While Foxit has been much less targeted than Acrobat, it has had security vulnerabilities in the past, and it does support at least some JavaScript (which seems to be a commonly vulnerable part of the viewer). I don't have the Foxit plugin disabled, but I do have it set to prompt me before loading, which is almost as good - among other things, if I deny the plugin permission to load, it goes to my download manager instead for offline viewing.
It does. However, since some plug-ins do so extremely often (FlashPlayer being one of them) Adobe automatically adds an exception in the registry for "Don't prompt when this program tries to break out of the sandbox." This *might* be justifiable if Adobe's security record wasn't so terrible, but as it is, it's a decent reason to browse with the Flash ActiveX control disabled on sites where you don't need it (technically IE only allows you to disable it on a per-process basis, but since IE8 runs each tab in its own process, this works out fine - Pandora aside I almost never visit anything that needs Flash, so the Pandora tab gets Flash and the rest present me with a message complaining they can't find it).
Pushing plug-in writers to fix their code, in much the same way that UAC pushed software vendors to make their software run happily as a standard user, is a good idea. Unfortunately, since currently FlashPlayer would probably try to break out of the sandbox on every page that it was loaded on, the user would face a deluge of prompts. Until Adobe (and Sun, apparently) can fix their shit so it only requests external access when actually needed, the exemptions are somewhat necessary.
Note that you can remove them, if you wish. On Win7 x64 with IE8, the registry keys are HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ and HKLM\SOFTWARE\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\. Note that a large number of these will be pre-configured, even if you don't have the relevant software installed. In particular, anything Acrobat-related seems to have level 3 access (silently elevate) - I don't *have* Acrobat installed, but I figure that knocking those entries down a little was a good idea anyhow. This page describes the keys you will find here: http://msdn.microsoft.com/en-us/library/bb250462(VS.85).aspx#wpm_elebp
Re:SONY and Apple - holding our hardware hostage
on
PS3 Hacked?
·
· Score: 1
Back before Linux support was removed from new PS3s, I might have agreed with you (despite the limitations of the hypervisor-based system). Now though... not so much. No homebrew, and not much else that comes to mind in console "openness". Their codec support isn't anything amazing, and their hardware isn't particularly tinker-friendly.
You can get the ability to develop apps (including games that use hardware-accelerated 3D) on the Xbox 360 for free (I think it's $100/year if you want to distribute the app, but the development software is free). There are some limitations compared to the full dev kit, in particular it's managed code only so you can't really take advantage of the specific hardware features, but on the other hand it's easy to code.
Re:No Cedega for you!
on
PS3 Hacked?
·
· Score: 2, Informative
Wine is actually working on getting support for other architectures (ARM is the one I noteced), presumably either to add support for WinMo apps on Android or similar (WinCE API is a bit different from Win32, but not extremely) or to support compiling a Win32 app for Linux on ARM.
That said, the gist of your post is completely correct. For now, at least, Wine would be completely useless on the Cell or any other PPC-based processor.
Adding to that, what I've heard is that the pay is nothing great - possibly actually below industry average (unusual for a high-profile company). Good pay doesn't make the working experience better, but it makes up for some of a bad experience.
As you say, it's a company for people who really *like* the company, for its products or image or whatever.
It's possible what they're pointing out is that MS employees like what they do, and the products that they work on. That somebody would throw a private party in celebration of a corporate (rather than employee) milestone indicates that they really like their corporation.
Alternatively, it might be pointing out the parties that MS organizes/sponsors. There's a pretty good morale budget at MS, and the better managers will organize events that don't even use much of it so as to stretch it longer. As an intern there, we (my team) had bi-weekly "beerfests" in the afternoon, team lunches on a regular basis, frequently hung around to socialize after hours (not that there are official hours; "after hours" could be as early as 3:30 PM), and of course parties. Win7 launch was an excuse for lots of parties, of course, but it wasn't the only time they happened either - not by a long shot.
In any case, as an intern, it was a pretty sweet job. Of course, they give us lots of special perks - it's basically trial employment, and if they make us an offer they want to be sure we take it - but the stuff I did with my team (where I was the only intern) was also a lot of fun.
The difference being that where a MMO might run $0.50 / day, the last time I was in an arcade you could get maybe 5 minutes of gaming for that much. MMOs are actually much closer in scale than arcade games; you have to keep paying, but the game has so much content (which in the better ones is constantly increasing) and the online interaction is so appealing, you keep playing too. The only difference is that an MMO has an absolute max of about 48 hours/dollar. I'm sure I've spent far, far more time than that on StarCraft, for example.
