There is such a thing as "root" on windows NT/2K/Xp/2K3. It is the local Administrators group, plus the LocalSystem account. Those accounts have the power to hide anything from regular users. The problem is, most home users run with their account as part of the local Administrators group, since Windows makes the installing user part of that group. Which was stupid design decision on the part of MSFT.
That said, if a workstation is part of a Windows domain, by default new users are NOT part of the local Administrators group. They are only part of the much more restircted local Users group instead. Which is the way it has been since at least NT 4.0. All of the users in my company only have Users-level permission on their worksations; as a result we have had almost no spyware, virus incidents, or "oops I installed this thingy from tha Intraweb and broke my Windows" since we rolled out NT v4 in 1998.
Why does a process like Microsoft Internet Explorer... have to run with admin privileges?
It doesn't. It runs with the privileges of the logged-in user. And it works just fine under any user account, even one with guest privileges.
Secondly, the default privileges for a user on a workstation that is a member of a Windows domain are non-administrative, and have been since Windows NT 4.0.
Of course, the fact is that all non-domain (Home) Windows computers give the installing (and usually only) user account administrator rights by default. Which is a really stupid thing, but is quite easy to fix.
The Ruby-on-Parrot project is basically stagnant. The status reads as "Broken. Last updated in 2002. Should probably be removed."
Similarly, the Python-on-Parrot project has a status of "Mostly working except for classes/exec/import". Those are some fairly large feature omissions. You'd think the Pythonistas would be all over support for such a project, but many refuse to admin that they care about the performance of Python at all.
I'd love to see a speedy implementation of Python for cross-platform use, but neither of these projects appear remotely close to completion in my opinion.
I recall reading somewhere that some orginzation was offering a Python compiler bounty... or am I imagining things?
Re:C# is pro like VB is pro
on
Pro C#
·
· Score: 1
Okay, you're right: reliability would be more far more important than speed in my poorly-chosen financial-markets example. Let's substitute rendering special effects for a movie as an example instead.
There undoubtedly exist some problem spaces where the "middle-course" - strongly-typed VM implementations of the C# and Java variety - are the best option.
I leave figuring out just where the tipping points are as an exercise for the reader.
Re:C# is pro like VB is pro
on
Pro C#
·
· Score: 4, Insightful
Okay,.NET and Java aren't as fast as C in the general case. But I think most developers are a lot more productive in both Java &.NET than they are in C. And C is of course slower than assembly, but I would imagine building an app is 10x faster in C than assembly.
But now there's all this hype about Ruby and Python, which are orders of magnitude slower than.NET and Java, even with Psyco and other limited acceleration tools. But they are a joy to develop in.
It seems as though we must trade development ease for execution speed. This seems to be a good trade for the majority of applications: salaries are the #1 cost for most companies. Hardware is cheap. A two-server, 8-core Opteron cluster costs less than an experienced programmer makes in a month.
So if you're writing an trade-settlement server for the financial markets, where milliseconds mean millions, by all means get close to the hardware and use C and hand-tuned assembly. But otherwise, pick something further up the stack and spend a little more money on hardware.
This is not just a Microsoft issue. Adobe's PDF format is a descendant of PostScript. PostScript is a full-on programming language itself. I once wrote a fractal generator in raw PostScript in college for a design class. It would lock up the lab printer for hours before spitting out a page.
There are plenty of other examples where the "document"format consists of executable instructions of some type (Flash immediately comes to mind).
PGP Desktop allows multiple authentication methods per disk. Users can have USB tokens with a short passphrase, and IT can escrow a long, strong passphrase for recovery purposes.
I can only assume that the hardware-encrypted drives would have similar functionality (we haven't been able to get one yet for testing). Otherwise, those drives would be worthless to the security-conscious enterprises they're targeting as customers.
Making a boot CD to run the OS is hardly a workable alternative. And the Windows SAM and registry would still be unencrypted, just on the CD, which will always be near the laptop.
My point is there are quite a few commercial products that do full-disk encryption, and Vista will include it as well. I presume they do this with code loaded from the MBR. Most can even encrypt an existing disk.
