This from an outfit that once claimed that if you renamed the "EnablePrefetcher" registry key in XP to "EnableSuperfetch" then you could get superfetch in XP.
40 million sold according to Microsoft. It's lucky Microsoft is a 1-man band who can make up figures with abandon. If they were, I don't know, the biggest software company in the world who's every move is tracked by vast numers of auditors, ridiculous numbers of interested shareholders, the IRS, and pretty much all of the major analysis firms (Gartner, IDC etc.) they might have ound it harder to fabricate sales figures.
I don't know why the parent has been modded flamebait; s/he makes an excellent point; especially about Symantec.
Mcaffee do it to -- have a look at http://www.avertlabs.com/research/blog/?p=218#comm ent-32657, an explot that gives an attacker "full access to the system". A little lower down, it is noted that the attack "requires... administrator [privileges]", but goes on to say that "a determined attacker can always find workarounds". WTF??? It's an attack the purpose of which is to malware running with admin privileges, that... requires admin privileges. Right. Sure. (He's torn apart in the comments).
Wouldn't you either need to either hack into their ISP's DNS servers and change Windowsupdate.com to redirect to your site, or else get into the target PC and change their default DNS server from their ISP to a box you've set up? The former would be nigh-on impossible, and if you've done the latter you've already compromised the PC; so why bother fiddling about with Windowsupdate?
mimicking both Win2k and WinXP appropriately Yeah... That's the problem. A lot of Linux apps ported to Windows/MacOS use their own toolkits but skin them to make them look like the native Windows ones. I don't want that, I want them to actually use the native ones.
Why? Mimicking the native ones is fine if you use the mouse, have no accessibility problems, and keep the default skin. I don't. Windows has a theme engine that is capable of changine the look&feel of all the native widgets. I want to make use of it, and I don't want to spend time searching for another skin for non-native apps that goes well with whatever Windows theme I'm using. And more subtle things: screen readers. Accessibility options. Keyboard navigation options. Etc, etc. All these sorts of things are liable to not work well with non-native toolkits, however well they mimick the *look* of the native ones.
If they're called "Vista Ux Guidelines", I'm going to take a guess that they haven't been out "forever". No duh.
Can you point me to the XP guidelines, or the Win2K guidelines? Do such things even exist, or did they create these new for Vista? Don't be wilfully ignorant. Of course they have guidelines. A quick Google search reveals that the Windows 95 guidelines were published as a book called "Microsoft Windows User Experience", later renamed to "The Windows Interface Guidelines for Software Design" (you can still get it from Amazon) with subsequent minor updates for 98, 2000 etc. No doubt they were published on MSDN as well. The XP guidelines certainly were, and you can now get them as a self-extracting zip archive thanks to the wayback machine. The guidelines currently on MSDN are of course the latest (Vista) ones.
I've gotten used to Windows simply not having UI guidelines I've gotten used to spending time attempting to educate people who apparently don't know how to use Google and would rather remain wilfully ignorant...
Position is not a quantised value, nor is any of its time derivatives (velocity, acceleration, impulse) and related values (momentum, force, kinetic and potential energy. Time is not quantised. Since it's impossible to know position to a precision of less than the Planck length, the effect is surely indistinguishable from if it *was* quantised (in units of Planck lengths). Ditto for time (effectively quantised in units of Planck time, the time it takes for light to travel a Planck length) and all the derivatives thereof.
And obviously the energy, velocity, wavelength etc. of any particle trapped in a stationary state is definitely quantised.
I know you were joking, but there's nothing mutually exlusive about quantisation and irrationality. To use the original poster's example, elementary electric charge in Coulombs, being an experimentally derived value, is very, very likely* to be irrational. That doesn't change the fact that charge is quantised.
* Reason: 'almost all' the reals are irrational; since the reals are uncountable, and all but countably many of them are irrational.
You don't need to upgrade to Vista to get IE7, you can download it from http://www.microsoft.com/windows/downloads/ie/geti tnow.mspx. If you use Firefox rather than IE6 and so have no particular reason (interface etc.) to want to use IE6, that's even more reason to drop it in favour of 7: since MS, in their Infinite Wisdom, tied IE so tightly into various parts of Windows, security holes in IE can and do affect other parts of the OS (as the rendering engine in the help system, many common email apps, etc.). IE6 is pretty much a liability (see: TFA) -- if usually you use firefox, there's no reason to have it lurking on your system longer than necessary.
Surely, if anything, file and registry virtualization makes it even easier for backups, migrating etc. It means that there's only ever one folder you need to copy (\users\username) and it'll come with everything -- per-user data and settings written to HKCU in \username\appdata where they should be, and settings written to HKLM and program files (where they shouldn't be) redirected to username\appdata\virtualstore. So you can just reinstall your app on the new computer, copy your \username folder over, and all your settings will be there, whether they were written to the correct place or not.
