I have been purely running Linux at work for about the last year - previous to that it was a bit of a mix or XP and Linux. I recently got myself a shiny new machine at home and I opted to have Windows XP Home installed for games and the girlfriend and dual-boot into Linux for development work.
After using Linux for so long, Windows REALLY PISSES ME OFF. I can now see why Microsoft believe why security and usability don't go together, but only on Windows (On Linux its not a problem, IMHO)!
I run Windows from a non-administrator account, as is sensible and good for security reasons. The problems are as follows:
1) when I download a program and want to install it, I download it as non-admin user to my downloads directory. I then open said directory in Explorer, right-click, select Run As... , select Admin, provide password, seems to run fine until I get an error saying that Admin cannot read a file, blah , blah, blah. Bit strange, as it could read the installer to run the file....
So, while still logged on as a regular user, I copy the file (file X.exe now called Copy of X.exe), right-click, select Run As..., select Admin, and this time it works!! For the love of all that is holy what is going on here?!?!?!
2) On XP home there is a weird file permissions mechanism unlike on XP pro. For some reason, when logged on as Administrator, I cannot modify another users files. This is fact. You can Google for this, as I am too lazy to provide a link. For the love of all that is holy what is going on here?!?!?!
3) what the fuck is fast user switching all about? It's crap and it's slow. When I try to access admin functions from a non-admin account can't I be prompted for a password for the Admin user?!! Why can't I run the control panel using Run As... in a non-admin account??? There is no obvious way to do it. I have to keep "Fast" user switching all the fecking time.
4) When having logged on as Admin, then switched to a non-admin account via "Fast" user swithing without logging off Admin user, the non-admin user still gets application windows popping up from the Admin login! (MSN Messenger being the prime culprit). Bit of a security problem you would think.
Anyway, I look forward to hearing like-minded criticism, solutions, suggestions, where to buy good stress toys and such.
Thanks for reading:0)
I find it interesting that 3000 people getting killed at one time requires extra FBI powers, invasion of privacy, etc. but the fact that about 40,000 people die from gun related incidents in the US every year and that's just considered normal.
US citizens are over 100 times more likely to be killed (deliberately or accidentally) by another American with a gun, than by a terrorist.
I guess the point is that terrorism has just become a government excuse for more control over the population. It's obvious why this has been permitted: people like simple explanations; they can conceptualize and focus on a single foreign enemy, but can't really grasp 40,000 one-off incidents as a problem. Plus hypocracy and patriotism plays a big part.
....the contents of the email you were in the middle of sending when the program crashes? There's no way Windows could 'know' how to interpret a programs data unless that program was actively supporting the blackbox.
That would lead me to the conclusion that this feature of Windows will only work if apps are specifically coded to integrate with the blackbox.
Unless of course, it just takes a snapshot of the programs heap and stack....
JNI is inefficient and cumbersome. Furthermore, it requires you to compile and ship separate versions for every single target CPU. In C#, unsafe code is portable and WORA (and that's not a contradiction in terms).
Portable?! Um... yeah portable accross all Windows platforms if you are lucky, and even that depends on what you do inside the unsafe code
I just went to the site and it appears that *anyone* can change it. I just clicked 'edit' and it allowed me to make changes!
But I am a nice person, so I undid my changes;-)
Just because something is IO-bound doesn't mean that it is impervious to bounds checking.
Maybe I wasn't clear, but that was not was I meant to imply. The only situation I can think of where it is may be considered worthwhile to omit bounds checking is when performance is imperative, BUT this performance hit is small compared to the delays caused by IO anyway (such as when reading a stream from a socket or a file). Even so , in my devlopment experience of > 10 years I have *never* seen a situation where bounds checking has caused a performance problem of even a detectable change in performance.
Whenever I have developed in languages that do not support automatic bounds checking, I encapsulate array so that it can only be access through a mechanism that performs bounds checking. The actual array is not visible to any other part of the code at build time, so the other code cannot bypass this mechanism
There are a lot of things in software that are trivial to implement correctly. The problem is not difficulty but getting rid of laziness and false beliefs (performance problems with bounds checking). Implementing bounds checking is inherently an if test that operates on the known upper and lower bounds and an index that may or may not be within that range. If that is too difficult for a developer to comprehend then they can F**K off and go home. They don't deserve a job. Seriously, give me a break!
Er, yes I do know what I am talking about! You should run your own code through a profiler and I assure you, bounds checking is NOT where your performance problem is. Turning the bounds checking off in release mode accomplishes NOTHING. Get over it.
... at the horrendous software implementation errors that people are still making in this day and age. *There is no reason for buffer overflows to happen* . Every PC bought in the last five years (at least) is fast enough to bounds check every array / buffer access for all but the most performance-driven applications. Loading a JPEG from a stream is IO-bound enough for bounds checking to be negligible.
