Gadgets were always horrid and tacky. Did anyone really use them?
Disable Gadgets NOW says Redmond
Microsoft has advised Vista and Windows 7 users to put Gadgets and the Windows Sidebar to the sword, following the revelation of yet-to-be-detailed remote code execution vulnerabilities in the features. Redmond issued this advisory ahead of an upcoming Black Hat presentation by Mickey Shkatov and Toby Kohlenberg. The two have …
-
-
-
-
Thursday 12th July 2012 20:24 GMT Mephistro
Re: I do
"who have to cope with talking to people over multiple timezones with a better solution than my 5 desktop clocks?"
Yeah! Compile a list of the time differences in all those locations relative to your base. Something like this:
" Geneva +2, Madrid +1, Tuvalu -17,..."
Then you can put it in a post-it note in your gadgets and... Oh wait!
-
Thursday 12th July 2012 01:21 GMT stucs201
I actually prefered them in vista to win 7
To me the vista sidebar made some sense, a place to dock small accessory programs with the maximise behaviour of other programs tweaked to ensure that both your main program and gadgets stay un-obscured and usable.
Getting rid of the sidebar in win 7 made gadget behaviour not really any different to things like the clock which was provided in windows 3.0.
(I realise its unusual to say nice things about vista, but don't worry I can't think of any others).
-
Thursday 12th July 2012 09:18 GMT Blitterbug
Re: I actually prefered them in vista to win 7
You aren't alone in finding nothing really wrong with Vista (assuming SP2) but the gadget bar did cause probs. I like to bung my recycle bin @ bottom right of the screen in Win7. Can't do that in Vista. Actually you can kind of position it there (at least, I've managed it) but then you can't right-click to empty! Awesome foolishness or what.
-
-
Thursday 12th July 2012 07:18 GMT Anonymous Coward
I don't
but guess I don't need to have a clock, what with having on in the bottom right hand corner (as well as on my desk phone, and my mobile phones), no need for a cpu one, (using up the cpu) I know when my machines running slow; for weather, I look out the window .
As for side bar, always found rocketdock to be more stable and more useful.
-
-
Thursday 12th July 2012 08:19 GMT Timmay
Re: I don't now..
@ Piro - exactly, back when an extra 5MHz on your processor was a decent wedge of an increase, or eeking out an extra 20MB of memory was the difference between something running and not, I might have cared. Nowadays we have such a glut of compute power, so who really cares, other than when something is going wrong?!
-
Thursday 12th July 2012 20:18 GMT Mephistro
Re: I don't now.. (@ Timmay)
"Nowadays we have such a glut of compute power, so who really cares, other than when something is going wrong?!"
Sorry to disagree. There are a good many programs that have serious trouble handling shortages of CPU or RAM, causing either BSODs or program failures. Nevertheless, you point of view seems to have been prevalent among developers, who seldom bother to optimize their code*. The result is that doing lots of common tasks-e.g. word processing, compiling executables, searching for files- with your flashy new computer takes just as long as it did twenty years ago.
*:I know it's just economy. Optimizing code costs time and money, and companies using too much of those in optimizing their code will probably make less money and be less competitive, and probably disappear. This sounds as a good argument for OSS.
-
-
-
Thursday 12th July 2012 11:00 GMT Anonymous Coward
@AC
The gadgets are even quite well programmed.
I keep a weather & picture gadget on my desktop, even though I don't use a wide screen monitor. I'm especially impressed with the picture gadget because it doesn't only use what's on my PC; it can access my network storages as well.
As such it /truly/ shows me snapshots of /all/ my favourite pictures.
I'm not going to give up on this. And just learning that this will be stripped from Win8 as well (the previews still had this) is yet /another/ reason for me to completely ignore it.
-
Thursday 12th July 2012 13:43 GMT Richard Bragg
GPU gadget really useful
When my PC started to misbehave playing a game then suddenly the screen going blank and 3 little beeps on restart. Googling suggested GPU overheat. Install nice little gadget. Start game play, then switch out to desktop and there is temperature of GPU climbing far too high. Quick clean on fans on graphics card and retry and GPU temperature stays OK whatever I stress it with.
