I'm thinking of a device-stage plug-in could be similar to a device driver in the sense that there are WHQL-style requirements that must, and the plug-in might need to be signed etc. so that offending manufacturers can be hunted down and exterminated etc. Without that, there's almost no doubt that it'll suffer from overzealous link-additions, and other such crap from vendors.
I also wonder how this will work across regions and sub-versions of devices. For example if you have an HTC Diamond from Sprint vs. and unlocked Diamond direct from HTC which you're using in say Taiwan -- the links and documentation you need are totally different.
I simply don't trust the device makers to get this right in the first iteration. But it's still a cool idea -- it's gotta come good as some point in the future.
Actually both these technical limitations aren't true. At a cruising altitude of say 25,000 feet you are a mere 5 miles away from the ground -- with nothing absorbing/obstructing the signal. As a reference, a typical cellphone tower services and area of 10 square miles (so lets say up to a radius of 3.1 miles) -- but is easily capable of going going up to 5 miles. The reason you wouldn't normally be connected to a tower beyond 3 miles in a city -- well, by that point you're probably closer to another tower (i.e. you're in another cell site) -- plus on the ground the signal needs to get through all the buildings, foliage, etc. between you and the tower. In an aircraft, you've got nothing but thin air between you and the site.
Interestingly, the actual technical limitation is that (in a sense) you'll be able to get too strong a signal. i.e. your phone will be able to simultaneously communicate with several cell sites. This causes problems with the channel reuse -- on the ground channel reuse works by dividing the spectrum into chunks and making adjacent cell sites use different chunks of the spectrum. In the air, if you might be able to hit two different cell sites that use the same chunk (not to mention the adjacent ones between them). That condition, or the rapid switching (thrashing) between these two cell sites could even cause a crash in the switch (in the base station).
This is how stupid rumors start.. think for a second: this is swag at PDC! The disk has an OS, SDK tools, loads of video content, and it's still probably not full.
Win7 will fit on a DVD. There's no other distribution method available. Even a freaking BluRay disk won't be able to hold a 160GB OS.
With the one exception of the nVidia proprietary driver (which I use over the open-source driver for performance reasons, not stability reasons), every last driver on my machine came with the kernel. I don't need to trust the quality of anything produced by any hardware manufacturer. I can use drivers that I know will work and that I know will be extremely stable.
...
The Windows approach is demonstrably inferior in this case
Trouble is, it's a fallacy to frame the discussion solely in terms of stability. Especially for Graphics Drivers -- performance is critical here, and linux drivers are woefully non-performant (think linux gaming - or the lack thereof). And the reason for that is that they aren't made by the GPU manufacturer.
Even in terms of stability your argument isn't necessarily true. I've spent plenty of hours of my life searching for tricks to get graphics drivers working in Linux for very non-exotic configurations. The picture has been improving dramatically for a while (for stability and performance in linux graphics drivers) -- but only after the GPU manufacturers came on board themselves -- which just happens to be the MS model. The only difference remaining between the two models then, relates to source code control.
Now having said that, I actually disagree (with OP) about MS having 'no control' over the manufacturers. I think we can agree that they have 'influence' at the very least. It's possible they (MS) underestimated the costs, complexities etc. the GPU guys were dealing with. Or perhaps MS didn't nail the changes to their driver model in time for the GPU guys to get their drivers ready. Or MS told the GPU dudes "please be ready by x date" and the GPU dudes thought to themselves "ok, that really means we have until y date". Whatever it is, both parties share blame -- the GPU dudes for not getting their shit together and the MS dudes for not impressing upon the GPU dudes the importance of getting their shit together, and not delaying their launch when they were unsuccessful in doing that.
My bad - Bizarre Creations. Of course, the point still stands. Bizarre is owned by Activision. The only thing MS or Sony can do to get exclusive titles from them is to either throw cash at them, or produce the title themselves (like how MS is the producer for GoW and EA Games is the developer). In general, it costs money to get exclusive titles and depending on what's coming down the pipeline, sometimes it just might not be worth it..
Dude, your post makes no sense. Why would MS want to stunt the xbox?
They let their one big developer Bungie leave to go work on multiplatform titles.
Bungie wanted to leave. MS allowed them to, kept the rights to Halo, and first right of refusal to Bungee games. It's better this way (for the xbox) -- Bungie remains a happy studio, and they make games for the xbox. The other way around, Bungie employees get pissed and leave, and MS is left with the skeleton.
The let Bizzare and Bioware leave exclusive Xbox development.
They don't get to choose this. Blizzard and Bioware can do whatever they want. MS and Sony usually pay huge sums of money for exclusive titles (on a per-title basis). More and more, they're both deciding it isn't worth it. Everybody wins this way of course -- 'cos more games are available on both platforms. If fact, MS is probably wagering that the Xbox live experience is the differentiator that makes people choose to buy non-exclusive titles on an xbox instead of a ps3. Either way, they've done the math and decided most exclusives aren't worth the price. They still do have exclusive titles when they are important enough (for example, Gears of War II).
They've shutdown other minor firstparty exclusive Xbox developers over the past year or two.
Sources? Anything??
Tecmo appears to be going full multiplatform now that Itagaki is gone.
Repeat after me: MS does not control independant studios, and this is Good Thing anyway.
That leaves Microsoft with just Rare, Lionhead, and Turn 10. Maybe one more. Compare that to Nintendo who has 10 first party studios. And even worse to Sony who now has 20 or so first party studios.