Full-disk encryption would be a killer feature, and make TrueCrypt much easier to use for the average business traveller. Until then, my organization is stuck with the closed source alternatives such as PGP desktop.
We are looking at the new hardware-encrypted laptop disks from Seagate, however.
I use TrueCrypt, and it's great on a USB stick, but it does not provide encryption of the boot volume, which can be quite important (especially in Windows).
JIT compilation wasn't always there. In fact, it wasn't included until Java 1.1.6, released in April of 1998. Everything Java-based before that was interpreted, SLOWLY. Interpreted ASP would have had very similar performance characteristics to JSP before JIT became widespread and stable (circa 2000?).
You're spouting complete nonsense. A secure block cipher in a secure mode of operation revelals nothing about the similarities between files. Loock up CBC mode on Google - a large random initialization vector is used to ensure that identical (or similar) plaintext blocks encrypt completely differently. I also suggest a thorough reading of Applied Cryptography by Bruce Schneier.
OpenPGP, for example, uses gzip compression before encryption with every file. Yet PGP is widely considered very secure. Why? Because a secure mode of operation for the cipher (AES, 3DES, whatever) is used, with a random IV that ensures even identical files produce completely different ciphertext.
Libertarianism would work out worse than the present system, as well-intentioned as it is
And you base this conclusion on... exactly what? This U.S. was built on Libertarian ideals. As those ideals have fallen out of vogue, beginning in the 1960s, our nation has taken a serious turn for the worse.
Short-sighted, collectivist, "I am a victim" thinking is what has given us the mess we have today. Everybody wants a free lunch, and they want the Government to give it to them. Corporations, farmers, minorities... everyone is feeding at the Congressional trough. This is not the Libertarian way, but rather your Social democracy in action. People use their votes collectively to steal from the public treasury.
Because it doesn't work well. Perhaps it's because of the unreliable "donated" nature of the Coral infrastructure, poor caching directives on the source site, or poor selections by the Coral DNS resolver. Whatver, we have 6 Mbps from a Tier-1 ISP (Qwest), in a major metro market, but I can never seem to get anything high-traffic to come up quickly from a Coralized URL. Coralizing unpopular content works fine as a test, so I know it's not a firewall or routing issue. But I have never been able to pick up a Coral-cached copy of a slashdotted site.
Here's what I get from your link:
Error: 408 Request Time-out
Server CoralWebPrx/0.1.15 (See http://coralcdn.org/) at 200.102.209.152:8090
A nuke can be used for only one thing - cause destruction. The only positive use it might have is to threaten the other person with destruction. It has been created with the specific purpose and intent of causing mass destruction, and nothing else.
Dude, everyone knows that Bruce Willis can use nukes to save the whole planet from an asteroid. How's that for a positive?
Unfortunately, in Windows 2000/XP the Power Users group gives you read/write to %SYSTEMROOT% and HKEY_LOCAL_MACHINE in the registry. So you can install software, drivers, etc. And also completely hose the system with a virus, trojan, or root kit.
About the only significant things a Power User cannot do by default are "Security Account Manager"-related. That is, a Power User cannot create new users, remove other users, delegate rights, etc. on the local the machine. Also, a Power User cannot typically do a few other common tasks, like set up new virutal hosts in IIS (because that requires user rights delegation privileges).
Finally, all of this is very granular, and of course you can choose to add or remove certain rights and permissions from the default Windows user classes. Nobody really does that much, of course, at least for workstations (we do it a lot for servers). But you can change most of this with command-line scripting, Active Driectory's Group policy, or the GUI.
Riight. A "browser problem". With just that site, just right now.
So anyway, it could be a problem with my cable provider. But then again, I just tried to load it remotely from a machine in Qwest's big midwest hosting facility, right on Qwest's backbone and the main page is taking forever to load.
I think perhaps you have a transparent cache upstream from you, or you have the images cached some other way. I can get the HTML-only in about 15 seconds with wget, but no images or style sheets.
