I've been using VS2005 on XP as a limited user for years (in fact, my work computer is the same way; I'm a professional programmer). That setting you speak of is set to admin only on my computer (and has always been that way). I have no difficulty with either debugging (programs launched by VS) or attaching to other processes running as my user; nor do I have a problem with using WinDbg. I have absolutely no idea what you're talking about.
"Yes, because code Red and Melissa was caused by me installing Diablo. Slammer was a result of users installing Paint Shop Pro. ActiveX controls get installed and root kits get downloaded without permission due to users running WinAMP.
Stop apologizing for the mistakes of Microsoft. Stop believing the marketing drivel that comes out of Redmond. It makes you look worse than the Linux Zealots."...okay, wow. You managed to totally and completely miss the topic of the article and my post, and write an rather irate reply in the process. The topic is the reason everybody uses (and writes programs only for) admin, NOT general bugs/security holes in the OS. Very nice knee-jerk reflex to somebody not putting down MS, though. One of us appears to be frothing at the mouth, here, and it sure ain't me.
"Is it too late to declare the 2000 and 2004 elections to be non-binding?"
Given that it's 2007, Bush has been president for 7 years, and will be gone in another year even if not impeached or tossed out, yes, it's too late:P That's the same reason that impeaching him wouldn't be anything more than a symbolic/moral victory.
Contrary to what a few mindless Linux zealots will tell you, Windows NT has always been an isolating multi-user system. That is, multiple users are supported, and each user's data is protected from other users, as well as system data (all the stuff outside the users' home directories). Always. However, NT's backward compatibility wasn't so good at first, particularly with 16-bit programs. As as result, even though it was relatively stable and secure, it was pretty rare for quite a few years.
The admin problem really comes about with Windows 9x, which was released a couple years after Windows NT. Windows 9x is not an isolating multi-user system; in fact, it basically has "multi-user" capabilities strapped on to Windows 3.1. There's no file system or registry permissions, nor is there a distinction between admin and vanilla user. Windows 9x quickly became popular, as it had fairly good backward compatibility with DOS and Windows 3.1 programs, and was significantly better than Windows 3.1 in general (though nowhere near comparable to NT). So, developers everywhere started writing programs for Windows 9x. Most of these programs didn't need to run on NT (as it was a niche market for some 7 years after release), so they didn't. Dealing with limited access was more difficult, and programmers were lazy.
Consequently, by the time NT finally overthrew 9x (with Windows XP), you had a huge number of existing programs that assumed full access of the computer (for one particularly bad example, the Mechwarrior: 2 Mercenaries installer used CLI and STI for something or other - kernel mode instructions; this blew up very badly on NT, so I did some debugging). But much worse, you had an entire generation of programmers that didn't know how to work with limited user. And since most users were forced to run in admin so that they could run legacy programs in XP, the developers figured that they didn't need to learn, and the problem became self-perpetuating.
In conclusion, YES, developers are 100% to blame for the admin problem. Granted some of those developers are in MS, but in general I've found MS programs to work FAR better than third-party programs, with regard to requiring admin. I'm speaking as someone who has been running as limited user for several years and runs MS programs like Visual Studio and Office very frequently.
As a footnote, I really wish NT offered a service to allow programs to temporarily elevate their privileges (such as getting write access to their program directory) to install patches without requiring admin (once the service verifies that the patches are properly signed). Myself and a friend are considering making such a service ourselves, actually.
The first amendment was supposed to protect dissenters from government suppression. Since then it has come to be considered protection from almost anyone who the speaker is speaking against. To use the first amendment for the benefit of the government against the people seems like a parody.
You should read The Old New Thing site (or the book by the same name, which is basically just a cleaned up and edited version of everything on the site). For those not familiar with him, Raymond Chen is THE backward compatibility guy at MS. He and his minions have to find all the badly programmed programs that break when Windows improvements are ready to ship (for examples of just how bad some of these programs are, read the site; little things like walking the stack from a window callback function to find some data value used earlier, etc.), and figure out kludges to make them still work despite improvements to the OS. Not surprisingly, he has a massive amount of knowledge to share about how Windows has become so complex and so warped.
He also is there to give advice on things NOT to do in coding (and yes, he does indeed talk about bad things MS employees have done, although he never refers to exactly where he encountered a particular bad thing he discusses).
