First of all, a better long-term solution is DNSSEC. Because DNSSEC records are signed, there's a chain of trust going all the way back to the DNS root servers. Because you can trust DNS with DNSSEC, you can just store a certificate alongside your A records, and the browser can validate using that instead of some third-party CA certificate list.
It's a much cleaner system than the current CA one because the incentive are in the right place: as the manager of your DNS, you have every incentive to make your identity hard to forge.
Agreed, given Microsoft's backwards compatibility constraints. However, Microsoft made a terrible error: Microsoft opened a gaping hole in the UAC security model by --- wait for it --- not protecting the UAC-enabled switch with UAC.
Vista sucking has a lot more to do with sociology than technology. The problem was that marketdroids severely understated Vista's hardware requirements, tried to segment the market too finely with too many editions, and outright lied about the user experience at some levels of hardware capability. What's what marketdroids do: they lie for profit.
But marketdroid lies notwithstanding, the underlying technology behind Vista wasn't bad: far from it, actually. For the first time, there's a half-decent security model for the average user. (I don't buy that UAC sucks.) There are a ton of kernel and API improvements behind the scenes. We have symlinks, even!
Sure, there were a couple release-day bugs, but every OS has those. XP had a similar number of pre-SP1 issues. And hell, it had fewer than the first version of RHEL5 (that OS paused for a full five minutes on every boot, polling SATA drives that never came, until a patch fixed the issue.)
The "Vista sucks" meme, however, spread virally because 1) we all love to hate Microsoft, and 2) most users really can't tell the difference between good technology and bad, but they can certainly parrot what their friends say. It doesn't help that Vista really did suck for some users who were running on underpowered hardware. (If you want to argue that Vista's hardware requirements are too high, we can do that, but Vista doesn't suck on the hardware for which it was designed.)
Really, Microsoft could just rebrand Vista as Windows 7 and release it today to great acclaim: in fact, that's precisely what they did. Since Vista's release, even low-end hardware has caught up to Vista's original requirements, so despite the inevitable lies from marketing, Vista^H^H^H^H^HWindows 7 will now run fine for a lot more people. The new name kills the old meme, and forces people to reconsider whether Vista sucks.
tl;dr: Vista doesn't suck on the hardware for which it was designed. In fact, it's a vast improvement. Marketing sucks for lying about what hardware you need for Vista, however, which put a bad taste in people's mouths.
pthreads-win32 is excellent, but regrettably, LGPL licensed. It's interesting to note how complex it has to be to give you POSIX semantics --- pre-Vista win32 threading primitives are fundamentally flawed.
Vista, on the other hand, gives us brand-new innovative 21st-century Microsoft technologies like condition variables.
I'm working on a rather large cross-platform C++ project at the moment. Here are a few tips:
Use Boost. It's a very liberally-licensed, high-quality library from the people who created the C++ language itself. It contains a ton of cross-platform libraries that do lots of useful things, from threads to regular expressions to writing testsuites and parsing command-line options. If Boost provides a piece of functionality, there's very little reason not to use its version.
See rule #1.
If you need cross-platform code that isn't in Boost, at least use the following approach:
Create a common interface definition
In separate files, implement the interface in terms of various platforms' primitives
Keep platform-specific code out of the rest of your program; if you can help it, don't even include platform headers in most of your program
Use autoconf to handle platform idiosyncrasies. There are a ton of available macros to help detect things about a build platform.
Write testcases. You should write tests for all your programs, but it's especially important to do it for cross-platform code because it's easy to break something and not notice.
So the court, by mentioning the dictates of precedent in the first place, is implying that it thinks licensing is the preferred policy? How on earth is that pro-precedent and policy-neutral?
MITM attacks are relatively hard to exploit. You're essentially limited to wireless networks, or hostile LANs.
You're also vulnerable to wiretaps, compromised routers, and all kinds of other network malfeasance. Hostile networks are an eventuality, not a possibility.
this isn't a big deal since if you can already perform a MITM attack there's countless ways to trick the user into thinking the site is secure without even touching SSL.
Clearly, we need to educate users as well. But that education is futile unless there are real mechanisms diligent users can use to verify their security.
I've personally witnessed people buying brand-new Vista-laptops, and their winsxs partition expanded to 15-20 GBs
Those files are hard links to files elsewhere on the system. That 15-20GB is being used elsewhere. If you deleted the sxs directory, you wouldn't get that space back.
CAs have no incentive to act responsibly, since their customers are certificate requestors, not relying parties. And certificate requestors like CAs who don't have heavy process and high fees.