Maybe there are other tools but this was nice a small and just sat there doing what I needed.
-
-
-
-
Thursday 12th July 2012 07:45 GMT AndrueC
Re: Been there, done that (long time ago)
..General:Enable accelerator underlining, minimum keyboard repeat delay, increase speed of key repeat. Turn off bitmap on work machines to free up RAM. Turn off fancy graphical desktop effects on virtual machines. Turn off Clear Type. Disable powersaving/screen savers on Virtual Machines.
..Explorer:One click opening, display full path in title, one thread per window, don't hide extensions of known file types.
..Servers:Nuke IESec. Disable shtudown prompts.
..Domain controllers:Nuke password requirements (I only ever set up test domains so security is not a problem).
I swear that with every new version of Windows there's more and more shit that has to be disabled or tweaked every time I create a new machine. Due to testing requirements that happens quite a lot :(
-
-
-
Thursday 12th July 2012 00:20 GMT Anonymous Coward
My spin goes up to 11
The MS "Gadget Gallery" page goes beyond coyly suggesting that gadgets from "untrusted sources" are problematic. They've vaped all of the official ones too - but it's ok, it's because...
Because we want to focus on the exciting possibilities of the newest version of Windows, the Windows website no longer hosts the gadget gallery.
You can now use your HTML5, CSS3, and JavaScript skills to build Metro style apps for Windows 8 Release Preview. To get started developing Metro style apps, go to Windows Dev Center.
So either they're blythely lying about the threat perimeter or they're so desperate for Win8 migration that they've killed a (admittedly crappy, but that doesn't distinguish it much from Metro) feature of the current commercial release.
-
Thursday 12th July 2012 01:25 GMT stucs201
Re: My spin goes up to 11
I too am suspicious that they're just trying to kill off gadgets.
Its a shame really, I think they missed an oportunity. When I first heard Windows 8 was going to have closer ties to Windows Phone I hoped for something rather different than what we've got: I thought they might have implemented a way to run a phone application as a gadget on a desktop/laptop (possibly with recompilation).
-
Thursday 12th July 2012 07:56 GMT Dan 55
Re: My spin goes up to 11
Gadgets are the new Active Desktop. I love Microsoft technology that's here just for one or two releases then suddenly disappears. It really makes users feel like they're using a stable platform and developers willing to invest in it.
(Is there a sarcasm icon somewhere?)
-
-
-
Thursday 12th July 2012 11:08 GMT Anonymous Coward
@Mongo
Would make perfect sense...
Scare the public out of using Gadgets from 3rd parties (the only way you can get these now) and then get them all onto the metro bandwagon (where "gadgeteers" can only distribute their gadgets when coughing up some big bucks to MS to be included with their metro marketplace).
-
Thursday 12th July 2012 11:42 GMT Chika
Re: My spin goes up to 11
"So either they're blythely lying about the threat perimeter or they're so desperate for Win8 migration that they've killed a (admittedly crappy, but that doesn't distinguish it much from Metro) feature of the current commercial release."
I think you have nailed it there. Chances are that, if there really is a "security flaw" in gadgets, they don't want to spend the time needed to correct the problem and, even if there isn't a flaw, they are all too keen to push us all onto the blatant crap that is Metro.
In other words, and as I've mentioned before, Microsoft are done with giving us choices and just want to net-nanny us, all for "the greater good."
...the greater good, the greater good, the greater good, the greater good, the greater good, etc...
-
-
-
Thursday 12th July 2012 17:08 GMT Fatman
Re: New fangled Microsoft strategy...
"Remove our software, it's so buggy we don't know how to fix it."
You know, I followed that strategy a few years ago when I scraped WindBlowZE eXtremely Pathetic from the hard drive of a H^HDell Optiplex.
In its place went Ubuntu, and I never looked back.
Recently, I picked up an Acer with WindblowZE 7 on it; physically removed that hard drive, and placed in in a biohazard bag. I went out an got a 2 TB drive, and Ubuntu 12.04, along with a test install of 12.10 have so much room to play!! It is so hard to believe that Ubuntu only needs less than 6 GB of hard drive space for an install. Yet, the (Acer) OEM reinstall discs amount to 3 DVD's. Talk about bloatware!!!
