You do realize that Microsoft, if they were serious about security, could have fixed that with the release of Windows XP. For some reason, most application publishers want the 'designed for Windows XP' sticker, logo or whatever.
Actually, in this case, Microsoft appears to be enforcing it. All commercial programs that I've encountered with the "Designed for Windows XP" sticker have technically used the multi-user environment as per Microsoft's standards. For instance, Norton AV does work in a multi-user environment, but it contains some ugly misfeatures that make using it as a non-privileged user annoying. Microsoft can't do anything about this, because, obviously, features are different for every application, and the program passed Microsoft's automated suite.
In most cases, fixing the issues are simply to store preference files in the right place (user's directory, user's registry).
Most of the programs I've encountered know how to do that. The issues I've encountered are elementary programming mistakes. For instance, the status application for a printer I had the misfortune of having to install required information from it's driver installed as part of the spooler subsystem. Unfortunately, this application doesn't work correctly under Windows XP Home as a regular user, because it requires privileges that regular users don't have. It works fine when running as an Administrator, obviously. If the company had bothered to test their application in the recommended Windows configuration, they would have found the problem immediately and been able to fix it easily. Instead, this program got passed onto users who now have no choice but to run as Administrator if they expect to be able to print. In no way is this Microsoft's fault. The developer didn't follow Microsoft's directions, didn't get their product certified, and didn't test their software.
How do you build a windows service (that's a daemon for you unix folks but it needs to be specifically built and installed to work properly), have it run as an unprivileged user (i.e. *not* the system account) and have it start when the system boots *without* the user it is supposed to run as logging in at the console?
Open "Computer Management".
Double-click on "Users".
Select "New User..." from the "Action" menu.
Type in the user's information.
Select the "Password never expires" checkbox.
Click "Create" and then click "Close".
Right-click on the user.
Click on the "Member Of" tab.
Click on the "Add" button.
Enter a name of a group you need to run the service.
Click "OK".
Repeat 9-11 for each group you need to add.
Click "OK".
Open "Local Security Settings".
Double-click on "Local Policies".
Double-click on "User Rights Assignment".
Right-click on a right that you need to run your service and select "Properties".
Click on "Add User or Group".
Enter the name of your new user and click "OK".
Repeat 17-19 for each right you need.
Repeat 17-19 for the "Log on as a service" right.
Open "Computer Management" again.
Double-click on "Services"
Right-click on the service and select "Properties".
Click the "Log On" tab.
Select the "This account" radio button.
Enter the username and password.
Click on the "General" tab.
In the "Startup type" select box, select "Automatic".
Click the "Start" button.
Click "OK".
???
Profit!
If it's possible, then it is *very* fucking new.
It's been there since Windows NT, although the configuration was different in NT.
It was definitely what they called the BCG vaccination, which we were told was for TB
Okay, yes I found it now. That's definitely what it was, and it is definitely for TB. The Bacillus Calmette-Guérin vaccine is apparently the most widely used TB vaccine. The blistering appears to be common:
Abscesses at the site of BCG injection are frequently reported. It is often assumed that this is due to bad technique, as the injection should be given intra-cutaneaously and an accidental intramuscular injection may result.
The way you were vaccinated, the location, and the resulting blistering/scarring (including the shape) is all earily similar to a smallpox vaccination. The blister/scar always occurs with a smallpox vaccination.
I believe nowadays they use a different method to immunize against TB
In the U.S. we don't normally get vaccinated anymore for TB due to a low risk of infection and because the effectiveness of the vaccine can vary quite a bit. I think that there is a new vaccine undergoing trials with the CDC, though.
Most people in the U.S. are tested for TB in high school with a Mantoux test for public health reasons. This test won't work when you have had a BCG, which is why people in the U.K. get a Heaf test instead.
Try this experiment: install OS X and connect to the Internet. Leave it connected for a week. Now install Windows and connect to the Internet. Leave it connected for 30 minutes. Which one will be hacked?
Neither (except if you're dumb enough to not have installed Windows XP SP2)
Windows XP SP1 with the for-free ZoneAlarm firewall, however,
as well as Windows XP SP2, fared much better. Although both configurations were probed by attackers, neither was compromised during the two weeks.