This is very true. I'm not an FPS gamer for the most part (which is where much of this sort of thing happens) but I've played RTS games since the original WarCraft. One advantage RTS almost always has is replayability, which is vastly expanded when you add online play, but RTS engines are also becoming powerful enough to create completely different types of games. Consider, for example, DotA (Defense of the Ancients), a map for WarCraft 3 (and descended from a map for StarCraft) that I've probably spent as much time playing as I have the RTS itself - which was already worth many times what I paid for it (many hundreds, possibly thousands, of hours).
Heck, Heroes of Newerth (a DotA clone as a standalone game) I've already played nearly 500 hours of... for $30. I don't care how good an action/adventure/RPG is; I've never seen a game that I'd play 500 hours of in 6 months unless it was online. MMO games can easily reach that level (they are arguably the pinnacle of Internet gaming, and if done right of long-term playability) but they also cost much, much more - playing for a year will cost over $100 for most MMO games.
Who does this myth keep popping up? Have people honestly never tried turning a car with the engine off?
The difficulty of turning depends on how fast the car is moving. Stopped, and without power steering, sure it's a bitch. On the other hand, you're stopped, so who cares? Rolling even a little makes turning (with no power assists at all) much easier. By the time you hat 15 MPH or so, it honestly is just as easy as with the power steering still active. At freeway or police-chase speeds, you're completely fine.
The brakes will get stiffer, yes. This doesn't happen instantly (at least, not in my experience), so the first time you step on the brake it'll still respond pretty well. As the residual pressure fades it will get harder, but seriously, drivers got by for a long time without braking assist; you just have to press harder. The force you would apply anyhow in a "slam on the brakes" situation would be more than sufficient anyhow.
Yeah, anti-lock brakes and airbags will probably stop working. Does this mean I've been driving an "uncontrollable hunk of metal" for the last 5 years? Hell no! Sure you lose some safety features (assuming your car ever had them installed to begin with; mine didn't) but all you need to bring the car to a safe stop is brakes and a steering wheel. Both of those still use mechanical linkages that operate just fine on muscle power.
I think you're vastly understating the NT kernel developer count. While I don't know exact numbers, I'm pretty sure there are over a hundred MS employees who work exclusively on the kernel. Throw in things like all the driver developers (most of whom don't work for MS, although perhaps another couple hundred do), and you've got a much, much larger set of developers. Of course, some of those people are going to be PMs and some are going to be SDETs (people who write testing code but not anything that actually winds up in the kernel binaries) which I'm not sure the Linux count includes or not (if it helps, these people do have commit access to the repositories, they just don't typically make changes to the core code - they write tests, run them, file bugs for the actual devs to fix, and check in their test code so that the fixes can be tested again).
Also, seriously... childishness isn't going to win you any support. You don't have to like the product, but intentionally misspelling its name just makes you look immature.
The recording itself is labor, though, as is the songwriting and arranging and all that other stuff that goes into it.
The lablels pay artists (and studios) up front for their recordings, and consider it an investment - if the recording sells well, the label makes money on the investment, and can sign more artists / take on more ambitious recordings. If the label doesn't make back their investment, then they've lost money and are going to have to be more conservative in the future - going for "sure hit" pop music, for example - or have to cut back in other areas.
Now, while there are probably lots of places that they could stand to cut back (Legal, for example), it's probable that the quality of music will be impacted in some way - either there will be fewer new recordings, or they'll be poorer quality, or they'll be less original, or... you get the idea.
Mind you, if you want to claim that the traditional labels are obsolete, well, that's entirely possible. Independent labels have done fairly well recently, and a few artists have managed success on self-publishing. The vast majority of music is still contracted for by the big labels, though. They're also responsible for promotion and distribution, both of which increase costs. That's a lot of money up front, which can be hard for somebody going the independent route to come up with.
Mind you, I do not approve of the RIAA's suits for massive damages and such, but I also still buy music (through Amazon.com MP3, or other DRM-free sources). Those "favorite band[s]" of yours, who are putting on a concert soon in something approximating your region, probably wouldn't be there if it weren't for the big labels and their expectations of making return on investment from record sales. Until you can prevent a better option for functionally broke bands looking to get started, the labels (and the purchasing of records) are a necessary evil.
