Agreed -- it IS rather bad, but generally speaking you're not expecting attacks from inside your LAN. As Windows vulnerabilities go, this isn't horrible in a practical sense.
Actually, quite a few companies ship laptops in this configuration. It allows them to advertise the 4 GB, and very nearly none of their audience will ever be wise to it. The last time I saw this was with a machine purchased literally two weeks ago. It's now happily churning along with Win7 x64, no functionality missing.
I don't think you quite understand. These people didn't go to some torrent site and download Windows. They took Windows XP, built an illicit distribution with the activation bits etc removed, and sent that around -- probably for money. IOW, they enabled millions of other people to run stolen copies of Windows XP, possibly without even realizing it (third rate vendors have a nasty habit of using these bootleg Windows copies on their machines).
I think there are some subtleties here that are not being correctly addressed. Specifically, what's legitimate from the viewpoint of the kernel, versus what is legitimate from the viewpoint of C.
On these systems it is perfectly valid (and correct) C to define a structure which has the layout of the attached devices and then cast 0 to a pointer to this structure and use that for I/O.
No, it isn't "valid", per se. It is how you get the desired effect, and might work fine on said device -- but it's a blatant violation of the rules of C.
Remember that C, like most languages, makes some very basic assumptions about the underlying platform and require certain things of it. One of these is you can't dereference NULL legally, end of story. From the kernel's point of view, strictly by the rules of the underlying processor and machine, this might be totally legal. But the C standard says quite explicitly that you can't be doing this under any condition. Not only that, it's undefined behavior -- you're in a particularly bad no man's land.
Legal in C and legal on the machine are NOT the same thing. Please remember that difference. C still has rules and assumptions that you have to follow, and when you don't, things like this happen. That's why the code behind this vulnerability is NOT correct. It obeys machine rules but not C's stricter rules.
The FedEx system doesn't handle hand written letters though, does it? You have to do a shipping label for most (all?) packages, with a digital bar code. USPS runs some very powerful OCR systems; maybe they're making the transactions so expensive. Just a thought.
But it's not supposed to be a product! MS --> Research --. It's an architectural experiment, and sure, a lot of projects graduate from Research to an actual product group. The goal is NOT to make something you can take to the open market though. It's a proper research lab, and so of course its stuff is frequently lacking. If it were to be converted to a product, it'd be staffed up with a full team who would spend a year or two -- or seven in the case of some unfortunate victims -- making it viable for public consumption.
He's talking about Eclipse 3.1 because the article has nothing to do with what the title says. It's not about Mono vs Java, even though the author thinks it is. He spends most of his time basically talking about how Debian is garbage (which seems obvious to me but reasonable people can disagree). In fact the article seems to imply that Debian IS Linux, which is broken on several levels.
Oh, cool! Where's the source to iTunes, Quicktime, iPhoto, any piece of iLife, XCode, Safari, iMovie, iDVD, Aperture, and iWork? I've always wanted to see that and I'm so thrilled that since most of the software on a Mac is GPL, most of that is surely available to me.
I worked on a commercial PS3 title (none of that homebrew bull), where the GCC compiler is available as one of the options for the platform. It generates noticeably worse -- mainly longer -- code than is reasonable, and larger x86 code than Visual C++ generates. In turn, the larger code causes a lot of methods not to be inlined, and the cascaded effect (no doubt with caching issues etc thrown in) is notably slower. We're talking maybe 5-10% total here, but 5% because of a subpar compiler is pretty harsh.
Just FYI, an open source reference implementation is NOT a standard, nor does it imply the existence of an open standard. So you may want to mention ACTUAL standards instead.
Additionally, please remember that in a patent, the abstract is not what is being patented. The abstract just provides the rough background for the actual patented invention, which is why it always sounds familiar.
Seriously. The article might even be a half decent overview of things (I'm lying -- it's not), but the illiteracy of whatever idiot wrote it is horribly painful.
That's great and all, but does it still insist on using the horrendously ugly Apple text rendering engine when running under Windows? No point in being super fast and super standards compliant if the stuff on my screen is a blurry mess...
I don't get it. It SOUNDS like this is alleging that Microsoft is behaving anti-competitive by suppressing their OWN product in favor of a newer one that people don't like. In other words, it appears that the suit alleges that Microsoft is conducting anti-competitive behavior against itself. Am I misunderstanding something? For that matter, why are they even required to give the older product at the same price? You can't frame Vista and XP as competitors and say Vista's anti-competitive behavior is destroying XP, because competition laws product companies, not products.
