1. That would eat away at hardware cosole sales. MS won't go for that.
2. The whole point of consoles is that you can develop for a specific set of hardware. Though not impossible, and it would be great news for devs, I find it difficult to believe MS has solved all the problems relating to developinig for the wide array of PC hardware by making the software think it's running on a specific set of hardware, and performing fine. I am sure some games do low-level GPU stuff, how would that even work with a different GPU? This could possibly be "solved" by only allowing SPECIFIC games that are developed under NEW criteria that would be PC-friendly... but by that point why not develop for PC and release on Steam?
3. MS may try to block systems that aren't fast enough but some will get through. Related to #2, unless they were coded from the beginning with cross-platform capability in mind, many games simply were not made to handle systems that are too slow or too fast (thugh like the above, software running too fast is a problem that can be tackled).
4. Cheating on PC games is a big problem, but because consoles are closed, it is much less of a problem there. This move would dramatically increase the instances of hacking in online Xbox One games that end up on PC.
Well I guess the question is, can Tesla access these logs at any time? It would seem to me the only reason they accessed and likely had to the capability to access these logs was after the fact to diagnose the crash. Which is fine!
Yeah, I don't know why everyone is complaining that MS removed the button that they were complaining was broken.
It only shows it doesn't matter what Microsoft does at this point, the MS haters are out for blood and won't see reason. Best to ignore them at this point I suppose.
The problem is, software has bugs and users who expect computers to "work" aren't going to be diligent in getting patches since they don't care as long as it 'works". I fully support completely automatic Windows Update by default because of this.
Though Microsoft has been... overly enthusiastic with pushing Windows 10, it's easy to see that, given they are incrementally improving security in each new OS version, they want as many people to migrate to 10 as soon as possible to gain the security benefits, and help them drop support for older versions sooner so they can focus on patching/improving the newer ones.
failure of both hardware & software products to be secure (recent Windows laptops security issues),
Can't blame MS for this though (you didn't but I want to make this clear). It's the suppliers of the broken third-party software that is to blame. Honestly Microsoft should throw some weight around to try and encourage vanilla Windows installs. Though there's a lot of money involved in installing shovelware onto new PCs.
If they were using it for internal use, and all the PCs they were using it with were under their control, they could have easily made their own certificates that would be limited in use to their own PCs only. So why ask for a certificate that can spoof any website and will be trusted by every PC?
I think the problem is users are confusing the dialog for a typical multiple-choice decision dialog. It's common to click the close button when you're not sure since that typically selects the "safe" option. But the close button does not always do this, it depends on the type of window. If I close Outlook, I expect it to still have all my e-mails when I open it up again; if I find it cancelled my account I would be upset. In that case, clicking close is assumed to mean that the user does not want any changes to happen to their e-mail; they are done with it for now.
Microsoft was a bit overzealous in scheduling upgrades for users. The dialog that shows up is NOT a decision dialog; the decision was already made by Microsoft! It was an informational dialog to notify you of the decision (and gives you an apparently difficult-to-find control to change this decision). Informational dialogs, by definition, do nothing when you close them; the upgrade would have been kept and that was perfectly in line with the standard for Windows UX. Unfortunately it also proved to be confusing, but I don't think it was malicious. Clearly Microsoft needed to change it since it was confusing users, and they are doing so.
Windows Update works the same way. If you start an update and close the window, the update does not stop. Instead it continues running in the background, since it is an important (to Microsoft) process. So it's understandable a similar process, the upgrade, would be designed to work in a similar way. Like I said, actual user experience now shows it was confusing so it's good MS is changing it.
It is still possible for the short name to be COM4. In any case, you can use the special format: \\?\C:\etc\etc\com4 in a del or similar command. It will usually work as long as the command passes it straight through to the Windows API function calls.
I think a lot of complaints of this nature tend to boil down to the fact that parents think entering their CC is for a single purchase, but they failed to understand the features relating to autofill for CC numbers and how to control those settings.
