Microsoft DOES charge for extended support for old products. It's called a Custom Support Agreement (CSA). I believe it's expensive, but you CAN get support for really old products.
Here's the problem: When did you last perform this analysis? If you didn't do it, when did someone else last do it? How do you know you can trust the person who claims to have last done the analysis?
Ultimately you MUST trust someone. Because all modern systems are far too complex for any one person (or team of persons) to fully understand and analyze. It would NOT be unreasonable to spread a single backdoor across multiple components (especially if the implementation of those components isn't the best documented code). Such a backdoor would be extremely difficult to find even WITH assembly and source code auditing.
Interesting. I've always used "syntactic sugar" to mean language features that are fundamentally implemented in the front end. For example C++ lambdas are effectively syntactic sugar - it's a clean syntax that wraps an anonymous class declaration (with the lambda capture values being class members and the lambda body being an "operator()" method).
Another example is C++ reference parameters - under the cover most C++ compilers implement reference parameters as pointer to type parameters and the reference parameter access is syntactic sugar for pointer indirection.
These examples are simplifications but they serve to demonstrate my thinking.
Or right click in the bottom left corner of the screen and select "command prompt" or "command prompt (admin)" (you can replace command prompt with powershell if you're so inclined). Or "Win+R cmd".
Win+R cmd works fine on XP, Vista, Win7, Win8 and Win8.1, the right click thingy works on 8.0 and 8.1.
You just pushed a major hot button. Where's the evidence of massive voting fraud? Please note: I don't mean voter registration fraud - the incentives that enable voter registration drives provide a significant incentive for voter registration fraud (cf: Acorn and the recent GOP sponsored voter fraud in the 2012 election).
However in a presidential election year, there are vanishingly small numbers of in-person voter fraud. In several elections where fraud was claimed (Washington's governors race in 2004, Minnesota's senatorial race in 2008), very few actual cases of fraud were uncovered.
In the US, there is almost no evidence of in-person voter fraud. If there were, I could see a need for voter ID laws. But there isn't. So what is the point of voter ID laws? Why would politicians be sponsoring legislation to address a non-existent problem?
One theory about why voter ID laws are proposed is that voter ID laws provide a barrier to people who don't have a government sponsored ID (since you need to have a government ID to vote and getting the ID can be difficult). It turns out that the set of people without government sponsored ID tend to live in urban areas (where the need for a drivers license is ameliorated by mass transit). And guess what: Urban voters tend to vote Democratic.
How exactly does this work? If we had a monoculture (like we had with IE6), people code to the monoculture, standards be damned. If WebKit implements a standard badly, no amount of complaining by Microsoft and Mozilla will cause the WebKit folks to change their browser rendering to be compliant. And just like what happened with IE6, web developers will ignore the standard in favor of the WebKit implementation. We're ALREADY seeing this happen - webkit has sufficient market share that sites don't bother building standards compliant version of their mobile site, they just write for webkit and consider their work done.
History has shown that if you have a monoculture, standards are irrelevant - the only thing that matters is the one implementation.
According to the article, at least in the US you're required to show up at a bank in-person to create the account, which means they have a picture of you from the security cameras creating the account. Oh and you need a bunch of forms of ID to create the account.
One of the key pieces of evidence they use is that banking passwords go for pennies - if it was as easy to get the money as you say it is, the account passwords would be worth more money.
How do you do that transfer without leaving an audit trail? That's the whole point of the article - the transfer is only interesting if they can somehow break the audit trail between your bank account and their bank account.
The common method for this is to use a money mule - the money mule wires the money from your bank account to the mule's bank account. The mule then sends a money wire to the bad guy keeping 10% for themselves. Fast forward a couple of days when you find the theft. You report it to the bank, they trace the transfer to the mule's account and remove the money from the mules account. Now the bank's reimbursed you for your money (which the federal government requires them to do), , the mule's out the money they stole and the bad guy's got the money. Effectively the bad guy has stolen from the mule, not from you.
Was everything sold in the pet store made within the state? Is the credit card processor for the store and all its operations in-state? Both of these seem highly unlikely. The locally owned pet store is still engaging in interstate commerce even though its not obvious.So the commerce clause probably applies to the local pet store. But that's irrelevant because the 14th amendment is primary for the ADA.
And the 14th amendment has two pieces that are relevant to the ADA: The first says that people need to be protected equally.(the "equal protection clause" in section 1). The second says that congress has the right to enforce this law (section 5). The ADA says that handicapped people deserve equal protection under the law in all the states and Section 5 gives Congress the right to pass laws that affect in-state public entities.