I wish more people would succumb to this strategy and ditch WindblowZE, the world would be a better and safer place if they did.
-
-
Thursday 12th July 2012 10:09 GMT TeeCee
The Address Bar disappeared in XP SP3 'cos some arsehat of a Eurocrat couldn't tell the difference between a browser address bar and a seperate .dll that invokes the default browser (whatever that may be) when a web address is entered. Thus it fell foul of the integration shenanigans and took a holiday while the Redmond legal eagles translated a detailed technical proof of "it isn't part of the browser at all" into fuckwit-friendly language for them.
Reinstating the browseui.dll from SP2 puts it back with no ill effects.
-
-
Thursday 12th July 2012 04:46 GMT Don Jefe
Egg Meet Face
Jesus. This is just a bit much. I spend months selling a company on 750+ seats and for better or worse the Gadgets pretty much sealed the deal. Now they've got to disable them to be secure??? Gah! I'm seriously considering not even telling my clients.
Damn it. Gadgets are such a benign thing. Why in God's name would those ass/blackhats attack that? My Grams likes her Gadgets & now I'm supposed to tell her she can't have them unless she upgrades.
Feckin hackers think they are cute. Where I'm from we just belt people like that square in the gob & let them think about their actions while they look for their missing tooth. If I thought I could find them I'd charter a flight to Russia & curb stomp them all, one at a time. Shitbricks.
End of rant. Thanks for reading.
-
Thursday 12th July 2012 06:10 GMT Anonymous Coward
@Don Jefe
"Where I'm from we just belt people like that square in the gob & let them think about their actions while they look for their missing tooth."
Liverpool? Great rant by the way!
"If I thought I could find them I'd charter a flight to Russia & curb stomp them all, one at a time."
Trouble is that quite a lot of the criminal hacker gangs are based there anyway, judging by the many articles here on El Reg that suggest that to be the case. Sending more over there would only make it worse. Perhaps we should cut all the wires heading that way!?!
-
Thursday 12th July 2012 06:38 GMT toadwarrior
Re: Egg Meet Face
Everyone on the internet is a tough guy ( with a big dick) but let's face it, if they came to your mother's basement to have a word with you then you'd probably wet yourself.
The world doesn't revolve around your gram but there is an easy solution. Get OS X or linux. Bothare far more secure and not nearly as soul destroying as windows.
-
Thursday 12th July 2012 09:15 GMT Blitterbug
Re: Egg Meet Face
@ Mr J,
Fear not. I think MS are saying that whilst the Gadget platform yeilds a juicy attack vector for asshats, it's gadgets from 'unknown' sources that 'could' compromise your system. I for one (awesome cliche) will remove my default MS-branded clock and weather jobbies when they pry them from my cold, dead hands...
-
-
Thursday 12th July 2012 06:27 GMT Anonymous Coward
Ooooo Really.
“Gadgets installed from untrusted sources can harm your computer and can access your computer’s files, show you objectionable content, or change their behavior at any time,” Microsoft notes.
Uhhh Huhhhh
And what about the trusted sources?
"Shave that dogs head and bring it to me!" said Microsoft.
"What? You mean Dougal?" asked Florence.
"No I meant Mr Zippity." said Microsoft.
"But I am not a dog!" said Zippity, looking rather alarmed.
Microsoft and their bullshit - it's never ending.
-
-
This post has been deleted by its author
-
-
-
Thursday 12th July 2012 07:09 GMT Suricou Raven
Executing code from untrustworthy places can be dangerous?
I guess we can all thank Microsoft's newest employee, Captain Obvious.
This isn't even a security flaw - it's the gadget stuff doing what it's supposed to. Just because Microsoft calls them gadgets doesn't mean they stop being programs. Still, I don't think many people ever used them. It does sound plausible that MS is killing them off though as part of their shift to Metro, with it's increased use of web-based HTML5/javascript rather than native code.
-
-
-
Thursday 12th July 2012 17:31 GMT h4rm0ny
Re: HTML5+Javascript+CSS, are native code
"But out of interest, just what does Windows 8 compile HTML+JS+CSS into, h4rm0ny?"
