I'm of the mind that developers should (unless not possible) isolate their entire application to their own directory and only go into c:/Windows only when absolutely necessary.
OK, so you suggest to include all of an app's libraries in each app's bundle.
Yes. And I've argued this point in many design meetings. The "correct" academic approach (which you and most programmers argue) is to not have redundant files, that if two apps use the same DLL there should only be one copy of that DLL (usually somewhere under c:/windows).
This approach works great on paper and in the classroom, but in real life app1 likes DLL v1 and v2, but app2 only likes DLL v1. Upgrade the library and break app2.
Alternately, app2 gets uninstalled and takes the DLL with it. Now app1 doesn't work because the DLL is missing.
The programmer is now getting crap for writing bad code when the reality is the environment around his application isn't stable -- people want to keep changing vital parts that his application depends on.
This is sometimes called "DLL hell". Avoid the entire problem by making sure everything your application needs is installed in its own isolated directory. Who cares if you end up with a system that has four different jpeg.dll on the machine -- ensure that your application can find the file it needs by keeping it your own directory.
Then what if it is later discovered that a widely used library has a security hole such as the one in the JPEG parser of GDI+?
Then tell your user to upgrade your application to the newer version (which includes the new library). It's your job to make sure *your* app works.
Sam (speaking from years of development experience)
hey.. yeah! illegal to install stuff in windows/*!!
Firstly, I'm of the mind that developers should (unless not possible) isolate their entire application to their own directory and only go into c:/Windows only when absolutely necessary. This makes things much cleaner (and is generally the Mac approach, by the way, that's why you can just drag and drop one icon to the applications folder to install something on a Mac).
Secondly, obviously there are times when an application *has* to place files under c:/windows -- in fact, Microsoft implemented a certification program for drivers with XP so now you get warned suring installation if the driver isn't certified for XP. (The is a cash grab by MS, but in their defense they attribute most XP instability problems with bad driver code written by third parties so it's a reasonable undertaking.)
In cases where an app needs to put a file in c:\windows I have no problem with "Call Of Duty wants to install a driver in c:\windows\system -- is that okay?" I'll just click 'yes'.
But I want to be able to click 'no' when "App-you-didn't-even-mean-to-install wants to replace your NOTEPAD.EXE and WRITE.EXE with spyware -- is that okay?"
If the law prevents others from installing stuff on my computer I didn't ask for and don't want then it sounds good to me.
Many spywares I've seen are in Windows directories. This may be old hat, but can't Windows do a simple hash or cert check on a file going into c:/Windows or c:/Windows/System to see if it's an "official" or "authorized" file?
A simple message like "Application X is trying to put a file called NOTEPAD.EXE in your Windows/system directory -- this is not a Microsoft file, do you want to allow this?" would suit me.
Goodness knows Windows nags me about a million other things on a daily basis ("Updates... get your updates!").
Good lord, have you actually programmed in Java? Object orientation is a terribly inefficient way to program.
Oh my.
On another note, why should Microsoft be afraid? Are you under the impression that they own C or C++? The only thing Microsoft's in danger of losing to Sun is the worst implementation of a good idea.
Microsoft was afraid of the Java platform.
Microsoft is successful because they own the platform (Windows). The only way to beat Microsoft is to change the platform.
When Java emerged, they got scared and were right to do so.
1) Steve Jobs runs a big successful computer company, envied by many for its impeccable style and cutting edge innovation and product design.
2) Bill Gates is an effective caretaker for the largest money-printing machine in the world. His products are not innovative and are far from perfect. He has no style and this is reflected in his products, but they are extremely popular. He's a good manager and an excellent card player.
3) Linus wrote a UNIX kernel and released it freely to the world. An innovative even important move, but other than that what does he do to garner such awe?
Being from the former Soviet Union myself, I can attest to the fact that piracy is very rampant [...] visit their nearest street vendor and buy the full version for less than $2
Being from Canada, I can attest to the fact that piracy is very rampant too. But people don't buy software from street vendors, they get it for free by downloading it from Kazaa or eMule, or get copies from friends.
Personally, I like to stay legal, but my friends laughed and ridiculed me when I actually went to Staples and paid $150 for the WinXP upgrade. (These guys are well-paid, hi-tech professionals, by the way, not dark-alley street crooks or even poor students. They won't pay for *anything* software-related.)
I like Call Of Duty and was thinking about buying the new expansion pack, then a friend of mine brought a CD copy over to my house "here I thought you'd like this, keep it", and dropped it on my kitchen table.
