While your points are correct, I think it's safe to say they're only really significant in hindsight. One of the classic problems with conspiracy theory is that it retroactively highlights facts that, at the time, no one would necessarily have thought significant.
Well, don't call it conspiracy theory then if that trips you up. Ask the simple question: How did the Towers collapse? Do the research. In the links below, Jones points out that in science, one starts from the facts, from the evidence, then you build your theory. But the main stream media has fed you the theory "19 crazy arab hijackers + jet fuel" (the conclusion we are to draw), from which you build your facts. Any facts that don't fit in, are thrown away. That's bad science. No wonder people are confused. One simple example: take the 911 Report. Didn't even cover the collapse of WTC 7. Why? Because it doesn't make sense, doesn't fit in with their "theory".
The chain of events leading up to them is always clear in retrospect, but another flaw in conspiracy theory is that it attributes such masterful vision and control to the conspiracists leading into the event, and then presumes such incompetence in handling and covering it up. In reality, no one has such complete control nor such prescience.
What incompetence? If "conspiracy" theorists are still relegated to the back pages, if at all, and dismissed as theorists, well they did a very good job. One flaw in the "19 Arab taking out the towers" theory is the military precision required for an effort like this. Moussawi? C'mon.
If you follow the "theory" as trotted out by the Main Stream Media, there was incredible *incompetence* that allowed this to happen. The incompetence of our CIA, such that every other spy agency in the world was warning American officials, yet they were ignored. The incompetence that low-level underlings at the FBI tried to report to their superiors that foreigners trying to learn how to fly, but were stonewalled in their request to investigate - not once, but 70 times! Criminal negligence, or just following orders?
Condi, or maybe Bush said, "Who could've imagined this would happen?". Well, just the military, because that is apparently the reason NORAD was mysteriously shut down, and no jets were scrambled, because the flight control folks were told this was a "training exercise" - involving hijacked jets hitting the towers. So they just happened to be training for an attack that no one could've imagined.
One of the best sources for technical details is the WTC 7 Research site, which is apparently down. Odd. This one is similar, not sure if it's just down or >>> the descent is beginning!
James Bond-style mastermind villian in his secret underground bunker, for example).
Bunker? Then that must be Cheney.
Tell you what. Do some research, especially Jeff King's critique of fellow MITer's "theory", and BYU's Prof. Steven Jones and then come back and tell us which "theory" is more plausible: (1) that the buildings were "pulled" (controlled demolition) (2) 19 losers who could barely fly somehow evaded NORAD, evaded a superpower's "Star Wars" defense system and supersonic jets, hit the towers, and the jet fuel (what was left of it) managed to start a fire that weakened that evaporated steel and "trusses" (whatever) and the building collapsed in under 10 seconds, thus defying basic scientific laws. And WTC 7 collapsed the same day even though no plane hit it, and other building closer to the twins didn't. And PNAC (project for a new american century) whose members include Cheney and Jeb Bush, wrote that Americans were slow to change, a Pearl Harbor incident was needed for faster paced changed (those Americans, always in a rush) - but of course, this is entirely beyond the capability of Cheney.
If the conspiracy whackos are wrong, why all the secrecy? Why did the 911 Commission not even review WTC 7?
Just installing the thing and getting a good set of apps on it took about 8 hours. I followed a guide posted online. It worked well, but that's 8 hours I'll never get back.
True, but for an Apples to Apples comparison, try installing all those apps on a bare machine. Or buy a machine with Linux installed. Either way. You might find, as I did, that it is actually harder to get Windows boxes working than Linux, because 90% of the time, people are buying Windows pre-installed, Linux does not have that luxury, so they *have* to be better in that regard.
Besides everybody has their own skill level and ability with the various tools. I recently installed Outlook on an XP machine, took me probably a couple of hours over several days to get it working, when I had Opera connecting to mail in minutes. Finally after searching the web, I got it working, but this illustrates that Microsoft can be just as exasperating as Linux.
Does paint a rather neo-gothic future though doesn't it? Long after the oil has run out, after the banks called in their loans, on the deserted Anerican streets, the few stragglers scuttle about to Fortress-like McDonald's only accessible through the drive-in, but no one has money for cars let alone fueling them. Then it's back to their job as slaves at the Chinese-owned factory, where they crank out cheap goods for rich Chinese patrons. Others tend the rice paddies.
But seriously, one girlfriend, in high school, and her friends, after partying too much, "got the munchies" and grabbed a shopping cart and went through a drive in. To them it was uproariously funny. But to tell the truth, I never have heard of anyone walking through.