Same thing that C# or C++ or VB get turned into to when you write a Metro application - compiled low-level binary code just as if you wrote a C program on Linux or similar.
-
-
-
Friday 13th July 2012 09:18 GMT multipharious
Re: Executing code from untrustworthy places can be dangerous?
Exactly.
There is a Microsoft MSDN article from 2007 I found this morning while poking around looking for some writeups of the SDL. Just above the SDL introduction, there is an article called "Inspect your Gadget" that uses the exact same wording as the Security Advisory. The interesting bit is that this article speculates the attack vector and the precise vulnerability.
http://msdn.microsoft.com/en-us/library/bb498012
My guess is that the researchers were poking around and found the following sentence:
"Today, the Windows Vista Sidebar hosts Gadgets built from HTML, JavaScript, and potentially ActiveX controls, and because Gadgets are HTML, they are subject to Cross-site Scripting style bugs. These bugs are extremely serious because script in the Sidebar is capable of running arbitrary code in the context of the locally logged-on user."
-
-
Thursday 12th July 2012 07:13 GMT nuked
I had a dream once...
...where a company sold a product across the globe. But due to what most experts would classify as at best, complete negligence, and at worst, deliberate intent; this product's design enabled the theft of billiions of pounds worth of data/funds/property.
The company were sued naturally and because of the overwhelming evidence against them, they either had to remedy their appalling products immediately and for free, or better still, had to compensate to such a degree that they could never again afford to inflict their misery upon the world.
I then woke up to the bat-f**k insane place that we live in where a zero-day exploit discovered almost weekly, enabling complete remote control, is pretty much expected and accepted.
-
Thursday 12th July 2012 10:43 GMT h4rm0ny
Re: I had a dream once...
"But due to what most experts would classify as at best, complete negligence, and at worst, deliberate intent; this product's design enabled the theft of billiions of pounds worth of data/funds/property."
Explain to me how a user installing software from an untrusted source in Linux would be any different? In both this case and the Linux case, the software has access to user-space and can access the user's data. At least from what we know of this issue.
-
-
Thursday 12th July 2012 07:23 GMT Robert Heffernan
Kill off the crap
If Microsoft are killing off useless unloved windows features why is metro still in windows 8. There is so much I like about windows 8 just its all under the hood, the way they butchered the desktop and tacked on metro is what killed it for me.
They are so caught up in the whole idea of converging platforms they failed to realise that phones, tablets and the desktop are completely different things that need their own platform. You can commonise a lot between the phone and tablet but there is nothing common* between the tablet and desktop. Merging them is just plain dumb.
*Sure on some devices a common kernel and API layer will work but the UI definitely won't work.
-
Thursday 12th July 2012 09:04 GMT Simon Aspland
Re: Kill off the crap
It's not about converging platforms, it's about selling Windows Phone and Surface devices.
By getting users 'used' to Metro on their desktop PC, the Phone/Tablet with the Metro interface becomes the natural choice for them to choose when they buy one.
This all falls down of course when the users hate Metro on their desktop so much that they refuse to by a phone with it... that's my hope at least :)
-
Thursday 12th July 2012 10:49 GMT h4rm0ny
Re: Kill off the crap
"they failed to realise that phones, tablets and the desktop are completely different things that need their own platform"
Serious question - why? I want to be able to syncrhonize and manage the same data on all three. As a developer, I love the idea of being able to write applications for all three at once. Win8 works fine on the Desktop - I've been using the release candidate for a while and using Metro instead of the Start menu has presented me no difficulties and everything else I've used has remained compatible from Win7. So why shouldn't some group release a platform that can seamlessly transition between all three?
I might not want to do major editing work on a tablet, but I still want to be able to pull up a Word document and make some minor changes here and there. I even do that on my phone from time to time! And as well as consistent capability, consistent interface is a big plus for many people.
-
Thursday 12th July 2012 11:48 GMT Chika
Re: Kill off the crap
And that requires that every damn bit of hardware must run the same OS, GUI and software? Do I really have to run my desktop system as though it were a vastly oversized smartphone? There are already ways to seamlessly synchronise these different platforms without butchering the interface experience.
