Wasn't Internet Explorer so tied into early windows versions that it was considered part of the OS itself since mare mortals couldn't just uninstall it till a few years ago?
No.
The OS and Internet Explorer shared (and I believe still does) rendering components. Which means that some of the control panel views especially in XP was rendered using the Trident rendering engine - not IE. IE *also* used the Trident rendering engine.
There is also a difference between the kernel and the core OS. Components can belong to what is considered the core OS (with the GUI rendering parts) without being executed in kernel space.
Let me see, last time I loaded Windows 8 pro, there was a raft of services turned on for me by default.
Windows 8, Windows 7 and even Windows Vista comes up and asks you if you *want* to turn on services. If you answer no, it will not have any network ports listening. Get it yet? That's the *desktop user* targeted operating systems.
Windows Server comes by default with NO network services turned on by default, and NO listening ports. Get it yet?
Linux *desktop user* targeted distros do turn on network services. Get it yet?
Yes the distribution may turn on some services
Yes, indeed. Get it yet?
Linux distributions targeted at "servers" generally come w/o any services even installed by default.
Yes. Just like the Windows Server versions. Get it?
If you go to "desktop" installs, where Windows 8 Pro lives, Linux comes out of the normal distribution much more locked down and secure
Nope. Linux lacks many, many of the security features in Windows 8. In distros using apparmor it only protects some of the daemons. Windows 8 comes with Mandatory Integrity Control built-in sandboxing.
Windows 8 supports multiple (and simultaneous) network firewall profiles which are automatically selected based on where you are: On a corporate network SMB services may be available, on a public network without a trusted domain controller it selects the public (locked down) profile. Linux does not.
I still cannot believe that the DEFAULT behavior of a Windows box is to have the main user be an Administrator
Good you do not believe it, because it is false. This is one of the hardest things for Linux fanatics to understand: Windows has tokens and with UAC even if you do log in with an account with administrative rights, the token will not have administrative rights. This means that the processes started by the shell will not have administrative rights. Get it yet?
Linux is not like this, and most desktop distributions today don't allow you to login as root.
No, but they do allow you to elevate to root as effective user - using sudo or other SUID utilities, which is a blatant violating of one of the most fundamental security principles: Least privilege.
In Linux you elevate to the highest, unrestricted and all-powerfull user just to change your own password??? Have you any idea how f* up that is?
Linux and Windows approach security in totally different ways. When you load a Linux kernel, it's secure, it starts that way. When you load windows, it's NOT secure, you have to load other stuff to make it secure.
Sorry, but that is BS. When you load Linux it comes up with a security model through which there has already (by design) been punched a big hole: SUID. When you load Windows it comes up with a security model which has no need for such a massive hole. Countless otherwise benign bug has been turned into total system compromise bugs because of SUID.
Under Windows, all kernel objects types are securable with security descriptors. Linux was designed with only file system permissions. Processes did not have security descriptors, and such objects need to be mapped to files and filepermissions used to (inadequately) describe access permissions.
Windows services run in a separate session - interprocess communication is severely restricted. A process in another session cannot break through to e.g. the desktop, i.e. a daemon/background service cannot interact with the desktop. There is no such isolation in Linux unless you run SELinux. In Windows it is the default.
Most Windows services run under service hardening. Even custom sites you set up will by default run under service hardening. Under service hardening an ad-hoc identity is implicitly created for the service/website and this identity has no permissions whatsoever by default. It has to be granted any access permission it needs. You'd have to run SELinux or apparmor with a significant amount of configuration to achieve the same level of isolation under Linux. Under Windows it is default and straightforward.
Windows has mandatory DEP, much stronger ASLR, stack and heap encryption/checksumming and several other mitigation technologies not found in Linux. On by default.
Windows boxes? They come out of the install process wide open with a whole raft of dangerous services turned on. Not to mention they are starting from the security posture of Windows 3.1
What century do you live in? Since Windows Server 2008 (!) only the minimal set of services are turned on, and *no* network facing services until you configure them.
That's over half of Microsoft's existence that they spent building the perfect opposite of a server. Linux was built to be like Unix, which was designed and built as a server from day one. Not surprisingly, Linux is good at what it was made for (network computing) and Windows is good at what it was designed to do - user-friendly local desktop work.
Sorry, but this is BS. At best it is true for the Win 9x strain of Windows. Windows NT was a clean implementation of a new operating system with the Win32 API reimplemented to support backwards compatibility with Win9x.
Windows NT was built as a network OS from the start, whereas Unix (and Linux) was built as a multiuser OS. The difference is evident when you look at how e.g. a user account has been represented: In Windows a user (or group) account always includes the authority responsible for the account.
In Unix/Linux there is no such concept: users and groups are identified by integers and are implicitly users of the local machine.
Windows user accounts are global in nature: Every time you has a reference to a user, you have the reference to the authority as well. Unix/Linux user accounts needs to be mapped using all kinds of strange tricks especially on networked resources, because it was never perceived in the original design that you other machines would work with the local machine trough a trust relationship.
This is actually why the biggest reason to go with Windows servers is Active Directory: It was trivial to integrate the established user/account regime with something like AD, since AD simply became an "authority" - for which Windows NT already had support. Unix at the time had to resort to strange quirks such as NIS domains.
In general, it has *always* been a pain to share user accounts across Unix/Linux systems, while on Windows you could set up an AD (or a domain before AD), and software did not have to be rewritten just to pass credentials from machine to machine.
After the nice Windows desktop, Microsoft invested a billion dollars developing and deploying a technology called COM. The basic idea of COM was that you could embed documents from one program inside documents from another program, and that did cool things.
You don't know what COM is. What you are referring to here is called OLE - Object Linking and Embedding. OLE is/was built on top of COM - but COM was *never* about being able to embed objects.
COM is a language-neutral binary object model, which ensures that the system has a common object model where objects can be consumed regardless of what language was used to develop them. It is still very much at the core of Windows, mainly because it is so efficient (being a binary standard it has extremely little overhead - especially for in-proc objects).