Speaking of Bill Gates, Ballmer, and Allen, I have a few words. Microsoft fanboys, cut the whining and give it a rest. Everytime any tantalizing gossip is written about Bill & co, sorry but this is fascinating. We may use Linux, abhor Visual Basic, but admire a fellow geek, even respect some of the Microsoft gadgets (Visual Studio, Office) and revel in funny stories - these guys are rock stars for geeks.
Cringely especially has a way with writing hilarious stuff like the time Bill was standing in line to buy a quart of ice cream, scrounging for a 25 cent coupon, when finally a shopper gave him the funds, saying "pay me back when you're a millionaire". True/false? Who cares, at minimum there's a hint of truth. Does it tell us more about the culture at Microsoft, when, as Cringley also writes, when Bill was questioned about developing software for the Apple, or Next (I forget), he said "Develop for it? I'll piss on it!".
So Bill was plotting how to get Allen's share back - that's probably 100% true, it makes sense, Bill is after all first and foremost a businessman, so stop with the hurt feelings. To chastise Cringely, or other slashdot posters as mud slingers is a bit disingenuous. Now Bill is a saint who gives to charities? Sure, very nice, but he's still out to make a buck, as Cringely puts it, to pocket every nickel he can. The whole charity thing is mom's idea anyway, it's great, but no fanboy whining or giving money away is going to change the fact that Bill & co are some pretty ruthless, tough competitors. Not Hitler, no, perhaps more like Genghis Khan.
But as other posters have pointed out, perhaps Bill's arrogance and cutthroat attitude are his own downfall, as it is quite clear the very qualities of Microsoft that have given it it's toehold in the world, so far, are also great reasons why others are now choosing open source alternatives. Or maybe with Google, it really wouldn't matter at all what they did, but having old enemies like Eric Schmidt call the shots at Google can't be helpful.
Actually Apple was a niche market for IBM, IIRC something like a few percent of the total chips they sell, which kind of highlights just how big they are (and obviously Apple is nowhere near as big as Microsoft platform), and obviously this is an issue not just with their hardware but services customers. Lots of mid-range companies aren't happy that they aren't in top-tier as far as IBM is concerned. But I would agree that image-wise, Apple moving to the PowerPC is a far greater loss than it should be considering it was a niche.
And as far as Lenovo: Again I agree- fine - sell the PCs but what in the world were they thinking selling the laptops! Those were the crown-jewels! I recall reading articles just on their little mouse-pointer itself. Maybe a loss, but what a way to showcase IBM technology (not everybody can have a Deep Blue, etc).
I'm as critical of big gov't and wasteful spending, and while these folks are almost unbelievable in the "good ol boy" spending and profiteering, Let's not get too carried away here. The "concerned taxpayers" seem to play a little fast and loose with the definitions, i.e. Joe Senator lives in some district, some company gets some funding, so that's pork? I mean, what district *doesn't* have representation in government? Besides, what's a few million compared to the *billions* of dollars spent on no-bid contracts to companies like Halliburton and Bechtel in Iraq, especially when those companies play fast and loose with U.S. tax law, by being "foreign" companies? Talk about pork.
So if it were up to these "concerned taxpayers", the gov't wouldn't spend any money, because if any company received money that would be considered pork. Because here's the deal: Some projects are worthwile, take a gander at the list, many are military related. Are these folks saying they don't want to support the troops?
Another example is DARPA. There was a great program on PBS about the unmanned robot challenge, in which Stanford's "Stanley" and 4 other 'bots went the entire 100 mile plus route, when the previous year the top showing was 7 miles. That is pretty fantastic stuff. I believe the Carnegie-Mellon team got about $2 million or so from the military, I'm sure that is classified as pork, but this could have significant consequences on future battlefields. Don't forget DARPA funded the internet too. Sometimes "concerned taxpayers" have to think out a little farther out.
As for the water-free urinals, the CNET article insinuates that Falcon is not a world leader as they claim, but provide no evidence for this assertion. Also there was just an article here about a company trying to build a skyscraper with water-free urinals, to save 1.6 million gallons. That's a good thing. $100-$200/per toilet per year saved. Not bad. Certainly not pork - how much money would be saved if those were installed in every gov't institution - considering the fact that the govt is probably the largest employer in the U.S., for example? Granted, it no-bid contracts, and even bid contracts are probably corrupt, but this is chump change compared to the *billions* thrown at Halliburton & Bechtel & KBR, etc. This is the 80-20 rule, fix that leak first.
Not as familiar with C, but as for C++, they take great efforts to be careful about language and library changes breaking compatibility, check out Stroustrup's thoughts on the latest version of C++.
You're marked a troll, but the advice is on the mark IMO. Ironically, Microsoft's code (I'm not talking about their.NET, but for example their Win32 API) is rather backwards compatible. And always take the trouble to steer clear of Microsoft-specific extensions where possible (i.e. managed C++ != C++). You can take 10 year old code, run it through Visual C++, and it runs on Windows XP. But that's the way it should be. Customers don't want to muck with migrations every 1 or 2 years, they want some decent ROI.
