Seriously, at my jr high we had all the locked-down stuff we could want. Didn't do any good at all because they only changed the password to control the lockdown software (this was Win98 I think) once/quarter, and it would be seen or guessed within 2 weeks. I'm not sure how this hasn't come up yet in the discussion... but any relatively computer-literate kid could make an Admin account that looks just like the normal (limited) account to all but the closest scrutiny... but doesn't limit him/her at all!
Also, yes, make sure they are using limited User accounts, not Power User accounts. Make sure they are locked out of the system folders entirely, have only read permissions anywhere else on the hard drive outside of ther personal folders, and possibly even make it so that their home folder is wiped (or partially wiped) at each logout (I'm assuming the students share an account). My university uses a handful of scripts triggered by the Task Manager to do things like revert system settings when we log off, start security software client (not start a scan, just the client) when we log in, and stuff like that. It's easy to set up, and should work just fine even on non-domain computers.
Wow... while there is some value to the argument that splitting up the toolbars is bad, I think you're overreacting.
Yes, they hid the menu bar by default. I love my screen real-estate, so I think this is great idea. And you know what? I dont need the menu bar. Not for anything I do at all often. File menu? It's almost all under the Page button in the command bar. Tools menu? Take a guess which command button that is... Basically, the menus are only there for backward compatibility; many users will stick to what they know and not even try something else (this is too bad, but then those users are a lot less likely to upgrade to IE7 - or Firefox - anyhow). I find the combinations of what options are gathered where more intuitive in IE7, and while I could stand to have the command bar up by the back/forward buttons, I have no problem with it as is either.
Oh, and if for some reason you simply MUST use the menu bar, even when hidden it's one keystroke away. Try pressing "Alt" once. You know, the key that moves the focus to the menu bar of nearly every Windows app in existence. Press Alt, select option (using mouse or keyboard) and the menu bar quietly vanishes again.
I'm not quite sure why Spamhaus didn't just say "no jurisdiction" from the get-go. Maybe they like the free press? It could get awfully expensive though, if the courts decide that, since they initially took action regarding the filing (in Illinois) then ignored it after getting it moved to federal level, they really are just in contempt of court. Of course, I'm pretty contemptuous of any court that grants a ruling in favor of a spammer against an anti-spam list maintainer, but Spamhaus probably shouldn't have switched tactics in the middle of the fight, not when they were winning. I'm surea sufficiently good lawyer can pull them out if this, but those are expensive...
Did they indeed? All I read was them claiming that it would mean another 50,000,000,000 spam emails a say hitting the servers. I realize they Internet already handles tons of spam, but... that is a lot.
Had Spamhaus made the "no jurisdiction" argument at the onset, it may very well have gotten the case dismissed. Instead, it finds itself in the undesirable and difficult position of having to appeal a summary judgment.
I hope to hell they're able to avoid the default judgement in any case, but from what it looks like they successfully fought the Illinois filing (by arguing that they weren't in Illinois, and getting it moved up to the Federal level... not that they're in the USA either). However, they then changed tactics and ignored the federal proceedings entirely. Now they have a Contempt of Court, a huge default judgement, and the shield of "no jurisdiction" seems weaker since they didn't use it to begin with.
All that Spamhaus has "won" is not getting their domain registration pulled. That's great, but the current situation in the US courts basically says they need to pay up, and nothing so far except their location has said otherwise. They may have to fight it, in an appeals court, in the US (where they will have to pay their own legal fees even if they win) and that could be... bad.
Yep, my statement does require the caveat that they choose to run as root (and choose to ignore the colorful bombs screensaver KDE often throws up if you log in as root.:-) Of course, the root account does exist, and some distros allow you to use it with little or no password and little or no warning. Even though there is no non-admin account by default on Windows, an uninformed user (or somebody who gets tired of typing in their admin password to change their default display resolution, or anything else requiring modification of - for example - xorg.conf) might very well run as root. This is one of the few things I think Ubuntu did right: if you're going to make a Linux for the average user, you simply can't make it easy to run as root.
This is partially outdated, and partially FUD. Try it. I mess with my system a LOT, and I need elevated permissions in Vista less often than I do in Linux... and even that much doesn't bother me. Earlier versions weren't very good about when to swtich to admin mode and when not to, so Defender, for example, required admin mode when you opened Software Explorer (to prevent a startup app, or some such). Now, it only prompts UAC if you click the "Show options for all users" button, complete with UAC icon, at the bottom of the window. Which you only do if the program you're trying to modify isn't one that installed under user permissions... Other things are similar. Yes, installing most software requires admin priveleges, but not ALL software... in fact, the lastest builds only prompt when the installer actually begins the install, and then only if you selected "Install for everybody" as opposed to "Install for this user only" (most modern installers provide such options). In normal use I don't see it at all.
I like your "fork in the road" analogy, but while I use it (I also read the UAC and Protecte Mode prompts, so maybe I'm unusual) I know a lot of people who won't run except as an Administrator, and/or who run OS X with Root or nearly Root priveleges. These people can do an astonishing amount without even needing your "fork in the road" and while UAC *can* be disabled, the kind of user who simply ignores the prompts and always clicks Continue is also likely to be the kind who doesn't go find the option to disable it (it's in the system configuration, not hard if you're a power user but many people don't really know what "Explorer" is, they think it's called "My Computer"). In any case, I doubt you can deny that a random prompt appearing while somebody browses the web or tries to watch a movie is going to make them slightly more cautious. Also, since the default button for UAC is Cancel (not Continue) the user does actually need to conciously move the mouse to the Continue button, not just hit Enter.
Firefox has security holes, including occasionally very, very serious ones. Most of the time these are found and patched quickly, for Windows at least (some Linux distros distribute the update faster than others). This is good, because Firefox in Windows often assumes admin priveleges. Trying to use it without tends to be a pain, and in Vista it causes more UAC prompts than most programs I know of (most programs cause none at all). Also, if it is taken over, there's absolutely nothing to prevent it from, for example, uploading all my personal files and then deleting them off my hard drive. Using Protected Mode, this would prompt serious warnings. Incidentally, there's nothing to prevent such behavior in OS X either.
