And Microsoft also doesn't have to sell them licenses they can put on devices that don't meet the guidelines.
I suppose they don't have to, but there has never been an instance of Microsoft not selling the OS because the machine they were going to put it on didn't meet one of their marketing "Designed for..." campaigns. This is just bullshit FUD.
Uh, no we don't. Our society has not agreed that monopolies are not beneficial, in fact, quite the opposite in many cases. We have laws preventing monopolies from doing certain things, but not actually preventing monopolies themselves. In many cases, monopolies are better than the alternative, and is beneficial for society.
Well I just came back to work this morning and my machine was running super slow. I left firefox running over the weekend. Had about 5 tabs open, and 4 more I have set as "App Tabs". It was hitting the disk pretty hard, so I checked to see what was eating up all my memory, and firefox was eating up 2.7GB of ram out of my available 3.5. Kill firefox, and system immediately speed up. Restart firefox and let it reload the tabs it had open, and it's only using 637MB of ram. Nice memory leak somewhere.
Actually, it is better if they don't look. If they look, and somehow similar code gets put into IE, then they could be taken to court. As a programmer in the field, as tempting as it may be, never ever look at another persons code unless it's BSD licensed, public domain, or similar.
You do realize that the OGC is really run by refractions research, a super small company that's only 25 people, of which only 4-5 are likely developers? Doesn't sound all that much better TBH. In both cases you have very limited backing. IMHO, I'd probably use either MSSQL's geospacial types which likely cover what the vast majority of people need from them, and then use.NET CLR if necessary to add any additional functionality that you want. For this place anyhow.
If the developers were an Oracle shop, then I'd recommend using one of Oracles smaller DB systems that supported their geospacial libraries. Most people don't need more than storing, retrieving, finding the distance between 2 points, and finding all records withing x miles/feet of a specific point. For MSSQL that would be building an index on the geospacial type. I assume Oracle has similar functionality. Both of which are backed by companies that aren't going to go under any time soon, have tens of thousands of users, and are likely to get upgraded support/bug fixes in a timely manner.
If they don't verify signatures on every file, what's stopping someone from running 3rd party apps containing malware?
File permissions, OS sandboxing, trapping API calls to specific files/directories, etc etc.
Sure, antivirus software would be able to catch them, which is the current situation, except for rootkits, which wouldn't be possible until an exploit for secure boot was found. Oh, and one will be found, the hacker community as a whole will see this as a challenge and tackle it head-on, just for fun. So, then, we have added expense for a security measure that is cracked within a week and rendered useless, leaving us right back where we started. The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed.
Do you leave your house unlocked because you know a burglar could simply bust one of your windows? Most people don't. Security is about making it more difficult to do something rather than making it impervious to any and all attacks.
The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed. Ok, so let's only run signed code. Great.
No, not really, but the important pieces of code do need to be protected. Things like the base OS, and the base OS protects the virus/malware checkers. The virus/malware checkers check everything else. As we've seen, some exploits are able to bypass and/or turn off virus/malware checkers already. In order to protect them, the OS needs to protect them. The OS is protected by the boot loader. The boot loader is protected by secure boot. You can't simply allow other software to run on the machine that doesn't follow that chain and keep the system secure. The other system can't possibly follow the same exact rules in the exact same lock step. It's nearly impossible, and highly unlikely that {alternative OS} would ever implement things like not allowing anyone to write to the C:\Windows directory unless you type in the administator password. So that security mechanism is useless if you allow {alternative OS} to run on the same hardware.
People don't care about security, nor does this provide any of it.
What "people" are you talking about? You? Most people I know don't like it when a piece of malware emails everyone in their contact list about how great viagra is. Nor do they like it when their credit card info is stolen and they spend days cleaning up the mess. Most people lock their houses and cars when they leave. So I would say most people care a LOT about security, they just don't want security that keeps them from doing what they want. You may not think it provides any security, but it does. It's one more layer of security that hackers will need to defeat. Alternatively, there are very few users who would ever want to install an alternative OS on their phones.