Note the last part - as I understand it, the ADA only applies to public accomidations. So if you have a members-only club which is not open to the public, you don't have to comply with the ADA - this is the same legal basis that allowed the Augusta golf club to prevent african american members until 1990 and continues to allow them to ban women. As a members-only club, they don't have to comply with the 14th amendment.
(4) to invoke the sweep of congressional authority, including the power to enforce the fourteenth amendment and to regulate commerce, in order to address the major areas of discrimination faced day-to-day by people with disabilities.
The law cites the 14th amendment (equal protection) and the commerce clause.
Push the power button, it shuts down quite nicely. Or close your laptop's lid.
If you want, you can use Control-Alt-Delete, Alt-S then up and down to pick which of the 3 menu items pops up on the power button.
If you'd rather use the command line, the "shutdown" command still works just fine.
Almost the mechanisms to shut down windows over the past decade or so are still there. The only thing that's missing is the "shutdown" button on the start menu. The one that spawned all those "You have to use Start to shut down windows" jokes?
A variation of your car analogy: I buy a car, but I decide that I don't like the tires that come with the car. Can I get a refund of the cost of those tires if I choose to use different ones?
Check the dreamwidth.org post I cited - mjg calls out (in the comments) that there IS a challenge that the OEM needs to include the distro's cert in the box, but that doesn't mean that Linux is locked out - the Linux distro just needs to work with the OEM to ensure that the cert for the distro is included in one of the set of certs that is included in the box:
"Re: Is there any way for the end-user to load their own keys? Date: 2011-09-24 02:10 am (UTC) From: mjg59 Not inherently. It's actually reasonably hard to do - inserting new keys requires that those keys themselves be signed by the private half of one of the keys in the KEK database, so you'd need to give your key to someone who *does* have an entry there (either the OEM or Microsoft), have them sign it and then pass that into the variable database"
I'm not saying that there aren't challenges, but it's NOT impossible. "Requires that the Linux distribution owner work with the OEM" is far from "locked out".
Where did they say that? What I read in all the excerpts was that the competing OS needed to built according to the rules that Intel defined when they defined UEFI secure boot.
That's not "impossible" - According to this, it should be possible. And this says it should take about a week's worth of work for any distro to support it.
I'll bite Mr. AC (I shouldn't, but I will): References to Microsoft "[pulling] this crap everyday and everywhere"? Preferably something within the past 1-2 years?
If you're going to make a strong claim like that, you had better be able to back it up.
To add a worksheet in Excel 2007, I go to the bottom of the document (where the worksheet tabs are listed). The one on the far right has a tooltip which says "Insert Worksheet (Shift+F11)". That seems much more efficient than the "home/cells/format" thingy you described.
We're not talking about Exchange here, we're talking about *Windows*. Steven Sinofsky, the head of Windows is notorious about not saying anything about features before they're fully baked.
You've just described the memory allocator used in Windows 1.0 back in 1984 (no, that's not a typo). For an OS designed for a machine without any form of virtual memory, and one which needed to run on machines with 256K of RAM (again, not a typo) it was a pretty good solution. But the memory management solutions used by modern operating systems are many orders of magnitude better (demand paging trumps lock/unlock for overall resource allocation). Plus you'd have to deal with the apps that call "give me the real memory" and never release it back to the OS.
And of course apps would do this routinely because they don't care what their bad behavior does to the other apps on the system, as long as their app works just fine.
The Black Viper list is pretty good, but the reality is that from Win7 on, the list of OS services that's enabled is the set which won't break something (if you read Black Viper's list they point out what breaks with each service disabled).
And I've not yet figured out how to convince Google Chrome to stop auto-updating (and I don't want to stop flash from auto-updating, flash and pdf are the two biggest vectors for malware out there). I just wish their auto-updaters respected the user and recognized that they should. Larry Osterman wrote an article about this a couple of years ago: http://blogs.msdn.com/b/larryosterman/archive/2007/08/20/applet-mitigations-updaters.aspx
Trigger started services were introduced in Windows 7, this isn't new. I just wish people were taking advantage of them (I'm looking at you Google chrome and Adobe with your long running processes that do nothing but check to see if there's an update).
Longhorn (and more specifically WinFS) was one of the very few times MSFT's ever talked about features that weren't delivered. For Windows 7, I can only think of one feature which was announced that wasn't actually delivered (bluetooth audio).
Except for Longhorn features, what Windows features were promoted but not delivered?