My point is that Windows needs special steps to be _protected_;
Actually, in SP2 it doesn't. The XP firewall is turned on by default in XP2. In SP1, all you needed to do was turn on the firewall for a connection in the Network Connections control panel.
Now as far as local security goes, I agree with you; there are some nasty local security exploits. Microsoft is to blame for much of the security issues, but also a major part of the problem is third-party developers! It would help if application developers would realize that Windows is a multi-user system and actually follow Microsoft's reference guides for how to program in this environment instead of forcing the user to be an Administrator to actually use their program. Windows has been multi-user for years, and application developers still haven't caught up. Why do I have to be an Administrator to run a game? Bad programming, that's why! Not even Norton AV gets this right (scheduled scans do not run for non-administrators and a non-administrators are told that Live Update is off even if it is actually turned on). The only program that I've see actually try to do something about this is Nero, which has a program to set up a group to enable burning by non-administrator accounts, but even this is a special download that is not part of the regular install. This needs to change; developers need to start using the Windows multi-user environment correctly.
In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it. I always run as a non-privileged user, and I am getting sick of applications that have no reason to need administrator privileges not running correctly.
That drives me absolutely nuts! I *so* want a Powerbook... No, scratch that - I need a Powerbook. The one issue I have with it that keeps me from buying one is that the display is a lot smaller (1280x854) than what I use now on my ancient Dell (1600x1200). I gave the Powerbooks a whirl in the store (I almost walked out with one), thinking that the screen might okay, but it turned out to be completely unusable for me. It's just too small a screen. It's so frustrating, because everything else about it is so fscking sweet!
and the site of the injection opened up into a pus-filled cavity about a quarter inch wide
I don't remember mine ever doing that, although I did have a ring of needle holes on my arm. Yours sounds almost like a smallpox innoculation. Did it form a blister, and then turn into the cavity? Do you have a scar?
As a sysadmin, I've actually been the one tasked with implementing it. However... I think these policies are, in a word, stupid. If someone is going to waste time, they're going to waste time. Every time I've been asked to delete the games off of machines, I've expressed extreme disapproval. I've tried to explain until I'm blue in the face that it will not increase productivity.
Boy, you sure sound like a insubordinate slacker. Your boss tells you to perform a very important task that will undoubtedly increase productivity, but you refuse to do it. Furthermore, you make paltry excuses for not wanting to perform the very important money saving task given to you by your superior. Each minute you refuse to perform your this important task, countless dollars of profit are lost. You should not be questioning your superior's authority. Your job is not to think. Having personal thoughts is stealing from the company. If you aren't part of the solution, you are part of the problem. You're fired.
It is true that one needed to fondle sendmail.cf by hand, a Long Time Ago, and that it was not a fun time.
Last time I had to edit sendmail.cf by hand was in 2000 on Solaris. I hardly consider that a long time ago. There were no m4 files for sendmail on that machine, and it was a new version of Solaris.
sendmail.cf has moved on. It is not intended for human consumption. It states as much on the very first line of the file. For reference, see "past tense" and "present tense" in any good book on the English language.
So what you're saying is that since people no longer edit the sendmail.cf file directly, it was never, ever at any time in the past meant to be user modifiable (also, the Holocaust never occurred).
I think what you meant to say was: "...my point was valid years and years ago."
No, my point is still valid that the sendmail.cf is not user firendly. It's laughable that sendmail is probably the only application has to have its configuration file configured with another configuration file. It's insanity.
3. You're not attempting to argue that Deep Magic is supposed to be easy, are you? Because if it were, it wouldn't be Magic, let alone Deep Magic.
No, I'm saying that you shouldn't depend on it, because there will always be somebody who can do it faster, cheaper, and better than you. Do not think for a moment that you are irreplacable because you know how to do something magical. Many of the things that were once Deep Magic have now been replaced by simple solutions.
4. Yes, the entire world should be aware that sendmail is fucked, by now. I stand by my assertions as to why it might still be in use. Attitude or no, I believe it to be true.
One acronym: RTFM. That you haven't taken to time to grok m4, does not a bad configuration system make.
That's the point. You have to edit a program to modify a configuration file. That is messed up.
