Did or did you not notice that the whole point of what Charlie Miller did was that the sandbox was breached, despite ASLR, and he was able to do it from an app allowed into the walled "solution"?
Please explain how an app store that is unable to detect malware but *claims* to be inherently secure is actually more secure? If anything, I see it as the opposite - it will delude people (like yourself) into thinking it's safe, when it's actually not. Android, by comparison, is acknowledged to have malware - meaning people need to be more cautious about the apps they install.
Unfortunately, there's a barrier in Mango (whether you use the marketplace developer account dev-unlock, which has been available from day 1, or ChevronWP7 Labs which is essentially the same thing from the phone's perspective) that prevents apps from getting high-permission access (specificlaly, prevents opening a handle on a driver, which is the standard way to break out of the low-privilege app sandbox on WP7). To do this, an app needs to specify the "INTEROPSERVICES" capability in its manifest, and by default Mango blocks installing or running non-marketplace apps with this capability. NoDo and below did not - that's how people were able to do file browsers, registry editors, tethering apps, and so forth - but this restriction is part of Mango.
You can still run some homebrew apps, including native code, but only with low permissions. While it's useful to know there's limits on what an app can do, I'd really like to be able to remove those limits on apps I trust. A webserver that demonstrates access to the full socket API, including TCP server sockets (the official API only has client sockets) is cool, but there's a lot more that you could do.
Fortunately, there's a way around this restiction also built into the OS. The process of removing this restriction is called "interop-unlock" by the guys who discovered it, and is possible easily on LG phones (change the MaxUnsignedApp registry value to 300 or more using the built-in registry editor), possible on Samsung phones (instructions and app here: http://forum.xda-developers.com/showthread.php?t=1271963), and difficult if possible at all on HTC phones (requires rolling back to pre-Mango, which isn't possible on new devices). No solution at all for Dell, Toshiba, or Nokia yet.
WP7 isn't really targeted at the government; it's missing a lot of certifications for things like that which Windows Mobile had and Blackberry has. It's intended for the mass-market, and this works well for that.
However, if they wanted to create a modified ROM that didn't allow installing unsigned applications, that would be quite easy indeed. The "am I unlocked?" setting is just a registry value. It's probably only checked a few places in the code. Modify those checks so they always return "false" or modify the app-installer so that it only ever allows app packages with the marketplace signature, and you'd be fine.
Except, it gives a false sense of security. With Android (or PC) apps, I know that there's a risk of malware, so I'm cautious. With iOS - well, I don't have one, but I imagine there are lot of people who think "it *can't* have malware, Apple checks everything!" and therefore completley trust anything in the app store.
The purpose of work like this is to demonstrate that Apple has misled those people; you can't simply trust everything. The only thing worse than an obviously untrustworthy app source is an untrustworthy app source that *appears* to be trustworthy.
So long as iOS apps are developed using a language that allows pointer access, including function pointers, people are going to find and exploit bugs like this. It's actually a really interesting parallel to homebrew development on Windows Phone (yes, I have one, in addition to a few Linux devices - no iOS ones though): you can do native code on WP7, but you have to use COM to access it. Microsoft prohibits ISVs from using the COM import API from C#/VB in marketplace apps, so they can very easily block this kind of thing by just checking for references to a few specific APIs (they also block the use of C# "unsafe" pointers).
Now, I'm not exactly advocating that Apple needs to re-design their entire applicaiton model. However, the fact remains that the way they do it, it's almost impossible to really verify that any given app isn't doing something like this, short of code-reviewing the source of every submission and rejecting any that are too hard to understand (completely impractical). It means they *are* vulnerable to malware, though - even from the "trustworthy" marketplace.
The SOL is 10 years in the case of "Injury to a child, elderly individual, or disabled individual punishable as a felony of the first degree under Section 22.04, Penal Code". That would be within the SOL, but I don't know whether it counts as such a "felony of the first degree".
For "injury to a child, elderly individual, or disabled individual that is not punishable as a felony of the first degree under Section 22.04, Penal Code", the SOL is only 5 years, and this case is too old.
