Linux browsers don't auto download and install as root browser help objects.
A Windows user can only install something as a root equivalent if the current user is already admin. The browser is not special. What is this 'auto download' that you speak of? How automatic is it; does the user have to agree to its installation via a dialog box?
They also don't give websites shell level access.
Konqueror is a web browser. It is integrated into a shell environment, KDE. I this case, the web browser is part of the shell, so it already gives websites access to parts of the shell. Konqueror->KDE is the same relationship as Internet Explorer->Windows shell.
Rootkits take more effort than that on Unix and Linux systems.
Wait, you're saying that it's just as possible on unicies but it's harder? Just what makes it harder? Windows NT has at least all the local security features that a standard unix has: protected memory, a protected syscall interface, object security (like for files, processes, mutexes...), user logons, multiuser...
Many applications and games require admin privileges to install. Windows Update requires admin privileges. etc etc.
So run only those programs as admin. Windows NT is (and always has been) multi-user. See RunAs, PsExec, SUD, etc. It would be a pretty lame excuse if I said that I had to run as root on Linux all the time because upgrading the kernel requires root access. You'd tell me to use su; do the same thing on Windows.
Compare that to the Millions of Windows machines completely infected with spyware right now because Microsoft has no clue how to secure a web browser.
That's funny, I've used IE without getting any malware. Here's a better reason that so many computers are plugged: ignorant users that are gullible, believe everything they see on the Internet, and press yes or OK on every dialog box just to get them to go away (without reading them or caring about the content). This is just as possible with Firefox or KDE or any other complex system that people use: you can make resistence to stupidity, but stupidity will always win some battles. Could Microsoft make the resistance higher? I guess. But then they would have to contend with cries of incompatibility and non-ease of use. It's a precarious balance. You'd like more security, but you aren't a shareholder of Microsoft; I'm sure the company has done much research that says that invasive security makes users mad and reduces sales
But combine users running by default as Admin [...]
Yes, the admin default sucks for security. It is also only a default and so completely avoidable; the fact that users don't avoid it speaks of their ignorance. If Windows XP automatically logged you on as a non-admin user, most people would be lost; they would have no idea why they can't install their new software. All they see is an ugly dialog box they don't understand and it isn't working. This news would get out, XP would be branded as impossible to use because some dumb columnist couldn't install Quicken 200X, and nobody would buy it. They would still be using 98 or ME with zero local security. Because it's easier than dealing with security hassles. These are the same people who have no idea what the consequences of installing Gator or whatever are, and if you try to tell them about it, they glaze over and continue to do what they always have done.
Ah yes, that tired old argument. First, Microsoft guidelines (since NT3.51) specifically specify that you should not use a privledged process to create windows on the interactive desktop because doing so exposes them to attack.
Secondly, Job Objects, when used correctly completely negate this attack with the JOB_OBJECT_UILIMIT_HANDLES flag: "Prevents processes associated with the job from using USER handles owned by processes not associated with the same job." Put your untrusted processes in a job with this flag set and it cannot get a window handle from another process to exploit. A process cannot leave a job and any child processes will also belong to the job. The job object itself has an ACL.
Win32 doesn't have the greatest security integration since the design is a holdover from Windows 1.0. Instead, security is located on top. Base NT, on the other hand, is (by design) very secure with a high level of granularity. I believe that the OP was referring to NT security.
V'GER was created by a race of machines that rebuilt Voyager 6 so it could finish its mission. No alien probe programmed for cleaning hulls was involved; V'GER considered killing the 'carbon-unit infestations' because it didn't consider them to be true life forms, and because they were in the way. Nomad really wanted to destroy all (imperfect) life forms, not just those that were in the way of making a report to the creators.
Otherwise, they're a lot alike, and when you mentioned collision with another probe designed for sterilization, I thought you might have been thinking about Nomad.
An earth exploration probe that collides and combines with an alien planetary survey probe programmed to sterilize soil samples; a program that mutates into "sterilize imperfection" (IE all life and ultimately itself). Somewhere along the way it aquires a 'perpetual' power source and becomes increadibly powerful.
Yes, I'm afraid that I've seen that episode of Star Trek many times:)
Internet Explorer is part of the shell in Windows that runs on top of win32 on top of the kernel. IE is not, and has never been integrated into the kernel. Furthermore, IE is not integrated into win32 and win32 is not integrated in the kernel. Win32 does run in kernel mode since NT4, but the kernel itself is not dependent on it. The only thing IE is integrated into is the shell environment (KDE is another shell environment), and the mystic Windows Expierence.