Yep, icons are raster. So are bitmap files. So are rendered jpegs, in most programs. So are sprites in most programs. The point you're missing is that Vista ships these bitmaps off to the GPU to be rendered using vectors (not sure if the raster->vector conversion happens in software or hardware or both, but what comes out is vectors) so you get the advantages of vectors on the display end (they are fast to render using hardware acceleration, too) and the advantages of bitmaps when manipulating your images. Some benchmarks I saw on a machine with a good graphics card had 3x-5x render speed improvements in programs like Photoshop due to the hardware accel.
It must just be anti-MS groupthink, because anybody who has done even a bit of research on Vista knows far better.
UAC: Vista can raise (and presumably lower) program permissions while running. This is seriously a good thing; aside from running sans-admin priveleges for the most part (and the abiliy to gain admin privs in things like Defender without needing to re-start the program from the menu via RunAs) the IE7 Protected Mode sandbox is, quite literally, the way all browsers should run. Super-low permissions, until it need to do something like load an outside pogram or save a file to disc. Then it asks for permission. Explorer works fairly similarly, elevating permsissions only when doing things that require admin privs (modifying Windows files or other users' directories, for example). Neither OS X nor XP (nor Linux) are this good at permissions control.
Address Space Layout Randomization: together with the no-execute (NX) protection provided by essentially all modern OSes, this provides excellent protection against buffer overflow exploits. (NX is completely ineffective against overwriting the return address to some linked library, for example, the classic return-to-libc exploit.)Neither XP nor OS X support ASLR natively. I think it's part of SELinux, which is included with a few distros.
DirectX 10. I don't think this is going to be backported, and if MS is even 25% correct in their claims of increased performance (up to 70% improvement), it will make a big splash in the gaming world. OpenGL is awesome, but it doesn't have this level of performance. Oh, and anybody who says OpenGL is unsupported in Vista is ignorant/full of it; I've run OpenGL apps without any problem at all.
Volume Shadow Copies:SO useful! I've used it for everything from reverting files I'd thought overwritten and gone to restoring damaged system files (via System Restore, which in Vista makes XP's version look like a joke). It's in Server 2003, but not (really) in XP (only for system folders, and not well impemented). Leopard's "Time Machine" may be the same capability (with excessive eye candy) but I'm dubious of their implementation too... daily screenshots? Not based on major modifications? I hope they at least don't store the VSCs in some easily located portion of the filesystem; I realize there's very little malware for Macs, but most XP malware goes after the system restore copies as soon as it can. In any case, Leopard isn't out yet and won't be for a while yet.
BitLocker Drive Encryption: NTFS encrypting filesystem is nice, and there are of course 3rd-party software solutions, but using a dedicated hardware chip to do the encryption on your entire drive just makes all kinds of sense. I wish my system had one... I'd move GRUB out of the MBR and chainload it instead; then even dual-booting with BitLocker would work (yes, it does).
Resizing hard disk partitions, including the system volume, while they are mounted. I didn't even know this was possible! As somebody who does a lot of messing with partitions, doesn't want to shell out for Partition Magic (I get MS software for free via my school) and doesn't entirely trust QtParted and NTFSresize (I have about a 75% success rate, which isn't high enough for those kinds of operations. No major data loss... yet... but still not good enough).
There's so much more... but I'm tired of repeating this post for the quadrillionth time. Oh, and as for power savings, I get much better battery life in Vista (due to various things including dynamic processor scaling that allow me to set my clock rate as low as 5% of its normal speed while the CPU is idle) than I do in XP. Linux is similarly good, but ACPI support in Linux is still lagging. I don't have OS X installed on my laptop.
Yes, OS X does the minimize to dock (close enough to taskbar) thing quite well. Kudos to them. Of course, XP could sort of do it too. The idea isn't new, it's the method. OS X does a pretty animation, Vista turns the window transparent and shrinks it down to the bar. I prefer Vista's version purely because I'm opposed to eye candy; indeed I ran Vista without Aero for months before trying it and realizing how helpful it was. OS X's animations feel very eye candy-ish.
So, on to the other things mentioned in the article, or even not mentioned:
I'm guessing OS X does vector-based graphics for everything, based on the zoom quality. Seriously, it should...
I've never heard that OS X does its rendering via 3D, hardware-accelerated objects. If it does, please educate me and provide a reference. Even on programs not designed around WPF, it's impressively good at improving performance.
Little things like no more desktop tearing and no more left-behind sprites (a menu that didn't vanish because something interrupted its overdraw, for example) are nice.
The ability to smoothly play video or quickly render graphics (in the Photoshop sense) even during high CPU usage (without too much effect on the rest of the system) is very nice.
Things like the ability to see the status of your other windows by mousing over their taskbar icons (without shrinking your current window) is extremely nice; I use it on a daily basis and get annoyed in XP when I can't. Expose was a great idea, but I'm a very keyboard-oriented person; I like using Flip-3D using only 2 or 3 keys to very quickly look at all my windows (or alt-tab, since that now shows thumbnails. The main time I use the mouse (as described above) is when I want tomonitor something in a thumbnail window (for example, a background file download) while working in a different foreground (and often maximized) app.
Oh, and yes, WFP can really improve render times on both image and video by using hardware acceleration. Figures I've heard are in the 3x to 5x rander speed range (the system doing the benchmarks has a powerful video card, an Intel GMA won't give you that kind of boost of course). Everybody talks about how great Macs are for image/video editing, but can they achieve those kinds of acceleration or does it all still go through the CPU?