What's the point of having 20 first party studios if you don't even have 20 total games that are worth playing? I just don't understand your point. Are you trying to say there's a dearts of good titles for the Xbox? I hope you realize how ridiculous that sounds.
It should be obvious why Microsoft has had virtually nothing new to show at game conferences over the past year. Getting 360 ports of PC games isn't going to do anything in the console market - especially now that even mid range PC graphics are far beyond 360 game levels.
??
Remember that the xbox GPU is more powerful than the PS3 CPU. See here for details. It's normal for GPUs in the market to outstrip console GPU performance mid-way through the life of a console. You're trying to make some convoluted argument to support your statement about MS trying to kill the 360, but you're not making much sense.
btw: The new xbox dashboard, netflix "watch it now", gears of war II. Nothing new to show at game conferences over the past year?? There's more, but your claim isn't worth responding to.
Perhaps Microsoft has finally decided they need to stop wasting their time in the console market and will start to turn their attention back to PC gaming.
Do you actually beleive what you just wrote? Look, at this point, I assume you're a PS3 fanboi. That's fine. Why can't you just enjoy your PS3 without dissing the 360? Think about it -- without stiff competition from the xbox, the PS3 itself wouldn't be as awesome as it is. And remember that MS's efforts have brought us the Halo series, GoW, Xbox live. By what yardstick do you think they are wasting their time??
Hmm. Who is more like GWB
- Politician who has not sponsored a single bill on his own. Go here to read about Bills sponsored by Obama to the 109th and 110th United States Congress. He's sponsored 131 bills so far.
- Person who hired one of the most manipulative old hands in the senate. I'm not even sure who you're referring to right now..
- Person with only one election ever to a state wide office? Obama has been elected to the Illinois State senate 3 times, and the US senate 1 times -- that's a total of 4 elections to a state wide office or better.
- Person who voted for the bridge to nowhere? This is something you fabricated in another post as well. Obama did not vote for this.
or
- Person who has been a pain in the side of corrupt officials in both parties: This same person was absent from all key votes on the Bridge to Nowhere (link). So much for being a pain in the side of corrupt officials -- he even offered Ted Stevens advice when he was being investigated for corruption!
- Person who was literally tortured for his country: It's a commendable feat, but how is this a criteria for becoming president?
- Person who opposed Rumsfeld for years before he was kicked out by the administration: Then why is he running on the same party's ticket? Because his ideology is the same.
- Person who pushed for the strategy in Iraq that has resulted in the level of violence being lower then it was pre-war: Lower than it was pre-war? Where do you get this stuff from?? And remember -- he's still running on the ticket of the party that got us into this damn war in the first place. Never forget - we are invading a foreign country here - this war was of our making, and we were *wrong* to wage it. Iraq had no involvement in 9/11. Iraq had no links to Al Quaida until we invaded it. We sent more of our troops to their deaths than the number of people we lost in 9/11. We have killed well over 100,000 Iraqi civillians and displaced over 1 million of them to refugee camps. And we spent 1 Trillion dollars on this war, when our economy is extremely weak, all the time making noise about 'small government'. That's the result of the think-tank McCain belongs to.
She has strong libertarian roots, has made a point to go after Ted Stevens - and the bridge to nowhere that Obama also voted for.
Obama didn't vote for the bridge. Why are you fabricating this stuff?
In fact, the media is trying to portray McCain as having aggressively opposed the the bridge, when in fact he did no such thing, and he was absent from all key senate votes on the matter: http://www.factcheck.org/outrageous_exaggerations.html
To McCain's credit he has been a reliable opponent of pork-barrel spending. But your post simply gets the facts wrong (about Obama's vote), and the media does as well when they portray McCain as having opposed spending on the bridge. In fact, you're even wrong about Palin opposing spending on the bridge -- she was initially in favor of it, and changed her stance only when it became clear how tainted the project was, and that there was no support for it in the senate.
If you're going to develop games for Xbox 360 and want to sell your game on Xbox LIVE Community Games, you'll need a Premium membership. It's just $99 per year or $49 for four months.
In addition to the above, I'd point out that XNA creator's club (link) is a great place to make turn your concept into reality -- assuming you're also planning on doing the actual implementation.
Most importantly: AFAIK, the creators club also provides a network where you can find other people interested in making the game, so for example, if you need another couple of coders, or an artist or somebody capable of doing sounds etc., creators club is probably the best place to find them.
My argument is that Microsoft's design is stupid. They force you to install IE, refuse to let you uninstall it, but that lock it down to the point of being unusable, even to someone with an admin account, because you shouldn't be using a web browser on a server anyway.
If they're acknowledging that you shouldn't be browsing the web on a server anyway, and acknowledging that having a browser on a server is a security concern, then let me remove it! Don't put it on at all!
As I said earlier, the current design permits safe uses of the browser: viewing html documentation on the machine itself, hitting intranet sites, and hitting trusted zone sites (whitelist security). So your point about the design being flawed is invalid.
Actually -- if you need to use *trust* for an extended period of time *that* is bad security
Nope, you need trust either way. If I have admin rights on your server and I'm either malicious or stupid, I can screw you over. There's really no way around that.
In the model I described, admins don't have access to the machines -- so a malicious admin can't screw you over. And ops people don't have the knowledge to be malicious. IE's current security model prevents them from doing dangerous due to stupidity. I'm done arguing with you -- if you don't want to see the point in this design, that's your choice. Thanks for a civil discussion though.