That would be an excellent solution... in a single user system. In a multi-user environment, you'd immediately run into problems whereby one user changes the settings in an application, and all other users find them changed even when they didn't want them changed. Since all major OSes these days are multi-user OSes, and it would be a complete pain to have different practices for sinlge-user and multi-user systems (reinstall the OS and all applications if you want to add a second user? No thanks!), it makes sense to store settings and so on in the same, user-specific folders that documents and data are stored in -- i.e./home, \Documents and Settings, \users, etc. depending on OS.
FFS, it doesn't change your default browser. There is a KNOWN bug in Firefox (since version 2.0.0.2) that makes it think it's not the default browser, when it actually is. The fact that it remains the default browser is easily verified by opening a URL or HTML file: it still opens in Firefox.
Read the other comments; it's a bug in Firefox that makes it think it's not the default browser, when it actually is. This is easily verified by opening a URL or HTML file: it still opens in Firefox.
Today IE7 (which is lucky to get 7 critical patch on Vista) How did you get 7?! The summary states 6. The Technet article gives 5 in total, only 4 of which affect Vista.
You'll be pleased to know that the number of unpatched vulnerabilities for Windows 98/ME is now so large that a few more will make practically no difference.
If your 98 box is connected to the interwebz, do yourself a favour and upgrade; if it's too old for even XP, try something lightweight and Linuxy like Fluxbuntu or DSL.
Why on Earth are you still running IE6 on a production machine? The fact that more than one of the vulnerabilities in TFA apply to IE6 only, not IE7, should be reason enough to upgrade.
If you need it installed to test websites with it, why not have it installed in a virtual machine?
If it's just that you just prefer the interface of IE6 to IE7, both Opera and Firefox can be configured & skinned to work exactly like IE6.
Parent's blog post has a reply from Microsoft about the issue which explains what's happened -- to wit:
Thanks for providing the information on the updates you installed before experiencing the Firefox default browser prompt. We did a thorough investigation and have tracked down the cause of the issue. Before I explain the actual cause, I do want to let you know that we also determined that at no time did Firefox ever stop being the default browser on the machine. It mistakenly thought it was no longer the default and prompted users, but every entry point that triggered the default browser would still launch Firefox.
This issue is actually the result of a change in Firefox (added in Firefox v 2.0.0.2) and how it responds to Office changing a Windows registry key during the updating process. Whenever Office updates, it also verifies that many supporting registry keys are set to expected values (this is the same action that occurs when you use the Detect and Repair functionality in Office). The modification of registry keys during updating has happened throughout the lifecycle of Office 2003, and the Outlook Junk Email Filter delivered via Microsoft Update this month triggered this issue simply because it was the first update of Office since Firefox 2.0.0.2 became available, not because this specific update did anything differently.
On the basis of your report, the Office team has worked with Mozilla and believe theyve arrived at an answer that will address the issue. The Mozilla folks have told us that the change will be in an upcoming version of Firefox, and it is tracked in this bug report on the Mozilla site. Thanks again for bringing this to our attention. Your blog was the trigger of the investigation and were all glad we were able to find the solution so quickly."
Gary Schare
Director, Internet Explorer Product Management at Microsoft
How do you get off redefining "no" like that?
3D hardware acceleration is implemented. They just haven't implemented all of the features that Vista wants to do its blur. The new Desktop WIndow Manager in Vista does not work unless you have DirectX 9 supporting hardware. There's no 'legacy mode' whereby you can run some of it on DX8 hardware. Since the original question was "I don't see a lot of point in virtualizing Vista if you can't have the 3D desktop stuff", the answer would be, no, you can't have the 3-D desktop stuff. No redefining happening.
Have they implemented 3D harware acceleration virtualization? I don't see a lot of point in virtualizing Vista if you can't have the 3D desktop stuff. Yes... up to DirectX 8 at least, apparently they'll be working on newer versions of DirectX later. ..So that would be a no, then. Vista's eye-candy requires DirectX 9 -- specifically, I believe it uses Shader Model 2.0 to do all the fancy blurry frosted glass effects, which was bought in with DX9.
Actually, the summary was incorrect regarding Vista: at least one of the vulnerabilities in question ("Uninitialized Memory Corruption Vulnerability CVE-2007-0944") is not present in Vista, and contrary to the summary's implication, only two out of the Vista vulnerabilities (CVE-2007-0945 and CVE-2007-2221) are rated critical.
Not, of course, that this excuses MS in any way (two is still two too many), but the summary was still rather misleading.
