I agree that it's a huge pain that the dialogs are system modal. I expect it was probably done because users would otherwise never figure out what to do and cross-application communication using admin priveleges would be broken, but it's still annoying. According to Wikipedia, it's not just a modal dialogue, it's actually a different desktop being invoked (the same one as the login screen uses) under which all running programs are frozen. This apparently is done to prevent keystroke loggers from recording administrator passwords.
UAC, on the other hand, IS NOT sudo . It's a crazy sort of GUI hook in front of anything that requires Administrator privileges. ...OK, gksudo rather than sudo then. That's a rather silly nitpick; they still perform the same function whether graphically or in a console.
When running with UAC enabled, the user is still running as Administrator. Wrong; two tokens are assigned, standard user and admin; any non-elevated applications run as the standard user token.
The difference is that whenever an Administrator privilege is required, a UI appears asking the user if they want to grant access. Of course, in most cases, the user has no clue and just blindly hits "yes". This isn't helped because the message is so vague that even I have no clue what, exactly, is being asked. Again, how is this different from gksudo? WRT vagueness, it gives exactly the same information that gksudo gives you: the name and publisher of the program that wants to run as admin. What more do you want?
One more particular thing MS did horribly wrong with Vista is ask the user for confirmation every time it blinks. I'm not sure I understand your complaint: if an application needs to elevate to admin, then it needs to elevate. The only way to cut down on elevation dialogues (apart from waiting -- with time, developers will do what they should have always done and make apps which don't needlessly elevate if they're not performing an admin task) would be for Microsoft to somehow maybe heuristically sometimes intercept elevation prompts and automatically give the program admin permissions without asking for an admin password, in order to cut down on prompts. But obviously that would be a huge security risk, since if normal programs can elevate without prompting, then so can malware (heuristics can be fooled). So what exactly are you suggesting?
My current annoyance is Notepad++ which tries to do something when it runs, and fails-- but the error also doesn't tell me what it was trying to do, so I have no way of figuring out which feature to disable. Boo! No need to reinstall Notepad++, as someone claimed; you can fix it with: Settings -> Preferences ->MISC tab -> uncheck "Enable auto-updater".
Why their autoupdater requires admin access is a mystery, but probably just crap coding -- I find most programs autoupdaters work just fine without elevating (though obviously you need to elevate if you want to install an update for a program that's not installed in your userspace).
In a related matter, is this quote from an earlier day still appropriate?
Windows is a 32-bit shell for a 16-bit extension to an 8-bit operating system designed for a 4-bit microprocessor by a 2-bit company that can't stand one bit of competition. You're rather out of date.
The quote was (presumably) originally a description of Windows 1.0 - 3.1, but even then was never really true. DOS has always been 16-bit: even the original PC-DOS 1.0 (before it was even renamed to MS-DOS) needed at least an 8088, which was a 16-bit CPU (albeit with an 8-bit external data bus and support for 8-bit code). With respect to Windows 9x, the quote's even more dubious: whilst Windows did use DOS as a bootloader, it certainly wasn't just a shell on top of DOS (Wikipedia on Windows 9x).
But if it's very dubious for Windows 9x, it's just plain wrong for the Windows NT line, which was written from the ground up with a hardware abstraction layer for the x86, Alpha, and MIPS architectures; a list which by 2001 had morphed into x86 and x86-64. (Wikipedia on Windows NT's architecture). Consumer versions of Windows have been based on the NT kernel since Windows XP in 2001.
About 90% of copies of Windows out there are pirated, and so won't be auto-updated. 90%? What planet are you on? 90% of all Windows installations are in corporations, usually on volume license agreements, who wouldn't dare to pirate Windows with BSA looming over their shoulders. Something like 90% of the remainder will come with PCs bought at retail, from PC World, Walmart et al, and so will be legal OEM copies. Which leaves maybe around 1% of installations pirated, most of which will still be updated, because Microsoft deliberately doesn't require WGA for security updates!
...about 90% belong to clueless users who won't bother to use the automatic update service. Ummm.... "who won't bother to use the ***automatic*** update service"? The whole point of an automatic update service that's on by default (which it has been since SP2) is that clueless users don't have to "bother" to do anything, since it's done for them, automatically. Hence the "automatic" part of "automatic update service"...
