Of the stuff out there, i think DTV or Dish is the best stuff, with the nod going to DTV because of DirecTivo (replayTV might be more featureful, but its historically been just awful compared to tivo), and i dont give any cable companies any money at all, and haven't since i left my parents home. (DSL and DTV, all the way)
I have just gotten to the point where even DTV doesn't seem worthwhile anymore.
I have been a long time DirecTV customer but i just cancelled last week.
I have a Hughes HDVR2 Series2 DirecTivo. It was cool and all, but what I really wanted was a way to get content off of it and watch it on a computer. No home media option for DirecTivo users though. Nice.
The real reason we axed DirecTV (and have not replaced it, nor do we plan to) is that the content just isn't there compared with the price you pay for it.
My big interests are F1 racing and World Rally. Speedchannel's coverage of same amounts to under 10 hours a month, tops. Sure, there is other stuff i _can_ watch (cartoon network, for instance) but i could take or leave it. One issue i find with a tivo is that i have all this stuff in there that i feel obligated to watch because its there and i enjoy watching it...
My wife on the other hand is a minnesota twins fanatic. Yet there wer eless than 5 games available to us, even though we live within 3 hrs of minneapolis and have the local tv pack. The MLB extra innings deal is like $70 or $80 or something silly, and you cant ever get a straight answer on what will or wont be shown because of the ridiculous blackout and regional rights issues related to TV.
So I was basically paying for a few races a month and then some time sucking.
My wife was getting no twins games, but a whole boatload of junk off of TLC that managed to suck her day away. It would start innocently enough - "oh, i'll just watch an episode of blah while i do this chore" and then shes managed to waste the whole afternoon watching crap that isn't even all that interesting.
So $45/mo for a bit of racing and a whole bunch of time wasting didn't seem like a good deal to us anymore.
HD seems like an even worse deal. Where's the HD content ? The devices for doing HD PVR are "cool" (although i think any directivo solution will still have the lack of home-media i cited above) but you're talking like $60+/mo for television and it seems like there's honestly nothing that enriching to watch. Seems like a better way to spend $60 a month is to use half of it to take your significant other out to some cheap resturant, and then donate the rest to a local organization.
IMO, alot of whats coming right now is technology for technologies sake. I admit that i am captivated by the appeal of a distributed mythTV setup with FEs all over the house, but really, i shouldn't be watching enough tv to justify that.
GetTickCount() will rollover. An _application_ which assumes it is a strictly increasing value will misbehave after the 40 some odd days expire. That appears to be what is happening here.
Note that nowhere in the article is there a distinction between the "system" and the "OS" or the "application".
2) Regardless of where the fault is (hint: it's not in Windows), it is not unreasonable for a machine to need servicing. Aircraft engines are serviced at hour based intervals, wether they need it or not. It's better to just tear the thing down and rebuild it than to have it tear itself apart. software doesn't _have_ to be this way, but it sometimes is.
Making a complete hardware -> app layer stack 100% failsafe is.. tricky. For some applications, designing the system with a known restart point.. i.e. a reboot of the app or the entire machine, can be more cost effective.. (see earlier the paper on crash-only software design)..a periodic shutdown/restart in complicated systems can be a valid operational practice.
The fault here is two fold - one, the application/system had a known issue that is probably avoidable, but for whatever reasons, it still has the issue.
Knowing that the issue existed, the proper maintennace was not observed with the expected result - a failure.
Only in america do you get away with blaming Audi for oil sludge problems when you dont change your oil every maintenace interval.
If the system called for a 48th day restart, thats what it requires, and deviation from that has consequences. Luckily no one was hurt.
i remember when i was in school and my primary workstation was a used IRIX machine.
I went through the pain of getting gtk built on my machine, and actually emailed the gaim people (just 2 guys back then, iirc) some trivial diffs to make gaim not die on irix.
Back in school i think i complained about how linux-centric f/oss software was (nothing written by a linux user ever clean compiled on irix... and not often on solaris..) and gaim was certainly not stellar in this regard..
Now i'm less antsy about such things.. and despite not really like the "penguin pimps" attitude i seem to recall the gaim crew having, AOL AIM client for Win32 is so bad that installing Gtk32 and Gaim seems like the path of least resistance:)
It's nice that there's a non-AOL AIM client. I'm an IE, Media Player, and XP user, but even I can't stand AOL's installers and apps:)
actually, the limit defaults to 4 for 1.0, and _2_ for 1.1. Note that the limit of 2 persistant connections is set as a SHOULD condition in the 1.1 original RFC (RFC 2068, section 8.1.4 - practical considerations)
http://www.microsoft.com/technet/prodtechnol/offic e/officexp/maintain/xpsec.mspx.doc and.xls are not disabled by default. Perhaps you have the Outlook Security Settings PF setup somewhere with this configuration ?
As far as needing VB programmability in excel - billions of dollars every year are managed by embedded VBA inside of excel spreadsheets. And thats just what i know about one small part of one company.
I would say i get at least 1 word attachment per day in my work email box.
When i double click on the attachment, a dialog box asks me if im sure i want to open it, given me the option to open, save, or cancel
Now, i haven't opened any word docs with macros lately, but when i open an excel document with macros, i get asked if i want to enable them or not.
This is with Office 2003.
So, what configuration of outlook do you have where trying to open a word document fails?
By the way - you're free to suggest a solution that lets someone embed a pretty functionally complete programming language into an Office document but doesn't let them do anything malicious (and supports existing code written against this system)
The office scripting situation sucks. Featurewise, its very powerful and handy. Powerful enough that you can use it to do bad things. If you shut it off, then people like you bitch that MS disables features instead of fixing problems. If you "fix it" then somebody's script/macro somewhere stops working, and people like you bitch that MS deliberately broke perfectly working code. If you don't fix it, people like you bitch that Microsoft never does anything about security problems.
Do you understand anything about NT ? Nt already has user separation, priviledge sepration, memory compartmentalization, etc etc.
It's not like buffer overruns on NT are happening in random unpriviledged code an then magically running ring 0.