I'll grant you Macs handle virtual desktops nicely. I only learned about the capability to use that feature in XP after I'd switched to Vista, and the XP PowerToy won't install on Vista, so I have yet to see what they will look like in Vista. The feature is supported, however; UAC prompts, for example, appear on a different desktop. I'll keep a close eye on this one, and I've already spoken to the Vista shell guys about it. I'd like to remind you though that until Leopard comes out, virtual desktops ("Spaces") aren't really part of OS X (any more than they are of XP... or, at this point, Vista. *Sigh*)
So, in conclusion, Windows and Mac shells are always playing catch-up with each other. OS X had XP beat on many levels when it came out, and has it beat on most now... but XP was well ahead of OS 9 in many ways too. I consider Vista ahead of Tiger, and for my usage style (keyboard-centric, function over looks, etc.) even ahead of Leopard, though integrating virtual desktops very nearly tips the balance there.
You, sir (or madam), have NO idea what you're talking about. Superfetch will use up to about 40% of your RAM (not pagefile) and backs off when you need the RAM. Even when, for example, browsing lots of tabs, doing email, listening to music, and using IM - and switching back and forth periodically - I often get almost no page faults. Yes, there's a fair bit in my pagefile... but I rarely get page faults above 10/minute, total. SuperFetch actually works pretty well, and it would be utterly idiotic to swap it... or make it take so much RAM everything else needs to swap.
Calling Vista a "tweaked XP" is almost like Win95 a "tweaked DOS + Windows 3.11." It's not just a new interface, people!
It wouldn't quadruple the total memory requirements, it would only quadruple the overhead associated with each window. As a plus, it would allow you to free up to 3/4s of Firefox's RAM without closing every single open page, download manager, Java applet, etc. the way you currently have to in order to retrieve any of the hundreds of MBs it eats (assuming the page(s) you want are on thesame window, or can be opened there).
Thanks for he explanation. However, wouldn't PatchGuard's hash checks (and by 'blue screen' I presume you means it shuts down the kernel, which could then presumably be restored from a VSC or something?) catch malware nicely? Even if it doesn't fix it, it could warn users that their system is compromised and they need to system restore or repair installation or something. Even that level of protection in the kernel sounds like a fantastic idea to me.
Well said... my second thought on reading this (after "$DEITY fucking damn Symantec & McAfee") was "I should be able to disable this hole at install time, if I'm not going to use their crapware." I'm cool with Trend Micro's PC-Cillin, and I think OneCare is a superb tool for XP (not sure about Vista; a lot of OneCare's goodies, like automatic defrag and strong two-way firewall, are built into Vista... but I'll run the beta, probably). For obvious reasons you don't want this hole to be switchable at runtime (then malware will just re-instate it for you) but this could totally be an option on the boot disc. With an image-based install that might be slightly trickier, but should still work... a diff or something that you can apply or not while installing, or maybe even a seperate program on the install disc. Basically, enabling this hole (well, disabling it, though I feel it should be disabled by default) should require physical machine access and a boot disc.
This would keep the EU happy, would keep the crapware makers happy, and would keep me from being (too) unhappy. Corporate IT folks could setup an unattend script to select the configuration their company will use, I could recommend this option to friends, and I'd have yet another reason to add to my list of why Symantec/McAfee should be treated with as much respect as dog vomit in your nice shoes.
Make it secure in what sense? Prevent unauthorized kernel access? That's what PatchGuard is SUPPOSED TO DO! Include a strong firwall and don't let it get turned off secretly? Enter Security Center. Catch when people decide to download Bonzai Buddy and run AngelinaJolieXXX.scn? That's anti(spy|mal)ware/antivirus. OneCare is Microsoft's offering here (well, and Defender, which is free and not even ad-supported). As long as people are going to write that kind of softwre for Windows (probably forever), people who install such garbage are going to need software like OneCare (or Trend Micro's PC-Cillin, which runs perfectly in Vista). No changes to the OS are going to prevent such idiots from practicing unsafe Internet.
Why is it SO FUCKING HARD for you to understand that MS is doing EXACTLY WHAT YOU WANT and HASN'T DONE ANYTHING to drive Symantec, McAfee, whatever out of business?!? Hell, it's not as if their products (or OneCare) can do a damn thing about the system getting rootkitted; that's the job of the OS and so far Vista was doing alright. I find myself not really sure I want to download the next build of Vista... I was so glad MS had finally wised up security-wise, and now I'm not so sure.
I personally find it much more work to keep a Win box running smooth and secure then I've ever had with my *NIX boxes.
That's a pointless statement, because you are not "teh Average, Joe Six-Pack (l)user" and actually know how to use your computer. XP SP2 can be pretty pesky about letting antivirus software get out-of-date; somebody who would either completely ignore or actively disable that notification would probably run as root on a *NIX box, and disable (for example) SELinux the first time it got in their way (be honest, how many Mac users do you know who claim that Macs don't even need a firewall? At least 1/3 of the mac users I know think, or used to think, this.)
You think Linux won't eat itself alive if treated the way most people treat Windows? Requiring root access aside, *nix allows users to do FAR more damage to their system accidentally. Windows, for example, makes a point of warning people bfore they run potentially dangerous files from the Internet. The fact the such malicious software generally doesn't exist for Mac/*nix doesn't make them any safer... those copies of AOHell didn't get on there by accident of via exploit code, they got there because people are dumb. I'm not saying there aren't exploits, but a well-maintaned machine (I presume you install patches for your *nix system? You probably aren't stll running Firefox 1.0...) needs no work to keep healthy. Auto-sceduled updates and scans, scan files on download, maintain real-time protection, and don't be stupid... aside from installing the security software in the first place, none of this will make Windows take more time or be more difficult than *nix.
Supporting other people's Windows boxes is a bitch. That's not really Window's fault, it's at least 95% PEBKAC.
There are two SERIOUS failings in McAfee/Symantec's whining: other companies are producing perfectly decent security suites for Vista (see Trend Micro's PC-Cillin, for example) which implies that PatchGuard is not a showstopper for 3rd-party security, and while MS is now a competitor in terms of OneCare, the concept of them putting an anti-(spy/ad)ware program and a decent, 2-way firewall into Windows is perfectly reasonable. Including OneCare with Windows would be monopolistic, but (some people just don't seem to get this) Vista has no built-in antivirus! If you want AV (and its a good idea, even if less important than on previous Windows versions due to superior design) it still must be bought from somebody.
