesty, but IIS6 hasn't had a major vulnerability (it has had vulnerabilities like any software, but nothing widespread or critically dangerous). Here's an interesting comparison between IIS6 and Apache2, from Michael Howard -- http://blogs.msdn.com/michael_howard/archive/2004/ 10/15/242966.aspx
win2k server was an alright platform, but win2k3 has proven itself to be rock solid. Again it has had vulnerabilities like any product, but nowhere near the number or severity of previous offerings.
As an MS employee I can say that now security is a massive part of ever stage of planning, from the design of the architecture to the code itself. We go through countless threat analisys, at every milestone we have security check points with external teams (within MS) who specialize in security. Once we are ready to ship the code, it still has to be sent to the security team for a final review and only when they give permission can it be released. I doubt other companies go to these extremes to try to secure their software. MS still has a lot to prove, but I'm pretty confident the days of MS ignoring security for usability will be a distant memory in the next few years.
Isn't it interesting how vulnerabilities in Firefox have spiked in the past 6 months since it's wide adoption? Could it be possible that widely used software is more likely to be targeted than those products with a small user base?
Slashdot Mirror
What exactly about my comment is bullshit? Up until recently most linux distributions would come out of the box with security being dependent on the classic CHMOD filesystem security. I can only assume (hope) the ACL kernel patches have made it into newer mainstream linux distributions.
I'm well aware of OS security. My comment had nothing to do with BSD, or any other OS outside of Linux.
There's a reason for user mode and kernel mode. Just because the "system" CAN have full permissions to everything, doesn't mean that it should!
And MS has agreed with this since NT4. Remove your user account from the Administrator group and. surprise, your system is fully protected, and spyware/viruses aren't a problem because executables cannot modify system folders or system registry. In fact, Win2k/Xp/2k3 have much richer access implementations than the unix filesystem protection in vanilla linux distribution -- you'll need to get the ACL kernels for matching capabilities.
The real problem is the MS marketing dept, which opted to not confuse Grandma and make accounts Admin by default. Longhorn will make accounts limited by default, and in addition when logged in as admin it will drop priviledges of all apps that don't need admin priviledges (like IE), which is pretty cool.
Security is, and always has been, a goal with Firefox.
I agree that firefox is more secure, but I'm always intrigued with these kinds of comments like the one above... How does Firefox's development cycle differ from other products that makes it such a secure offering? (lets exclude MS from this discussion) Firefox's development seems like a pretty standard OSS model. Why should I hedge my bets on Firefox and not some other OSS browser, or an alternative like Opera which doesn't seem to have as many vulnerabilities posted on Slashdot?
I'm a dev on Longhorn, and believe it or not, at least for our project, we have a lab running linux and OSX machines, as well as tons of other networked appliances, to make sure our new stuff communicates with succesfully with their stuff. Plenty of us run linux servers at home.
So you are still running kernel version 0.99.2?? That's impressive!
How do you upgrade your kernel if not by recompiling to create the new kernel image?
Because recompiling the kernel to apply a security fix is somehow easier?
Doom 3 was a poor game. It amounts to hours and hours of running down cramped hallways, encountering monsters that other than visually don't really differ much. It gets really boring really quick.
The game feels more like one long technology demo, than something built to provide compelling entertainment. And even being a technology demo, the results are less than impressive. The vast, lush environments in HL2 make the cramped environments in Doom 3 look quaint in comparison, even if the Doom 3 engine, with its real time lighting, is ultimately more advanced. I wonder if Doom 3 can even handle environments that have the same scope as HL2. The portions of Doom 3 that take place on the outside of Mars look really bad. Hell ends up being a bit more impressive, but it quickly reverts back to the familiar small enclosed envirnoment.
Hopefully the Quake 4 team will be able to make a more compelling game.
Not very long. MSAV is already in the works.
s +software+leak+out/2100-7349_3-5287496.html
http://news.com.com/Details+of+Microsoft+antiviru
The DS is an unforgivably underpowered portable (in terms of processor and graphics). The two screens a gimmic that gets old after a few days. It's wireless capibility is pretty nifty, but the games are very underwhelming.
The PSP is essentially a PDA that can play music, movies, and can play games with graphics/features somewhere between the PS1 and PS2.
You seem to assume that all the projects within microsoft are managed by a small group of people, and so it becomes impossible to do each one well. The fact is, each product has their own buildings, their own management, their own developers, etc... As you go up eventually the heirarchy starts going down to the few VPs and such, but in general you do have each group focused on their own product, and as far as that group is concerned they are trying to do 'one thing well'. Maybe a lot of them are failing, but there's no indication that were that team it's own company, it would be any different.