(...the greater good, the greater good, the greater good...)
-
Thursday 12th July 2012 13:23 GMT Dave 126
Re: Kill off the crap
Okay, one interface works with mice and keyboards, one with fingers. Fingers don't have the accuracy of mice and keyboards, but do allow gestures- and you can't drop them on the ground (unless you're looking at a recipe on your tablet whilst cutting onions). Appl// Mangoes and oranges.
Having a different UI doesn't mean you can't do the same things- you just do them differently, suited to the tools in hand.
I note that iPads have sold well, though they don't work like Windows or OSX.
Hmm... I wonder if there's an Android App that presents your smartphone's call and text functions in the style of a Nokia 3210/6210 etc interface? : D
On that note, it would be nice if MS could upgrade the underlying OS without touching the UI- or at least give people the choice. My less tech-savy friends and family do get confused/annoyed when something they have spent some time getting used to suddenly changes.
-
Tuesday 17th July 2012 09:40 GMT Robert Heffernan
@h4rm0ny
I am a dev too, and like you, I like the idea of being able to develop for multiple platforms at once. Which is why having the same OS API layer between devices is a great idea.
The thing is, the UI layer should be specific to the device at hand. Touch on the desktop has never taken off because it's not suitable to the tasks required of a desktop system. People say it's because the support wasn't there. There has been touch support on the desktop for ages just no one wanted it because who wants to spend all day with their arms stretched out and leaving finger marks all over the screen when the keyboard and mouse is a much better user experience.
On a tablet or phone held in your hand, a touch based UI makes perfect sense. Which is why between the Desktop and the Phone/Tablet, you need to design a UI that works best for the platform.
-
-
-
-
Thursday 12th July 2012 08:26 GMT Charlie Clark
Ijeets
Gadgets were just another "me too" feature that MS copied from Apple in Vista. While the basic idea making it easy to have customised and easy to install front-ends to web services has merits, it never made a great deal of sense as a programming paradigm for an operating system.
Things have changed since then with the move towards a lasting plurality of platforms making platform-independent programming more valuable. The web run times have come on in leaps and bounds, but the fundamental principle of putting these things in the best sandbox you can come up with has not changed and Microsoft's insistence on embedding the browser runtime into the OS is as misplaced now as it ever was.
-
-
Thursday 12th July 2012 11:53 GMT Platelet
I like having an analogue clock and flip-style calendar in the corner :(
So switch to rainmeter (http://rainmeter.net/cms/About). It has the same inherent risks as windows gadgets but at least it will still be there come windows 8 and you can find pre-vetted skins at http://rainmeter.deviantart.com/
-
-
Thursday 12th July 2012 09:41 GMT Jason Bloomberg
FUD?
Due to a lack of explanation of the vulnerability it does stink of "turn it off now, and you won't miss it when you upgrade to Windows 8".
They've done this before (with STL headers I think), where they admitted there were serious vulnerabilities with apps using those but did not specify the circumstances those vulnerabilities applied to, making it hard for anyone (users and developers alike) to assess what the risk level was.
-
Thursday 12th July 2012 10:29 GMT fourThirty
the moaning bandwagon must be close to capacity...
If you don't like the features of Windows 8, simple, don't upgrade. It is not compulsory, and nobody is forcing you to do so...
Also, they suggest removing the gadgets, they aren't saying you have to otherwise you'll suffer from a plauge of locusts for forty days and forty nights....
You would have to assume that being on a tech forum, some of us have a little common sense. if you know the source of your third party software is pukka you shouldn't have a problem...
-
Thursday 12th July 2012 11:12 GMT Anonymous Coward
Re: the moaning bandwagon must be close to capacity...
That is of course assuming MS won't simply finish them off in a next "security" update.
Besides; MS asked for the "moaning" themselves. Remember; The metro crapola was allegedly build thanks to user input from previous Windows versions indicating major problems with the start menu...
So if people are not ok with new "improvements" on Windows I think they're doing the right thing to moan about it. Best on the MS fora themselves but why stop there?
-
Thursday 12th July 2012 12:38 GMT Hoagiebot
Re: the moaning bandwagon must be close to capacity...