Spreading between machines is a feature of worms. You might mean appending itself to ("infecting") files on your system - that is what a computer virus does. They're pretty rare these days even on Windows, although there have actually been some for Linux (none at present that I'm aware of).
Opera and Chrome have both had security issues, although admittedly they weren't widely targeted. On the other hand, both use the Flash plugin and whatever PDF viewer you have installed, so things like the Acrobat Reader exploit (malicious PDF) that's going around will work just fine. In fact, since Opera doesn't include application-level sandboxing (the way IE and Chrome do on Vista/Win7) there's actually one less layer of security to breach.
Yep. Also, don't forget P2P programs - if your audio codec is vulnerable, somebody could put up a.m4a file on BitTorrent or whatever P2P system is used these days, and it could easily get spread around.
"Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution." Emphasis added. This isn't a "crash iTunes" bug, this is a "copy all your local files + browser history to attacker, then turn your computer into a spambot" bug.
Probably, since the browser has access to those anyhow. Easily; you can do that with a bit of Javascript. Nope. The Protected Mode (low-integrity process) sandbox prohibits the application IE from starting a different application. There is a way around it, of course, for things like when you download a.doc file and want to view it immediately rather than saving it. However, this presents the user with a warning prompt.
For IE on Windows Vista or Win7 to do anything to the system, the user would also need to authorize the action. In fact, two levels of authorization would be needed: one to break out of the Protected Mode sandbox (normally, IE can't write anywhere on the file system outside a special "low integrity" folder, from which you can't execute any code). Second, the user would need to authorize Administrative permissions for writing to system files/folders/registry keys.
The fact that IE8 has a vulnerability doesn't mean that vulnerability can be exploited against an OS with modern security features and a user with even the vaguest hint of good sense.
While there is a bug in IE8, including the Win7 implementation, none of the stuff I've seen regarding it says that IE8 on Win7 is vulnerable. They managed to exploit IE8 on XP by working around DEP, but made no mention of ASLR, which is a feature that makes DEP work-arounds vastly harder and is found on Vista and up. Additionally, they made no mention of Protected Mode, the process-level sandboxing that is used by IE on Vista and up (requires UAC to be enabled).
You have absolutely no evidence whatsoever that there isn't some vulnerable code in OS X that hasn't been around at least that long; the very nature of a 0-day bug is that the exploit comes out before the vulnerability is known.
Good to know I'm not the only one. I too expected Cavedog to be on the list, and I can remembe rthe day I realized Cavedog was really dying and I rushed to their website to archive every patch and download I could find. Ten years, five or six computers, and at least three burned CDs (I burned the archive to disc, but that disc started wearing out and had to be replaced, then replaced again) later. I still love playing TA and occasioanlly hit the Boneyards button just to convince myself it won't work.
I'd have loved to see Amen: The Awakening too; it sounds like an extremely promising game and, while I'm generally a fan of the genre, it would have been well worth trying out. Sadly, it was just another casualty of TA: Kingdoms.
Beyond that, WC3:The Frozen Throne was released in '03, and all their games since from StarCraft forward have received at least one patch in the last few years (the servers for the Battle.Net edition of WC2 are still running, incidentally). While patches don't directly bring in any income, they - combined with phenomena like DotA (WC3 map which was so popular it has inspired at least three stand-alone games) - have have maintained goodwill in the community, which helps bring future success. Granted, if SC2 fails, D3 fails, and WoW starts losing steam, Blizzard could easily go under, but the first two are both vanishingly unlikely, and while the third will happen eventually there's no particular evidence it will happen soon.
Kingdoms was my immediate thought too. Even today there are people who still play Total Annihilation, 13 years after its release and a decade after Kindoms' failure killed off Cavedog. TA was phenomenal, and had all sorts of excellent features that were well ahead of its time (it was also the first game to ever make me wish I had better hardware). It takes some stupendous sort of failure to drive a company into the ground after releasing a game like TA, but TA:K killed Cavedog in marely a year.
Um... wasn't MYST basically *the* game that convinced a lot of people to get CD-ROM drives? That was so popular it was ported to multiple platforms, often with substantial improvements along the way? That spawned a franchise of like 5 games? (I never made it past Riven, although you've made me want to go dig out the discs again...)