In addition people seem to never leverage the ability of devices to have multiple user accounts. You can more easily keep CC numbers associated with the parents' accounts and not the kids, and put restriction on the kids' accounts. Not sure the exact capabilities of different mobile OSs, but I can understand them not implementing too many features like these if nobody is using user accounts... it's a chicken-and-egg problem. Hopefully with the rise of biometrics to log into devices we will see devices automatically managing user accounts for you.
IIRC Nintendo confirmed a while ago NX was not VR. I think the latest speculation going around is that it is a tablet system, OR a tablet that can broadcast to your TV through a base station when you're at home. There was a "leak" that confirmed some of this but it was a bit suspicious.
I'm amazed at how many people are totally in love with Apple and are incapable of seeing things objectively.
I have a very specific example myself: after hanging out a bit on/r/steam on reddit, I have discovered there are a surprising number of people who can't seem to understand why Valve won't make a Windows Phone version of the Steam mobile authenticator. A quick search of mobile market share should enlighten anyone.
regsvr32 does not understand DLLs. scrobj.dll does... the contents of the/i switch are passed in to the DLL. Looks like the DLL is the one with the problem.Documentation
I expect most admins can simply block or remove the DLL with little impact on their system unless they are running some obscure program that requires it. Or, as another user suggested, firewall regsvr32 so it can't download files.
If you want to allow Unity Editor to import video formats it doesn't directly support (it only seems to support OGG) you need QuickTime installed. I just installed it less than a month ago on my work PC.
Windows is targeted because that is what everyone uses. If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!
Developers: Hey, what should we do if we can't resolve an IP? We're thinking throw back a detailed error message of the reason.
Project Manager: No, we want to give as much information as we can, then we can claim to resolve any IP, which adds value for our customers. Just return the coordinates of the center of the country the IP is issued to.
Developers: That's a terrible...
Project Manager: Just do it.
Developers: Fine.
Nobody's beaten Google's 2FA. Remote install does not REQUIRE 2FA. If Google should decide it does, they can throw up a prompt for a code when you go to do a remote install and suddenly the "vulnerability" is gone. I agree with the article as much as they might want to do this. Right now Google uses 2FA for login and protecting account security settings only.
It's important to note that an attacker would already have to be logged in as a user. If a user keeps themselves logged into an insecure PC an attacker can use there's only so much Google can do... the article doesn't really mention the attacker has access to much of the user's Google services and data in addition to remote install. It brings to mind the "It rather involved being on the other side of this airtight hatchway" class of "vulnerability" that Raymond Chen bases off a quote from The Hitchhiker's Guide.
In addition there's a couple problems not addressed in the link I can see. First of all, AFAIK, other than on a really old version of Android through a glitch, any newly installed app cannot run any code until the first time the user launches it. Then it is allowed to install background services and whatever. But not before then. So if you manage to silently install an app which the user never sees or runs you've defeated yourself. Secondly, this can only be used to install apps from Google Play, which Google can manage to take down malicious apps as they are reported.
As a coder I would classify that as a bug or glitch, as it was most surely unintentional, whereas easter eggs are. It sounds like the website was allowing users to view and comment on stories that did not actually exist.
Windows EXEs and DLLs have the MS-DOS EXE header so if you try to run them in MS-DOS, MS-DOS can try to run them. Typically this stub just prints out "This program cannot be run in DOS mode." and exits. Some apps could even run in both Windows and DOS (though this was back during the 3.1 days when both were in common use)... both versions were crammed into the same EXE. You could probably still do it today.
You can try it out today by trying to run Windows apps in DOSBox. The message it prints out is generated by the application you run.
The name first has to pass through other layers even before it hits the database. I am betting it is getting hung up on JavaScript. Or to be more precise, poor JavaScript code (JavaScript itself is more than capable, it just is easier to make this kind of mistake if you're not careful).
Specifically, if you manage to cast null to a string, you get "null". I can see someone casting everything to strings to compare them, making this mistake.
The only good thing that could come out of this is research and developing of encryption for consumers that's always on, and that is unbreakable even if the Feds seize all the company's assets.