At this point, I'm WAY more likely to buy from Trend Micro than from Symantec/McAfee; even leaving aside the resource hogging and general bloat of those program suites, PC-Cillin has been in beta development for vista for months, working with MS (at least, it's what MS recommends if you ask them what AV softare to run on pre-release Vista). That implies, to me at least, that it will work MUCH better than products from companies which have spent the Vista development time bitching about them closing access to something they shouldn't need access to in the first place.
Supernodes are simply used to establish a connection between two computers so they can open a conversation. At a guess, this involves the IP addresses, Skype ports, and possibly usernames. None of that is particularly private info, though if you REALLY don't want people to randomly develop the ability to know what users 'you' (your username) called, you may be SOL. (If this really bothers you, why are you on the Internet at all? It's not exactly private...) The encryption is end-to-end; FWIK supernodes cannot compromise the encryption and listen in. Since supernodes change all the time, it's highly doubtful that any given SN can obtain enough info on you and those you call to make very much of it. I don't know about you, but if I Skype 10x in a week, that's a lot.
Bandwidth usage is extremely low. I've read that Skype's codec will work with as little as 8kbps/channel, though the quality loss is noticable then. I have personally used it on a shared (multiple computers all in use) 56k line with no problems, quality comparable to a decent cell phone. You might not be able to run as a supernode with 56k - I don't know what the bandwidth needs for that are - but it desn't matter, because there are literally millions of other Skype users, and plenty of them are supernodes. The client works FINE if you are never a supernode, which is good... people behind firewall, perhaps anybody behind NAT, cannot be supernodes.
This is a strange cross-point between Linux and Windows for me right now. I use Vista and Fedora Core, and while FC has SELinux and great confguration control to do things like what you describe... Vista comes will all that set by default in IE7+ (called Protected Mode). Any time you need to open another program from within IE, there's a prompt asking you if you want to allow once, allow always, deny once, or deny always. Any time you download a file, it goes into Temp. Internet Files first, and is copied to the location you specify after downloading (while being nearly identical in interface to IE6). Vista's capability to escalate a program's permissions while the program is running is what makes this possible; XP (which lacks this ability - I think it's a significant kernel modification) cannot use Protected Mode even with IE7.
Sorry, but you do NOT understand the issue at hand.
PDF creation is not, and never was, a feature of Vista. Vista DOES support a new standard called XPS, like PDF but better for certain types of documents. It is an open format, just like PDF. MS makes no money off it. It's past time there was some innovation in the market PDF currently occupies.
Adobe may have made money off PDF creation software, but they lost their exclusive right to that particular revenue stream when they opened the standard. I have created a number of PDFs. I have never used Adobe software to do it. Why? Simply put, because I don't need to. There are dozens of programs, ranging from open source suites to small stand-alone applications to a wide variety of plugins, virtual printers, and libraries that can create PDFs. Most of these are free.
I hate to see logical (if a little too theatric) argument shot down, but the gloom and doom you're predicting isn't even an issue because your grasp of the current situation is off.
XPS is exactly as "proprietary" as PDF, but it sometimes produces smaller files (thus better, at least for some things - it doesn't allow for dynamic dosuments, the way PDF does). XPS is patented by MS. PDF is patented by Adobe. Both companies allow anybody to ue the format for free. Both companies have opened the format specifications to everybody. The whole point of laws like these is to promote innovation. Is creating a new format, making it available for FREE, and incluing tools for using it with their product a bad thing?
I have yet to see OneCare in a box - it's downloadable, though, much like TrendMicro PC-Cillin and Norton Internet Security. What you can't do is get it bundled with Vista. That's right: Vista DOES NOT include a virus scanner! Now that we're clear on that, why is it bad for MS to make their own software suite? Anti-competitive would be making it so other security suites don't work in Vista... which is flatly untrue. If you ask the security center to suggest an antivirus program, it directs you to PC-Cillin (which isn't a bad program, from what I've seen thus far, and is way less invasive than NIS). Integrating Defender just saves users the time it takes to go download and install it (during which they lack real-time protection). If you don't want Defender, that's your choice; MS isn't forcing you to use Defender, simply making the option available. They earn no money off it.
Symantec is more upset because MS is closing some undocumented hooks into low-level code that installable software - anybody's software - really shouldn't be using. Why? It's the stuff rootkits are made of. It is UNNECCESSSARY though! If MicroSoft is hiding APIs that are important for security software from anybody except the OneCare team, THAT is anti-competitive... but closing access to code that was never supposed to be public in the first place is not a bad thing, and that access is not required.
XPS, MS's proprietary, patented, closed competitor to PDF
WTF?!? Read your own link, fanboy; XPS is an open standard, freely licenced, and although it is patented, its specificaltions are available to all and Microsoft has agreed not to sue over use of XPS. In case you were wondering, PDF is also proprietary and patented, which a simple application the obviousness test ought to have told you. I don't like software patents per se, but as long as your compatitors can make them, you have to get your name down first. Free licensing and agreeing not to sue over usage effectively makes the patent toothless though, and displays to the world how dumb patenting things like that really is. MS made the right move here, amazing though that may be.
Cool it man, and think before you hit submit. Microsoft is not bundling a single thing that you have to pay for. They ARE NOT including antivirus software, for example - OneCare will work with Vista (though currently does not) but you'll have to pay for it, same as you would for almost any antivirus/security suite. Defender is, and always has been, free. Including it with the OS saves you, the consumer, the hassle of going and downloading it. If you're rather use AdAware, go ahead. If you'd rather use Norton Internet Security, that's your choice too. You can even disable Defender if you don't want it. Seriously, should they rip the firewall out of Vista (and XP) because historically you've had to pay for software firewalls for Windows? Jeez, that's a good idea...