Somewhere, the hashes are stored. Find those and the solution presents itself. No they're not, they're hashes; they're produced on-the-fly with a hashing algorithm from a combination of the hardware GUID and the encryption key. Since the dongle and the bank's webserver would both be using the same (probably open-source) algorithm, the hashes they produce would be the same, hence they can compare them to verify security. Every 30 seconds the hash would be discarded and a new one generated from a new (randomly generated) encryption key that's sent to the dongle encrypted with the previous encryption key. The only stored list necessary is the table of user's login name / customer number / whatever against their hardware GUID; but even if this was compromised it would not affect the security of the system since a cracker would need the hash, which is produced with the encryption key as well as the GUID.
OK, so it's not impenetrable. In theory, someone could compromise the encryption used and find a way to analyse the radio waves in order to guess the encryption key. This would, however, be very difficult since the data being sent over radio would be a repeated (say) 256-bit key -- it's not like when the attacker finds the right key the stream will resolve itself into human-readable text, one 256-bit length of highly entropic bits looks much like another, even if someone does find a way to brute-force a 256-bit key in 30 seconds, which is pretty unlikely. If someone *does* crack AES (or whatever), it's not like people won't know about it -- the current state of vulnerability of the well-known encryption algorithms is widely known. The bank could just recall the dongles and release new ones which use whatever 2050's favorite encryption algorithm is.
The point is, if I put a file up on the internet, encrypted with easily available tools using highest security and a highly random, good-length password, I can be pretty damn sure it won't get cracked open; within a few years, at least. 30 seconds is easily a short enough time.
All that said, however; you're absolutely right, it won't work.
There's no free email accounts which *don't* do this; Hotmail, Yahoo, even Gmail (though the latter does give you 3 times as long before they delete your emails and give your account name to someone else). If you want a permanent email address or have any business-critical emails, don't use free email accounts, period. You get what you pay for.
Slashdot Mirror
This from an outfit that once claimed that if you renamed the "EnablePrefetcher" registry key in XP to "EnableSuperfetch" then you could get superfetch in XP.
.
. .
I don't know why the parent has been modded flamebait; s/he makes an excellent point; especially about Symantec.
m ent-32657, an explot that gives an attacker "full access to the system". A little lower down, it is noted that the attack "requires... administrator [privileges]", but goes on to say that "a determined attacker can always find workarounds". WTF??? It's an attack the purpose of which is to malware running with admin privileges, that... requires admin privileges. Right. Sure. (He's torn apart in the comments).
Mcaffee do it to -- have a look at http://www.avertlabs.com/research/blog/?p=218#com
Wouldn't you either need to either hack into their ISP's DNS servers and change Windowsupdate.com to redirect to your site, or else get into the target PC and change their default DNS server from their ISP to a box you've set up? The former would be nigh-on impossible, and if you've done the latter you've already compromised the PC; so why bother fiddling about with Windowsupdate?
Why? Mimicking the native ones is fine if you use the mouse, have no accessibility problems, and keep the default skin. I don't. Windows has a theme engine that is capable of changine the look&feel of all the native widgets. I want to make use of it, and I don't want to spend time searching for another skin for non-native apps that goes well with whatever Windows theme I'm using. And more subtle things: screen readers. Accessibility options. Keyboard navigation options. Etc, etc. All these sorts of things are liable to not work well with non-native toolkits, however well they mimick the *look* of the native ones.
And obviously the energy, velocity, wavelength etc. of any particle trapped in a stationary state is definitely quantised.
I know you were joking, but there's nothing mutually exlusive about quantisation and irrationality. To use the original poster's example, elementary electric charge in Coulombs, being an experimentally derived value, is very, very likely* to be irrational. That doesn't change the fact that charge is quantised.
* Reason: 'almost all' the reals are irrational; since the reals are uncountable, and all but countably many of them are irrational.
Apologies; I didn't realise that IE7 required XP.
You don't need to upgrade to Vista to get IE7, you can download it from http://www.microsoft.com/windows/downloads/ie/geti tnow.mspx. If you use Firefox rather than IE6 and so have no particular reason (interface etc.) to want to use IE6, that's even more reason to drop it in favour of 7: since MS, in their Infinite Wisdom, tied IE so tightly into various parts of Windows, security holes in IE can and do affect other parts of the OS (as the rendering engine in the help system, many common email apps, etc.). IE6 is pretty much a liability (see: TFA) -- if usually you use firefox, there's no reason to have it lurking on your system longer than necessary.
Surely, if anything, file and registry virtualization makes it even easier for backups, migrating etc. It means that there's only ever one folder you need to copy (\users\username) and it'll come with everything -- per-user data and settings written to HKCU in \username\appdata where they should be, and settings written to HKLM and program files (where they shouldn't be) redirected to username\appdata\virtualstore. So you can just reinstall your app on the new computer, copy your \username folder over, and all your settings will be there, whether they were written to the correct place or not.