From what I read, I gather that buffer overflows account for a large portion of all platform vulnerabilties - Intel & AMD have even implemented a 'no execute' feature in their latest CPUs to go someway to counteract this. I see this as useful, but perhaps overkill - it is *simple* to avoid buffer overflows and the 'no execute' feature could potentially impede devlopment of programs that generate code on the fly (such as Java VMs). The low-level programmers that have been developing C for 20 years just need re-educating. Somebody should tell them computers run at more than 8mhz now...
(That last comment is not meant to be taken too seriously)
I went to http://www.filemirrors.com and they have two seperate files that look like the service pack:
xpsp2_RTM_ENU.exe
WindowsXP-KB835935-SP2-ENU.exe
does anybody know whaty the difference is? which one is the official one? (if any)....?
Re:Isn't every object in the solar system unique
on
Wild 2 Comet Analyzed
·
· Score: 1
I visited Santorini about 6 years ago, and our guide said that yes, the island did go Krakatoa (not in those exact words). The island is a horse-shoe shape. One side of the island got completely blown away in the erruption same as what happened to Mt. St. Helens.
It's a beautiful place though and well worth checking out. Incidentally, it's also the island where Anne Rice's vampire character 'Marius' lived, and kept the King & Queen of the vampires. I was reading The Vampire Lestat whilst on the ferry from Crete to Santorini. I nearly shat myself. I read that part about Marius on the way...
Actually, red-shifting can be explained without resorting to space-time being stretched. But space-time stretching *will* contribute to a red-shift.
Objects flying apart at significant fractions of C will exhibit redshift when observing one object from the other regardless of whether the space in between is 'getting bigger'.
My head hurts.
I always thought that predicting specific weather at a specific time was supposed to be extremely difficult due to the chaotic nature of the weather systems, but on a larger more fuzzy timescale you can predict more general trends.
Are there any climatologists on/. that can back be up on this?
Er, what planet have you been on lately?!!
Server-side Java is sufficiently fast and scalable to handle huge server applications in a very efficient manner. JVMs have come a long way in the last couple of years.
I agree that you could make a faster application if it was written in C++ or whatever, but what's the point? It would take much longer to develop and maintain therefore the cost would be higher. The extra cost of a greater development time could pay for many more beefier servers anyway, if speed is such an important issue. Hardware is cheaper than many more man days development time.
As for your point about cross-platform languages for servers - that is just the most naive statement I have ever heard. It has always struck me as fantastic that you can deploy your product on many different server OSs without any porting required!!
Wake up.
Slashdot Mirror
I have been purely running Linux at work for about the last year - previous to that it was a bit of a mix or XP and Linux. I recently got myself a shiny new machine at home and I opted to have Windows XP Home installed for games and the girlfriend and dual-boot into Linux for development work. :0)
After using Linux for so long, Windows REALLY PISSES ME OFF. I can now see why Microsoft believe why security and usability don't go together, but only on Windows (On Linux its not a problem, IMHO)!
I run Windows from a non-administrator account, as is sensible and good for security reasons. The problems are as follows:
1) when I download a program and want to install it, I download it as non-admin user to my downloads directory. I then open said directory in Explorer, right-click, select Run As... , select Admin, provide password, seems to run fine until I get an error saying that Admin cannot read a file, blah , blah, blah. Bit strange, as it could read the installer to run the file....
So, while still logged on as a regular user, I copy the file (file X.exe now called Copy of X.exe), right-click, select Run As..., select Admin, and this time it works!! For the love of all that is holy what is going on here?!?!?!
2) On XP home there is a weird file permissions mechanism unlike on XP pro. For some reason, when logged on as Administrator, I cannot modify another users files. This is fact. You can Google for this, as I am too lazy to provide a link. For the love of all that is holy what is going on here?!?!?!
3) what the fuck is fast user switching all about? It's crap and it's slow. When I try to access admin functions from a non-admin account can't I be prompted for a password for the Admin user?!! Why can't I run the control panel using Run As... in a non-admin account??? There is no obvious way to do it. I have to keep "Fast" user switching all the fecking time.
4) When having logged on as Admin, then switched to a non-admin account via "Fast" user swithing without logging off Admin user, the non-admin user still gets application windows popping up from the Admin login! (MSN Messenger being the prime culprit). Bit of a security problem you would think.
Anyway, I look forward to hearing like-minded criticism, solutions, suggestions, where to buy good stress toys and such.
Thanks for reading
I find it interesting that 3000 people getting killed at one time requires extra FBI powers, invasion of privacy, etc. but the fact that about 40,000 people die from gun related incidents in the US every year and that's just considered normal.
