In our twenty thousand years along the Path of Now and Forever we have dominated thousands of species, yes but we have saved hundreds from extinction. You imagine the threat of unknown invaders, or alien pestilence borne on the solar wind. We have seen these. But you do not acknowledge your own worst enemy, yourselves. We have found dead worlds without number, planets ravaged by atomic fire or gaian collapse. These planets were not rendered sterile by outside forces. They bear sad testament to the effects of unrestrained instinct and emotion or simple ignorance. We will prevent such mistakes.
To be clear: a user's private keys are only lost when the user's password is forcibly changed by an admin. The normal procedure of having the user change their own password simply transfers the keys.
Ideally you'd be able to export the Encryption key for your data onto a USB stick of floppy disk.
Your wish is granted. Open certmgr.msc or add the Certificates snap-in to a mmc window. Your personal keys are located in the Personal\Certificates folder, including the one for EFS (note that there won't be an EFS cert until you actually encrypt something). In the right-click->All Tasks menu there is an Export option. Make sure that you select the option to export the private key and you will get a.pfx file that will contain the unencrypted (unless you specify a seperate passphrase for the pfx file) public and private keys that can be saved for later or transferred to other users or computers. To import a cert, right click in the empty space under the existing certs and select import.
Another way to avoid encrypted file loss is to designate a recovery agent.
Actually, in NT's case ACLs are an OS feature because all kernel objects exported to user mode (including events, mutexes, semaphores, processes, threads, sections, files, and registry keys) have a security descriptor, which includes a discretionary ACL that controls access, an owner and a system ACL that controls auditing (and mandatory access controls in Vista). The behavior and interface for all SDs in NT are the same. The fact that some filesystems like FAT don't support ACLs means that they are crippled in NT, not that some filesystems like NTFS support ACLs and so are special.
That said, ACLs are a good example of something that's well done in general on NT but are way too complicated for home user use. The old UNIX ogw/rwx would've been much better. NT's security model is too complicated for most software devs too; most assume full access to everything and leave new objects with default security.
One small correction: NT 3.1 released in 1993 and had all of the features you mentioned, except for OpenGL which was added for NT 3.5 in 1994.
Microsoft released an OS ahead of its time for general purpose desktop use in 1993 that was a bit too heavy (16MB minimum was a lot; people choked on Win95 needing 4-8MB two years later) and has made some improvements since then. Windows 2000 added the modern plug and play and USB support that NT has now (Linux didn't have plug and play, power and ACPI support as good in 2000, maybe even now). The kernel hasn't changed much (biggest change was the plug&play system) since its first version even when compared to Vista, because it was done properly in the first place. The subsystems that aren't so well done like the Win32 environment and even the shell (a security disaster and way too single threaded) are apprently the sames ones that will be in Vista. Originally I had heard that these were being completely rewritten, with Win32 being superceded by.NET, but those were the first features to go in the big 2004 restart.
One of the big features of Vista is supposed to be the addition of a resolution-independent scaling layer. The sad thing is that the GDI in NT 3.1 supported page-space scaling (same thing that's used to scale for DPI on printers, which is just another display device). There is also support for world transformations (that no one uses because 9x doesn't support it) that can scale and rotate all GDI output (drawing, bitmaps, fonts, etc.) that could surely be extended to the entire screen. Microsoft just has never bothered to go that last step to actually use it.
All of the new security stuff (with the exception of mandatory access controls) is done in user mode, mostly in the shell. LUA was very much supported in NT 3.1. What Vista is adding is a hack layer that lets apps think they are running as admin when they really aren't and popping up a dialog when that doesn't work. Microsoft could've been implementing role-based security control (i.e. your email app has the intersection of access between you the user and what email apps can do) since NT 3.1 with optional SIDs or even better the deny-only SIDs introduced in Windows 2000. AFAIK, no mainstream desktop OS is doing that right now. Microsoft should be doing something new and exciting but instead they are struggling with minor improvements. I know that they have a LOT of compatibility baggage to lug around, but there must be something bigger holding them back.
Re:Mr. Thurrott forgives Microsoft
on
How Vista Disappoints
·
· Score: 2, Informative
Yes, it's possible to deny even Administrators access to files. However, Administrators also have a privilege that trumps it: the SeTakeOwnershipPrivilege. The owner of an object can always set the discressionary list (the one that controls access) and the take ownership privelege lets someone become the owner of an object regardless of permission. In other words, open the security dialog, click advanced, open the owner tab, set the owner to yourself or the admins group, and click OK for both dialogs. You can now assign a new access list with the add button. Administrators also have the SeRestorePrivilege which allows one to open a file for full access, as if to "restore" data or security properties from backup, but there's no convenient way to exploit this for a single file.
The reason it's setup this way is so that administrators can be held accountable in an audit log when overriding security settings, so that it's obvious when a file's access control has been forcibly changed. It's a good policy... for high security multiuser systems that Windows rarely runs on. It's not so great for your mom's desktop.