Ukraine was part of what happened in Hungary so why are you blaming only Russia? Ukraine was as much a core of the USSR as Russia was back then.
I am old enough to have lived through the cold war. We often referred to USSR (and even the Warsaw Pact) as "Russia" - using the names interchangeably - because it appeared to be one and the same. Of course, that was grossly ignorant and disrespectful to the other republics and states.
However, it now appears as it it wasn't so far off the mark anyway. The former "allies" of the Warsaw Pach - especially Poland - have wasted no time warning about the real intentions of Russia. And they should know - having lived almost 50 years in the shadows of what was effectively the continuation of the Russian Empire.
Talk to Estonia and the other Baltic states as well. They had a big hurry getting into NATO once they wrested themselves free from the "Russian federation". Little love was lost for their old big "ally" in the east.
What has emerged is an image of Russia consistently bullying their neighbor states, forcing them into becoming "friends", Russian domination of local people, even when russians were in the minority (they could always call on big brother). That was how the USSR and the Warsaw block was held together, and also why - when it finally broke - disrupted so astonishingly(!) fast.
This is nothing but Russia rising again after having licked its wounds for a couple of decades. And Russia (and I regretfully have to accept - the Russian people) have not changed in their aspirations.
What we see is pure 1920-1930 style fascism where a powerful nation prepares the population for conquests of weaker states by building a narrative of being "victims" while their true destiny is to be masters, hence they must strike back.
During the Kursk accident I was shocked by how many russians believed the propaganda and dangerous(!) allegations coming out of the Navy that a NATO submarine/torpedo had sunk Kursk. I thought: "Shouldn't they know better by now?".
During the illegal occupation of Crimea by the "green men", Putin claimed that they were just concerned citizens taking protecting their families by organizing self-defense against a perceived enemy.
We now know that Putin was lying. He even admitted as much. The occupation was set in motion from Russia, and the green men was regular Russian troops.
But what got the best of me was that Russians were never outraged by this blatant and dangerous violation of international laws and treaties. They applauded it!
And now it repeats, and we have russians here claiming the same thing as during the Crimea occupation.
When the MH17 was shot down, the rebels first believed they had shot down a Ukrainian plane. And they bragged about it on Twitter and Facebook. The news that the separatists had downed another Ukrainian plane even reached ITAR-TASS and Russia Today, where many Russians must have read it. When it became clear that it was civilian the news disappeared without a trace, without notice and without explanation.
The Russians who followed that initial news and how it was transformed into allegations against Ukraine, why didn't they stop and wonder. It is staring the Russian public in the face, and they refuse to acknowledge it. I blame them for that. I blame all Russians for that.
I have lost all respect for Russians. There may be good Russians, but from now on they will have to prove that they are not lying scumbags before I want to have anything to do with them. Sorry, but that is how it is.
Oh, and they also scream: "Hang Russians on tree branches" (at 0:25). Just to show how Ukraine develops deep mutual appreciation and tolerance in a multi-cultural society from the very young age.
Page one in facism manual: We are the victims.
Page two: Tell the lie again and again: We are the victims, We are the victims, We are the victims.
Dear Russian: We cannot trust you. You have some serious cleaning up to do after Putin. Until you demonstrate that you have left the nationalism and dream of the Russian Empire behind, you cannot be trusted in a modern world. These few months - whatever way it turns out - will cast shadows for 15-20 years in the future.
After the Berlin Wall came down, we had hopes that the militarism and expansionism of past was due to an anti-democratic leadership run amok. We now know that it is a trait of the Russian people, not just the leadership. The fact that you so willingly let history repeat itself is a wake-up call for most of us.
We wanted to believe that you were genuinely interesting in peaceful coexistence with respect for other people. Your former "allies" in Poland, Latvia, Lithuania, Estonia, Czech Republic and Slovakia warned us about you. It is interesting how practically *all* of your former "allies" want's to have NO business with you. We should have listened to them.
This has shown the world the true Russia. Be prepared for a future where everything Russia tries to achieve will be viewed with suspicion.
It is not a question about whether we like you or not. It is much more severe: We do not trust you. You have proved for the World that you cannot be trusted.
If the separatists have the support of the majority of the local people, why would we oppose them?
Oh, you mean like when Chechnya declared independence from Russia and was granted it because the locals overwhelmingly supported it. Oh wait - how come they are still part of Russia?
Do you even understand Russian or are you simply parroting the shit that the mass media blindly copies from Ukrainian media?
So, one has to speak russian to understand this conflict? Really?
I have been trying to follow the conflict reporting from both mainstream media as well as from Russia Today. The twists from RT is really mindblowing. They even broke the news that the seperatists had shot down *another* Ukrainian plane - only to pull it without any notice, update or trace whatsoever on the RT site once they found out that it was a civilian plane and that the official story was going to be to pin it on the Ukrainians.
Russia Today does not follow common practices for journalism designed to keep media outlets accountable. And Russia Today and Russian controlled media has lost every bit of trust.
Western media are not controlled by governments. Russian media are. Western governments do not crack down on dissidents and bloggers. Russian government does.
Which leads be to the reason for posting this:
Fascism
- is a genus of political ideology whose mythic core in its various permutations is a palingenetic form of populist ultranationalism - is a form of political behavior marked by obsessive preoccupation with community decline, humiliation, or victimhood and by compensatory cults of unity, energy, and purity - abandons democratic liberties and pursues with redemptive violence and without ethical or legal restraints goals of internal cleansing and external expansion
All of the above fits Russia. Not Ukraine. I don't know if Putin is a fascist himself (I suspect so), but he is playing the ultranationalism card, he talk about Russia being humiliated and threatens nuclear retaliation, he talks about Russian superiority, he claims right to invade any country who (in his mind) humiliates russian citizens or ethnic/russian speaking minorities, he pursues dissidents of his regime and he disregards treaties and expands territory and annexes weaker states (see Georgia, Ossetia, Ukraine/Crimea).