That would be an excellent solution... in a single user system. In a multi-user environment, you'd immediately run into problems whereby one user changes the settings in an application, and all other users find them changed even when they didn't want them changed. Since all major OSes these days are multi-user OSes, and it would be a complete pain to have different practices for sinlge-user and multi-user systems (reinstall the OS and all applications if you want to add a second user? No thanks!), it makes sense to store settings and so on in the same, user-specific folders that documents and data are stored in -- i.e. /home, \Documents and Settings, \users, etc. depending on OS.
FFS, it doesn't change your default browser. There is a KNOWN bug in Firefox (since version 2.0.0.2) that makes it think it's not the default browser, when it actually is. The fact that it remains the default browser is easily verified by opening a URL or HTML file: it still opens in Firefox.
2 836828.html
For more information, see http://www.zoliblog.com/blog/_archives/2007/3/26/
Read the other comments; it's a bug in Firefox that makes it think it's not the default browser, when it actually is. This is easily verified by opening a URL or HTML file: it still opens in Firefox.
I've heard of inflation, but this is ridiculous.
You'll be pleased to know that the number of unpatched vulnerabilities for Windows 98/ME is now so large that a few more will make practically no difference.
If your 98 box is connected to the interwebz, do yourself a favour and upgrade; if it's too old for even XP, try something lightweight and Linuxy like Fluxbuntu or DSL.
Why on Earth are you still running IE6 on a production machine? The fact that more than one of the vulnerabilities in TFA apply to IE6 only, not IE7, should be reason enough to upgrade.
If you need it installed to test websites with it, why not have it installed in a virtual machine?
If it's just that you just prefer the interface of IE6 to IE7, both Opera and Firefox can be configured & skinned to work exactly like IE6.
http://it.slashdot.org/comments.pl?sid=234097&cid= 19076261
Thanks for providing the information on the updates you installed before experiencing the Firefox default browser prompt. We did a thorough investigation and have tracked down the cause of the issue. Before I explain the actual cause, I do want to let you know that we also determined that at no time did Firefox ever stop being the default browser on the machine. It mistakenly thought it was no longer the default and prompted users, but every entry point that triggered the default browser would still launch Firefox.
This issue is actually the result of a change in Firefox (added in Firefox v 2.0.0.2) and how it responds to Office changing a Windows registry key during the updating process. Whenever Office updates, it also verifies that many supporting registry keys are set to expected values (this is the same action that occurs when you use the Detect and Repair functionality in Office). The modification of registry keys during updating has happened throughout the lifecycle of Office 2003, and the Outlook Junk Email Filter delivered via Microsoft Update this month triggered this issue simply because it was the first update of Office since Firefox 2.0.0.2 became available, not because this specific update did anything differently.
On the basis of your report, the Office team has worked with Mozilla and believe theyve arrived at an answer that will address the issue. The Mozilla folks have told us that the change will be in an upcoming version of Firefox, and it is tracked in this bug report on the Mozilla site. Thanks again for bringing this to our attention. Your blog was the trigger of the investigation and were all glad we were able to find the solution so quickly."
Gary Schare
Director, Internet Explorer Product Management at Microsoft
Follow the instructions here.
;-)
Actually, the summary was incorrect regarding Vista: at least one of the vulnerabilities in question ("Uninitialized Memory Corruption Vulnerability CVE-2007-0944") is not present in Vista, and contrary to the summary's implication, only two out of the Vista vulnerabilities (CVE-2007-0945 and CVE-2007-2221) are rated critical.
Not, of course, that this excuses MS in any way (two is still two too many), but the summary was still rather misleading.
OK, so it's not impenetrable. In theory, someone could compromise the encryption used and find a way to analyse the radio waves in order to guess the encryption key. This would, however, be very difficult since the data being sent over radio would be a repeated (say) 256-bit key -- it's not like when the attacker finds the right key the stream will resolve itself into human-readable text, one 256-bit length of highly entropic bits looks much like another, even if someone does find a way to brute-force a 256-bit key in 30 seconds, which is pretty unlikely. If someone *does* crack AES (or whatever), it's not like people won't know about it -- the current state of vulnerability of the well-known encryption algorithms is widely known. The bank could just recall the dongles and release new ones which use whatever 2050's favorite encryption algorithm is.
The point is, if I put a file up on the internet, encrypted with easily available tools using highest security and a highly random, good-length password, I can be pretty damn sure it won't get cracked open; within a few years, at least. 30 seconds is easily a short enough time.
All that said, however; you're absolutely right, it won't work.
Why?
Human stupidity.
There's no free email accounts which *don't* do this; Hotmail, Yahoo, even Gmail (though the latter does give you 3 times as long before they delete your emails and give your account name to someone else). If you want a permanent email address or have any business-critical emails, don't use free email accounts, period. You get what you pay for.