Dunno if you can pull it off in 15 minutes... but asking them off the bat how they use their computer is always a good start. Usually "well, I surf the web and send email..." is good. Gamers are out. Granmas are usually in (and will normally benefit the most from moving off Windows).
It's funny that you say grandmas are usually in -- that's my experience exactly. I recently introduced my mom to Ubuntu, and once I had set up the desktop to have her Free Cell, Mahjong, Word (OO.o Writer), and Internet (Firefox) icons, she hardly knew the difference, except that the updates happened automatically without EULA popups and reboot requeusts. On the other hand, I didn't expect her to install it. As easy to install as Ubuntu is, it didn't pick the right default screen resolution, and she wouldn't have even known it was changable. But then she didn't install Windows, either.
Will the swap be encrypted so taking away the stick can't reveal confidential data? No.
Yes. See cryptoloop.
Will taking the swap out in the middle of the OS running lock it up? Yes.
Wait, are you saying that you can just rip out the USB stick and nothing bad will happen? That doesn't make any sense. Otherwise, see swapoff(8).
Could this just be accomplished by setting up a swap on a RAID-1 across a HD partition and a partition on the USB stick? If one of the two disappeared, the mirror would be used. There's no reason this couldn't be combined with encryption, as you mentioned. When plugged in, it could be sync'd with the mirror, when removed, life would go on. (I have not, of course, tried to set this up.)
Will the OS benchmark the Flash for you and determine which pieces of data are best stored there and which not for best performance? No.
Aha, finally an interesting feature. I don't believe that Linux or any of the *BSDs can handle different tiers/priorities of swap space. But benchmarking? A USB2 flash drive is a USB2 flash drive is a USB2 flash drive. There's no great difference there, unless something is broken.
Well, swapon does take a "priority" value, and the swapon man page describes it, but I can't pretend I understand how it really works. No benchmarking of the media, though, so I guess that would be the unique part.
Company Vice Chairman Robert Lutz said in a statement that more than half of Americans live less than 20 miles from their workplace.
Is this actually true? I would like to ask Mr. Lutz for a cite or three to back this assertion.
The US DOT seems to say the average commute in the US is about 12 miles. Of course, since this is statistics, even if I understood correctly what they said the average is (i.e. the mean), that isn't really an answer to the question. Sorry, best I got.:)
I've seen a few of these homebrew water cooler projects, and they always make me curious. I see this guy is using some pretty hefty pipes / hoses for the water -- how much flow is actually required? I would think that with water being so much better at storing heat, you could get away with something pretty small, so long as you kept a continuous flow through the system. Can anyone more qualified give a "back of the envelope" guess for how much water flow (assuming it arrives at or very near room temperature) you'd really need to keep your CPU / GPU cool?
I just have this "gut feel" that you could get away with something more reasonably sized.
They have been getting around this by loading either Redhat or a version of DOS. The demand has not been very high though.
Of course the demand is low... I'm sure that a large number of their customers don't even know what an OS is or does, and even if some do know, and intend to use Linux, it's HARD to find them on their site. Go and search for linux, you won't find a lot of hits (except maybe on the printers), the four computers you do find are on Dell Small Business (that discourages people who think they need to prove they're some kind of business), and most of them are fairly expensive. What most people will NEVER find is that in fact, you can buy relatively cheap PCs from them without Windows, but you need to trick their website into showing them to you.
Here's an example: The Dell "N Series". That's their line of PCs for "open source" -- sold without an OS. Search for "N Series" on their website. Can't find it. You'll have to ask Google. How about one of the models in that series, like the E521n? It can't be found. Now, search Dell's site for the "normal" version, the E521 with Windows mandatory, and sure enough, that they know. But, the E521n is indeed available. They just hide it.
For the curious, the difference in cost is about $30 if configured the same except for OS.