I've worked with or evaluated many of the GUI tools, and definitely agree that Qt is very impressive. There is even a GPL'd version 3 for Windows, Q..3. Documentation, examples, library quality, ease of use, power, cross-platform are all advantages of Qt. The original poster doesn't give many details on the requirements, but I would consider Qt a strong contender. Certainly consider if you are considering VB, and especially if you are considering the other cross-platform libraries. If you are just hacking out a simple application or prototype, perhaps VB will be suitable, but for anything more substantial I would go with Qt given it's great OO design (and I suppose Delphi would also make a good choice, but I haven't used it).
That's a cool hack. Here's another, speaking of the Newton, from an interesting e-mail about porting one of the early versions of Java to the Newton. See the last paragraph.
So exactly when were they supposed to check it line-by-line as they were adding code that has been in windows for 10 years?
Maybe before they made their claim that this is the safest version of Windows ever.
Seriously, it should've been checked when they added the WMF functionality to Windows, but maybe because it's in assembly language they didn't check it (that was what was hinted at on Ars where Microsoft has some rather vague excuses, none of which answer to Steve's points. Just don't whine about this to Steve Gibson, he lives and breathes in assembly. Not a big deal). Yes granted this was back when security was no big deal. And yes granted, this is a tricky isssue, when the design requirements were are certain way, but the context changed. This is what makes coding a challenge. This was code designed for one way, where they retrofitted it to another use, rather than refactoring. But when you have 16 million lines of code plus...
Isn't this just a little too much? Do the people who accept these sort of stories have ANY introspection at all?
#1 This is a serious bug.
#2 This is also in production code. Win2k, XP.
#3 Many people don't seem to realize just what the term 'beta' is. Now, I'm not talking about MSFT's standards, they seem to dicker on what a "critical vulnerability" is. But typically, beta software has passed testing and is ready for limited use. Many open source tools languish as beta for years, while being used in production environments. Google seems to follow this practice, I've been using their 'beta' version of gmail.
#4 Not interested? The previous post got over 600 comments. What's your definition of newsworthy? Britney Spears? This is America, this is entertainment.
# 5 It's interesting because it illustrates Microsoft's software process, in that this ancient piece of code got swept right in to their latest and greatest, and could very well have been production software, as pointed out it's in XP. This is the reasoning behind Steve Gibson's statement this is a huge benefit of open source (down at the bottom of the interview he states that he's getting interested in open source for this very reason.)
You're right! They should fix these bugs before release...in some period where things are still be fixed. Maybe call it....Beta
Thanks for the explanation.....so........ Windows 2000, Windows XP, Windows ME are beta software then? Is there any code that ISN'T beta? Just wondering.
Microsoft is fixing the newer versions of Windows, but not older ones, through some means of a careful definition of "critical vulnerability". But Guilfanov's patch works for earlier versions. The funny thing, and the point about open source, is that Gibson wouldn't have dug into this had there been a patch for all versions. And granted, it isn't as big an issue, with the earlier versions, because of the default settings for opening WMF files. But either way, another muddled and poor showing by Microsoft, but they are definitely improving, because of folks like Gibson, the folks at f-secure, Guilfanov, and this is my main point.
Get ready for all the Slashdotters and Microsoft fanboys to rip on Gibson being such an alarmist, as they quietly get ready to patch their boxes.
The issue here is I think, that Microsoft continues to this day, to be rather sloppy and secretive about fixing their stuff. So if Gibson makes a big flap, so be it. Better that than a back door that MSFT doesn't bother to fix, because they don't consider it a "critical vulnerability" or some other excuse. As Gibson points out, no question this is highlighting one of the main benefits of open source - the source is there for all to see, no dickering about whether it was intentional or not, it gets fixed. Period.
It is true, as F-Secure says, that all versions of Windows back to 3.0 have the vulnerability in GDI32. But most versions of Windows are not quite as vulnerable as they appear.
It has to do with whether the version comes by default with a program that can be exploited or not, and apparently this includes Windows ME.
He may be an alarmist, but he's normally a Pro-MS guy. In this case, I think he's on to something.
Make that wasan MS guy. Not that he would abandon his bread and butter, but he is definitely seeing the advantages of open source:
Well, I mean, as you've mentioned a couple times here, I mean, one of the advantages of an open source system is, you know, and I'm finding myself gravitating more and more toward open source solutions because of their transparency. And so, you know, but an advantage of that is that all kinds of people are looking at the code, and there's just no opportunity, especially when you build the system yourself from source, there's no opportunity for anything evil to get stuck in.
Well if you are interested in the details check it out.