Russia is now engulfed in neo-fascism, Russians taking pride in their new "superiority" and getting back at the world for laughing at them for so many years.
This time around there is no excuse for not knowing the truth. Last time you could claim you did not know because you were lied to. This time you have to actively put the fingers in your ears and shout LALALALA. And that's what you do.
You have shown once again that you will fall for a leader who promises to bully the world, steal and loot, break treaties, threaten nuclear strikes, lie and cheat and play fast and loose the peace of lives of people. For that you deserve despise.
We may not laugh at you any more. But we will never trust you again. You make me sick.
Please, get the CNN polls and stuff them deep into your rectum. They are worth just that.
Please, take your astroturfing videos and stuff them deep in your rectum. They are worth just that. "Protests" like that are easy stage and - just like the "humanitarian" cargo convoy, the TV images has nothing to do with reality.
In polarized times you cannot trust any source, LEAST of all anecdotal "evidence" from activists on the street. Those not fired up by russian nationalism and russian superiority stay at home.
That's why you should go back to times with lesser polarization. That's why you can stuff your videos.
And you have the gall to talk about propaganda? The russian media has relentlessly described the Ukrainian government as fascists. You know what a fascist is? It is someone who believe he has more right than you because he is stronger. The fascists here are the russians threatening with nuclear conflict, invading and annexing sovereign states to "protect russian people". Yes - that's what happend in Georgia and Ossetia.
I always try to keep it calm when i post on/. But you telling others to stuff opinions up their rectum is genuinely offensive! You are a jerk! There, i said it.
3 times this year MS has bricked my system with updates. I run a stock install from HP - the only software on the PC is Firefox, LO, Steam, and ARC. All 3 times it's corrupted my system hive. The first time I ended up re-installing, the last 2 times I've just replaced the hive.
There has not been a single update that corrupted the system hive. Never. Ever.
The system hive integrity is backed by multiple mechanisms. Firstly, Windows keeps 2 copies. Secondly, updates to the hive is protected by NTFS journaling. Thirdly, system hives are protected by system protection (on by default) which keeps previous versions using shadow copy service.
If your system hive has been corrupted you have serious hardware issues.
Last Black Tuesday fucked up a lot of users of New modern great Windows systems
Less than 0.01% of Windows users. That may be "a lot of users" in absolute terms - but it is certainly not the big failure you (and Infoworld - the tabloid of tech) make it out to be.
Did MS do a proper jon when testing the updates? no. Did they fail massively? no.
Fedora can patch and dynamically replace the running kernel without a reboot.
BS. Fedora uses RPM, which is even worse at ensuring that patches become effective.
You are deluding yourself and confusing the fact that you are not instructed to reboot with reboot is not needed. Your complacency means that you processes lingers on in their vulnerable state. Fedora does not use ksplice (Oracle owns that now) and ksplice does depend on the patches being specifically prepared, anyway.
Not all patches require system reboot (same as on Windows). But patches that affect e.g. running network daemons do require a restart to become effective. I hope you are not responsible for administering production systems!
Ubuntu is just one distro of linux, if it is not doing what you want then try the others.
Oh - the universal answer: You are using the wrong distro. Love it. Deflect, avoid, goalposts shifting.
However, in this case (talking about Munich, remember?) they were using Ubuntu as base for Limux.
I still regularly get "need to upgrade reboots" on my Windows machine. It's atleast once a month and always seems to pop up when I'm playing a game of LoL or CS:Go.
Yes, I use my Windows as a Wintendo. Got a problem with that?
And I suppose that Linux is better?
Just this past month I can count several Linux vulnerabilities, the patch for which requires a reboot:
The security notices also includes a number of patches to library files. Under Linux you can replace (patch) a file even if it is loaded in a current process. However, the patches file will not take effect until said process has been restarted.
As far as I know, under Linux there is no automated process for this. Linux will not be able to patch an open LibreOffice Writer application if one of the libraries it uses are being patched. Writer will happily continue running unpatched.
Worse, you will not get a warning, and the running processes may have already loaded some libraries before the patch, and load a version of a library that is incompatible with the running process *after* the patch, simply because the OS/processes are not aware of patches. This leads to application crashes. I regularly experience crashes when I use LO on Ubuntu. Granted, I have Ubuntu installed as a VM and use it rarely, but that also means that there's typically *a lot* of patches waiting for me when I spin up the VM. Linux seems to handle patching libraries poorly and I am not aware of any system mechanism that tries to mitigate this problem.
Under Windows you have the Restart Manager. When a process load a DLL, it also locks the DLL file because it may just discard the memory where it is loaded, expecting to be able to load the exact same image later. Applications (such as Office) registers with the Restart Manager. If the Windows Updater needs to replace a locked DLL file, it looks to see if the processes that locks the DLL are all registered with the RM. If so, it can ask the registered application for their "state", restart the processes and inject the state into the processes when they come back up and registers with the RM. The RM also watches the locked files, and if the last lock that prevents a patch set (multiple files that should be replaced as part of an atomic transaction) is being released, the RM can kick of the file replace operation. This latter part is the reason why sometimes the "need to restart the system" badge disappears without a system restart.
The bottom line: Linux needs restarts/reboots just as Windows does. Sometimes you are deceived to believe that it has fewer restarts because Linux cannot by itself figure out that you *do* need to restart a process or the system. But that's actually worse because it leads to crashes.
How does getting onto the VPN equate to accessing the secret stuff? Isn't there another layer of security?
The Heartbleed bug is an extremely serious information disclosure bug.
Via a simple attack the attackers can read the memory of the VPN appliance which holds the latest SSL keys, passwords, usernames, you name it. The attackers could potentially also have been able to read session identifiers and thus potentially bypass 2-factor auth even if it was in place.
Heartbleed will go over in the history as the most expensive bug of all times. It already is, and we have not seen the last of the consequences.