"That is of course assuming MS won't simply finish them off in a next "security" update."
That is my fear exactly, ShelLuser. I am one of those people here who actually liked Windows Sidebar Gadgets, and I still have four of them running in my sidebar as I type this. Heck, I even bought a couple of books about programming Windows Sidebar Gadgets so that I could create a few of my own. Sidebar Gadgets can be really handy as long as you can find gadgets that suit your purposes and appeal to your personal sense of taste.
Now that Microsoft has decided to become hell-bent on getting rid of the little gadgets and have labeled them as a "security risk," they very well may end up posting an "Important" update during the next patch Tuesday that eliminates Windows Sidebar Gadgets from Windows Vista and 7 automatically, without asking the user first. And how will most Windows users even know that an "Important" update will remove their gadgets before it has already happened? First of all, many users use Microsoft's recommended setting of having automatic updates. Should Microsoft push a gadget-killing update out, these people will just turn on their PC one morning and find that their gadgets are mysteriously gone.
Even people like myself that like to review updates before installing them may still inadvertently lose their Sidebar Gadgets should such an update go out, since so many Windows updates are only generically described as:
"A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain access to information. You can help protect your system by installing this update from Microsoft."
How many "Important" updates with similar descriptions were sent out during this last patch Tuesday? Five? Unless you start reading the associated knowledge base articles for every patch from now on, you could still easily let a gadget-killer update through. And while I am capable of reading these knowledge base articles if I have to, several members of my family all use gadgets on their Windows laptops, and they'll get plastered by such an update for sure leaving me to have to clean up the mess and try to get their gadgets back. I sincerely hope that Microsoft leaves Windows Sidebar Gadgets alone-- I don't want Microsoft to take the easy way out and not bother to fix the flaws in the gadget platform and just kill them outright because Steven Sinofsky has suddenly decided that they are passé!
-
Thursday 12th July 2012 13:34 GMT Dave 126
Re: the moaning bandwagon must be close to capacity...
>user input from previous Windows versions indicating major problems with the start menu..
The only anecdotal complaints I've heard about the Win7 start menu is from a friend who doesn't like it because it isn't the WinXP start menu...
(that and control panel and system settings options are accessed differently, in what he perceives to be an attempt to screw him about. He's a bit of an IT canary.)
-
-
-
Thursday 12th July 2012 11:05 GMT Blacklight
Shame...
I too have a clock, but as I have a Logitech G19 with an LCD clock on it, I could remove it.
I also wrote my own gadget, as Windows 7 Home Premium didn't do "location aware printing", so I wrote one that changed my default laptop printer based on which WLAN I was connected to. Not overly elegant, but it worked, and was a fun task.
-
Thursday 12th July 2012 11:08 GMT A J Stiles
Hmm
The whole world is slowly moving away from pre-compiled native code (which depends on a specific processor architecture and possibly even an addressing schema) in favour of interpreted or just-in-time compiled code (which depends only on a specific runtime environment).
Of course, Unix has had shell scripts since time immemorial; and Linux was already building on that heritage with Perl and Python before Java came along. Mac OS X also makes heavy use of interpreted code. But it's still nice to see Microsoft slowly catching up to the rest of the world.
If anyone should be worried by this direction, Intel should be .....
-
Thursday 12th July 2012 11:43 GMT TeeCee
“Gadgets installed from untrusted sources can harm your computer..."
So MS drop their online gadget repository in favour of a pageload of gushing bullshit extolling the virtues of 8. Users are forced to look elsewhere for gadgets. Some of the "elsewheres" prove to be pushing crud.
As MS, is the correct fix:
a) Admit you fucked up and reinstate the vanilla site?
b) Say that gadgets are inherently insecure and that they should be disabled?
NB: If (b), you may need to come up with some bullshit to explain why installing a bent gadget is in some way worse than installing A N Other piece of bent software, to ensure that your red-headed stepchild (Win 8) isn't seen to be just as vulnerable.....
-
Thursday 12th July 2012 11:57 GMT Andy Fletcher
Suggestions...