You seem pretty sure (sure enough to run your mouth quite a bit) that this incident is still within the SOL. That implies you think it to be the first case, a felony of the first degree (and also that the page you linked, from 2008, is still valid). You may even be correct. However, the link you posted is not, by itself, sufficient to show that.
I don't know about the Xbox vulnerability per se, but font parsing vulns are nothing new. For an actually pretty recent example, t least one of the iPhone jailbreaks used a very similar exploit to this one (and was embedded in a web page).
That said, I know MS fuzzes the heck out of their font parsers. It's a little tricky since it's in kernel - if something breaks, it's slightly harder to debug and takes more time to go through repro steps, since you're basically intentionally bugchecking ("BSoDing") the box - but it's possible, and they do it. On the other hand, nothing much is guaranteed in fuzzing. You can run a billion iterations without finding anything, and the billion-and-first one finds a arbitrary code execution bug like this. Sucks to be you, especially when some black-hat's fuzzer lucks out and finds that bug on the 30th iteration.
As for the argument that font parsing shoudl be moved out of the kernel, that's arguably true of an awful lot of Win32k.sys. The problem is, that thing is an ancient morass of absolutely critical code. By module, I believe it's responsible for more vulnerabilities than any other portion of Windows since Vista came out. Part of the reason is that a lot of it is so old and crufty, and the risk of regression so high, that it doesn't tend to get re-written or even modified except to fix bugs when they're found or add new features. I strongly suspect that a significant portion of it dates back to NT4, substantially unmodified in all the time since then. From a technical standpoint, Win32k.sys is probably the biggest security in modern Windows, certainly worse than recent versions of IE or Word or IIS. Yet it's so integral to the OS that they can't afford to rip it out and do it over.
He was taling about the last "stable" version, though. Beta 1.8.x (the x are minor bugfixes) was the update that included Abandoned Mineshafts (along with a lot of other cool generated structures).
The bank is never going to pay back all its loans at once. If they did, it would mean an end to interest on all its members' accounts (checking/saving/CD/etc.) However, they will pay back all of the loans they have right now, eventually. And the time frame for that "eventually" will be specified in the loan agreement.
Similarly, the treasury will never pay back all its bonds (in the sense of "there will never be a time when there are no outstanding treasury bonds"). If they did so, then among other things, that would be a blow to the banks mentioned above. However, they will pay back the ones that are outstanding now, and they'll pay back the ones that are issued this year, and they'll pay back the ones they issue in five years. They just won't pay them back at the same time, and the interest rates in five years will probably look very different from what they are today (I hope!).
Not entirely true. Much of Firefox is written in JavaScript (this is , among other things, part of the reason you don't need separate versions of AdBlock Plus for each host OS and architecture). However, that JS runs at higher permissions than webpage content (for obvious reasons). If this PDF reader is also running at those higher permissions, then it is introducing a new parser of untrusted files into the browser.
If it actually runs with the same permissions as any random script on a webpage, then you're correct. It could, too. I wouldn't simply assume that just because it's in JS it isn't a new attack surface, though.
There may be components with a fixed cost per unit, or at least a cost that scales far less than linearly with the output. Such components could easily be too expensive to make such small-scale units reasonable.
Additionally, this is a demo unit. 1MW is far too great an energy output rate to come from a conventional source that size for any reasonable period of time, and that makes it a perfectly valid test platform. Assuming it's not a complete scam, that number was probably chosen for a reason, the factors behind which neither you nor I know.
Also minus the firewall, the fast user switching, the WiFi auto-config, the collapsable system tray, the System Restore feature, and a variety of other useful and user-visible features. I used Win2000 from 2000 to (late) 2003 as my primary OS, and I still have my laptop from back then (and it still has its 2000 install, though it gets little use now). It was a good OS for its day, no doubt about it, and XP wasn't that tremendous of step forward (although for some people, the theme-ability was a big deal). Calling it *better* than XP is just flat-out wrong, though. You may be able to concoct a specific set of needs for which it's superior, but in the general sense it's a ludicous statement.