So, saying that the "demand has not been very high" is like saying that I received very few inquiries on the 1 pound bar of gold I was offering for $10 last month, when the only place I posted the notice of the sale was on the inside of my furnace cover, accessible behind 2 bolts, in the furnace room of my basement. Of COURSE demand was low. They did almost everything short of making the web page with 6pt font in the same color as the background to hide them.
P.S. I'm not advocating the E521 for use with Linux, it was an illustration only.
What really held the Amiga back was the lack of an easily added on hard drive. SCSI was too expensive. A simple built in IDE interface on the A1000 would have made it a killer.
They weren't built in, but GVP made IDE controllers for Amiga -- they just happened to be attached to processor accelerator boards, which had the added benefit of letting you add another 8 MB of RAM and a 68030, too. That wasn't back in the A1000 days, though. If you were a die-hard A1000 fan, however, you could adapt one to work. A friend of mine had two edge connectors wired back-to-back, swapping the top/bottom pins, and voila! A 68030 A1000 with IDE controller.
Just because it CAN be done in 5 (or even 15) minutes doesn't mean it HAS to be. If they made it take different voltages depending on the desired speed of charge (rapid, high-voltage charge at the filling station; slow, lower voltage charge overnight at home in your garage), most people would probably never go to a filling station again, except when on a long trip. And for a long trip, I'd appreciate a 5-30 minute break every 500 miles. More people ought to take one now. When away from home, motels, hotels, and overnight parking lots could fill up your "tank" over a few hours for a fee (plug in, swipe your card, walk away). If done over 8 hours, the requirement are much lower. The benefit of the capacitor over a batttery is that you have the flexibility to recharge it in a short span of time (and also discharge it quickly too*), but you don't HAVE to. If I had one, 90% of the time it would be topped off at home every night. The average commute is something like 12 miles. I know there are some crazies that commute 100mi each way to work, with a 500 mile range, even they could round-trip and recharge overnight at home.
With most people recharging at home, recharge stations exist only as convenience stores. So the convenience store has a high-voltage hook up, and a few road-warrior types plug in while they stop and get coffee -- for the convenience of a rapid charge, they pay 4x what it costs at home ($36 is still less than I pay now for 500mi). The demand for that is lower than for gas, so you don't need to redesign the grid to handle dozen of cars simultaneously hooking up for rapid recharge.
Some things that stop me from having an electric car now are that 1) the range is limited (~60-100 miles), 2) when you get to the end of that range, you're looking at a relatively long recharge, 3) the batteries perform even worse when cold, 4) lack of availability. Capacitors won't help #4, but do help the rest.
* Speaking of rapid discharge... what happens to these capacitors in an accident?
Windows has thoughlessly consistent UI. If I am in a wordprocessor and use a menu item 'open file' and get a dialog to hunt and peck through my file system. then i click the application. often the application takes for the foreground and the dialog is pushed to the depths (got forbid you have auto window raising).
this doesnt happen in windows, dialog boxes are part of the applicaion, unlike a mdi window it can move outside of the confines of the application height/width, but stay at the level for the application.
on top of that usually you can open another 'open file' menu because someone was a knob programmer so now your basically looking at killing your app to get it restarted.
Huh? Are you saying that if I'm in a wordprocessor, and I bring up the open file dialog, then click the app, its window will obscure the dialog?
I'm on Mandriva, with OpenOffice.org 1.1.5 (geez, time to upgrade!) and KDE -- I just tried it, it doesn't happen. Maybe your information is out-of-date? Really out-of-date, since it works in OO.o 1.1.5, which is a legacy release, and OO.o is on 2.0.3 already.
Watch carefully, maybe we'll get another lesson in newspeak out of these quotes. I hear the words "democracy" and "freedom" are due to be removed from the dictionary next year...
They won't be removed, but the definitions will be altered. In the 22 years since 1984, Big Brother discovered that it's easier to own the definition than remove the word.
Record the show and wait an hour or 5 before playback and you could have Henry Kissinger pitching snide remarks to Gretta Van Susteran while watching War of the Worlds.
Wait a month and you could have some really cool total-replacement sound tracks of Bush calling a world cup game.