Ummm, no. Read the GP again: "...leverages the Trusted Platform Module (TPM) when present". That means it still works without the TPM, but presumably has to use other and non-hardware sources of entropy (e.g hashes of time(NULL), thread ID, tick count, CPU performance counters, etc.).
Your assertion that using hardware to reduce the determinism and thus reduce the predictability of a PNRG must be some sort of strategy to lock hardware and software together betrays an ignorance of the problems that computer PNRGs are facing and have always faced. Read some of the other posts.
Does anyone around here believe that freedom and free markets are a good thing?...
I understand the idea of monopolies... You clearly don't, because the entire point is that a coercive monopoly is detrimental to the functioning of a free market.
Now, I could go and read through Microsoft's webpage about DFS, and speend a few minutes paraphrasing it into a post for your edification; or maybe you could, I don't know, go do it yourself...?
are all circumference/diameter(on the surface) ratios rational? If not, how many are not? As the circle expands from a point to a great circle, the ratio between circumference and diameter can take any value between pi and two. So an infinite number of possible ratios are rational, and in infinite number are irrational.
Interestingly, however, if you pick a particular circle, the ratio actually has a 100% probability of being irrational, rather than rational. Informally, this is because the irrationals are so much 'denser' than the rationals (using the colloquial rather than the topological meaning of dense). A proper proof follows from the fact that the rationals have Lebesgue measure 0; i.e. they can all be enclosed in a set of intervals on the real line, the sum of the lengths of which can be made as small as you like.
They are not working with double digits. They are using single digits: 10 cubits... 30 cubits...
In scientific notation, you count the significant digits. All of the numbers have one (1) significant digit Not quite. "10 cubits" and "30 cubits" might be to either one or two significant figures; since it doesn't specify, there no way of telling which. If they had they been given in scientific notation, as either, e.g., "3*10^1" or "3.0*10^1", then you're right, that would have been one and two s.f. respectively; but "30 cubits" is ambiguous.
Even though there was a complete rewrite... No, there wasn't. The only person who has ever claimed that Vista is a complete rewrite was Twitter. The Vista kernel is just a modified and updated Server 2003 kernel (not, of course, that that's a bad thing). There was originally talk of larger low-level changes, but they were scrapped back in 2004.
His writeup for Civilisation 4 was especially amusing. Vista apparently comes up with a dialogue box that says:
This program has known compatibility issues.
Check to see if a solution is available on the Microsoft website with options for "Check for solutions online" or "Run program". (IIRC, MS regularly releases pack of compatibility shims for different programs based on the number of "Do you want to send this information to Microsoft" crash reports).
TFA's response to this? To not allow the compatibility shimmer to check MS's website, but rather run the program anyway, with the comment "If you [Microsoft] know something is wrong, fix it." This despite the fact that, to any sentient observer, the dialogue box is attempting to get him to let Microsoft do... Ummm, just that. Presumably the author of TFA would prefer Microsoft to break into his house and install newly developed compatibility shims without his knowledge, rather than have to tolerate the chutzpah of -- *gasp!* -- asking him...
... it turns out Vista patched less than half the vulnerabilities than Windows XP did in its first year... According to the new Microsoft report, Vista also had fewer patches in its first year than other OSes... Number of known unpatched Secunia security advisories: Vista: One, Linux kernel 2.6: Twelve, Mac OS X: Seven.
Not, of course, that unpatched Secunia advisories represents any kind of linear relationship with general OS security; but it does rather demonstrate that your preferred method of OS security cognitive dissonance doesn't exactly stand up.
> Not exactly something that the average person knows how to do.
....Umm, true; no, it isn't. Luckily, they don't have to, because Microsoft does know how to do it.
And, in fact, have done it.
In Vista.
Hence the statement "Vista has built-in file and registry virtualisation".