There are two big issues that make BO's problematic on windows:
1) traditionally, many system processes have run as something equivalent of unix root (Local System, etc). These already have root privs, so any exploit against these that allows code execution is code running as root. This is no different than compromising unix sendmail or any other daemon running as root
2) many users run as local administrator (because some times its hard not to, and some apps are poorly written and require it), so suddenly any buffer overrun is already executing with root priviledges (the current privs of the process)
What built-in mechanism does UNIX have for dealing with buffer overruns? Handing control of the box to script kiddies ?
( i am aware that some unixes have no-exec stacks and other technologies available - XP SP2 has this as well now if your hardware supports it)
When you finish writing a completely secure OS that runs existing customer applications, Microsoft will buy it from you for any amount of money you want, and then dump windows and make the world a better place.
The world is waiting. Get to work, mr. hot stuff. Please show Microsoft and the whole world how an OS _should_ be written.
The world will continue waiting because no completely secure operating system exists, much less a completely secure operating system that has the features and behaviors that customers have come to expect.
Microsoft is working on fixing the things that let worms/ddos/virii spread. But it is an arms race. MS fixes things of today and yesterday, new attacks are found. 10 years ago nobody knew about 1 byte buffer overruns, but today they are being exploited in 15 year old code, and new code auditing must happen and new fixes made.
A defense in depth strategy that assumes that some layer of your system has a weakness and attempts to mitigate that weakness from being an exploit elsewhere is a good design. The specific implementation here of trying to limit the damage caused by a compromised machine is probalby non-optimal, but it's a start.
The compiler was modified to support automatic stack overflow checking (i.e. canaries). Server 2003 was compiled with this (and as a result, MANY things that are shared-code problems resulting in exploits on other NT based OSes are either ineffective or DoS attacks on Server 2003).
The idea is that/GS compiled binaries will cause the OS to terminate the app rather then letting code execute. The source code generally doesn't need changes.
So, its a defense in depth tactic. Ideally, there'd be no BO's in code. But there are. Terminating the program with an explanation as to why is better than letting people run code on your box.:)
One of the changes in SP2 was a rate limiting / queing behavior for the number of current sockets in the SYN/opening state.
In other words, suppose you have an app which tries to open 30 tcp sockets simultaneously. Some of them will get delayed by the OS.
This is to try and thwart the speed of worms or DDoS programs - which very often try and create a zillion tcp connections that never end up connecting.
Unfortuneately, it has the side effect of hurting some p2p apps (like bittorrent) and some web browsing configurations...especially if you've changed the registry value that sets the # of simultaneous socket connections IE will make to the same site. The default is like 3 or 4, but if you upped it to say, 20, and then hit a site that had 30 images all on the same server... it is likely that some of your http requests will get queued until other connect() attempts complete the handshake.
Does it suck that this is affecting some browser and other scenarios ? Yes. The topic is under discussion internally at microsoft.
The _intent_ was to try and slow down the spread of worms/ddos attacks in the event a machine got compromised....a good goal to have i think anyone would agree..
The implementation, however, does have disadvantages
If you decide to try SP2 again, anytime the connecting socket limit is reached, an very specific/obvious event will be logged in the eventlog. If you are experiencing slower network interactive speeds, try looking in the logs to see if you're hitting it.
One mitigation, by the way, is to have a proxy (i.e. squid) on another machine.. that way your handshakes from IE resolve _Very_ fast and your sockets rapidly go from handshake to connected...thus reducing the likelihood of you hitting the queing behavior.
There is the commonly held position that many F/OSS projects get source patches out the doro very quickly.
That's true.
One problem with this is people compare the time-to-released-source-patch-on-a-mailing-list-or -in-cvs to the time it takes for something tos how up on windows update.
I don't think that's fair for the following reasons:
1) Patch Quality. It is clear that the volume of basic testing done on many instant-turn-around source patches is zero.
Comparatively, as often as an MS patch manages to break something somewhere, consider how much worse it would be if there weren't a few days of targeted regression testing being done. The official recommendation from MS is to test patches before putting them into production, but there have been a relatively low number of patch recalls from MS.
Finally, i think it bears mentioning that with F/OSS, the initial patch is sometimes re-written over the course of several days until something proper actually is agreed upon and that's the code that actually ends up living with the product.
So i'd consider these source level patches to very often be of "here is something that appears to close the hole and not break anything i tried, good luck!" quality.
2) Patch Applicability When a hole is discovered in apache, the time it took for an apache developer to submit a source diff is NOT the same deliverable as what you're getting from a commercial vendor patch. A source level patch only does me any good if i am running a source-built tarball in production, and i am relatively current with whatever source base the patch is applied against, and i can handle the manual patch/compile/make install process (and if something goes wrong, i've got to backout the patch and compile/make install _again_)
Most people, especially running production machines, are not running built-from-source software. You install Redhat. You want apache ? You use the redhat apache package. You now need to wait for the updated redhat apache package to get the bugfix, or, you get the latest cvs snap and build from source. Now you've got a lovely problem because the way redhat (or any distro) builds apache is different from the defaults, so you have to go and figure out how your distro likes to build its packages, OR, you need to accept the build defaults and rebase your config files to the new settings.
So really, the vendor binary package is what many people need to wait for before they can truly patch thier machines. THe source diff is nice, but not something they can easily consume
I think between these two points, it's pretty unfair to compare time-to-patch between MS and someone-posted-a-diff-somewhere.
I think if you look at the time from vuln report to updated binary tarball being released by some of the linux distros, you'll be surprised.
Do you think thats because its better than apache, or because not enough people are using it yet? Answer carefully.
You hate it because you cant effectively argue it
on
Ballmer on Linux
·
· Score: 1
It is not a false analogy, and it is't a stupid thing to say.
The linux camp needs to get past the outdated idea that they are immune from security problems. The facts plainly disprove this.
Infact, I beleive the number of remotely exploitable defects in the various linux distros are similar or even higher than the remotely exploitable defects in windows server 2003 (you could use ballmers argument against MS if you could concede giving it merit, as i think linux installations might be leading Server2003 installations:)
There is no arguing that the design of windows and the design of linux are different. However, there IS an argument as to the merits of the design of one vs the design of the other, and how those design choices affect "security" (whatever you define security to be). However, the design differences do not lead to a self evident conclusion.