Slashdot Mirror
Microsoft DOES charge for extended support for old products. It's called a Custom Support Agreement (CSA). I believe it's expensive, but you CAN get support for really old products.
Here's the problem: When did you last perform this analysis? If you didn't do it, when did someone else last do it? How do you know you can trust the person who claims to have last done the analysis?
Ultimately you MUST trust someone. Because all modern systems are far too complex for any one person (or team of persons) to fully understand and analyze. It would NOT be unreasonable to spread a single backdoor across multiple components (especially if the implementation of those components isn't the best documented code). Such a backdoor would be extremely difficult to find even WITH assembly and source code auditing.
Interesting. I've always used "syntactic sugar" to mean language features that are fundamentally implemented in the front end. For example C++ lambdas are effectively syntactic sugar - it's a clean syntax that wraps an anonymous class declaration (with the lambda capture values being class members and the lambda body being an "operator()" method).
Another example is C++ reference parameters - under the cover most C++ compilers implement reference parameters as pointer to type parameters and the reference parameter access is syntactic sugar for pointer indirection.
These examples are simplifications but they serve to demonstrate my thinking.
Or right click in the bottom left corner of the screen and select "command prompt" or "command prompt (admin)" (you can replace command prompt with powershell if you're so inclined). Or "Win+R cmd".
Win+R cmd works fine on XP, Vista, Win7, Win8 and Win8.1, the right click thingy works on 8.0 and 8.1.
Funny, I've always used CTRL-ALT-DEL -S, uparrow once then enter. Or mouse up instead. It's way easier than the whole charms bar thingy.
You just pushed a major hot button. Where's the evidence of massive voting fraud? Please note: I don't mean voter registration fraud - the incentives that enable voter registration drives provide a significant incentive for voter registration fraud (cf: Acorn and the recent GOP sponsored voter fraud in the 2012 election).
However in a presidential election year, there are vanishingly small numbers of in-person voter fraud. In several elections where fraud was claimed (Washington's governors race in 2004, Minnesota's senatorial race in 2008), very few actual cases of fraud were uncovered.
In the US, there is almost no evidence of in-person voter fraud. If there were, I could see a need for voter ID laws. But there isn't. So what is the point of voter ID laws? Why would politicians be sponsoring legislation to address a non-existent problem?
One theory about why voter ID laws are proposed is that voter ID laws provide a barrier to people who don't have a government sponsored ID (since you need to have a government ID to vote and getting the ID can be difficult). It turns out that the set of people without government sponsored ID tend to live in urban areas (where the need for a drivers license is ameliorated by mass transit). And guess what: Urban voters tend to vote Democratic.
How exactly does this work? If we had a monoculture (like we had with IE6), people code to the monoculture, standards be damned. If WebKit implements a standard badly, no amount of complaining by Microsoft and Mozilla will cause the WebKit folks to change their browser rendering to be compliant. And just like what happened with IE6, web developers will ignore the standard in favor of the WebKit implementation. We're ALREADY seeing this happen - webkit has sufficient market share that sites don't bother building standards compliant version of their mobile site, they just write for webkit and consider their work done.
History has shown that if you have a monoculture, standards are irrelevant - the only thing that matters is the one implementation.
According to the article, at least in the US you're required to show up at a bank in-person to create the account, which means they have a picture of you from the security cameras creating the account. Oh and you need a bunch of forms of ID to create the account.
One of the key pieces of evidence they use is that banking passwords go for pennies - if it was as easy to get the money as you say it is, the account passwords would be worth more money.
How do you do that transfer without leaving an audit trail? That's the whole point of the article - the transfer is only interesting if they can somehow break the audit trail between your bank account and their bank account.
The common method for this is to use a money mule - the money mule wires the money from your bank account to the mule's bank account. The mule then sends a money wire to the bad guy keeping 10% for themselves.
Fast forward a couple of days when you find the theft. You report it to the bank, they trace the transfer to the mule's account and remove the money from the mules account. Now the bank's reimbursed you for your money (which the federal government requires them to do), , the mule's out the money they stole and the bad guy's got the money. Effectively the bad guy has stolen from the mule, not from you.
Yeah, maybe something like ASN.1.
Oh wait....[1]
[1] If you don't get this, you've never actually dealt with ASN.1.
First off: IANAL. Having said that, my $.02:
Was everything sold in the pet store made within the state? Is the credit card processor for the store and all its operations in-state? Both of these seem highly unlikely. The locally owned pet store is still engaging in interstate commerce even though its not obvious.So the commerce clause probably applies to the local pet store. But that's irrelevant because the 14th amendment is primary for the ADA.