I've never actually bought from them, but it sounds like you'd be an ideal customer of http://system76.com/ - they provide pre-built Ubuntu Linux computers, including laptops, with good specs. Since they're building the PC and installing the OS, they can test the compatibility of everything. This is a lot better of an experience than you're likely to get with an off-the-shelf laptop + a downloaded Linux ISO.
System76 also provides support, although I have no idea how it compares with AppleCare... but most Linux computers are home-built (or at least home-installed) and any support you can get for them will assume you're using Windows. Linux software support is typically user forums, although commercial distros typically have support staff.
The quality of the software (for things like backup) is something I can't help you with - every distro is different in what it includes, most software can be installed on any distro, and often Linux software isn't so much a cohesive package as it's a set of tools for any task. Running rsync using a cron job is a pretty respectable way to do backup.
I'm not personally a fan of Ubuntu, but it's the most popular home distro, and if you're coming from OS X it should be a relatively easy adjustment. Besides, you can always install a different distro afterward. Unlike on a Mac, the OS is in no way tied to the hardware - most Linux distros can be downloaded for free and installed on any PC (including, incidentally, a Mac).
Phone gaming is a lot of fun, and has a low barrier to entry so it's not going anywhere anytime soon. That's the advantages.
The disadvantages are that it's not well suited to truly social gaming (things Rock Band or even just HALO LAN parties), completely impractical for some still-very-popular game genres (FPS, music simulator games, realistic racing or flight sims, RTS, and probably others). Now, consoles aren't perfect for all those either (RTS on a console is a joke compared to on PC), but they're very good for a few (music games, racing sims, and some would say FPS).
Phones are great for games that require no particular input capability, like Angry Birds. They do very good re-creations of tabletop/board games (Words With Friends). They provide an opportunity for a lot of very cool low-cost indie games. They're portable (although gaming, especially 3D games, will rapidly drain battery life). They're always connected (though the latency of cellular networks means real-time gaming suffers). However, they just don't have the input schemes to replace today's popular console or PC games. The Xperia Play is an attempt to subvert this, and it *might* even succeed, but most phones wouldn't even be able to play the N64's (original) Super Smash Brothers. Hell, most can't comfortably play NES games.
Wait, at what point did the PS3 start "gaining ground every day"? Last I checked (2 months ago), the Xbox 360 had been thoroughly outselling the PS3 almost constantly since the Kinect came out (a year ago, now).
How do you know that there's no pre-existing relationship?
"Sign me up for the free mailing list" does not make me a customer. "Register for free on our site to receive your free trial software" does not make me a customer. Both would be relationships where I might expect mail in this situation. It doens't necessarily mean I would want it, but it doesn't make it "unsolicited commercial e-mail" either.
If you count the various mailing lists I'm subscribed to, I've certainly received far over 500 mails in a day. Mind you, that's in an organization with tens ouf thousands of employees - easily big enough that, if for some reason IT wanted to use Office 365 (we don't; we just use Exchange and host it ourselves), we could spring for the 1500 mail option. Of course, even that might not be enough for some people.
Bear in mind that I don't read anywhere near all that mail - most of it gets filtered automatically, ignored when there are super-long and irrelevant threads, or occasionally deleted on arrival - but I still receive it.
Unless, you know, you're sending emails to your 20-person team. Then suddenly that's only 25 emails per day.
For what it's worth, I've been known to send over 50 emails in a day, and while they probably weren't to an average of ten people each (unless you count distribution list expansions, which I hope they don't), they were certainly to an average of at least four or five recipients. That puts me halfway to the limit, and I'm by no means the most active email user I know.
Sleep uses ridiculously little power. It may be more wasteful to spend the energy going through bootup and shutdown than to leave the computer in Sleep when you aren't using it. The power needed to spin the hard drive for 30 seconds of bootup is probably enough to keep the RAM from losing its data for days.
Except that the hiberfile is compressed (it reserves the max space but doesn't use anywhere close to it most fo the time) and only those portions of your RAM in active usage are actually written/read anyhow. Any of your RAM that isn't mapped into something doesn't need to be preserved.
One of the improvements in Win7 was to use do the compression/decompression of the hibernation data in parallel, using multiple threads to take advantage of everybody having multi-core CPUs.