Win32 is just another environmental subsystem (like os2 or posix), and IE (and the shell) is just another set of user mode libraries.
When Explorer/IE crashes, I press ctrl+shift+esc to bring up task manager, and then I kill the process. I have never had to restart the kernel or the machine.
I've been running my Windows computers without a firewall (other than a NAT router), virus scanner, spyware protection, only patching at service packs without any problems. I've never had a worm, virus, trojan or other infection. I've never reinstalled Windows, and no, it doesn't get slow.
How do I do it? 1. I log on as a normal user (not admin). This is the single best defense against crapware. For installation and those whiney apps that require admin access, I use the Windows equivalent of sudo transparently to launch them. I also run IE and OE as a seperate limited user that doesn't have access to anything important (like documents). 2. The NAT router protects me from all incoming worms/unsolicited traffic. 3. I use Mozilla instead of IE. 4. I know what I am doing: I don't run crapware/virus infected stuff.
The first two items are sufficent to protect you from mostly everything. My brother got some crap installed; after cleaning it up, I instituted the first one and he has been clear ever since (more than a year).
I started by stating two extremes: where everyone at stake concents, and where no one concents. I consider the former to be always right, and the latter to be always wrong. The thing that is or is not being consented to doesn't matter. When some of the individuals involved concent, but others don't, then it becomes a grey area; then it depends on what the action is. The two extremes (everyone or no one consents) are absolute. It is important to note that the only consent that is relevant comes from the people who will be materially affected. In general, the more of an effect it will have on a person, the more important their consent is.
The act of murder is bad because the victim doesn't concent to being killed. It is a strong action because death is permanent. It is not fall under either absolute because the killer consents but the victim doesn't. If the person to be killed does consent (IE assisted suicide), then that's OK. The killed's concent is more important than the killer's concent because the killed is affected more.
The punishment system is one of those solutions that sucks, but not as badly as the known alternatives. There has to be some way of preventing people from using force to take away the rights of others to disagree (and reserve consent). The threat of punishment serves as motivation to play nice. The threat wouldn't be creadible if it didn't get carried out.
Furthermore, what do you think of Lincoln's proposition that you have no right to do a wrong? E.g. simply because you agree to it by contract, a free person could not sell himself into bondage because liberty is a fundamental human right.
Not really. If someone, given other alternatives, willingly and knowingly sells himself into bondage, then that is their right. Of course, it also requires agreement from the bonder.
The problem with most slavery (all that I know of) is that the slaves were not given any viable alternatives. Conditions were manipulated into making slavery the only usable option. This does not represent a free choice; a choice requires usable alternatives. Creating an environment that intentionally removes choices (even by making them impractical) is bad because the people getting the "short end" of the deal don't consent to this situation, and yet they have a much larger stake in it. Also, I think that most cases of bondage, the original agreement is changed by those in power. If no agreement can be reached, but something has to happen then it may be time for government to step in.
IMO, the role of government should be to deal with cases where the involved parties cannot reach an agreement, including agreeing to drop the issue. When the involved parties do agree, then it is totally outside the domain of government. However, enforcing previously made agreements may fall into the government's domain. For example, say Bob makes an agreement with Joe. They also make an agreement with the government that if either one backs out, the contract will be forcibly enforced. This service is paid for by the taxes they both pay. Let's say that the terms are disputed after the document explaining them has already been signed. The government agreed to enforce the agreement, so it has to figure out what the document says and then enforce it.
First of all, you really have no choice as to whether you live in this "civilised society" or not. This is forced upon you as surely is your own life.
No, I suppose there isn't much choice. This is an artifact of living in a finite world. Still, there are some alternatives, like moving to a 3rd world country in anarchy. It isn't a good alternative, so I guess I would have to conclude that the situation pretty much sucks. Sorry:(
Ok sorry, I was wrong about hysterectomies and ovaries. How about an operation that DOES remove both ovaries (IE to treat ovarian cancer)? How much reproductive assistance do you think a couple would need to make them ineligible for marriage? Apparently, it's ok if a third party carries the baby. What if there was a process to create a zygote from a third-party egg, to be carried by fourth party, stripped of genetic material and then infused with a set of genes from two men? Would they be allowed to marry then?
What about castration? That definately does remove the gonads. Without stored sperm or genetic manipulation, a castrated man has no possibility of procreating (last time I checked). How about women who have passed menopause? Should these people be prevented from marrying since they cannot produce offspring?