MSFT is relocating regional headquarters and Munich is a front runner. Lots of potential tax revenue, both directly from MSFT and indirectly from the employees and spin off economic activity.
Selection of Munich would undoubtedly be contingent on the city migrating back. I dont believe any outright bribing was involved or required.
Two problems with your conspiracy theory:
1) The decision to move the HQ was made almost a year ago. Whether or not Munich converts back will not change the plans. 2) The HQ is already in the Munich area. The new HQ will be located apx 15 kilometers to the south of the current one.
All fastboot does is skip a few bios checks (eg: fast memory scan instead of full). It will not effect anything else, unless you have a hardware fault which can be detected at BIOS post.
Wrong. Fastboot hibernates the kernel but not the userland processes. It depends on drivers being capable of quickly re-initializing hw devices, but what it does is it brings up the kernel from a hibernated image and skips most of the usual hardware detection and device initialization.
Rule number 1 = Dont use system restore Rule number 2 = Dont use system restore Rule number 3 = Google "Stop 0x0000000e" error code on your BSOD. Rule number 4 = Remember the last thing you did before the BSOD started happening, reverse the process. Job fixed.
Really, really stupid advice. System restore has N previous versions of your driver setup. You can reliably go back in time for the operating system but retain any changes to user files. It is stupid to NOT use system restore. Whenever you install a new driver, the system *will* retain the old files, registry settings etc as shadow copies. It is a well-tested and stable way to go back in time with your os.
"If you do not have media, you should use the power button to restart your computer during the startup process three times. This should start the Windows Recovery Environment. "
Oh yeah, THAT's gotta be good for the hardware. Definite improvement over F8. Thanks Microsoft...
It is actually quite clever: If the system barks 3 times in a row when trying to start, the operating system *should* infer that something is preventing an orderly startup. In that case, dropping into the recovery console is a perfectly good choice.
NTFS has volume shadow copy on by default for the system drive. It records changes to the *system* (Windows/** and Program Files/**) and lets you roll back those changes without rolling back any user/data files.
So even if you f***** up so royally as to make the system unbootable (e.g. a bad disk driver), the system will boot into the recovery console with a minimal number of known "basic" drivers.
Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made.
The big problem with Java is that it requires quite a bit of C "glue" code to interface with the underlying operating system. The glue code necessary is often quite complex too, since it has to contend with issues such as the VM rearranging objects (thus glue need to "pin" the objects), garbage collection using a mark-and-sweep (thus the glue code need to make sure objects do not "dissapear" during the call), strange memory layout, multithreading/cpu cache issues etc, etc.
So while from the Java developer things may look simple, copious amount of complex glue code is need with all the traditional opportunities for security bugs.
There are probably more explanations than how the language runtime integrates with the OS, but the comparable.NET Framework seems to fare *a lot* better
Then there's the opposite that was born stupid, things like Active-X from MS that were such a stupid idea that a librarian (not a programmer) was telling me how stupid it was before launch.
ActiveX controls on the web was a stupid idea. Faced with the threat of Java applets, Microsoft decided to take a sound (and efficient) binary standard from the OS and put it on the web. The big problem with ActiveX is that from the OS perspective (at least until Windows 7) it is but binary code executing under the user account.
Imagine a system where you do not have sufficient control over what a process can do (because it is binary code executing directly against the OS), so instead you try to limit who can use what binary code - and under which circumstances. But once the code executes it acts as part of the host process. That actually works until some sneaks in malicious binary code, or - more likely - someone finds a memory corruption bug or finds a way to use the binary code in ways not intended by the developer.
That is putting a lot of trust in 3rd party developers, trusting that they do not have malicious intent and that they are actually competent and that proper quality assurance processes are in place. That turned out to be a stupid thing to trust (contrary to popular belief there has been precious few vulnerabilities in the ActiveX implementation itself - it was always the ActiveX controls -mostly 3rd party - that had vulnerabilities).
However, the idea behind whitelisting ActiveX controls was not new. It had been tried before (albeit not on the 'net), with similar results in terms of vulnerabilities, exploits and system compromises. To this day SUID/setuid is the most stupid intentional security weakness in the *nix security model, simply because - like with ActiveX - the permission structure is otherwise not capable of meeting simple, legitimate requirements.
Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way
I believe you may be confusing something here. When there is a vulnerability where a jpeg can "execute arbitrary code" it is *not* intentional. It is usually down to a memory corruption bug (such as buffer overflow), i.e. it is *unintentional*. I don't believe MS has made any image format with intentional capability to execute arbitrary code. If you have information to the contrary, then please cite source.
If you are insinuating that it is only MS who can make mistakes in image processing code, you should tread carefully. Compared to the typical open source libraries (libxml, libtiff, libpng et al) MS has had precious *few* vulnerabilities.
The answer as always is to learn from the lessons of the past instead of throwing together a pile of bits that look software shaped and rushing it out the door.
Slashdot Mirror
but the fact remains... Windows/Microsoft has been playing catch-up in security where Linux has been leading over the last decade.
So where are those facts?
Because they way I look at it there has been several embarrasing, high-profile successful attacks on Linux servers over the past few years:
Debian server compromised: http://www.zdnet.com/debian-se...
Ubuntu servers compromised: http://www.theregister.co.uk/2...
kernel.org compromised: http://lwn.net/Articles/457142... (we're still waiting for the post morten on that)
linuxfoundation.org and linux.com compromised: http://thehackernews.com/2011/...
red hat and fedora servers compromised: http://www.cnet.com/news/red-h...
(and we do not even mention the OpenSSL fiasco)
So where are the widespread Windows Server compromises?
It was not a virus, it was an exploit of server software that was unpatched.
And the privilege escalation?
If you notice, this doesn't effect desktop Linux users. Only servers.
Great. Nothing to worry about then. And here I was concerned that somebody would build a botnet of powerful, high-bandwidth computers. Silly me.
Wasn't Internet Explorer so tied into early windows versions that it was considered part of the OS itself since mare mortals couldn't just uninstall it till a few years ago?