Slashdot Mirror
1. That would eat away at hardware cosole sales. MS won't go for that.
2. The whole point of consoles is that you can develop for a specific set of hardware. Though not impossible, and it would be great news for devs, I find it difficult to believe MS has solved all the problems relating to developinig for the wide array of PC hardware by making the software think it's running on a specific set of hardware, and performing fine. I am sure some games do low-level GPU stuff, how would that even work with a different GPU? This could possibly be "solved" by only allowing SPECIFIC games that are developed under NEW criteria that would be PC-friendly... but by that point why not develop for PC and release on Steam?
3. MS may try to block systems that aren't fast enough but some will get through. Related to #2, unless they were coded from the beginning with cross-platform capability in mind, many games simply were not made to handle systems that are too slow or too fast (thugh like the above, software running too fast is a problem that can be tackled).
4. Cheating on PC games is a big problem, but because consoles are closed, it is much less of a problem there. This move would dramatically increase the instances of hacking in online Xbox One games that end up on PC.
Well I guess the question is, can Tesla access these logs at any time? It would seem to me the only reason they accessed and likely had to the capability to access these logs was after the fact to diagnose the crash. Which is fine!
It's good to have a formal study done that can be cited, rather than just a theory or anecdotes.
Yeah, I don't know why everyone is complaining that MS removed the button that they were complaining was broken.
It only shows it doesn't matter what Microsoft does at this point, the MS haters are out for blood and won't see reason. Best to ignore them at this point I suppose.
They won't tell you you're training your replacement. He'll just be there as another member of the team.
The problem is, software has bugs and users who expect computers to "work" aren't going to be diligent in getting patches since they don't care as long as it 'works". I fully support completely automatic Windows Update by default because of this.
Though Microsoft has been... overly enthusiastic with pushing Windows 10, it's easy to see that, given they are incrementally improving security in each new OS version, they want as many people to migrate to 10 as soon as possible to gain the security benefits, and help them drop support for older versions sooner so they can focus on patching/improving the newer ones.
Can't blame MS for this though (you didn't but I want to make this clear). It's the suppliers of the broken third-party software that is to blame. Honestly Microsoft should throw some weight around to try and encourage vanilla Windows installs. Though there's a lot of money involved in installing shovelware onto new PCs.
If they were using it for internal use, and all the PCs they were using it with were under their control, they could have easily made their own certificates that would be limited in use to their own PCs only. So why ask for a certificate that can spoof any website and will be trusted by every PC?
I think the problem is users are confusing the dialog for a typical multiple-choice decision dialog. It's common to click the close button when you're not sure since that typically selects the "safe" option. But the close button does not always do this, it depends on the type of window. If I close Outlook, I expect it to still have all my e-mails when I open it up again; if I find it cancelled my account I would be upset. In that case, clicking close is assumed to mean that the user does not want any changes to happen to their e-mail; they are done with it for now.
Microsoft was a bit overzealous in scheduling upgrades for users. The dialog that shows up is NOT a decision dialog; the decision was already made by Microsoft! It was an informational dialog to notify you of the decision (and gives you an apparently difficult-to-find control to change this decision). Informational dialogs, by definition, do nothing when you close them; the upgrade would have been kept and that was perfectly in line with the standard for Windows UX. Unfortunately it also proved to be confusing, but I don't think it was malicious. Clearly Microsoft needed to change it since it was confusing users, and they are doing so.
Windows Update works the same way. If you start an update and close the window, the update does not stop. Instead it continues running in the background, since it is an important (to Microsoft) process. So it's understandable a similar process, the upgrade, would be designed to work in a similar way. Like I said, actual user experience now shows it was confusing so it's good MS is changing it.
It is still possible for the short name to be COM4. In any case, you can use the special format: \\?\C:\etc\etc\com4 in a del or similar command. It will usually work as long as the command passes it straight through to the Windows API function calls.
I think a lot of complaints of this nature tend to boil down to the fact that parents think entering their CC is for a single purchase, but they failed to understand the features relating to autofill for CC numbers and how to control those settings.
In addition people seem to never leverage the ability of devices to have multiple user accounts. You can more easily keep CC numbers associated with the parents' accounts and not the kids, and put restriction on the kids' accounts. Not sure the exact capabilities of different mobile OSs, but I can understand them not implementing too many features like these if nobody is using user accounts... it's a chicken-and-egg problem. Hopefully with the rise of biometrics to log into devices we will see devices automatically managing user accounts for you.