I didn't even have a chance to go to a store before someone *gave* me an illegal copy. (For the record, I have not installed it, and I'm not yet sure I will.)
Han Solo whacks the dumbass bounty hunter Greedo with a pre-emptive shot from beneath the table, thus cementing in everyones eyes his total badassness.
You elequently crystalized the problem, bravo!
The wild-west-justice of it is once your opponent draws his pistol you can shoot him in self-defense. Period. There's a generation of western pictures to use as precedent.
Greedo had his pistol drawn, threatened to kill him ("I've been looking forward to this for a long time"). Han shot him in self-defense. This is obviously what Lucas originally intended despite what he claims now.
I'm all for director's cuts but this sort of revisionist film making makes me retch.
I don't think you have the right Kaufman. this guy is still very much alive, and released an Ashley Judd movie (messy) just this year.
Weird -- I distinctly remember reading about the guy would wrote the opening and closing scenes of Raiders, died, and his widow faught and won a co-something credit. Could've sworn that was Kaufman. I wonder what I'm thinking of...
What're you, retarded? That could've come from anywhere. He could have "borrowed" it from seeing elephants at the circus
Battle elephants maching to war with deadly tusks... Luke/Legolas climbing one and bringing it down single-handedly... Lucas' vision of the Hoth battle is *clearly* borrowed from Tolkien. Sorry for the smugness, but this is as clear as the pod-race in Phantom Menance being an homage to Ben-Hur.
The Star Wars movies are teeming with such references. The more you are exposed to the classics the more you see where Lucas got his ideas.
Face it, Lucas is *heavily* influenced by other work. Even Jedi is virtually a re-make of Star Wars; starting out on Tatooine gave him a chance to re-do the creature-cantina with Jabba's palace, and the movie is centered around attacking a new death star. I shook my head in disbelief when they ended up on Tatooine again in Phantom Menace -- come on George, there's a billion planets out there!
Lucas didn't write Raiders or any of the Indy movies. Notice he gets "story" credits.
He came up with the idea of making a movie based on the '50s-style action serials featuring a "James Bond"-like globe-trotting archeologist.
A lot of King Solomon's Mines, a little Maltese Falcon, a name reminiscent of Nevada Smith Other than that the bulk of Raiders came from screen-writer Kasdan (allegedly, Kaufman's contribution (before he died) was the opening and closing scenes, and his widow fought for a co-story credit).
George says, "let's have Indy meet his father and go after the Holy Grail", hires a screen-writer to fill in the rest, and *boom* story credit.
have a little faith in lucas... i still like indiana jones, dammit!
The Indy movies are directed by master Spielberg. Lucas is an FX man and, arguably, a decent editor. As a director he's a hack, as a writer he's way too quick to "borrow" story elements from classic works and other sources.
I almost fell on my butt when I saw the giant elephants in Return Of The King. "You mean Lucas stole the AT-ATs from Tolkien??" I had always thought the idea of elephant-like walking tanks was brilliant, turns out he stole that too.
All those years I thought Star Wars was great art, turns out it's just pulp. Factor in budget and expectations, Clones literally tops the list as worst movie ever made.
I saw Empire in 1980 (at age 11) but after years of only seeing Empire on TV, during the early nineties re-release I was stunned at how beautiful a movie it is on the big screen. A wide variety of interesting settings, expansive landscapes and space-scapes. The space convoy scenes and the dual are beautifully put together. And the movie is teeming with interesting characters.
Also, I don't think the SFX guys get enough geek-credit for the miraculous job they did enhancing cloud city in the special edition of Empire.
One of the embarrassments of the GUI world is how much faster and more productive a CLI user is than a GUI user, for almost all tasks.
What a crock. I've been listing to this kind of self-indulgent clap-trap from hardcore UNIX users for years.
Create a new directory on your desktop, open your home folder and move the files mystuff.zip, mom.jpg, and resume.doc into the new folder. You're telling me you can do this faster at the command line than with the Finder and a mouse? No chance. I do this kind of thing a dozen times a day.
Common GUI-based office and graphics applications allow users to be super productive and do things that are practically impossible in the CLI world. Show me a CLI app that sorts/sells music like iTunes. Show me a CLI app that lets you do what iMovie can.
And as for programming, many developers will go to their graves using emac or vi. But the visual development, debugging and refactoring capabilities in tools like Visual Studio, Eclipse and JBuilder can save tremendous amounts of time and headaches.