If the user would have to do it themselves, that statement would instead be "Vista does not have built-in file and registry virtualisation; so the user has to do it themselves, if they want it".
in the admin account, you don't only get UAC warnings when performing an admin task. you also get them when performing a "potentially harmful" task, like running a program from a cd. in the standard account, you ONLY get UAC warnings when you need to elevate privs, hence the fewer warnings. I'm sorry, but that's just not correct. UAC is a privilege elevation system; the only time it ever appears, on any type of user, is when you need to elevate privileges. If you run a program that doesn't require elvated privileges from a CD, you won't get a prompt, whether you're running as standard user or admin (I've just tried it). If you run a program that does, you will get a prompt, on both types of account. E.g. for an unsigned exe that wants admin privs: the prompt for a standard user, and the prompt for an administrator.
That's not to say that all UAC prompts are for elevation to administrator. Internet Explorer runs with very low privileges, lower than a standard user; if you're doing something (e.g. an IE add-on wants to write to anywhere other than temporary internet files) that needs normal privileges, you need to elevate from low to normal (example prompt), but this is the same whether you're running as standard user or admin.
In other words, there's no such thing as a UAC dialogue warning of a "potentially harmful" task that doesn't elevate, on any kind of user account. A potentially harmful task is one that requires privilege elevation of some sort, and the UAC dialogue is asking whether you want to elevate.
Apologies; you're right, I'd misunderstood what you were saying.
However, the advantage of Time Machine over VSC that you describe is an illusory one. Yes, Time machine can use APIs to pull individual records from large databases in the built in applications (individual contacts from the address book database, individual photos from the iphoto metadata database, etc.). and no, VSC has no such equivalent. But no such equivalent is needed, because of the different way that applications store data in Vista as opposed to Leopard.
Let me elaborate. In a Mac, as you say, Time Machine can use APIs to pull an individual contact from the address book database. But in Vista, individual contacts are files in of themselves; there is no need for a database-checking API because there is no database! VSC interacts with the contact files firectly. Similarly with photos: In Leopard, Time machine needs to query iPhoto's metadata database to get information on photos. But in Vista, all Photo Gallery metadata is stored as normal NTFS metadata as part of the image file itself, so you can search it directly -- no proprietory database, no need for an API. Etc, etc.
In other words, Time machine only needs to use of APIs as a hack to get around the monolithic way that Mac applications store their data -- not a criticism, merely an observation -- thus solving a problem that, in Vista, is present to a much lesser extent.
Nice try, but we both know that UAC does not require a password if the user is a member of the Administrators local group (which is by default the first user account created on the machine when you install it). Or maybe you can tell us where one types the password in here?
If a user is a member of the Administrators Group (which the first user gets by default since Administrator is disabled by default in Vista), he/she/it only gets the "Cancel or Allow?" prompt by default. Here - read it for yourself. (and here's a second source just in case) For someone who mentioned strawmen, you are rather overostentatiously trying hard to persuade me of the truth of something that, well, I spent the second half of my post explaining...! (If you've forgotton, "When you're running as an admin, true, you don't need to type in an admin password; since you're already logged in as an admin, so you must have typed one it at the login prompt in the first place!... Vista prompts for user confirmation for admin tasks when you're logged in as admin; obviously not asking for a password since you're logged in as admin, but notifying you that you're performing an administrator task").
Nice strawman. If I want all-root, all-the-time, then I either have to log in directly as root (or in Windows, Administrator), or I have to use a command (such as "su root") and supply the password) to get to that state. This has bupkis to do with someone logged in as the actual root account (or again, "Administrator") - we're talking the normal default user here. That you call a member of the administrators group "the normal user" does not make it the equivalent of a Linux normal user. A "standard user" in Vista and a normal user in, say, Ubuntu are exact equivalents> -- you need to type in a password to perform administrator tasks. As you say, the root account and the core 'Administrator' account (note the uppercase A -- not just a member of the administrator group) are also equivalents. However, Windows also has an explicit third level between them, a member of the administrators group. It is this that you are detrimentally comparing the security of to Linux; but again, it is explicitely designed to be lower security than a standard user. (Obviously, it is possible to configure such an account in Linux if you like, but it is not an explicit account type a user is presented with as a choice).
