Today, offcourse, the MiB exists and there's basically no excuse for not using it.
Fine with me. But then I demand a strictly enforced law, which forbids the usage of kB, MB, etc for computer storage. Since their usage has nothing to do with foul marketing tricks, but only with ease of use for customers, I suppose this is ok for everybody?
Yeah, fortunately a byte is 8 bit and not 12. Else marketing would have f****d up that too and told us that a byte has 10 bits since nowadays humans are used to calculate on the basis of 10. And the same nitwits, which agree to the kilo/kibi nonsense would applaud that, too.
I don't think you have to worry about this. Of course this blood surrogate will only be used when it is absolutely necessary, e.g.. to replace a large blood loss when no fitting natural supply is available. What else can it be good for? It might provide the tissue with oxygen, but one thing it surely cannot do: Clot.
(yes, I know my example isnt really syntactically correct, but I think we all see the point here)
And now please compare this with with a system where Grandma has half a dozen more options to select from.
Btw. if Grandma uses KDE it can be done in a nice gui.
You make still the same mistake the inventors of many important internet protocols made: You believe in the good in humanity. If you cannot ensure technically that your idea is not abused, or you cannot really hurt someone who abuses it, it is worthless.
You mean when YOU talk about the shortcomings of UAC. 'We' in this thread, were talking talking ACLS vs UNIX permissions in regards to the file system, and not any specifics of home vs power user.
The article is about UAC. UAC makes only sense for home users. If what you say is correct, the whole thread is offtopic.
But apart from that, whenever there is discussion is about unix/windoze file systems some "expert" comes up with the oh so great windoze ACLs, which make the windoze system so superior. Up to now nobody what able explain to me how a more complicated system, which most people not even need, make a system more secure or better.
right, so a fancy display mechanism for sudo, hard to spoof, and extra monitoring to pick up on suspicious behaviour is somehow bad because Microsoft did it?
Maybe noone else but M$ did it because everyone else knew it is nonsense to do?
I return the troll back to you. I simply don't care for whom something is easier or more difficult. I care for results. And it seems when it comes to security the results for the oh so more flexible Windoze ACLs are not so good compared with the ancient unix ugo system.
Btw. when we talk here about the shortcomings of the UAC we talk here about home users, because in environments where ACLs are necessary (or beneficial) you usually find more or less educated administrators. For the normal home user ugo is easy to understand, totally sufficient and for developers it is very easy to take into account.
Actually I don't think UAC is about security at all. It is just about marketing. You simply cannot make a system secure for a home user. On the one hand you have very well IT savvy criminals with lots of resources, bot nets are about business, on the other hand you have you have a security callous and IT uneducated home user. So something like UAC is security wise nothing more than a smoke grenade. I never created a trojan, but if I wanted to, I am sure I could find a dozen ways to make sure the average Joe Sixpack clicks and enters his credentials wherever I want. So if M$ is lying about security with some flashy feature, this would be ok with me. But they should make sure that it is not annoying.
Btw. I really hate M$, but I never blame them for exploits, which require user interaction. To be secure against uneducated users with a root/admin password you'd need an AI, which is even more intelligent than the malware developer.
Fortunately there are enough other reasons to hate M$.
Microsoft Says Other OSes Should Imitate UAC.
It is junk, user hate it and we were not able to come up with something better. But if the honored competition please would follow our lead and implement the same crap, we then would not look so bad anymore. Thank you.:-)
That's how I tried to explained the internet to my mother. Each Computer has a telephone number (= IP number), which can be used by computers to call one or more other computers (single call, conference call). WWW is just a way how they talk to one another, when they are connected. Surely not more correct than the series of tubes, but it was good enough for her.
You realize that the two terms are not mutually exclusive. The passage of time in a single continuity can change "initially harmless" to "initially believed to be harmless".