Sam Seaborn
sam@rightclick.ca
sol'n: one-time password tokens
on
Real Security?
·
· Score: 1
The simpliest way to lock down your system is to give the users one-time password tokens like SecurID or Cryptocard.
Slashdot Mirror
Yes! Yes! Please!
Give me iPhoto for Windows then I'll have no more Mac envy! (Though I'll still be waiting for a version of Mac OS X that will run on my VAIO.)
Sam
OK, so you suggest to include all of an app's libraries in each app's bundle.
Yes. And I've argued this point in many design meetings. The "correct" academic approach (which you and most programmers argue) is to not have redundant files, that if two apps use the same DLL there should only be one copy of that DLL (usually somewhere under c:/windows).
This approach works great on paper and in the classroom, but in real life app1 likes DLL v1 and v2, but app2 only likes DLL v1. Upgrade the library and break app2.
Alternately, app2 gets uninstalled and takes the DLL with it. Now app1 doesn't work because the DLL is missing.
The programmer is now getting crap for writing bad code when the reality is the environment around his application isn't stable -- people want to keep changing vital parts that his application depends on.
This is sometimes called "DLL hell". Avoid the entire problem by making sure everything your application needs is installed in its own isolated directory. Who cares if you end up with a system that has four different jpeg.dll on the machine -- ensure that your application can find the file it needs by keeping it your own directory.
Then what if it is later discovered that a widely used library has a security hole such as the one in the JPEG parser of GDI+?
Then tell your user to upgrade your application to the newer version (which includes the new library). It's your job to make sure *your* app works.
Sam (speaking from years of development experience)
Firstly, I'm of the mind that developers should (unless not possible) isolate their entire application to their own directory and only go into c:/Windows only when absolutely necessary. This makes things much cleaner (and is generally the Mac approach, by the way, that's why you can just drag and drop one icon to the applications folder to install something on a Mac).
Secondly, obviously there are times when an application *has* to place files under c:/windows -- in fact, Microsoft implemented a certification program for drivers with XP so now you get warned suring installation if the driver isn't certified for XP. (The is a cash grab by MS, but in their defense they attribute most XP instability problems with bad driver code written by third parties so it's a reasonable undertaking.)
In cases where an app needs to put a file in c:\windows I have no problem with "Call Of Duty wants to install a driver in c:\windows\system -- is that okay?" I'll just click 'yes'.
But I want to be able to click 'no' when "App-you-didn't-even-mean-to-install wants to replace your NOTEPAD.EXE and WRITE.EXE with spyware -- is that okay?"
Sam
Many spywares I've seen are in Windows directories. This may be old hat, but can't Windows do a simple hash or cert check on a file going into c:/Windows or c:/Windows/System to see if it's an "official" or "authorized" file?
A simple message like "Application X is trying to put a file called NOTEPAD.EXE in your Windows/system directory -- this is not a Microsoft file, do you want to allow this?" would suit me.
Goodness knows Windows nags me about a million other things on a daily basis ("Updates ... get your updates!").
Sam
15% (note, this is always music that I would never buy anyway)
2) sources like iTunes Music Store
0% (but would be about 20% if available to Canada)
3) shareable sources like Creative Commons-licensed music?
0%
4) rips of your own CDs?
70%
5) rips of friends' CDs?
15% (note, this is legal in Canada; probably not moral though)
Sam
Oh my.
On another note, why should Microsoft be afraid? Are you under the impression that they own C or C++? The only thing Microsoft's in danger of losing to Sun is the worst implementation of a good idea.
Microsoft was afraid of the Java platform.
Microsoft is successful because they own the platform (Windows). The only way to beat Microsoft is to change the platform.
When Java emerged, they got scared and were right to do so.
Sam
Microsoft was right to be afraid, developing in Java is a delight.
Sam
1) Steve Jobs runs a big successful computer company, envied by many for its impeccable style and cutting edge innovation and product design.
2) Bill Gates is an effective caretaker for the largest money-printing machine in the world. His products are not innovative and are far from perfect. He has no style and this is reflected in his products, but they are extremely popular. He's a good manager and an excellent card player.
3) Linus wrote a UNIX kernel and released it freely to the world. An innovative even important move, but other than that what does he do to garner such awe?
Sam
Being from Canada, I can attest to the fact that piracy is very rampant too. But people don't buy software from street vendors, they get it for free by downloading it from Kazaa or eMule, or get copies from friends.