Oh, and for what it's worth, even rotational hard drives can usually read sequential data at something close to 150-200 MB/sec. Really fast ones and SSDs can push the coundaries of SATA. Note that this is sequential read - there's no seek times and no need to access the filesystem, so the usual "40-50 MB/s" speeds quoted for NTFS volumes aren't relevant.
OK, first off there's a *ton* of Win8 features that aren't Metro-related. The new task manager, for example, is pretty sweet, as is the new file operation progress dialog. The multi-monitor stuff is long-overdue and very nice. Even little things like automatically adjusting the glass color based on the (rotating) desktop background and per-user lock/login background are pretty cool. Then there the integration with Windows Live, doing things like migrating Favorites between computers automatically.
On a more "techie" side, there's things like huge reductions in RAM usage (partially due to page combining, a neat feat in and of itself), big improvements to ASLR, a new "low fragmentation" heap that allocates things in a semi-random pattern that makes Use-after-free vulnerabilities alsmost impossible to exploit, and more. (In case you didn't notice, I mostly follow the security news.) Not a single one of the features I've mentioned so far is Metro-related, and some won't even be seen unless you're *not* in Metro.
Second, the browser thing? The only that I explicitly said could be used in desktop-only mode? Yeah, there's no Metro in my browser. Even if I open a browser window from within a Metro app, it opens on the desktop, in what looks a lot like IE9. I suggest you actually make at leat a basic attempt to verify your claims before posting them to Slashdot. It goes against the groove here, I know, but it really is a good idea. You can also just straight to the old Control Panel, though admittedly that takes a minor trick.
What are you using the Metro interface for? The only part of it I see is the Start menu, for the fraction of a second it takes me to type the first few letters of the program name I want and hit Enter. The rest, especially the browser, is un-needed. Just use the desktop (including desktop browser) like you always have, and the Start menu like you have (or should have) been since Vista - as a search interface, nothing more.
I'll grant you the current version of Metro is crappy with a mouse. Given that there are a lot of people at Microsoft who spend an awful lot of time each day using a mouse, I'm sure they're aware of this too. I suspect that the coming changes, as mentioned by the Microsoft "turfer"s you refer to, are in how the Metro interface is used with Mouse and Keyboard. It's not that Metro is going away, so much as that it'll be changed so that non-touch interfaces feel more natural.
Or at least, I expect it will. MS has made mistakes in the past, but releasing with the current UI interactions would be a big one even for them.
I'm confused - you talk about VCS as though it's something new, unusual, or unexpected. It's the oppoite of those things. For any decent-sized project, and many tiny ones (see Sourceforge/Codeplex/etc.), enlisting in a version control repository is the best way to get the source code, and often the only one (who wants to spend time packaging it up?).
You've obviously already got a branch that builds version 1.3. Instead of tarballing it, why not just allow unauthoried read access to the repo and publish the link? That's what the open-source community generally expects, and it requires no additional work on your part. It also means that people can't truthfully complain, for even a very short period, that the source isn't available. The community is happy, the users are happy (or don't know/care), the developers are happy (less time wasted), you don't wind up with a negative story on the front page of Slashdot...
OK, the last one *might* be beneficial to you guys in the long run. Or it might not. Contrary to silly sayings that people parrot out of context, there is such a thing as bad publicity.
Oh, and was it really only one user who got banned, like your post implies? Or is it true that "Any users who provide links to bugfixes and source for the previous version 1.2 are being banned from the discussion group, and their messages deleted" as stated in the summary? I've been here long enough to know that/. summaries have a habit of being twisted where not factually wrong, but they're also right on occasion, and definitley imply multiple users / posts here.
Hope you don't use that Google account for anything important, like email or Android marketplace or payment or advertising or any such thing.
Using a fake name violates their TOS, and their response when a violator is found has been, thus far, to simply kill the violating Google account. Not the G+ portion of it, the whole account. People have found their phones can't log in after signing up for G+ under a fake name, because an Android phone is tied to a Google account and the account was killed.
Slashdot Mirror
Did or did you not notice that the whole point of what Charlie Miller did was that the sandbox was breached, despite ASLR, and he was able to do it from an app allowed into the walled "solution"?