(disclaimer - fictional scenario)
Steve: Hey Microsoft! Raw sockets are stupid!
Microsoft: Shut up and Go away.
Steve: Hey Slashdot! Microsoft doesn't care about security!
Microsoft: Steve is an alarmist! Check out QRCSux! Our stuff is like fort knox! Besides, it's the problem of the code, it's hackers who are the bad guys!
[months later Microsoft goes back to Redmond, fixes code, costing them a pretty penny, and infuriating customers with massive, buggy patches. business as usual.]
The guy is a massive alarmist and I wouldn't take anything he says seriously.
Ok, so you don't think DOS is serious? Or the MS Blaster worm? Cuz he was one of the guys to squawk about this, and Microsoft did come out with a patch. Why do folks defend Microsoft? Are you worried that they might lose money fixing their code? I mean, what's the deal people?
He loves to cry about the end of the digital world type scenarios, perhaps because he really believes it, or perhaps because it gets him more business.
What end of the world scenario? Care to print a link. Yeah, like got any evidence, any source for your statement? Just curious.
Now if you're talking about Microsoft's lousy security, and that Gibson thinks Microsoft should fix their crap, well, you got that right. Further, thing of it is, the U.S. is not very serious about cyberwarfare, but China is. And someday you might want to thank people like Gibson.
Sorry, coward, but if you had a smidgen of support for your statement, I'd be interested, but you don't.
I've no idea what SuperSystemDefender is, never heard of it. He sells SpinRite, a commercial product for system restore and recovery, written entirely in assembly, and it's , been selling it for years, in fact I used it since Win 3.0. Read the reviews - it's an excellent product. He does have a bunch of freeware programs available on his site to test your Windows security. Free, not shareware. He even recommends ZoneAlarm, as one of the few decent firewalls.
As far as hype, I think you're confusing hype, like Microsoft hyping Vista, with real security issues, such as DOS (Denial Of Service). Since when is this hype? I'm curious. Gibson makes alot of squawking, but he backs it up. He found issues with Microsoft's raw sockets, and they took it out in SP2 - that was fairly important security fix, wasn't it? I'm curious how that's bomb throwing, when Microsoft went and fixed it. [What I'm really curious about is why folks get so defensive about Microsoft and security. Why attack the whistleblower?] If that's hype, well, more power to the guy. If it helps him sell a few copies of SpinRite, or get a few visitors to his excellent site, so what? I could think of worse things - like spreading FUD, say. Or like selling a product full of security holes, taking a long time to fix them, and furthermore, sometimes not even fixing them.
This isn't a bug. If you read Gibson's analysis, he clearly and easily discounts that possibility. I'll attempt to summarize here, for the real version, read the transcript. It's very interesting.
Think of a bug. Crashes your system, or something goes awry. But execute the code at the next byte after the SETABORTPROC, in a data file, where SETABORTPROC makes no sense, when you set the record size to 1, and impossible value? Nah, that's not a bug, that's more like what a hacker *tries* to do on purpose, think of a Buffer overrun exploit, here Micorsoft made it easy. [Now, with all the howling and outcry about this, understand the Gibson is *not* saying _why_ this code is here, he's only saying it's a backdoor. No conspiracy stuff, Microsoft out you get you. Best guess, this is more along the lines of the Wal * Mart hacker futzing with the keys in the whole Planet of the Apes fiasco. Who wrote it? Why? Who knows? That's the issue with closed source.]
With SETABORTPROC, this is a callback, you are handing windows a pointer. There are two things that Steve points out, if you read the article (sigh, this is Slashdot, I know): There is no point for the SETABORTPROC record to be in the file, it makes no logical sense. It's a callback, a common technique used for one process to communicate with another, in this case when you cancel a print job, it's a way for Windows to make a "callback" to the application to say, hey, the user quit printing. But it makes no sense in a WMF...except... And secondly, unless you set the size of the record to 1, which is an impossible value, it doesn't work.
Now think for a minute, how you write backdoors. You don't use a possible value, the programmer here is kindly making sure you can't just happen to fire this off, if you also happened to have a SETABORTPROC unecessarily in your file. Design by Contract, Microsoft Style;)
I still remember the noise he made about raw sockets in WinXP (and continues to in fact).
Geez, I'm really curious why every time there's a Microsoft security issue, all the Slashdotters run to the defense of Microsoft (while at the same time patching their system one must assume). Gibson a Bomb Thrower? So MS Blaster is no big deal? All the noise about raw sockets - and yet - this was one of the big fixes for "service" pack 2? Really people, I gotta wonder. Obviously you are not in charge of any secure networks, or maybe y'all are running Unix.