Now, back to the argument that the exploitability of windows is a function of its installed base:
Here is an example. The morris internet worm did not affect any windows machines. One could argue that a larger percentage of the internet was crippled by the morris worm than was damaged by slammer/whatever.
Naturally, at the time of the morris worm, there were few (zero?) windows servers on the public internet, so the worm didn't target them at all. Instead, it used what was common at the time - defects in fingerd, sendmail, etc.
The worms and defects of the day largely target what is popular and under public scrutiny.
Here are some more points to consider, specifically around linux:
The number of exploited defects in linux is larger today than it was in 1991.
The number of exploited defects in linux today is larger than it was at some point previous to today.. call that t0. Since t0, linux has had more code reviews than previous to t0, and the people maintaining linux code have become more aware of security issues of the day. Even so, the incidence of linux exploits in the wild is greater today than it was at t0. One might argue that the new exploits only appear in new code, but this is clearly not the case. New _classes_ of exploits have been discovered that affect 10 year old code! Consider that one byte overflows, heap overflows, and format string overflows were almost unheard of until after stack overflows had been widely publicized and work was going on to fix them.
It is clear that the sorts of things that turn into exploits are a moving ball. One could postulate that the code getting exploited in linux has been around _longer_ than the code getting exploited in windows (if for no other reason than unix is older than NT). Yet the rise of the number of attacks against linux does NOT seem to correlate with the age of the defects, instead, with the installed base of the platform as a percentage of all targets of opportunity.
I think it is a perfectly reasonable argument to make that people looking to exploit systems, especially kiddies using tools, choose targets of common opportunity. You can disagree, but you need to prevent a valid disagreement, not just assert that Ballmers statement is incorrect because you want it to be.
Finally, and not to be too much of a jerk, but what qualifications do you have regarding the design of secure operating systems? If you beleive that Windows would be more secure because of your input, and can back that up, Microsoft will be happy to pay you any amount of money you ask for to make it happen.
When did "i don't see it that way" become "Absolutely Wrong"?
Regardless of your political affiliation, or your position in the US government, it seems that you should have the right to not be harassed, threatened, or intimidated by anybody.
If you can say with a straight face that the point of this document is NOT for people to intimidate, harass, or threaten members of a political organization, I am listening.
What happened to just being civil. Isn't it possible to say "You know, i don't like some of the policies of this administration" without threatening people, physically assaulting them, harassing them at work/home, and generally being a shithead?"
Were there ever any good ole days of "well, i'm voting for the other guy"?
The political divisiveness in this country continues to get worse and worse.. and for what?
What happened to just being an American? When did it become fashionable to insult and hate anyone that wasn't on the same side of a manufactured binary proposition as you? I mean, I can't imagine that I'm really that different from somebody voting for the other guy - I go to my job, the other guy goes to his. We both need to sleep at night, we both need to eat to survive, we both like being able to speak our minds, we both like living in america enough that we haven't moved.
So what exactly is the deal with people being so hateful?
Given how close the last election was, how can any one on EITHER "side" beleive that the "other side" is 100% pure evil with no worthwhile qualities ? Beleiving such would put you in disagreement with about 50% of americans.
Do you hate 50% of the population ? Do you think 50% of the population is dumb ? Do you think 50% of the population is dumber than you? Do you feel that the 50% that voted the way you didn't were misguided and got badly duped?
I suspect the 04 election will be as close as the 00 election, meaning if you're being an asshole towards someone or some group based on their political beleifs, you may as well go down your street and be an asshole to every other house you visit.
Disagreeing is healthy.
Being violent and hateful towards your fellow americans isn't.
The mean spirited slogans, shirts, posters, rhetoric etc IMO are really tearing down this country. The negativity only increases the divisiveness. You'd think with all of the anger and what not being displayed, i'd be able to figure out what people were actually upset about, but more often then not, i can't. Maybe that makes me a dumbass, but my vote counts as much as yours, so stop being a shithead.
The attitudes displayed by the submitters of this data are not positive, and not healthy. People are just people and they think what they do for a reason. Harassing them or threatening them won't change their worldview, but it will continue to widen the fissure between two halves of the same nation.
I've seen a lot of slashdotters defending the people behind this and that's what's really upsetting. We're all intelligent enough to be wary of free speech, intimidation, and government tampering with individual rights.
We, by and large, also know what it's like to be on the receiving end of intimidation, harassment, and being singled out by hateful mobs. (or did you not go to highschool ?)
If you beleive that the ends justify the means, then anything is rationalizable. Please make sure that you're not setting a double standard about what is ok and what isn't depending on the political viewpoints of the targets.
except it was usually pizza hut answering the phone: "hello, pizza hut" only to be greeted by "uh, hello, this is papa johns"
it was a real treat to listen to the two angry pizza guys, both of whom were insisting that THEIR phone was the one that rang, work out who was the bigger jerk
3 way calling and the "mute" button is the best thing that happened to beeing a geeky teenager.
I've run a few RC builds of XP SP2 on 2 different machines.
Configuring the firewall is _easy_.
I too have real firewalls. I leave the SP2 one turned on as well, because it hasn't gotten in the way of anything i do with the machines (yet). I did add a port or two to the allow list, and thats it.
Remember, defense in depth. Having every XP machine tightened up out of the box as much or more as a default linux install is a good thing.
But, you can turn the firewall features off _very_ easily.
I really like the popup blocker and other IE changes in SP2 as well. I've stopped using proxomitron. I see inline ads where prox used to just put [Ad] but that doesn't bother since the super obnoxious stuff is gone. Also, the way IE handles ActiveX controls is _much_ nicer than it used to be - no being asked 23049 times per page to dismiss modal dialogs.
finally, i wouldn't get too worked up over the headline that XP SP2 is delayed. I have some inside info on the delay.. and its (so far) not worth the sensational press its getting at sites with.. ABM slants:)
People need to be honest. If MS said there's a problem and released it anyway, the ABM camp would grill them for releasing shitty unfinished product. By holding it for a while longer, MS gets grilled for delaying its release (with sideline comments about them being incompetant or SP2 being vapor or what have you). To the ABMer, MS can do nothing right.