It doesn't appear to be a bandwidth issue, as there is about a 8 second delay before the response from the server, and the HTML downloads at 150 Kbps after that. I think perhaps all the bytecode interpretation and those non-OS-native threads are having some sort of negative performance effect.
Not so fine... it's been loading for the last 60 seconds from my perspective.
Re:The real 90s versus outdated 00s software
on
Java Is So 90s
·
· Score: 1
I love Python, having just picked it up. It has very natural syntax, and it is truly cross-platform. But man does it run SLOW. As in Java-1.0, everything is interpreted slow. As far as I can tell, there are no fully working JIT VMs, nor any working native compilers.
Pyrex and Psyco can address performance somewhat, but require at least some code changes. They are also incomplete at accelerating all of Python, according to their own documentation.
Agreed. I like to support local retailers as much as possible. And you can always reach out and touch someone - literally - if you think you're getting screwed. And always pay with a credit card, as they can actually take your money back from the retailer.
For example, I buy all electronics and appliances at Abt, a "local superstore" in the Chicago area. Great customer service, and prices are at most 5% higer than the big discount chains. Best Buy, Circuit City, and the rest can go pound sand.
P.S.: I do not work for Abt, or have any financial or emotional interest in Abt's success.
All of my college memories blend into one long keg party, punctuated by a few short moments of exam-related terror, and fewer, shorter moments of bliss with college chicks.
The vulnerability is incorrect handling of input. In this case, the only *exploit* published so far is a DoS. But obviously there's something very wrong with the input validation in the code, and remote execution may be possible with a more clever exploit.
Witness the recent IE vulnerability, which MS didn't patch quickly because it was "only a DoS vulnerability". Of course, it turned out it was possible to execute code with the vulnerability, it just took a while for a better (worse?) exploit to be crafted.
All those parts from Avadirect look just like the barebones systems I bought from Tyan. I presume they're using Tyan chassis/mobo systems and stuffing them with parts.
You can't compare a "white-box" server like that to something from Sun (or any of the other tier-1 server manufacturers). With tier-1 server boxes, you can get a 7x24 on-site service contract. This is really important when you're hosting machines off-site where you can't easily get to them, or don't want to spend money keeping a bunch of spares around. You also get support for the software bundle and known-good configurations out of the box. I had all sorts of fun issues with the buggy drivers for the on-board RAID controllers on those Tyans.
Slashdot Mirror
There is such a thing as "root" on windows NT/2K/Xp/2K3. It is the local Administrators group, plus the LocalSystem account. Those accounts have the power to hide anything from regular users. The problem is, most home users run with their account as part of the local Administrators group, since Windows makes the installing user part of that group. Which was stupid design decision on the part of MSFT.
That said, if a workstation is part of a Windows domain, by default new users are NOT part of the local Administrators group. They are only part of the much more restircted local Users group instead. Which is the way it has been since at least NT 4.0. All of the users in my company only have Users-level permission on their worksations; as a result we have had almost no spyware, virus incidents, or "oops I installed this thingy from tha Intraweb and broke my Windows" since we rolled out NT v4 in 1998.
It doesn't. It runs with the privileges of the logged-in user. And it works just fine under any user account, even one with guest privileges.
Secondly, the default privileges for a user on a workstation that is a member of a Windows domain are non-administrative, and have been since Windows NT 4.0.
Of course, the fact is that all non-domain (Home) Windows computers give the installing (and usually only) user account administrator rights by default. Which is a really stupid thing, but is quite easy to fix.
The Ruby-on-Parrot project is basically stagnant. The status reads as "Broken. Last updated in 2002. Should probably be removed."
Similarly, the Python-on-Parrot project has a status of "Mostly working except for classes/exec/import". Those are some fairly large feature omissions. You'd think the Pythonistas would be all over support for such a project, but many refuse to admin that they care about the performance of Python at all.
I'd love to see a speedy implementation of Python for cross-platform use, but neither of these projects appear remotely close to completion in my opinion.
I recall reading somewhere that some orginzation was offering a Python compiler bounty... or am I imagining things?