Dude! I'm not saying that I don't know what I'm doing with the server, I'm saying MS doesn't know.
I realized that. But that's the very definition of a "vague requirement". The concrete requirement is that MS knows that this OS is to be used for some role where security is of paramount importance.
Then wouldn't you want a server OS that didn't have IE installed at all, rather than one that that has it installed with absurd security policies?
Yes - that would be ideal. No GUI would be ideal as well (though there are scenarios where you'd still want a browser). MS has made their usability vs. security trade-off very well in this case, but these suggestions would make it even better. Hopefully we get this in Windows 7 -- I've heard talk about that. Window's Server OSes have been improving dramatically with every release, so I have hope for Windows 7 that we'll get a server SKU with that option. I'm sure even if it does happen, that most Windows server SKUs will still have GUIs and browsers.
But until then, IE's Enhanced Security Config will have to do. And that's ok because of the scenarios I alluded to earlier. Namely:
- Sites in the "trusted" zone (whitelist security).
- Sites in the intranet zone that are ok to hit.
- Access to HTML documentation on the server itself.
It's at the point of general access to the internet at large, that the security risk becomes too large to permit by default on a server OS.
But if Debian came with a default security policy where even logged in as root, Links refused to download files, I'd think that was a pretty stupid design.
This argument is pretty silly. As admin you can turn of IE ESC and do whatever you want. You have the power. You have the knowledge. Go do it. Windows is not trying to defy you. It's just got a strict default security setting.
To put it another way, if you're giving admin access on your servers to a bunch of malicious morons and relying on a security profile to lock them out from causing trouble, then *that* is bad security.
Actually -- if you need to use *trust* for an extended period of time *that* is bad security. There's a reason that in any datacenter worth the name, admins don't actually get to touch the machines they administer. They need to have very clearly documented processes that are carried out by the *operations* folks. Even the passwords to machines are controlled by ops and not admins. The ops folks work in rotations so that there is a team present 24/7/365 -- not on call, but on site.
And the ops folks are not computer experts -- they are experts at *following procedure*. That's real change management in a real data center -- and that's what WS '03 and WS '08 are designed for. And guess what - this actually makes things *run smoother*. Most (if not all) fortune 500 companies have this sort of change management in place for thier data centers.
If you've been through the pain of a Sarbanes Oxley audit, you'd know that a lot of these procedures are actually mandated for servers that do anything affecting financials/the general ledger. So at the risk of sounding like a stuck record -- the issue here is much much bigger than the convenience of the admin, or his/her competence, etc.
Depends on the environment, doesn't it? Maybe I want to make some changes to AD, run a backup, etc. Maybe I'm using it as a TS server for a specific application, or for remote access.
Dude! It does not work like this in the real world. Have you seen the reams of change management you need to go through to actually make changes to a server that does real commerce (I'm talking Sarbox regulations and such). Many companies have policies that are even stricter than SarBox. This ad-hoc "maybe i'm doing this, or maybe i'm doing that" is a very vague requirement for a server OS (though it's valid for an end-user OS). I want to run a server that handles real data or real commerce, and should be rock-solid-reliable with the smallest possible attack surface -- that's a requirement for a server OS.
The point is, when admin explicitly tells the OS to do something, the OS ought to do it. It might be a great idea for the OS to ask, "Are you sure?", but stupid for it to say "No."
In this case, the admin is explicitly supposed to enable this scenario on the server. The server default config is "do not allow". It's obeying the default config. As admin, if you want to change it, you can. If you don't have the IIS role installed on a machine and type 'net start whatever' the server won't obey you. It's the same case -- you're using the OS the wrong way. I acknowledge that your larger point is that this usage shouldn't be incorrect. But that point itself is wrong -- because security trumps the convenience of the admin on a server OS.
You can recognize 'dumb design' but your reaction is to lower the security of your server?
Didn't say I'd lower the security, I said I'd disable those security policies. Specifically because those policies are poorly designed and aren't actually making my server more secure.
Works well when this is your own personal web server or some such thing. Doesn't work so well for a server in a data center, virtually administrated by a team of admins, and actually physically administrated by a team of operators who really don't know better. In a real data center, you will have made your server less secure.
It's more serious than that. Once the spammers know your name they can construct more personalized messages
They can already do this (and do), based on the name of your email account and other sources.
So google should stop securing gmail because your email and name might already be in somebody's DB?
Based on what? The presence or absence of a name amongst the text is not going to affect spam scoring.
I admit I don't know enough about spam scoring algo's to debate this.
Spammers don't wait for you to email them. They buy lists of email addresses in bulk.
No shit. This doesn't have anything to do with that.
If the spammer gets your gmail address from a DB or a generator, now they just need to use the calendar vuln. to get your name. So to keep your name out of the hands of spammers, if you have a gmail account, you would need to *become* the kind of person who emails others without disclosing their real name - i.e. you would have to not provide your real name in your gmail account settings. That was your question.
Your whole point seems to be -- it isn't possible to keep the association between your email address and name private, so why bother? My point is, if you want to do it, you should be able to. Keeping your contact info and name secure is a reasonable expectation. Flaws elsewhere that reveal this don't excuse flaws in your email provider -- they too need to be fixed. Whatever you might think about a name not helping with social engineering attacks -- consider that emails from Nigerian princes are still thriving. Clearly somebody is falling prey to stuff like that. If that works, using names works too.
