It's also about people like nurses that travel to visit patients in their homes, who are being paid a salary for the hours they work, but in some cases not for the hours spent travelling to the first patient and from the last patient. If the company is not paying for the time spent travelling to the first job and from the last, there's no incentive to optimise the routes so they start/finish close to home.
Relatedly, I believe the reason that Word is being used as the exploit vector on Windows is because it doesn't have the sandboxing of IE/Firefox/Chrome. While you could get a lot more people to run the Windows attack code if you posted it on websites, it doesn't do any good when every popular browser newer than IE6 is locked down to not be able to launch arbitrary programs or write to most of the filesystem or registry.
I expect the type of crash and outcome is quite different between those cases. A distracted/texting driver is probably more likely to end up going full speed into who/whatever they hit without even any attempt to take evasive action, because they're distracted in the first place.
I'd expect in general the turn signal crashes are much less severe, e.g. one car running into the back of another when the first one slowed to turn off without signalling, even if their might be more of these type of accidents.
"Forcing a handle closed is equivalent to reaching into a program and freeing some memory. The program thinks the handle (or memory) is still valid and will continue to use it. But since the handle is really free, it will be reused for something else."
Haven't they already taken the first step with compulsory driver signing in their 64-bit OSes?
IIRC, one of the reasons for requiring driver signing was not for the logo certification part (which I thought remained optional, but I may be wrong on that) but actually to help with Microsoft's crash analysis efforts.
With a signed driver it's much easier to identify the vendor of a buggy driver, get in contact and ask them to fix their code, and even offer to push out an update via the Microsoft Update tool.
Close it when I'm done, it just goes to sleep. Open it when I need a quick weather map, it takes but 2 seconds to connect and fetch the map, then just close it. And it always works just like that.
Let's see Vista do that! [...]
Not that I usually go out of my way to defend Vista, but the Dell Vostro 1500 running Vista SP1 that I'm typing this on does exactly what you describe.
Apart from security updates - which occur usually once a month - it never gets rebooted (and reboots do take longer than I'd prefer, but have never timed it), and I always just use Vista sleep in-between sessions. It's pretty much ready as soon as I finish opening the lid, and I'm happy with that as an instant-on.
Well we do know that there are new API's in Vista that allow reservations of bandwidth for devices (like disk drives) and that media player does indeed make use of them (this has been demonstrated at events like Tech-Ed and Mark Russinovich's talks have contained demonstrations of this as well).
FYI, there is no countdown timer with an automatic reboot on Windows XP. There is an annoying nag that pops up every 30 minutes or so, asking whether the system could be rebooted. But no automatic reboot. But I guess you knew that already, didn't you?
If you want to stop the nagging about needing to reboot, you can go to the command prompt and type:
net stop wuauserv
This will stop the Automatic Updates service and it'll stop prompting you. Remember to reboot at some convenient point though, so the patched code can be loaded. Would be nice to have this option in the GUI (or at least a don't prompt for X hours option...) for situations where you'd really rather not reboot just yet.
Re:Clippy did its job... Unfortunatly.
on
The Death of Clippy
·
· Score: 2, Interesting
Personally, I think clippy represents what is wrong with office more than anything else. For most users Office is far too complicated, and has far too much functionality, so it "needed" a way to inform average users how to use some of the features.
Hence when Microsoft massively overhauled the Office 2007 UI, with the idea that people can easily find this functionality, Clippy became obsolete and was removed. I *think* Clippy may actually have been switched off by default in new installs of Office 2003 (or possibly XP.)
A clean install of Vista uses 544meg ram without any applications running - completely ridiculous IMHO.
Some of that may be for caches which would be released if an application requested more RAM. The OS might as well make use of it to reduce latency of other tasks whilst nothing else wants the RAM.
Not that different from the current situation. My wife's XP machine regulaly trashes hard drives. I have to start from her HP recovery disc, install it, then install 35 "critical updates" before it realizes that Service Pack 2 is out there. Then I install SP2, and 65 more critical updates.
You can solve the SP2 problem by downloading and burning this before you next reinstall.
I think being served a "no links" page could be seen as significant since it could be used for bad as well as good i.e. getting the good content indexed by the search engine, but when a user goes to the page they get a page full of spam links.
To be honest I'm not sure what algorithms are used (and I'd expect them to be proprietary to prevent people working around them) but I'm sure I've read of sites trying to subvert search engines by serving them different content, and then the search engines discovering this. But thinking about it some more maybe that's changed with sites becoming more dynamic and changing their content very frequently, or indeed with sites using lots of client-side script to partially/fully rewrite their own content (e.g. those Intellitxt links that underline half the words on a page.)