Again, let me know if I'm totally missing something here.
And who ever discovered analogue distortion by maxing the signal probably thought no one in their right mind would use that either. They were wrong. However, whoever discovered digital distortion by clipping probably thought no one in their right mind would want to use that... and they have been for the most part correct.
I disagree with that somewhat. After all, nearly all of Queen's album recordings feature Brian May playing through his completely solid state amplifier. Okay, so it's not digital, but I think it's a little unreasonable all the same. How about Nine Inch Nails/Reznor for example? He certainly uses those sounds. It works well with a very different kind of music...but then, so did overdriven tube amplifiers.
Except that's totally irrelevant, because in most cases we don't CARE about regenerating the original input. You can usually create a useful attack simply by finding SOME input that generates the same output, and that's what you want to build a hash function to resist.
As near as I can tell, what happens in Windows is that it uses a lot of RAM. A LOT, as in an exorbitant amount. (I'm not judging, stay with me for a second.) I'm not entirely clear on why or what they're doing with it, but a lot of it seems to happen right at system boot, so I imagine it's fairly core stuff. I believe, however, that these are a lot of one-off structures that are built and then might occasionally be needed again, but not very much. Thus they're immediately paged out to disk, regardless of what the current memory conditions of the system are. The idea is that in most cases this is more efficient than rebuilding this stuff and you've got plenty of disk space to spare. My question has always been, why not leave it in RAM while also backing it up to disk? That would get rid of the absurd lag when using a system that has been inactive for a while and has paged out and powered down its hard disks. I imagine there's a good reason, but I don't know.
I don't promise this is how it works, but this is my best guess based on a decent enough working knowledge of the kernel's overall implementation and my observations of its behavior.
>>The fact that it has done this says a lot about Open Source as a superior way to develop non-proprietary software. When GNOME became common in the Unix world, it mostly displaced CDE, a non-proprietary desktop that was developed the old-fashioned way: a bunch of companies got together and formed a committee that wrote a spec, that various people went out and implemented.
Yes, Open Source truly defeated the greatest UI developers to have ever lived -- the people who work on UNIX-based and UNIX-alike operating systems. Incredible accomplishment there. Making a better UI than the UNIX guys...I mean really, who would have even thought it possible?
>> DirectX is a nightmare of ActiveX/COM objects. It's anything but pretty to look at it. It takes a lot of code to get started before you can do anything. There's a very steep learning curve to fight through before you can do anything at all with it. It gets easier once you've managed to get it going, but it still isn't pretty.
This has been fixed up heavily in recent years. The only remaining headache is keeping track of reference counts; in C++, you can use the CComPtr smart pointer template class to do it for you. Don't get me wrong; DSound and DInput are still a miserably painful mess. D3D, however, is quite alright.
>>>>OpenGL is a state machine, programmed in good 'ol C.
>>Which makes it very straightforward to work with. You don't find yourself wondering how something will work. If you have any background in 3D graphics theory, things work in OpenGL exactly as you'd expect.
This only works if the only background you have in 3D graphics is from when SGI was still relevant. Modern graphics pipelines do not resemble what SGI had when they created IrisGL and later OpenGL, and the API has not evolved well. (It HAS evolved, just in sort of a haphazard and uncomfortable fashion.) That's why we're getting OpenGL 3.0 over the next year; this whole state machine that OpenGL (and a good chunk of D3D 9 for that matter) model no longer exists. Besides that, there are inherent inefficiencies in the OpenGL model. Don't take my word for this -- read the OpenGL 3.0 proposals by ATI from some time back. They call out these problems quite well.
>> MicroSoft subsidizes training.
Not for DirectX.
>> DirectX is the native API to the OS on most peoples computers.
There's nothing "native" about DirectX on Windows. I know, I worked on graphics drivers for one of the three big GPU companies (those three are Intel, NVIDIA, and ATI, in that order).
I won't contest the book points.
>> Microsoft managed to mastermind OpenGL standard development to halt to a freeze for several years, they no longer hold the same influence.
To misquote Obi-Wan, they have done that themselves. In-fighting on the ARB was always a serious problem, and Microsoft was no more (or less) guilty than ATI, NVIDIA, SGI, Sun, Intel, Dell, Apple, or anyone else I forgot. One can only hope that the turn over of control to the Khronos Group will be an improvement.