So you're saying Microsoft is pure and distilled evil and it's impossible for them to do anything correct or righteous, so anything and everything that they say that isn't sinister must be lies, damned lies, and marketing speak. That is a beautiful self-rebuttal. *claps*
The way I envision Microsot QA is a huge warehouse full of every hardware device they could get, with computers having every version of OS that they ever shipped and a switching system to let any of that hardware be tested with any of the computers. Total cost of that warehouse would be in the million$, which means about 0.1% of total Microsoft market capitalization.
A million monkeys on a million computers in a big warehouse, eh? Heh, now there's a mental image. I wonder how long it would take them to do Q/A on Windows...
Guess what? If one shell extension can cause the problem, then another shell extension can likely cause the same problem. He never explains why that would not be true, so there is no reason to assume that it would not be true. Generally speaking, there's more than one way to write a program that does the same thing, and there's more than one way to arrive at the same error condition.
Thank you for making one of the most obvious (and thus pointless) statements of the century (did you know that things fall to the ground when you drop them? I'm completely serious) Yes, you are absolutely correct. In any relatively deterministic system, doing something bad in a predictable way will cause the same failure, predictably. Obviously, as this is deterministic, who is doing said bad thing in said predictable way is irrelevant; thus, multiple things may do the same bad thing with the same bad outcome. The blindingly obvious question this raises is exactly how many things do this. Whether 1 or 2 (or even 10) pieces of hardware do this makes little different if there's 5,000,000 pieces of hardware to test, and you only have the manpower to test 5,000 of them. Would you call testing a patch with merely 5,000 pieces of hardware horribly negligent? If so, I suggest you go work for them, and demonstrate that it's possible to test all 5,000,000 pieces in one month (several times, actually, as there are several patches to check).
There is even a comment which raises a more detailed question about the explanation, which has not yet been answered.
That poster is correct in his last paragraph (and the preceding paragraph, which indicated the problem): it was overlooked because, if it was going to break in this patch, it would have been breaking before this patch, as well; only the timing would have changed. Do you check every morning when you get up to make sure the sky is still blue and the grass is still green (I can smell the jokes coming already)? There are a million ways to do things that MSDN tells you specifically to never ever ever do; do you expect MS to check third-party code for every single one of them?
On one last personal note: Don't try to out-asshole me. You will fail. I'm not exactly proud of that, but you need to pull your head out of your ass before you come after me.
I am hurt that you give me so little credit. I would never attempt to challenge you at something I am so totally and obviously outclassed in. I would be much more concerned if you put me on your friends list.
Most likely they just have a small handful of shell extensions that they would install and test with.
I see even after people responded to you you STILL didn't RTFA. The particular shell extension was for a printer that was so old it wasn't produced at the time the patch was made. How many pieces of hardware does Windows support? Do you want them to test EVERY one of them with every single bug fix? You're batshit insane; even the entire OSS community combined couldn't pull that off.
Okay, he made an error. Why the HELL wasn't it caught in QA? Microsoft wants us to believe that the reason that we have to wait for patches is that they are getting some kind of exhaustive QA. This patch and executable were specifically created to avoid problems with invalid shell extensions. Don't you think that given that fact the thing to do would be to test it with some invalid shell extensions?
How to tell if somebody has only read the summary: they ask a question that was explicitly answered in the link. How to tell that most mods haven't read the article either: said post gets modded insightful.
Given that several people are pointing fingers in this thread and other places, I thought a little bit of hard data was in order: campaign finance data for the movie and recording industries. More detailed information can be found here, here, here, and here.
I'm convinced that the true purpose of DRM isn't to stop internet piracy (that's what the law suits are supposed to be for), but rather to prevent paying customers from making copies to give to their friends. The former is impossible to prevent, but they've done a decent job of making it a PITA for the average person to copy (be it to give to friends, back up, or play it on a player that doesn't like the copy protection). I'll leave it as an exercise to the economist to determine whether that's worth the trouble (and whether it's worth the trouble for people to buy DRMed media).
"? He was saying that this kid isn't the first who was sent to one of these camps who was neither a dissenter or terrorist. Reading comprehension FTW!"
So you believe he was saying that the government does things randomly and with no reason (valid or immorally self-serving) whatsoever? I give him more credit than that.
If he merely meant that he was certain this wasn't the first person to be sent to reeducation camp, the fact that he was sent to a reeducation camp means there had to be a reason for it (or a believed, if mistaken, reason). The two reasons are either that he was a terrorist or that he's a dissenter. Thus he is also certain that either the kid is a terrorist or dissenter, or the government thought he was. In either case, my point still stands. Never mind the fact that the very mention of consideration that he might be a terrorist, yet still expressing sympathy, validates my point in a different way. Slightly-above-elementary logic FTW!