I cant say much about it since it's unreleased, but i beleive its public knowledge. Virtual Server has a feature called "differencing disks", where you have a base virtual server image and then any changes to that image are written to a separate file - a difference disk.
This would let you do what you suggest.
Personally, i love virtual server, and i do all of my development and test work inside of virtual server images. Our product has an atrocious number of pre-relased platform requirements and rebuilding a bunch of physical machines is a big pain. I have a base Windows 2003 Server image with sysprep, and anytime i need a clean machine i just copy that.vhd over the.vhd of the machine im wiping, and fire it back up. I have one active virtual server image for each different code branch i need to work with (different branches will have different platform requirements that make putting multiple branches on the same box impossible)
Please take a break from hating microsoft ...
on
Unix To Beef Up Longhorn
·
· Score: 4, Insightful
SFU 3.5 is available _today_, as a free download, no less. I've been using SFU since the pre-3.0 betas. It is wonderful. The announcement here seems to be that SFU will actually get rolled into some longhorn skus, so you wont even have to download the free installer. That means people can expect an SFU environment as part of a given windows install in a few years.
SFU is cool technology - you get real NFS client and server, a real UNIX cmdline environment (much better than cygwin, IMO), full gcc, libraries, tcsh, even x11 libs (but no local xserver). I find that having a tcsh SFU window hanging around on my desktop significantly helps my development process (foreach/grep/find/sed does wonders for search-n-replace on a large code base)
I'm not sure really what the point of your post was, but it mostly revolves around bitching at MS and journalists about a announcing a product plan. You seem to focus on how longhorn wont be here for a while. The specific technology in question, SFU, is here today, and you can use it now if you want to.
Not that that should stop you from randomly complaining about MS though. This is slashdot afer all;)
I "went free" a long time ago. I first used UNIX as an 8th grader and was running linux.98 when i was in 10th grade. I stopped using MS products as of Win 3.1 (and after dabbling with OS/2 2.1/2.11) switched completely to linux.
For a year or two.
Then i bought a sparc IPX with sol 2.4, then an SS10 with 2.5.1. Then i went off to college.
With these two real machines i had no need for linux, so i stopped caring about PCs in general. I had real hardware and a real OS that ran basically as long as i left the things turned on. At college i had 2 sparcstations but no PCs.
My junior year of school i bought an SGI i^2 high impact (i wanted a fast 24bit gfx console, and sun didn't have any available unless you got an ffb, which were very expensive and UPA only, or a ZX, which i bought, and was dirt slow)
Finally, in my senior year of college, i got a PC again. Why ? my sgi got rooted:) A friend gave me her old p166mmx machine. I bought two $10 ethernet cards and put openbsd on it. That machine is still my openbsd firewall/filter/"stuff" machine. In march of that year i bought a $400 machine and put win2k RC on it to compete in a windows CE development contest. (note i hadn't used any MS stuff in years, apart from a friends machine or the occasional lab computer).
In may of the same year (2 months later), i started work full time at Microsoft.
Not much changed at home - my main box was still my SGI for a number of years, with my ss10 doing web and mail hosting, the obsd box doing all firewall duties. I sold the sparc IPX back in college.
I built a duron 600 file server and put obsd on it. This was when UDMA 100 drives were fairly new; i put two in that machine and discovered a bug in the oBSD IDE driver, which i submitted a minor patch for (and which was subsequently re-written, but im in the comments somewhere:)
At work obviously i was using w2k, xp, server 2k3, etc. I had a linux box in the corner for some occasional tasks that were actually faster to do in unix even with the penalty of moving data over and back again (i am something of a fan of awk)
I found that W2k was refreshingly nice compared to 3.1, 95, and NT4. I'd say that W2k was the first real OS MS released. Usable enough to not get in the way. Certainly no more than dicking with linux sound modules got in the way.
Curretly, that duron 600 is my main xp workstation, the p166 still runs openbsd, and the ss10 has been powered off for 6 months. The $400 w2k machine still runs w2k as a dedicated machine that has daemontools images of the various car-repair and parts-db stuff i use (via terminal server).
The point of all this long windedness ?
everything post w2k is good enough to use as a workstation, IMO. For a given task, there's a number of tools that can accomplish it. In my case, i screw with computers enough at work that i'm just not interested in hassling with them at home. That means that my home technology choices tend to revolve around "easiest", where easiest caters to my current skillset and world view.
That means i use an XP machine for all of my web surfing and emailing, and putty from there to a unix machine to irc (i hate graphical irc clients). The oBSD machine hosts email and web (because both are super easy to setup there, and i have no fears about making an obsd machine internet-facing.. it just works like it's supposed to)
What's the point of all of this ? I could really care less what OS i'm using. It either meets my requirments or it doesn't. I'll use the one that meets the operational profile for what i'll use the box for with the least amount of my effort. If i gave a crap about spending lots of time at home computing, i'd probably have something more modern than a duron 600 as my primary workstation.
NT5 took a long time to make. A LONG time. Do you think that they'll throw away every line of code and just make something new ?
You mentioned the R word.
Longhorn is by no means being built from scratch. Lots of layers are being refactored, reworked, replaced, and so on. New things are being introduced into the platform stack side by side with current and legacy components.
Nobody does back compat better than MS - what other platform lets you generally get away with running 20+ year old binaries ?
Make no mistake, Longhorn introduces a LOT of new cool stuff. But it does so without throwing away everything. I mean, WinFS is coming, right ? Do you think that means NTFS is going away ? Of course not. THere's an entire new programming model coming in longhorn.. do you think Win32 is going away ? Of course not...
Slashdot Mirror
i am not saying there's anything better..
we have no TV service _at all_ now..
Of the stuff out there, i think DTV or Dish is the best stuff, with the nod going to DTV because of DirecTivo (replayTV might be more featureful, but its historically been just awful compared to tivo), and i dont give any cable companies any money at all, and haven't since i left my parents home. (DSL and DTV, all the way)
I have just gotten to the point where even DTV doesn't seem worthwhile anymore.