If all the people materially (IE more than trivially) involved consent to something, then it is absolutely always right. OTOH, if none of the materially involved people consent to something then it is always wrong.
After that, it gets more complicated: if all directly involved parties don't consent it doesn't necessairly mean it's good or bad. You have to look at the details of the situation.
Putting a murderer away can be right even though the perpetrator doesn't concent because it can discourage murder in the future. As a policy, the murderer had to expect imprisonment as a possible consequence for his actions; he has to weigh the alternatives and decide wether to go through with it. It's a form of implicit concent for living in a civilized society; live here and you could go to prison for murder. Once you commit the crime, it's too late to back out.
If a group of people all consent to have some exotic form of sex, and it doesn't affect anyone outside their group, then that is right. No one outside of their group has any right to know about it, let alone interfere.
Medical infertility is sometimes treatable. A woman who has had a histerectomy or a castrated man cannot reproduce, last time I checked. Same goes for gross genetic problems that cause permanent sterility.
Do you support marriage of permanently sterile people, even when they are of different sexes?
Eh? Women are people too. Let's expand your pool a bit; 3 women and 3 men:
Bob Steve Harry Molly Susan Maria
Each of the three men has exactly the same rights, to marry either Molly, Susan or Maria. OTOH, each of the three women could marry either Bob, Steve or Harry. These pools are different; the rights of the men differ from the rights of the women. For example, Bob can't marry Steve but Maria can.
Internally, NT has always tracked time using a 64 bit number of 100ns periods. The function GetSystemTimeAsFileTime outputs "a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC)." This function has been available since NT3.1 and Win95.
The NT kernel has always kept track of time with 64-bit number of 100ns periods. Absolute time is tracked as a 64-bit number of 100ns periods since January 1, 1601 (UTC). See the syscall NtQuerySystemTime, or the equivalent win32 function GetFileTimeAsSystemTime. (available since at least win95)
The FCC program that crashed probably used the grossly obsolete function GetTickCount as djwolf already posted.
Given that on a default Windows XP desktop there were (are?) processes with elevated priviledges running on the interactive desktop, I guess most of the Windows developers hadn't heard of them either.
This is only true if you are logged on as an administrator, which is a different problem. I agree that making admin default is bad.
If you are a normal user, then there are no windows with elevated privledges on the interactive desktop. The closest thing is the security desktop provided by Winlogon (the ctrl+alt+delete screen). No one but SYSTEM has any access to this desktop; the user's processes cannot open the desktop to send messages to the window. The new security center (sp2) interacts with the user via a seperate process running as the user.
Windows NT has never had privledged windows on the interactive desktop when the user is not admin.
I think one reason that politics tend to have a high resistance to change is that controversy generates a disproportionate amount of negative to positive feelings in people. When a politician proposes to do something controversial, the opponents of the idea go out of their way to make sure that person isn't elected. The proponents of the idea really don't care as much; they think it is a nice idea but won't go to the lengths the opponents do.
Think about the all the people who want to vote against Bush. They are likely to vote for Kerry to prevent Bush from taking office; not because they like Kerry but because they specifically don't want Bush; it doesn't matter to them who is running against Bush as long as they aren't worse.
I'm not sure why exactly people care about preventing negative things more than supporting positive things (according to them, of course). Maybe it is because fear is a stronger motivator than hope. Maybe because trying to construct something you care in and having it fail is far more frustrating than failing to prevent a negative thing. Failing to create something is defeat, but having a new danger to attack only escalates things. If you fail at creating a new thing, you still have what you had before: the status-quo. If you fail at preventing something bad, you have less than you had before; bad things have more risk.
To make a new change, the burden is on you to convince others your idea is a good one. The opponents need only to poke trivial (but noisy) holes in the specifics to toss out the entire idea. It's much easier to destroy something than it is to create it, especially when that thing is in its infancy.
Also, it's hard to implement long term plans that will cost in the sort term. There will be enough opponents that don't put much emphasis on the long-term (for whatever reason) to cause it to fail. Or the research needed to validate the long term benefits will take too long, and more importantly different amounts of time for different people. For a plan to go through, you need many people to support it and you need them to support it at the same time. The issue will get stale; new issues get more points than old ones. This goes for complex issues too.
McAffe created an insecure program. It's not the first time a third party program has comprimised security. They failed to follow Microsoft guidelines (since NT 3.51), and I quote:
Services running in an elevated security context, such as the LocalSystem account, should not create a window on the interactive desktop, because any other application that is running on the interactive desktop can interact with this window. This exposes the service to any application that a logged-on user executes. Also, services that are running as LocalSystem should not access the interactive desktop by calling the OpenWindowStation or GetThreadDesktop function.