This issue here is that Microsoft has created a new standard, XPS, which is not like PDF but can be used for the same thing. Microsoft has also added the aility to create PDFs (and to read and write ODF) using Office. Again, none of tis is anything you used to have to pay for, generally speaking, and there's nothing to stop you from using PDFs all you want, even creating them using Acrobat if you don't want to pay the "Microsoft tax". If you think adding an open format you created into your operating system is anti-competitive, etc. then you're blind beyond belief. The point of anti-monopoly laws is to foster innovation. MS has historically lacked in the area of completey portable documents, so they created a spec that works a bit better (according to what I've seen) than the current leader, and made it available for free, and as part of their system. If Adobe is unhappy about this, too bad... MS isn't attacking the PDF camp; they're creating a new, better camp and inviting people for free.
Seriously, at my jr high we had all the locked-down stuff we could want. Didn't do any good at all because they only changed the password to control the lockdown software (this was Win98 I think) once/quarter, and it would be seen or guessed within 2 weeks. I'm not sure how this hasn't come up yet in the discussion... but any relatively computer-literate kid could make an Admin account that looks just like the normal (limited) account to all but the closest scrutiny... but doesn't limit him/her at all!
Also, yes, make sure they are using limited User accounts, not Power User accounts. Make sure they are locked out of the system folders entirely, have only read permissions anywhere else on the hard drive outside of ther personal folders, and possibly even make it so that their home folder is wiped (or partially wiped) at each logout (I'm assuming the students share an account). My university uses a handful of scripts triggered by the Task Manager to do things like revert system settings when we log off, start security software client (not start a scan, just the client) when we log in, and stuff like that. It's easy to set up, and should work just fine even on non-domain computers.
Wow... while there is some value to the argument that splitting up the toolbars is bad, I think you're overreacting.
Yes, they hid the menu bar by default. I love my screen real-estate, so I think this is great idea. And you know what? I dont need the menu bar. Not for anything I do at all often. File menu? It's almost all under the Page button in the command bar. Tools menu? Take a guess which command button that is... Basically, the menus are only there for backward compatibility; many users will stick to what they know and not even try something else (this is too bad, but then those users are a lot less likely to upgrade to IE7 - or Firefox - anyhow). I find the combinations of what options are gathered where more intuitive in IE7, and while I could stand to have the command bar up by the back/forward buttons, I have no problem with it as is either.
Oh, and if for some reason you simply MUST use the menu bar, even when hidden it's one keystroke away. Try pressing "Alt" once. You know, the key that moves the focus to the menu bar of nearly every Windows app in existence. Press Alt, select option (using mouse or keyboard) and the menu bar quietly vanishes again.
I'm not quite sure why Spamhaus didn't just say "no jurisdiction" from the get-go. Maybe they like the free press? It could get awfully expensive though, if the courts decide that, since they initially took action regarding the filing (in Illinois) then ignored it after getting it moved to federal level, they really are just in contempt of court. Of course, I'm pretty contemptuous of any court that grants a ruling in favor of a spammer against an anti-spam list maintainer, but Spamhaus probably shouldn't have switched tactics in the middle of the fight, not when they were winning. I'm surea sufficiently good lawyer can pull them out if this, but those are expensive...
Did they indeed? All I read was them claiming that it would mean another 50,000,000,000 spam emails a say hitting the servers. I realize they Internet already handles tons of spam, but... that is a lot.
All that Spamhaus has "won" is not getting their domain registration pulled. That's great, but the current situation in the US courts basically says they need to pay up, and nothing so far except their location has said otherwise. They may have to fight it, in an appeals court, in the US (where they will have to pay their own legal fees even if they win) and that could be... bad.
Yep, my statement does require the caveat that they choose to run as root (and choose to ignore the colorful bombs screensaver KDE often throws up if you log in as root. :-) Of course, the root account does exist, and some distros allow you to use it with little or no password and little or no warning. Even though there is no non-admin account by default on Windows, an uninformed user (or somebody who gets tired of typing in their admin password to change their default display resolution, or anything else requiring modification of - for example - xorg.conf) might very well run as root. This is one of the few things I think Ubuntu did right: if you're going to make a Linux for the average user, you simply can't make it easy to run as root.
This is partially outdated, and partially FUD. Try it. I mess with my system a LOT, and I need elevated permissions in Vista less often than I do in Linux... and even that much doesn't bother me. Earlier versions weren't very good about when to swtich to admin mode and when not to, so Defender, for example, required admin mode when you opened Software Explorer (to prevent a startup app, or some such). Now, it only prompts UAC if you click the "Show options for all users" button, complete with UAC icon, at the bottom of the window. Which you only do if the program you're trying to modify isn't one that installed under user permissions... Other things are similar. Yes, installing most software requires admin priveleges, but not ALL software... in fact, the lastest builds only prompt when the installer actually begins the install, and then only if you selected "Install for everybody" as opposed to "Install for this user only" (most modern installers provide such options). In normal use I don't see it at all.
I like your "fork in the road" analogy, but while I use it (I also read the UAC and Protecte Mode prompts, so maybe I'm unusual) I know a lot of people who won't run except as an Administrator, and/or who run OS X with Root or nearly Root priveleges. These people can do an astonishing amount without even needing your "fork in the road" and while UAC *can* be disabled, the kind of user who simply ignores the prompts and always clicks Continue is also likely to be the kind who doesn't go find the option to disable it (it's in the system configuration, not hard if you're a power user but many people don't really know what "Explorer" is, they think it's called "My Computer"). In any case, I doubt you can deny that a random prompt appearing while somebody browses the web or tries to watch a movie is going to make them slightly more cautious. Also, since the default button for UAC is Cancel (not Continue) the user does actually need to conciously move the mouse to the Continue button, not just hit Enter.
Firefox has security holes, including occasionally very, very serious ones. Most of the time these are found and patched quickly, for Windows at least (some Linux distros distribute the update faster than others). This is good, because Firefox in Windows often assumes admin priveleges. Trying to use it without tends to be a pain, and in Vista it causes more UAC prompts than most programs I know of (most programs cause none at all). Also, if it is taken over, there's absolutely nothing to prevent it from, for example, uploading all my personal files and then deleting them off my hard drive. Using Protected Mode, this would prompt serious warnings. Incidentally, there's nothing to prevent such behavior in OS X either.