You are focusing on the security of the initial phase of secure boot. If Microsoft lets foreign software run on their hardware, they have no guarantees that that software won't bypass windows own internal security and render it useless while Windows isn't running. For example, replacing windows' security.dll with nothing.dll. Normally windows may not allow such a thing, but if they allow linux to boot, linux may allow it, and the next time windows boots, it'll use nothing.dll instead.
Obviously, this is simplified, but unless Microsoft is expecting to verify the signature of every piece of software on windows (including all 3rd party stuff) you've already lost the battle.
And no, it would not be secure boot shouting, secure boot isn't responsible for checking every file for a valid signature, just the first executable. From then on it's the responsibility of that executable to ensure everything is ok.
And really, it's not necessary to try and to insult others when you realize your position is weak. I'm not a crypto expert, I wouldn't even call myself a security expert anymore, but I was in the past, and I know enough to see bad ideas when they come up. You don't need to be a security expert to know that a vault with 1 door is more secure than a vault with one door you control, and another you don't.
By magical computer I suppose you mean... Being able to overwrite the area of disc that contains revoked crypto certificates, and using a known broken crytpo certificate.. Like what's already happened, but ok, we can call that a magic computer.
No, I am arguing that allowing another OS/Boot Loader access to the hardware, even with user consent does make the original OS less secure, which is the whole point.
Are you trying to argue that all methods against securing the entire device chain from boot loader, driver signing, program signing (which isn't going to happen), is completely secure and no current or future holes are going to ever be found that a program not under the control of the secure OS could manipulate to compromise the original OS?
Example, user allows linux to be installed, uses the keys to install it bypassing the secure boot functionality. An exploit against linuxs bootloader is found and used to pre-install a rootkit into the executable chain before it passes control onto windows. Windows is then root-kitted and there is nothing it can do to prevent it.
Or via linux you replace the supposidly secure windows DLL with one that has been compromised and given a signature that appears valid, but wasn't really signed by Microsoft. Again, nothing Microsoft can do to prevent that.
Or.. Nevermind. I've given you two examples already on how such a thing can cause Windows to be "broken" which weren't possible before. By definition, that makes the system less secure. You can argue by how much, but not that it does not.
Limiting secure boot to single certificate and single OS does add more security. Secure boot storage is irrelevant if the system has already been compromised. Keeping the boot loader secure is pretty much a requirement for it to be secure -limiting the number of keys in there and not allowing any more to be added limits the number of attack vendors available.
Arguing that opening up a system to more possible attack vectors isn't making it less secure is so obviously silly that I'm not going to continue this conversation with you until you at least study something security related. Learn the basics then come back.
A) Yes, actually you pretty much do. Otherwise, root kits can be installed, completely bypassing any other security on the system. Alternatively, security holes in the other booted software (rootkit, linux, etc) whether intentional or not can access the file system and modify the code as to disable windows security.
You may not like it, but yes, doing this does make the system more secure.
Sorry, I disagree. Once you learn at least one language in each of the major types, it does making learning a new language extremely easy.
Yes, there are ways of structuring code different, and many languages have different sets of coding standards or methodologies, but there are always many different ways to accomplish the same task. Just because the majority of programmers who use a particular language typically do something one way does not necessarily make it the correct way.
I've done enough coding, in enough different languages that if you put me in front of a new language, and I'll be able to start producing in a matter of days. In weeks I'll be competent, in a couple months I'll be correcting the errors of the "average programmer" who has been working in the language for 5+ years, and in a year, I'll be an expert. This isn't a theoretical discussion for me, I've done it many times already.
Mostly yes, and it's been that way for years. Just plop an XBOX in front of the TV and leave the PC in another room. Although I don't know if you can stream live TV to it, but I would never do that anyway.
Slashdot Mirror
And Microsoft also doesn't have to sell them licenses they can put on devices that don't meet the guidelines.
I suppose they don't have to, but there has never been an instance of Microsoft not selling the OS because the machine they were going to put it on didn't meet one of their marketing "Designed for..." campaigns. This is just bullshit FUD.
we have anti-trust laws and such to prevent them
Uh, no we don't. Our society has not agreed that monopolies are not beneficial, in fact, quite the opposite in many cases. We have laws preventing monopolies from doing certain things, but not actually preventing monopolies themselves. In many cases, monopolies are better than the alternative, and is beneficial for society.