I was under the impression that this story was about *failed* games. On that train of thought, what about Total Annihilation: Kingdoms? The original TA was a fantastic game that was well ahead of its time (3D landscapes and models, realistic physics, support for at least 10 players in network play, and at elast one map that required upwards of 256 MB of RAM - in an RTS that came out in 1997!) and there are some who still consider it to be one of the best of the RTS genre. The developer, Cavedog Entertainment, seemed to have a good thing going - two expansions were released, the game got a dedicted online matchmaking system, patches containing bugfixes and even new units were released, and gamers loved it. Then came TA:K, a game that bore shockingly little resemblence to the original TA, and was widely disparaged as being poor quality. Within a couple years the updates to TA stopped coming, Cavedog went bankrupt, the matchmaking system and finally the website all went offline.
You seem to be confusing DEP with the Protected Mode sandbox that Nightspirit was actually referring to. On Vista (SP1 or higher) or Win7, using IE8 (which enables ASLR, an additional protection on top of DEP that makes exploits vastly harder), with Protected Mode (requires UAC, and runs th browser at sub-user permissions) enabled, I very much doubt the exploit works.
In fact, while the article makes no explicit references to ASLR (Address Space Layout Randomization, a defense against DEP work-arounds), it only mentions exploiting IE8 being exploitable on XP. XP doesn't support ASLR (even if a program, such as IE8, is compatible with it). This is one of the many ways in which Vista/Win7 are more secure than XP.
Additionally, and shame on the article authors for this, they suggest "sandboxing" the browser using the techniques of Chrome... which are in fact a direct copy of the behaviors of IE8 (low-integrity process a.k.a. "Protected Mode" which prevents access to system settings or user files). Note that it never mentions the words "Protected Mode" but suggests that Chrome's sandboxing should be adopted, which makes the author either a pro-Google or anti-MS fanboy, or simply an ignorant lout who didn't do the homework.
TL;DR? You and the article author both missed the point; IE8 has only been shown to be vulnerable when run without the sandboxing that Vista and Win7 include.
Ummm... as the very second line of the Overview section points out, SFU/SUA (on Win7 it's called Subsystem for UNIX Applicaitons, but it's essentially the same as SFU) includes "Over 350 Unix utilities such as vi, ksh, csh, ls, cat, awk, grep, kill, etc." It also includes a complete working GNU build toolchain, and much more. That's just the Microsoft download; additional tools (including "bash, OpenSSH, sudo, CVS, ClamAV, bzip2, gmake, curl, emacs, Apache, XView, Ruby, Tcl, Python") are available as downloadable binaries.
Note that while SUA is included with (higher editions of) Windows, it is just the POSIX compatibility layer; you have to get a (free) download from MS that includes all the utilities and libraries. Once you have those, you'll have a fully functional, if somewhat limited (not much software beyond standard utilities) UNIX-like system. The folks at http://suacommunity.com/ maintain a package manager and a repository of binaries for SFU/SUA, which provide a pretty good working environment.
I do occasionally compile programs or libraries from source (if the desired package isn't in the repository) and most of the time it works fairly well. The packages I use most commonly though - ssh, bash, svn, grep, etc.) were all either included in the SUA install or available as binary packages.
They may well use some code for ndiswrapper (much like they use code from wine to interface with Win32 apps, they could use code from ndiswrapper to interface with NT drivers). However, the back-ends would need to be different - ndiswrapper bridges the NT NDIS to the Linux kernel, and ReactOS doesn't use the Linux kernel.
Besides, ndiswrapper only implements a portion of the full NT driver interface (specificlaly, the portion used by network drivers). This is certainly helpful, but good luck installing (for example) a NT video card driver via ndiswrapper!
Yes, and the latest versions of it work quite well. The NT kernel's Network Driver Interface Specification is an ABI that several open-source kernels have added support for, usually as an optional module (ndiswrapper, Project Evil, etc.). Unfortunately, there's a lot of Windows drivers that tie into the kernel through a somewhat less abstracted ABI, and translating all the points of contact between Linux (or *BSD or whatever) drivers and NT drivers would be quite difficult. For example, the storage driver stack (device/physical volume/logical volume/filesystem, with room to hook things like filter drivers for anti-virus) involves a lot of NT drivers talking to one another, which would be difficult to handle if you wanted to insert a Windows anti-virus filter into a Linux driver stack).
Using NT drivers top to bottom, even though it requires implementing the full NT driver interface, is probably easier. It may also be more performant, since there wouldn't be a need for translation code (to do things like turn Linux kernel messages into NT I/O Request Packets and back again).