C:\WINNT\system32\drivers\etc\hosts BUILTIN\Users:R BUILTIN\Power Users:R BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F
Normal and power users get read, Administrators and SYSTEM get full control, all inherited from the drivers directory.
You're absolutely right about the root problem as running everything as admin. Almost all the malware that I've seen fails miserably unless run as admin, and that which does run can't infect the entire system. I guess the users that know enough to run as a normal user are the same ones that avoid that crap in the first place.
Then it's a problem with Oracle itself, because I've run MySQL, Postgres SQL and MSSQL on Windows as a limited user without problems (the last two insist on it during installation). I bet that Oracle will run as a limited user if you would bother to configure it to run that way.
But let's also be honest about where it isn't. For instance, it uses two rings of protection rather than the four available, which translates into more possibilities for errant drivers and such to bring down the kernel.
As another poster pointed out, NT was originally designed to run on RISC platforms that had only two privilege levels. To add support for the 386 family's extra rings would be almost as complicated as just moving the target drivers into user mode like MS is now. The only thing that 'safe' drivers would be able to do without risking the system is basic processing, just aw well done in user mode, anyways.
Also, it was designed for a single-user environment, and although improved over the years, lacks certain security facilities that other operating systems such as OpenVMS have.
NT's kernel has been fully multi-user from the beginning. It's the Win32 subsystem that has added some support as an afterthought. I'm not that familiar with (Open)VMS's security model, but does it include Restricted Tokens? I assume it supports impersonation. Does it support the same access model for all sharable objects? Vista is even adding support for Mandatory Access Control (finally).
As for quotas, each process is assigned a Quota Block (not officially documented) which tracks and limits kernel memory usage, to charge processes for the objects they have open. Using Job Objects, a large set of resources can have quotas assigned, including total memory usage, working set, cpu time, cpu affinity and process count. Win32 even puts a quota (default both 10000) on the number of USER and GDI objects a process can create. There aren't any network quotas (except possibly QoS?) and I'm sure there are a few others that aren't tracked.
Even with quotas, a system where bad software is allowed run locally isn't too hard to DoS. I was amazed by how easily an AS/400 I was working on was bogged down by a spinning interactive program. I could hardly do anything until it was fixed. On most systems where you have local access, there's always some unchecked and esoteric resource that someone can hog.
The 64 bit number of 100ns intervals since 1601 IS the standard time format: it's the format the kernel uses for all time moments and measurements. 1ms would've been too inaccurate and 10ns would've been unnecessary. It's nice that consumer PCs don't have that kind of resolution, but the RISC machines that NT was originally designed to run on do. Since 32 bits of 100ns would've been too short, 64 bits is the next step. Why spend all that range only on the upper end?
sAMAccountName doesn't do the same thing as uid, so of course the properties don't have the same name. The sAMAccountName (IDK why it's captalized that way) is the short name for the account inside the domain and needn't be unique. The primary key for an account is the objectSid property; SIDs have been the unique keys for accounts as long as NT has existed. The uid property is only used for SFU when the account is used by the User Name Mapping service.
Security... how many holes today?
How many because of kernel design flaws? How many because the kernel's security services weren't used properly (or at all) like the parent was saying?
Actually, if you're using NTFS, the data will be stored directly in the file entry in the MFT, taking zero dedicated clusters or sectors. The maximum size for this to happen is like 800 bytes.
Here's a short description of how NTFS allcates space. On volumes larger than 2GB, the cluster size (the granularity the FS uses to allocate space) was 4k already unless you specified something else when formatting the drive. Also, Windows NT has supported disk sector sizes larger than 512 bytes for a long time; it's just that anything else has been rare.
Sure, extreme libertarianism is just as bad as extreme communism, or extreme anything. The real question is about where the balance is, and how to use the appropriate ideology's tools according to each individual situation. It's harder than applying gross generalizations, but real success usually is hard.
Personally, I think that the US government today is too socialistic and should become more liberitarian. This is not the same thing as advocating extreme libertarianism. The amount of money that the government redistributes is a bit excessive from my point of view, considering its inefficency. Still, I feel that the government fufills a vital role, one which there is no known replacement.
Voting in a few libertarian law makers isn't going to give them the power to abolish the government's critical services. What it may do is to reduce the cost of the most wasteful government programs by shifting the balance a little.
Actually, at the kernel level, almost everything that is a file in UNIX is also a file in Windows NT. Disk files, sockets, serial ports, pipes, raw devices and busses, the display (see \Device\Video0), serial and parallel ports, USB devices, network disk files, the null device, etc. Look in the \Device directory with WinObj or WinObjEx. All of the Device objects dispense File objects to represent connections.
There are some things that aren't files, like process information and configuration information (registry key values). One thing that Windows does more consistently than UNIX is to have a single namespace for all named objects, instead of having different ones for files, events, mutexes, etc.