Well I just came back to work this morning and my machine was running super slow. I left firefox running over the weekend. Had about 5 tabs open, and 4 more I have set as "App Tabs". It was hitting the disk pretty hard, so I checked to see what was eating up all my memory, and firefox was eating up 2.7GB of ram out of my available 3.5. Kill firefox, and system immediately speed up. Restart firefox and let it reload the tabs it had open, and it's only using 637MB of ram. Nice memory leak somewhere.
Actually, it is better if they don't look. If they look, and somehow similar code gets put into IE, then they could be taken to court. As a programmer in the field, as tempting as it may be, never ever look at another persons code unless it's BSD licensed, public domain, or similar.
You do realize that the OGC is really run by refractions research, a super small company that's only 25 people, of which only 4-5 are likely developers? Doesn't sound all that much better TBH. In both cases you have very limited backing. IMHO, I'd probably use either MSSQL's geospacial types which likely cover what the vast majority of people need from them, and then use .NET CLR if necessary to add any additional functionality that you want. For this place anyhow.
If the developers were an Oracle shop, then I'd recommend using one of Oracles smaller DB systems that supported their geospacial libraries. Most people don't need more than storing, retrieving, finding the distance between 2 points, and finding all records withing x miles/feet of a specific point. For MSSQL that would be building an index on the geospacial type. I assume Oracle has similar functionality. Both of which are backed by companies that aren't going to go under any time soon, have tens of thousands of users, and are likely to get upgraded support/bug fixes in a timely manner.
Sorry, here's the link: http://www.opengeospatial.org/resource/products#MsSqlSpatial
http://www.opengeospatial.org/resource/products
Actually, SQL 2005 was the first version of SQL Server that supported .NET CLR. It should also run on 2008, 2008R2, and 2012.
OGC recognizes, it. It is even listed on their website, and no I'm not one of the developers.
You mean this: http://www.codeplex.com/wikipage?ProjectName=MsSqlSpatial ?
If they don't verify signatures on every file, what's stopping someone from running 3rd party apps containing malware?
File permissions, OS sandboxing, trapping API calls to specific files/directories, etc etc.
Sure, antivirus software would be able to catch them, which is the current situation, except for rootkits, which wouldn't be possible until an exploit for secure boot was found. Oh, and one will be found, the hacker community as a whole will see this as a challenge and tackle it head-on, just for fun. So, then, we have added expense for a security measure that is cracked within a week and rendered useless, leaving us right back where we started. The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed.
Do you leave your house unlocked because you know a burglar could simply bust one of your windows? Most people don't. Security is about making it more difficult to do something rather than making it impervious to any and all attacks.
The only way to accomplish the type of security some people assume Microsoft is after here is to require every bit of code to be signed, and to verify those signatures every time the code is executed. Ok, so let's only run signed code. Great.
No, not really, but the important pieces of code do need to be protected. Things like the base OS, and the base OS protects the virus/malware checkers. The virus/malware checkers check everything else. As we've seen, some exploits are able to bypass and/or turn off virus/malware checkers already. In order to protect them, the OS needs to protect them. The OS is protected by the boot loader. The boot loader is protected by secure boot. You can't simply allow other software to run on the machine that doesn't follow that chain and keep the system secure. The other system can't possibly follow the same exact rules in the exact same lock step. It's nearly impossible, and highly unlikely that {alternative OS} would ever implement things like not allowing anyone to write to the C:\Windows directory unless you type in the administator password. So that security mechanism is useless if you allow {alternative OS} to run on the same hardware.
People don't care about security, nor does this provide any of it.
What "people" are you talking about? You? Most people I know don't like it when a piece of malware emails everyone in their contact list about how great viagra is. Nor do they like it when their credit card info is stolen and they spend days cleaning up the mess. Most people lock their houses and cars when they leave. So I would say most people care a LOT about security, they just don't want security that keeps them from doing what they want. You may not think it provides any security, but it does. It's one more layer of security that hackers will need to defeat. Alternatively, there are very few users who would ever want to install an alternative OS on their phones.
You are focusing on the security of the initial phase of secure boot. If Microsoft lets foreign software run on their hardware, they have no guarantees that that software won't bypass windows own internal security and render it useless while Windows isn't running. For example, replacing windows' security.dll with nothing.dll. Normally windows may not allow such a thing, but if they allow linux to boot, linux may allow it, and the next time windows boots, it'll use nothing.dll instead.