Sure, it's an unfortunate bug. Yes, the spam has potential to annoy--but it's spam; would you even notice a few more in the spam box?
It's more serious than that. Once the spammers know your name they can construct more personalized messages which has two implications:
- Increased chance of success in a social engineering attack.
- Better chance of fooling a spam filter.
If you're the kind of person who emails others without disclosing your real name, why would you give your real name to the email provider?
Spammers don't wait for you to email them. They buy lists of email addresses in bulk. For this particular vulnerability, they can even use a random generator and just keep track of the hits when adding appointments to the calendar.
Unless I'm a spambot, I'm not going to sit down and type out random strings of words and numbers to find out the name data on some arbitrary addresses. Whether it's Hotmail or Yahoo or Gmail doesn't matter here.
Assume you are a spambot then -- that's what TFA is about -- a security vulnerability in Gmail that spammers can take advantage of. Spammers are usually interested in creating spambots.
I don't know where OP's question about "evilness" comes in. Google deserves the benefit of doubt (about this being an honest mistake) as long as they fix it, rather than issuing some BS reason not to.
If I have the admin account and I want to download some software and install it, and my OS has security policies to prevent me from doing that, then I'm going to disable those security policies. Because it's a dumb design.
You can recognize 'dumb design' but your reaction is to lower the security of your server?
Anyway, configuring a server over an "air gap" network is a very common security requirement. It's not anticipated that you will need to go to the 'net for anything, and if you do, you should be a good enough admin to do it the right way. Generally that means downloading stuff on a different machine, scanning it, and then transferring it to some media.
For a machine that's ideally supposed to chug away at it's task unattended for several years no security measure is too paranoid. The convenience of running smoothly for years trumps the admin's 10-second convenience of doing downloads the easy way.
... the admin account shouldn't be given to anyone that's planning using that access to install Bonzai Buddy anyway.
The admin might think he/she is visiting a legit site and still get pwned because of a vulnerability. Attack surface reduction is one of the most basic and most important tentets of security and for a server it means shutting down things you don't need. Web browsing is not needed for a server role. You have the ability to override if you wish -- but for the primary role, it is not needed.
If you want someone to be able to log in and not install software, then give them a restricted account.
If it's primary role is that of a server, why would you want someone logging in and doing anything at all? Besides, even a less privileged user could get the system pwned by a vulnerability that includes a privilege-escalation. The primary role of this OS demands that security overrides convenience.
As always, the ability is there if you want to use it. But the primary role is very well defined, and the machine is streamlined for that role. WS '08 is supposed to be an AD/exchange/database/web/app/<many more> server -- not a workstation. Security is of vital importance. You can use it as a workstation if you so wish, but you have to tweak a few settings to make it suit that role. That's what TFA is about -- the settings you need to tweak.
Enhanced security mode -- you can turn it off from the server manager. But then again -- this is supposed to be a server OS so it makes sense to disallow such risky behavior (by default) on a server OS.
What "risky behavior"? Allowing the administrator of the machine to install the software that they want? My frustration comes about because, if I've just installed Windows Server fresh, I can't go to the Internet and download drivers that I might need. I can't go download my backup software and install it. I basically can't do much of anything without reconfiguring the security settings first, even if I'm the administrator. And it doesn't just prompt, "This might be bad, do you really want to do this?" I doesn't allow it.
The reason it isn't true: go to Tools > Internet Options > Security > Custom Level. IE's security options are actually extremely fine-grained -- it's pretty far from an all-or-nothing approach.
Great, so i should go mucking around in list of random poorly-labelled security settings in order to do things I should be able to do by default, and hope that I'm disabling the right things, and not doing something even dumber? Why not just have reasonable security settings from the outset?
Dude -- let me repeat -- it's a server OS. All these defaults make sense for an application/web/database/whatever server that sits in a datacenter somewhere and needs to be as locked down as possible. The user experience takes a lower priority to security.
Again, some of the security enhancements on Microsoft's servers are absurd. I can't remember all the details, but recent versions of their servers won't allow you to download anything from the Internet, won't let you install plugins or ActiveX controls (it won't even ask you, it just won't allow it), and even if you manage to download something, Windows won't run it.
Enhanced security mode -- you can turn it off from the server manager. But then again -- this is supposed to be a server OS so it makes sense to disallow such risky behavior (by default) on a server OS.
You can either jump through insane hoops to get things working, or you can disable their security.
Not true, but it's possible that most people will effectively do just that.
The reason it isn't true: go to Tools > Internet Options > Security > Custom Level. IE's security options are actually extremely fine-grained -- it's pretty far from an all-or-nothing approach. Even with Enhanced security mode on, you can explicitly add sites to the various zones (intranet, trusted, etc.) so you end up with a white-list approach.
What if the USA stops helping to create wars and manipulating the markets around the world, and helping to create unstable and volatile political situations, that are the conditions that eventually lead all this so called 'third world countries' to be in the terrible situation they are now... ?
No, we don't need your stupid help MIT. We need you to stay home, and stop playing to be the world police.
I think you're confusing two different things -- US foreign policy, and MIT have nothing to do with each other. The world does need MIT. And you don't speak for the people MIT is trying to help.
Slashdot Mirror
It might still depend on implementation details.
I'm thinking of a device-stage plug-in could be similar to a device driver in the sense that there are WHQL-style requirements that must, and the plug-in might need to be signed etc. so that offending manufacturers can be hunted down and exterminated etc. Without that, there's almost no doubt that it'll suffer from overzealous link-additions, and other such crap from vendors.