The fact that Windows requires at least one user on the computer to be a member of the administrators group is merely an artifact of the fact that, when a standard user elevates, they must type in the password of a member of the administrators group -- if there is no such member, there is no way to elevate! Sudo gets round this by having the user enter their current password; but that prevents it from being actually used to prevent people from changing systemwide settings whilst still allowing a system administrator to enter their password occasionally to make a one-off systemwide change from a user's account.
If all Time Machine did was back up batches of files, you might have a point. However, Time Machine is also a backup retrieval system. And not one that's just limited to files-- you can retrieve individual photos, address book records, etc., from your backup. And you can search back through time to the last time your query changed.
So Shadow Volume Copy addresses about 1/2 of what Time Machine does, but does it without requiring a separate volume. Perhaps I've misread, but you don't seem to have any idea what Volume Shadow Copy actually is. You're making statements like "[With Time machine] you can retrieve individual photos, address book records, etc., from your backup" as if VSC were some sort of whole-PC backup drive imager. Whilst Vista does have such a backup tool, it's not the same thing at all as VSC.
Basically, Volume Shadow Copy is a filesystem-level file versioning system. As such, it has many uses, including backups (useful for getting around file locks), System Restore, and allowing any file to be retrieved as it existed at the time any of the snapshots was made (which, I believe, Time Machine can also do). Note that, unlike Time Machine, it is not in itself protection against hard disc failure, since the previous versions are an integral part of the file metadata, rather than being a copy of the file stored on a seperate hard drive. Obviously, though, it can be used by backup programs to create external drive backups.
(By the way, from your use of "So VSC addresses about 1/2 of what Time Machine does...", you'd think that VSC had been invented in response to Time Machine, rather than preceeding it by a good five years...)
I'd say one of the things I actually LIKE about Vista is that they've finally fixed the crap that made Limited User Accounts in XP completely unusable, and made the admin account so obnoxious i thought it would virtually guarantee Standard account usage... Unless I've misread your post, you're implying that, running as a standard user, you get less UAC prompts than running as an admin. But surely you get exactly the same number, in the same situations -- i.e. every time you perform an administrator task -- the only difference being that the one you get as a standard user requires you to enter a password, rather than merely confirm?
Yes, because sudo is only used rarely every once in a while (when you do some system-wide installation or configuration) whereas UAC opens up in Windows at the slightest event ("You're going to sneeze. Cancel or Allow ?") Presumably you're quoting off the 'Get a Mac' ads and haven't actually used Vista yourself, but just in case you have, could you give an example of Vista producing a UAC prompt when you're *not* doing system-wide installing, configuring, writing to folders you don't have the permissions to write to, etc. -- i.e. in cases where Ubuntu wouldn't prompt you?
(Apologies for dropping the formatting in the first post).
Slashdot Mirror
How far do you take it? XP can run on an 8-MHz Pentium with 20MB RAM (for sufficiently low values of "run"). Can my pretty triangle (proven Turing-equivalent to a Core 2 Duo!) be said to run Vista?
Why their autoupdater requires admin access is a mystery, but probably just crap coding -- I find most programs autoupdaters work just fine without elevating (though obviously you need to elevate if you want to install an update for a program that's not installed in your userspace).
Windows is a 32-bit shell for a 16-bit extension to an 8-bit operating system designed for a 4-bit microprocessor by a 2-bit company that can't stand one bit of competition. You're rather out of date.
The quote was (presumably) originally a description of Windows 1.0 - 3.1, but even then was never really true. DOS has always been 16-bit: even the original PC-DOS 1.0 (before it was even renamed to MS-DOS) needed at least an 8088, which was a 16-bit CPU (albeit with an 8-bit external data bus and support for 8-bit code). With respect to Windows 9x, the quote's even more dubious: whilst Windows did use DOS as a bootloader, it certainly wasn't just a shell on top of DOS (Wikipedia on Windows 9x).
But if it's very dubious for Windows 9x, it's just plain wrong for the Windows NT line, which was written from the ground up with a hardware abstraction layer for the x86, Alpha, and MIPS architectures; a list which by 2001 had morphed into x86 and x86-64. (Wikipedia on Windows NT's architecture). Consumer versions of Windows have been based on the NT kernel since Windows XP in 2001.