At higher levels, I'd have to agree that Microsoft's consistency drops off considerably.
What was wrong with the Windows registry was its corruptible, unrecoverably binary format and the random distribution of keys between the system and user registries. GConf does not have executable keys. GConf does not let one user change system preferences unless that user is root. If a GConf configuration gets corrupt, that corruption is localized to the specific corrupt file, and the user can try to repair that file because it's XML and not some undocumented binary format.
A corruptable binary database, you mean like a filesystem's database of file metadata? What's the difference there in having 10 keys in a binary registry database as opposed to 10 files in a binary filesystem's database? That's why they're both protected by a transaction journal on Windows.
What, exactly, are these executable keys that you're implying that the Windows Registry has? Key values are data. Executables require a filesystem that supports memory mapping.
Each key in the registry has an ACL. Only SYSTEM and members of the Administrators group can write to the keys outside those in the user's profile (by default).
If a registry hive were to become corrupt, that corruption is localized to the specific registry hive. The corruption is normally corrected silently and automatically by the associated journal.
The kernel decides how real memory maps to applications. Applications don't get to decide which chunks of memory in the system they get -- the kernel does. The system heap can get just as fragmented as an application's heap.
That's a good point, but does it really matter how a process's physical pages are arrayed? Does the CPU actualy cache memory in chunks larger than a page? A fragmented heap will lead to wasted space because there will be empty chunks that are too small to fill the needed allocations, and can lead to poor locality in virtual memory which can cause a page to be marked active for a few bytes, but when all the pages are the same size those things don't apply. Those are problems at and above the virtual page level. The only other thing I can think of is for NUMA systems, and in that case, apps DO have some control over physical memory.
Process memory allocation != heap allocation. The smallest amount of memory the kernel can allocate to a process is one page, which is 4096 bytes on the i386 architecture. Linux operates exactly the same way. To request more memory be committed and mapped in a process, the NtAllocateVirtualMemory syscall is used. 4096 bytes is much too large for most general purpose allocations, so a heap structure is used to further divide up the memory size. The standard heap code (used by the Win32 heap functions and Microsoft's C runtime) resides in ntdll.dll, and are executed entirely in user mode. When the heap code needs more pages to expand the heap, it surely does call NtAllocateVirtualMemory, but most allocations are done on a much smaller scale.
XP introduced (and had backported to 2000) the Low Fragmentation Heap option that uses presized buckets to reduce long term fragmentation. That's the only thing I can think of that they could be talking about. It's part of the standard heap code in ntdll running in user mode.
Microsoft certainly didn't rewrite "large parts of the kernel." If they were going to do something on that scale, you'd think they would ditch (or at least marginalize) the awful Win32 subsystem, but they aren't. This is one of the worst attempted technical articles I've seen in a while. Besides, the kernel never was the weak point in Windows NT's (yes, Vista is still NT) security model, or as an OS in general.
I'm not going to call you a troll, but I will call you wrong. The Win 95/98/ME platform has a totally different architecture than the Win NT/2000/XP platform. And you know what? Most (not all) programs work fine on either one. Compare that to Apple. Can you run a 10 year old application on OSX? Can you run an OSX app on a 10 year old Mac? Nope, and nope.
You've got a point that the base system (Win32 interface, services and below) from Win9x is completely different from NT. Still, the higher layers, (esp. the shell) have been back ported again and again from 9x onto NT. NT 3.1 got the DOS/Win3.1 shell with a few modifications for multi-user support. NT4 got the shell from Win95 with minor modifications. Win2k got 98's shell with minor modifications. Many of the security vulnerabilities (all the IE and shell stuff) in NT came from the design and code lightly ported from the 9x line for ease and compatibility.
Also, although the 9x and NT lines are separate, each successive version in the same line used almost all the code from the previous version. I bet that 75% of the code in NT 3.1 is still present in Vista, and that each release kept about 90% of the previous version in the same line. Each new version adds tons of new code, while removing or replacing very little.
As to whether that was a good idea or not, it certainly allowed for a great deal of compatibility between the different versions. Drivers can be written that will run in both NT 3.1 and Vista, and not just trivial ones but for things like filesystems and disk controllers. How many other kernels can do that across four major versions? (Vista is NT6) Unless MS is actually ditching the Win16 subsystem in Vista (which I doubt for the 32bit versions), it'll still be possible to run apps written for Windows 1.0 with full functionality. OTOH, those ancient single-user versions of Windows with no security bring a lot of compatibility baggage that leads to things like shatter attacks, WMF code execution, a messaging system that allows a single buggy app to stall certain operations, and weak encryption (i.e. LanMan compat).
However, as everyone knows, not everyone is wealthy in the US. In short this is to help avoid the sentence "Sorry, Mommy can't read to you tonight, she needs to whore to get money for the heating." If prostituion were legal, the poor would be forced to whore.