I also wonder how this will work across regions and sub-versions of devices. For example if you have an HTC Diamond from Sprint vs. and unlocked Diamond direct from HTC which you're using in say Taiwan -- the links and documentation you need are totally different.
I simply don't trust the device makers to get this right in the first iteration. But it's still a cool idea -- it's gotta come good as some point in the future.
Actually both these technical limitations aren't true. At a cruising altitude of say 25,000 feet you are a mere 5 miles away from the ground -- with nothing absorbing/obstructing the signal. As a reference, a typical cellphone tower services and area of 10 square miles (so lets say up to a radius of 3.1 miles) -- but is easily capable of going going up to 5 miles. The reason you wouldn't normally be connected to a tower beyond 3 miles in a city -- well, by that point you're probably closer to another tower (i.e. you're in another cell site) -- plus on the ground the signal needs to get through all the buildings, foliage, etc. between you and the tower. In an aircraft, you've got nothing but thin air between you and the site.
Interestingly, the actual technical limitation is that (in a sense) you'll be able to get too strong a signal. i.e. your phone will be able to simultaneously communicate with several cell sites. This causes problems with the channel reuse -- on the ground channel reuse works by dividing the spectrum into chunks and making adjacent cell sites use different chunks of the spectrum. In the air, if you might be able to hit two different cell sites that use the same chunk (not to mention the adjacent ones between them). That condition, or the rapid switching (thrashing) between these two cell sites could even cause a crash in the switch (in the base station).
http://en.wikipedia.org/wiki/Mobile_phones_on_aircraft
This is how stupid rumors start.. think for a second: this is swag at PDC! The disk has an OS, SDK tools, loads of video content, and it's still probably not full. Win7 will fit on a DVD. There's no other distribution method available. Even a freaking BluRay disk won't be able to hold a 160GB OS.
Even worse -- they aren't even Windows 7 beta screenshots -- they're M3 screenshots.
With the one exception of the nVidia proprietary driver (which I use over the open-source driver for performance reasons, not stability reasons), every last driver on my machine came with the kernel. I don't need to trust the quality of anything produced by any hardware manufacturer. I can use drivers that I know will work and that I know will be extremely stable.
...
The Windows approach is demonstrably inferior in this case
Trouble is, it's a fallacy to frame the discussion solely in terms of stability. Especially for Graphics Drivers -- performance is critical here, and linux drivers are woefully non-performant (think linux gaming - or the lack thereof). And the reason for that is that they aren't made by the GPU manufacturer.
Even in terms of stability your argument isn't necessarily true. I've spent plenty of hours of my life searching for tricks to get graphics drivers working in Linux for very non-exotic configurations. The picture has been improving dramatically for a while (for stability and performance in linux graphics drivers) -- but only after the GPU manufacturers came on board themselves -- which just happens to be the MS model. The only difference remaining between the two models then, relates to source code control.
Now having said that, I actually disagree (with OP) about MS having 'no control' over the manufacturers. I think we can agree that they have 'influence' at the very least. It's possible they (MS) underestimated the costs, complexities etc. the GPU guys were dealing with. Or perhaps MS didn't nail the changes to their driver model in time for the GPU guys to get their drivers ready. Or MS told the GPU dudes "please be ready by x date" and the GPU dudes thought to themselves "ok, that really means we have until y date". Whatever it is, both parties share blame -- the GPU dudes for not getting their shit together and the MS dudes for not impressing upon the GPU dudes the importance of getting their shit together, and not delaying their launch when they were unsuccessful in doing that.
My bad - Bizarre Creations. Of course, the point still stands. Bizarre is owned by Activision. The only thing MS or Sony can do to get exclusive titles from them is to either throw cash at them, or produce the title themselves (like how MS is the producer for GoW and EA Games is the developer). In general, it costs money to get exclusive titles and depending on what's coming down the pipeline, sometimes it just might not be worth it..
Dude, your post makes no sense. Why would MS want to stunt the xbox?
They let their one big developer Bungie leave to go work on multiplatform titles.
Bungie wanted to leave. MS allowed them to, kept the rights to Halo, and first right of refusal to Bungee games. It's better this way (for the xbox) -- Bungie remains a happy studio, and they make games for the xbox. The other way around, Bungie employees get pissed and leave, and MS is left with the skeleton.
The let Bizzare and Bioware leave exclusive Xbox development.
They don't get to choose this. Blizzard and Bioware can do whatever they want. MS and Sony usually pay huge sums of money for exclusive titles (on a per-title basis). More and more, they're both deciding it isn't worth it. Everybody wins this way of course -- 'cos more games are available on both platforms. If fact, MS is probably wagering that the Xbox live experience is the differentiator that makes people choose to buy non-exclusive titles on an xbox instead of a ps3. Either way, they've done the math and decided most exclusives aren't worth the price. They still do have exclusive titles when they are important enough (for example, Gears of War II).
They've shutdown other minor firstparty exclusive Xbox developers over the past year or two.
Sources? Anything??
Tecmo appears to be going full multiplatform now that Itagaki is gone.
Repeat after me: MS does not control independant studios, and this is Good Thing anyway.
That leaves Microsoft with just Rare, Lionhead, and Turn 10. Maybe one more. Compare that to Nintendo who has 10 first party studios. And even worse to Sony who now has 20 or so first party studios.