Five minutes later I was in the possession of a legitimate certificate issued to mozilla.com - no questions asked - no verification checks done - no control validation - no subscriber agreement presented, nothing
AFAIK, the law supports your position. But I really think we need to examine whether that's the kind of society we want. It's perfectly fine for a small business to arbitrarily refuse to have a relationship with a particular person. That person can go elsewhere, and the small business is only hurting itself. But large companies like PayPal are different. They form an integral part of the fabric of modern life. When one of these large companies denies service to an individual, that person's quality of life is reduced without an opportunity for rebuttal, or for a fair judgment by his peers. These companies have become de facto utilities, and just as the electric company cannot turn off your lights because of a personal grudge, PayPal should not be able to arbitrarily cripple your ability to send and receive money.
When a company gains quite a bit from being large enough to matter in this way; it should give something in return.
Interesting summary and paper. The gist of it is that EV-validating the main page doesn't help if it pulls in content that's protected by a weaker certificate.
I can't believe browsers do this. Just like there's a warning when a page protected by normal SSL includes unprotected content, there ought to be a warning about an EV-validated page including non-EV-validated content.
It's really terrifying how people who really should know better are negligent when it comes to browser security.
All of the data binding controls fail to properly HTML encode strings coming from a database. This makes virtually all ASP.NET applications ripe for exploits via XSS or other script injection attacks. The one time I wrote an ASP.NET app, I had to spend weeks going through and replacing all of the simple-looking bind statements with explicit calls to a method that would both bind and encode. Even in the upcoming 4.0 release, the flaw is still there. I suspect that it won't ever get fixed.
To be fair, that's the kind of thing Microsoft really can't fix: plenty of people depend on outputting HTML stored in the database, and making escaping the default would break these users. We can debate the usefulness of Microsoft's compatibility-über-alles approach, but you can't fix that problem and preserve backward compatibility.
Do you really think the average user is going to notice a lack of green bar? Internet Explorer is going to accept this certificate as valid for https://www.paypal.com/ and there will be no hints to the user that it's actually illegitimate.
There are some things that should be taught in every school in America. Just as there are mandatory classes in sex education and home economics, there ought to be a mandatory class (at least a short one) about basic computer safety. This isn't a complete list, but it's a start:
Never type a password into a site unless you see a lock icon in your browser.
If you're used to seeing a green bar, and it disappears*, something is wrong.
Don't click "ignore" when your computer gives you some gibberish about a certificate. That means something is wrong.
Never open emailed attachments.
Never click "yes" to dialogs you weren't expecting.
Really, there is no prince wanting to give you millions of dollars for nothing.
Wouldn't it be easier to just paint the roof white so that the building reflects more heat and needs less cooling in the summer? (In the winter, insulation will keep the heat inside.)
And wouldn't it also help to use lighter pavement to reduce the urban heat island effect?
It just seems like photovoltaic shingles are pretty low on the net-payback list.
The problem happens in VC++. The new operator eventually calls malloc() which eventually calls GlobalAlloc(), through chains of function calls that are fairly non-obvious, unless you read the disassembly or the source. GlobalAlloc()
I see. It seems like one way out for Microsoft would be to make one more revision to the CRT's malloc/free machinery, and have it *directly* calls GlobalAlloc and GlobalFree, then put the optimizations that used to be in malloc() into GlobalAlloc, the latest version of which is automatically used by all applications.
Big govt + Big corporations = all your money are belong to us
Actually, small government leads to large corporations. At least I can change the behavior of the government by voting; a huge corporation? Not a chance.
It could map the whole library, but that doesn't mean the library takes up RAM. The kernel pages in the library a page at a time. It doesn't even use any swap because the library pages are backed by the shared library file.
Slashdot Mirror
First of all, a better long-term solution is DNSSEC. Because DNSSEC records are signed, there's a chain of trust going all the way back to the DNS root servers. Because you can trust DNS with DNSSEC, you can just store a certificate alongside your A records, and the browser can validate using that instead of some third-party CA certificate list.
It's a much cleaner system than the current CA one because the incentive are in the right place: as the manager of your DNS, you have every incentive to make your identity hard to forge.
Agreed, given Microsoft's backwards compatibility constraints. However, Microsoft made a terrible error: Microsoft opened a gaping hole in the UAC security model by --- wait for it --- not protecting the UAC-enabled switch with UAC.
Vista sucking has a lot more to do with sociology than technology. The problem was that marketdroids severely understated Vista's hardware requirements, tried to segment the market too finely with too many editions, and outright lied about the user experience at some levels of hardware capability. What's what marketdroids do: they lie for profit.
But marketdroid lies notwithstanding, the underlying technology behind Vista wasn't bad: far from it, actually. For the first time, there's a half-decent security model for the average user. (I don't buy that UAC sucks.) There are a ton of kernel and API improvements behind the scenes. We have symlinks, even!
Sure, there were a couple release-day bugs, but every OS has those. XP had a similar number of pre-SP1 issues. And hell, it had fewer than the first version of RHEL5 (that OS paused for a full five minutes on every boot, polling SATA drives that never came, until a patch fixed the issue.)