You are supposed to create a client process that runs as the current user and use a pipe to communicate with your service. Interactive services are abused so often Microsoft would like to stop supporting them, but it would break too many third-party apps. Also, every window has an ACL; if a process isn't on the allowed list then it can't send messages. McAffe could have used the SetUserObjectSecurity function available since NT3.1.
Not knowing how your target platform works is no excuse for creating an insecure application.
But first it would: call home after spying on everything installed, use your printer to print a threatining letter, steal your credit card numbers to charge the maximum retail value of the items shared (even on items that can be distributed freely) to go directly to the *AA cartels, force you to watch a propaganda video about piracy, search all files (binaries too) for 'unauthorized' use of copyrighted strings and trademarks, creating spam printouts as necessary, and delete all copyrighted content (everything).
It will be written by Microsoft, be 100MB, use Flash copiously, take 5 minutes to startup and only run on Windows XP. If you have a previous version, it will nicely tell you to install XP first. If you aren't using P2P, it will just make your computer slow by 'monitoring' your activities for 'your protection'.
Miniport != port.
There are three parts to a video driver: the video port driver, the video miniport driver and the display driver. The video port driver is always videoprt.sys. It handles the functions common to all video devices; it is provided by Microsoft. The video miniport driver handles communication specific to the device; the video miniport for my GF3 is nv4_mini.sys. The display driver handles all rendering specific to a device. The display driver for my GF3 is nv4_disp.dll. Only the display driver used to run in csr. The video miniport driver has to talk to the kernel and the hardware like any other device driver. The display driver exists to accelerate drawing functions. The video port driver is like a scsi class driver, but for video devices.
NT has always been a hybrid that uses many logical microkerel divisons but runs many things in kernel mode to reduce overhead.
That is not a hole in Internet Explorer. It is a hole in the win32 subsystem. Win32 is a protected subsystem; since those subsystems run as SYSTEM, a hole in them can escilate to root. I never said that win32 vulns couldn't escilate; only that IE vulns couldn't. IE is just another client process to win32.
Windows makes use of many generic drivers. When I plug my Archos jukebox into the USB2 port in my Windows computer, it uses all generic drivers. The USB2 controller in my nForce2 south bridge is seen as a "Standard Enhanced PCI to USB Host Contoller" that uses usbehci.sys, usbhub.sys, usbport.sys, hccoin.dll, usbui.dll. On top of that, the USB root hub uses usbd.sys, usbhub.sys. Then the USB mass storage device uses usbstor.sys. At the end is the volume which uses disk.sys and partmgr.sys. All of those drivers are generic drivers written by Microsoft; there is nothing from nVidia, Archos or Hitatchi (the hardware manufacturers). Below the USB controller, a standard PCI bus from pci.sys, an ACPI bus enumerator from acpi.sys, also all generic MS drivers.
I have 6 devices that don't use all generic drivers: the ATA controller, network card, sound, AGP bridge and video card all from nVidia, and the Realtek NIC. Of those, I could use generic drivers for 3 of them, albeit with some loss of speed or functionaility.
NT has always had a layered architecture of class and port drivers; class drivers, provided my MS, implement the common functions for similar devices while port drivers handle communication with a specific device. A third-party video driver still depends on the generic video port driver. AFAIK, video cards support the VGA standard and that's about it; a standard VGA driver is the only generic video driver.
There are two ways to figure out which drivers go to which devices: the old way of loading possible drivers and asking each one if it sees any devices it supports, and plug and play which uses device IDs and.inf files. inf files match drivers to device IDs. If a new product comes out, even if it is supported by a generic driver, the.inf files won't know about it; some driver disks just provide a new.inf file. Anyways, you are right that Windows may have the binaries to support a new device but doesn't know it. That's why you can force installation of a driver over an unknown device;)
NT has a lot of ways to do IPC too. There is file based communction that uses the IO manager and file system drivers, which include pipes (the named pipe filesystem), disk files, and network sockets. There is shared memory in the form of section objects, which can optionally memory map a file. One process can read the private memory of another process, although that's usually used for debugging. There is the local procedure call (LPC) system which creates a kernel managed and message oriented (message boundries preserved) communictions port. There is the quick LPC method that continues a thread's quantum for a remote function call. Back before NT4, there used to be a lot of LPC traffic.
I'm not complaining, just trying to show the other side.