Please explain how an app store that is unable to detect malware but *claims* to be inherently secure is actually more secure? If anything, I see it as the opposite - it will delude people (like yourself) into thinking it's safe, when it's actually not. Android, by comparison, is acknowledged to have malware - meaning people need to be more cautious about the apps they install.
Unfortunately, there's a barrier in Mango (whether you use the marketplace developer account dev-unlock, which has been available from day 1, or ChevronWP7 Labs which is essentially the same thing from the phone's perspective) that prevents apps from getting high-permission access (specificlaly, prevents opening a handle on a driver, which is the standard way to break out of the low-privilege app sandbox on WP7). To do this, an app needs to specify the "INTEROPSERVICES" capability in its manifest, and by default Mango blocks installing or running non-marketplace apps with this capability. NoDo and below did not - that's how people were able to do file browsers, registry editors, tethering apps, and so forth - but this restriction is part of Mango.
You can still run some homebrew apps, including native code, but only with low permissions. While it's useful to know there's limits on what an app can do, I'd really like to be able to remove those limits on apps I trust. A webserver that demonstrates access to the full socket API, including TCP server sockets (the official API only has client sockets) is cool, but there's a lot more that you could do.
Fortunately, there's a way around this restiction also built into the OS. The process of removing this restriction is called "interop-unlock" by the guys who discovered it, and is possible easily on LG phones (change the MaxUnsignedApp registry value to 300 or more using the built-in registry editor), possible on Samsung phones (instructions and app here: http://forum.xda-developers.com/showthread.php?t=1271963), and difficult if possible at all on HTC phones (requires rolling back to pre-Mango, which isn't possible on new devices). No solution at all for Dell, Toshiba, or Nokia yet.
WP7 isn't really targeted at the government; it's missing a lot of certifications for things like that which Windows Mobile had and Blackberry has. It's intended for the mass-market, and this works well for that.
However, if they wanted to create a modified ROM that didn't allow installing unsigned applications, that would be quite easy indeed. The "am I unlocked?" setting is just a registry value. It's probably only checked a few places in the code. Modify those checks so they always return "false" or modify the app-installer so that it only ever allows app packages with the marketplace signature, and you'd be fine.
Except, it gives a false sense of security. With Android (or PC) apps, I know that there's a risk of malware, so I'm cautious. With iOS - well, I don't have one, but I imagine there are lot of people who think "it *can't* have malware, Apple checks everything!" and therefore completley trust anything in the app store.
The purpose of work like this is to demonstrate that Apple has misled those people; you can't simply trust everything. The only thing worse than an obviously untrustworthy app source is an untrustworthy app source that *appears* to be trustworthy.
So long as iOS apps are developed using a language that allows pointer access, including function pointers, people are going to find and exploit bugs like this. It's actually a really interesting parallel to homebrew development on Windows Phone (yes, I have one, in addition to a few Linux devices - no iOS ones though): you can do native code on WP7, but you have to use COM to access it. Microsoft prohibits ISVs from using the COM import API from C#/VB in marketplace apps, so they can very easily block this kind of thing by just checking for references to a few specific APIs (they also block the use of C# "unsafe" pointers).
Now, I'm not exactly advocating that Apple needs to re-design their entire applicaiton model. However, the fact remains that the way they do it, it's almost impossible to really verify that any given app isn't doing something like this, short of code-reviewing the source of every submission and rejecting any that are too hard to understand (completely impractical). It means they *are* vulnerable to malware, though - even from the "trustworthy" marketplace.
From your link:
The SOL is 10 years in the case of "Injury to a child, elderly individual, or disabled individual punishable as a felony of the first degree under Section 22.04, Penal Code". That would be within the SOL, but I don't know whether it counts as such a "felony of the first degree".
For "injury to a child, elderly individual, or disabled individual that is not punishable as a felony of the first degree under Section 22.04, Penal Code", the SOL is only 5 years, and this case is too old.