The "Vista sucks" meme, however, spread virally because 1) we all love to hate Microsoft, and 2) most users really can't tell the difference between good technology and bad, but they can certainly parrot what their friends say. It doesn't help that Vista really did suck for some users who were running on underpowered hardware. (If you want to argue that Vista's hardware requirements are too high, we can do that, but Vista doesn't suck on the hardware for which it was designed.)
Really, Microsoft could just rebrand Vista as Windows 7 and release it today to great acclaim: in fact, that's precisely what they did. Since Vista's release, even low-end hardware has caught up to Vista's original requirements, so despite the inevitable lies from marketing, Vista^H^H^H^H^HWindows 7 will now run fine for a lot more people. The new name kills the old meme, and forces people to reconsider whether Vista sucks.
tl;dr: Vista doesn't suck on the hardware for which it was designed. In fact, it's a vast improvement. Marketing sucks for lying about what hardware you need for Vista, however, which put a bad taste in people's mouths.
[citation needed]
pthreads-win32 is excellent, but regrettably, LGPL licensed. It's interesting to note how complex it has to be to give you POSIX semantics --- pre-Vista win32 threading primitives are fundamentally flawed.
Vista, on the other hand, gives us brand-new innovative 21st-century Microsoft technologies like condition variables.
Err, no thanks. If I'm going to buy a special-purpose tiny vehicle, I'll buy one that is even more fuel efficient, and doesn't look ridiculous.
I'm glad I have mine (though it's only a second-generation.)
So the court, by mentioning the dictates of precedent in the first place, is implying that it thinks licensing is the preferred policy? How on earth is that pro-precedent and policy-neutral?
You're also vulnerable to wiretaps, compromised routers, and all kinds of other network malfeasance. Hostile networks are an eventuality, not a possibility.
Clearly, we need to educate users as well. But that education is futile unless there are real mechanisms diligent users can use to verify their security.
Those files are hard links to files elsewhere on the system. That 15-20GB is being used elsewhere. If you deleted the sxs directory, you wouldn't get that space back.
What makes you think your own code is any better?
So in your book, a monoculture is okay so long as it's an open source monoculture?
OpenSSL's license is incompatible with the GPL, by the way, so we need at least two SSL libraries in the world.
Especially Comodo:
AFAIK, the law supports your position. But I really think we need to examine whether that's the kind of society we want. It's perfectly fine for a small business to arbitrarily refuse to have a relationship with a particular person. That person can go elsewhere, and the small business is only hurting itself. But large companies like PayPal are different. They form an integral part of the fabric of modern life. When one of these large companies denies service to an individual, that person's quality of life is reduced without an opportunity for rebuttal, or for a fair judgment by his peers. These companies have become de facto utilities, and just as the electric company cannot turn off your lights because of a personal grudge, PayPal should not be able to arbitrarily cripple your ability to send and receive money.
When a company gains quite a bit from being large enough to matter in this way; it should give something in return.
Interesting summary and paper. The gist of it is that EV-validating the main page doesn't help if it pulls in content that's protected by a weaker certificate.
I can't believe browsers do this. Just like there's a warning when a page protected by normal SSL includes unprotected content, there ought to be a warning about an EV-validated page including non-EV-validated content.
It's really terrifying how people who really should know better are negligent when it comes to browser security.
To be fair, that's the kind of thing Microsoft really can't fix: plenty of people depend on outputting HTML stored in the database, and making escaping the default would break these users. We can debate the usefulness of Microsoft's compatibility-über-alles approach, but you can't fix that problem and preserve backward compatibility.
There are some things that should be taught in every school in America. Just as there are mandatory classes in sex education and home economics, there ought to be a mandatory class (at least a short one) about basic computer safety. This isn't a complete list, but it's a start:
* browsers should warn about this case.
Wouldn't it be easier to just paint the roof white so that the building reflects more heat and needs less cooling in the summer? (In the winter, insulation will keep the heat inside.)
And wouldn't it also help to use lighter pavement to reduce the urban heat island effect?
It just seems like photovoltaic shingles are pretty low on the net-payback list.
I see. It seems like one way out for Microsoft would be to make one more revision to the CRT's malloc/free machinery, and have it *directly* calls GlobalAlloc and GlobalFree, then put the optimizations that used to be in malloc() into GlobalAlloc, the latest version of which is automatically used by all applications.
I meant hard linking, not static linking. Toolchains on the brain. :-)
Thanks. I knew there was a reason to stick with mingw32. Expecting programs to cart around their libc implementations is crazy.
Actually, small government leads to large corporations. At least I can change the behavior of the government by voting; a huge corporation? Not a chance.
It could map the whole library, but that doesn't mean the library takes up RAM. The kernel pages in the library a page at a time. It doesn't even use any swap because the library pages are backed by the shared library file.
Name a modern operating system that always brings in entire shared libraries.