If you don't want search engines to follow links on your website(s), you could rely on them to give you a proper agent string so that you can serve pages that don't include hyperlinks. But that's ugly nonetheless.
If a search engine detects you're serving significantly different content to its robot than you are to the rest of the web (e.g. by comparing the contents served to a different IP with a web browser user agent string) it will probably erase your entire site from its index.
I don't like "phoning home" at all if you want my opinion. Why would you need to constantly call up Microsoft (figuratively) to find out if the site your on is valid? Wouldn't that be like giving MS usage statistics on your PC anyway? Why should they know what websites I browse?
I believe the Microsoft implementation only sends a hash of the URL to their servers, not the URL itself.
Re:I Would Have Signed Up...
on
Inside MySpace.com
·
· Score: 2, Informative
What's "noscript"?
An extension for Mozilla based browsers that disables JavaScript, Java etc except for sites you specifically whitelist.
Right at the start of that article, after the marketing blurb that leads any Microsoft 'technical document':
Although the number of changes to the Windows® XP kernel is small compared to the changes between Windows NT® 4.0 and Windows 2000 (the internal version number confirms this--Windows 2000 was originally Windows NT 5.0; Windows XP was version 5.1, not NT 6.0),
Sure, but the article at least goes to show that there is more to the Windows 2000 -> XP transition than being "...primarily, a cosmetic upgrade of the shell, plus a few minor changes to drivers" as the grandparent suggested. There's at least enough there to show that the differences are large enough to require fully re-testing the product on Windows 2000.
Kind of amusing considering that XP is, primarily, a cosmetic upgrade of the shell, plus a few minor changes to drivers. The kernel itself is even only a minor version # change from that of 2k's.
cause the windows updater is driving me crazy with microsoft's anti spyware product. i'm not interested in it, so when i tell to the updater not to install it, and to never ask it again, it'll soon ask me to install the version of the month before, if i disable that one, next month, etc....
i HATE that thing already (and haven't even installed it yet)
Do you mean the Malicious Software Removal Tool? That also gets delivered on Windows 2000, IIRC. It will run exactly once after install, and check for a number of common pieces of malware. It's not really an anti-spyware product as such, just a tool for cleaning up some of the more common pieces of malware users may have installed. It does not remain resident.
People will forget that and call up for support anyway. The product could get a bad reputation if there are problems on Windows 2000, and it's likely that many of those complaining/posting/blogging about the issues will mention they're running a unsupported configuration. In fact I'd expect quite a few "why did it even let me install it if they knew there would be problems..." comments regardless of the fact the user clicked through a dialog box agreeing to it.
* Machine freezes (but have started written stuff to the hard drive) * Hard shutdown * Startup * If I forget to choose a to reboot: Restore from hard drive, but data structures on the hard drive have been modified * Additional crap is written to the hard drive * File system trashed
Now:
* Normal reboot freezes * Reboot in safe mode freezes * Reboot from XP media in recovery console mode freezes when accessing the C: drive
Sounds like a serious hardware problem, rather than the OS. Honestly if that was the common experience this would have been all over Slashdot's front page multiple times.
For people suffering the "Insufficient resources to complete the API" a problem on an XPSP2 box with >=2GB RAM, the Hotfix linked a couple of posts above does fix the problem (at least it does on my XP box)
...and refusing to take a PC that has Vista loaded.
Ironically OEM installs are probably least impacted initially by the Activation process (unless the user tries to move the OS to another vendor's hardware), since many OEMs will install pre-activated copies of Windows that are tied to the vendor's BIOS:
OEM Activation for Windows Vista is a software protection technology for the Windows Vista operating system that improves upon System-Locked Preinstallation, which is available for Microsoft Windows XP operating systems. OEM Activation helps prevent the copying of legitimately licensed Windows Vista software onto non-licensed computers by associating the Windows operating system to the firmware of the physical computer.
In Windows XP, Microsoft started an initiative in the original equipment manufacturer (OEM) channel called System-Locked Preinstallation, to combat illegally installed copies of Windows while at the same time allowing OEMs to pre-activate Windows machines on the factory floor. OEM Activation for Windows Vista improves on this initiative, making the process easier for OEMs and making it much harder for pirates to crack the system by ensuring that Windows Vista SKUs licensed to an OEM will function only on that OEM's hardware. With this innovation, counterfeiters attempting to use Windows media improperly will be unable to install and activate the product using media intended for recovery and reinstall that is distributed by an OEM.
Advantages of OEM activation include persistent activation, activation without connecting to any activation provider, and the ability for OEMs to use custom media images. (The recovery media is also activated.) Additional requirements for the customer are the need to maintain recovery media specific to each OEM system configuration versus having a generic image to use across all hardware.