Slashdot Mirror
Agreed -- it IS rather bad, but generally speaking you're not expecting attacks from inside your LAN. As Windows vulnerabilities go, this isn't horrible in a practical sense.
Actually, quite a few companies ship laptops in this configuration. It allows them to advertise the 4 GB, and very nearly none of their audience will ever be wise to it. The last time I saw this was with a machine purchased literally two weeks ago. It's now happily churning along with Win7 x64, no functionality missing.
I don't think you quite understand. These people didn't go to some torrent site and download Windows. They took Windows XP, built an illicit distribution with the activation bits etc removed, and sent that around -- probably for money. IOW, they enabled millions of other people to run stolen copies of Windows XP, possibly without even realizing it (third rate vendors have a nasty habit of using these bootleg Windows copies on their machines).
No, it isn't "valid", per se. It is how you get the desired effect, and might work fine on said device -- but it's a blatant violation of the rules of C.
Remember that C, like most languages, makes some very basic assumptions about the underlying platform and require certain things of it. One of these is you can't dereference NULL legally, end of story. From the kernel's point of view, strictly by the rules of the underlying processor and machine, this might be totally legal. But the C standard says quite explicitly that you can't be doing this under any condition. Not only that, it's undefined behavior -- you're in a particularly bad no man's land.
Legal in C and legal on the machine are NOT the same thing. Please remember that difference. C still has rules and assumptions that you have to follow, and when you don't, things like this happen. That's why the code behind this vulnerability is NOT correct. It obeys machine rules but not C's stricter rules.
The FedEx system doesn't handle hand written letters though, does it? You have to do a shipping label for most (all?) packages, with a digital bar code. USPS runs some very powerful OCR systems; maybe they're making the transactions so expensive. Just a thought.
But it's not supposed to be a product! MS --> Research --. It's an architectural experiment, and sure, a lot of projects graduate from Research to an actual product group. The goal is NOT to make something you can take to the open market though. It's a proper research lab, and so of course its stuff is frequently lacking. If it were to be converted to a product, it'd be staffed up with a full team who would spend a year or two -- or seven in the case of some unfortunate victims -- making it viable for public consumption.
He's talking about Eclipse 3.1 because the article has nothing to do with what the title says. It's not about Mono vs Java, even though the author thinks it is. He spends most of his time basically talking about how Debian is garbage (which seems obvious to me but reasonable people can disagree). In fact the article seems to imply that Debian IS Linux, which is broken on several levels.
Oh, cool! Where's the source to iTunes, Quicktime, iPhoto, any piece of iLife, XCode, Safari, iMovie, iDVD, Aperture, and iWork? I've always wanted to see that and I'm so thrilled that since most of the software on a Mac is GPL, most of that is surely available to me.
I worked on a commercial PS3 title (none of that homebrew bull), where the GCC compiler is available as one of the options for the platform. It generates noticeably worse -- mainly longer -- code than is reasonable, and larger x86 code than Visual C++ generates. In turn, the larger code causes a lot of methods not to be inlined, and the cascaded effect (no doubt with caching issues etc thrown in) is notably slower. We're talking maybe 5-10% total here, but 5% because of a subpar compiler is pretty harsh.
Just FYI, an open source reference implementation is NOT a standard, nor does it imply the existence of an open standard. So you may want to mention ACTUAL standards instead.
Additionally, please remember that in a patent, the abstract is not what is being patented. The abstract just provides the rough background for the actual patented invention, which is why it always sounds familiar.
Seriously. The article might even be a half decent overview of things (I'm lying -- it's not), but the illiteracy of whatever idiot wrote it is horribly painful.
That's great and all, but does it still insist on using the horrendously ugly Apple text rendering engine when running under Windows? No point in being super fast and super standards compliant if the stuff on my screen is a blurry mess...
That still doesn't explain why G3 and G4 based machines are so god awful slow. Is it become OSX is so absurdly RAM hungry?
I don't get it. It SOUNDS like this is alleging that Microsoft is behaving anti-competitive by suppressing their OWN product in favor of a newer one that people don't like. In other words, it appears that the suit alleges that Microsoft is conducting anti-competitive behavior against itself. Am I misunderstanding something? For that matter, why are they even required to give the older product at the same price? You can't frame Vista and XP as competitors and say Vista's anti-competitive behavior is destroying XP, because competition laws product companies, not products.
Again, let me know if I'm totally missing something here.