"Or even the first that isn't really a terrorist, not even a dissenter?
I assure you - that's not the case.
Sad news is - he's probably a pretty smart kid, and now he is fucked for life.
Good luck scoring that academic scholarship and making something of yourself, kid - I genuinely cry a tear for you."...wait, first you say that you suspect he's a terrorist (one of two possibilities you consider certain), then go on to lament him being arrested, and his life being ruined? How the heck does that follow? If he really were a terrorist, I wouldn't have any sympathy for him.
"Will Slashdot follow as well? If not why or why not?"
That might not be such a bad thing. Think about it: 1. Slashdot posts article containing the key 2. Slashdot gets C&D order from MPAA 3. Slashdot puts up a donation box for lawyer's fees and tells MPAA to go screw themselves 4. Millions of nerds donate $1 each 5. Slashdot hires Johnnie Cochran 6. ??? 7. CowboyNeal profits!
I already have it as my tag-line (signature-like) in MSN messenger. And I'm considering getting the t-shirt to wear when I go back to work (out of state, programming) this summer.
What in your entire experience with human beings makes you think people would spend the effort to read all that even if you did provide links to it? To give a truly objective report you could only give links to full speeches or statements, voting history (where the voters would have to read the entire text of the bills the person vote for, etc.), charters of funding parties, etc. Even if you did create a central list of links, nobody has that kind of time (and as we all know people wouldn't spend that much time even if they had it). If you wanted to give summaries of their positions, there's clearly and unavoidably cherry-picking and editorial condensing due to the drastic reduction in information, which would create biased reviews (and don't even think about trying to get all sides to agree on a single fair and representative bullet-point summary of any candidate's positions).
I've noticed that any country that has more than one word that refers to freedom in the name (e.g. "democratic", "people's", "republic", etc.) is usually totalitarian.
Slashdot Mirror
I've been using VS2005 on XP as a limited user for years (in fact, my work computer is the same way; I'm a professional programmer). That setting you speak of is set to admin only on my computer (and has always been that way). I have no difficulty with either debugging (programs launched by VS) or attaching to other processes running as my user; nor do I have a problem with using WinDbg. I have absolutely no idea what you're talking about.
"Yes, because code Red and Melissa was caused by me installing Diablo. Slammer was a result of users installing Paint Shop Pro. ActiveX controls get installed and root kits get downloaded without permission due to users running WinAMP.
...okay, wow. You managed to totally and completely miss the topic of the article and my post, and write an rather irate reply in the process. The topic is the reason everybody uses (and writes programs only for) admin, NOT general bugs/security holes in the OS. Very nice knee-jerk reflex to somebody not putting down MS, though. One of us appears to be frothing at the mouth, here, and it sure ain't me.
Stop apologizing for the mistakes of Microsoft. Stop believing the marketing drivel that comes out of Redmond. It makes you look worse than the Linux Zealots."
"Is it too late to declare the 2000 and 2004 elections to be non-binding?"
:P That's the same reason that impeaching him wouldn't be anything more than a symbolic/moral victory.
Given that it's 2007, Bush has been president for 7 years, and will be gone in another year even if not impeached or tossed out, yes, it's too late
Contrary to what a few mindless Linux zealots will tell you, Windows NT has always been an isolating multi-user system. That is, multiple users are supported, and each user's data is protected from other users, as well as system data (all the stuff outside the users' home directories). Always. However, NT's backward compatibility wasn't so good at first, particularly with 16-bit programs. As as result, even though it was relatively stable and secure, it was pretty rare for quite a few years.
The admin problem really comes about with Windows 9x, which was released a couple years after Windows NT. Windows 9x is not an isolating multi-user system; in fact, it basically has "multi-user" capabilities strapped on to Windows 3.1. There's no file system or registry permissions, nor is there a distinction between admin and vanilla user. Windows 9x quickly became popular, as it had fairly good backward compatibility with DOS and Windows 3.1 programs, and was significantly better than Windows 3.1 in general (though nowhere near comparable to NT). So, developers everywhere started writing programs for Windows 9x. Most of these programs didn't need to run on NT (as it was a niche market for some 7 years after release), so they didn't. Dealing with limited access was more difficult, and programmers were lazy.