How is that forcing? The alternative in your example is that Mommy has no means to pay for the heat so they freeze. If she had a better way to pay for it, she'd be doing it already. Apparently, Mommy feels that the money earned from prostitution is worth what she can buy with it, or she wouldn't have chosen that job. Even if prostitution is available, Mommy is still free to find some other way to make money (or spend her time/effort some other way) if she feels that prostitution isn't giving her an acceptable return.
There are poor people. How is removing options for employment going to make their situation any better? If prostitution was an option, it would only increase the demand for cheap labor, raising its cost (i.e. raising individual wages for all the other jobs that those people could be filling).
There's always above/below normal for a compromise. I've been happy with Windows NT's priority system; if a background app is making my other programs laggy, setting it to low always fixes it for me. I think the flash plugin starts its own worker threads to do the heavy lifting: setting those to low priority could make flash slow without sacraficing the rest of the browser. Really, the best way is to avoid running those flash ads in the first place with flashblock.
Mess with the RawInputThread scheduling? Sounds like something fun to try. The idle thread is already at zero priority, so I'd have to raise it before anything could be below it. I can't think of any way to do that offhand. The RawInputThread is hosted in csrss, a process that is already at high priority, a level above many passive-level kernel operations. Anyways, I set the priority of the entire CSR process to normal, below normal and idle priority levels while running an infinite loop at normal priority. CSR at normal didn't seem much different, below normal was noticibly lagging in sending keyboard and mouse events and animations like the fade menus, while the thread waits for the completed-io and starvation boosts to raise the dynamic priority high enough to actually get anything done. CSR at idle priority was awful, but still recoverable: it took 15 seconds for CSR to send one click, delete and enter key message to tell Process Explorer to kill the hog (after which everything was fine). The mouse cursor itself wasn't affected, even with hardware accel set to none and the hog process running at 'realtime' priority. Updating the cursor must be handled in a DPC or something.
You know, there's a great feature of all modern preemptively multitasking operating systems: priorities. Whenever the OS is looking for programs that need CPU time, it always goes to the one with the highest priority. This priority is inherited by any new child processes.
On Windows, you can use the Task Manager to set the priority of currently running processes, and the start.exe program to set the priority upon launch (see start/? for details). For example, set the shortcut for launching your favorite browser to "start/low <rest of command line> and it'll start with low priority.
On Linux and many unicies the program nice is used to start a new program with a different priority. Set your browser lanuching command line to nice <rest of command line> for the default lower of priority. See man nice(1) for details.
This should fix the effect that the flash ads running in the brower have on your compilations, but won't help with heat or power consumption (the brower will still be churning the rest of the time). Like you mentioned, that's what adblock/flashblock are for; prevent them from running in the first place.
Were this a change posted to a linux page it would read: "Add a DWORD named EnIdleEndpointSupport with value 1 to HKLM\SYSTEM\CurrentControlSet\Services\USB", only it would be in a/etc config file. The parent just lists it step-by-step. Alternatively, on XP, just type this into a terminal:
I think the main issue is that the the ability of someone to give consent for sex is tied to an arbitrary metric: age. There is an established "age of consent" and there is an "age of majority", but where did these numbers come from? What makes them so precise that they can be applied to everyone without individual consideration?
People (even kids) are different; they have all have different levels of maturity and judgement. Trying to cram that diversity into a single hard number denies this. That the group is more likely to be immature isn't good enough. Applying a group tendency (that many under the age of consent are too immature to consent) to every individual (to everyone under the age, be denied the oppourtunity to consent) is called the fallacy of division, also known as a stereotype.
Current society and government have come up with these hard values. They have created a legal/social constraint that makes it illegal/a social taboo to be under age during consentual sex. Since they've created the constraint, the buden of proof is on them to justify it. Where are the studies on the effects of sex between consenting minors? Where are the attempts to find an objective and predictive measure for consent that is based on the individual? All I've heard is an appeal to tradition, and an appeal to popular belief. I'm sorry, but truth isn't a social phenomenon, and majorities are very good at oppressing minority groups with such appeals.
Actually, if you want to look at it from an evolutoinary perspective, people should be allowed to have sex once they naturally develop a sex drive. This is the way it happened before society added extra constraints, and the effects couldn't have been very damaging, or there would be a genetic predisposition to have it later (once it was safe).
You mentioned that this is an issue of parental control. I agree. This is another reason that this shouldn't be legislated: legislation isn't a replacement for parenting. I think that kids that have underage sex are much more concerned about what their parents think than what's legal.
Shouldn't the people involved be judged on a case-by-case basis, rather than make sweeping generalizations (absolutely enforced) that aren't even well supported? What if two 15 year olds, both mature and understanding, wanted to have sex with one another and had parental sanction? Under current social and legal rules, this is forbidden. Why?
That still leaves wide open the question of why the hell that 25 year-old wants to have sex with a 12 year-old kid?
Why does anyone want to have sex? Why can't the same reasons apply in this case?
