944 posts • joined 28 Feb 2010
Re: Security through transparency
But that's exactly what "data collecting" companies want, be able to identify uiniquely every sensor/device you use and collect data from it. NAT hinders it, and if external IPs are allocated dinamically through DNS, they also lose the ability to match data from different points in time.
Their dream is a unique identifier that never changes.
Re: If I were MS, I would be much bolder and replace icons with tiles.
You're clearly someone who doesn't understand what computers are for. And never coded a real, useful application. You're still happy with Win 3.x Program Manager like UI, and think they are cool... why an app icon should be static? Just because 25 years ago computers could just display some static bitmaps? I would welcome ways to interact with some application without having to open a full window, but hey, I'm just a professional developer leading an R&D group... with more than thirty years of experience... but I can also prepare good cocktails... just I don't spend much time gaming, that's for children... never change children toys, they hate changes, they need to repeat the same thing over and over...
If I were MS, I would be much bolder and replace icons with tiles.
Application icons are just a thing from the past, something good for old school OS like iOS, Android and Linux.
If I were MS, I would fully replace application icons with live tiles - both in the start menu, on the desktop, any folder, and the taskbar also. This way any icon could convey useful informations, be resized to show more of them. Think about a mail app icon showing you actual messages, instead of just a plain image of an envelope. Outlook telling you what's next.
Ooops, I should have patented this before telling, I guess, LOL!
Re: What the F is "the cloud" anyway?
Yes, it looks an attempt to get into the Chromebook market. Just those who are praising those data-stealing device will accuse Microsoft of wanting to do what Google does now.
So OSX can be p0wned through PDFs and JPEGs...
... just like any Windows?
The difference is a camera is designed to take photos, a smartphone is not
A DSLR - and even other types of cameras - is not just a sensor and a lens. It's a tool designed from ground up to take photos while concentrating on the subject. Its controls and its software are dedicated to this task, nothing more and nothing less. You can change shutter speed, aperture, and focus without moving your eyes away from the subject. You have dials, rings and buttons are where you expect them, and you don't have to fiddle with on-screen controls competiting with the framing and subject. An optical viewfinder doesn't burn through battery power, while offering the highest resolution and color fidelity you can achieve (how many phone screen can handle Adobe RGB, or at least a decent sRGB? And let's not talk about ProPhoto RGB...)
You don't risk a message or phone call interrupt your shooting, or a music player deplete your battery. You can store your images on fast, high capacity cards, while some phones can't even accept a micro SD card - and no, you can't upload wirelessy fast enough, often.
The smartphone is a usueful "jack of all trades and master of none" device - but it will take a very long time before it can replace devices designed ad hoc for a given task.
It could work because servers then didn't need the cooling they require today.
Sure. If you read the Windows guidelines docs, there are plenty of examples of how thing should not be done *taken from MS own software*.
You can keep on writing bad sofware because someone else does too, or you can write good one and make your customers happy.
Re: Why this is less of a problem with open source
"and your software vendor has no way to contact your operating system vendor in case of problems."
If you're a small, almost unknown software vendor, probably. Large (and some not so large) software vendors can easily contact Microsoft, and they do, believe me. It's probably easier than having to go through a long stack of different groups when you have an issue with Linux... - although more expensive.
"Your operating system vendor has no idea what software you run". Again, wrong. Do you believe MS doesn't test its OSes with many vendors software? Sure, it can't test everything, nor Linux distros maintainers can test every software run on them.
Have you ever installed a Windows "compatibility update"? Or do you install updates blindly, or just not install them? Microsoft does make money selling OSes, it's its interest to ensure they work with the software customers needs to run.
It also publish a large amount of information about how to write software properly so it will work on actual and future OSes. Just many developers are too lazy to read them, and prefer quick and dirty solutions, risk ingto break with the next release.
"Chances are extremely high it'll run on the next version of your operating system without any changes... and even if it needs changes, your distribution will take care of those."
When you run a critical infrastructure, you don't rely on "chances it'll run". Even if upgrades are free, you have to test thoroughly everything works as intended on a new release. And some custom software may break because Linux releases are far less backwards compatible than Windows usually is. Because they imply you can always recompile your code, but not everybody can - if you just get binary packages. Not everybody just needs a Samba/DNS/WebServer server, there is a lot of other software running which is commercial and not included in any distribution.