I use SysInternals' PsExec [sysinternals.com] to run certain programs as a limited user while I am logged in as an admin. For example, all my firefox shortcuts look like this: psexec -l -d "C:\Program Files\Mozilla Firefox\Firefox.exe".
If you use the same method to launch Firefox Preloader you'll ensure that Firefox always uses limited privileges, avoiding the possibility of a clicking a hyperlink from another application and invoking Firefox with admin privileges.
Re:Alternative Method
on
World Firefox Day
·
· Score: 2, Informative
Also the awful start up time !! Even the best IE basher will accept that IE is far better in this case!!!!
If your user account has higher-than-user privileges you can combine this with SysInternals' PsExec to launch Firefox Preloader with limited permissions -- this ensures ensures Firefox will always run with low privs even if it's opened via a hyperlink from another program:
Slashdot Mirror
It's also about people like nurses that travel to visit patients in their homes, who are being paid a salary for the hours they work, but in some cases not for the hours spent travelling to the first patient and from the last patient. If the company is not paying for the time spent travelling to the first job and from the last, there's no incentive to optimise the routes so they start/finish close to home.
Actually from Office 2010 onwards it does have a sandboxed mode which is triggered based on the origin of the document:
http://blogs.technet.com/b/office2010/archive/2009/08/13/protected-view-in-office-2010.aspx
Incidentally I'm not sure Firefox has a sandbox as such at least on Windows - e.g. it doesn't run as a low integrity process like IE.
I expect the type of crash and outcome is quite different between those cases. A distracted/texting driver is probably more likely to end up going full speed into who/whatever they hit without even any attempt to take evasive action, because they're distracted in the first place.
I'd expect in general the turn signal crashes are much less severe, e.g. one car running into the back of another when the first one slowed to turn off without signalling, even if their might be more of these type of accidents.
Using such a program has a very good chance of causing random file corruption:
http://technet.microsoft.com/en-us/magazine/2009.04.windowsconfidential.aspx
"Forcing a handle closed is equivalent to reaching into a program and freeing some memory. The program thinks the handle (or memory) is still valid and will continue to use it. But since the handle is really free, it will be reused for something else."
IIRC, one of the reasons for requiring driver signing was not for the logo certification part (which I thought remained optional, but I may be wrong on that) but actually to help with Microsoft's crash analysis efforts.
With a signed driver it's much easier to identify the vendor of a buggy driver, get in contact and ask them to fix their code, and even offer to push out an update via the Microsoft Update tool.
Not that I usually go out of my way to defend Vista, but the Dell Vostro 1500 running Vista SP1 that I'm typing this on does exactly what you describe.
Apart from security updates - which occur usually once a month - it never gets rebooted (and reboots do take longer than I'd prefer, but have never timed it), and I always just use Vista sleep in-between sessions. It's pretty much ready as soon as I finish opening the lid, and I'm happy with that as an instant-on.
HttpOnly cookies
net stop wuauserv
This will stop the Automatic Updates service and it'll stop prompting you. Remember to reboot at some convenient point though, so the patched code can be loaded. Would be nice to have this option in the GUI (or at least a don't prompt for X hours option...) for situations where you'd really rather not reboot just yet.
I think being served a "no links" page could be seen as significant since it could be used for bad as well as good i.e. getting the good content indexed by the search engine, but when a user goes to the page they get a page full of spam links.
To be honest I'm not sure what algorithms are used (and I'd expect them to be proprietary to prevent people working around them) but I'm sure I've read of sites trying to subvert search engines by serving them different content, and then the search engines discovering this. But thinking about it some more maybe that's changed with sites becoming more dynamic and changing their content very frequently, or indeed with sites using lots of client-side script to partially/fully rewrite their own content (e.g. those Intellitxt links that underline half the words on a page.)
See https://addons.mozilla.org/firefox/722/
For people suffering the "Insufficient resources to complete the API" a problem on an XPSP2 box with >=2GB RAM, the Hotfix linked a couple of posts above does fix the problem (at least it does on my XP box)
http://download.microsoft.com/download/c/2/9/c293
If your user account has higher-than-user privileges you can combine this with SysInternals' PsExec to launch Firefox Preloader with limited permissions -- this ensures ensures Firefox will always run with low privs even if it's opened via a hyperlink from another program:
(I first saw this tip in a blog comment on SysInternals site regarding PsExec and have used it ever since)
Unless you're already running inside a Virtual Machine, of course ;)3 0221
http://it.slashdot.org/article.pl?sid=06/03/11/01