In this case I did not express myself correctly. With 'initially' I meant at all the time before the first crisis, i.e. the Byrne run. In that time Kryptonite was totally harmless for humans. The time before the first crisis was a simpler, more childlike time. It was important that Kryptonite was harmless for anyone but Kryptonians. It simply fit in the more prevalent black and white patterns of that time that something, which could kill the almost godlike Superman did nothing at all to normal humans. I remember a story where a young Lex Luthor made himself a Kryptonite ray emitter by some potion.
In the years after the first crisis Kryptonite was radioactive. Not very strong, but enough to poison humans, which were exposed to the rays for a longer time. More realistic and part of the more dark and gritty era. I think I remember two occasions where it was said that the Kryptonite radiation was strong enough to kill even a human instantly. Pre-crisis this would have been unthinkable.
Lately the rules changed again. It seems that Blue, Gold, and Red* Kryptonite is back. It is still open, what it does to humans now.
*There were singular after-crisis stories with Red Kryptonite, but those where exceptions. Red K. did not really existed the in the last years continuity. Now it looks like it the same unpredictable pre-crisis Red K. is back.
But in the comics, long-term exposure can result in a painful death.
Statements like that does not make much sense when you don't add the version of the continuity you speak of. Kryptonite was initially harmless for normal humans. In a later continuity long-term exposure caused cancer. What it does now, after the second crisis to humans... Noone knows yet.
Whenever I hear positive talk about web apps, it's mostly developers who say how easy they are to deploy. Or managers and admins tend to like the idea because they seem to make their lives in one or the other aspect easier. But whenever actual users talk about web apps, I have the feeling it is mostly negative. With web apps it seems a bit to be like with Java. I know a few developers who love to develop with Java and its tools, but actually hate to run and use Java apps themselves.
Many desktop application get strong support because people also run then privately at home. If the average user really hates web apps, he won't run them at home. Therefore he won't get a very good working knowledge of them, with the result that he will only use them only reluctantly at work. This surely won't help productivity. So it is to see whether the user or the admin faction is winning.
Nobody wants to use web-apps. There is only one reason why this abomination is artificially hyped again and again: Open Source.
No, really, you cannot sell standard software very good anymore. It gets more and more ridiculous to spend hundreds of bucks on something like Word, Excel, or even Photoshop if you can get similar programs for free. Even if you say that those replacements are not as good as the original, which I doubt, they are getting better and better. So what do you do if you are a mega-corp, which made most of its money from standard software?
You are starting your marketing machinery to tell the people that they need something you can provide, your open source competition cannot. Web based apps sound fine, for the provider. They need a big and expensive infrastructure of servers, which hardly can be provided even by large open source projects. They are the wet dream of every marketing person, being able to charge per use. Being able to get detailed using statistics and spamming you with ads. For the more criminal (more usual?) ones, I would take it as given, that they snoop through your content if this is technically feasible. Web based apps are technically inferior? Nothing a good marketing can fix....or perhaps it cannot. People are stupid, but it seems that they are not that stupid.
So, tell me one, just one advantage of web based apps, for the average user. Desktops apps are out? Yeah, right, and nobody needs more than 640K ever.
In that case I really envy you. Of course, my initial post was very much black and white. If you really can trust your project manager, and you really know the rules, then you also know when you can bend them.
However, he majority of project managers is incompetent. 90% of those I know got their position because they were loud mouthed, brown nosing morons, which where unable to write reliable code or perform well with whatever job the initially had. One department is really glad to get rid of them, the other does not know, what they can expect and the moron gets promoted.
But even if you have one of the 10%, be careful. You never know, when he finds something better paid and leaves. His successor might not know or want not to know, what was only an agreed on quick hack/compromise and therefore was expected to be a bit brittle or that there was such an agreement at all.
it didn't sound like copy-paste to me. The first bug( found Dec 2004 ) was a failure to validate one of the parameters of an Animated Mouse function and the invalid value of "0" could be exploited. What I read in the recent story is that the current bug is due to another parameter of the same function going unchecked and/or accepting invalid data.
