it is the default now in sql server 2005, it aint like they can go back in time and change defaults in a software they released in 2000. How about gaining some self control and take a chill pill. learn that security is not magic, it requires work on software(which takes a loong time), work by the system admin, and work on users behalf....
If you look up SQL server documentation and best practices they tell you to switch the user it runas as. IIS and most other services run as network service, which has greatly reduced priviledges.
Does taskbar, start menu, desktop all render in html. I know "Active Destop does", not the regular one. Also i know windows explorer uses html and js to render the taskpad, and other views while browsing files.
And if it does render in html, why is that a big deal, if anything it simplifies code, and removes one other area of coding to replicate existing functionality somewhere else.
If in a corporate network people are logging in as admin, you have a network/sys admin problem. NOT a windows issues, fire your sys admins and get better ones, that will put effort into making users log on as regular users.
Microsoft always did say that SP will not have new features. Then SP2 sort of changed that only for that instance. Just about all updates on most SP can be downloaded individually and installed. So MS is not really taking anything away from you.
A SP release to them just adds more QA and testing, that i think they want to avoid and release vista. I keep seeing people posting how they think MS is doing this so they can sell Vista. I do not think that is the reason, as most people buy windows through OEM with new computers, and a late SP is not going to change that. Corporations are not going to just switch to vista in a few months because of SP3 being late either, because by the time they test and release SP3, SP1 for vista would be out....
The only people that might upgrade are well Windows fans/devs/sys admins, and well they will upgrade irregardless of SP3 timeline
Well if IT installed linux, well they should not be doing something that stupid. However if you decided to install Linux, and the IT folks maintain your computer, i would have to agree with them. Unless you work at a software company, developing apps, or a sys admin you are outta luck.
Sorry but Microsoft has been there supporting EFI since 2002 ish, when they released Windows 2000 on itanium. So they have been there, however there were no systems out then on IA32 with EFI, so XP 32 bit lacked support. Gateway was one of the first to actually start shipping an EFI based computer last year.
On the virtualization end, we could use xen, and probably have windows and os x as natively as possible at the same time, although i do not know how 3d acceleration and other stuff will be handled.
Here is the FAQ from the KB ----- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) were previously listed as affected, but are no longer listed. Why is that? Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, at this point in the investigation, an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. Per the support life cycle of these versions, only vulnerabilities of Critical severity would receive security updates. For more information about the security update support policy for these versions of Windows, visit the following Web site. -----
Although I do believe they should be patching this.
They just blocked the execution of the vulnerable function. This to me a mitigation method not a patch. Think of it as, there is a vulnerability in mod_rewrite within apache, and a third party "patch", just disables it, to secure apache.
Wee someone not knowing much about activex and whining... tooo common to see on slashdot.
ActiveX is good, the technology makes using a web browser as an application environment feasible. Just because some of teh activeX plugins had security holes, and people always clicked on yes to install activex stuff does not make it bad.
I do agree that I would not think that MSFT would readily accept DRM by apple, but then DRM by apple has been broken over and over again.
Personnally how do you know those "independent" researchers had nothing vested in ODF, and could you link a some of them, as i have not heard of any, only complaints by both that the other sucks
Well if you look at ntfs filesystems, they have an execute permission as well. NTFS ACL is a superset of the typical unix ACLs, however the problem is that all files are marked executable in the filesystem by default unless you change it. Hense in some of the security consicious areas, they disable execute access by default on the Document and Settings directory, and only allow users to logon as unpriviledged accounts.
Well I already subscribe to music, thanks to yahoo. I subscribe to cable, internet, and cell phone as well. For it is much easier, and i am not bothered by not being able to listen to songs from yahoo when my subscription expires, because i know what i signed up for and I get a blanket coverage to listen to everything they have to offer.
The reason i am not bothered by it is because most are not expensive services, esp music @ $12 and internet @ $30, with howmany ever people at your home that want to use it. However cell phones are expensive, and some cable does get out there. Not to mention only a few channels on tv were free, I cannot ever think of when my fav. channels, which include discovery, history, nick, g4, comedy central and cartoon network were ever free.
I guess all my round about blabering comes down to, I do not mind paying for something I want, and service model is great when the content keeps changing.
I do not want a patch that is untested, and could cause even more hell. You really think, they could have created a patch, and tested it well to be deployed on 200+ million machines connected to Windows update, and not have any bad effects on other apps. If you look at the patches realeased by others, they also say it might break applications, and you might have problems with it etc. I do not think MS has that option while creating a patch. Microsoft accpeted there was a flaw, posted information about it, told you about workarounds. If you want to be protected just turn on DEP on all applications. Want to do it on multiple machines, use scripts to edit boot.ini and add/NoExecute=OptOut to the options, and kick in a restart. Atleast that is a better thing to do than trust a random untested patch.
Well, the numbers are shocking, when I went to secunia, and compared windows XP (with all the crap that comes with it) and just the Linux kernel 2.6.