While Foxit has been much less targeted than Acrobat, it has had security vulnerabilities in the past, and it does support at least some JavaScript (which seems to be a commonly vulnerable part of the viewer). I don't have the Foxit plugin disabled, but I do have it set to prompt me before loading, which is almost as good - among other things, if I deny the plugin permission to load, it goes to my download manager instead for offline viewing.
It does. However, since some plug-ins do so extremely often (FlashPlayer being one of them) Adobe automatically adds an exception in the registry for "Don't prompt when this program tries to break out of the sandbox." This *might* be justifiable if Adobe's security record wasn't so terrible, but as it is, it's a decent reason to browse with the Flash ActiveX control disabled on sites where you don't need it (technically IE only allows you to disable it on a per-process basis, but since IE8 runs each tab in its own process, this works out fine - Pandora aside I almost never visit anything that needs Flash, so the Pandora tab gets Flash and the rest present me with a message complaining they can't find it).
Pushing plug-in writers to fix their code, in much the same way that UAC pushed software vendors to make their software run happily as a standard user, is a good idea. Unfortunately, since currently FlashPlayer would probably try to break out of the sandbox on every page that it was loaded on, the user would face a deluge of prompts. Until Adobe (and Sun, apparently) can fix their shit so it only requests external access when actually needed, the exemptions are somewhat necessary.
Note that you can remove them, if you wish. On Win7 x64 with IE8, the registry keys are
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ and HKLM\SOFTWARE\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\. Note that a large number of these will be pre-configured, even if you don't have the relevant software installed. In particular, anything Acrobat-related seems to have level 3 access (silently elevate) - I don't *have* Acrobat installed, but I figure that knocking those entries down a little was a good idea anyhow.
This page describes the keys you will find here: http://msdn.microsoft.com/en-us/library/bb250462(VS.85).aspx#wpm_elebp
Back before Linux support was removed from new PS3s, I might have agreed with you (despite the limitations of the hypervisor-based system). Now though... not so much. No homebrew, and not much else that comes to mind in console "openness". Their codec support isn't anything amazing, and their hardware isn't particularly tinker-friendly.
You can get the ability to develop apps (including games that use hardware-accelerated 3D) on the Xbox 360 for free (I think it's $100/year if you want to distribute the app, but the development software is free). There are some limitations compared to the full dev kit, in particular it's managed code only so you can't really take advantage of the specific hardware features, but on the other hand it's easy to code.
Wine is actually working on getting support for other architectures (ARM is the one I noteced), presumably either to add support for WinMo apps on Android or similar (WinCE API is a bit different from Win32, but not extremely) or to support compiling a Win32 app for Linux on ARM.
That said, the gist of your post is completely correct. For now, at least, Wine would be completely useless on the Cell or any other PPC-based processor.
Adding to that, what I've heard is that the pay is nothing great - possibly actually below industry average (unusual for a high-profile company). Good pay doesn't make the working experience better, but it makes up for some of a bad experience.
As you say, it's a company for people who really *like* the company, for its products or image or whatever.
It's possible what they're pointing out is that MS employees like what they do, and the products that they work on. That somebody would throw a private party in celebration of a corporate (rather than employee) milestone indicates that they really like their corporation.
Alternatively, it might be pointing out the parties that MS organizes/sponsors. There's a pretty good morale budget at MS, and the better managers will organize events that don't even use much of it so as to stretch it longer. As an intern there, we (my team) had bi-weekly "beerfests" in the afternoon, team lunches on a regular basis, frequently hung around to socialize after hours (not that there are official hours; "after hours" could be as early as 3:30 PM), and of course parties. Win7 launch was an excuse for lots of parties, of course, but it wasn't the only time they happened either - not by a long shot.
In any case, as an intern, it was a pretty sweet job. Of course, they give us lots of special perks - it's basically trial employment, and if they make us an offer they want to be sure we take it - but the stuff I did with my team (where I was the only intern) was also a lot of fun.
The difference being that where a MMO might run $0.50 / day, the last time I was in an arcade you could get maybe 5 minutes of gaming for that much. MMOs are actually much closer in scale than arcade games; you have to keep paying, but the game has so much content (which in the better ones is constantly increasing) and the online interaction is so appealing, you keep playing too. The only difference is that an MMO has an absolute max of about 48 hours/dollar. I'm sure I've spent far, far more time than that on StarCraft, for example.