(Defending Microsoft - only on Slashdot. Ok, so some monkees tapping on a keyboard while the programmer wasn't looking snuck this code in;)
First of all, Gibson is no bomb thrower, he's uncovered some pretty serious security issues with Microsoft. I'd suggest reading his web site - he's a very thorough person, and doesn't make any wild unsubstantiated, naive, biased claims, like, say, Slashdotters. He's a long time Windows user, not a Mac fan, nor an open-sourcer (at least until recently, for reasons like this)Now, to quote the transcript, curious where you would even be able to make the claim that that this *isn't* a backdoor:
what I found was that, when I deliberately lied about the size of this record and set the size to one and no other value, and I gave this particular byte sequence that makes no sense for a metafile, then Windows created a thread and jumped into my code, began executing my code. Okay, Leo? This was not a mistake. This is not buggy code. This was put into Windows by someone. We are never going to know who.
Yeah, he's saying this is a deliberate backdoor. Listen to the article or read the transcript, then think about it a little. Now, he's not saying *what* Microsoft put this in for. Did someone put this in for testing -that's my take, from a programmer perspedctive but.. who the heck knows. That's sorta the problem with proprietary software, we might never know. Buyer beware.
Steve: Well, I mean, as you've mentioned a couple times here, I mean, one of the advantages of an open source system is, you know, and I'm finding myself gravitating more and more toward open source solutions because of their transparency. And so, you know, but an advantage of that is that all kinds of people are looking at the code, and there's just no opportunity, especially when you build the system yourself from source, there's no opportunity for anything evil to get stuck in. And also, about this what appears to be a Windows MetaFile backdoor that's always been in Windows from 2000 on, you know, they've done recently serious security reviews of all their code. You know, they took that whole timeout from all the work they were going to be doing and said they were rereading all their code. And this is not the first time metafiles have had a problem. There have been what are probably real bugs in metafile processing in the past, I think two of them. So the whole metafile system would have come under the scrutiny of someone, you know, very deliberately.
Now, you know, if Microsoft had said last week, whoops, this was an undocumented backdoor or means for us to run code in a metafile, we never documented it, our security sweeps didn't find it, blah blah blah - but nothing was said. They allowed the industry to believe that this was just like all their other code mistakes, but this wasn't like all their other code mistakes.
Slashdot Mirror
Well, don't call it conspiracy theory then if that trips you up. Ask the simple question: How did the Towers collapse? Do the research. In the links below, Jones points out that in science, one starts from the facts, from the evidence, then you build your theory. But the main stream media has fed you the theory "19 crazy arab hijackers + jet fuel" (the conclusion we are to draw), from which you build your facts. Any facts that don't fit in, are thrown away. That's bad science. No wonder people are confused. One simple example: take the 911 Report. Didn't even cover the collapse of WTC 7. Why? Because it doesn't make sense, doesn't fit in with their "theory".
The chain of events leading up to them is always clear in retrospect, but another flaw in conspiracy theory is that it attributes such masterful vision and control to the conspiracists leading into the event, and then presumes such incompetence in handling and covering it up. In reality, no one has such complete control nor such prescience.
What incompetence? If "conspiracy" theorists are still relegated to the back pages, if at all, and dismissed as theorists, well they did a very good job. One flaw in the "19 Arab taking out the towers" theory is the military precision required for an effort like this. Moussawi? C'mon.
If you follow the "theory" as trotted out by the Main Stream Media, there was incredible *incompetence* that allowed this to happen. The incompetence of our CIA, such that every other spy agency in the world was warning American officials, yet they were ignored. The incompetence that low-level underlings at the FBI tried to report to their superiors that foreigners trying to learn how to fly, but were stonewalled in their request to investigate - not once, but 70 times! Criminal negligence, or just following orders?
Condi, or maybe Bush said, "Who could've imagined this would happen?". Well, just the military, because that is apparently the reason NORAD was mysteriously shut down, and no jets were scrambled, because the flight control folks were told this was a "training exercise" - involving hijacked jets hitting the towers. So they just happened to be training for an attack that no one could've imagined.
One of the best sources for technical details is the WTC 7 Research site, which is apparently down. Odd. This one is similar, not sure if it's just down or >>> the descent is beginning!
Bunker? Then that must be Cheney.
Tell you what. Do some research, especially Jeff King's critique of fellow MITer's "theory", and BYU's Prof. Steven Jones and then come back and tell us which "theory" is more plausible: (1) that the buildings were "pulled" (controlled demolition) (2) 19 losers who could barely fly somehow evaded NORAD, evaded a superpower's "Star Wars" defense system and supersonic jets, hit the towers, and the jet fuel (what was left of it) managed to start a fire that weakened that evaporated steel and "trusses" (whatever) and the building collapsed in under 10 seconds, thus defying basic scientific laws. And WTC 7 collapsed the same day even though no plane hit it, and other building closer to the twins didn't. And PNAC (project for a new american century) whose members include Cheney and Jeb Bush, wrote that Americans were slow to change, a Pearl Harbor incident was needed for faster paced changed (those Americans, always in a rush) - but of course, this is entirely beyond the capability of Cheney.