IIRC Nintendo confirmed a while ago NX was not VR. I think the latest speculation going around is that it is a tablet system, OR a tablet that can broadcast to your TV through a base station when you're at home. There was a "leak" that confirmed some of this but it was a bit suspicious.
AIDE is a tool for developers, Nintendo's offerings are meant for everyone to be able to pick up and use. Ease-of-use is the priority, not power.
I have a very specific example myself: after hanging out a bit on /r/steam on reddit, I have discovered there are a surprising number of people who can't seem to understand why Valve won't make a Windows Phone version of the Steam mobile authenticator. A quick search of mobile market share should enlighten anyone.
regsvr32 does not understand DLLs. scrobj.dll does... the contents of the /i switch are passed in to the DLL. Looks like the DLL is the one with the problem.Documentation
I expect most admins can simply block or remove the DLL with little impact on their system unless they are running some obscure program that requires it. Or, as another user suggested, firewall regsvr32 so it can't download files.
If you want to allow Unity Editor to import video formats it doesn't directly support (it only seems to support OGG) you need QuickTime installed. I just installed it less than a month ago on my work PC.
Make them Redundant backups too? Good idea.
Windows is targeted because that is what everyone uses. If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!
More like:
Developers: Hey, what should we do if we can't resolve an IP? We're thinking throw back a detailed error message of the reason.
Project Manager: No, we want to give as much information as we can, then we can claim to resolve any IP, which adds value for our customers. Just return the coordinates of the center of the country the IP is issued to.
Developers: That's a terrible...
Project Manager: Just do it.
Developers: Fine.
Nobody's beaten Google's 2FA. Remote install does not REQUIRE 2FA. If Google should decide it does, they can throw up a prompt for a code when you go to do a remote install and suddenly the "vulnerability" is gone. I agree with the article as much as they might want to do this. Right now Google uses 2FA for login and protecting account security settings only.
It's important to note that an attacker would already have to be logged in as a user. If a user keeps themselves logged into an insecure PC an attacker can use there's only so much Google can do... the article doesn't really mention the attacker has access to much of the user's Google services and data in addition to remote install. It brings to mind the "It rather involved being on the other side of this airtight hatchway" class of "vulnerability" that Raymond Chen bases off a quote from The Hitchhiker's Guide.
In addition there's a couple problems not addressed in the link I can see. First of all, AFAIK, other than on a really old version of Android through a glitch, any newly installed app cannot run any code until the first time the user launches it. Then it is allowed to install background services and whatever. But not before then. So if you manage to silently install an app which the user never sees or runs you've defeated yourself. Secondly, this can only be used to install apps from Google Play, which Google can manage to take down malicious apps as they are reported.
I see your Schwartz is as big as mine.
It will be on your next credit card statement, or you can see it sooner if your CC company allows you to view your balance online.
As a coder I would classify that as a bug or glitch, as it was most surely unintentional, whereas easter eggs are. It sounds like the website was allowing users to view and comment on stories that did not actually exist.
Windows EXEs and DLLs have the MS-DOS EXE header so if you try to run them in MS-DOS, MS-DOS can try to run them. Typically this stub just prints out "This program cannot be run in DOS mode." and exits. Some apps could even run in both Windows and DOS (though this was back during the 3.1 days when both were in common use)... both versions were crammed into the same EXE. You could probably still do it today.
You can try it out today by trying to run Windows apps in DOSBox. The message it prints out is generated by the application you run.
The name first has to pass through other layers even before it hits the database. I am betting it is getting hung up on JavaScript. Or to be more precise, poor JavaScript code (JavaScript itself is more than capable, it just is easier to make this kind of mistake if you're not careful).
Specifically, if you manage to cast null to a string, you get "null". I can see someone casting everything to strings to compare them, making this mistake.
The only good thing that could come out of this is research and developing of encryption for consumers that's always on, and that is unbreakable even if the Feds seize all the company's assets.