Why do you automatically assume that I haven't used m4 for sendmail configuration? Just because I have a different opinion of you does not mean that I am unfamiliar with it. You don't have to be condescending.
I've been using sendmail since before they used m4, and I have had to edit the sendmail.cf file by hand. I was annoyed when they went to m4, because that meant I had to install new software and learn a new syntax instead of just popping in and changing the lines I needed. Furthermore, the configuration files weren't even in/etc anymore.
At least at some point, the stuff that comprises sendmail.cf is a very human-readable and easy to read m4 script, which is still way better than XML as a be-all, end-all solution.
No, it isn't. It's not even much less verbose than a well written XML file. Besides, you should not have to edit a script to change a configuration file. Furthermore, application generated files not editable by the user should not go in/etc.
And Deep Magic is supposed to be difficult and arcane. It's called "job security."
No, it's called, "an accident waiting to happen", and if you think that just because you can do something difficult it means that you have job security, you are fooling yourself. There are plenty of people that can do that same arcane thing faster and cheaper than you can.
a) masochists
Why do you say that? You said that the configuration files were, "very human-readable and easy to read". Should be a snap.
sufficiently socially inept that they're unable to convey just how fucked sendmail is to the requisite PHBs and get them to mandate something else
There you go with the attitude again. Obviously if sendmail is company policy, then the administrators must be socially inept, because they haven't convinced their boss to switch to postfix. That's a crock of shit, and you know it.
The very first line of sendmail.cf "DO NOT EDIT THIS FILE! Only edit the source.mc file."
Guess what? It didn't used to be that way! You used to have to change the sendmail.cf file by hand. I have done this many times before m4 support was added, so my point is still valid.
Pueblo means town or village. It does not mean that they are made from adobe. They might be but just because they use the word Pueblo does not mean they have to be.
True, and he probably meant it that way too, considering he said that it was 150 homes within a range of 6 miles.
Anyone who has played Black & White has seen their monster poop after it eats. Depending on how you trained it, it might do this on houses, people, fields, whatever.
It's worse: Your monster can be trained to throw poop and eat poop. Sometimes it learns it on its own without training.
does it support the opengl shading language like vertex and pixel shaders? i see it supports extensions for opengl 1.5 but to what extent? what about CG for Nvidia or Render Monkey code for ATI? what about pointers that you need for A* pathfinding and artificial intelligence?
you cant be serious in considering that Java is a reputable alternative to writing robust recent good quality 3D openGL apps can you?
Oh, get over it. People said the same thing about C++ several years ago. Back then, no one would have believed that in a few years games like Konami's Metal Gear Solid would be using scripting languages for a lot of their gameplay. Now games are a mixture of several languages - from assembly on up to scripting.
The first commercial game to use Java was Tom Clancy's Politika, and that came out in 1997!
the benchmarks on this site were for all 800x600? huh? that is so dated. no one writes 3D apps/games using 800x600..and Quake 2?? come on now isnt that a bit outdated?
That's the point. The whole argument is outdated. The language has been capable for years.
Slashdot Mirror
Bash is too big and too slow.
you'd know that the terrible hack that is "just push the [tab] key 500 times" is absolute bullshit.
It is bullshit, but it's a lot better than what it used to be.
Under bash, it'll list all the possible option vice tabbing through each one.
I need to use "mkdir" more often:
Actually, in this case, Microsoft appears to be enforcing it. All commercial programs that I've encountered with the "Designed for Windows XP" sticker have technically used the multi-user environment as per Microsoft's standards. For instance, Norton AV does work in a multi-user environment, but it contains some ugly misfeatures that make using it as a non-privileged user annoying. Microsoft can't do anything about this, because, obviously, features are different for every application, and the program passed Microsoft's automated suite.
In most cases, fixing the issues are simply to store preference files in the right place (user's directory, user's registry).
Most of the programs I've encountered know how to do that. The issues I've encountered are elementary programming mistakes. For instance, the status application for a printer I had the misfortune of having to install required information from it's driver installed as part of the spooler subsystem. Unfortunately, this application doesn't work correctly under Windows XP Home as a regular user, because it requires privileges that regular users don't have. It works fine when running as an Administrator, obviously. If the company had bothered to test their application in the recommended Windows configuration, they would have found the problem immediately and been able to fix it easily. Instead, this program got passed onto users who now have no choice but to run as Administrator if they expect to be able to print. In no way is this Microsoft's fault. The developer didn't follow Microsoft's directions, didn't get their product certified, and didn't test their software.