Linux kernel itself(no other programs) : 33 advisories Windows XP(including IIS, libraries,.net etc): 45 advisories
Obviously a simple count of vulnerabilities is a real stupid way to compare things, but i would not claim linux is any more secure than windows or the other way around. You are better of using what OS you know better, and secure better. But MS needs to take one extra step of making people logon by default as regular non-admin users. Because if people were, most of the flaws we see in application will have very low impact.
Indexing Service was useful pre MSN desktop search, Google Desktop search came around. It indexed all the crap, including pdfs if you installed the filters, and worked from within the windows search, and was a million times faster.
Not just that, with SQL Server they look at express editions, and compare that to full featured versions of other software. They do not look at performance or anything else. It looks more like someone wrote this not giving any care to the quality of the databases servers, relibility, scalability. Plus anyone that says that mysql is better than oracle, db2 and sql server is smoking something....
It has everything goodlge offers and more..... and has been for much longer tooo. Oddly they released a beta on the same day as google for mobile email (their 2nd one). and yes it works on my blackberry
Apple did not use gadgets online, sure, we could say konfabulator was there first, then someone else will say apple had small applications like clock.....
However we are not talking you desktop here, we are talking hosting a small web widget on one server, and loading it on another webpage.... IMHO a much better concept than just desktop widgets.
So if the same comment was written by someone else it is troll.... Why is that? Judge a comment by it content and context, not by who ever wrote it. How do you know the thought process that went in when a "Troll" writes it compared to Linus. For all you know they had the exact same reasons to write this, and probably both were mentioning to improve it. Your comment smacks of elitism if nothing else.
But i do agree his post seems be completely taken out of context.
Ps. not beating up on linus, just using him as an example....
personally, i would rather them build and pick ONE standard, that works for web pages and applications, and quit changes things as much. Not only does implementation of standards by browsers take a while, most devs cant use it until a significant amount of browsers support.
So quit what you are doing W3C, pick standards you want that are important, pick features, make standard, and FREEZE IT. Dont change dont add, or remove features. Standards are meant to help, if they change more than some propreitary's format, it really does not help anyone at all.
I use a zen micro, with a subscription service from yahoo, and i love it. Of course that is my opinion, and based on my needs. But i know they are dont make a shody product. It is not like apple does not patent trash cans... and like creative, i do think apple makes good products too... just a little cooler looking than the creative counterparts
Slashdot Mirror
it is the default now in sql server 2005, it aint like they can go back in time and change defaults in a software they released in 2000. How about gaining some self control and take a chill pill. learn that security is not magic, it requires work on software(which takes a loong time), work by the system admin, and work on users behalf....
Actually the local BN nowadays does carry a a lot of secure coding books, personnally i like "Writing Secure Code", it is from MS press
If you look up SQL server documentation and best practices they tell you to switch the user it runas as. IIS and most other services run as network service, which has greatly reduced priviledges.
Does taskbar, start menu, desktop all render in html. I know "Active Destop does", not the regular one. Also i know windows explorer uses html and js to render the taskpad, and other views while browsing files.
And if it does render in html, why is that a big deal, if anything it simplifies code, and removes one other area of coding to replicate existing functionality somewhere else.
If in a corporate network people are logging in as admin, you have a network/sys admin problem. NOT a windows issues, fire your sys admins and get better ones, that will put effort into making users log on as regular users.
Microsoft always did say that SP will not have new features. Then SP2 sort of changed that only for that instance. Just about all updates on most SP can be downloaded individually and installed. So MS is not really taking anything away from you.
A SP release to them just adds more QA and testing, that i think they want to avoid and release vista. I keep seeing people posting how they think MS is doing this so they can sell Vista. I do not think that is the reason, as most people buy windows through OEM with new computers, and a late SP is not going to change that. Corporations are not going to just switch to vista in a few months because of SP3 being late either, because by the time they test and release SP3, SP1 for vista would be out....
The only people that might upgrade are well Windows fans/devs/sys admins, and well they will upgrade irregardless of SP3 timeline
Well if IT installed linux, well they should not be doing something that stupid. However if you decided to install Linux, and the IT folks maintain your computer, i would have to agree with them. Unless you work at a software company, developing apps, or a sys admin you are outta luck.
HEre is what Microsoft is pushing for
Sure it does account for no patents at all on software. It does call for better patent quality, a faster and more open system.
Sorry but Microsoft has been there supporting EFI since 2002 ish, when they released Windows 2000 on itanium. So they have been there, however there were no systems out then on IA32 with EFI, so XP 32 bit lacked support. Gateway was one of the first to actually start shipping an EFI based computer last year.
On the virtualization end, we could use xen, and probably have windows and os x as natively as possible at the same time, although i do not know how 3d acceleration and other stuff will be handled.
Here is the FAQ from the KB
-----
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) were previously listed as affected, but are no longer listed. Why is that?
Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, at this point in the investigation, an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. Per the support life cycle of these versions, only vulnerabilities of Critical severity would receive security updates. For more information about the security update support policy for these versions of Windows, visit the following Web site.
-----
Although I do believe they should be patching this.
They just blocked the execution of the vulnerable function. This to me a mitigation method not a patch. Think of it as, there is a vulnerability in mod_rewrite within apache, and a third party "patch", just disables it, to secure apache.