Maybe even better would be a plugin or player that also allowed the overlay of video from another source (e.g. the silouhettes, as an mpg file) in addition to just sound.
I'm not a TV / electronics guru, so forgive me if I over simplify things... but doesn't SOME piece of hardware inside of a 1080p capable HDMI equipped monitor have to eventually end up figuring out what LCD spots on the screen have to be given particular values? And won't someone eventually just insert a tap into the output of that component and sample it? OK, not me, but I wasn't going to do the print-screen thing either. But if that's what it takes to make 1,000,000,000 copies of "Pirates of the Carribean: Dead Man's Chest" to sell on the black market, I'm sure someone is going to do it eventually. How exactly do they prevent THAT from happening? Make the LCD components have encrpytion built-in and encase every one of them in melted glass? It's getting ridiculous. The regular users will get screwed a little more every day, but the pirates that make millions selling pirate copies will continue to do so. If they want to recoup millions lost to piracy, maybe the MPAA ought to sue the shady individuals that told them copy protection was a good idea.
There's also a program called "jhead" which can do this for you (jhead -ft *), as well as other fun things involving the EXIF, like auto-rotating your images (jhead -autorot *) if your camera keeps track of the position it was held when the shot was taken (I know both my Canons do). Linky here.
This is similar to a crook breaking into a house and then reporting the secret stash of drugs or child porn they found. Ok, it would be nice if they could report it anonymously, but it certainly doesn't justify the initial illegal behavior. And, like most crooks, they probably break into hundreds of places before they either get caught or find stuff worth reporting (like being able to access student grades or SSN).
So, if I happen to write down the URL that gets to my portal page on a website, then I'm at the mall surfing via the kiosk and I type in the URL wrong and end up on someone elses page with access to their personal information, maybe including their social security number, bank account info, credit card numbers and medical history information I can conclude the following: 1) I'm the same as a criminal that broke into someone's house and found their stash of drugs or child porn, 2) I should not report any of it to anyone; I should assume that the website doesn't want to know, and that none of the other users of the website need to know that their information is just a keystroke away from identity thieves.
Forgive me if I think the analogy flawed. I CAN stumble into this knowledge, I don't need to "break in", and it shouldn't be a crime to report it. A major fallacy is that the only injury here is to the "owner" of the "house" -- there is major damage potentially occuring to all of the innocent people whose information is vulnerable. The "owner" has an obligation to safe-guard that information. Someone with knowledge of that vulnerability is preventing damage to themselves and others by reporting it. This is not a crime. Doing nothing is "reckless indifference".
To revert to the overused house analogy, you don't tell a stranger that their front door is unlocked. To do so is to invite speculation about how you arrived at that knowledge. And if there's a burglary at that residence, your admitted knowledge automatically makes you a suspect.
The analogy is not only overused, it's a bad analogy. While I probably wouldn't tell a stranger that his front door is unlocked, I probably WOULD tell the police that the front door of the house I just walked up to (to ring the bell) is OPEN, and there were dangerous weapons laying out in plain sight inside where children could wander in and get them. THAT is a closer analogy to the situation where people can be seriously harmed by having their information being stolen from a public website. However, in this situation, telling the police that I can see a public danger could land me in prison.
How about this: Suppose I go to get something out of my storage unit at the local U-Store-It, and while I'm in the warehouse walking to my unit, I notice that all of the padlocks on the units I pass have been cut off and are laying on the floor... if I report it, am I a criminal? By your reasoning, I should just leave and pretend I didn't see the locks -- only a criminal would report it.
Well, that's not so different as the situation in physical security systems. Go and tell a bank manager that they have an unsecured entry point in the air ducts, and that their alarms can be blocked by a XT42 bypass (or whatever), and the guards always have lunch at the same time leaving the screens unattended for ten minutes.
You are probably making them a big favour, but the fact remains that they will be suspicious about you, and may call the police. How do you know about those things? What are your intentions? It's quite a natural reaction. We only perceive the situation to be different because we happen to be experts not in alarms but in computers.