If it's possible, then it is *very* fucking new.
It's been there since Windows NT, although the configuration was different in NT.
Okay, yes I found it now. That's definitely what it was, and it is definitely for TB. The Bacillus Calmette-Guérin vaccine is apparently the most widely used TB vaccine. The blistering appears to be common:
The way you were vaccinated, the location, and the resulting blistering/scarring (including the shape) is all earily similar to a smallpox vaccination. The blister/scar always occurs with a smallpox vaccination.
I believe nowadays they use a different method to immunize against TB
In the U.S. we don't normally get vaccinated anymore for TB due to a low risk of infection and because the effectiveness of the vaccine can vary quite a bit. I think that there is a new vaccine undergoing trials with the CDC, though.
Most people in the U.S. are tested for TB in high school with a Mantoux test for public health reasons. This test won't work when you have had a BCG, which is why people in the U.K. get a Heaf test instead.
Oddly enough, March 24 is World TB Day.
Wrong in both cases. Think: What didn't I do right to make the next filename appear?
Nope, it comes pre-installed. Owners of older machines can get it automatically through Windows Update or download it from Windows Update.
Neither (except if you're dumb enough to not have installed Windows XP SP2)
My point is that Windows needs special steps to be _protected_;
Actually, in SP2 it doesn't. The XP firewall is turned on by default in XP2. In SP1, all you needed to do was turn on the firewall for a connection in the Network Connections control panel.
Now as far as local security goes, I agree with you; there are some nasty local security exploits. Microsoft is to blame for much of the security issues, but also a major part of the problem is third-party developers! It would help if application developers would realize that Windows is a multi-user system and actually follow Microsoft's reference guides for how to program in this environment instead of forcing the user to be an Administrator to actually use their program. Windows has been multi-user for years, and application developers still haven't caught up. Why do I have to be an Administrator to run a game? Bad programming, that's why! Not even Norton AV gets this right (scheduled scans do not run for non-administrators and a non-administrators are told that Live Update is off even if it is actually turned on). The only program that I've see actually try to do something about this is Nero, which has a program to set up a group to enable burning by non-administrator accounts, but even this is a special download that is not part of the regular install. This needs to change; developers need to start using the Windows multi-user environment correctly.
In summary, Microsoft provided the ability to make the system more secure using non-privileged accounts and groups like every other major OS, but application developers are not taking advantage of it. I always run as a non-privileged user, and I am getting sick of applications that have no reason to need administrator privileges not running correctly.
Just FYI: You don't need cygwin. The Windows command line does this.
That drives me absolutely nuts! I *so* want a Powerbook... No, scratch that - I need a Powerbook. The one issue I have with it that keeps me from buying one is that the display is a lot smaller (1280x854) than what I use now on my ancient Dell (1600x1200). I gave the Powerbooks a whirl in the store (I almost walked out with one), thinking that the screen might okay, but it turned out to be completely unusable for me. It's just too small a screen. It's so frustrating, because everything else about it is so fscking sweet!
WHAT!?!!? Oh crap, I left them in the glass room for a month with no food!
Oh Ghod! The UNIX admins tried to eat the MCSA's brain and starved to death.
Oh the horror! THE HORROR!!!
I don't remember mine ever doing that, although I did have a ring of needle holes on my arm. Yours sounds almost like a smallpox innoculation. Did it form a blister, and then turn into the cavity? Do you have a scar?
Boy, you sure sound like a insubordinate slacker. Your boss tells you to perform a very important task that will undoubtedly increase productivity, but you refuse to do it. Furthermore, you make paltry excuses for not wanting to perform the very important money saving task given to you by your superior. Each minute you refuse to perform your this important task, countless dollars of profit are lost. You should not be questioning your superior's authority. Your job is not to think. Having personal thoughts is stealing from the company. If you aren't part of the solution, you are part of the problem. You're fired.