This is very true. I'm not an FPS gamer for the most part (which is where much of this sort of thing happens) but I've played RTS games since the original WarCraft. One advantage RTS almost always has is replayability, which is vastly expanded when you add online play, but RTS engines are also becoming powerful enough to create completely different types of games. Consider, for example, DotA (Defense of the Ancients), a map for WarCraft 3 (and descended from a map for StarCraft) that I've probably spent as much time playing as I have the RTS itself - which was already worth many times what I paid for it (many hundreds, possibly thousands, of hours).
Heck, Heroes of Newerth (a DotA clone as a standalone game) I've already played nearly 500 hours of... for $30. I don't care how good an action/adventure/RPG is; I've never seen a game that I'd play 500 hours of in 6 months unless it was online. MMO games can easily reach that level (they are arguably the pinnacle of Internet gaming, and if done right of long-term playability) but they also cost much, much more - playing for a year will cost over $100 for most MMO games.
Who does this myth keep popping up? Have people honestly never tried turning a car with the engine off?
The difficulty of turning depends on how fast the car is moving. Stopped, and without power steering, sure it's a bitch. On the other hand, you're stopped, so who cares? Rolling even a little makes turning (with no power assists at all) much easier. By the time you hat 15 MPH or so, it honestly is just as easy as with the power steering still active. At freeway or police-chase speeds, you're completely fine.
The brakes will get stiffer, yes. This doesn't happen instantly (at least, not in my experience), so the first time you step on the brake it'll still respond pretty well. As the residual pressure fades it will get harder, but seriously, drivers got by for a long time without braking assist; you just have to press harder. The force you would apply anyhow in a "slam on the brakes" situation would be more than sufficient anyhow.
Yeah, anti-lock brakes and airbags will probably stop working. Does this mean I've been driving an "uncontrollable hunk of metal" for the last 5 years? Hell no! Sure you lose some safety features (assuming your car ever had them installed to begin with; mine didn't) but all you need to bring the car to a safe stop is brakes and a steering wheel. Both of those still use mechanical linkages that operate just fine on muscle power.
I think you're vastly understating the NT kernel developer count. While I don't know exact numbers, I'm pretty sure there are over a hundred MS employees who work exclusively on the kernel. Throw in things like all the driver developers (most of whom don't work for MS, although perhaps another couple hundred do), and you've got a much, much larger set of developers. Of course, some of those people are going to be PMs and some are going to be SDETs (people who write testing code but not anything that actually winds up in the kernel binaries) which I'm not sure the Linux count includes or not (if it helps, these people do have commit access to the repositories, they just don't typically make changes to the core code - they write tests, run them, file bugs for the actual devs to fix, and check in their test code so that the fixes can be tested again).
Also, seriously... childishness isn't going to win you any support. You don't have to like the product, but intentionally misspelling its name just makes you look immature.
The recording itself is labor, though, as is the songwriting and arranging and all that other stuff that goes into it.
The lablels pay artists (and studios) up front for their recordings, and consider it an investment - if the recording sells well, the label makes money on the investment, and can sign more artists / take on more ambitious recordings. If the label doesn't make back their investment, then they've lost money and are going to have to be more conservative in the future - going for "sure hit" pop music, for example - or have to cut back in other areas.
Now, while there are probably lots of places that they could stand to cut back (Legal, for example), it's probable that the quality of music will be impacted in some way - either there will be fewer new recordings, or they'll be poorer quality, or they'll be less original, or... you get the idea.
Mind you, if you want to claim that the traditional labels are obsolete, well, that's entirely possible. Independent labels have done fairly well recently, and a few artists have managed success on self-publishing. The vast majority of music is still contracted for by the big labels, though. They're also responsible for promotion and distribution, both of which increase costs. That's a lot of money up front, which can be hard for somebody going the independent route to come up with.
Mind you, I do not approve of the RIAA's suits for massive damages and such, but I also still buy music (through Amazon.com MP3, or other DRM-free sources). Those "favorite band[s]" of yours, who are putting on a concert soon in something approximating your region, probably wouldn't be there if it weren't for the big labels and their expectations of making return on investment from record sales. Until you can prevent a better option for functionally broke bands looking to get started, the labels (and the purchasing of records) are a necessary evil.