If the conspiracy whackos are wrong, why all the secrecy? Why did the 911 Commission not even review WTC 7?
True, but for an Apples to Apples comparison, try installing all those apps on a bare machine. Or buy a machine with Linux installed. Either way. You might find, as I did, that it is actually harder to get Windows boxes working than Linux, because 90% of the time, people are buying Windows pre-installed, Linux does not have that luxury, so they *have* to be better in that regard.
Besides everybody has their own skill level and ability with the various tools. I recently installed Outlook on an XP machine, took me probably a couple of hours over several days to get it working, when I had Opera connecting to mail in minutes. Finally after searching the web, I got it working, but this illustrates that Microsoft can be just as exasperating as Linux.
But seriously, one girlfriend, in high school, and her friends, after partying too much, "got the munchies" and grabbed a shopping cart and went through a drive in. To them it was uproariously funny. But to tell the truth, I never have heard of anyone walking through.
Speaking of Bill Gates, Ballmer, and Allen, I have a few words. Microsoft fanboys, cut the whining and give it a rest. Everytime any tantalizing gossip is written about Bill & co, sorry but this is fascinating. We may use Linux, abhor Visual Basic, but admire a fellow geek, even respect some of the Microsoft gadgets (Visual Studio, Office) and revel in funny stories - these guys are rock stars for geeks.
Cringely especially has a way with writing hilarious stuff like the time Bill was standing in line to buy a quart of ice cream, scrounging for a 25 cent coupon, when finally a shopper gave him the funds, saying "pay me back when you're a millionaire". True/false? Who cares, at minimum there's a hint of truth. Does it tell us more about the culture at Microsoft, when, as Cringley also writes, when Bill was questioned about developing software for the Apple, or Next (I forget), he said "Develop for it? I'll piss on it!".
So Bill was plotting how to get Allen's share back - that's probably 100% true, it makes sense, Bill is after all first and foremost a businessman, so stop with the hurt feelings. To chastise Cringely, or other slashdot posters as mud slingers is a bit disingenuous. Now Bill is a saint who gives to charities? Sure, very nice, but he's still out to make a buck, as Cringely puts it, to pocket every nickel he can. The whole charity thing is mom's idea anyway, it's great, but no fanboy whining or giving money away is going to change the fact that Bill & co are some pretty ruthless, tough competitors. Not Hitler, no, perhaps more like Genghis Khan .
But as other posters have pointed out, perhaps Bill's arrogance and cutthroat attitude are his own downfall, as it is quite clear the very qualities of Microsoft that have given it it's toehold in the world, so far, are also great reasons why others are now choosing open source alternatives. Or maybe with Google, it really wouldn't matter at all what they did, but having old enemies like Eric Schmidt call the shots at Google can't be helpful.
And as far as Lenovo: Again I agree- fine - sell the PCs but what in the world were they thinking selling the laptops! Those were the crown-jewels! I recall reading articles just on their little mouse-pointer itself. Maybe a loss, but what a way to showcase IBM technology (not everybody can have a Deep Blue, etc).
So if it were up to these "concerned taxpayers", the gov't wouldn't spend any money, because if any company received money that would be considered pork. Because here's the deal: Some projects are worthwile, take a gander at the list, many are military related. Are these folks saying they don't want to support the troops?
Another example is DARPA. There was a great program on PBS about the unmanned robot challenge, in which Stanford's "Stanley" and 4 other 'bots went the entire 100 mile plus route, when the previous year the top showing was 7 miles. That is pretty fantastic stuff. I believe the Carnegie-Mellon team got about $2 million or so from the military, I'm sure that is classified as pork, but this could have significant consequences on future battlefields. Don't forget DARPA funded the internet too. Sometimes "concerned taxpayers" have to think out a little farther out.
As for the water-free urinals, the CNET article insinuates that Falcon is not a world leader as they claim, but provide no evidence for this assertion. Also there was just an article here about a company trying to build a skyscraper with water-free urinals, to save 1.6 million gallons. That's a good thing. $100-$200/per toilet per year saved. Not bad. Certainly not pork - how much money would be saved if those were installed in every gov't institution - considering the fact that the govt is probably the largest employer in the U.S., for example? Granted, it no-bid contracts, and even bid contracts are probably corrupt, but this is chump change compared to the *billions* thrown at Halliburton & Bechtel & KBR, etc. This is the 80-20 rule, fix that leak first.