Thats crap. First, if this code was available, it could be utilized by thousands of CS students as a learning tool (and thus additioanl eye-balls checking out the code).
Actually, I believe that most universities and their students can view the Windows source code, after agreeing to a non-disclosure agreement. It's not the same as open source, but it's still available.
Needless to say, Windows was designed as a non-networked, single user system. While they have cobbled together multiuser and network features, the history of Windows continues to plague the platform. Anyway you slice it, the optimal choice would have been to sandbox backwards compatibility and rebuild Windows from scratch (or from a solid network/multiuser code base).. sure the transition period might be painful, but I don't think it would have been nearly as painful as the continued security issues of the current code base.
Microsoft did that 12 years ago. They called it Windows NT, and the compatibility sandbox was called the Win32 subsystem (including Win16). WinNT has been a networked, secure, mulituser system from the beginning. The problem is that the sandbox's API and its compatibility with the old non-networked, single user, no security predecessor (DOS/Windows) never went away: it just got bigger and bigger, without an alternative from MS. Not switching to NT, but instead further developing the DOS/Windows line into Windows 95, 98 and ME didn't make things any better. Once XP finally replaced the old line with an NT, the amount of software written for the old API (Win95's implementation of basic Win32) had become much too large to ditch.
I was hoping that Microsoft would finally depreciate Win32 in Vista, but it doesn't look like that's going to happen. In fact, there is no official alternative API to the old Win32 API, except for.NET, which just sits on top of Win32 in current versions.
Wrong. With the registry, it's easy to exploit the system via mechanisms like DSO, or discreetly hiding things on startup.
On OS X, for instance, you can see what's starting up in/Library/StartupItems
Why is something more hidden simply by being in the registry, compared to being in some obscure config file? Windows could have a lot of different locations for startup items, regardless of how configuration data is stored. If Windows used an/etc type system, then there would be locations spread across multiple (equally obscure) text files instead. The registry itself is not needed for this. Also, I find it hard to believe that every possible way to start programs automatically on OSX exists solely in/Library/StartupItems.
It's just stupid to create a giant database that stores everything from filetypes to startup items to system configuration. Oh, and have fun when the file corrupts.
Just stupid. What an insightful and convincing reason.
The registry is journalled just like the filesystem is. I don't know about you, but I've never had a registry hive get corrupted on NT. Can you explain how it's more possible for a registry hive to get corrupted compared to the filesystem? How about more possible when compared to a XML or text file? In fact, if a program crashes while rewriting a text file, anything that didn't get written is automatically lost. A journalled binary database can simply roll back the transaction.
You make some excellent points. I'm afraid that my citing performance/scale is just grasping at staws. (though I bet your/etc doesn't have 131000 directories in it) I was thinking about 'why the registry' in this thread, and that's about the only reason I could come up with. I wonder how hard it would be to write a FS driver that would wrap the underlying registry up in a file like interface...
Like I said before, it's more a scale issue: filesystems don't handle large quantities of files and directories with tiny dataums very well. Like someone else mentioned, Windows has to be compatible with the FAT filesystems, which are not equipped to handle 100k directories. It might be possible to compress the directory structure to require less containers, but then you'd start sacraficing security granularity and common format structure.
Backups: RegSaveKey Network shares:Remote Registry service Searching, see Edit->Find in regedit, or write your own search prog in code. It's not going to be any harder to walk the registry tree than a filesystem tree. All kernel objects support auditing. See Edit->Permissions->Advanced->Auditing. Make sure object access auditing is enabled in the local security policy. Editing, see regedit. Diffing, export to a text reg and diff those. Inline commenting vs external help is a matter of style. Microsoft has opted for external help, but there's nothing stopping you or anyone else from attaching extra string values to a key for commenting purposes only. Windows already doesn't have a versioning filesystem (like VMS does), so any versioning system would have to be your own implmentation, registry or filesystem.
Slashdot Mirror
In our twenty thousand years along the Path of Now and Forever
we have dominated thousands of species, yes
but we have saved hundreds from extinction.
You imagine the threat of unknown invaders, or alien pestilence borne on the solar wind.
We have seen these. But you do not acknowledge your own worst enemy, yourselves.
We have found dead worlds without number, planets ravaged by atomic fire or gaian collapse.
These planets were not rendered sterile by outside forces.
They bear sad testament to the effects of unrestrained instinct and emotion
or simple ignorance.
We will prevent such mistakes.
Another way to avoid encrypted file loss is to designate a recovery agent.
See also How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP
To add a recovery agent for the local computer
Actually, in NT's case ACLs are an OS feature because all kernel objects exported to user mode (including events, mutexes, semaphores, processes, threads, sections, files, and registry keys) have a security descriptor, which includes a discretionary ACL that controls access, an owner and a system ACL that controls auditing (and mandatory access controls in Vista). The behavior and interface for all SDs in NT are the same. The fact that some filesystems like FAT don't support ACLs means that they are crippled in NT, not that some filesystems like NTFS support ACLs and so are special.