I have been a long time DirecTV customer but i just cancelled last week.
/mo for television and it seems like there's honestly nothing that enriching to watch. Seems like a better way to spend $60 a month is to use half of it to take your significant other out to some cheap resturant, and then donate the rest to a local organization.
I have a Hughes HDVR2 Series2 DirecTivo. It was cool and all, but what I really wanted was a way to get content off of it and watch it on a computer. No home media option for DirecTivo users though. Nice.
The real reason we axed DirecTV (and have not replaced it, nor do we plan to) is that the content just isn't there compared with the price you pay for it.
My big interests are F1 racing and World Rally. Speedchannel's coverage of same amounts to under 10 hours a month, tops. Sure, there is other stuff i _can_ watch (cartoon network, for instance) but i could take or leave it. One issue i find with a tivo is that i have all this stuff in there that i feel obligated to watch because its there and i enjoy watching it...
My wife on the other hand is a minnesota twins fanatic. Yet there wer eless than 5 games available to us, even though we live within 3 hrs of minneapolis and have the local tv pack. The MLB extra innings deal is like $70 or $80 or something silly, and you cant ever get a straight answer on what will or wont be shown because of the ridiculous blackout and regional rights issues related to TV.
So I was basically paying for a few races a month and then some time sucking.
My wife was getting no twins games, but a whole boatload of junk off of TLC that managed to suck her day away. It would start innocently enough - "oh, i'll just watch an episode of blah while i do this chore" and then shes managed to waste the whole afternoon watching crap that isn't even all that interesting.
So $45/mo for a bit of racing and a whole bunch of time wasting didn't seem like a good deal to us anymore.
HD seems like an even worse deal. Where's the HD content ? The devices for doing HD PVR are "cool" (although i think any directivo solution will still have the lack of home-media i cited above) but you're talking like $60+
IMO, alot of whats coming right now is technology for technologies sake. I admit that i am captivated by the appeal of a distributed mythTV setup with FEs all over the house, but really, i shouldn't be watching enough tv to justify that.
1) this is not a windows OS bug
GetTickCount() will rollover. An _application_ which assumes it is a strictly increasing value will misbehave after the 40 some odd days expire. That appears to be what is happening here.
Note that nowhere in the article is there a distinction between the "system" and the "OS" or the "application".
2) Regardless of where the fault is (hint: it's not in Windows), it is not unreasonable for a machine to need servicing. Aircraft engines are serviced at hour based intervals, wether they need it or not. It's better to just tear the thing down and rebuild it than to have it tear itself apart. software doesn't _have_ to be this way, but it sometimes is.
Making a complete hardware -> app layer stack 100% failsafe is.. tricky. For some applications, designing the system with a known restart point.. i.e. a reboot of the app or the entire machine, can be more cost effective.. (see earlier the paper on crash-only software design)..a periodic shutdown/restart in complicated systems can be a valid operational practice.
The fault here is two fold - one, the application/system had a known issue that is probably avoidable, but for whatever reasons, it still has the issue.
Knowing that the issue existed, the proper maintennace was not observed with the expected result - a failure.
Only in america do you get away with blaming Audi for oil sludge problems when you dont change your oil every maintenace interval.
If the system called for a 48th day restart, thats what it requires, and deviation from that has consequences. Luckily no one was hurt.
i remember when i was in school and my primary workstation was a used IRIX machine.
:)
:)
I went through the pain of getting gtk built on my machine, and actually emailed the gaim people (just 2 guys back then, iirc) some trivial diffs to make gaim not die on irix.
Back in school i think i complained about how linux-centric f/oss software was (nothing written by a linux user ever clean compiled on irix... and not often on solaris..) and gaim was certainly not stellar in this regard..
Now i'm less antsy about such things.. and despite not really like the "penguin pimps" attitude i seem to recall the gaim crew having,
AOL AIM client for Win32 is so bad that installing Gtk32 and Gaim seems like the path of least resistance
It's nice that there's a non-AOL AIM client. I'm an IE, Media Player, and XP user, but even I can't stand AOL's installers and apps
actually, the limit defaults to 4 for 1.0, and _2_ for 1.1. Note that the limit of 2 persistant connections is set as a SHOULD condition in the 1.1 original RFC (RFC 2068, section 8.1.4 - practical considerations)
http://www.microsoft.com/technet/prodtechnol/offic e/officexp/maintain/xpsec.mspx .doc and .xls are not disabled by default. Perhaps you have the Outlook Security Settings PF setup somewhere with this configuration ?
As far as needing VB programmability in excel - billions of dollars every year are managed by embedded VBA inside of excel spreadsheets. And thats just what i know about one small part of one company.
doesn't let you open attached word files ?
I would say i get at least 1 word attachment per day in my work email box.
When i double click on the attachment, a dialog box asks me if im sure i want to open it, given me the option to open, save, or cancel
Now, i haven't opened any word docs with macros lately, but when i open an excel document with macros, i get asked if i want to enable them or not.
This is with Office 2003.
So, what configuration of outlook do you have where trying to open a word document fails?
By the way - you're free to suggest a solution that lets someone embed a pretty functionally complete programming language into an Office document but doesn't let them do anything malicious (and supports existing code written against this system)
The office scripting situation sucks. Featurewise, its very powerful and handy. Powerful enough that you can use it to do bad things. If you shut it off, then people like you bitch that MS disables features instead of fixing problems. If you "fix it" then somebody's script/macro somewhere stops working, and people like you bitch that MS deliberately broke perfectly working code. If you don't fix it, people like you bitch that Microsoft never does anything about security problems.
So what's the right thing to do ?
Do you understand anything about NT ? Nt already has user separation, priviledge sepration, memory compartmentalization, etc etc.
It's not like buffer overruns on NT are happening in random unpriviledged code an then magically running ring 0.
There are two big issues that make BO's problematic on windows:
1) traditionally, many system processes have run as something equivalent of unix root (Local System, etc). These already have root privs, so any exploit against these that allows code execution is code running as root. This is no different than compromising unix sendmail or any other daemon running as root
2) many users run as local administrator (because some times its hard not to, and some apps are poorly written and require it), so suddenly any buffer overrun is already executing with root priviledges (the current privs of the process)
What built-in mechanism does UNIX have for dealing with buffer overruns? Handing control of the box to script kiddies ?