How many parameters does this function have? That's to say how many bugs we can expect in this one function in the future?
That was the point: no developer can really claim X is ALWAYS the right/wrong decision. . . .
There is no such certainty in real world software engineering.
I don't think I misunderstood you. But I think I made it not clear enough that I disagree. If you are a developer with no managerial functions, there is one decision, which is as close a ALWAYS right as a decision can come: Design as clean as you can. No shortcuts ever. If you think your code needs a refactoring, do it. If it means missing a schedule, so be it. The explanation is simple. If you miss a time frame, it is your fault AND the fault of your project leader. If you take a shortcut and your code superficially works, you just did your job, and your project leader gets a mention for his good work. When then the same code month later breaks or turns out buggy or inadequate, nobody remembers what you said before, what you wanted or deemed necessary. You suddenly are alone the one who has to take the blame, your reputation gets damaged.
Every choice, both 'shortcuts' and 'optimal' solutions, have risks associated with them that can bite you sooner or later, and ignoring the risks of the latter can be as dangerous as ignoring the risks of the former. Evaluating such trade-offs is the substance of engineering after all, software or otherwise.
This depends very much on your position in the developer hierarchy. I don't know anything about the hierarchies in the M$ development teams. In larger software companies the general design is usually done by a senior software engineer, the actual implementation details are handled by some low level coders. The.ani problem smells much like sloppy implementation by some junior.
So if I may summarise my statement: If you are a developer and don't get the time and resources to do a good job, you are f****d, if you think you help your company by rushing work, using shortcuts, accept half baked compromises, you are doubly f****d.
Slashdot Mirror
Yeah, fortunately a byte is 8 bit and not 12. Else marketing would have f****d up that too and told us that a byte has 10 bits since nowadays humans are used to calculate on the basis of 10. And the same nitwits, which agree to the kilo/kibi nonsense would applaud that, too.
I don't think you have to worry about this. Of course this blood surrogate will only be used when it is absolutely necessary, e.g.. to replace a large blood loss when no fitting natural supply is available. What else can it be good for? It might provide the tissue with oxygen, but one thing it surely cannot do: Clot.
Why do you include drug use? Rape harms others. Speeding might kill others. Drug use? If you want to kill yourself, no problem for me.
You make still the same mistake the inventors of many important internet protocols made: You believe in the good in humanity. If you cannot ensure technically that your idea is not abused, or you cannot really hurt someone who abuses it, it is worthless.
I return the troll back to you. I simply don't care for whom something is easier or more difficult. I care for results. And it seems when it comes to security the results for the oh so more flexible Windoze ACLs are not so good compared with the ancient unix ugo system.
Btw. when we talk here about the shortcomings of the UAC we talk here about home users, because in environments where ACLs are necessary (or beneficial) you usually find more or less educated administrators. For the normal home user ugo is easy to understand, totally sufficient and for developers it is very easy to take into account.
But this is something M$ will never ever understand:
http://en.wikipedia.org/wiki/KISS_principle
Actually I don't think UAC is about security at all. It is just about marketing. You simply cannot make a system secure for a home user. On the one hand you have very well IT savvy criminals with lots of resources, bot nets are about business, on the other hand you have you have a security callous and IT uneducated home user. So something like UAC is security wise nothing more than a smoke grenade. I never created a trojan, but if I wanted to, I am sure I could find a dozen ways to make sure the average Joe Sixpack clicks and enters his credentials wherever I want. So if M$ is lying about security with some flashy feature, this would be ok with me. But they should make sure that it is not annoying.
Btw. I really hate M$, but I never blame them for exploits, which require user interaction. To be secure against uneducated users with a root/admin password you'd need an AI, which is even more intelligent than the malware developer.
Fortunately there are enough other reasons to hate M$.
If it is so much easier I wonder why so many developers get it wrong.