</SATIRE>
Last time I had to edit sendmail.cf by hand was in 2000 on Solaris. I hardly consider that a long time ago. There were no m4 files for sendmail on that machine, and it was a new version of Solaris.
sendmail.cf has moved on. It is not intended for human consumption. It states as much on the very first line of the file. For reference, see "past tense" and "present tense" in any good book on the English language.
So what you're saying is that since people no longer edit the sendmail.cf file directly, it was never, ever at any time in the past meant to be user modifiable (also, the Holocaust never occurred).
No, my point is still valid that the sendmail.cf is not user firendly. It's laughable that sendmail is probably the only application has to have its configuration file configured with another configuration file. It's insanity.
Thanks for playing.
There's no need to get snotty.
Yes it is! That was the standard configuration syntax up until they switched to m4.
2. sendmail's m4 config scripts are very human readable, and way less noisey than XML.
They are no more or less human readable or noisy than XML:
3. You're not attempting to argue that Deep Magic is supposed to be easy, are you? Because if it were, it wouldn't be Magic, let alone Deep Magic.
No, I'm saying that you shouldn't depend on it, because there will always be somebody who can do it faster, cheaper, and better than you. Do not think for a moment that you are irreplacable because you know how to do something magical. Many of the things that were once Deep Magic have now been replaced by simple solutions.
4. Yes, the entire world should be aware that sendmail is fucked, by now. I stand by my assertions as to why it might still be in use. Attitude or no, I believe it to be true.
It does have a few, uh, issues don't it?
That's the point. You have to edit a program to modify a configuration file. That is messed up.
Why do you automatically assume that I haven't used m4 for sendmail configuration? Just because I have a different opinion of you does not mean that I am unfamiliar with it. You don't have to be condescending.
I've been using sendmail since before they used m4, and I have had to edit the sendmail.cf file by hand. I was annoyed when they went to m4, because that meant I had to install new software and learn a new syntax instead of just popping in and changing the lines I needed. Furthermore, the configuration files weren't even in /etc anymore.
At least at some point, the stuff that comprises sendmail.cf is a very human-readable and easy to read m4 script, which is still way better than XML as a be-all, end-all solution.
No, it isn't. It's not even much less verbose than a well written XML file. Besides, you should not have to edit a script to change a configuration file. Furthermore, application generated files not editable by the user should not go in /etc.
And Deep Magic is supposed to be difficult and arcane. It's called "job security."
No, it's called, "an accident waiting to happen", and if you think that just because you can do something difficult it means that you have job security, you are fooling yourself. There are plenty of people that can do that same arcane thing faster and cheaper than you can.
a) masochists
Why do you say that? You said that the configuration files were, "very human-readable and easy to read". Should be a snap.
sufficiently socially inept that they're unable to convey just how fucked sendmail is to the requisite PHBs and get them to mandate something else
There you go with the attitude again. Obviously if sendmail is company policy, then the administrators must be socially inept, because they haven't convinced their boss to switch to postfix. That's a crock of shit, and you know it.
Guess what? It didn't used to be that way! You used to have to change the sendmail.cf file by hand. I have done this many times before m4 support was added, so my point is still valid.
One word: sendmail.cf
True, and he probably meant it that way too, considering he said that it was 150 homes within a range of 6 miles.
And the author doesn't live in this type of house.
It's worse: Your monster can be trained to throw poop and eat poop. Sometimes it learns it on its own without training.
*sigh* Too much Discovery Channel...
This supports most of what you want to do.
you cant be serious in considering that Java is a reputable alternative to writing robust recent good quality 3D openGL apps can you?
Oh, get over it. People said the same thing about C++ several years ago. Back then, no one would have believed that in a few years games like Konami's Metal Gear Solid would be using scripting languages for a lot of their gameplay. Now games are a mixture of several languages - from assembly on up to scripting.
The first commercial game to use Java was Tom Clancy's Politika, and that came out in 1997!
Some commercial games that use Java include:
the benchmarks on this site were for all 800x600? huh? that is so dated. no one writes 3D apps/games using 800x600..and Quake 2?? come on now isnt that a bit outdated?
That's the point. The whole argument is outdated. The language has been capable for years.
No. YHBT. HAND. :)