No.
The OS and Internet Explorer shared (and I believe still does) rendering components. Which means that some of the control panel views especially in XP was rendered using the Trident rendering engine - not IE. IE *also* used the Trident rendering engine.
There is also a difference between the kernel and the core OS. Components can belong to what is considered the core OS (with the GUI rendering parts) without being executed in kernel space.
But it makes great FUD.
Let me see, last time I loaded Windows 8 pro, there was a raft of services turned on for me by default.
Windows 8, Windows 7 and even Windows Vista comes up and asks you if you *want* to turn on services. If you answer no, it will not have any network ports listening. Get it yet? That's the *desktop user* targeted operating systems.
Windows Server comes by default with NO network services turned on by default, and NO listening ports. Get it yet?
Linux *desktop user* targeted distros do turn on network services. Get it yet?
Yes the distribution may turn on some services
Yes, indeed. Get it yet?
Linux distributions targeted at "servers" generally come w/o any services even installed by default.
Yes. Just like the Windows Server versions. Get it?
If you go to "desktop" installs, where Windows 8 Pro lives, Linux comes out of the normal distribution much more locked down and secure
Nope. Linux lacks many, many of the security features in Windows 8. In distros using apparmor it only protects some of the daemons. Windows 8 comes with Mandatory Integrity Control built-in sandboxing.
Windows 8 supports multiple (and simultaneous) network firewall profiles which are automatically selected based on where you are: On a corporate network SMB services may be available, on a public network without a trusted domain controller it selects the public (locked down) profile. Linux does not.
I still cannot believe that the DEFAULT behavior of a Windows box is to have the main user be an Administrator
Good you do not believe it, because it is false. This is one of the hardest things for Linux fanatics to understand: Windows has tokens and with UAC even if you do log in with an account with administrative rights, the token will not have administrative rights. This means that the processes started by the shell will not have administrative rights. Get it yet?
Linux is not like this, and most desktop distributions today don't allow you to login as root.
No, but they do allow you to elevate to root as effective user - using sudo or other SUID utilities, which is a blatant violating of one of the most fundamental security principles: Least privilege.
In Linux you elevate to the highest, unrestricted and all-powerfull user just to change your own password??? Have you any idea how f* up that is?
Get it yet?
Yes, but there is a logical reason for this.
Linux and Windows approach security in totally different ways. When you load a Linux kernel, it's secure, it starts that way. When you load windows, it's NOT secure, you have to load other stuff to make it secure.
Sorry, but that is BS. When you load Linux it comes up with a security model through which there has already (by design) been punched a big hole: SUID. When you load Windows it comes up with a security model which has no need for such a massive hole. Countless otherwise benign bug has been turned into total system compromise bugs because of SUID.
Under Windows, all kernel objects types are securable with security descriptors. Linux was designed with only file system permissions. Processes did not have security descriptors, and such objects need to be mapped to files and filepermissions used to (inadequately) describe access permissions.
Windows services run in a separate session - interprocess communication is severely restricted. A process in another session cannot break through to e.g. the desktop, i.e. a daemon/background service cannot interact with the desktop. There is no such isolation in Linux unless you run SELinux. In Windows it is the default.
Most Windows services run under service hardening. Even custom sites you set up will by default run under service hardening. Under service hardening an ad-hoc identity is implicitly created for the service/website and this identity has no permissions whatsoever by default. It has to be granted any access permission it needs. You'd have to run SELinux or apparmor with a significant amount of configuration to achieve the same level of isolation under Linux. Under Windows it is default and straightforward.
Windows has mandatory DEP, much stronger ASLR, stack and heap encryption/checksumming and several other mitigation technologies not found in Linux. On by default.
Windows boxes? They come out of the install process wide open with a whole raft of dangerous services turned on. Not to mention they are starting from the security posture of Windows 3.1
What century do you live in? Since Windows Server 2008 (!) only the minimal set of services are turned on, and *no* network facing services until you configure them.
That's over half of Microsoft's existence that they spent building the perfect opposite of a server. Linux was built to be like Unix, which was designed and built as a server from day one. Not surprisingly, Linux is good at what it was made for (network computing) and Windows is good at what it was designed to do - user-friendly local desktop work.
Sorry, but this is BS. At best it is true for the Win 9x strain of Windows. Windows NT was a clean implementation of a new operating system with the Win32 API reimplemented to support backwards compatibility with Win9x.
Windows NT was built as a network OS from the start, whereas Unix (and Linux) was built as a multiuser OS. The difference is evident when you look at how e.g. a user account has been represented: In Windows a user (or group) account always includes the authority responsible for the account.
In Unix/Linux there is no such concept: users and groups are identified by integers and are implicitly users of the local machine.
Windows user accounts are global in nature: Every time you has a reference to a user, you have the reference to the authority as well. Unix/Linux user accounts needs to be mapped using all kinds of strange tricks especially on networked resources, because it was never perceived in the original design that you other machines would work with the local machine trough a trust relationship.
This is actually why the biggest reason to go with Windows servers is Active Directory: It was trivial to integrate the established user/account regime with something like AD, since AD simply became an "authority" - for which Windows NT already had support. Unix at the time had to resort to strange quirks such as NIS domains.
In general, it has *always* been a pain to share user accounts across Unix/Linux systems, while on Windows you could set up an AD (or a domain before AD), and software did not have to be rewritten just to pass credentials from machine to machine.
After the nice Windows desktop, Microsoft invested a billion dollars developing and deploying a technology called COM. The basic idea of COM was that you could embed documents from one program inside documents from another program, and that did cool things.
You don't know what COM is. What you are referring to here is called OLE - Object Linking and Embedding. OLE is/was built on top of COM - but COM was *never* about being able to embed objects.
COM is a language-neutral binary object model, which ensures that the system has a common object model where objects can be consumed regardless of what language was used to develop them. It is still very much at the core of Windows, mainly because it is so efficient (being a binary standard it has extremely little overhead - especially for in-proc objects).