Consequently, by the time NT finally overthrew 9x (with Windows XP), you had a huge number of existing programs that assumed full access of the computer (for one particularly bad example, the Mechwarrior: 2 Mercenaries installer used CLI and STI for something or other - kernel mode instructions; this blew up very badly on NT, so I did some debugging). But much worse, you had an entire generation of programmers that didn't know how to work with limited user. And since most users were forced to run in admin so that they could run legacy programs in XP, the developers figured that they didn't need to learn, and the problem became self-perpetuating.
In conclusion, YES, developers are 100% to blame for the admin problem. Granted some of those developers are in MS, but in general I've found MS programs to work FAR better than third-party programs, with regard to requiring admin. I'm speaking as someone who has been running as limited user for several years and runs MS programs like Visual Studio and Office very frequently.
As a footnote, I really wish NT offered a service to allow programs to temporarily elevate their privileges (such as getting write access to their program directory) to install patches without requiring admin (once the service verifies that the patches are properly signed). Myself and a friend are considering making such a service ourselves, actually.
Dear Gord no. It was bad enough with Linus and RMS. The world does NOT need another person that makes headlines every time he says something.
The first amendment was supposed to protect dissenters from government suppression. Since then it has come to be considered protection from almost anyone who the speaker is speaking against. To use the first amendment for the benefit of the government against the people seems like a parody.
You should read The Old New Thing site (or the book by the same name, which is basically just a cleaned up and edited version of everything on the site). For those not familiar with him, Raymond Chen is THE backward compatibility guy at MS. He and his minions have to find all the badly programmed programs that break when Windows improvements are ready to ship (for examples of just how bad some of these programs are, read the site; little things like walking the stack from a window callback function to find some data value used earlier, etc.), and figure out kludges to make them still work despite improvements to the OS. Not surprisingly, he has a massive amount of knowledge to share about how Windows has become so complex and so warped.
He also is there to give advice on things NOT to do in coding (and yes, he does indeed talk about bad things MS employees have done, although he never refers to exactly where he encountered a particular bad thing he discusses).
So you're saying Microsoft is pure and distilled evil and it's impossible for them to do anything correct or righteous, so anything and everything that they say that isn't sinister must be lies, damned lies, and marketing speak. That is a beautiful self-rebuttal. *claps*
As it's always been Raymond's policy not to name names in incidents like this, and you seem to know, could you say what printer model this was?
The way I envision Microsot QA is a huge warehouse full of every hardware device they could get, with computers having every version of OS that they ever shipped and a switching system to let any of that hardware be tested with any of the computers. Total cost of that warehouse would be in the million$, which means about 0.1% of total Microsoft market capitalization.
A million monkeys on a million computers in a big warehouse, eh? Heh, now there's a mental image. I wonder how long it would take them to do Q/A on Windows...
Guess what? If one shell extension can cause the problem, then another shell extension can likely cause the same problem. He never explains why that would not be true, so there is no reason to assume that it would not be true. Generally speaking, there's more than one way to write a program that does the same thing, and there's more than one way to arrive at the same error condition.
Thank you for making one of the most obvious (and thus pointless) statements of the century (did you know that things fall to the ground when you drop them? I'm completely serious) Yes, you are absolutely correct. In any relatively deterministic system, doing something bad in a predictable way will cause the same failure, predictably. Obviously, as this is deterministic, who is doing said bad thing in said predictable way is irrelevant; thus, multiple things may do the same bad thing with the same bad outcome. The blindingly obvious question this raises is exactly how many things do this. Whether 1 or 2 (or even 10) pieces of hardware do this makes little different if there's 5,000,000 pieces of hardware to test, and you only have the manpower to test 5,000 of them. Would you call testing a patch with merely 5,000 pieces of hardware horribly negligent? If so, I suggest you go work for them, and demonstrate that it's possible to test all 5,000,000 pieces in one month (several times, actually, as there are several patches to check).
There is even a comment which raises a more detailed question about the explanation, which has not yet been answered.
That poster is correct in his last paragraph (and the preceding paragraph, which indicated the problem): it was overlooked because, if it was going to break in this patch, it would have been breaking before this patch, as well; only the timing would have changed. Do you check every morning when you get up to make sure the sky is still blue and the grass is still green (I can smell the jokes coming already)? There are a million ways to do things that MSDN tells you specifically to never ever ever do; do you expect MS to check third-party code for every single one of them?
On one last personal note: Don't try to out-asshole me. You will fail. I'm not exactly proud of that, but you need to pull your head out of your ass before you come after me.
I am hurt that you give me so little credit. I would never attempt to challenge you at something I am so totally and obviously outclassed in. I would be much more concerned if you put me on your friends list.