( i am aware that some unixes have no-exec stacks and other technologies available - XP SP2 has this as well now if your hardware supports it)
When you finish writing a completely secure OS that runs existing customer applications, Microsoft will buy it from you for any amount of money you want, and then dump windows and make the world a better place.
The world is waiting. Get to work, mr. hot stuff. Please show Microsoft and the whole world how an OS _should_ be written.
The world will continue waiting because no completely secure operating system exists, much less a completely secure operating system that has the features and behaviors that customers have come to expect.
Microsoft is working on fixing the things that let worms/ddos/virii spread. But it is an arms race. MS fixes things of today and yesterday, new attacks are found. 10 years ago nobody knew about 1 byte buffer overruns, but today they are being exploited in 15 year old code, and new code auditing must happen and new fixes made.
A defense in depth strategy that assumes that some layer of your system has a weakness and attempts to mitigate that weakness from being an exploit elsewhere is a good design. The specific implementation here of trying to limit the damage caused by a compromised machine is probalby non-optimal, but it's a start.
specifically, the /GS flag to the VC++ compiler.
/GS compiled binaries will cause the OS to terminate the app rather then letting code execute. The source code generally doesn't need changes.
:)
The compiler was modified to support automatic stack overflow checking (i.e. canaries). Server 2003 was compiled with this (and as a result, MANY things that are shared-code problems resulting in exploits on other NT based OSes are either ineffective or DoS attacks on Server 2003).
The idea is that
So, its a defense in depth tactic. Ideally, there'd be no BO's in code. But there are. Terminating the program with an explanation as to why is better than letting people run code on your box.
One of the changes in SP2 was a rate limiting / queing behavior for the number of current sockets in the SYN/opening state.
In other words, suppose you have an app which tries to open 30 tcp sockets simultaneously. Some of them will get delayed by the OS.
This is to try and thwart the speed of worms or DDoS programs - which very often try and create a zillion tcp connections that never end up connecting.
Unfortuneately, it has the side effect of hurting some p2p apps (like bittorrent) and some web browsing configurations...especially if you've changed the registry value that sets the # of simultaneous socket connections IE will make to the same site. The default is like 3 or 4, but if you upped it to say, 20, and then hit a site that had 30 images all on the same server... it is likely that some of your http requests will get queued until other connect() attempts complete the handshake.
Does it suck that this is affecting some browser and other scenarios ? Yes. The topic is under discussion internally at microsoft.
The _intent_ was to try and slow down the spread of worms/ddos attacks in the event a machine got compromised....a good goal to have i think anyone would agree..
The implementation, however, does have disadvantages
If you decide to try SP2 again, anytime the connecting socket limit is reached, an very specific/obvious event will be logged in the eventlog. If you are experiencing slower network interactive speeds, try looking in the logs to see if you're hitting it.
One mitigation, by the way, is to have a proxy (i.e. squid) on another machine.. that way your handshakes from IE resolve _Very_ fast and your sockets rapidly go from handshake to connected...thus reducing the likelihood of you hitting the queing behavior.
There is the commonly held position that many F/OSS projects get source patches out the doro very quickly.
r -in-cvs to the time it takes for something tos how up on windows update.
That's true.
One problem with this is people compare the time-to-released-source-patch-on-a-mailing-list-o
I don't think that's fair for the following reasons:
1) Patch Quality.
It is clear that the volume of basic testing done on many instant-turn-around source patches is zero.
Comparatively, as often as an MS patch manages to break something somewhere, consider how much worse it would be if there weren't a few days of targeted regression testing being done. The official recommendation from MS is to test patches before putting them into production, but there have been a relatively low number of patch recalls from MS.
Finally, i think it bears mentioning that with F/OSS, the initial patch is sometimes re-written over the course of several days until something proper actually is agreed upon and that's the code that actually ends up living with the product.
So i'd consider these source level patches to very often be of "here is something that appears to close the hole and not break anything i tried, good luck!" quality.
2) Patch Applicability
When a hole is discovered in apache, the time it took for an apache developer to submit a source diff is NOT the same deliverable as what you're getting from a commercial vendor patch. A source level patch only does me any good if i am running a source-built tarball in production, and i am relatively current with whatever source base the patch is applied against, and i can handle the manual patch/compile/make install process (and if something goes wrong, i've got to backout the patch and compile/make install _again_)
Most people, especially running production machines, are not running built-from-source software. You install Redhat. You want apache ? You use the redhat apache package. You now need to wait for the updated redhat apache package to get the bugfix, or, you get the latest cvs snap and build from source. Now you've got a lovely problem because the way redhat (or any distro) builds apache is different from the defaults, so you have to go and figure out how your distro likes to build its packages, OR, you need to accept the build defaults and rebase your config files to the new settings.
So really, the vendor binary package is what many people need to wait for before they can truly patch thier machines. THe source diff is nice, but not something they can easily consume
I think between these two points, it's pretty unfair to compare time-to-patch between MS and someone-posted-a-diff-somewhere.
I think if you look at the time from vuln report to updated binary tarball being released by some of the linux distros, you'll be surprised.
ok, so the market share has an effect. Thanks for agreeing. That's what ballmer was saying.
Also, how can you say apache has less security problems than IIS - IIS6 has had zero remote exploits. How does apache compare ?
constrain it to default configurations of each OS, as installed. Consider vulnerabilities that allow for remote root code execution.
I'm aware of the "you cant count the vulnerabilities in 23 MTAs and 44 MUAs" issue. My claim still stands.
IIS6 has had no exploits thus far.
Do you think thats because its better than apache, or because not enough people are using it yet? Answer carefully.
It is not a false analogy, and it is't a stupid thing to say.
:)
The linux camp needs to get past the outdated idea that they are immune from security problems.
The facts plainly disprove this.