Ukraine was part of what happened in Hungary so why are you blaming only Russia? Ukraine was as much a core of the USSR as Russia was back then.
I am old enough to have lived through the cold war. We often referred to USSR (and even the Warsaw Pact) as "Russia" - using the names interchangeably - because it appeared to be one and the same. Of course, that was grossly ignorant and disrespectful to the other republics and states.
However, it now appears as it it wasn't so far off the mark anyway. The former "allies" of the Warsaw Pach - especially Poland - have wasted no time warning about the real intentions of Russia. And they should know - having lived almost 50 years in the shadows of what was effectively the continuation of the Russian Empire.
Talk to Estonia and the other Baltic states as well. They had a big hurry getting into NATO once they wrested themselves free from the "Russian federation". Little love was lost for their old big "ally" in the east.
What has emerged is an image of Russia consistently bullying their neighbor states, forcing them into becoming "friends", Russian domination of local people, even when russians were in the minority (they could always call on big brother). That was how the USSR and the Warsaw block was held together, and also why - when it finally broke - disrupted so astonishingly(!) fast.
This is nothing but Russia rising again after having licked its wounds for a couple of decades. And Russia (and I regretfully have to accept - the Russian people) have not changed in their aspirations.
What we see is pure 1920-1930 style fascism where a powerful nation prepares the population for conquests of weaker states by building a narrative of being "victims" while their true destiny is to be masters, hence they must strike back.
During the Kursk accident I was shocked by how many russians believed the propaganda and dangerous(!) allegations coming out of the Navy that a NATO submarine/torpedo had sunk Kursk. I thought: "Shouldn't they know better by now?".
During the illegal occupation of Crimea by the "green men", Putin claimed that they were just concerned citizens taking protecting their families by organizing self-defense against a perceived enemy.
We now know that Putin was lying. He even admitted as much. The occupation was set in motion from Russia, and the green men was regular Russian troops.
But what got the best of me was that Russians were never outraged by this blatant and dangerous violation of international laws and treaties. They applauded it!
And now it repeats, and we have russians here claiming the same thing as during the Crimea occupation.
When the MH17 was shot down, the rebels first believed they had shot down a Ukrainian plane. And they bragged about it on Twitter and Facebook. The news that the separatists had downed another Ukrainian plane even reached ITAR-TASS and Russia Today, where many Russians must have read it. When it became clear that it was civilian the news disappeared without a trace, without notice and without explanation.
The Russians who followed that initial news and how it was transformed into allegations against Ukraine, why didn't they stop and wonder. It is staring the Russian public in the face, and they refuse to acknowledge it. I blame them for that. I blame all Russians for that.
I have lost all respect for Russians. There may be good Russians, but from now on they will have to prove that they are not lying scumbags before I want to have anything to do with them. Sorry, but that is how it is.
2. Hello! This is Russia - which, in case you hadn't noticed, is different from the USSR.
Which is just another lie. You are the same.
Yes, Russia is smaller than USSR - but it seems you have a plan to remedy that.
And that is why you have lost all credibility. We cannot trust anything you say.
Oh, and they also scream: "Hang Russians on tree branches" (at 0:25). Just to show how Ukraine develops deep mutual appreciation and tolerance in a multi-cultural society from the very young age.
Page one in facism manual: We are the victims.
Page two: Tell the lie again and again: We are the victims, We are the victims, We are the victims.
Dear Russian: We cannot trust you. You have some serious cleaning up to do after Putin. Until you demonstrate that you have left the nationalism and dream of the Russian Empire behind, you cannot be trusted in a modern world. These few months - whatever way it turns out - will cast shadows for 15-20 years in the future.
After the Berlin Wall came down, we had hopes that the militarism and expansionism of past was due to an anti-democratic leadership run amok. We now know that it is a trait of the Russian people, not just the leadership. The fact that you so willingly let history repeat itself is a wake-up call for most of us.
We wanted to believe that you were genuinely interesting in peaceful coexistence with respect for other people. Your former "allies" in Poland, Latvia, Lithuania, Estonia, Czech Republic and Slovakia warned us about you. It is interesting how practically *all* of your former "allies" want's to have NO business with you. We should have listened to them.
This has shown the world the true Russia. Be prepared for a future where everything Russia tries to achieve will be viewed with suspicion.
It is not a question about whether we like you or not. It is much more severe: We do not trust you. You have proved for the World that you cannot be trusted.
If the separatists have the support of the majority of the local people, why would we oppose them?
Oh, you mean like when Chechnya declared independence from Russia and was granted it because the locals overwhelmingly supported it. Oh wait - how come they are still part of Russia?
They were NOT staged.
Yes they WERE staged.
Do you even understand Russian or are you simply parroting the shit that the mass media blindly copies from Ukrainian media?
So, one has to speak russian to understand this conflict? Really?
I have been trying to follow the conflict reporting from both mainstream media as well as from Russia Today. The twists from RT is really mindblowing. They even broke the news that the seperatists had shot down *another* Ukrainian plane - only to pull it without any notice, update or trace whatsoever on the RT site once they found out that it was a civilian plane and that the official story was going to be to pin it on the Ukrainians.
Russia Today does not follow common practices for journalism designed to keep media outlets accountable. And Russia Today and Russian controlled media has lost every bit of trust.
Western media are not controlled by governments. Russian media are. Western governments do not crack down on dissidents and bloggers. Russian government does.
Which leads be to the reason for posting this:
Fascism
- is a genus of political ideology whose mythic core in its various permutations is a palingenetic form of populist ultranationalism
- is a form of political behavior marked by obsessive preoccupation with community decline, humiliation, or victimhood and by compensatory cults of unity, energy, and purity
- abandons democratic liberties and pursues with redemptive violence and without ethical or legal restraints goals of internal cleansing and external expansion
All of the above fits Russia. Not Ukraine. I don't know if Putin is a fascist himself (I suspect so), but he is playing the ultranationalism card, he talk about Russia being humiliated and threatens nuclear retaliation, he talks about Russian superiority, he claims right to invade any country who (in his mind) humiliates russian citizens or ethnic/russian speaking minorities, he pursues dissidents of his regime and he disregards treaties and expands territory and annexes weaker states (see Georgia, Ossetia, Ukraine/Crimea).