US citizens are over 100 times more likely to be killed (deliberately or accidentally) by another American with a gun, than by a terrorist.
I guess the point is that terrorism has just become a government excuse for more control over the population. It's obvious why this has been permitted: people like simple explanations; they can conceptualize and focus on a single foreign enemy, but can't really grasp 40,000 one-off incidents as a problem. Plus hypocracy and patriotism plays a big part.
That would lead me to the conclusion that this feature of Windows will only work if apps are specifically coded to integrate with the blackbox.
Unless of course, it just takes a snapshot of the programs heap and stack....
I just went to the site and it appears that *anyone* can change it. I just clicked 'edit' and it allowed me to make changes! But I am a nice person, so I undid my changes ;-)
Maybe I wasn't clear, but that was not was I meant to imply. The only situation I can think of where it is may be considered worthwhile to omit bounds checking is when performance is imperative, BUT this performance hit is small compared to the delays caused by IO anyway (such as when reading a stream from a socket or a file). Even so , in my devlopment experience of > 10 years I have *never* seen a situation where bounds checking has caused a performance problem of even a detectable change in performance.
Whenever I have developed in languages that do not support automatic bounds checking, I encapsulate array so that it can only be access through a mechanism that performs bounds checking. The actual array is not visible to any other part of the code at build time, so the other code cannot bypass this mechanism
There are a lot of things in software that are trivial to implement correctly. The problem is not difficulty but getting rid of laziness and false beliefs (performance problems with bounds checking). Implementing bounds checking is inherently an if test that operates on the known upper and lower bounds and an index that may or may not be within that range. If that is too difficult for a developer to comprehend then they can F**K off and go home. They don't deserve a job. Seriously, give me a break!
Er, yes I do know what I am talking about! You should run your own code through a profiler and I assure you, bounds checking is NOT where your performance problem is. Turning the bounds checking off in release mode accomplishes NOTHING. Get over it.
... at the horrendous software implementation errors that people are still making in this day and age. *There is no reason for buffer overflows to happen* . Every PC bought in the last five years (at least) is fast enough to bounds check every array / buffer access for all but the most performance-driven applications. Loading a JPEG from a stream is IO-bound enough for bounds checking to be negligible.
From what I read, I gather that buffer overflows account for a large portion of all platform vulnerabilties - Intel & AMD have even implemented a 'no execute' feature in their latest CPUs to go someway to counteract this. I see this as useful, but perhaps overkill - it is *simple* to avoid buffer overflows and the 'no execute' feature could potentially impede devlopment of programs that generate code on the fly (such as Java VMs). The low-level programmers that have been developing C for 20 years just need re-educating. Somebody should tell them computers run at more than 8mhz now...
(That last comment is not meant to be taken too seriously)
I went to http://www.filemirrors.com and they have two seperate files that look like the service pack: xpsp2_RTM_ENU.exe WindowsXP-KB835935-SP2-ENU.exe does anybody know whaty the difference is? which one is the official one? (if any)....?
heh heh heh - quality comment!
I visited Santorini about 6 years ago, and our guide said that yes, the island did go Krakatoa (not in those exact words). The island is a horse-shoe shape. One side of the island got completely blown away in the erruption same as what happened to Mt. St. Helens. It's a beautiful place though and well worth checking out. Incidentally, it's also the island where Anne Rice's vampire character 'Marius' lived, and kept the King & Queen of the vampires. I was reading The Vampire Lestat whilst on the ferry from Crete to Santorini. I nearly shat myself. I read that part about Marius on the way...
Actually, red-shifting can be explained without resorting to space-time being stretched. But space-time stretching *will* contribute to a red-shift. Objects flying apart at significant fractions of C will exhibit redshift when observing one object from the other regardless of whether the space in between is 'getting bigger'. My head hurts.
I always thought that predicting specific weather at a specific time was supposed to be extremely difficult due to the chaotic nature of the weather systems, but on a larger more fuzzy timescale you can predict more general trends. Are there any climatologists on /. that can back be up on this?
Er, what planet have you been on lately?!! Server-side Java is sufficiently fast and scalable to handle huge server applications in a very efficient manner. JVMs have come a long way in the last couple of years. I agree that you could make a faster application if it was written in C++ or whatever, but what's the point? It would take much longer to develop and maintain therefore the cost would be higher. The extra cost of a greater development time could pay for many more beefier servers anyway, if speed is such an important issue. Hardware is cheaper than many more man days development time. As for your point about cross-platform languages for servers - that is just the most naive statement I have ever heard. It has always struck me as fantastic that you can deploy your product on many different server OSs without any porting required!! Wake up.