That said, ACLs are a good example of something that's well done in general on NT but are way too complicated for home user use. The old UNIX ogw/rwx would've been much better. NT's security model is too complicated for most software devs too; most assume full access to everything and leave new objects with default security.
One small correction: NT 3.1 released in 1993 and had all of the features you mentioned, except for OpenGL which was added for NT 3.5 in 1994.
.NET, but those were the first features to go in the big 2004 restart.
Microsoft released an OS ahead of its time for general purpose desktop use in 1993 that was a bit too heavy (16MB minimum was a lot; people choked on Win95 needing 4-8MB two years later) and has made some improvements since then. Windows 2000 added the modern plug and play and USB support that NT has now (Linux didn't have plug and play, power and ACPI support as good in 2000, maybe even now). The kernel hasn't changed much (biggest change was the plug&play system) since its first version even when compared to Vista, because it was done properly in the first place. The subsystems that aren't so well done like the Win32 environment and even the shell (a security disaster and way too single threaded) are apprently the sames ones that will be in Vista. Originally I had heard that these were being completely rewritten, with Win32 being superceded by
One of the big features of Vista is supposed to be the addition of a resolution-independent scaling layer. The sad thing is that the GDI in NT 3.1 supported page-space scaling (same thing that's used to scale for DPI on printers, which is just another display device). There is also support for world transformations (that no one uses because 9x doesn't support it) that can scale and rotate all GDI output (drawing, bitmaps, fonts, etc.) that could surely be extended to the entire screen. Microsoft just has never bothered to go that last step to actually use it.
All of the new security stuff (with the exception of mandatory access controls) is done in user mode, mostly in the shell. LUA was very much supported in NT 3.1. What Vista is adding is a hack layer that lets apps think they are running as admin when they really aren't and popping up a dialog when that doesn't work. Microsoft could've been implementing role-based security control (i.e. your email app has the intersection of access between you the user and what email apps can do) since NT 3.1 with optional SIDs or even better the deny-only SIDs introduced in Windows 2000. AFAIK, no mainstream desktop OS is doing that right now. Microsoft should be doing something new and exciting but instead they are struggling with minor improvements. I know that they have a LOT of compatibility baggage to lug around, but there must be something bigger holding them back.
Yes, it's possible to deny even Administrators access to files. However, Administrators also have a privilege that trumps it: the SeTakeOwnershipPrivilege. The owner of an object can always set the discressionary list (the one that controls access) and the take ownership privelege lets someone become the owner of an object regardless of permission. In other words, open the security dialog, click advanced, open the owner tab, set the owner to yourself or the admins group, and click OK for both dialogs. You can now assign a new access list with the add button. Administrators also have the SeRestorePrivilege which allows one to open a file for full access, as if to "restore" data or security properties from backup, but there's no convenient way to exploit this for a single file.
The reason it's setup this way is so that administrators can be held accountable in an audit log when overriding security settings, so that it's obvious when a file's access control has been forcibly changed. It's a good policy... for high security multiuser systems that Windows rarely runs on. It's not so great for your mom's desktop.
You're absolutely right about the root problem as running everything as admin. Almost all the malware that I've seen fails miserably unless run as admin, and that which does run can't infect the entire system. I guess the users that know enough to run as a normal user are the same ones that avoid that crap in the first place.
Then it's a problem with Oracle itself, because I've run MySQL, Postgres SQL and MSSQL on Windows as a limited user without problems (the last two insist on it during installation). I bet that Oracle will run as a limited user if you would bother to configure it to run that way.
As for quotas, each process is assigned a Quota Block (not officially documented) which tracks and limits kernel memory usage, to charge processes for the objects they have open. Using Job Objects, a large set of resources can have quotas assigned, including total memory usage, working set, cpu time, cpu affinity and process count. Win32 even puts a quota (default both 10000) on the number of USER and GDI objects a process can create. There aren't any network quotas (except possibly QoS?) and I'm sure there are a few others that aren't tracked.
Even with quotas, a system where bad software is allowed run locally isn't too hard to DoS. I was amazed by how easily an AS/400 I was working on was bogged down by a spinning interactive program. I could hardly do anything until it was fixed. On most systems where you have local access, there's always some unchecked and esoteric resource that someone can hog.
sAMAccountName doesn't do the same thing as uid, so of course the properties don't have the same name. The sAMAccountName (IDK why it's captalized that way) is the short name for the account inside the domain and needn't be unique. The primary key for an account is the objectSid property; SIDs have been the unique keys for accounts as long as NT has existed. The uid property is only used for SFU when the account is used by the User Name Mapping service.How many because of kernel design flaws? How many because the kernel's security services weren't used properly (or at all) like the parent was saying?
Actually, if you're using NTFS, the data will be stored directly in the file entry in the MFT, taking zero dedicated clusters or sectors. The maximum size for this to happen is like 800 bytes.