What's the point of having 20 first party studios if you don't even have 20 total games that are worth playing? I just don't understand your point. Are you trying to say there's a dearts of good titles for the Xbox? I hope you realize how ridiculous that sounds.
It should be obvious why Microsoft has had virtually nothing new to show at game conferences over the past year. Getting 360 ports of PC games isn't going to do anything in the console market - especially now that even mid range PC graphics are far beyond 360 game levels.
??
Remember that the xbox GPU is more powerful than the PS3 CPU. See here for details. It's normal for GPUs in the market to outstrip console GPU performance mid-way through the life of a console. You're trying to make some convoluted argument to support your statement about MS trying to kill the 360, but you're not making much sense.
btw: The new xbox dashboard, netflix "watch it now", gears of war II. Nothing new to show at game conferences over the past year?? There's more, but your claim isn't worth responding to.
Perhaps Microsoft has finally decided they need to stop wasting their time in the console market and will start to turn their attention back to PC gaming.
Do you actually beleive what you just wrote? Look, at this point, I assume you're a PS3 fanboi. That's fine. Why can't you just enjoy your PS3 without dissing the 360? Think about it -- without stiff competition from the xbox, the PS3 itself wouldn't be as awesome as it is. And remember that MS's efforts have brought us the Halo series, GoW, Xbox live. By what yardstick do you think they are wasting their time??
Hmm. Who is more like GWB
- Politician who has not sponsored a single bill on his own. Go here to read about Bills sponsored by Obama to the 109th and 110th United States Congress. He's sponsored 131 bills so far.
- Person who hired one of the most manipulative old hands in the senate. I'm not even sure who you're referring to right now..
- Person with only one election ever to a state wide office? Obama has been elected to the Illinois State senate 3 times, and the US senate 1 times -- that's a total of 4 elections to a state wide office or better.
- Person who voted for the bridge to nowhere? This is something you fabricated in another post as well. Obama did not vote for this.
or
- Person who has been a pain in the side of corrupt officials in both parties: This same person was absent from all key votes on the Bridge to Nowhere (link). So much for being a pain in the side of corrupt officials -- he even offered Ted Stevens advice when he was being investigated for corruption!
- Person who was literally tortured for his country: It's a commendable feat, but how is this a criteria for becoming president?
- Person who opposed Rumsfeld for years before he was kicked out by the administration: Then why is he running on the same party's ticket? Because his ideology is the same.
- Person who pushed for the strategy in Iraq that has resulted in the level of violence being lower then it was pre-war: Lower than it was pre-war? Where do you get this stuff from?? And remember -- he's still running on the ticket of the party that got us into this damn war in the first place. Never forget - we are invading a foreign country here - this war was of our making, and we were *wrong* to wage it. Iraq had no involvement in 9/11. Iraq had no links to Al Quaida until we invaded it. We sent more of our troops to their deaths than the number of people we lost in 9/11. We have killed well over 100,000 Iraqi civillians and displaced over 1 million of them to refugee camps. And we spent 1 Trillion dollars on this war, when our economy is extremely weak, all the time making noise about 'small government'. That's the result of the think-tank McCain belongs to.
She has strong libertarian roots, has made a point to go after Ted Stevens - and the bridge to nowhere that Obama also voted for.
Obama didn't vote for the bridge. Why are you fabricating this stuff?
In fact, the media is trying to portray McCain as having aggressively opposed the the bridge, when in fact he did no such thing, and he was absent from all key senate votes on the matter: http://www.factcheck.org/outrageous_exaggerations.html
To McCain's credit he has been a reliable opponent of pork-barrel spending. But your post simply gets the facts wrong (about Obama's vote), and the media does as well when they portray McCain as having opposed spending on the bridge. In fact, you're even wrong about Palin opposing spending on the bridge -- she was initially in favor of it, and changed her stance only when it became clear how tainted the project was, and that there was no support for it in the senate.
You had me until:
If you're going to develop games for Xbox 360 and want to sell your game on Xbox LIVE Community Games, you'll need a Premium membership. It's just $99 per year or $49 for four months.
I'm not sure I get your point.
In addition to the above, I'd point out that XNA creator's club (link) is a great place to make turn your concept into reality -- assuming you're also planning on doing the actual implementation.
Most importantly: AFAIK, the creators club also provides a network where you can find other people interested in making the game, so for example, if you need another couple of coders, or an artist or somebody capable of doing sounds etc., creators club is probably the best place to find them.
you've seen the code Microsoft develops by themselves haven't you? Its not pretty.
Err no. MS doesn't usually make their code publicly available. I wonder where you saw it..
My argument is that Microsoft's design is stupid. They force you to install IE, refuse to let you uninstall it, but that lock it down to the point of being unusable, even to someone with an admin account, because you shouldn't be using a web browser on a server anyway.
If they're acknowledging that you shouldn't be browsing the web on a server anyway, and acknowledging that having a browser on a server is a security concern, then let me remove it! Don't put it on at all!
As I said earlier, the current design permits safe uses of the browser: viewing html documentation on the machine itself, hitting intranet sites, and hitting trusted zone sites (whitelist security). So your point about the design being flawed is invalid.
Actually -- if you need to use *trust* for an extended period of time *that* is bad security
Nope, you need trust either way. If I have admin rights on your server and I'm either malicious or stupid, I can screw you over. There's really no way around that.