Given the gadgets currently available, I think there would be some merit to add:
1. Fire/Smoke detector. Alerts you if your computer is on fire.
2. Localised tremor meter. Alerts you if an earthquake is happening.
3. Gravitaional collapse monitor. Let's you know if the sun has imploded.
and possibly most useful:
4. Fart detector. When you let one go, it measures the probability of the stench reaching others in your office, so you know when to shout out "who let that one go?".
-
Thursday 12th July 2012 13:10 GMT Anonymous Coward
Re: Suggestions...
4 is so puerile and unbecoming of this forum.
I'd have surround sound speakers and microphone array to identify the source of the noise and based on a three dimensional scan of the room use sound anti-phased playback to shift the apparent source to an adjacent cubicle / office / bod.
Should there be any associated unpleasantness I assume careful driving of multiple case fans and stealth Dyson air movers could deal with that.
--
Here's the thing, I can now feel a few people mentally working on the subroutines and algorithms, I love the register.
-
Thursday 12th July 2012 13:38 GMT Dave 126
Re: Suggestions...
>2. Localised tremor meter. Alerts you if an earthquake is happening.
reminds me of plans to create a distributed seismometer by using the G-sensors in laptops- obviously ignoring a machine that was out of step with its geographical neighbours. A fairly sensible plan it seemed.
-
-
-
This post has been deleted by its author
-
Thursday 12th July 2012 12:42 GMT Matt_payne666
thats one hotfix I wont be running... I have used one widget for a while now - a little calendar which shows my next 3 appointments...
I could have outlook runinng all the time, or i could have an open browser window, but persistant diary is invaluable... im a forgetful sod! oh, my calendar is synced with my iphone, but having to open an app and hope its synced is far too much like hard work (I miss my WM mobiles with calendar on the lock and home screens)
-
Thursday 12th July 2012 13:10 GMT Spoonsinger
So...
MS basically close down the gadget website at the end of 2011 - thus making the thousands of more or less the same gadgets - unavailable, (unless you go to the developers website). At the same time they introduce Metro, which is basically full screen gadgets. Now a 'vulnerability' has been found - by them - in the sidebar code which they 'suggest' you disable, rather than them disabling it in an update. Not going into the whole 'well what about other applications which access the internet? Why not just tell people to disable the whole TCP/IP stack?", Why wait six+ months, if they knew about this, to inform the average punter. Also are desktop gadgets the main selling feature of windows 7?, (rather than improved speed over Vista and improved security over XP).
Just wondering like.
Paris - because..... (ok that isn't Paris but she's getting on - which actually should merit a Paris icon).
-
Thursday 12th July 2012 15:49 GMT eulampios
@Redmond's apologists
>>Gadgets installed from untrusted sources can harm your computer and can access your computer’s files
This is basically true about most of 3-d parties software Windows user install on their system every day. How do you verify whether the source is legitimate? MS doesn't provide any check-summing and/or pgp tools in the vanilla Windows.
>> Since Gadgets run with the rights of the current user, the vulnerability could allow exploits all the way up to administrative level.
up to means including? right, does it imply that admin rights are granted to the first user by default and there is no mechanism similar to "sudo", where the user's session is simply the admin's session? We've been told many times by the Redmond's apologists that there is "runas" and it's cool!
-
Thursday 12th July 2012 16:13 GMT Anonymous Coward
Re: @Redmond's apologists
MS doesn't supply checksumming and pgp in the base install of Windows, but they do supply executeables and drivers which are signed. It's just a different way of achieving the same end.
If you're running as Administrator, software you run will be under the Administrator's user context. Duh. If you are running like this, you'd also be a fool.
No, this does not imply that admin rights are granted to the first user by default, but if you configure your machine to run as administrator - and you have to actively configure it to run as such, unlike say RHEL or CentOS which allow you to logon as root by default - you will execute code as Administrator. Again, you'd be a fool. There is runas, which is similar to sudo, but not the same, there is also UAC, which is similar to sudo, but not the same. They basically do the same things, in different ways.
Why does explaining how some features in an operating system work when compared to another operating system make the person doing it an apologist for the manufacturer of said OS? Personally I really like learning about new things, particularly in IT, other people may be bored by new information, not me.
PS. You forgot to tell us all how great and infallible the repos are as per your usual MO.