Obviously, this is simplified, but unless Microsoft is expecting to verify the signature of every piece of software on windows (including all 3rd party stuff) you've already lost the battle.
Please, tell that to my bank. I want complete access to the vault my money is in.. It'll be more secure that way.
It doesn't have to be a linux rootkit, any exploit in linux would do.
And no, it would not be secure boot shouting, secure boot isn't responsible for checking every file for a valid signature, just the first executable. From then on it's the responsibility of that executable to ensure everything is ok.
And really, it's not necessary to try and to insult others when you realize your position is weak. I'm not a crypto expert, I wouldn't even call myself a security expert anymore, but I was in the past, and I know enough to see bad ideas when they come up. You don't need to be a security expert to know that a vault with 1 door is more secure than a vault with one door you control, and another you don't.
By magical computer I suppose you mean... Being able to overwrite the area of disc that contains revoked crypto certificates, and using a known broken crytpo certificate.. Like what's already happened, but ok, we can call that a magic computer.
See: http://technet.microsoft.com/en-us/security/bulletin/ms01-017
Wow, I didn't even have to come up with a new technique, just rehash an old one.
No, I am arguing that allowing another OS/Boot Loader access to the hardware, even with user consent does make the original OS less secure, which is the whole point.
Are you trying to argue that all methods against securing the entire device chain from boot loader, driver signing, program signing (which isn't going to happen), is completely secure and no current or future holes are going to ever be found that a program not under the control of the secure OS could manipulate to compromise the original OS?
Example, user allows linux to be installed, uses the keys to install it bypassing the secure boot functionality. An exploit against linuxs bootloader is found and used to pre-install a rootkit into the executable chain before it passes control onto windows. Windows is then root-kitted and there is nothing it can do to prevent it.
Or via linux you replace the supposidly secure windows DLL with one that has been compromised and given a signature that appears valid, but wasn't really signed by Microsoft. Again, nothing Microsoft can do to prevent that.
Or.. Nevermind. I've given you two examples already on how such a thing can cause Windows to be "broken" which weren't possible before. By definition, that makes the system less secure. You can argue by how much, but not that it does not.
Limiting secure boot to single certificate and single OS does add more security. Secure boot storage is irrelevant if the system has already been compromised. Keeping the boot loader secure is pretty much a requirement for it to be secure -limiting the number of keys in there and not allowing any more to be added limits the number of attack vendors available.
Arguing that opening up a system to more possible attack vectors isn't making it less secure is so obviously silly that I'm not going to continue this conversation with you until you at least study something security related. Learn the basics then come back.
Do try harder -- by learning the basics.
No, I didn't miss it at all. That doesn't change the fact that doing so makes the device more secure.
A) Yes, actually you pretty much do. Otherwise, root kits can be installed, completely bypassing any other security on the system. Alternatively, security holes in the other booted software (rootkit, linux, etc) whether intentional or not can access the file system and modify the code as to disable windows security.
You may not like it, but yes, doing this does make the system more secure.
Sorry, I disagree. Once you learn at least one language in each of the major types, it does making learning a new language extremely easy.
Yes, there are ways of structuring code different, and many languages have different sets of coding standards or methodologies, but there are always many different ways to accomplish the same task. Just because the majority of programmers who use a particular language typically do something one way does not necessarily make it the correct way.
I've done enough coding, in enough different languages that if you put me in front of a new language, and I'll be able to start producing in a matter of days. In weeks I'll be competent, in a couple months I'll be correcting the errors of the "average programmer" who has been working in the language for 5+ years, and in a year, I'll be an expert. This isn't a theoretical discussion for me, I've done it many times already.
Mostly yes, and it's been that way for years. Just plop an XBOX in front of the TV and leave the PC in another room. Although I don't know if you can stream live TV to it, but I would never do that anyway.
TOR acts as a proxy, so yes.
More like to get the location of the planet with the blue girls.
Most of those things are made in Taiwan, not China proper.
It is even easier, just keep the disc in, and upgrade the Windows 7 you just installed with Windows 7.