Infact, I beleive the number of remotely exploitable defects in the various linux distros are similar or even higher than the remotely exploitable defects in windows server 2003 (you could use ballmers argument against MS if you could concede giving it merit, as i think linux installations might be leading Server2003 installations
There is no arguing that the design of windows and the design of linux are different. However, there IS an argument as to the merits of the design of one vs the design of the other, and how those design choices affect "security" (whatever you define security to be). However, the design differences do not lead to a self evident conclusion.
Now, back to the argument that the exploitability of windows is a function of its installed base:
Here is an example. The morris internet worm did not affect any windows machines. One could argue that a larger percentage of the internet was crippled by the morris worm than was damaged by slammer/whatever.
Naturally, at the time of the morris worm, there were few (zero?) windows servers on the public internet, so the worm didn't target them at all. Instead, it used what was common at the time - defects in fingerd, sendmail, etc.
The worms and defects of the day largely target what is popular and under public scrutiny.
Here are some more points to consider, specifically around linux:
The number of exploited defects in linux is larger today than it was in 1991.
The number of exploited defects in linux today is larger than it was at some point previous to today.. call that t0. Since t0, linux has had more code reviews than previous to t0, and the people maintaining linux code have become more aware of security issues of the day. Even so, the incidence of linux exploits in the wild is greater today than it was at t0. One might argue that the new exploits only appear in new code, but this is clearly not the case. New _classes_ of exploits have been discovered that affect 10 year old code! Consider that one byte overflows, heap overflows, and format string overflows were almost unheard of until after stack overflows had been widely publicized and work was going on to fix them.
It is clear that the sorts of things that turn into exploits are a moving ball. One could postulate that the code getting exploited in linux has been around _longer_ than the code getting exploited in windows (if for no other reason than unix is older than NT). Yet the rise of the number of attacks against linux does NOT seem to correlate with the age of the defects, instead, with the installed base of the platform as a percentage of all targets of opportunity.
I think it is a perfectly reasonable argument to make that people looking to exploit systems, especially kiddies using tools, choose targets of common opportunity. You can disagree, but you need to prevent a valid disagreement, not just assert that Ballmers statement is incorrect because you want it to be.
Finally, and not to be too much of a jerk, but what qualifications do you have regarding the design of secure operating systems? If you beleive that Windows would be more secure because of your input, and can back that up, Microsoft will be happy to pay you any amount of money you ask for to make it happen.
When did "i don't see it that way" become "Absolutely Wrong"?
Regardless of your political affiliation, or your position in the US government, it seems that you should have the right to not be harassed, threatened, or intimidated by anybody.
If you can say with a straight face that the point of this document is NOT for people to intimidate, harass, or threaten members of a political organization, I am listening.
What happened to just being civil. Isn't it possible to say "You know, i don't like some of the policies of this administration" without threatening people, physically assaulting them, harassing them at work/home, and generally being a shithead?"
Were there ever any good ole days of "well, i'm voting for the other guy"?
The political divisiveness in this country continues to get worse and worse.. and for what?
What happened to just being an American? When did it become fashionable to insult and hate anyone that wasn't on the same side of a manufactured binary proposition as you? I mean, I can't imagine that I'm really that different from somebody voting for the other guy - I go to my job, the other guy goes to his. We both need to sleep at night, we both need to eat to survive, we both like being able to speak our minds, we both like living in america enough that we haven't moved.
So what exactly is the deal with people being so hateful?
Given how close the last election was, how can any one on EITHER "side" beleive that the "other side" is 100% pure evil with no worthwhile qualities ? Beleiving such would put you in disagreement with about 50% of americans.
Do you hate 50% of the population ? Do you think 50% of the population is dumb ? Do you think 50% of the population is dumber than you? Do you feel that the 50% that voted the way you didn't were misguided and got badly duped?
I suspect the 04 election will be as close as the 00 election, meaning if you're being an asshole towards someone or some group based on their political beleifs, you may as well go down your street and be an asshole to every other house you visit.
Disagreeing is healthy.
Being violent and hateful towards your fellow americans isn't.
The mean spirited slogans, shirts, posters, rhetoric etc IMO are really tearing down this country. The negativity only increases the divisiveness. You'd think with all of the anger and what not being displayed, i'd be able to figure out what people were actually upset about, but more often then not, i can't. Maybe that makes me a dumbass, but my vote counts as much as yours, so stop being a shithead.
The attitudes displayed by the submitters of this data are not positive, and not healthy. People are just people and they think what they do for a reason. Harassing them or threatening them won't change their worldview, but it will continue to widen the fissure between two halves of the same nation.
I've seen a lot of slashdotters defending the people behind this and that's what's really upsetting. We're all intelligent enough to be wary of free speech, intimidation, and government tampering with individual rights.
We, by and large, also know what it's like to be on the receiving end of intimidation, harassment, and being singled out by hateful mobs. (or did you not go to highschool ?)
If you beleive that the ends justify the means, then anything is rationalizable. Please make sure that you're not setting a double standard about what is ok and what isn't depending on the political viewpoints of the targets.
except it was usually pizza hut answering the phone: "hello, pizza hut" only to be greeted by "uh, hello, this is papa johns"
it was a real treat to listen to the two angry pizza guys, both of whom were insisting that THEIR phone was the one that rang, work out who was the bigger jerk
3 way calling and the "mute" button is the best thing that happened to beeing a geeky teenager.
I've run a few RC builds of XP SP2 on 2 different machines.
:)
:)
Configuring the firewall is _easy_.
I too have real firewalls. I leave the SP2 one turned on as well, because it hasn't gotten in the way of anything i do with the machines (yet). I did add a port or two to the allow list, and thats it.
Remember, defense in depth. Having every XP machine tightened up out of the box as much or more as a default linux install is a good thing.
But, you can turn the firewall features off _very_ easily.
I really like the popup blocker and other IE changes in SP2 as well. I've stopped using proxomitron. I see inline ads where prox used to just put [Ad] but that doesn't bother since the super obnoxious stuff is gone. Also, the way IE handles ActiveX controls is _much_ nicer than it used to be - no being asked 23049 times per page to dismiss modal dialogs.
finally, i wouldn't get too worked up over the headline that XP SP2 is delayed. I have some inside info on the delay.. and its (so far) not worth the sensational press its getting at sites with.. ABM slants
People need to be honest. If MS said there's a problem and released it anyway, the ABM camp would grill them for releasing shitty unfinished product. By holding it for a while longer, MS gets grilled for delaying its release (with sideline comments about them being incompetant or SP2 being vapor or what have you). To the ABMer, MS can do nothing right.