But should I call the police if I saw that the bank's front door was propped open and the vault door was open at 2:00AM when I was at the front of the building using the ATM? Or should I just drive away? Probably just drive away.
How about a different analogy? I'm at the hospital, in the ER waiting area at 2AM waiting the mandatory 4 hours before I get to see a resident. To fight the boredom, I'm using the tethered remote to flip through the channels, and notice that on channel 85, I can see the admission clerk's monitor info! Everyone's SSNs and medical info scrolls by as it is entered. Obviously this is a mistake, and obviously it is potentially harmful to all of the patients, including me. Should I tell someone? Did I do something wrong by flipping to channel 85? Should they call in the police and have me investigated?
Instead of sending a blank, why not just burn 9.4GB of/dev/urandom onto the disk. They'll probably end up spending over $10,000 per package by calling in the MPAA, the RIAA, the NSA, the CIA, and the DHS. After a few dozen false alarms, maybe they'll learn to stop invading customer privacy.
Why do I have the depressing feeling that shipping 9.4GB of/dev/urandom out of the country to the UK qualifies as sending a one-time-crypto-pad out of the country, thus making you an arms dealer or terrorism suspect?
I don't know for sure, but it could be that they aren't storing your credit card info, but instead storing some sort of encrypted transaction code for just that one transaction associated with your receipt, that they share with the credit card company itself. In other words, it would be useless except for referring back to that single purchase transaction. Presumably the credit card company already knows your credit card info.:)
Imagine I put my credit card number on a piece of paper, put it in a sealed envelope, and hand it to the merchant. The merchant hands the envelope to the credit card company along with the purchase amount, and the credit card company hands them back a piece of paper with a transaction number on it, indicating approval. When you come back into the store later, the merchant says "Hey, remember this transaction? Credit the card holder back $xxx." So, it's possible to get you your money back without the merchant knowing your card info directly. On the other hand, I don't do these kinds of systems for a living, so I have no idea if that's how it really works.
Amazon.com stores your credit card number if they only ask you to enter the last four digits of your card number, right ? So what's different here ? Maybe I've not understood something
I think I can clarify... The problem isn't that they store the information, it's that unlike Amazon, they do it without your knowledge or consent. Also, because these vendors were unaware that this information was being stored by their systems, no security procedures are in place to prevent unscrupulous employees (or others) from extracting the card information from the system. On the other hand, a retailer like Amazon is aware that it is storing this information for you, you are (hopefully) aware Amazon is storing it for you, and both you and Amazon (presumably) take precautions to safeguard the info.
I think there's something else to be said about the fact that if a movie actually sounds like it is good (big IF), I can wait a few weeks, pick up the DVD for $19.95 (or less) and 4 of us can watch the director's cut on a big screen HDTV with 7.1 surround sound, adult beverages, no cell phones, pause, delivery pizza, no ticket lines or convenience fees in a room climate controlled to my comfort level. And, if the movie is REALLY good, I can watch it again and again, no extra charge.
Even with "VIP passes" from Costco, I'm looking at $30 for four of us to go to the movies ONCE, plus probably another $20 in refreshments to hear someone's cell phone go off while I sit in an uncomfortable seat with people talking around me and blocking my view when they leave for the concession stand or restroom while I freeze my ass off.
So... combine that with a lacklustre selection of movies, and I think it becomes clear why box office sales are down. Twenty years ago, there were not nearly as many home theaters.