Re: Reasons NOT to upgrade?
"All the crap that MS has loaded into the ecosystem in the name of security makes some Apps (Server versions) that run perfectly well on Server 2003 and Server 2008R2 (with a little care) just won't work properly if at all, on Server 2012."
No, it's not Windows fault. It just meant you bought crappy apps that weren't written by unskilled and lazy developers who never followed the proper rules to write Windows software. Properly written applications for Windows 2000 would work in Windows 2012 without a hiccup.
Application written in a Windows 3.x style and adapted some way to work in NT and 2000 thanks to the work made by MS to allow them to work anyway (just read Raymond Chen's "The Old New Thing" blog to understand how far MS goes to let crappy app work... ), will now stop working, at last!
Sure, applications that attempt to write where they never should have, require privileges they don't need and so on will stop working, and that's a good thing. That means unskilled and lazy developers now have to learn how to properly code applications, or look for another job. One way or the other, IT will become a better place.
Re: Upgrade Frequency
Actually, (Windows) server upgrades are far more complex than client ones. First, but file servers those machine are used to run other server software usually serving a lot of users. Second, both the OS and the software running on it are more expensive than the client one (although server are less. but there is the CALs issue anyway).
Sometimes you can just upgrade the OS and keep the old software running on it, sometimes you can't for several reasons (compatibility, support, certification, whatever), and you need to upgrade it also and it is both expensive and requires a lot of work to test upgrades and ensure everything works as before.
Upgrading and migrating can be complex, require special knowledge, and be risky. Risk-avoidance-driven IT department usually keep old software running as long as they can, and virtualization gave them a big help in this direction. While upgrading from NT and 2000 to 2003 had the incentive of 64 bit support, 2008 and 2012 despite more advanced implementation and newer feature are less perceived a must to upgrade to (unless you really need some of the new features).
The larger your systems, and the larger the data handled by them, the more difficult is to manage upgrades. I won't be surprised if next year we'll see again big issue about migrating away from 2003.
Possibly not, because virtualization is also a way to get your old OS and have it running on newer HW inside their own VMs. I know of many 2003 - and even some 2000 and NT servers, running inside big VMware deployments. It was a cost effective way to replace old HW with newer one while not having issue with drivers and reducing the number of physical machine running. But often old machines were simply "converted" and let running in their new virtual hw - because a full upgrade would have been much more complex.
Re: Can't afford Windows 7
It's obvious: after you spent many $$$$ for a gaming motherboard, an high-end CPU, GPU and RAM you an overclock, liquid cooling to cool them all inside an expensive modded cool case, and of course an SSD disk because you can't wait for the game to start, while adding some expensive gaming keyboard, mouse, and maybe joystick/joypad, there are no money left to upgrade the OS...
It's not it primary purpose - the purpose is to ensure a "secure" boot stack and make much harder for malware to start early in the OS boot process to hide himself better. But cracking Windows requires to alter some of its vital files - something secure boot will trap and thereby refuse to boot the OS. Sure, users with enough knowledge can disable secure boot and attempt to load the OS anyway, but still it will make cracking the OS harder, and installing cracked versions as well.
I've yet to check, but I hope even applications can be written to refuse to start if secure boot is disabled or the system compromised in some way. In many environments that can be highly desirable.
Being an IT professional I've seen enough "hardcore Linux fans" running pirated copies of Windows "just to run the games" - usually pirated as well. Probably I'm also from a country that always had a high level of piracy compared to others, but I've seen many complaining about "security" features just because they weren't allowed to run pirated software easily - while keygens and cracks are often attack vectors.
Too many users complain "Windows is not secure", when usually it's them making it unsecure running with admin privileges and installing pirated software often riddled with malware. No OS can protect you when you start cracking it and then install malware yourself...
Sure, Linux where the need to run pirated software is minimal, is far more secure from this point of view.
The only ones afraid of secure boot are all those "linux fans" attempting to run pirated copies of Windows on their systems.