Here's a short description of how NTFS allcates space. On volumes larger than 2GB, the cluster size (the granularity the FS uses to allocate space) was 4k already unless you specified something else when formatting the drive. Also, Windows NT has supported disk sector sizes larger than 512 bytes for a long time; it's just that anything else has been rare.
Sure, extreme libertarianism is just as bad as extreme communism, or extreme anything. The real question is about where the balance is, and how to use the appropriate ideology's tools according to each individual situation. It's harder than applying gross generalizations, but real success usually is hard.
Personally, I think that the US government today is too socialistic and should become more liberitarian. This is not the same thing as advocating extreme libertarianism. The amount of money that the government redistributes is a bit excessive from my point of view, considering its inefficency. Still, I feel that the government fufills a vital role, one which there is no known replacement.
Voting in a few libertarian law makers isn't going to give them the power to abolish the government's critical services. What it may do is to reduce the cost of the most wasteful government programs by shifting the balance a little.
Actually, at the kernel level, almost everything that is a file in UNIX is also a file in Windows NT. Disk files, sockets, serial ports, pipes, raw devices and busses, the display (see \Device\Video0), serial and parallel ports, USB devices, network disk files, the null device, etc. Look in the \Device directory with WinObj or WinObjEx. All of the Device objects dispense File objects to represent connections.
There are some things that aren't files, like process information and configuration information (registry key values). One thing that Windows does more consistently than UNIX is to have a single namespace for all named objects, instead of having different ones for files, events, mutexes, etc.
At higher levels, I'd have to agree that Microsoft's consistency drops off considerably.
What, exactly, are these executable keys that you're implying that the Windows Registry has? Key values are data. Executables require a filesystem that supports memory mapping.
Each key in the registry has an ACL. Only SYSTEM and members of the Administrators group can write to the keys outside those in the user's profile (by default).
If a registry hive were to become corrupt, that corruption is localized to the specific registry hive. The corruption is normally corrected silently and automatically by the associated journal.
Process memory allocation != heap allocation. The smallest amount of memory the kernel can allocate to a process is one page, which is 4096 bytes on the i386 architecture. Linux operates exactly the same way. To request more memory be committed and mapped in a process, the NtAllocateVirtualMemory syscall is used. 4096 bytes is much too large for most general purpose allocations, so a heap structure is used to further divide up the memory size. The standard heap code (used by the Win32 heap functions and Microsoft's C runtime) resides in ntdll.dll, and are executed entirely in user mode. When the heap code needs more pages to expand the heap, it surely does call NtAllocateVirtualMemory, but most allocations are done on a much smaller scale.
XP introduced (and had backported to 2000) the Low Fragmentation Heap option that uses presized buckets to reduce long term fragmentation. That's the only thing I can think of that they could be talking about. It's part of the standard heap code in ntdll running in user mode.
Microsoft certainly didn't rewrite "large parts of the kernel." If they were going to do something on that scale, you'd think they would ditch (or at least marginalize) the awful Win32 subsystem, but they aren't. This is one of the worst attempted technical articles I've seen in a while. Besides, the kernel never was the weak point in Windows NT's (yes, Vista is still NT) security model, or as an OS in general.
Also, although the 9x and NT lines are separate, each successive version in the same line used almost all the code from the previous version. I bet that 75% of the code in NT 3.1 is still present in Vista, and that each release kept about 90% of the previous version in the same line. Each new version adds tons of new code, while removing or replacing very little.
As to whether that was a good idea or not, it certainly allowed for a great deal of compatibility between the different versions. Drivers can be written that will run in both NT 3.1 and Vista, and not just trivial ones but for things like filesystems and disk controllers. How many other kernels can do that across four major versions? (Vista is NT6) Unless MS is actually ditching the Win16 subsystem in Vista (which I doubt for the 32bit versions), it'll still be possible to run apps written for Windows 1.0 with full functionality. OTOH, those ancient single-user versions of Windows with no security bring a lot of compatibility baggage that leads to things like shatter attacks, WMF code execution, a messaging system that allows a single buggy app to stall certain operations, and weak encryption (i.e. LanMan compat).
There are poor people. How is removing options for employment going to make their situation any better? If prostitution was an option, it would only increase the demand for cheap labor, raising its cost (i.e. raising individual wages for all the other jobs that those people could be filling).
There's always above/below normal for a compromise. I've been happy with Windows NT's priority system; if a background app is making my other programs laggy, setting it to low always fixes it for me. I think the flash plugin starts its own worker threads to do the heavy lifting: setting those to low priority could make flash slow without sacraficing the rest of the browser. Really, the best way is to avoid running those flash ads in the first place with flashblock.