Okay, you're right: reliability would be more far more important than speed in my poorly-chosen financial-markets example. Let's substitute rendering special effects for a movie as an example instead.
There undoubtedly exist some problem spaces where the "middle-course" - strongly-typed VM implementations of the C# and Java variety - are the best option.
I leave figuring out just where the tipping points are as an exercise for the reader.
Okay, .NET and Java aren't as fast as C in the general case. But I think most developers are a lot more productive in both Java & .NET than they are in C. And C is of course slower than assembly, but I would imagine building an app is 10x faster in C than assembly.
.NET and Java, even with Psyco and other limited acceleration tools. But they are a joy to develop in.
But now there's all this hype about Ruby and Python, which are orders of magnitude slower than
It seems as though we must trade development ease for execution speed. This seems to be a good trade for the majority of applications: salaries are the #1 cost for most companies. Hardware is cheap. A two-server, 8-core Opteron cluster costs less than an experienced programmer makes in a month.
So if you're writing an trade-settlement server for the financial markets, where milliseconds mean millions, by all means get close to the hardware and use C and hand-tuned assembly. But otherwise, pick something further up the stack and spend a little more money on hardware.
This is not just a Microsoft issue. Adobe's PDF format is a descendant of PostScript. PostScript is a full-on programming language itself. I once wrote a fractal generator in raw PostScript in college for a design class. It would lock up the lab printer for hours before spitting out a page.
There are plenty of other examples where the "document"format consists of executable instructions of some type (Flash immediately comes to mind).
PGP Desktop allows multiple authentication methods per disk. Users can have USB tokens with a short passphrase, and IT can escrow a long, strong passphrase for recovery purposes.
I can only assume that the hardware-encrypted drives would have similar functionality (we haven't been able to get one yet for testing). Otherwise, those drives would be worthless to the security-conscious enterprises they're targeting as customers.
Making a boot CD to run the OS is hardly a workable alternative. And the Windows SAM and registry would still be unencrypted, just on the CD, which will always be near the laptop.
My point is there are quite a few commercial products that do full-disk encryption, and Vista will include it as well. I presume they do this with code loaded from the MBR. Most can even encrypt an existing disk.
Full-disk encryption would be a killer feature, and make TrueCrypt much easier to use for the average business traveller. Until then, my organization is stuck with the closed source alternatives such as PGP desktop.
We are looking at the new hardware-encrypted laptop disks from Seagate, however.
I use TrueCrypt, and it's great on a USB stick, but it does not provide encryption of the boot volume, which can be quite important (especially in Windows).
JIT compilation wasn't always there. In fact, it wasn't included until Java 1.1.6, released in April of 1998. Everything Java-based before that was interpreted, SLOWLY. Interpreted ASP would have had very similar performance characteristics to JSP before JIT became widespread and stable (circa 2000?).
You're spouting complete nonsense. A secure block cipher in a secure mode of operation revelals nothing about the similarities between files. Loock up CBC mode on Google - a large random initialization vector is used to ensure that identical (or similar) plaintext blocks encrypt completely differently. I also suggest a thorough reading of Applied Cryptography by Bruce Schneier.
OpenPGP, for example, uses gzip compression before encryption with every file. Yet PGP is widely considered very secure. Why? Because a secure mode of operation for the cipher (AES, 3DES, whatever) is used, with a random IV that ensures even identical files produce completely different ciphertext.
And you base this conclusion on... exactly what? This U.S. was built on Libertarian ideals. As those ideals have fallen out of vogue, beginning in the 1960s, our nation has taken a serious turn for the worse.
Short-sighted, collectivist, "I am a victim" thinking is what has given us the mess we have today. Everybody wants a free lunch, and they want the Government to give it to them. Corporations, farmers, minorities... everyone is feeding at the Congressional trough. This is not the Libertarian way, but rather your Social democracy in action. People use their votes collectively to steal from the public treasury.