Russia is now engulfed in neo-fascism, Russians taking pride in their new "superiority" and getting back at the world for laughing at them for so many years.
This time around there is no excuse for not knowing the truth. Last time you could claim you did not know because you were lied to. This time you have to actively put the fingers in your ears and shout LALALALA. And that's what you do.
You have shown once again that you will fall for a leader who promises to bully the world, steal and loot, break treaties, threaten nuclear strikes, lie and cheat and play fast and loose the peace of lives of people. For that you deserve despise.
We may not laugh at you any more. But we will never trust you again. You make me sick.
Please, get the CNN polls and stuff them deep into your rectum. They are worth just that.
Please, take your astroturfing videos and stuff them deep in your rectum. They are worth just that. "Protests" like that are easy stage and - just like the "humanitarian" cargo convoy, the TV images has nothing to do with reality.
In polarized times you cannot trust any source, LEAST of all anecdotal "evidence" from activists on the street. Those not fired up by russian nationalism and russian superiority stay at home.
That's why you should go back to times with lesser polarization. That's why you can stuff your videos.
And you have the gall to talk about propaganda? The russian media has relentlessly described the Ukrainian government as fascists. You know what a fascist is? It is someone who believe he has more right than you because he is stronger. The fascists here are the russians threatening with nuclear conflict, invading and annexing sovereign states to "protect russian people". Yes - that's what happend in Georgia and Ossetia.
I always try to keep it calm when i post on /. But you telling others to stuff opinions up their rectum is genuinely offensive! You are a jerk! There, i said it.
Perhaps you should give it 3 secs investigation before you shout off.
3 secs should be just enough to click the "more information" link.
https://www.flickr.com/photos/...
3 times this year MS has bricked my system with updates. I run a stock install from HP - the only software on the PC is Firefox, LO, Steam, and ARC. All 3 times it's corrupted my system hive. The first time I ended up re-installing, the last 2 times I've just replaced the hive.
There has not been a single update that corrupted the system hive. Never. Ever.
The system hive integrity is backed by multiple mechanisms. Firstly, Windows keeps 2 copies. Secondly, updates to the hive is protected by NTFS journaling. Thirdly, system hives are protected by system protection (on by default) which keeps previous versions using shadow copy service.
If your system hive has been corrupted you have serious hardware issues.
Haven't been paying attention lately have ya?
Last Black Tuesday fucked up a lot of users of New modern great Windows systems
Less than 0.01% of Windows users. That may be "a lot of users" in absolute terms - but it is certainly not the big failure you (and Infoworld - the tabloid of tech) make it out to be.
Did MS do a proper jon when testing the updates? no. Did they fail massively? no.
Wow, Ubuntu is behind the times.
Fedora can patch and dynamically replace the running kernel without a reboot.
BS. Fedora uses RPM, which is even worse at ensuring that patches become effective.
You are deluding yourself and confusing the fact that you are not instructed to reboot with reboot is not needed. Your complacency means that you processes lingers on in their vulnerable state. Fedora does not use ksplice (Oracle owns that now) and ksplice does depend on the patches being specifically prepared, anyway.
Not all patches require system reboot (same as on Windows). But patches that affect e.g. running network daemons do require a restart to become effective. I hope you are not responsible for administering production systems!
Ubuntu is just one distro of linux, if it is not doing what you want then try the others.
Oh - the universal answer: You are using the wrong distro. Love it. Deflect, avoid, goalposts shifting.
However, in this case (talking about Munich, remember?) they were using Ubuntu as base for Limux.
I still regularly get "need to upgrade reboots" on my Windows machine. It's atleast once a month and always seems to pop up when I'm playing a game of LoL or CS:Go.
Yes, I use my Windows as a Wintendo. Got a problem with that?
And I suppose that Linux is better?
Just this past month I can count several Linux vulnerabilities, the patch for which requires a reboot:
http://www.ubuntu.com/usn/usn-...
After a standard system update you need to reboot your computer to make
all the necessary changes.
The same goes for all of these:
http://www.ubuntu.com/usn/usn-..., http://www.ubuntu.com/usn/usn-..., http://www.ubuntu.com/usn/usn-..., http://www.ubuntu.com/usn/usn-..., http://www.ubuntu.com/usn/usn-...
For this one you have to restart your Unity session:
http://www.ubuntu.com/usn/usn-...
The security notices also includes a number of patches to library files. Under Linux you can replace (patch) a file even if it is loaded in a current process. However, the patches file will not take effect until said process has been restarted.
As far as I know, under Linux there is no automated process for this. Linux will not be able to patch an open LibreOffice Writer application if one of the libraries it uses are being patched. Writer will happily continue running unpatched.
Worse, you will not get a warning, and the running processes may have already loaded some libraries before the patch, and load a version of a library that is incompatible with the running process *after* the patch, simply because the OS/processes are not aware of patches. This leads to application crashes. I regularly experience crashes when I use LO on Ubuntu. Granted, I have Ubuntu installed as a VM and use it rarely, but that also means that there's typically *a lot* of patches waiting for me when I spin up the VM. Linux seems to handle patching libraries poorly and I am not aware of any system mechanism that tries to mitigate this problem.
Under Windows you have the Restart Manager. When a process load a DLL, it also locks the DLL file because it may just discard the memory where it is loaded, expecting to be able to load the exact same image later. Applications (such as Office) registers with the Restart Manager. If the Windows Updater needs to replace a locked DLL file, it looks to see if the processes that locks the DLL are all registered with the RM. If so, it can ask the registered application for their "state", restart the processes and inject the state into the processes when they come back up and registers with the RM. The RM also watches the locked files, and if the last lock that prevents a patch set (multiple files that should be replaced as part of an atomic transaction) is being released, the RM can kick of the file replace operation. This latter part is the reason why sometimes the "need to restart the system" badge disappears without a system restart.