Microsoft made the right thing to push a secure way to boot an OS allowing only verified code (after all that's how the Sony PS3 works), even if it's also trying to push it a bit too far to allow Windows only.
As long as any attempted by MS to hinder other OS installation is hindered, secure boot *is* a valuable feature.
If you're a sysadmin and you know nobody can boot your machines without an unauthorized OS (i.e. a live CD, a USB stick, whatever) you know you have a new good layer of security. And tha'ts true even if you're running whatever Linux you like and you don't want someone tamper with your machines.
If in your bedroom or basement you can't install a pirated copy of Windows to play some pirated games, well, I do not care.
They should have called it 8.1 SP1 and everybody would have been happy
Call it 8.1 SP1 and everybody will be happy, can't understand why MS can't follow old practices everybody was fine with. Even before some pre-SP versions were no longer updated, IIRC it was a long time XP RTM and XP SP1 no longer received updated, only SP2 and SP3.
Each SP is almost a separate version, it means mantaining each requires to fix different code branches and test them all - it may make sense do obsolete some.
If they had not to revok and replace or their digital certificates and change all passwords...
It's funny how those MS haters hastily upvoted your first post but never care to read your correction...
Re: I am paying for OpenSSL, via my Red Hat subscription
Why do you believe Google based its Android/ChromeOS software on OSS - "free" - software? Because it wanted to steal your data in a way that should have been easy and fast, it wasn't going to invest in delivering a new OS written from scratch which would have costed a good sum of its revenues stored in some paradise island.
They will invest money if and only if it helps to move software away from a competitor they may have to pay - if they find some free software they have not to pay at all, the better.
And when you buy Android, all you buy is the right that your data will be stolen by Google and not someone else.
Re: This explains it
Especially when the "shortened" link is longer than the one it refers too, LOL!
Re: Where have all the fanboyz gone
Guess many also didn't still learn how to use Active Directory and group policies to automate patch installations, and create group of machines with different policies. But some critical servers that need to be updated only after patches has been tested before being allowed, everything else is patched automatically - we prefer to have to pull a patch is some crappy app stops working, than being compromised for the lack of patch.
Re: no armageddon here thanks
But the memory allocator will also get and release memory to the OS - what you get from this bug can be anything depending on where the memory comes from, and what has been used for before.
"The difference is, once the problem is identified *I*, *you* or anyone else could knock up a patch in minutes and distribute it to the world. And that's pretty much what happened."
Oooh, soo naïve.... of course the patch is released at the same time the flaw is published - that's how proper vulnerability management work, open source or not. The only difference is you can really patch it yourself, if you know how to do it and know enough of the used programming language and toolchain to get the final executable - something not many users have.
"If you think that open-source = security"
No, I never thought it, but that what many OSS fans try to sell you.
Re: The real problem is C
The x86 protected mode architecture has a lot of checks (including the BOUND instructions) just OS and compilers don't use them because checks slow down operations...
Given the choices:
1) Fund OpenSSL development
2) Buy your own island
3) Buy your own 767 and use it to reach some tropical island
4) Buy a castle somewhere in Europe
What Oracle, Google, Facebook, etc. etc. CEOs do?
Ah, and then some executive will tell managers "get our developers use open source code, it's free...."
Often the problem lies in the IT department itself. Often the wrong applications are selected without understanding they are so badly written they will not sustain an OS update. Often buying shining new hardware to play with is were money goes, instead of planning for software obsolescence.
Then there's also the hassle of keeping applications up-to-date, it's always a risk, what if something breaks and everyone yells at you - let the ten years old application run, after all it run until now and no one complained...
And believe me - when Windows 2003 will reach its EOL, we'll see this again....
I wonder how many so called "system administrator" didn't learn yet to perform a "slipstream":
Re: Our last XP machine was, pretty much literally, taken behind the shed yesterday.
It's funny how many think a "firewall" (and I would like to see which FW and with which rules and how often the rules are reviewed and updated...), not even an IDS or something more powerful (i.e. software that locks down what you're actually permitted to do on a machine) is enough to protect them-
It looks they are still protecting themselves from last century worms that uses protocols listening on open ports as attack vectors - as if many Attacks today weren't performed over open ports (HTTP....) using very different attack vectors from browsers to Java to document parsing flaws, and old, always working social engineering trisk. All vectors a firewall won't stop.