Because it doesn't work well. Perhaps it's because of the unreliable "donated" nature of the Coral infrastructure, poor caching directives on the source site, or poor selections by the Coral DNS resolver. Whatver, we have 6 Mbps from a Tier-1 ISP (Qwest), in a major metro market, but I can never seem to get anything high-traffic to come up quickly from a Coralized URL. Coralizing unpopular content works fine as a test, so I know it's not a firewall or routing issue. But I have never been able to pick up a Coral-cached copy of a slashdotted site.
Here's what I get from your link:
Dude, everyone knows that Bruce Willis can use nukes to save the whole planet from an asteroid. How's that for a positive?
Unfortunately, in Windows 2000/XP the Power Users group gives you read/write to %SYSTEMROOT% and HKEY_LOCAL_MACHINE in the registry. So you can install software, drivers, etc. And also completely hose the system with a virus, trojan, or root kit.
About the only significant things a Power User cannot do by default are "Security Account Manager"-related. That is, a Power User cannot create new users, remove other users, delegate rights, etc. on the local the machine. Also, a Power User cannot typically do a few other common tasks, like set up new virutal hosts in IIS (because that requires user rights delegation privileges).
Finally, all of this is very granular, and of course you can choose to add or remove certain rights and permissions from the default Windows user classes. Nobody really does that much, of course, at least for workstations (we do it a lot for servers). But you can change most of this with command-line scripting, Active Driectory's Group policy, or the GUI.
Riight. A "browser problem". With just that site, just right now.
So anyway, it could be a problem with my cable provider. But then again, I just tried to load it remotely from a machine in Qwest's big midwest hosting facility, right on Qwest's backbone and the main page is taking forever to load.
I think perhaps you have a transparent cache upstream from you, or you have the images cached some other way. I can get the HTML-only in about 15 seconds with wget, but no images or style sheets.
It doesn't appear to be a bandwidth issue, as there is about a 8 second delay before the response from the server, and the HTML downloads at 150 Kbps after that. I think perhaps all the bytecode interpretation and those non-OS-native threads are having some sort of negative performance effect.
Not so fine... it's been loading for the last 60 seconds from my perspective.
I love Python, having just picked it up. It has very natural syntax, and it is truly cross-platform. But man does it run SLOW. As in Java-1.0, everything is interpreted slow. As far as I can tell, there are no fully working JIT VMs, nor any working native compilers.
Pyrex and Psyco can address performance somewhat, but require at least some code changes. They are also incomplete at accelerating all of Python, according to their own documentation.
Well, we were going to invade France, but Chriac surrendered before the Marines even landed. So we've got the money to burn.
Agreed. I like to support local retailers as much as possible. And you can always reach out and touch someone - literally - if you think you're getting screwed. And always pay with a credit card, as they can actually take your money back from the retailer.
For example, I buy all electronics and appliances at Abt, a "local superstore" in the Chicago area. Great customer service, and prices are at most 5% higer than the big discount chains. Best Buy, Circuit City, and the rest can go pound sand.
P.S.: I do not work for Abt, or have any financial or emotional interest in Abt's success.
All of my college memories blend into one long keg party, punctuated by a few short moments of exam-related terror, and fewer, shorter moments of bliss with college chicks.
The vulnerability is incorrect handling of input. In this case, the only *exploit* published so far is a DoS. But obviously there's something very wrong with the input validation in the code, and remote execution may be possible with a more clever exploit.
Witness the recent IE vulnerability, which MS didn't patch quickly because it was "only a DoS vulnerability". Of course, it turned out it was possible to execute code with the vulnerability, it just took a while for a better (worse?) exploit to be crafted.
But it's a helluva way to go through college!
All those parts from Avadirect look just like the barebones systems I bought from Tyan. I presume they're using Tyan chassis/mobo systems and stuffing them with parts.
You can't compare a "white-box" server like that to something from Sun (or any of the other tier-1 server manufacturers). With tier-1 server boxes, you can get a 7x24 on-site service contract. This is really important when you're hosting machines off-site where you can't easily get to them, or don't want to spend money keeping a bunch of spares around. You also get support for the software bundle and known-good configurations out of the box. I had all sorts of fun issues with the buggy drivers for the on-board RAID controllers on those Tyans.