Yep, icons are raster. So are bitmap files. So are rendered jpegs, in most programs. So are sprites in most programs. The point you're missing is that Vista ships these bitmaps off to the GPU to be rendered using vectors (not sure if the raster->vector conversion happens in software or hardware or both, but what comes out is vectors) so you get the advantages of vectors on the display end (they are fast to render using hardware acceleration, too) and the advantages of bitmaps when manipulating your images. Some benchmarks I saw on a machine with a good graphics card had 3x-5x render speed improvements in programs like Photoshop due to the hardware accel.
- UAC: Vista can raise (and presumably lower) program permissions while running. This is seriously a good thing; aside from running sans-admin priveleges for the most part (and the abiliy to gain admin privs in things like Defender without needing to re-start the program from the menu via RunAs) the IE7 Protected Mode sandbox is, quite literally, the way all browsers should run. Super-low permissions, until it need to do something like load an outside pogram or save a file to disc. Then it asks for permission. Explorer works fairly similarly, elevating permsissions only when doing things that require admin privs (modifying Windows files or other users' directories, for example). Neither OS X nor XP (nor Linux) are this good at permissions control.
- Address Space Layout Randomization: together with the no-execute (NX) protection provided by essentially all modern OSes, this provides excellent protection against buffer overflow exploits. (NX is completely ineffective against overwriting the return address to some linked library, for example, the classic return-to-libc exploit.)Neither XP nor OS X support ASLR natively. I think it's part of SELinux, which is included with a few distros.
- DirectX 10. I don't think this is going to be backported, and if MS is even 25% correct in their claims of increased performance (up to 70% improvement), it will make a big splash in the gaming world. OpenGL is awesome, but it doesn't have this level of performance. Oh, and anybody who says OpenGL is unsupported in Vista is ignorant/full of it; I've run OpenGL apps without any problem at all.
- Volume Shadow Copies: SO useful! I've used it for everything from reverting files I'd thought overwritten and gone to restoring damaged system files (via System Restore, which in Vista makes XP's version look like a joke). It's in Server 2003, but not (really) in XP (only for system folders, and not well impemented). Leopard's "Time Machine" may be the same capability (with excessive eye candy) but I'm dubious of their implementation too... daily screenshots? Not based on major modifications? I hope they at least don't store the VSCs in some easily located portion of the filesystem; I realize there's very little malware for Macs, but most XP malware goes after the system restore copies as soon as it can. In any case, Leopard isn't out yet and won't be for a while yet.
- BitLocker Drive Encryption: NTFS encrypting filesystem is nice, and there are of course 3rd-party software solutions, but using a dedicated hardware chip to do the encryption on your entire drive just makes all kinds of sense. I wish my system had one... I'd move GRUB out of the MBR and chainload it instead; then even dual-booting with BitLocker would work (yes, it does).
- Resizing hard disk partitions, including the system volume, while they are mounted. I didn't even know this was possible! As somebody who does a lot of messing with partitions, doesn't want to shell out for Partition Magic (I get MS software for free via my school) and doesn't entirely trust QtParted and NTFSresize (I have about a 75% success rate, which isn't high enough for those kinds of operations. No major data loss... yet... but still not good enough).
There's so much more... but I'm tired of repeating this post for the quadrillionth time. Oh, and as for power savings, I get much better battery life in Vista (due to various things including dynamic processor scaling that allow me to set my clock rate as low as 5% of its normal speed while the CPU is idle) than I do in XP. Linux is similarly good, but ACPI support in Linux is still lagging. I don't have OS X installed on my laptop.Yes, OS X does the minimize to dock (close enough to taskbar) thing quite well. Kudos to them. Of course, XP could sort of do it too. The idea isn't new, it's the method. OS X does a pretty animation, Vista turns the window transparent and shrinks it down to the bar. I prefer Vista's version purely because I'm opposed to eye candy; indeed I ran Vista without Aero for months before trying it and realizing how helpful it was. OS X's animations feel very eye candy-ish.
So, on to the other things mentioned in the article, or even not mentioned:
- I'm guessing OS X does vector-based graphics for everything, based on the zoom quality. Seriously, it should...
- I've never heard that OS X does its rendering via 3D, hardware-accelerated objects. If it does, please educate me and provide a reference. Even on programs not designed around WPF, it's impressively good at improving performance.
- I'll grant you Macs handle virtual desktops nicely. I only learned about the capability to use that feature in XP after I'd switched to Vista, and the XP PowerToy won't install on Vista, so I have yet to see what they will look like in Vista. The feature is supported, however; UAC prompts, for example, appear on a different desktop. I'll keep a close eye on this one, and I've already spoken to the Vista shell guys about it. I'd like to remind you though that until Leopard comes out, virtual desktops ("Spaces") aren't really part of OS X (any more than they are of XP... or, at this point, Vista. *Sigh*)
So, in conclusion, Windows and Mac shells are always playing catch-up with each other. OS X had XP beat on many levels when it came out, and has it beat on most now... but XP was well ahead of OS 9 in many ways too. I consider Vista ahead of Tiger, and for my usage style (keyboard-centric, function over looks, etc.) even ahead of Leopard, though integrating virtual desktops very nearly tips the balance there.- Little things like no more desktop tearing and no more left-behind sprites (a menu that didn't vanish because something interrupted its overdraw, for example) are nice.
- The ability to smoothly play video or quickly render graphics (in the Photoshop sense) even during high CPU usage (without too much effect on the rest of the system) is very nice.
- Things like the ability to see the status of your other windows by mousing over their taskbar icons (without shrinking your current window) is extremely nice; I use it on a daily basis and get annoyed in XP when I can't. Expose was a great idea, but I'm a very keyboard-oriented person; I like using Flip-3D using only 2 or 3 keys to very quickly look at all my windows (or alt-tab, since that now shows thumbnails. The main time I use the mouse (as described above) is when I want tomonitor something in a thumbnail window (for example, a background file download) while working in a different foreground (and often maximized) app.