(ABM = "Anything But Microsoft"
I cant say much about it since it's unreleased, but i beleive its public knowledge. Virtual Server has a feature called "differencing disks", where you have a base virtual server image and then any changes to that image are written to a separate file - a difference disk.
.vhd over the .vhd of the machine im wiping, and fire it back up. I have one active virtual server image for each different code branch i need to work with (different branches will have different platform requirements that make putting multiple branches on the same box impossible)
This would let you do what you suggest.
Personally, i love virtual server, and i do all of my development and test work inside of virtual server images. Our product has an atrocious number of pre-relased platform requirements and rebuilding a bunch of physical machines is a big pain. I have a base Windows 2003 Server image with sysprep, and anytime i need a clean machine i just copy that
SFU 3.5 is available _today_, as a free download, no less. I've been using SFU since the pre-3.0 betas. It is wonderful. The announcement here seems to be that SFU will actually get rolled into some longhorn skus, so you wont even have to download the free installer. That means people can expect an SFU environment as part of a given windows install in a few years.
;)
SFU is cool technology - you get real NFS client and server, a real UNIX cmdline environment (much better than cygwin, IMO), full gcc, libraries, tcsh, even x11 libs (but no local xserver). I find that having a tcsh SFU window hanging around on my desktop significantly helps my development process (foreach/grep/find/sed does wonders for search-n-replace on a large code base)
I'm not sure really what the point of your post was, but it mostly revolves around bitching at MS and journalists about a announcing a product plan. You seem to focus on how longhorn wont be here for a while. The specific technology in question, SFU, is here today, and you can use it now if you want to.
Not that that should stop you from randomly complaining about MS though. This is slashdot afer all
the sticker is something like 14 city, 19 hwy.
,featureless midwestern interstate), i get 23 hwy.
:)
I get around 11 city, and, if i really, really baby it (i.e. set cruise control at 79 on flat
The 11 city is because of my driving style. Drive it like you stole it. Part throttle is just for controlling car rotation
I "went free" a long time ago. I first used UNIX as an 8th grader and was running linux .98 when i was in 10th grade. I stopped using MS products as of Win 3.1 (and after dabbling with OS/2 2.1/2.11) switched completely to linux.
:) A friend gave me her old p166mmx machine. I bought two $10 ethernet cards and put openbsd on it. That machine is still my openbsd firewall/filter/"stuff" machine. In march of that year i bought a $400 machine and put win2k RC on it to compete in a windows CE development contest. (note i hadn't used any MS stuff in years, apart from a friends machine or the occasional lab computer).
:)
For a year or two.
Then i bought a sparc IPX with sol 2.4, then an SS10 with 2.5.1. Then i went off to college.
With these two real machines i had no need for linux, so i stopped caring about PCs in general. I had real hardware and a real OS that ran basically as long as i left the things turned on. At college i had 2 sparcstations but no PCs.
My junior year of school i bought an SGI i^2 high impact (i wanted a fast 24bit gfx console, and sun didn't have any available unless you got an ffb, which were very expensive and UPA only, or a ZX, which i bought, and was dirt slow)
Finally, in my senior year of college, i got a PC again. Why ? my sgi got rooted
In may of the same year (2 months later), i started work full time at Microsoft.
Not much changed at home - my main box was still my SGI for a number of years, with my ss10 doing web and mail hosting, the obsd box doing all firewall duties. I sold the sparc IPX back in college.
I built a duron 600 file server and put obsd on it. This was when UDMA 100 drives were fairly new; i put two in that machine and discovered a bug in the oBSD IDE driver, which i submitted a minor patch for (and which was subsequently re-written, but im in the comments somewhere
At work obviously i was using w2k, xp, server 2k3, etc. I had a linux box in the corner for some occasional tasks that were actually faster to do in unix even with the penalty of moving data over and back again (i am something of a fan of awk)
I found that W2k was refreshingly nice compared to 3.1, 95, and NT4. I'd say that W2k was the first real OS MS released. Usable enough to not get in the way. Certainly no more than dicking with linux sound modules got in the way.
Curretly, that duron 600 is my main xp workstation, the p166 still runs openbsd, and the ss10 has been powered off for 6 months. The $400 w2k machine still runs w2k as a dedicated machine that has daemontools images of the various car-repair and parts-db stuff i use (via terminal server).
The point of all this long windedness ?
everything post w2k is good enough to use as a workstation, IMO. For a given task, there's a number of tools that can accomplish it. In my case, i screw with computers enough at work that i'm just not interested in hassling with them at home. That means that my home technology choices tend to revolve around "easiest", where easiest caters to my current skillset and world view.
That means i use an XP machine for all of my web surfing and emailing, and putty from there to a unix machine to irc (i hate graphical irc clients). The oBSD machine hosts email and web (because both are super easy to setup there, and i have no fears about making an obsd machine internet-facing.. it just works like it's supposed to)
What's the point of all of this ?
I could really care less what OS i'm using. It either meets my requirments or it doesn't. I'll use the one that meets the operational profile for what i'll use the box for with the least amount of my effort. If i gave a crap about spending lots of time at home computing, i'd probably have something more modern than a duron 600 as my primary workstation.
NT5 took a long time to make. A LONG time. Do you think that they'll throw away every line of code and just make something new ?
You mentioned the R word.
Longhorn is by no means being built from scratch. Lots of layers are being refactored, reworked, replaced, and so on. New things are being introduced into the platform stack side by side with current and legacy components.
Nobody does back compat better than MS - what other platform lets you generally get away with running 20+ year old binaries ?
Make no mistake, Longhorn introduces a LOT of new cool stuff. But it does so without throwing away everything. I mean, WinFS is coming, right ? Do you think that means NTFS is going away ? Of course not. THere's an entire new programming model coming in longhorn.. do you think Win32 is going away ? Of course not...