You're marked a troll, but the advice is on the mark IMO. Ironically, Microsoft's code (I'm not talking about their .NET, but for example their Win32 API) is rather backwards compatible. And always take the trouble to steer clear of Microsoft-specific extensions where possible (i.e. managed C++ != C++). You can take 10 year old code, run it through Visual C++, and it runs on Windows XP. But that's the way it should be. Customers don't want to muck with migrations every 1 or 2 years, they want some decent ROI.
Stroustrup's comment. Apparently Microsoft is revising their documentation to clear up the confusion.
As a matter of Stroustrup has commented. In a nutshell, he says that Microsoft is revising their documentation to minimize confusion.
I've worked with or evaluated many of the GUI tools, and definitely agree that Qt is very impressive. There is even a GPL'd version 3 for Windows, Q..3. Documentation, examples, library quality, ease of use, power, cross-platform are all advantages of Qt. The original poster doesn't give many details on the requirements, but I would consider Qt a strong contender. Certainly consider if you are considering VB, and especially if you are considering the other cross-platform libraries. If you are just hacking out a simple application or prototype, perhaps VB will be suitable, but for anything more substantial I would go with Qt given it's great OO design (and I suppose Delphi would also make a good choice, but I haven't used it).
That's a cool hack. Here's another, speaking of the Newton, from an interesting e-mail about porting one of the early versions of Java to the Newton. See the last paragraph.
Sorry, those Microsoft marketers again.
So exactly when were they supposed to check it line-by-line as they were adding code that has been in windows for 10 years?
Maybe before they made their claim that this is the safest version of Windows ever.
Seriously, it should've been checked when they added the WMF functionality to Windows, but maybe because it's in assembly language they didn't check it (that was what was hinted at on Ars where Microsoft has some rather vague excuses, none of which answer to Steve's points. Just don't whine about this to Steve Gibson, he lives and breathes in assembly. Not a big deal). Yes granted this was back when security was no big deal. And yes granted, this is a tricky isssue, when the design requirements were are certain way, but the context changed. This is what makes coding a challenge. This was code designed for one way, where they retrofitted it to another use, rather than refactoring. But when you have 16 million lines of code plus...
#1 This is a serious bug.
#2 This is also in production code. Win2k, XP.
#3 Many people don't seem to realize just what the term 'beta' is. Now, I'm not talking about MSFT's standards, they seem to dicker on what a "critical vulnerability" is. But typically, beta software has passed testing and is ready for limited use. Many open source tools languish as beta for years, while being used in production environments. Google seems to follow this practice, I've been using their 'beta' version of gmail.
#4 Not interested? The previous post got over 600 comments. What's your definition of newsworthy? Britney Spears? This is America, this is entertainment. # 5 It's interesting because it illustrates Microsoft's software process, in that this ancient piece of code got swept right in to their latest and greatest, and could very well have been production software, as pointed out it's in XP. This is the reasoning behind Steve Gibson's statement this is a huge benefit of open source (down at the bottom of the interview he states that he's getting interested in open source for this very reason.)
Thanks for the explanation.....so........ Windows 2000, Windows XP, Windows ME are beta software then? Is there any code that ISN'T beta? Just wondering.
Microsoft is fixing the newer versions of Windows, but not older ones, through some means of a careful definition of "critical vulnerability". But Guilfanov's patch works for earlier versions. The funny thing, and the point about open source, is that Gibson wouldn't have dug into this had there been a patch for all versions. And granted, it isn't as big an issue, with the earlier versions, because of the default settings for opening WMF files. But either way, another muddled and poor showing by Microsoft, but they are definitely improving, because of folks like Gibson, the folks at f-secure, Guilfanov, and this is my main point.
The issue here is I think, that Microsoft continues to this day, to be rather sloppy and secretive about fixing their stuff. So if Gibson makes a big flap, so be it. Better that than a back door that MSFT doesn't bother to fix, because they don't consider it a "critical vulnerability" or some other excuse. As Gibson points out, no question this is highlighting one of the main benefits of open source - the source is there for all to see, no dickering about whether it was intentional or not, it gets fixed. Period.
It has to do with whether the version comes by default with a program that can be exploited or not, and apparently this includes Windows ME.
Make that wasan MS guy. Not that he would abandon his bread and butter, but he is definitely seeing the advantages of open source:
(disclaimer - fictional scenario)
Steve: Hey Microsoft! Raw sockets are stupid!
Microsoft: Shut up and Go away.
Steve: Hey Slashdot! Microsoft doesn't care about security!
Microsoft: Steve is an alarmist! Check out QRCSux! Our stuff is like fort knox! Besides, it's the problem of the code, it's hackers who are the bad guys! [months later Microsoft goes back to Redmond, fixes code, costing them a pretty penny, and infuriating customers with massive, buggy patches. business as usual.]