Oh, and yes, WFP can really improve render times on both image and video by using hardware acceleration. Figures I've heard are in the 3x to 5x rander speed range (the system doing the benchmarks has a powerful video card, an Intel GMA won't give you that kind of boost of course). Everybody talks about how great Macs are for image/video editing, but can they achieve those kinds of acceleration or does it all still go through the CPU?You, sir (or madam), have NO idea what you're talking about. Superfetch will use up to about 40% of your RAM (not pagefile) and backs off when you need the RAM. Even when, for example, browsing lots of tabs, doing email, listening to music, and using IM - and switching back and forth periodically - I often get almost no page faults. Yes, there's a fair bit in my pagefile... but I rarely get page faults above 10/minute, total. SuperFetch actually works pretty well, and it would be utterly idiotic to swap it... or make it take so much RAM everything else needs to swap.
Calling Vista a "tweaked XP" is almost like Win95 a "tweaked DOS + Windows 3.11." It's not just a new interface, people!
It wouldn't quadruple the total memory requirements, it would only quadruple the overhead associated with each window. As a plus, it would allow you to free up to 3/4s of Firefox's RAM without closing every single open page, download manager, Java applet, etc. the way you currently have to in order to retrieve any of the hundreds of MBs it eats (assuming the page(s) you want are on thesame window, or can be opened there).
Thanks for he explanation. However, wouldn't PatchGuard's hash checks (and by 'blue screen' I presume you means it shuts down the kernel, which could then presumably be restored from a VSC or something?) catch malware nicely? Even if it doesn't fix it, it could warn users that their system is compromised and they need to system restore or repair installation or something. Even that level of protection in the kernel sounds like a fantastic idea to me.
Well said... my second thought on reading this (after "$DEITY fucking damn Symantec & McAfee") was "I should be able to disable this hole at install time, if I'm not going to use their crapware." I'm cool with Trend Micro's PC-Cillin, and I think OneCare is a superb tool for XP (not sure about Vista; a lot of OneCare's goodies, like automatic defrag and strong two-way firewall, are built into Vista... but I'll run the beta, probably). For obvious reasons you don't want this hole to be switchable at runtime (then malware will just re-instate it for you) but this could totally be an option on the boot disc. With an image-based install that might be slightly trickier, but should still work... a diff or something that you can apply or not while installing, or maybe even a seperate program on the install disc. Basically, enabling this hole (well, disabling it, though I feel it should be disabled by default) should require physical machine access and a boot disc.
This would keep the EU happy, would keep the crapware makers happy, and would keep me from being (too) unhappy. Corporate IT folks could setup an unattend script to select the configuration their company will use, I could recommend this option to friends, and I'd have yet another reason to add to my list of why Symantec/McAfee should be treated with as much respect as dog vomit in your nice shoes.
I absolutely, totally, completely agree! Also, while we're at it, let's get them out of Vista, too!
Oh, wait, that's what this was about to begin with? Oh well, fuck 'em anyway.
Make it secure in what sense? Prevent unauthorized kernel access? That's what PatchGuard is SUPPOSED TO DO! Include a strong firwall and don't let it get turned off secretly? Enter Security Center. Catch when people decide to download Bonzai Buddy and run AngelinaJolieXXX.scn? That's anti(spy|mal)ware/antivirus. OneCare is Microsoft's offering here (well, and Defender, which is free and not even ad-supported). As long as people are going to write that kind of softwre for Windows (probably forever), people who install such garbage are going to need software like OneCare (or Trend Micro's PC-Cillin, which runs perfectly in Vista). No changes to the OS are going to prevent such idiots from practicing unsafe Internet. Why is it SO FUCKING HARD for you to understand that MS is doing EXACTLY WHAT YOU WANT and HASN'T DONE ANYTHING to drive Symantec, McAfee, whatever out of business?!? Hell, it's not as if their products (or OneCare) can do a damn thing about the system getting rootkitted; that's the job of the OS and so far Vista was doing alright. I find myself not really sure I want to download the next build of Vista... I was so glad MS had finally wised up security-wise, and now I'm not so sure.
That's a pointless statement, because you are not "teh Average, Joe Six-Pack (l)user" and actually know how to use your computer. XP SP2 can be pretty pesky about letting antivirus software get out-of-date; somebody who would either completely ignore or actively disable that notification would probably run as root on a *NIX box, and disable (for example) SELinux the first time it got in their way (be honest, how many Mac users do you know who claim that Macs don't even need a firewall? At least 1/3 of the mac users I know think, or used to think, this.)
You think Linux won't eat itself alive if treated the way most people treat Windows? Requiring root access aside, *nix allows users to do FAR more damage to their system accidentally. Windows, for example, makes a point of warning people bfore they run potentially dangerous files from the Internet. The fact the such malicious software generally doesn't exist for Mac/*nix doesn't make them any safer... those copies of AOHell didn't get on there by accident of via exploit code, they got there because people are dumb. I'm not saying there aren't exploits, but a well-maintaned machine (I presume you install patches for your *nix system? You probably aren't stll running Firefox 1.0...) needs no work to keep healthy. Auto-sceduled updates and scans, scan files on download, maintain real-time protection, and don't be stupid... aside from installing the security software in the first place, none of this will make Windows take more time or be more difficult than *nix.
Supporting other people's Windows boxes is a bitch. That's not really Window's fault, it's at least 95% PEBKAC.
There are two SERIOUS failings in McAfee/Symantec's whining: other companies are producing perfectly decent security suites for Vista (see Trend Micro's PC-Cillin, for example) which implies that PatchGuard is not a showstopper for 3rd-party security, and while MS is now a competitor in terms of OneCare, the concept of them putting an anti-(spy/ad)ware program and a decent, 2-way firewall into Windows is perfectly reasonable. Including OneCare with Windows would be monopolistic, but (some people just don't seem to get this) Vista has no built-in antivirus! If you want AV (and its a good idea, even if less important than on previous Windows versions due to superior design) it still must be bought from somebody.