Spreading between machines is a feature of worms. You might mean appending itself to ("infecting") files on your system - that is what a computer virus does. They're pretty rare these days even on Windows, although there have actually been some for Linux (none at present that I'm aware of).
Opera and Chrome have both had security issues, although admittedly they weren't widely targeted. On the other hand, both use the Flash plugin and whatever PDF viewer you have installed, so things like the Acrobat Reader exploit (malicious PDF) that's going around will work just fine. In fact, since Opera doesn't include application-level sandboxing (the way IE and Chrome do on Vista/Win7) there's actually one less layer of security to breach.
Yep. Also, don't forget P2P programs - if your audio codec is vulnerable, somebody could put up a .m4a file on BitTorrent or whatever P2P system is used these days, and it could easily get spread around.
"Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution."
Emphasis added. This isn't a "crash iTunes" bug, this is a "copy all your local files + browser history to attacker, then turn your computer into a spambot" bug.
Probably, since the browser has access to those anyhow. .doc file and want to view it immediately rather than saving it. However, this presents the user with a warning prompt.
Easily; you can do that with a bit of Javascript.
Nope. The Protected Mode (low-integrity process) sandbox prohibits the application IE from starting a different application. There is a way around it, of course, for things like when you download a
For IE on Windows Vista or Win7 to do anything to the system, the user would also need to authorize the action. In fact, two levels of authorization would be needed: one to break out of the Protected Mode sandbox (normally, IE can't write anywhere on the file system outside a special "low integrity" folder, from which you can't execute any code). Second, the user would need to authorize Administrative permissions for writing to system files/folders/registry keys.
The fact that IE8 has a vulnerability doesn't mean that vulnerability can be exploited against an OS with modern security features and a user with even the vaguest hint of good sense.
While there is a bug in IE8, including the Win7 implementation, none of the stuff I've seen regarding it says that IE8 on Win7 is vulnerable. They managed to exploit IE8 on XP by working around DEP, but made no mention of ASLR, which is a feature that makes DEP work-arounds vastly harder and is found on Vista and up. Additionally, they made no mention of Protected Mode, the process-level sandboxing that is used by IE on Vista and up (requires UAC to be enabled).
You have absolutely no evidence whatsoever that there isn't some vulnerable code in OS X that hasn't been around at least that long; the very nature of a 0-day bug is that the exploit comes out before the vulnerability is known.
Good to know I'm not the only one. I too expected Cavedog to be on the list, and I can remembe rthe day I realized Cavedog was really dying and I rushed to their website to archive every patch and download I could find. Ten years, five or six computers, and at least three burned CDs (I burned the archive to disc, but that disc started wearing out and had to be replaced, then replaced again) later. I still love playing TA and occasioanlly hit the Boneyards button just to convince myself it won't work.
I'd have loved to see Amen: The Awakening too; it sounds like an extremely promising game and, while I'm generally a fan of the genre, it would have been well worth trying out. Sadly, it was just another casualty of TA: Kingdoms.
Beyond that, WC3:The Frozen Throne was released in '03, and all their games since from StarCraft forward have received at least one patch in the last few years (the servers for the Battle.Net edition of WC2 are still running, incidentally). While patches don't directly bring in any income, they - combined with phenomena like DotA (WC3 map which was so popular it has inspired at least three stand-alone games) - have have maintained goodwill in the community, which helps bring future success. Granted, if SC2 fails, D3 fails, and WoW starts losing steam, Blizzard could easily go under, but the first two are both vanishingly unlikely, and while the third will happen eventually there's no particular evidence it will happen soon.
Kingdoms was my immediate thought too. Even today there are people who still play Total Annihilation, 13 years after its release and a decade after Kindoms' failure killed off Cavedog. TA was phenomenal, and had all sorts of excellent features that were well ahead of its time (it was also the first game to ever make me wish I had better hardware). It takes some stupendous sort of failure to drive a company into the ground after releasing a game like TA, but TA:K killed Cavedog in marely a year.
Um... wasn't MYST basically *the* game that convinced a lot of people to get CD-ROM drives? That was so popular it was ported to multiple platforms, often with substantial improvements along the way? That spawned a franchise of like 5 games? (I never made it past Riven, although you've made me want to go dig out the discs again...)