The C64 was a great machine. I got one when I was in 6th grade ('83, I guess!) -- I'd been using the TRS-80 Model II at school, and fooling with the CoCos at the Radio Shack, and was thrilled when the C64 arrived under the tree. It was much better than the BASIC cartridge for my Atari 2600 (Anyone else have that?) We soon picked up a "Datasette" (tape recorder/player -- I distinctly remember the 45 minute load time for Flight Simulator II!), a 300bps modem, and a "Gorilla Bananna" 9-pin printer (sold by DAK, are they still around?) I used the C64 for 4-5 years, by the end I was running a BBS, with two 1541 5.25" floppies, a 1581 3.5" (800K!) floppy, a 1200bps modem, and (perhaps most important) the snapshot / fast load cartridge (I can't remember the name of it -- though it wasn't the Epyx FastLoad, I had one of those, too). I started out doing BASIC programs, but couldn't get enough speed to do the hi-res graphics I wanted. So I got the 6502 assembler, and taught myself how to do fun things like toggle the BASIC and OS ROM images on/off to get access to the huge expanses of memory behind them. It would take like a full minute to erase the screen using a for/next loop and POKE statements, but it was done in under a second in 6502... Later I was trying to write stuff for GEOS... from tweaking programs typed in out of magazines to making auto-load programs stuffed in the cassette buffer, that was one fun computer.
From there, I moved to an Amiga 2000. I loved multi-tasking, because I no longer had to take the BBS down to program anymore! I could write AmigaBASIC (Microsoft) while people were logged in! From there to Lattice C, and writing BBS utilities (for Paragon BBS), FIDO-NET (aka Fight-O-Net:) By the time I stopped using the A2000, it had a PAL/NTSC switch, 50MHz 68030, 16MB of FastRAM (8 on the accelerator, 8 on a HD/RAM board), a multi serial port card, a USR HST modem and about 1GB of HD (back in the day when a 200MB HD was huge - I had 50MB, 105MB, 200MB drives all strung together on several SCSI controllers in their own baby-AT case).
I was a big C= fanboy back then. I guess I have to credit them for enabling me to be the geek I am today.
Isn't it true that Microsoft grants customers that are "big enough" access to the source code under NDA?
If that's the case, right now one of them can be looking at this code to see if it reeks of "intentional backdooring". I don't know what that NDA says exactly, but I have a feeling that if it really looks intentional, someone will say something. It'd be quite a scandal. I'm still in the "probably just a bug" camp. Microsoft, with Windows Update, their digital signatures, all their resources and full access to the OS source code, could exploit most users PCs in a matter of minutes without resorting to this "backdoor". I suppose some malicious employee or former employee could have been sitting around at home rubbing his hands as he prepared for infinite riches, but again, a buffer overrun would have been enough there, too.
"Never ascribe to malice that which can adequately be explained by incompetence" - Bonaparte
I read TFA, and I've read a lot of comments here that say "Hey! Look! They're checking for a specific key (length == 1), and executing the next byte, it's all so neat and clean it must be intentional!" Honestly, if I was Microsoft, with full access to the Windows source code, and the ability to scan it for buffer overruns, I wouldn't need to introduce a vulnerability that looks like a vulnerability. I'd just keep a list of as-of-yet-unpatched buffer overruns. Any time I wanted a "backdoor" to your PC, I'd pull one off the list, craft up an exploit (pretty simple when you not only have the source code to the OS, but the source for and access to the authors of the compiler, too), and voila! Every time one gets discovered, scratch it off the list and introduce two more in the next "Windows Update." Why make a backdoor that would raise anyone's suspicions? After all, who's going to suspect buffer overruns? Everyone knows they're just bugs! Now THAT'S plausible deniability.
I used Troelsen's previous edition to learn C# (borrowed it from the team library at work), and continue to recommend it to people who are picking up C# after being proficient in something like Java or C++. I just got this edition, and haven't had a chance to read through it completely, or to compare it to the previous one, but a quick look through it leads me to believe it is at least as good. I thought his writing was clear, had a reasonable level of detail, and was easy to get around.
I also recommend Juval Löwy's "Programming.NET Components" as a follow-on. I thought it covered threading more completely.
Slashdot Mirror
I just have this "gut feel" that you could get away with something more reasonably sized.
Here's an example: The Dell "N Series". That's their line of PCs for "open source" -- sold without an OS. Search for "N Series" on their website. Can't find it. You'll have to ask Google. How about one of the models in that series, like the E521n? It can't be found. Now, search Dell's site for the "normal" version, the E521 with Windows mandatory, and sure enough, that they know. But, the E521n is indeed available. They just hide it.
