What expectations? Any expectations that I've had have come, gone, come back, gone again, and been lost forever. Here's every review headline you'll ever see:
Just FYI, you can turn it on very easily. From the Windows help file:
------------
Show the menus in Internet Explorer
The menus that were displayed in earlier versions of Internet Explorer are turned off in Internet Explorer 7, but you can turn them back on.
To display the menus temporarily Press ALT.
To display the menus permanently Click the Tools button, click Toolbars, and then select Menu Bar. To turn the menus off, repeat the steps above to clear the check mark.
Not to get too serious here, but this is a perfect example of a situation where MS can't win. Invite the folks up? "It's a trap! They'll steal your code, kill you, etc." Don't invite them up? "When is MS going to treat OSS developers like any one else, Firefox has many users, they should get the same respect as any other org."
Ah slashdot... can't live with it, pass the beer nuts.
It is critical to the system in the following ways.
* Windows Help is no longer a proprietary format... it actually is HTML that is rendered nicely using the IE COM component * Outlook Express using the IE COM component to render email messages * About a billion applications use the IE COM component, each of whom have not (and should not) write their own HTML renderer because, as the number of vulns in IE & FF have shown, it's really hard to write a secure web browser and updating it is a hard problem (TM)... imagine you had to update your installation of Siebel Client components or Oracle Server Manager or on and on and on, every time someone discovered a new attack (such as negative integer overflow) -- remember Windows is primarily a platform on which other applications run... they need functionality there to do their jobs, and removing that functionality breaks stuff.
IE is (and always has been) user mode. It does not run in kernel mode (or system level). It runs with the permissions of the user. As to "If you removed it", yep you could remove the library exactly as the parent to your post described, and it would break a ton of applications, but the core of Windows would just keep chugging along. I don't think that's what people want.
CreateRemoteThread has a bunch of uses (http://msdn.microsoft.com/library/default.asp?url =/library/en-us/dllproc/base/createremotethread.as p), but the problem you describe is pretty fundamental. That is to say, if a malicious application can run arbitrary code on your system, you've got a lot bigger problems than just whether or not they're injecting threads into your system processes.
Can you explain more what you want to know about creating raw sockets?
1) You have IE6 installed, and upgrade - your autosearch provider is automatically populated. This is the ONLY thing that is populated. It was VERY LIKELY set by your toolbar provider or your OEM. 2) The only time it default to MSN is when you don't have it set... and, BY THE WAY, on a fresh install it's already set to MSN if you don't have it set. IE7 doesn't do any updating of this. 3) On Windows Vista, it's completely configurable and, again, your OEM or toolbar provider will already have set it.
The only people this will affect are those that do full off the shelf installs of Vista and who choose to do fresh installs without migrating their old their own data. All IE7 is doing is IF you don't have your autosearch setting set, instead of sending you to about:blank, it sends you to MSN (which, again, it does already).
You do understand that it actually comes preloaded with what you already had set as your autosearch provider, right?
The only time it's populated with MSN is if you had no autosearch setting. This would almost never be the case unless you did a clean install and did not migrate any of your settings forward. The majority of people have their autosearch setting installed by the OEM or toolbar provider.
Our prototypical target is a large company or university, meaning an organization with around 10^5 machines, storing around 10^10 files, containing around 10^16 bytes of data. We assume that the machines are interconnected by a high-bandwidth, low-latency, switched network. Also, at least for our initial version, we are assuming no significant geographical differences among machines.
Um, I'm an admin, and there's nothing that annoys me more than having to parse out ps -aux to find the process name, percent cpu, etc. with this, it's an object, so i can just query it for the property. Works ridiculously well. Trust me, not having to parse reduces errors hugely.
According to this comment about this story, Microsoft is denying any investment in this. Shouldn't the editors add that to the comment section of the story summary?
On Tuesday, Microsoft refuted earlier reports that it plans to introduce single-play DVDs aimed at curbing music piracy. A Microsoft representative told me there is no single play DVD initiative at the company, denying a report that first appeared in "The Business."
"It appears there is considerable confusion coming from [the] article in The Business about features within Windows Media DRM that allow for single-play of promotional digital materials," a Microsoft spokesperson told me. "This has been an option for content owners to use for some time with the Windows Media format--but not for the MPEG2 format found on DVDs. Windows Media DRM technology allows for a wide range of business models and scenarios, but it's important to realize that this is at the discretion of the content owner to implement and that the market will dictate whether or not these features are compelling enough for consumers to make a purchase."