Most likely they just have a small handful of shell extensions that they would install and test with.
I see even after people responded to you you STILL didn't RTFA. The particular shell extension was for a printer that was so old it wasn't produced at the time the patch was made. How many pieces of hardware does Windows support? Do you want them to test EVERY one of them with every single bug fix? You're batshit insane; even the entire OSS community combined couldn't pull that off.
Okay, he made an error. Why the HELL wasn't it caught in QA? Microsoft wants us to believe that the reason that we have to wait for patches is that they are getting some kind of exhaustive QA. This patch and executable were specifically created to avoid problems with invalid shell extensions. Don't you think that given that fact the thing to do would be to test it with some invalid shell extensions?
How to tell if somebody has only read the summary: they ask a question that was explicitly answered in the link. How to tell that most mods haven't read the article either: said post gets modded insightful.
Given that several people are pointing fingers in this thread and other places, I thought a little bit of hard data was in order: campaign finance data for the movie and recording industries. More detailed information can be found here, here, here, and here.
I'm convinced that the true purpose of DRM isn't to stop internet piracy (that's what the law suits are supposed to be for), but rather to prevent paying customers from making copies to give to their friends. The former is impossible to prevent, but they've done a decent job of making it a PITA for the average person to copy (be it to give to friends, back up, or play it on a player that doesn't like the copy protection). I'll leave it as an exercise to the economist to determine whether that's worth the trouble (and whether it's worth the trouble for people to buy DRMed media).
I have to wonder what they would do if you used the key for something in an open (documented) file format.
I hope the hacker isn't suggesting that this whole encryption key debackle is somehow Microsoft's fault, could you imagine the lawsuit?
Been there, done that, got modded insightful.
"? He was saying that this kid isn't the first who was sent to one of these camps who was neither a dissenter or terrorist. Reading comprehension FTW!"
So you believe he was saying that the government does things randomly and with no reason (valid or immorally self-serving) whatsoever? I give him more credit than that.
If he merely meant that he was certain this wasn't the first person to be sent to reeducation camp, the fact that he was sent to a reeducation camp means there had to be a reason for it (or a believed, if mistaken, reason). The two reasons are either that he was a terrorist or that he's a dissenter. Thus he is also certain that either the kid is a terrorist or dissenter, or the government thought he was. In either case, my point still stands. Never mind the fact that the very mention of consideration that he might be a terrorist, yet still expressing sympathy, validates my point in a different way. Slightly-above-elementary logic FTW!
"Or even the first that isn't really a terrorist, not even a dissenter? I assure you - that's not the case. Sad news is - he's probably a pretty smart kid, and now he is fucked for life. Good luck scoring that academic scholarship and making something of yourself, kid - I genuinely cry a tear for you." ...wait, first you say that you suspect he's a terrorist (one of two possibilities you consider certain), then go on to lament him being arrested, and his life being ruined? How the heck does that follow? If he really were a terrorist, I wouldn't have any sympathy for him.
How strange that the first person to get sent to reeducation camp isn't a terrorist (probably), or even a dissenter.
"Will Slashdot follow as well? If not why or why not?"
That might not be such a bad thing. Think about it:
1. Slashdot posts article containing the key
2. Slashdot gets C&D order from MPAA
3. Slashdot puts up a donation box for lawyer's fees and tells MPAA to go screw themselves
4. Millions of nerds donate $1 each
5. Slashdot hires Johnnie Cochran
6. ???
7. CowboyNeal profits!
Note to self: check that link from Google works before propagating it. Dang it. Is anybody still making t-shirts with that? I still want one :P
I already have it as my tag-line (signature-like) in MSN messenger. And I'm considering getting the t-shirt to wear when I go back to work (out of state, programming) this summer.
What in your entire experience with human beings makes you think people would spend the effort to read all that even if you did provide links to it? To give a truly objective report you could only give links to full speeches or statements, voting history (where the voters would have to read the entire text of the bills the person vote for, etc.), charters of funding parties, etc. Even if you did create a central list of links, nobody has that kind of time (and as we all know people wouldn't spend that much time even if they had it). If you wanted to give summaries of their positions, there's clearly and unavoidably cherry-picking and editorial condensing due to the drastic reduction in information, which would create biased reviews (and don't even think about trying to get all sides to agree on a single fair and representative bullet-point summary of any candidate's positions).
I've noticed that any country that has more than one word that refers to freedom in the name (e.g. "democratic", "people's", "republic", etc.) is usually totalitarian.