Mess with the RawInputThread scheduling? Sounds like something fun to try. The idle thread is already at zero priority, so I'd have to raise it before anything could be below it. I can't think of any way to do that offhand. The RawInputThread is hosted in csrss, a process that is already at high priority, a level above many passive-level kernel operations. Anyways, I set the priority of the entire CSR process to normal, below normal and idle priority levels while running an infinite loop at normal priority. CSR at normal didn't seem much different, below normal was noticibly lagging in sending keyboard and mouse events and animations like the fade menus, while the thread waits for the completed-io and starvation boosts to raise the dynamic priority high enough to actually get anything done. CSR at idle priority was awful, but still recoverable: it took 15 seconds for CSR to send one click, delete and enter key message to tell Process Explorer to kill the hog (after which everything was fine). The mouse cursor itself wasn't affected, even with hardware accel set to none and the hog process running at 'realtime' priority. Updating the cursor must be handled in a DPC or something.
You know, there's a great feature of all modern preemptively multitasking operating systems: priorities. Whenever the OS is looking for programs that need CPU time, it always goes to the one with the highest priority. This priority is inherited by any new child processes.
/? for details). For example, set the shortcut for launching your favorite browser to "start /low <rest of command line> and it'll start with low priority.
On Windows, you can use the Task Manager to set the priority of currently running processes, and the start.exe program to set the priority upon launch (see start
On Linux and many unicies the program nice is used to start a new program with a different priority. Set your browser lanuching command line to nice <rest of command line> for the default lower of priority. See man nice(1) for details.
This should fix the effect that the flash ads running in the brower have on your compilations, but won't help with heat or power consumption (the brower will still be churning the rest of the time). Like you mentioned, that's what adblock/flashblock are for; prevent them from running in the first place.
People (even kids) are different; they have all have different levels of maturity and judgement. Trying to cram that diversity into a single hard number denies this. That the group is more likely to be immature isn't good enough. Applying a group tendency (that many under the age of consent are too immature to consent) to every individual (to everyone under the age, be denied the oppourtunity to consent) is called the fallacy of division, also known as a stereotype.
Current society and government have come up with these hard values. They have created a legal/social constraint that makes it illegal/a social taboo to be under age during consentual sex. Since they've created the constraint, the buden of proof is on them to justify it. Where are the studies on the effects of sex between consenting minors? Where are the attempts to find an objective and predictive measure for consent that is based on the individual? All I've heard is an appeal to tradition, and an appeal to popular belief. I'm sorry, but truth isn't a social phenomenon, and majorities are very good at oppressing minority groups with such appeals.
Actually, if you want to look at it from an evolutoinary perspective, people should be allowed to have sex once they naturally develop a sex drive. This is the way it happened before society added extra constraints, and the effects couldn't have been very damaging, or there would be a genetic predisposition to have it later (once it was safe).
You mentioned that this is an issue of parental control. I agree. This is another reason that this shouldn't be legislated: legislation isn't a replacement for parenting. I think that kids that have underage sex are much more concerned about what their parents think than what's legal.
Shouldn't the people involved be judged on a case-by-case basis, rather than make sweeping generalizations (absolutely enforced) that aren't even well supported? What if two 15 year olds, both mature and understanding, wanted to have sex with one another and had parental sanction? Under current social and legal rules, this is forbidden. Why?Why does anyone want to have sex? Why can't the same reasons apply in this case?
I was hoping that Microsoft would finally depreciate Win32 in Vista, but it doesn't look like that's going to happen. In fact, there is no official alternative API to the old Win32 API, except for
The registry is journalled just like the filesystem is. I don't know about you, but I've never had a registry hive get corrupted on NT. Can you explain how it's more possible for a registry hive to get corrupted compared to the filesystem? How about more possible when compared to a XML or text file? In fact, if a program crashes while rewriting a text file, anything that didn't get written is automatically lost. A journalled binary database can simply roll back the transaction.
You make some excellent points. I'm afraid that my citing performance/scale is just grasping at staws. (though I bet your /etc doesn't have 131000 directories in it) I was thinking about 'why the registry' in this thread, and that's about the only reason I could come up with. I wonder how hard it would be to write a FS driver that would wrap the underlying registry up in a file like interface...
Like I said before, it's more a scale issue: filesystems don't handle large quantities of files and directories with tiny dataums very well. Like someone else mentioned, Windows has to be compatible with the FAT filesystems, which are not equipped to handle 100k directories. It might be possible to compress the directory structure to require less containers, but then you'd start sacraficing security granularity and common format structure.
Backups: RegSaveKey
Network shares:Remote Registry service
Searching, see Edit->Find in regedit, or write your own search prog in code. It's not going to be any harder to walk the registry tree than a filesystem tree.
All kernel objects support auditing. See Edit->Permissions->Advanced->Auditing. Make sure object access auditing is enabled in the local security policy.
Editing, see regedit.
Diffing, export to a text reg and diff those.
Inline commenting vs external help is a matter of style. Microsoft has opted for external help, but there's nothing stopping you or anyone else from attaching extra string values to a key for commenting purposes only.
Windows already doesn't have a versioning filesystem (like VMS does), so any versioning system would have to be your own implmentation, registry or filesystem.