Isn't this a poor man's very late copy of Dr. Watson which has been around for a number of years and is also free... in addition to providing nice core dumps of the applications which crashed, whether they are MS or not.
If they could justifiably say that if you have auto drive in the auto drive lane you will get to your location faster than if you drive yourself, people would fall all over themselves to adopt it. Implementation of this promise is left as an exercise to the reader.
Ok, this is massive FUD. SenderID & DKIM's single jobs are that IF a domain has that as part of it's DNS _AND_ it doesn't match the mail, then that mail is automatically dumped.
Example 1: Paypal.com has a Sender ID Badguy.com sends something and it claims to be from Paypal.com Hotmail drops the mail
Example 2: Fidelity.com does not have a Sender ID Badguy.com sends something it claims to be from Fidelity.com Hotmail DOES NOT drop the mail
That's it! There's no random dropping or risk to mail. If someone is claiming to be someone they are not, drop them! Simple!
It should be no surprise that we do not plan on releasing IE7 for Windows 2000. One reason is where we are in the Windows 2000 lifecycle. Another is that some of the security work in IE7 relies on operating system functionality in XPSP2 that is non-trivial to port back to Windows 2000.
Will the hurt (more Firefox on older machines) or help (IE7 only available on more secure platforms)?
Very interesting stuff about the birth of an OS. But I found this little comment pretty interesting...
From: richard@aiai.ed.ac.uk (Richard Tobin) Subject: Re: LINUX is obsolete Date: 7 Feb 92 14:58:22 GMT Organization: AIAI, University of Edinburgh, Scotland
In article ast@cs.vu.nl (Andy Tanenbaum) writes: >If you just want to USE the system, instead of hacking on its >internals, you don't need source code.
Unfortunately hacking on the internals is just what many of us want the system for... You'll be rid of most of us when BSD-detox or GNU comes out, which should happen in the next few months (yeah, right).
-- Richard
Does this mean GNU-HURD is officially 12 years late?
I would disagree that this is by design. This is actually by implementation, not design. You CAN log in as non-admin, and nothing you describe would be a vulnerability. To the best of my knowledge, this is exactly what they did with SP2.
Just as a general hint, this line makes you sound absurd:
Another problem with this multiple layering scheme is how it just adds another memory hog. I don't know the numbers, but I'm sure the firewall in Linux is a lot smaller because it's built internally into the system, and not another app running in the background.
Without any numbers, how can you make that statement?
Slashdot Mirror
Please read TFA.
It's not the labor costs, it's the supply chain inefficiencies.
not only that, carbon sequestration is a good thing (tm)
What expectations? Any expectations that I've had have come, gone, come back, gone again, and been lost forever. Here's every review headline you'll ever see:
"We waited all these years, for this?"
I wish there was a way to post this as a player instead of a link: http://www.entertonement.com/188534/The_Simpsons/H a_Ha/Tone.aspx
Just FYI, you can turn it on very easily. From the Windows help file:
------------
Show the menus in Internet Explorer
The menus that were displayed in earlier versions of Internet Explorer are turned off in Internet Explorer 7, but you can turn them back on.
To display the menus temporarily
Press ALT.
To display the menus permanently
Click the Tools button, click Toolbars, and then select Menu Bar.
To turn the menus off, repeat the steps above to clear the check mark.
Not to get too serious here, but this is a perfect example of a situation where MS can't win. Invite the folks up? "It's a trap! They'll steal your code, kill you, etc." Don't invite them up? "When is MS going to treat OSS developers like any one else, Firefox has many users, they should get the same respect as any other org."
Ah slashdot... can't live with it, pass the beer nuts.
FYI, here's the list archive:
2 006-August/003408.html
http://lists.immunitysec.com/pipermail/dailydave/
The posting from Paul Thurott was not last week. It was a year ago. This article is a dupe.. http://it.slashdot.org/article.pl?sid=05/08/02/185 3256
o gress-sneak-preview-of-mix06-release/) and Malarkey http://www.stuffandnonsense.co.uk/archives/mix06_v iva_las_vegas.html backing it, maybe that piece is a bit out of date?
I'd bet that Paul has a better understanding of IE7 now. Not that IE7 is at 100% CSS 2.1, but with CSS folks such as Molly Holzschlag (http://www.molly.com/2006/03/01/microsoft-ie7-pr
It is critical to the system in the following ways.
l =/library/en-us/dllproc/base/createremotethread.as p), but the problem you describe is pretty fundamental. That is to say, if a malicious application can run arbitrary code on your system, you've got a lot bigger problems than just whether or not they're injecting threads into your system processes.