I agree that many parts of Windows are monolithic, including win32 and the shell. I disagree that Internet Explorer is tied any more closely than a shell environment on Linux like Gnome or KDE. I say that the NT kernel runs fine without a broswer or GUI. It's hard to tell what someone means by 'Linux'; just the kernel or an entire distro. You're right; an OS is more than a kernel. Modern OSes have many parts. Each part should be evaluated seperately (where feasable).
Wine deals with the shell and user mode libraries at most. Windows is more than the shell. The shell is hardly a deep level. Yes, Internet Explorer is integrated with the shell. Yes, many third party apps depend on shell libraries. Microsoft promises that those shell libraries will always be available so developers use 'em.
The Windows shell is basically equivalent to Gnome or KDE. If you remove KDE, many KDE applications break; when you remove a library, the things that depend on it break. Internet Explorer is as much integrated into the OS as KDE or Gnome are integrated into a Linux distro. Isn't Konqueror (espescially the shared libs that implement it) integrated into KDE?
Everything on an AS/400 runs at the same privldege level; it's secure because users can't make executables on the system without using the trusted compiler. Under your definition of the kernel, everything everywhere on an AS/400 is part of the kernel.
Slashdot Mirror
Konqueror->KDE is the same relationship as Internet Explorer->Windows shell.Wait, you're saying that it's just as possible on unicies but it's harder? Just what makes it harder? Windows NT has at least all the local security features that a standard unix has: protected memory, a protected syscall interface, object security (like for files, processes, mutexes...), user logons, multiuser...
Here's a better reason that so many computers are plugged: ignorant users that are gullible, believe everything they see on the Internet, and press yes or OK on every dialog box just to get them to go away (without reading them or caring about the content). This is just as possible with Firefox or KDE or any other complex system that people use: you can make resistence to stupidity, but stupidity will always win some battles.
Could Microsoft make the resistance higher? I guess. But then they would have to contend with cries of incompatibility and non-ease of use. It's a precarious balance.
You'd like more security, but you aren't a shareholder of Microsoft; I'm sure the company has done much research that says that invasive security makes users mad and reduces sales Yes, the admin default sucks for security. It is also only a default and so completely avoidable; the fact that users don't avoid it speaks of their ignorance.
If Windows XP automatically logged you on as a non-admin user, most people would be lost; they would have no idea why they can't install their new software. All they see is an ugly dialog box they don't understand and it isn't working. This news would get out, XP would be branded as impossible to use because some dumb columnist couldn't install Quicken 200X, and nobody would buy it. They would still be using 98 or ME with zero local security. Because it's easier than dealing with security hassles. These are the same people who have no idea what the consequences of installing Gator or whatever are, and if you try to tell them about it, they glaze over and continue to do what they always have done.
Ah yes, that tired old argument.
First, Microsoft guidelines (since NT3.51) specifically specify that you should not use a privledged process to create windows on the interactive desktop because doing so exposes them to attack.
Secondly, Job Objects, when used correctly completely negate this attack with the JOB_OBJECT_UILIMIT_HANDLES flag: "Prevents processes associated with the job from using USER handles owned by processes not associated with the same job." Put your untrusted processes in a job with this flag set and it cannot get a window handle from another process to exploit. A process cannot leave a job and any child processes will also belong to the job. The job object itself has an ACL.
Win32 doesn't have the greatest security integration since the design is a holdover from Windows 1.0. Instead, security is located on top.
Base NT, on the other hand, is (by design) very secure with a high level of granularity. I believe that the OP was referring to NT security.
V'GER was created by a race of machines that rebuilt Voyager 6 so it could finish its mission. No alien probe programmed for cleaning hulls was involved; V'GER considered killing the 'carbon-unit infestations' because it didn't consider them to be true life forms, and because they were in the way. Nomad really wanted to destroy all (imperfect) life forms, not just those that were in the way of making a report to the creators.
Otherwise, they're a lot alike, and when you mentioned collision with another probe designed for sterilization, I thought you might have been thinking about Nomad.
Heh. You're thinking of Nomad?
:)
An earth exploration probe that collides and combines with an alien planetary survey probe programmed to sterilize soil samples; a program that mutates into "sterilize imperfection" (IE all life and ultimately itself). Somewhere along the way it aquires a 'perpetual' power source and becomes increadibly powerful.
Yes, I'm afraid that I've seen that episode of Star Trek many times
Internet Explorer is part of the shell in Windows that runs on top of win32 on top of the kernel. IE is not, and has never been integrated into the kernel. Furthermore, IE is not integrated into win32 and win32 is not integrated in the kernel. Win32 does run in kernel mode since NT4, but the kernel itself is not dependent on it.