Actually not just Gibson, but other security folks f-secure, call this a "feature". I mean c'mon, you should be thanking MSFT, this is a great 'hook'.
Ok, so you don't think DOS is serious? Or the MS Blaster worm? Cuz he was one of the guys to squawk about this, and Microsoft did come out with a patch. Why do folks defend Microsoft? Are you worried that they might lose money fixing their code? I mean, what's the deal people?
He loves to cry about the end of the digital world type scenarios, perhaps because he really believes it, or perhaps because it gets him more business.
What end of the world scenario? Care to print a link. Yeah, like got any evidence, any source for your statement? Just curious.
Now if you're talking about Microsoft's lousy security, and that Gibson thinks Microsoft should fix their crap, well, you got that right. Further, thing of it is, the U.S. is not very serious about cyberwarfare, but China is. And someday you might want to thank people like Gibson.
I've no idea what SuperSystemDefender is, never heard of it. He sells SpinRite, a commercial product for system restore and recovery, written entirely in assembly, and it's , been selling it for years, in fact I used it since Win 3.0. Read the reviews - it's an excellent product. He does have a bunch of freeware programs available on his site to test your Windows security. Free, not shareware. He even recommends ZoneAlarm, as one of the few decent firewalls.
As far as hype, I think you're confusing hype, like Microsoft hyping Vista, with real security issues, such as DOS (Denial Of Service). Since when is this hype? I'm curious. Gibson makes alot of squawking, but he backs it up. He found issues with Microsoft's raw sockets, and they took it out in SP2 - that was fairly important security fix, wasn't it? I'm curious how that's bomb throwing, when Microsoft went and fixed it. [What I'm really curious about is why folks get so defensive about Microsoft and security. Why attack the whistleblower?] If that's hype, well, more power to the guy. If it helps him sell a few copies of SpinRite, or get a few visitors to his excellent site, so what? I could think of worse things - like spreading FUD, say. Or like selling a product full of security holes, taking a long time to fix them, and furthermore, sometimes not even fixing them.
Think of a bug. Crashes your system, or something goes awry. But execute the code at the next byte after the SETABORTPROC, in a data file, where SETABORTPROC makes no sense, when you set the record size to 1, and impossible value? Nah, that's not a bug, that's more like what a hacker *tries* to do on purpose, think of a Buffer overrun exploit, here Micorsoft made it easy. [Now, with all the howling and outcry about this, understand the Gibson is *not* saying _why_ this code is here, he's only saying it's a backdoor. No conspiracy stuff, Microsoft out you get you. Best guess, this is more along the lines of the Wal * Mart hacker futzing with the keys in the whole Planet of the Apes fiasco. Who wrote it? Why? Who knows? That's the issue with closed source.]
With SETABORTPROC, this is a callback, you are handing windows a pointer. There are two things that Steve points out, if you read the article (sigh, this is Slashdot, I know): There is no point for the SETABORTPROC record to be in the file, it makes no logical sense. It's a callback, a common technique used for one process to communicate with another, in this case when you cancel a print job, it's a way for Windows to make a "callback" to the application to say, hey, the user quit printing. But it makes no sense in a WMF...except...
And secondly, unless you set the size of the record to 1, which is an impossible value, it doesn't work.
Now think for a minute, how you write backdoors. You don't use a possible value, the programmer here is kindly making sure you can't just happen to fire this off, if you also happened to have a SETABORTPROC unecessarily in your file. Design by Contract, Microsoft Style ;)
Geez, I'm really curious why every time there's a Microsoft security issue, all the Slashdotters run to the defense of Microsoft (while at the same time patching their system one must assume). Gibson a Bomb Thrower? So MS Blaster is no big deal? All the noise about raw sockets - and yet - this was one of the big fixes for "service" pack 2? Really people, I gotta wonder. Obviously you are not in charge of any secure networks, or maybe y'all are running Unix.
(Defending Microsoft - only on Slashdot. Ok, so some monkees tapping on a keyboard while the programmer wasn't looking snuck this code in ;)
First of all, Gibson is no bomb thrower, he's uncovered some pretty serious security issues with Microsoft. I'd suggest reading his web site - he's a very thorough person, and doesn't make any wild unsubstantiated, naive, biased claims, like, say, Slashdotters. He's a long time Windows user, not a Mac fan, nor an open-sourcer (at least until recently, for reasons like this)Now, to quote the transcript, curious where you would even be able to make the claim that that this *isn't* a backdoor:
Yeah, he's saying this is a deliberate backdoor. Listen to the article or read the transcript, then think about it a little. Now, he's not saying *what* Microsoft put this in for. Did someone put this in for testing -that's my take, from a programmer perspedctive but .. who the heck knows. That's sorta the problem with proprietary software, we might never know. Buyer beware.