I was under the impression that this story was about *failed* games. On that train of thought, what about Total Annihilation: Kingdoms? The original TA was a fantastic game that was well ahead of its time (3D landscapes and models, realistic physics, support for at least 10 players in network play, and at elast one map that required upwards of 256 MB of RAM - in an RTS that came out in 1997!) and there are some who still consider it to be one of the best of the RTS genre. The developer, Cavedog Entertainment, seemed to have a good thing going - two expansions were released, the game got a dedicted online matchmaking system, patches containing bugfixes and even new units were released, and gamers loved it. Then came TA:K, a game that bore shockingly little resemblence to the original TA, and was widely disparaged as being poor quality. Within a couple years the updates to TA stopped coming, Cavedog went bankrupt, the matchmaking system and finally the website all went offline.
You seem to be confusing DEP with the Protected Mode sandbox that Nightspirit was actually referring to. On Vista (SP1 or higher) or Win7, using IE8 (which enables ASLR, an additional protection on top of DEP that makes exploits vastly harder), with Protected Mode (requires UAC, and runs th browser at sub-user permissions) enabled, I very much doubt the exploit works.
In fact, while the article makes no explicit references to ASLR (Address Space Layout Randomization, a defense against DEP work-arounds), it only mentions exploiting IE8 being exploitable on XP. XP doesn't support ASLR (even if a program, such as IE8, is compatible with it). This is one of the many ways in which Vista/Win7 are more secure than XP.
Additionally, and shame on the article authors for this, they suggest "sandboxing" the browser using the techniques of Chrome... which are in fact a direct copy of the behaviors of IE8 (low-integrity process a.k.a. "Protected Mode" which prevents access to system settings or user files). Note that it never mentions the words "Protected Mode" but suggests that Chrome's sandboxing should be adopted, which makes the author either a pro-Google or anti-MS fanboy, or simply an ignorant lout who didn't do the homework.
TL;DR? You and the article author both missed the point; IE8 has only been shown to be vulnerable when run without the sandboxing that Vista and Win7 include.
Ummm... as the very second line of the Overview section points out, SFU/SUA (on Win7 it's called Subsystem for UNIX Applicaitons, but it's essentially the same as SFU) includes "Over 350 Unix utilities such as vi, ksh, csh, ls, cat, awk, grep, kill, etc." It also includes a complete working GNU build toolchain, and much more. That's just the Microsoft download; additional tools (including "bash, OpenSSH, sudo, CVS, ClamAV, bzip2, gmake, curl, emacs, Apache, XView, Ruby, Tcl, Python") are available as downloadable binaries.
Note that while SUA is included with (higher editions of) Windows, it is just the POSIX compatibility layer; you have to get a (free) download from MS that includes all the utilities and libraries. Once you have those, you'll have a fully functional, if somewhat limited (not much software beyond standard utilities) UNIX-like system. The folks at http://suacommunity.com/ maintain a package manager and a repository of binaries for SFU/SUA, which provide a pretty good working environment.
I do occasionally compile programs or libraries from source (if the desired package isn't in the repository) and most of the time it works fairly well. The packages I use most commonly though - ssh, bash, svn, grep, etc.) were all either included in the SUA install or available as binary packages.
They may well use some code for ndiswrapper (much like they use code from wine to interface with Win32 apps, they could use code from ndiswrapper to interface with NT drivers). However, the back-ends would need to be different - ndiswrapper bridges the NT NDIS to the Linux kernel, and ReactOS doesn't use the Linux kernel.
Besides, ndiswrapper only implements a portion of the full NT driver interface (specificlaly, the portion used by network drivers). This is certainly helpful, but good luck installing (for example) a NT video card driver via ndiswrapper!
Yes, and the latest versions of it work quite well. The NT kernel's Network Driver Interface Specification is an ABI that several open-source kernels have added support for, usually as an optional module (ndiswrapper, Project Evil, etc.). Unfortunately, there's a lot of Windows drivers that tie into the kernel through a somewhat less abstracted ABI, and translating all the points of contact between Linux (or *BSD or whatever) drivers and NT drivers would be quite difficult. For example, the storage driver stack (device/physical volume/logical volume/filesystem, with room to hook things like filter drivers for anti-virus) involves a lot of NT drivers talking to one another, which would be difficult to handle if you wanted to insert a Windows anti-virus filter into a Linux driver stack).
Using NT drivers top to bottom, even though it requires implementing the full NT driver interface, is probably easier. It may also be more performant, since there wouldn't be a need for translation code (to do things like turn Linux kernel messages into NT I/O Request Packets and back again).