You seem pretty sure (sure enough to run your mouth quite a bit) that this incident is still within the SOL. That implies you think it to be the first case, a felony of the first degree (and also that the page you linked, from 2008, is still valid). You may even be correct. However, the link you posted is not, by itself, sufficient to show that.
I don't know about the Xbox vulnerability per se, but font parsing vulns are nothing new. For an actually pretty recent example, t least one of the iPhone jailbreaks used a very similar exploit to this one (and was embedded in a web page).
That said, I know MS fuzzes the heck out of their font parsers. It's a little tricky since it's in kernel - if something breaks, it's slightly harder to debug and takes more time to go through repro steps, since you're basically intentionally bugchecking ("BSoDing") the box - but it's possible, and they do it. On the other hand, nothing much is guaranteed in fuzzing. You can run a billion iterations without finding anything, and the billion-and-first one finds a arbitrary code execution bug like this. Sucks to be you, especially when some black-hat's fuzzer lucks out and finds that bug on the 30th iteration.
As for the argument that font parsing shoudl be moved out of the kernel, that's arguably true of an awful lot of Win32k.sys. The problem is, that thing is an ancient morass of absolutely critical code. By module, I believe it's responsible for more vulnerabilities than any other portion of Windows since Vista came out. Part of the reason is that a lot of it is so old and crufty, and the risk of regression so high, that it doesn't tend to get re-written or even modified except to fix bugs when they're found or add new features. I strongly suspect that a significant portion of it dates back to NT4, substantially unmodified in all the time since then. From a technical standpoint, Win32k.sys is probably the biggest security in modern Windows, certainly worse than recent versions of IE or Word or IIS. Yet it's so integral to the OS that they can't afford to rip it out and do it over.
He was taling about the last "stable" version, though. Beta 1.8.x (the x are minor bugfixes) was the update that included Abandoned Mineshafts (along with a lot of other cool generated structures).
Really? Think about this for a moment:
The bank is never going to pay back all its loans at once. If they did, it would mean an end to interest on all its members' accounts (checking/saving/CD/etc.)
However, they will pay back all of the loans they have right now, eventually. And the time frame for that "eventually" will be specified in the loan agreement.
Similarly, the treasury will never pay back all its bonds (in the sense of "there will never be a time when there are no outstanding treasury bonds"). If they did so, then among other things, that would be a blow to the banks mentioned above. However, they will pay back the ones that are outstanding now, and they'll pay back the ones that are issued this year, and they'll pay back the ones they issue in five years. They just won't pay them back at the same time, and the interest rates in five years will probably look very different from what they are today (I hope!).
Not entirely true. Much of Firefox is written in JavaScript (this is , among other things, part of the reason you don't need separate versions of AdBlock Plus for each host OS and architecture). However, that JS runs at higher permissions than webpage content (for obvious reasons). If this PDF reader is also running at those higher permissions, then it is introducing a new parser of untrusted files into the browser.
If it actually runs with the same permissions as any random script on a webpage, then you're correct. It could, too. I wouldn't simply assume that just because it's in JS it isn't a new attack surface, though.
There may be components with a fixed cost per unit, or at least a cost that scales far less than linearly with the output. Such components could easily be too expensive to make such small-scale units reasonable.
Additionally, this is a demo unit. 1MW is far too great an energy output rate to come from a conventional source that size for any reasonable period of time, and that makes it a perfectly valid test platform. Assuming it's not a complete scam, that number was probably chosen for a reason, the factors behind which neither you nor I know.
LOL obvious troll is obvious. Been watching too much Swordfish? Firewalls aren't GUIs...
Also minus the firewall, the fast user switching, the WiFi auto-config, the collapsable system tray, the System Restore feature, and a variety of other useful and user-visible features. I used Win2000 from 2000 to (late) 2003 as my primary OS, and I still have my laptop from back then (and it still has its 2000 install, though it gets little use now). It was a good OS for its day, no doubt about it, and XP wasn't that tremendous of step forward (although for some people, the theme-ability was a big deal). Calling it *better* than XP is just flat-out wrong, though. You may be able to concoct a specific set of needs for which it's superior, but in the general sense it's a ludicous statement.