...about 90% belong to clueless users who won't bother to use the automatic update service. Ummm.... "who won't bother to use the ***automatic*** update service"? The whole point of an automatic update service that's on by default (which it has been since SP2) is that clueless users don't have to "bother" to do anything, since it's done for them, automatically. Hence the "automatic" part of "automatic update service"...Ummm, no. Read the GP again: "...leverages the Trusted Platform Module (TPM) when present". That means it still works without the TPM, but presumably has to use other and non-hardware sources of entropy (e.g hashes of time(NULL), thread ID, tick count, CPU performance counters, etc.).
Your assertion that using hardware to reduce the determinism and thus reduce the predictability of a PNRG must be some sort of strategy to lock hardware and software together betrays an ignorance of the problems that computer PNRGs are facing and have always faced. Read some of the other posts.
I understand the idea of monopolies... You clearly don't, because the entire point is that a coercive monopoly is detrimental to the functioning of a free market.
Now, I could go and read through Microsoft's webpage about DFS, and speend a few minutes paraphrasing it into a post for your edification; or maybe you could, I don't know, go do it yourself...?
Interestingly, however, if you pick a particular circle, the ratio actually has a 100% probability of being irrational, rather than rational. Informally, this is because the irrationals are so much 'denser' than the rationals (using the colloquial rather than the topological meaning of dense). A proper proof follows from the fact that the rationals have Lebesgue measure 0; i.e. they can all be enclosed in a set of intervals on the real line, the sum of the lengths of which can be made as small as you like.
In scientific notation, you count the significant digits. All of the numbers have one (1) significant digit Not quite. "10 cubits" and "30 cubits" might be to either one or two significant figures; since it doesn't specify, there no way of telling which. If they had they been given in scientific notation, as either, e.g., "3*10^1" or "3.0*10^1", then you're right, that would have been one and two s.f. respectively; but "30 cubits" is ambiguous.
Check to see if a solution is available on the Microsoft website with options for "Check for solutions online" or "Run program". (IIRC, MS regularly releases pack of compatibility shims for different programs based on the number of "Do you want to send this information to Microsoft" crash reports).
TFA's response to this? To not allow the compatibility shimmer to check MS's website, but rather run the program anyway, with the comment "If you [Microsoft] know something is wrong, fix it." This despite the fact that, to any sentient observer, the dialogue box is attempting to get him to let Microsoft do... Ummm, just that. Presumably the author of TFA would prefer Microsoft to break into his house and install newly developed compatibility shims without his knowledge, rather than have to tolerate the chutzpah of -- *gasp!* -- asking him...
... it turns out Vista patched less than half the vulnerabilities than Windows XP did in its first yearVista: One,
Linux kernel 2.6: Twelve,
Mac OS X: Seven.
Not, of course, that unpatched Secunia advisories represents any kind of linear relationship with general OS security; but it does rather demonstrate that your preferred method of OS security cognitive dissonance doesn't exactly stand up.
> Not exactly something that the average person knows how to do.
....Umm, true; no, it isn't. Luckily, they don't have to, because Microsoft does know how to do it.
And, in fact, have done it.
In Vista.
Hence the statement "Vista has built-in file and registry virtualisation".
If the user would have to do it themselves, that statement would instead be "Vista does not have built-in file and registry virtualisation; so the user has to do it themselves, if they want it".
But it isn't.
And, well, they don't.
That's not to say that all UAC prompts are for elevation to administrator. Internet Explorer runs with very low privileges, lower than a standard user; if you're doing something (e.g. an IE add-on wants to write to anywhere other than temporary internet files) that needs normal privileges, you need to elevate from low to normal (example prompt), but this is the same whether you're running as standard user or admin.
In other words, there's no such thing as a UAC dialogue warning of a "potentially harmful" task that doesn't elevate, on any kind of user account. A potentially harmful task is one that requires privilege elevation of some sort, and the UAC dialogue is asking whether you want to elevate.
...Absence of proof != Proof of absence.
The GP was presumably referring to the disproven "luminiferous aether" hypothesis of how light travels through space. Google it.
Hint: in Slashdot, you can press the 'parent' button at the bottom of a post to get the comment to which the poster was replying.