And the 14th amendment has two pieces that are relevant to the ADA: The first says that people need to be protected equally.(the "equal protection clause" in section 1). The second says that congress has the right to enforce this law (section 5). The ADA says that handicapped people deserve equal protection under the law in all the states and Section 5 gives Congress the right to pass laws that affect in-state public entities.
Note the last part - as I understand it, the ADA only applies to public accomidations. So if you have a members-only club which is not open to the public, you don't have to comply with the ADA - this is the same legal basis that allowed the Augusta golf club to prevent african american members until 1990 and continues to allow them to ban women. As a members-only club, they don't have to comply with the 14th amendment.
Here's a hint:
The law cites the 14th amendment (equal protection) and the commerce clause.
Push the power button, it shuts down quite nicely. Or close your laptop's lid.
If you want, you can use Control-Alt-Delete, Alt-S then up and down to pick which of the 3 menu items pops up on the power button.
If you'd rather use the command line, the "shutdown" command still works just fine.
Almost the mechanisms to shut down windows over the past decade or so are still there. The only thing that's missing is the "shutdown" button on the start menu. The one that spawned all those "You have to use Start to shut down windows" jokes?
Actually according to Inside Windows NT, NT was Intel i860 only, then x86, then MIPs.
Alpha didn't come along until significantly later.
A variation of your car analogy: I buy a car, but I decide that I don't like the tires that come with the car. Can I get a refund of the cost of those tires if I choose to use different ones?
Check the dreamwidth.org post I cited - mjg calls out (in the comments) that there IS a challenge that the OEM needs to include the distro's cert in the box, but that doesn't mean that Linux is locked out - the Linux distro just needs to work with the OEM to ensure that the cert for the distro is included in one of the set of certs that is included in the box:
I'm not saying that there aren't challenges, but it's NOT impossible. "Requires that the Linux distribution owner work with the OEM" is far from "locked out".
Where did they say that? What I read in all the excerpts was that the competing OS needed to built according to the rules that Intel defined when they defined UEFI secure boot.
That's not "impossible" - According to this, it should be possible. And this says it should take about a week's worth of work for any distro to support it.
That's FAR from "impossible".
I'll bite Mr. AC (I shouldn't, but I will): References to Microsoft "[pulling] this crap everyday and everywhere"? Preferably something within the past 1-2 years?
If you're going to make a strong claim like that, you had better be able to back it up.
To add a worksheet in Excel 2007, I go to the bottom of the document (where the worksheet tabs are listed). The one on the far right has a tooltip which says "Insert Worksheet (Shift+F11)". That seems much more efficient than the "home/cells/format" thingy you described.
We're not talking about Exchange here, we're talking about *Windows*. Steven Sinofsky, the head of Windows is notorious about not saying anything about features before they're fully baked.
You've just described the memory allocator used in Windows 1.0 back in 1984 (no, that's not a typo). For an OS designed for a machine without any form of virtual memory, and one which needed to run on machines with 256K of RAM (again, not a typo) it was a pretty good solution. But the memory management solutions used by modern operating systems are many orders of magnitude better (demand paging trumps lock/unlock for overall resource allocation). Plus you'd have to deal with the apps that call "give me the real memory" and never release it back to the OS.
And of course apps would do this routinely because they don't care what their bad behavior does to the other apps on the system, as long as their app works just fine.
Firefox is also moving to a silent update model. And I'll bet they mess it up too.
The Black Viper list is pretty good, but the reality is that from Win7 on, the list of OS services that's enabled is the set which won't break something (if you read Black Viper's list they point out what breaks with each service disabled).
And I've not yet figured out how to convince Google Chrome to stop auto-updating (and I don't want to stop flash from auto-updating, flash and pdf are the two biggest vectors for malware out there). I just wish their auto-updaters respected the user and recognized that they should. Larry Osterman wrote an article about this a couple of years ago: http://blogs.msdn.com/b/larryosterman/archive/2007/08/20/applet-mitigations-updaters.aspx
Trigger started services were introduced in Windows 7, this isn't new. I just wish people were taking advantage of them (I'm looking at you Google chrome and Adobe with your long running processes that do nothing but check to see if there's an update).
Longhorn (and more specifically WinFS) was one of the very few times MSFT's ever talked about features that weren't delivered. For Windows 7, I can only think of one feature which was announced that wasn't actually delivered (bluetooth audio).
Except for Longhorn features, what Windows features were promoted but not delivered?