In the model I described, admins don't have access to the machines -- so a malicious admin can't screw you over. And ops people don't have the knowledge to be malicious. IE's current security model prevents them from doing dangerous due to stupidity. I'm done arguing with you -- if you don't want to see the point in this design, that's your choice. Thanks for a civil discussion though.
Dude! I'm not saying that I don't know what I'm doing with the server, I'm saying MS doesn't know.
I realized that. But that's the very definition of a "vague requirement". The concrete requirement is that MS knows that this OS is to be used for some role where security is of paramount importance.
Then wouldn't you want a server OS that didn't have IE installed at all, rather than one that that has it installed with absurd security policies?
Yes - that would be ideal. No GUI would be ideal as well (though there are scenarios where you'd still want a browser). MS has made their usability vs. security trade-off very well in this case, but these suggestions would make it even better. Hopefully we get this in Windows 7 -- I've heard talk about that. Window's Server OSes have been improving dramatically with every release, so I have hope for Windows 7 that we'll get a server SKU with that option. I'm sure even if it does happen, that most Windows server SKUs will still have GUIs and browsers.
But until then, IE's Enhanced Security Config will have to do. And that's ok because of the scenarios I alluded to earlier. Namely:
- Sites in the "trusted" zone (whitelist security).
- Sites in the intranet zone that are ok to hit.
- Access to HTML documentation on the server itself.
It's at the point of general access to the internet at large, that the security risk becomes too large to permit by default on a server OS.
But if Debian came with a default security policy where even logged in as root, Links refused to download files, I'd think that was a pretty stupid design.
This argument is pretty silly. As admin you can turn of IE ESC and do whatever you want. You have the power. You have the knowledge. Go do it. Windows is not trying to defy you. It's just got a strict default security setting.
Actually, I think we're making progress.
To put it another way, if you're giving admin access on your servers to a bunch of malicious morons and relying on a security profile to lock them out from causing trouble, then *that* is bad security.
Actually -- if you need to use *trust* for an extended period of time *that* is bad security. There's a reason that in any datacenter worth the name, admins don't actually get to touch the machines they administer. They need to have very clearly documented processes that are carried out by the *operations* folks. Even the passwords to machines are controlled by ops and not admins. The ops folks work in rotations so that there is a team present 24/7/365 -- not on call, but on site.
And the ops folks are not computer experts -- they are experts at *following procedure*. That's real change management in a real data center -- and that's what WS '03 and WS '08 are designed for. And guess what - this actually makes things *run smoother*. Most (if not all) fortune 500 companies have this sort of change management in place for thier data centers.
If you've been through the pain of a Sarbanes Oxley audit, you'd know that a lot of these procedures are actually mandated for servers that do anything affecting financials/the general ledger. So at the risk of sounding like a stuck record -- the issue here is much much bigger than the convenience of the admin, or his/her competence, etc.
Depends on the environment, doesn't it? Maybe I want to make some changes to AD, run a backup, etc. Maybe I'm using it as a TS server for a specific application, or for remote access.
Dude! It does not work like this in the real world. Have you seen the reams of change management you need to go through to actually make changes to a server that does real commerce (I'm talking Sarbox regulations and such). Many companies have policies that are even stricter than SarBox. This ad-hoc "maybe i'm doing this, or maybe i'm doing that" is a very vague requirement for a server OS (though it's valid for an end-user OS). I want to run a server that handles real data or real commerce, and should be rock-solid-reliable with the smallest possible attack surface -- that's a requirement for a server OS.
The point is, when admin explicitly tells the OS to do something, the OS ought to do it. It might be a great idea for the OS to ask, "Are you sure?", but stupid for it to say "No."
In this case, the admin is explicitly supposed to enable this scenario on the server. The server default config is "do not allow". It's obeying the default config. As admin, if you want to change it, you can. If you don't have the IIS role installed on a machine and type 'net start whatever' the server won't obey you. It's the same case -- you're using the OS the wrong way. I acknowledge that your larger point is that this usage shouldn't be incorrect. But that point itself is wrong -- because security trumps the convenience of the admin on a server OS.
You can recognize 'dumb design' but your reaction is to lower the security of your server?
Didn't say I'd lower the security, I said I'd disable those security policies. Specifically because those policies are poorly designed and aren't actually making my server more secure.
Works well when this is your own personal web server or some such thing. Doesn't work so well for a server in a data center, virtually administrated by a team of admins, and actually physically administrated by a team of operators who really don't know better. In a real data center, you will have made your server less secure.
It's more serious than that. Once the spammers know your name they can construct more personalized messages
They can already do this (and do), based on the name of your email account and other sources.
So google should stop securing gmail because your email and name might already be in somebody's DB?
Based on what? The presence or absence of a name amongst the text is not going to affect spam scoring.
I admit I don't know enough about spam scoring algo's to debate this.
Spammers don't wait for you to email them. They buy lists of email addresses in bulk.
No shit. This doesn't have anything to do with that.
If the spammer gets your gmail address from a DB or a generator, now they just need to use the calendar vuln. to get your name. So to keep your name out of the hands of spammers, if you have a gmail account, you would need to *become* the kind of person who emails others without disclosing their real name - i.e. you would have to not provide your real name in your gmail account settings. That was your question.
Your whole point seems to be -- it isn't possible to keep the association between your email address and name private, so why bother? My point is, if you want to do it, you should be able to. Keeping your contact info and name secure is a reasonable expectation. Flaws elsewhere that reveal this don't excuse flaws in your email provider -- they too need to be fixed. Whatever you might think about a name not helping with social engineering attacks -- consider that emails from Nigerian princes are still thriving. Clearly somebody is falling prey to stuff like that. If that works, using names works too.