I've never actually bought from them, but it sounds like you'd be an ideal customer of http://system76.com/ - they provide pre-built Ubuntu Linux computers, including laptops, with good specs. Since they're building the PC and installing the OS, they can test the compatibility of everything. This is a lot better of an experience than you're likely to get with an off-the-shelf laptop + a downloaded Linux ISO.
System76 also provides support, although I have no idea how it compares with AppleCare... but most Linux computers are home-built (or at least home-installed) and any support you can get for them will assume you're using Windows. Linux software support is typically user forums, although commercial distros typically have support staff.
The quality of the software (for things like backup) is something I can't help you with - every distro is different in what it includes, most software can be installed on any distro, and often Linux software isn't so much a cohesive package as it's a set of tools for any task. Running rsync using a cron job is a pretty respectable way to do backup.
I'm not personally a fan of Ubuntu, but it's the most popular home distro, and if you're coming from OS X it should be a relatively easy adjustment. Besides, you can always install a different distro afterward. Unlike on a Mac, the OS is in no way tied to the hardware - most Linux distros can be downloaded for free and installed on any PC (including, incidentally, a Mac).
Phone gaming is a lot of fun, and has a low barrier to entry so it's not going anywhere anytime soon. That's the advantages.
The disadvantages are that it's not well suited to truly social gaming (things Rock Band or even just HALO LAN parties), completely impractical for some still-very-popular game genres (FPS, music simulator games, realistic racing or flight sims, RTS, and probably others). Now, consoles aren't perfect for all those either (RTS on a console is a joke compared to on PC), but they're very good for a few (music games, racing sims, and some would say FPS).
Phones are great for games that require no particular input capability, like Angry Birds. They do very good re-creations of tabletop/board games (Words With Friends). They provide an opportunity for a lot of very cool low-cost indie games. They're portable (although gaming, especially 3D games, will rapidly drain battery life). They're always connected (though the latency of cellular networks means real-time gaming suffers). However, they just don't have the input schemes to replace today's popular console or PC games. The Xperia Play is an attempt to subvert this, and it *might* even succeed, but most phones wouldn't even be able to play the N64's (original) Super Smash Brothers. Hell, most can't comfortably play NES games.
Wait, at what point did the PS3 start "gaining ground every day"? Last I checked (2 months ago), the Xbox 360 had been thoroughly outselling the PS3 almost constantly since the Kinect came out (a year ago, now).
How do you know that there's no pre-existing relationship?
"Sign me up for the free mailing list" does not make me a customer. "Register for free on our site to receive your free trial software" does not make me a customer. Both would be relationships where I might expect mail in this situation. It doens't necessarily mean I would want it, but it doesn't make it "unsolicited commercial e-mail" either.
If you count the various mailing lists I'm subscribed to, I've certainly received far over 500 mails in a day. Mind you, that's in an organization with tens ouf thousands of employees - easily big enough that, if for some reason IT wanted to use Office 365 (we don't; we just use Exchange and host it ourselves), we could spring for the 1500 mail option. Of course, even that might not be enough for some people.
Bear in mind that I don't read anywhere near all that mail - most of it gets filtered automatically, ignored when there are super-long and irrelevant threads, or occasionally deleted on arrival - but I still receive it.
Unless, you know, you're sending emails to your 20-person team. Then suddenly that's only 25 emails per day.
For what it's worth, I've been known to send over 50 emails in a day, and while they probably weren't to an average of ten people each (unless you count distribution list expansions, which I hope they don't), they were certainly to an average of at least four or five recipients. That puts me halfway to the limit, and I'm by no means the most active email user I know.
Sleep uses ridiculously little power. It may be more wasteful to spend the energy going through bootup and shutdown than to leave the computer in Sleep when you aren't using it. The power needed to spin the hard drive for 30 seconds of bootup is probably enough to keep the RAM from losing its data for days.
Except that the hiberfile is compressed (it reserves the max space but doesn't use anywhere close to it most fo the time) and only those portions of your RAM in active usage are actually written/read anyhow. Any of your RAM that isn't mapped into something doesn't need to be preserved.
One of the improvements in Win7 was to use do the compression/decompression of the hibernation data in parallel, using multiple threads to take advantage of everybody having multi-core CPUs.