* Windows Help is no longer a proprietary format... it actually is HTML that is rendered nicely using the IE COM component
* Outlook Express using the IE COM component to render email messages
* About a billion applications use the IE COM component, each of whom have not (and should not) write their own HTML renderer because, as the number of vulns in IE & FF have shown, it's really hard to write a secure web browser and updating it is a hard problem (TM)... imagine you had to update your installation of Siebel Client components or Oracle Server Manager or on and on and on, every time someone discovered a new attack (such as negative integer overflow) -- remember Windows is primarily a platform on which other applications run... they need functionality there to do their jobs, and removing that functionality breaks stuff.
IE is (and always has been) user mode. It does not run in kernel mode (or system level). It runs with the permissions of the user. As to "If you removed it", yep you could remove the library exactly as the parent to your post described, and it would break a ton of applications, but the core of Windows would just keep chugging along. I don't think that's what people want.
CreateRemoteThread has a bunch of uses (http://msdn.microsoft.com/library/default.asp?ur
Can you explain more what you want to know about creating raw sockets?
Can you please identify some of those well known ActiveX issues that MS has refused to fix? Secunia, eEye etc. don't seem to list any.
According to the IE blog, here's what happens:
1) You have IE6 installed, and upgrade - your autosearch provider is automatically populated. This is the ONLY thing that is populated. It was VERY LIKELY set by your toolbar provider or your OEM.
2) The only time it default to MSN is when you don't have it set... and, BY THE WAY, on a fresh install it's already set to MSN if you don't have it set. IE7 doesn't do any updating of this.
3) On Windows Vista, it's completely configurable and, again, your OEM or toolbar provider will already have set it.
The only people this will affect are those that do full off the shelf installs of Vista and who choose to do fresh installs without migrating their old their own data. All IE7 is doing is IF you don't have your autosearch setting set, instead of sending you to about:blank, it sends you to MSN (which, again, it does already).
You do understand that it actually comes preloaded with what you already had set as your autosearch provider, right?
The only time it's populated with MSN is if you had no autosearch setting. This would almost never be the case unless you did a clean install and did not migrate any of your settings forward. The majority of people have their autosearch setting installed by the OEM or toolbar provider.
http://research.microsoft.com/sn/Farsite/
Pretty cool stuff, check this out:
Lots more questions answered on the FAQ: http://research.microsoft.com/sn/Farsite/faq.aspx
Um, I'm an admin, and there's nothing that annoys me more than having to parse out ps -aux to find the process name, percent cpu, etc. with this, it's an object, so i can just query it for the property. Works ridiculously well. Trust me, not having to parse reduces errors hugely.
the permissions model is Windows is extremely rich. You can definitely do what you're interested in (namely set of users who are read only).
I've always been curious... any recommendations on how to browse that many pictures in a reasonable way?
Isn't this a poor man's very late copy of Dr. Watson which has been around for a number of years and is also free ... in addition to providing nice core dumps of the applications which crashed, whether they are MS or not.
MS seems to be first by quite a ways on this one.
If they could justifiably say that if you have auto drive in the auto drive lane you will get to your location faster than if you drive yourself, people would fall all over themselves to adopt it. Implementation of this promise is left as an exercise to the reader.
Ok, this is massive FUD. SenderID & DKIM's single jobs are that IF a domain has that as part of it's DNS _AND_ it doesn't match the mail, then that mail is automatically dumped.
Example 1:
Paypal.com has a Sender ID
Badguy.com sends something and it claims to be from Paypal.com
Hotmail drops the mail
Example 2:
Fidelity.com does not have a Sender ID
Badguy.com sends something it claims to be from Fidelity.com
Hotmail DOES NOT drop the mail
That's it! There's no random dropping or risk to mail. If someone is claiming to be someone they are not, drop them! Simple!
Will the hurt (more Firefox on older machines) or help (IE7 only available on more secure platforms)?
Does this mean GNU-HURD is officially 12 years late?
I would disagree that this is by design. This is actually by implementation, not design. You CAN log in as non-admin, and nothing you describe would be a vulnerability. To the best of my knowledge, this is exactly what they did with SP2.
Just as a general hint, this line makes you sound absurd:
Another problem with this multiple layering scheme is how it just adds another memory hog. I don't know the numbers, but I'm sure the firewall in Linux is a lot smaller because it's built internally into the system, and not another app running in the background.
Without any numbers, how can you make that statement?
What happened to the open source axiom "with many eyes, all bugs are shallow"? Shouldn't it render a program like this unnecessary?