Sure, it's an unfortunate bug. Yes, the spam has potential to annoy--but it's spam; would you even notice a few more in the spam box?
It's more serious than that. Once the spammers know your name they can construct more personalized messages which has two implications:
- Increased chance of success in a social engineering attack.
- Better chance of fooling a spam filter.
If you're the kind of person who emails others without disclosing your real name, why would you give your real name to the email provider?
Spammers don't wait for you to email them. They buy lists of email addresses in bulk. For this particular vulnerability, they can even use a random generator and just keep track of the hits when adding appointments to the calendar.
Unless I'm a spambot, I'm not going to sit down and type out random strings of words and numbers to find out the name data on some arbitrary addresses. Whether it's Hotmail or Yahoo or Gmail doesn't matter here.
Assume you are a spambot then -- that's what TFA is about -- a security vulnerability in Gmail that spammers can take advantage of. Spammers are usually interested in creating spambots.
I don't know where OP's question about "evilness" comes in. Google deserves the benefit of doubt (about this being an honest mistake) as long as they fix it, rather than issuing some BS reason not to.
Just re-read your post and noticed this:
If I have the admin account and I want to download some software and install it, and my OS has security policies to prevent me from doing that, then I'm going to disable those security policies. Because it's a dumb design.
You can recognize 'dumb design' but your reaction is to lower the security of your server?
Anyway, configuring a server over an "air gap" network is a very common security requirement. It's not anticipated that you will need to go to the 'net for anything, and if you do, you should be a good enough admin to do it the right way. Generally that means downloading stuff on a different machine, scanning it, and then transferring it to some media.
For a machine that's ideally supposed to chug away at it's task unattended for several years no security measure is too paranoid. The convenience of running smoothly for years trumps the admin's 10-second convenience of doing downloads the easy way.
... the admin account shouldn't be given to anyone that's planning using that access to install Bonzai Buddy anyway.
The admin might think he/she is visiting a legit site and still get pwned because of a vulnerability. Attack surface reduction is one of the most basic and most important tentets of security and for a server it means shutting down things you don't need. Web browsing is not needed for a server role. You have the ability to override if you wish -- but for the primary role, it is not needed.
If you want someone to be able to log in and not install software, then give them a restricted account.
If it's primary role is that of a server, why would you want someone logging in and doing anything at all? Besides, even a less privileged user could get the system pwned by a vulnerability that includes a privilege-escalation. The primary role of this OS demands that security overrides convenience.
As always, the ability is there if you want to use it. But the primary role is very well defined, and the machine is streamlined for that role. WS '08 is supposed to be an AD/exchange/database/web/app/<many more> server -- not a workstation. Security is of vital importance. You can use it as a workstation if you so wish, but you have to tweak a few settings to make it suit that role. That's what TFA is about -- the settings you need to tweak.
Enhanced security mode -- you can turn it off from the server manager. But then again -- this is supposed to be a server OS so it makes sense to disallow such risky behavior (by default) on a server OS.
What "risky behavior"? Allowing the administrator of the machine to install the software that they want? My frustration comes about because, if I've just installed Windows Server fresh, I can't go to the Internet and download drivers that I might need. I can't go download my backup software and install it. I basically can't do much of anything without reconfiguring the security settings first, even if I'm the administrator. And it doesn't just prompt, "This might be bad, do you really want to do this?" I doesn't allow it.
The reason it isn't true: go to Tools > Internet Options > Security > Custom Level. IE's security options are actually extremely fine-grained -- it's pretty far from an all-or-nothing approach.
Great, so i should go mucking around in list of random poorly-labelled security settings in order to do things I should be able to do by default, and hope that I'm disabling the right things, and not doing something even dumber? Why not just have reasonable security settings from the outset?
Dude -- let me repeat -- it's a server OS. All these defaults make sense for an application/web/database/whatever server that sits in a datacenter somewhere and needs to be as locked down as possible. The user experience takes a lower priority to security.
Again, some of the security enhancements on Microsoft's servers are absurd. I can't remember all the details, but recent versions of their servers won't allow you to download anything from the Internet, won't let you install plugins or ActiveX controls (it won't even ask you, it just won't allow it), and even if you manage to download something, Windows won't run it.
Enhanced security mode -- you can turn it off from the server manager. But then again -- this is supposed to be a server OS so it makes sense to disallow such risky behavior (by default) on a server OS.
You can either jump through insane hoops to get things working, or you can disable their security.
Not true, but it's possible that most people will effectively do just that. The reason it isn't true: go to Tools > Internet Options > Security > Custom Level. IE's security options are actually extremely fine-grained -- it's pretty far from an all-or-nothing approach. Even with Enhanced security mode on, you can explicitly add sites to the various zones (intranet, trusted, etc.) so you end up with a white-list approach.
What if the USA stops helping to create wars and manipulating the markets around the world, and helping to create unstable and volatile political situations, that are the conditions that eventually lead all this so called 'third world countries' to be in the terrible situation they are now ... ?
No, we don't need your stupid help MIT. We need you to stay home, and stop playing to be the world police.
I think you're confusing two different things -- US foreign policy, and MIT have nothing to do with each other. The world does need MIT. And you don't speak for the people MIT is trying to help.