Personally, I like to stay legal, but my friends laughed and ridiculed me when I actually went to Staples and paid $150 for the WinXP upgrade. (These guys are well-paid, hi-tech professionals, by the way, not dark-alley street crooks or even poor students. They won't pay for *anything* software-related.)
I like Call Of Duty and was thinking about buying the new expansion pack, then a friend of mine brought a CD copy over to my house "here I thought you'd like this, keep it", and dropped it on my kitchen table.
I didn't even have a chance to go to a store before someone *gave* me an illegal copy. (For the record, I have not installed it, and I'm not yet sure I will.)
Sam
Holy crap! In this clip Lucas says he wants to change the "sword fight" in Raiders when he gets a chance!!
That's such a great moment -- somebody stop him!
Sam
You elequently crystalized the problem, bravo!
The wild-west-justice of it is once your opponent draws his pistol you can shoot him in self-defense. Period. There's a generation of western pictures to use as precedent.
Greedo had his pistol drawn, threatened to kill him ("I've been looking forward to this for a long time"). Han shot him in self-defense. This is obviously what Lucas originally intended despite what he claims now.
I'm all for director's cuts but this sort of revisionist film making makes me retch.
Sam
I don't think you have the right Kaufman. this guy is still very much alive, and released an Ashley Judd movie (messy) just this year.
Weird -- I distinctly remember reading about the guy would wrote the opening and closing scenes of Raiders, died, and his widow faught and won a co-something credit. Could've sworn that was Kaufman. I wonder what I'm thinking of ...
SLL
Battle elephants maching to war with deadly tusks ... Luke/Legolas climbing one and bringing it down single-handedly ... Lucas' vision of the Hoth battle is *clearly* borrowed from Tolkien. Sorry for the smugness, but this is as clear as the pod-race in Phantom Menance being an homage to Ben-Hur.
The Star Wars movies are teeming with such references. The more you are exposed to the classics the more you see where Lucas got his ideas.
Face it, Lucas is *heavily* influenced by other work. Even Jedi is virtually a re-make of Star Wars; starting out on Tatooine gave him a chance to re-do the creature-cantina with Jabba's palace, and the movie is centered around attacking a new death star. I shook my head in disbelief when they ended up on Tatooine again in Phantom Menace -- come on George, there's a billion planets out there!
SLL
He came up with the idea of making a movie based on the '50s-style action serials featuring a "James Bond"-like globe-trotting archeologist. A lot of King Solomon's Mines, a little Maltese Falcon, a name reminiscent of Nevada Smith Other than that the bulk of Raiders came from screen-writer Kasdan (allegedly, Kaufman's contribution (before he died) was the opening and closing scenes, and his widow fought for a co-story credit).
George says, "let's have Indy meet his father and go after the Holy Grail", hires a screen-writer to fill in the rest, and *boom* story credit.
Sam
The Indy movies are directed by master Spielberg. Lucas is an FX man and, arguably, a decent editor. As a director he's a hack, as a writer he's way too quick to "borrow" story elements from classic works and other sources.
I almost fell on my butt when I saw the giant elephants in Return Of The King. "You mean Lucas stole the AT-ATs from Tolkien??" I had always thought the idea of elephant-like walking tanks was brilliant, turns out he stole that too.
All those years I thought Star Wars was great art, turns out it's just pulp. Factor in budget and expectations, Clones literally tops the list as worst movie ever made.
Sam
Also, I don't think the SFX guys get enough geek-credit for the miraculous job they did enhancing cloud city in the special edition of Empire.
Sam
Agree. Something like 'Datascape' would have been better.
It's not free, but check out Borland's Java object database
JDataStore
Sam Seaborn
What a crock. I've been listing to this kind of self-indulgent clap-trap from hardcore UNIX users for years.
Create a new directory on your desktop, open your home folder and move the files mystuff.zip, mom.jpg, and resume.doc into the new folder. You're telling me you can do this faster at the command line than with the Finder and a mouse? No chance. I do this kind of thing a dozen times a day.
Common GUI-based office and graphics applications allow users to be super productive and do things that are practically impossible in the CLI world. Show me a CLI app that sorts/sells music like iTunes. Show me a CLI app that lets you do what iMovie can.
And as for programming, many developers will go to their graves using emac or vi. But the visual development, debugging and refactoring capabilities in tools like Visual Studio, Eclipse and JBuilder can save tremendous amounts of time and headaches.
Sam Seaborn
sam@rightclick.ca
The simpliest way to lock down your system is to give the users one-time password tokens like SecurID or Cryptocard.