The only thing IE is integrated into is the shell environment (KDE is another shell environment), and the mystic Windows Expierence.
Win32 is just another environmental subsystem (like os2 or posix), and IE (and the shell) is just another set of user mode libraries.
When Explorer/IE crashes, I press ctrl+shift+esc to bring up task manager, and then I kill the process. I have never had to restart the kernel or the machine.
I've been running my Windows computers without a firewall (other than a NAT router), virus scanner, spyware protection, only patching at service packs without any problems. I've never had a worm, virus, trojan or other infection. I've never reinstalled Windows, and no, it doesn't get slow.
How do I do it?
1. I log on as a normal user (not admin). This is the single best defense against crapware. For installation and those whiney apps that require admin access, I use the Windows equivalent of sudo transparently to launch them. I also run IE and OE as a seperate limited user that doesn't have access to anything important (like documents).
2. The NAT router protects me from all incoming worms/unsolicited traffic.
3. I use Mozilla instead of IE.
4. I know what I am doing: I don't run crapware/virus infected stuff.
The first two items are sufficent to protect you from mostly everything. My brother got some crap installed; after cleaning it up, I instituted the first one and he has been clear ever since (more than a year).
It is important to note that the only consent that is relevant comes from the people who will be materially affected. In general, the more of an effect it will have on a person, the more important their consent is.
The act of murder is bad because the victim doesn't concent to being killed. It is a strong action because death is permanent. It is not fall under either absolute because the killer consents but the victim doesn't.
If the person to be killed does consent (IE assisted suicide), then that's OK.
The killed's concent is more important than the killer's concent because the killed is affected more.
The punishment system is one of those solutions that sucks, but not as badly as the known alternatives. There has to be some way of preventing people from using force to take away the rights of others to disagree (and reserve consent). The threat of punishment serves as motivation to play nice. The threat wouldn't be creadible if it didn't get carried out. Not really. If someone, given other alternatives, willingly and knowingly sells himself into bondage, then that is their right. Of course, it also requires agreement from the bonder.
The problem with most slavery (all that I know of) is that the slaves were not given any viable alternatives. Conditions were manipulated into making slavery the only usable option. This does not represent a free choice; a choice requires usable alternatives. Creating an environment that intentionally removes choices (even by making them impractical) is bad because the people getting the "short end" of the deal don't consent to this situation, and yet they have a much larger stake in it. Also, I think that most cases of bondage, the original agreement is changed by those in power. If no agreement can be reached, but something has to happen then it may be time for government to step in.
IMO, the role of government should be to deal with cases where the involved parties cannot reach an agreement, including agreeing to drop the issue. When the involved parties do agree, then it is totally outside the domain of government. However, enforcing previously made agreements may fall into the government's domain. For example, say Bob makes an agreement with Joe. They also make an agreement with the government that if either one backs out, the contract will be forcibly enforced. This service is paid for by the taxes they both pay.
Let's say that the terms are disputed after the document explaining them has already been signed. The government agreed to enforce the agreement, so it has to figure out what the document says and then enforce it. No, I suppose there isn't much choice. This is an artifact of living in a finite world. Still, there are some alternatives, like moving to a 3rd world country in anarchy. It isn't a good alternative, so I guess I would have to conclude that the situation pretty much sucks. Sorry
Ok sorry, I was wrong about hysterectomies and ovaries. How about an operation that DOES remove both ovaries (IE to treat ovarian cancer)?
How much reproductive assistance do you think a couple would need to make them ineligible for marriage? Apparently, it's ok if a third party carries the baby. What if there was a process to create a zygote from a third-party egg, to be carried by fourth party, stripped of genetic material and then infused with a set of genes from two men? Would they be allowed to marry then?
What about castration? That definately does remove the gonads. Without stored sperm or genetic manipulation, a castrated man has no possibility of procreating (last time I checked).
How about women who have passed menopause?
Should these people be prevented from marrying since they cannot produce offspring?
If all the people materially (IE more than trivially) involved consent to something, then it is absolutely always right.
OTOH, if none of the materially involved people consent to something then it is always wrong.
After that, it gets more complicated: if all directly involved parties don't consent it doesn't necessairly mean it's good or bad. You have to look at the details of the situation.