Oh, and for what it's worth, even rotational hard drives can usually read sequential data at something close to 150-200 MB/sec. Really fast ones and SSDs can push the coundaries of SATA. Note that this is sequential read - there's no seek times and no need to access the filesystem, so the usual "40-50 MB/s" speeds quoted for NTFS volumes aren't relevant.
Wow, did you even read my post?
OK, first off there's a *ton* of Win8 features that aren't Metro-related. The new task manager, for example, is pretty sweet, as is the new file operation progress dialog. The multi-monitor stuff is long-overdue and very nice. Even little things like automatically adjusting the glass color based on the (rotating) desktop background and per-user lock/login background are pretty cool. Then there the integration with Windows Live, doing things like migrating Favorites between computers automatically.
On a more "techie" side, there's things like huge reductions in RAM usage (partially due to page combining, a neat feat in and of itself), big improvements to ASLR, a new "low fragmentation" heap that allocates things in a semi-random pattern that makes Use-after-free vulnerabilities alsmost impossible to exploit, and more. (In case you didn't notice, I mostly follow the security news.) Not a single one of the features I've mentioned so far is Metro-related, and some won't even be seen unless you're *not* in Metro.
Second, the browser thing? The only that I explicitly said could be used in desktop-only mode? Yeah, there's no Metro in my browser. Even if I open a browser window from within a Metro app, it opens on the desktop, in what looks a lot like IE9. I suggest you actually make at leat a basic attempt to verify your claims before posting them to Slashdot. It goes against the groove here, I know, but it really is a good idea. You can also just straight to the old Control Panel, though admittedly that takes a minor trick.
What are you using the Metro interface for? The only part of it I see is the Start menu, for the fraction of a second it takes me to type the first few letters of the program name I want and hit Enter. The rest, especially the browser, is un-needed. Just use the desktop (including desktop browser) like you always have, and the Start menu like you have (or should have) been since Vista - as a search interface, nothing more.
I'll grant you the current version of Metro is crappy with a mouse. Given that there are a lot of people at Microsoft who spend an awful lot of time each day using a mouse, I'm sure they're aware of this too. I suspect that the coming changes, as mentioned by the Microsoft "turfer"s you refer to, are in how the Metro interface is used with Mouse and Keyboard. It's not that Metro is going away, so much as that it'll be changed so that non-touch interfaces feel more natural.
Or at least, I expect it will. MS has made mistakes in the past, but releasing with the current UI interactions would be a big one even for them.
I'm confused - you talk about VCS as though it's something new, unusual, or unexpected. It's the oppoite of those things. For any decent-sized project, and many tiny ones (see Sourceforge/Codeplex/etc.), enlisting in a version control repository is the best way to get the source code, and often the only one (who wants to spend time packaging it up?).
You've obviously already got a branch that builds version 1.3. Instead of tarballing it, why not just allow unauthoried read access to the repo and publish the link? That's what the open-source community generally expects, and it requires no additional work on your part. It also means that people can't truthfully complain, for even a very short period, that the source isn't available. The community is happy, the users are happy (or don't know/care), the developers are happy (less time wasted), you don't wind up with a negative story on the front page of Slashdot...
OK, the last one *might* be beneficial to you guys in the long run. Or it might not. Contrary to silly sayings that people parrot out of context, there is such a thing as bad publicity.
Oh, and was it really only one user who got banned, like your post implies? Or is it true that "Any users who provide links to bugfixes and source for the previous version 1.2 are being banned from the discussion group, and their messages deleted" as stated in the summary? I've been here long enough to know that /. summaries have a habit of being twisted where not factually wrong, but they're also right on occasion, and definitley imply multiple users / posts here.
Hope you don't use that Google account for anything important, like email or Android marketplace or payment or advertising or any such thing.
Using a fake name violates their TOS, and their response when a violator is found has been, thus far, to simply kill the violating Google account. Not the G+ portion of it, the whole account. People have found their phones can't log in after signing up for G+ under a fake name, because an Android phone is tied to a Google account and the account was killed.
Good luck, I guess...