Maybe it is just me, but 8 days for a tested patch does not seem that long. However it was a 0 day which made this exploit special.
Wee someone not knowing much about activex and whining... tooo common to see on slashdot.
ActiveX is good, the technology makes using a web browser as an application environment feasible. Just because some of teh activeX plugins had security holes, and people always clicked on yes to install activex stuff does not make it bad.
I do agree that I would not think that MSFT would readily accept DRM by apple, but then DRM by apple has been broken over and over again.
Personnally how do you know those "independent" researchers had nothing vested in ODF, and could you link a some of them, as i have not heard of any, only complaints by both that the other sucks
nope he is just using .Net's way of configuration files. dotnet has built in apis to use xml config files, and makes it very easy and extensible.
ps: nothing wrong with copying
Well if you look at ntfs filesystems, they have an execute permission as well. NTFS ACL is a superset of the typical unix ACLs, however the problem is that all files are marked executable in the filesystem by default unless you change it. Hense in some of the security consicious areas, they disable execute access by default on the Document and Settings directory, and only allow users to logon as unpriviledged accounts.
Well I already subscribe to music, thanks to yahoo. I subscribe to cable, internet, and cell phone as well.
For it is much easier, and i am not bothered by not being able to listen to songs from yahoo when my subscription expires, because i know what i signed up for and I get a blanket coverage to listen to everything they have to offer.
The reason i am not bothered by it is because most are not expensive services, esp music @ $12 and internet @ $30, with howmany ever people at your home that want to use it. However cell phones are expensive, and some cable does get out there. Not to mention only a few channels on tv were free, I cannot ever think of when my fav. channels, which include discovery, history, nick, g4, comedy central and cartoon network were ever free.
I guess all my round about blabering comes down to, I do not mind paying for something I want, and service model is great when the content keeps changing.
I do not want a patch that is untested, and could cause even more hell. You really think, they could have created a patch, and tested it well to be deployed on 200+ million machines connected to Windows update, and not have any bad effects on other apps. /NoExecute=OptOut to the options, and kick in a restart. Atleast that is a better thing to do than trust a random untested patch.
If you look at the patches realeased by others, they also say it might break applications, and you might have problems with it etc. I do not think MS has that option while creating a patch.
Microsoft accpeted there was a flaw, posted information about it, told you about workarounds. If you want to be protected just turn on DEP on all applications. Want to do it on multiple machines, use scripts to edit boot.ini and add
Well, the numbers are shocking, when I went to secunia, and compared windows XP (with all the crap that comes with it) and just the Linux kernel 2.6.
.net etc): 45 advisories
Linux kernel itself(no other programs) : 33 advisories
Windows XP(including IIS, libraries,
Obviously a simple count of vulnerabilities is a real stupid way to compare things, but i would not claim linux is any more secure than windows or the other way around. You are better of using what OS you know better, and secure better. But MS needs to take one extra step of making people logon by default as regular non-admin users. Because if people were, most of the flaws we see in application will have very low impact.
Indexing Service was useful pre MSN desktop search, Google Desktop search came around. It indexed all the crap, including pdfs if you installed the filters, and worked from within the windows search, and was a million times faster.
Not just that, with SQL Server they look at express editions, and compare that to full featured versions of other software. They do not look at performance or anything else. It looks more like someone wrote this not giving any care to the quality of the databases servers, relibility, scalability.
Plus anyone that says that mysql is better than oracle, db2 and sql server is smoking something....
It has everything goodlge offers and more..... and has been for much longer tooo. Oddly they released a beta on the same day as google for mobile email (their 2nd one). and yes it works on my blackberry
Apple did not use gadgets online, sure, we could say konfabulator was there first, then someone else will say apple had small applications like clock.....
However we are not talking you desktop here, we are talking hosting a small web widget on one server, and loading it on another webpage.... IMHO a much better concept than just desktop widgets.
Oh please, lets stop that praises, and call this what it is, a copy/rip off of Microsoft live.com gadgets.....
So if the same comment was written by someone else it is troll.... Why is that? Judge a comment by it content and context, not by who ever wrote it. How do you know the thought process that went in when a "Troll" writes it compared to Linus. For all you know they had the exact same reasons to write this, and probably both were mentioning to improve it. Your comment smacks of elitism if nothing else.
But i do agree his post seems be completely taken out of context.
Ps. not beating up on linus, just using him as an example....
personally, i would rather them build and pick ONE standard, that works for web pages and applications, and quit changes things as much. Not only does implementation of standards by browsers take a while, most devs cant use it until a significant amount of browsers support.
So quit what you are doing W3C, pick standards you want that are important, pick features, make standard, and FREEZE IT. Dont change dont add, or remove features. Standards are meant to help, if they change more than some propreitary's format, it really does not help anyone at all.
I use a zen micro, with a subscription service from yahoo, and i love it. Of course that is my opinion, and based on my needs. But i know they are dont make a shody product. It is not like apple does not patent trash cans... and like creative, i do think apple makes good products too... just a little cooler looking than the creative counterparts