The bottom line: Linux needs restarts/reboots just as Windows does. Sometimes you are deceived to believe that it has fewer restarts because Linux cannot by itself figure out that you *do* need to restart a process or the system. But that's actually worse because it leads to crashes.
How does getting onto the VPN equate to accessing the secret stuff? Isn't there another layer of security?
The Heartbleed bug is an extremely serious information disclosure bug.
Via a simple attack the attackers can read the memory of the VPN appliance which holds the latest SSL keys, passwords, usernames, you name it. The attackers could potentially also have been able to read session identifiers and thus potentially bypass 2-factor auth even if it was in place.
Heartbleed will go over in the history as the most expensive bug of all times. It already is, and we have not seen the last of the consequences.
MSFT is relocating regional headquarters and Munich is a front runner. Lots of potential tax revenue, both directly from MSFT and indirectly from the employees and spin off economic activity.
Selection of Munich would undoubtedly be contingent on the city migrating back. I dont believe any outright bribing was involved or required.
Two problems with your conspiracy theory:
1) The decision to move the HQ was made almost a year ago. Whether or not Munich converts back will not change the plans.
2) The HQ is already in the Munich area. The new HQ will be located apx 15 kilometers to the south of the current one.
Nice try, though.
All fastboot does is skip a few bios checks (eg: fast memory scan instead of full). It will not effect anything else, unless you have a hardware fault which can be detected at BIOS post.
Wrong. Fastboot hibernates the kernel but not the userland processes. It depends on drivers being capable of quickly re-initializing hw devices, but what it does is it brings up the kernel from a hibernated image and skips most of the usual hardware detection and device initialization.
Rule number 1 = Dont use system restore
Rule number 2 = Dont use system restore
Rule number 3 = Google "Stop 0x0000000e" error code on your BSOD.
Rule number 4 = Remember the last thing you did before the BSOD started happening, reverse the process. Job fixed.
Really, really stupid advice. System restore has N previous versions of your driver setup. You can reliably go back in time for the operating system but retain any changes to user files. It is stupid to NOT use system restore. Whenever you install a new driver, the system *will* retain the old files, registry settings etc as shadow copies. It is a well-tested and stable way to go back in time with your os.
"If you do not have media, you should use the power button to restart your computer during the startup process three times. This should start the Windows Recovery Environment. "
Oh yeah, THAT's gotta be good for the hardware. Definite improvement over F8. Thanks Microsoft...
It is actually quite clever: If the system barks 3 times in a row when trying to start, the operating system *should* infer that something is preventing an orderly startup. In that case, dropping into the recovery console is a perfectly good choice.
NTFS has volume shadow copy on by default for the system drive. It records changes to the *system* (Windows/** and Program Files/**) and lets you roll back those changes without rolling back any user/data files.
So even if you f***** up so royally as to make the system unbootable (e.g. a bad disk driver), the system will boot into the recovery console with a minimal number of known "basic" drivers.
Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made.
The big problem with Java is that it requires quite a bit of C "glue" code to interface with the underlying operating system. The glue code necessary is often quite complex too, since it has to contend with issues such as the VM rearranging objects (thus glue need to "pin" the objects), garbage collection using a mark-and-sweep (thus the glue code need to make sure objects do not "dissapear" during the call), strange memory layout, multithreading/cpu cache issues etc, etc.
So while from the Java developer things may look simple, copious amount of complex glue code is need with all the traditional opportunities for security bugs.
There are probably more explanations than how the language runtime integrates with the OS, but the comparable .NET Framework seems to fare *a lot* better
Then there's the opposite that was born stupid, things like Active-X from MS that were such a stupid idea that a librarian (not a programmer) was telling me how stupid it was before launch.
ActiveX controls on the web was a stupid idea. Faced with the threat of Java applets, Microsoft decided to take a sound (and efficient) binary standard from the OS and put it on the web. The big problem with ActiveX is that from the OS perspective (at least until Windows 7) it is but binary code executing under the user account.
Imagine a system where you do not have sufficient control over what a process can do (because it is binary code executing directly against the OS), so instead you try to limit who can use what binary code - and under which circumstances. But once the code executes it acts as part of the host process. That actually works until some sneaks in malicious binary code, or - more likely - someone finds a memory corruption bug or finds a way to use the binary code in ways not intended by the developer.
That is putting a lot of trust in 3rd party developers, trusting that they do not have malicious intent and that they are actually competent and that proper quality assurance processes are in place. That turned out to be a stupid thing to trust (contrary to popular belief there has been precious few vulnerabilities in the ActiveX implementation itself - it was always the ActiveX controls -mostly 3rd party - that had vulnerabilities).
However, the idea behind whitelisting ActiveX controls was not new. It had been tried before (albeit not on the 'net), with similar results in terms of vulnerabilities, exploits and system compromises. To this day SUID/setuid is the most stupid intentional security weakness in the *nix security model, simply because - like with ActiveX - the permission structure is otherwise not capable of meeting simple, legitimate requirements.
Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way
I believe you may be confusing something here. When there is a vulnerability where a jpeg can "execute arbitrary code" it is *not* intentional. It is usually down to a memory corruption bug (such as buffer overflow), i.e. it is *unintentional*. I don't believe MS has made any image format with intentional capability to execute arbitrary code. If you have information to the contrary, then please cite source.
If you are insinuating that it is only MS who can make mistakes in image processing code, you should tread carefully. Compared to the typical open source libraries (libxml, libtiff, libpng et al) MS has had precious *few* vulnerabilities.
The answer as always is to learn from the lessons of the past instead of throwing together a pile of bits that look software shaped and rushing it out the door.
Yes. But if you want to learn the ri
Updates Win 8.1 x64 all patches. No problems.