I disagree with that somewhat. After all, nearly all of Queen's album recordings feature Brian May playing through his completely solid state amplifier. Okay, so it's not digital, but I think it's a little unreasonable all the same. How about Nine Inch Nails/Reznor for example? He certainly uses those sounds. It works well with a very different kind of music...but then, so did overdriven tube amplifiers.
Except that's totally irrelevant, because in most cases we don't CARE about regenerating the original input. You can usually create a useful attack simply by finding SOME input that generates the same output, and that's what you want to build a hash function to resist.
As near as I can tell, what happens in Windows is that it uses a lot of RAM. A LOT, as in an exorbitant amount. (I'm not judging, stay with me for a second.) I'm not entirely clear on why or what they're doing with it, but a lot of it seems to happen right at system boot, so I imagine it's fairly core stuff. I believe, however, that these are a lot of one-off structures that are built and then might occasionally be needed again, but not very much. Thus they're immediately paged out to disk, regardless of what the current memory conditions of the system are. The idea is that in most cases this is more efficient than rebuilding this stuff and you've got plenty of disk space to spare. My question has always been, why not leave it in RAM while also backing it up to disk? That would get rid of the absurd lag when using a system that has been inactive for a while and has paged out and powered down its hard disks. I imagine there's a good reason, but I don't know.
I don't promise this is how it works, but this is my best guess based on a decent enough working knowledge of the kernel's overall implementation and my observations of its behavior.
What the hell planet has he been living on for the last ten years?
Yeah! It's a ridiculous idea to run a GPU driver in userspace. No major operating system would ever do such a thing.
Oh wait.
(To be fair, Vista drivers are comprised of a small kernel mode miniport driver, but the vast, vast majority is in userspace.)
Vigilante justice, not vigilante law enforcement. Whether it's against the law or not has nothing to do with whether or not it's vigilante justice.
Might be of interest to note that Wikipedia has accepted the new name.
>>The fact that it has done this says a lot about Open Source as a superior way to develop non-proprietary software. When GNOME became common in the Unix world, it mostly displaced CDE, a non-proprietary desktop that was developed the old-fashioned way: a bunch of companies got together and formed a committee that wrote a spec, that various people went out and implemented.
Yes, Open Source truly defeated the greatest UI developers to have ever lived -- the people who work on UNIX-based and UNIX-alike operating systems. Incredible accomplishment there. Making a better UI than the UNIX guys...I mean really, who would have even thought it possible?
>> DirectX is a nightmare of ActiveX/COM objects. It's anything but pretty to look at it. It takes a lot of code to get started before you can do anything. There's a very steep learning curve to fight through before you can do anything at all with it. It gets easier once you've managed to get it going, but it still isn't pretty.
This has been fixed up heavily in recent years. The only remaining headache is keeping track of reference counts; in C++, you can use the CComPtr smart pointer template class to do it for you. Don't get me wrong; DSound and DInput are still a miserably painful mess. D3D, however, is quite alright.
>>>>OpenGL is a state machine, programmed in good 'ol C.
>>Which makes it very straightforward to work with. You don't find yourself wondering how something will work. If you have any background in 3D graphics theory, things work in OpenGL exactly as you'd expect.
This only works if the only background you have in 3D graphics is from when SGI was still relevant. Modern graphics pipelines do not resemble what SGI had when they created IrisGL and later OpenGL, and the API has not evolved well. (It HAS evolved, just in sort of a haphazard and uncomfortable fashion.) That's why we're getting OpenGL 3.0 over the next year; this whole state machine that OpenGL (and a good chunk of D3D 9 for that matter) model no longer exists. Besides that, there are inherent inefficiencies in the OpenGL model. Don't take my word for this -- read the OpenGL 3.0 proposals by ATI from some time back. They call out these problems quite well.
>> MicroSoft subsidizes training.
Not for DirectX.
>> DirectX is the native API to the OS on most peoples computers.
There's nothing "native" about DirectX on Windows. I know, I worked on graphics drivers for one of the three big GPU companies (those three are Intel, NVIDIA, and ATI, in that order).
I won't contest the book points.
>> Microsoft managed to mastermind OpenGL standard development to halt to a freeze for several years, they no longer hold the same influence.
To misquote Obi-Wan, they have done that themselves. In-fighting on the ARB was always a serious problem, and Microsoft was no more (or less) guilty than ATI, NVIDIA, SGI, Sun, Intel, Dell, Apple, or anyone else I forgot. One can only hope that the turn over of control to the Khronos Group will be an improvement.