For the curious, the difference in cost is about $30 if configured the same except for OS.
So, saying that the "demand has not been very high" is like saying that I received very few inquiries on the 1 pound bar of gold I was offering for $10 last month, when the only place I posted the notice of the sale was on the inside of my furnace cover, accessible behind 2 bolts, in the furnace room of my basement. Of COURSE demand was low. They did almost everything short of making the web page with 6pt font in the same color as the background to hide them.
P.S. I'm not advocating the E521 for use with Linux, it was an illustration only.
They weren't built in, but GVP made IDE controllers for Amiga -- they just happened to be attached to processor accelerator boards, which had the added benefit of letting you add another 8 MB of RAM and a 68030, too. That wasn't back in the A1000 days, though. If you were a die-hard A1000 fan, however, you could adapt one to work. A friend of mine had two edge connectors wired back-to-back, swapping the top/bottom pins, and voila! A 68030 A1000 with IDE controller.
With most people recharging at home, recharge stations exist only as convenience stores. So the convenience store has a high-voltage hook up, and a few road-warrior types plug in while they stop and get coffee -- for the convenience of a rapid charge, they pay 4x what it costs at home ($36 is still less than I pay now for 500mi). The demand for that is lower than for gas, so you don't need to redesign the grid to handle dozen of cars simultaneously hooking up for rapid recharge.
Some things that stop me from having an electric car now are that 1) the range is limited (~60-100 miles), 2) when you get to the end of that range, you're looking at a relatively long recharge, 3) the batteries perform even worse when cold, 4) lack of availability. Capacitors won't help #4, but do help the rest.
* Speaking of rapid discharge... what happens to these capacitors in an accident?
I'm on Mandriva, with OpenOffice.org 1.1.5 (geez, time to upgrade!) and KDE -- I just tried it, it doesn't happen. Maybe your information is out-of-date? Really out-of-date, since it works in OO.o 1.1.5, which is a legacy release, and OO.o is on 2.0.3 already.
I'm not a TV / electronics guru, so forgive me if I over simplify things... but doesn't SOME piece of hardware inside of a 1080p capable HDMI equipped monitor have to eventually end up figuring out what LCD spots on the screen have to be given particular values? And won't someone eventually just insert a tap into the output of that component and sample it? OK, not me, but I wasn't going to do the print-screen thing either. But if that's what it takes to make 1,000,000,000 copies of "Pirates of the Carribean: Dead Man's Chest" to sell on the black market, I'm sure someone is going to do it eventually. How exactly do they prevent THAT from happening? Make the LCD components have encrpytion built-in and encase every one of them in melted glass? It's getting ridiculous. The regular users will get screwed a little more every day, but the pirates that make millions selling pirate copies will continue to do so. If they want to recoup millions lost to piracy, maybe the MPAA ought to sue the shady individuals that told them copy protection was a good idea.
There's also a program called "jhead" which can do this for you (jhead -ft *), as well as other fun things involving the EXIF, like auto-rotating your images (jhead -autorot *) if your camera keeps track of the position it was held when the shot was taken (I know both my Canons do). Linky here.
Forgive me if I think the analogy flawed. I CAN stumble into this knowledge, I don't need to "break in", and it shouldn't be a crime to report it. A major fallacy is that the only injury here is to the "owner" of the "house" -- there is major damage potentially occuring to all of the innocent people whose information is vulnerable. The "owner" has an obligation to safe-guard that information. Someone with knowledge of that vulnerability is preventing damage to themselves and others by reporting it. This is not a crime. Doing nothing is "reckless indifference".
How about this: Suppose I go to get something out of my storage unit at the local U-Store-It, and while I'm in the warehouse walking to my unit, I notice that all of the padlocks on the units I pass have been cut off and are laying on the floor... if I report it, am I a criminal? By your reasoning, I should just leave and pretend I didn't see the locks -- only a criminal would report it.