NVIDIA Geforce cards have had 512mb of RAM for a few months now, with similar caveats from reviewers that it really doesn't make a huge difference in performance.
Our production win2k3 servers have uptimes that are only interrupted by security upgrade reboots. What applications are you referring to when it comes to memory leaks?
what do you do when a new linux kernel security patch comes out? buy a new pc? :)
Cartridges also meant that for a game maker, they'd have to spend upwards of $5-$10 per copy of the game, while CDs, even back then, were within the .25 - .50 range. Attach that price to the stringent licensing price of Nintendo itself, and the hard-to-program-for SDK, and it didn't make a lot of sense to make games for the console.
sigh... i should have written my post more carefully. My example was purposefully very simple. A system like the one I described would be very easy to implement in a regular database, with a handful of tables and a few stored procedures. I would have hoped the poster of the 'go simple' idea would have gone ahead and explained how such a system would have been done directly on a filesystem -- an idea that seems absolutely ridiculous.
Does reiserFS support atomicity at the group level? Can I edit a group of 30 files, and only once the modifications are done for those 30 files do we commit it to the file system, and in any other case none of the files change? That is a major feature of a transactional database, where you can modify various tables simultaneously and if at any point there are issues, all the data is easily restored by doing a roll-back.
Sorry, I was a bit unclear in my post. I meant that I'd like the original poster to clarify what they mean. Given the example I pose, how exactly would you 'go simple' and use reiserfs instead of a full SQL system that handles this problem perfectly?
I agree. I'm trying to figure out what the original poster meant by their post, which seemed a bit nonesensical.
This random example just server to clarify what you mean -- How implement a airline database that has entries for 1,000,000 customers, 150,000 flights a year, and 12,000,000 reservations a year? and what would a query look like to find an open flight on a particular date range, and register a reservation? And how would doing all this on a ReiserFS be any less prone to data corruption than an often backed up database?
Has there been any info leaked about the PS3 SDK? Programming a game on a massively parallel platform like the CELL can't be easy, especially for a console industry used to a fairly traditional hardware environment.
In many respects, the Saturn failed because the SDK was just too hard to work with, as did the N64 (although that also had the cartridge limitation to further pull it down).
Given that it seems like the PS3 will surely trounce the Xbox360 in HW capabilities, I wonder whether ease of development will have the final say on who has the better gaming platform.
You know we develop features in subgroups, right? :) It's still a lot of code, but the WSI team (windows security initiative) is pretty big, and the people assigned to your modlue are fairly familiar with the code by the time it is ready to ship, given that we've had security reviews with them during every milestone.
How would they fix this vulnerability at 'design time'? Disable links in IE, OE and Messenger?
:)
/ 10/15/242966.aspx
It's interesting to look into vulnerabilities within MS products pre and post their 2003 security push. Before 2003 their products were shamefully insecure. In 2003 they stopped all development for a month while the whole company underwent extensive security training, and re-vamped their development process. Since then their software has steadily hardened. I think the company gets a ton of flac now a days particularly for the bad taste it left in our mouthes in the early 2000's, but there's not much recognition of the solidness in their new offerings. I know it may be counter intuitive to say this on a thread discussing an MSN vulnerability, but seriously the vulnerability is pretty tame -- a link sent in a message.
IIS5 was a travesty, but IIS6 hasn't had a major vulnerability (it has had vulnerabilities like any software, but nothing widespread or critically dangerous). Here's an interesting comparison between IIS6 and Apache2, from Michael Howard -- http://blogs.msdn.com/michael_howard/archive/2004
win2k server was an alright platform, but win2k3 has proven itself to be rock solid. Again it has had vulnerabilities like any product, but nowhere near the number or severity of previous offerings.
As an MS employee I can say that now security is a massive part of ever stage of planning, from the design of the architecture to the code itself. We go through countless threat analisys, at every milestone we have security check points with external teams (within MS) who specialize in security. Once we are ready to ship the code, it still has to be sent to the security team for a final review and only when they give permission can it be released. I doubt other companies go to these extremes to try to secure their software. MS still has a lot to prove, but I'm pretty confident the days of MS ignoring security for usability will be a distant memory in the next few years.
Run Outlook Express > Options > uncheck 'Automatically log on to Windows Messenger'
Messenger won't come up automatically.
But again I agree it's a pain.
Isn't it interesting how vulnerabilities in Firefox have spiked in the past 6 months since it's wide adoption? Could it be possible that widely used software is more likely to be targeted than those products with a small user base?