-
-
Thursday 12th July 2012 16:38 GMT eulampios
@AC 16:13
Dearest AC, why don't you comment as wisely on the article's statement: Since Gadgets run with the rights of the current user, the vulnerability could allow exploits all the way up to administrative level.
Please tell us what you feel, thanks!
>>unlike say RHEL or CentOS which allow you to logon as root by default
Not the case with "Ubuntu for human beings". I'd like to draw your attention to the fact, that be that RHEL, CentOS or pure Debian (or LMDE), the all are not necessarily designed for the Windows users/admins ... aka lamers (they still so not disable AutoRun on the desktops).
>>You forgot to tell us all how great and infallible the repos are
I'll remind you: all of my LMDE/Ubuntu/Debian use aptitude that checks both md5(or sha-1) sums and verifies the pgp(gnupg) signatures automatically for all the packages and updates. When I'd need to install something from source, I do all of the above manually.
If not being apologetic about Windows why wouldn't you take off your AC mask?
-
Thursday 12th July 2012 17:15 GMT Anonymous Coward
Re: @AC 16:13
Clearly, if you're running as an administrator, anything which runs in your user context with have administration rights. What they're saying is that the gadgets run in the logged on user's context and if you're logged on as an administrator that is an administrative context. You can run applications/processes in a less privileged context if they're for example a sandboxed web browser or an application initiated from a runas command which calls the app under a different, less privileged user's context.
Now we get to the crux of the matter: "not necessarily designed for the Windows users/admins ... aka lamers". After all your protestations about running as administrator and how Windows is insecure and inherently Linux is better, what it actually boils down to is that you think you're better than people who use Windows, just because you use Linux. Well, guess what? you're conning yourself if you think that your choice of OS makes you inherently smarter. Personally, I use Windows, Linux, OSX, AIX, Solaris and a little HPUX, pretty much every day at work, does that make me better than mainframe or OS/400 users? No. Not at all, it just means that I know different systems. It also means I hate it when people lord it over me about how one system is better than another because it's usually done from a point of view of a lot of knowledge about one system comparing a little knowledge of another.
Like I said above - MS cryptographically sign their updates and executables. Other companies can as well, should they choose.
I've commented here since before there were comments and you had to email the authors. I comment as AC ever since someone told me in a security related comments thread that they thought they knew who I was and where I lived and that they'd try to check out my employers security.
-
Thursday 12th July 2012 22:38 GMT Medium Dave
Re: @AC 16:13
"I comment as AC ever since someone told me in a security related comments thread that they thought they knew who I was..."
Handing out enough personal information for you to be unwillingly identified from the other ~2.5 billion internet users doesn't really make you look like a security guru.
"... and that they'd try to check out my employers security."
Don't see why why that should be a problem, unless it's full of bloody great holes. In which case I'd suggest a little less time waxing lyrical about MS security on El Reg, and a little more time in the server room with a copy of "Firewalls for Dummies". ISBN: 978-0-7645-4048-6.
Paris, 'coz we 've all seen her "personal information".
-
-
This post has been deleted by its author
-
Thursday 12th July 2012 17:36 GMT Fatman
Re: Windows users/admins
When one speaks of those who use WindblowZE, they are called (L)users, and rightfully so.
Also, good point about the repos, most WindblowZE (l)users do not realize that.
And a final point about the use of repos, if all of your software is installed from a repository, then any and all updating is automatically handled by the repository; instead of the current situation of having to check each vendor's web site for any updates. In the WindblowZE world, to me this is a royal pain in the ass!
-
-
Thursday 12th July 2012 19:59 GMT eulampios
@ac 17:15
Let me explain the "lamers" word for you. In many occasion including some "Certified Windows" services and many Windows geeks I hear most common troubleshooting advice "Got .... a problem - reboot, if the issue does not go away, reinstall Windows! ".
>>Like I said above - MS cryptographically sign their updates and executables. Other companies can as well, >>should they choose.
Here's an analogy of our dispute:
-- I say, that Ferrari is expensive so there is noway overwhelming majority of people can afford it.
-- You seem to misunderstand: Everyone can afford as many Ferrari's as one wants, should he/she choose to get very rich!