How about a different analogy? I'm at the hospital, in the ER waiting area at 2AM waiting the mandatory 4 hours before I get to see a resident. To fight the boredom, I'm using the tethered remote to flip through the channels, and notice that on channel 85, I can see the admission clerk's monitor info! Everyone's SSNs and medical info scrolls by as it is entered. Obviously this is a mistake, and obviously it is potentially harmful to all of the patients, including me. Should I tell someone? Did I do something wrong by flipping to channel 85? Should they call in the police and have me investigated?
Why do I have the depressing feeling that shipping 9.4GB of
Imagine I put my credit card number on a piece of paper, put it in a sealed envelope, and hand it to the merchant. The merchant hands the envelope to the credit card company along with the purchase amount, and the credit card company hands them back a piece of paper with a transaction number on it, indicating approval. When you come back into the store later, the merchant says "Hey, remember this transaction? Credit the card holder back $xxx." So, it's possible to get you your money back without the merchant knowing your card info directly. On the other hand, I don't do these kinds of systems for a living, so I have no idea if that's how it really works.
Even with "VIP passes" from Costco, I'm looking at $30 for four of us to go to the movies ONCE, plus probably another $20 in refreshments to hear someone's cell phone go off while I sit in an uncomfortable seat with people talking around me and blocking my view when they leave for the concession stand or restroom while I freeze my ass off.
So... combine that with a lacklustre selection of movies, and I think it becomes clear why box office sales are down. Twenty years ago, there were not nearly as many home theaters.
From there, I moved to an Amiga 2000. I loved multi-tasking, because I no longer had to take the BBS down to program anymore! I could write AmigaBASIC (Microsoft) while people were logged in! From there to Lattice C, and writing BBS utilities (for Paragon BBS), FIDO-NET (aka Fight-O-Net :) By the time I stopped using the A2000, it had a PAL/NTSC switch, 50MHz 68030, 16MB of FastRAM (8 on the accelerator, 8 on a HD/RAM board), a multi serial port card, a USR HST modem and about 1GB of HD (back in the day when a 200MB HD was huge - I had 50MB, 105MB, 200MB drives all strung together on several SCSI controllers in their own baby-AT case).
I was a big C= fanboy back then. I guess I have to credit them for enabling me to be the geek I am today.
If that's the case, right now one of them can be looking at this code to see if it reeks of "intentional backdooring". I don't know what that NDA says exactly, but I have a feeling that if it really looks intentional, someone will say something. It'd be quite a scandal. I'm still in the "probably just a bug" camp. Microsoft, with Windows Update, their digital signatures, all their resources and full access to the OS source code, could exploit most users PCs in a matter of minutes without resorting to this "backdoor". I suppose some malicious employee or former employee could have been sitting around at home rubbing his hands as he prepared for infinite riches, but again, a buffer overrun would have been enough there, too.
"Never ascribe to malice that which can adequately be explained by incompetence" - Bonaparte
I read TFA, and I've read a lot of comments here that say "Hey! Look! They're checking for a specific key (length == 1), and executing the next byte, it's all so neat and clean it must be intentional!" Honestly, if I was Microsoft, with full access to the Windows source code, and the ability to scan it for buffer overruns, I wouldn't need to introduce a vulnerability that looks like a vulnerability. I'd just keep a list of as-of-yet-unpatched buffer overruns. Any time I wanted a "backdoor" to your PC, I'd pull one off the list, craft up an exploit (pretty simple when you not only have the source code to the OS, but the source for and access to the authors of the compiler, too), and voila! Every time one gets discovered, scratch it off the list and introduce two more in the next "Windows Update." Why make a backdoor that would raise anyone's suspicions? After all, who's going to suspect buffer overruns? Everyone knows they're just bugs! Now THAT'S plausible deniability.
I also recommend Juval Löwy's "Programming .NET Components" as a follow-on. I thought it covered threading more completely.