Microsoft Says Other OSes Should Imitate UAC. It is junk, user hate it and we were not able to come up with something better. But if the honored competition please would follow our lead and implement the same crap, we then would not look so bad anymore. Thank you. :-)
That's how I tried to explained the internet to my mother. Each Computer has a telephone number (= IP number), which can be used by computers to call one or more other computers (single call, conference call). WWW is just a way how they talk to one another, when they are connected. Surely not more correct than the series of tubes, but it was good enough for her.
I try to ignore this continuity as far as possible. ;-)
In the years after the first crisis Kryptonite was radioactive. Not very strong, but enough to poison humans, which were exposed to the rays for a longer time. More realistic and part of the more dark and gritty era. I think I remember two occasions where it was said that the Kryptonite radiation was strong enough to kill even a human instantly. Pre-crisis this would have been unthinkable.
Lately the rules changed again. It seems that Blue, Gold, and Red* Kryptonite is back. It is still open, what it does to humans now.
*There were singular after-crisis stories with Red Kryptonite, but those where exceptions. Red K. did not really existed the in the last years continuity. Now it looks like it the same unpredictable pre-crisis Red K. is back.
Whenever I hear positive talk about web apps, it's mostly developers who say how easy they are to deploy. Or managers and admins tend to like the idea because they seem to make their lives in one or the other aspect easier. But whenever actual users talk about web apps, I have the feeling it is mostly negative. With web apps it seems a bit to be like with Java. I know a few developers who love to develop with Java and its tools, but actually hate to run and use Java apps themselves.
Many desktop application get strong support because people also run then privately at home. If the average user really hates web apps, he won't run them at home. Therefore he won't get a very good working knowledge of them, with the result that he will only use them only reluctantly at work. This surely won't help productivity. So it is to see whether the user or the admin faction is winning.
Nobody wants to use web-apps. There is only one reason why this abomination is artificially hyped again and again: Open Source.
No, really, you cannot sell standard software very good anymore. It gets more and more ridiculous to spend hundreds of bucks on something like Word, Excel, or even Photoshop if you can get similar programs for free. Even if you say that those replacements are not as good as the original, which I doubt, they are getting better and better. So what do you do if you are a mega-corp, which made most of its money from standard software?
You are starting your marketing machinery to tell the people that they need something you can provide, your open source competition cannot. Web based apps sound fine, for the provider. They need a big and expensive infrastructure of servers, which hardly can be provided even by large open source projects. They are the wet dream of every marketing person, being able to charge per use. Being able to get detailed using statistics and spamming you with ads. For the more criminal (more usual?) ones, I would take it as given, that they snoop through your content if this is technically feasible. Web based apps are technically inferior? Nothing a good marketing can fix....or perhaps it cannot. People are stupid, but it seems that they are not that stupid.
So, tell me one, just one advantage of web based apps, for the average user. Desktops apps are out? Yeah, right, and nobody needs more than 640K ever.
This is simple: Might makes right.
In that case I really envy you. Of course, my initial post was very much black and white. If you really can trust your project manager, and you really know the rules, then you also know when you can bend them.
However, he majority of project managers is incompetent. 90% of those I know got their position because they were loud mouthed, brown nosing morons, which where unable to write reliable code or perform well with whatever job the initially had. One department is really glad to get rid of them, the other does not know, what they can expect and the moron gets promoted.
But even if you have one of the 10%, be careful. You never know, when he finds something better paid and leaves. His successor might not know or want not to know, what was only an agreed on quick hack/compromise and therefore was expected to be a bit brittle or that there was such an agreement at all.
This depends very much on your position in the developer hierarchy. I don't know anything about the hierarchies in the M$ development teams. In larger software companies the general design is usually done by a senior software engineer, the actual implementation details are handled by some low level coders. The
So if I may summarise my statement: If you are a developer and don't get the time and resources to do a good job, you are f****d, if you think you help your company by rushing work, using shortcuts, accept half baked compromises, you are doubly f****d.