Putting a murderer away can be right even though the perpetrator doesn't concent because it can discourage murder in the future. As a policy, the murderer had to expect imprisonment as a possible consequence for his actions; he has to weigh the alternatives and decide wether to go through with it. It's a form of implicit concent for living in a civilized society; live here and you could go to prison for murder. Once you commit the crime, it's too late to back out.
If a group of people all consent to have some exotic form of sex, and it doesn't affect anyone outside their group, then that is right. No one outside of their group has any right to know about it, let alone interfere.
Medical infertility is sometimes treatable. A woman who has had a histerectomy or a castrated man cannot reproduce, last time I checked. Same goes for gross genetic problems that cause permanent sterility.
Do you support marriage of permanently sterile people, even when they are of different sexes?
Eh? Women are people too. Let's expand your pool a bit; 3 women and 3 men:
Bob
Steve
Harry
Molly
Susan
Maria
Each of the three men has exactly the same rights, to marry either Molly, Susan or Maria. OTOH, each of the three women could marry either Bob, Steve or Harry. These pools are different; the rights of the men differ from the rights of the women. For example, Bob can't marry Steve but Maria can.
Internally, NT has always tracked time using a 64 bit number of 100ns periods. The function GetSystemTimeAsFileTime outputs "a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC)." This function has been available since NT3.1 and Win95.
The NT kernel has always kept track of time with 64-bit number of 100ns periods. Absolute time is tracked as a 64-bit number of 100ns periods since January 1, 1601 (UTC). See the syscall NtQuerySystemTime, or the equivalent win32 function GetFileTimeAsSystemTime. (available since at least win95)
The FCC program that crashed probably used the grossly obsolete function GetTickCount as djwolf already posted.
If you are a normal user, then there are no windows with elevated privledges on the interactive desktop. The closest thing is the security desktop provided by Winlogon (the ctrl+alt+delete screen). No one but SYSTEM has any access to this desktop; the user's processes cannot open the desktop to send messages to the window.
The new security center (sp2) interacts with the user via a seperate process running as the user.
Windows NT has never had privledged windows on the interactive desktop when the user is not admin.
I think one reason that politics tend to have a high resistance to change is that controversy generates a disproportionate amount of negative to positive feelings in people. When a politician proposes to do something controversial, the opponents of the idea go out of their way to make sure that person isn't elected. The proponents of the idea really don't care as much; they think it is a nice idea but won't go to the lengths the opponents do.
Think about the all the people who want to vote against Bush. They are likely to vote for Kerry to prevent Bush from taking office; not because they like Kerry but because they specifically don't want Bush; it doesn't matter to them who is running against Bush as long as they aren't worse.
I'm not sure why exactly people care about preventing negative things more than supporting positive things (according to them, of course). Maybe it is because fear is a stronger motivator than hope. Maybe because trying to construct something you care in and having it fail is far more frustrating than failing to prevent a negative thing. Failing to create something is defeat, but having a new danger to attack only escalates things. If you fail at creating a new thing, you still have what you had before: the status-quo. If you fail at preventing something bad, you have less than you had before; bad things have more risk.
To make a new change, the burden is on you to convince others your idea is a good one. The opponents need only to poke trivial (but noisy) holes in the specifics to toss out the entire idea. It's much easier to destroy something than it is to create it, especially when that thing is in its infancy.
Also, it's hard to implement long term plans that will cost in the sort term. There will be enough opponents that don't put much emphasis on the long-term (for whatever reason) to cause it to fail. Or the research needed to validate the long term benefits will take too long, and more importantly different amounts of time for different people. For a plan to go through, you need many people to support it and you need them to support it at the same time. The issue will get stale; new issues get more points than old ones.
This goes for complex issues too.
Interactive services are abused so often Microsoft would like to stop supporting them, but it would break too many third-party apps.
Also, every window has an ACL; if a process isn't on the allowed list then it can't send messages. McAffe could have used the SetUserObjectSecurity function available since NT3.1.
Not knowing how your target platform works is no excuse for creating an insecure application.
But first it would:
call home after spying on everything installed,
use your printer to print a threatining letter,
steal your credit card numbers to charge the maximum retail value of the items shared (even on items that can be distributed freely) to go directly to the *AA cartels,
force you to watch a propaganda video about piracy,
search all files (binaries too) for 'unauthorized' use of copyrighted strings and trademarks, creating spam printouts as necessary,
and delete all copyrighted content (everything).
It will be written by Microsoft, be 100MB, use Flash copiously, take 5 minutes to startup and only run on Windows XP. If you have a previous version, it will nicely tell you to install XP first.
If you aren't using P2P, it will just make your computer slow by 'monitoring' your activities for 'your protection'.