Apologies; you're right, I'd misunderstood what you were saying.
However, the advantage of Time Machine over VSC that you describe is an illusory one. Yes, Time machine can use APIs to pull individual records from large databases in the built in applications (individual contacts from the address book database, individual photos from the iphoto metadata database, etc.). and no, VSC has no such equivalent. But no such equivalent is needed, because of the different way that applications store data in Vista as opposed to Leopard.
Let me elaborate. In a Mac, as you say, Time Machine can use APIs to pull an individual contact from the address book database. But in Vista, individual contacts are files in of themselves; there is no need for a database-checking API because there is no database! VSC interacts with the contact files firectly. Similarly with photos: In Leopard, Time machine needs to query iPhoto's metadata database to get information on photos. But in Vista, all Photo Gallery metadata is stored as normal NTFS metadata as part of the image file itself, so you can search it directly -- no proprietory database, no need for an API. Etc, etc.
In other words, Time machine only needs to use of APIs as a hack to get around the monolithic way that Mac applications store their data -- not a criticism, merely an observation -- thus solving a problem that, in Vista, is present to a much lesser extent.
If a user is a member of the Administrators Group (which the first user gets by default since Administrator is disabled by default in Vista), he/she/it only gets the "Cancel or Allow?" prompt by default. Here - read it for yourself. (and here's a second source just in case) For someone who mentioned strawmen, you are rather overostentatiously trying hard to persuade me of the truth of something that, well, I spent the second half of my post explaining...! (If you've forgotton, "When you're running as an admin, true, you don't need to type in an admin password; since you're already logged in as an admin, so you must have typed one it at the login prompt in the first place!
Nice strawman. If I want all-root, all-the-time, then I either have to log in directly as root (or in Windows, Administrator), or I have to use a command (such as "su root") and supply the password) to get to that state. This has bupkis to do with someone logged in as the actual root account (or again, "Administrator") - we're talking the normal default user here. That you call a member of the administrators group "the normal user" does not make it the equivalent of a Linux normal user. A "standard user" in Vista and a normal user in, say, Ubuntu are exact equivalents> -- you need to type in a password to perform administrator tasks. As you say, the root account and the core 'Administrator' account (note the uppercase A -- not just a member of the administrator group) are also equivalents. However, Windows also has an explicit third level between them, a member of the administrators group. It is this that you are detrimentally comparing the security of to Linux; but again, it is explicitely designed to be lower security than a standard user. (Obviously, it is possible to configure such an account in Linux if you like, but it is not an explicit account type a user is presented with as a choice).
The fact that Windows requires at least one user on the computer to be a member of the administrators group is merely an artifact of the fact that, when a standard user elevates, they must type in the password of a member of the administrators group -- if there is no such member, there is no way to elevate! Sudo gets round this by having the user enter their current password; but that prevents it from being actually used to prevent people from changing systemwide settings whilst still allowing a system administrator to enter their password occasionally to make a one-off systemwide change from a user's account.
So Shadow Volume Copy addresses about 1/2 of what Time Machine does, but does it without requiring a separate volume. Perhaps I've misread, but you don't seem to have any idea what Volume Shadow Copy actually is. You're making statements like "[With Time machine] you can retrieve individual photos, address book records, etc., from your backup" as if VSC were some sort of whole-PC backup drive imager. Whilst Vista does have such a backup tool, it's not the same thing at all as VSC.
Basically, Volume Shadow Copy is a filesystem-level file versioning system. As such, it has many uses, including backups (useful for getting around file locks), System Restore, and allowing any file to be retrieved as it existed at the time any of the snapshots was made (which, I believe, Time Machine can also do). Note that, unlike Time Machine, it is not in itself protection against hard disc failure, since the previous versions are an integral part of the file metadata, rather than being a copy of the file stored on a seperate hard drive. Obviously, though, it can be used by backup programs to create external drive backups.
(By the way, from your use of "So VSC addresses about 1/2 of what Time Machine does...", you'd think that VSC had been invented in response to Time Machine, rather than preceeding it by a good five years...)
(Apologies for dropping the formatting in the first post).