At this point, I'm WAY more likely to buy from Trend Micro than from Symantec/McAfee; even leaving aside the resource hogging and general bloat of those program suites, PC-Cillin has been in beta development for vista for months, working with MS (at least, it's what MS recommends if you ask them what AV softare to run on pre-release Vista). That implies, to me at least, that it will work MUCH better than products from companies which have spent the Vista development time bitching about them closing access to something they shouldn't need access to in the first place.
Supernodes are simply used to establish a connection between two computers so they can open a conversation. At a guess, this involves the IP addresses, Skype ports, and possibly usernames. None of that is particularly private info, though if you REALLY don't want people to randomly develop the ability to know what users 'you' (your username) called, you may be SOL. (If this really bothers you, why are you on the Internet at all? It's not exactly private...) The encryption is end-to-end; FWIK supernodes cannot compromise the encryption and listen in. Since supernodes change all the time, it's highly doubtful that any given SN can obtain enough info on you and those you call to make very much of it. I don't know about you, but if I Skype 10x in a week, that's a lot.
Bandwidth usage is extremely low. I've read that Skype's codec will work with as little as 8kbps/channel, though the quality loss is noticable then. I have personally used it on a shared (multiple computers all in use) 56k line with no problems, quality comparable to a decent cell phone. You might not be able to run as a supernode with 56k - I don't know what the bandwidth needs for that are - but it desn't matter, because there are literally millions of other Skype users, and plenty of them are supernodes. The client works FINE if you are never a supernode, which is good... people behind firewall, perhaps anybody behind NAT, cannot be supernodes.
This is a strange cross-point between Linux and Windows for me right now. I use Vista and Fedora Core, and while FC has SELinux and great confguration control to do things like what you describe... Vista comes will all that set by default in IE7+ (called Protected Mode). Any time you need to open another program from within IE, there's a prompt asking you if you want to allow once, allow always, deny once, or deny always. Any time you download a file, it goes into Temp. Internet Files first, and is copied to the location you specify after downloading (while being nearly identical in interface to IE6). Vista's capability to escalate a program's permissions while the program is running is what makes this possible; XP (which lacks this ability - I think it's a significant kernel modification) cannot use Protected Mode even with IE7.
Sorry, but you do NOT understand the issue at hand.
PDF creation is not, and never was, a feature of Vista. Vista DOES support a new standard called XPS, like PDF but better for certain types of documents. It is an open format, just like PDF. MS makes no money off it. It's past time there was some innovation in the market PDF currently occupies.
Adobe may have made money off PDF creation software, but they lost their exclusive right to that particular revenue stream when they opened the standard. I have created a number of PDFs. I have never used Adobe software to do it. Why? Simply put, because I don't need to. There are dozens of programs, ranging from open source suites to small stand-alone applications to a wide variety of plugins, virtual printers, and libraries that can create PDFs. Most of these are free.
I hate to see logical (if a little too theatric) argument shot down, but the gloom and doom you're predicting isn't even an issue because your grasp of the current situation is off.
XPS is exactly as "proprietary" as PDF, but it sometimes produces smaller files (thus better, at least for some things - it doesn't allow for dynamic dosuments, the way PDF does). XPS is patented by MS. PDF is patented by Adobe. Both companies allow anybody to ue the format for free. Both companies have opened the format specifications to everybody. The whole point of laws like these is to promote innovation. Is creating a new format, making it available for FREE, and incluing tools for using it with their product a bad thing?
I have yet to see OneCare in a box - it's downloadable, though, much like TrendMicro PC-Cillin and Norton Internet Security. What you can't do is get it bundled with Vista. That's right: Vista DOES NOT include a virus scanner! Now that we're clear on that, why is it bad for MS to make their own software suite? Anti-competitive would be making it so other security suites don't work in Vista... which is flatly untrue. If you ask the security center to suggest an antivirus program, it directs you to PC-Cillin (which isn't a bad program, from what I've seen thus far, and is way less invasive than NIS). Integrating Defender just saves users the time it takes to go download and install it (during which they lack real-time protection). If you don't want Defender, that's your choice; MS isn't forcing you to use Defender, simply making the option available. They earn no money off it.
Symantec is more upset because MS is closing some undocumented hooks into low-level code that installable software - anybody's software - really shouldn't be using. Why? It's the stuff rootkits are made of. It is UNNECCESSSARY though! If MicroSoft is hiding APIs that are important for security software from anybody except the OneCare team, THAT is anti-competitive... but closing access to code that was never supposed to be public in the first place is not a bad thing, and that access is not required.
Cool it man, and think before you hit submit. Microsoft is not bundling a single thing that you have to pay for. They ARE NOT including antivirus software, for example - OneCare will work with Vista (though currently does not) but you'll have to pay for it, same as you would for almost any antivirus/security suite. Defender is, and always has been, free. Including it with the OS saves you, the consumer, the hassle of going and downloading it. If you're rather use AdAware, go ahead. If you'd rather use Norton Internet Security, that's your choice too. You can even disable Defender if you don't want it. Seriously, should they rip the firewall out of Vista (and XP) because historically you've had to pay for software firewalls for Windows? Jeez, that's a good idea...
This issue here is that Microsoft has created a new standard, XPS, which is not like PDF but can be used for the same thing. Microsoft has also added the aility to create PDFs (and to read and write ODF) using Office. Again, none of tis is anything you used to have to pay for, generally speaking, and there's nothing to stop you from using PDFs all you want, even creating them using Acrobat if you don't want to pay the "Microsoft tax". If you think adding an open format you created into your operating system is anti-competitive, etc. then you're blind beyond belief. The point of anti-monopoly laws is to foster innovation. MS has historically lacked in the area of completey portable documents, so they created a spec that works a bit better (according to what I've seen) than the current leader, and made it available for free, and as part of their system. If Adobe is unhappy about this, too bad... MS isn't attacking the PDF camp; they're creating a new, better camp and inviting people for free.