Miniport != port.
There are three parts to a video driver: the video port driver, the video miniport driver and the display driver.
The video port driver is always videoprt.sys. It handles the functions common to all video devices; it is provided by Microsoft.
The video miniport driver handles communication specific to the device; the video miniport for my GF3 is nv4_mini.sys.
The display driver handles all rendering specific to a device. The display driver for my GF3 is nv4_disp.dll.
Only the display driver used to run in csr. The video miniport driver has to talk to the kernel and the hardware like any other device driver. The display driver exists to accelerate drawing functions. The video port driver is like a scsi class driver, but for video devices.
NT has always been a hybrid that uses many logical microkerel divisons but runs many things in kernel mode to reduce overhead.
That is not a hole in Internet Explorer. It is a hole in the win32 subsystem. Win32 is a protected subsystem; since those subsystems run as SYSTEM, a hole in them can escilate to root. I never said that win32 vulns couldn't escilate; only that IE vulns couldn't. IE is just another client process to win32.
Windows makes use of many generic drivers. When I plug my Archos jukebox into the USB2 port in my Windows computer, it uses all generic drivers. The USB2 controller in my nForce2 south bridge is seen as a "Standard Enhanced PCI to USB Host Contoller" that uses usbehci.sys, usbhub.sys, usbport.sys, hccoin.dll, usbui.dll. On top of that, the USB root hub uses usbd.sys, usbhub.sys. Then the USB mass storage device uses usbstor.sys. At the end is the volume which uses disk.sys and partmgr.sys. All of those drivers are generic drivers written by Microsoft; there is nothing from nVidia, Archos or Hitatchi (the hardware manufacturers). Below the USB controller, a standard PCI bus from pci.sys, an ACPI bus enumerator from acpi.sys, also all generic MS drivers.
.inf files. inf files match drivers to device IDs. If a new product comes out, even if it is supported by a generic driver, the .inf files won't know about it; some driver disks just provide a new .inf file. Anyways, you are right that Windows may have the binaries to support a new device but doesn't know it. That's why you can force installation of a driver over an unknown device ;)
I have 6 devices that don't use all generic drivers: the ATA controller, network card, sound, AGP bridge and video card all from nVidia, and the Realtek NIC. Of those, I could use generic drivers for 3 of them, albeit with some loss of speed or functionaility.
NT has always had a layered architecture of class and port drivers; class drivers, provided my MS, implement the common functions for similar devices while port drivers handle communication with a specific device. A third-party video driver still depends on the generic video port driver. AFAIK, video cards support the VGA standard and that's about it; a standard VGA driver is the only generic video driver.
There are two ways to figure out which drivers go to which devices: the old way of loading possible drivers and asking each one if it sees any devices it supports, and plug and play which uses device IDs and
NT has a lot of ways to do IPC too. There is file based communction that uses the IO manager and file system drivers, which include pipes (the named pipe filesystem), disk files, and network sockets. There is shared memory in the form of section objects, which can optionally memory map a file. One process can read the private memory of another process, although that's usually used for debugging. There is the local procedure call (LPC) system which creates a kernel managed and message oriented (message boundries preserved) communictions port. There is the quick LPC method that continues a thread's quantum for a remote function call. Back before NT4, there used to be a lot of LPC traffic.
I'm not complaining, just trying to show the other side.
I agree that many parts of Windows are monolithic, including win32 and the shell. I disagree that Internet Explorer is tied any more closely than a shell environment on Linux like Gnome or KDE. I say that the NT kernel runs fine without a broswer or GUI. It's hard to tell what someone means by 'Linux'; just the kernel or an entire distro.
You're right; an OS is more than a kernel. Modern OSes have many parts. Each part should be evaluated seperately (where feasable).
Wine deals with the shell and user mode libraries at most. Windows is more than the shell. The shell is hardly a deep level. Yes, Internet Explorer is integrated with the shell. Yes, many third party apps depend on shell libraries. Microsoft promises that those shell libraries will always be available so developers use 'em.
The Windows shell is basically equivalent to Gnome or KDE. If you remove KDE, many KDE applications break; when you remove a library, the things that depend on it break. Internet Explorer is as much integrated into the OS as KDE or Gnome are integrated into a Linux distro. Isn't Konqueror (espescially the shared libs that implement it) integrated into KDE?
Everything on an AS/400 runs at the same privldege level; it's secure because users can't make executables on the system without using the trusted compiler. Under your definition of the kernel, everything everywhere on an AS/400 is part of the kernel.