But that's a trend I've seen in many IT departments. Securing a network fully requires work, a lot of, and unless performed by skilled people, it can create big issues. Thereby the trend is "let everything as it is, don't touch anything, do just the minimum needed to tell management we had secured the network". I guess there's will be a lot to "laugh at" in the upcoming months.
The issue with WiNRT is its "consumer-oriented" API
The main issue with the WinRT subsystem is it was designed for the "tablet consumer app" with a lot of restrictions. Security is OK, but many big, complex, expensive apps developed for the desktop needs to access the full Windows (or .NET) API - those that don't are probably already moved to some kind of web application which doesn't need WinRT already.
Unless WinRT becomes a real alternative to the full WinAPI, developers are forced to decide if their applications can be made working in the less powerful subsystem and within its restrictions - moreover those restrictions means only MS tools can often be used.
MS has to get out of the "consumerapps" hangover, and remember many Windows system are used by professional users for complex tasks, and developers needs to fulfill their needs, not only churn out instagram- or whatapps-like applications.
Re: What next?
My bet? Keep on dreaming...
Re: I'd guess none
I understand now why almost nobody ships PCs with Linux pre-installed... not everybody wants to be forced to supply all the GPL stuff also.
Re: No win.
The gay community is acting like McCarthy. Everybody not thinking the way they like must lose its job and be "ostracized". That's something US already underwent in the '50s, and it wasn't a nice period. Even McCarthy had the excuse it had to protect US from communists, but he did like a communist. Gays are acting like McCarthy... and maybe it's also a way to get to well paid jobs easily just crying "look! it hates gays!" - next everybody thinking gay marriages is wrong shall wear a yellow star? Or be sent to some cold place to be "re-educated"?
And if somebody next would like to marry his or her cat, dog or horse? Why not? Why gender is ok, genus is not? There are also many different type of marriages we think are not appropriate - think incest, polygamy, ecc. ecc. - beware of opening the Pandora Box just because some easy money...
Removed Firefox from my PC.
Re: Freedom of speech goes both ways here
I wonder if he campaigned against polygamy, combined marriages or children brides if that would have raised all this dust. There are countries were both are accepted social rights, and would not be happy it you remove them.
There's nothing as a "human right to marriage" as there's nothing like a "human right to have children".
But let's remove the finger, all this fuss about marriage is really about *money*. The right to "marriage" is really a right to "inheritance" and other ways to obtain easy money or advantages.
Re: Garage PC
"Give the admin user a simple password that you can remember - this is to stop simple "run as admin" actions."
Give admin user a "complex" password that you can remember. At least 16 characters long (disables unsecure NTLM hashes) - better, create another admin user, and disable the Administrator one (use gpedit.msc do to that). Beware that to change the XP home password IIRC you need to enter in safe mode or something alike.
Disable useless and unused services, especially if running as LocalSystem. Downloand SysInternal's Autoruns anche check what is started automatically - remove whatever you don't need.
Re: Garage PC
It's funny most still think malware is designed to crash or wipe your PC. Sorry, that's not 1987 anymore. Most malware is designed to infect you, and stay hidden, while stealing data silently, or perform operations on the bot C&C behalf (spam, DDoS, attack other machine, host illegal contents,do anything illegal you like on someone's else machine....), often even rented to someone else for a given task. Only crappy malware (there's that too) will do something you'll notice easily enough (yes, there's ransomware also, but that's a one-shot malware type). It make take years to discover a well hidden infection.
If AV and FW were really effective, we would not be here talking about vulnerable machines. And the more "0 day" XP will be vulnerable to, the less AV and FW will be able to protect you, there are dozens of effective techniques to avoid detection and make local AV and FW wholly useless - when you compromise a machine, you can also control the software running on it. You may sleep happily while someone else enjoys your machine and your data, or open your eyes and acknowledge that false security is usually equal to no security at all.
Re: Garage PC
Well, for that you have the far bigger problem of incompetent users and those used illegal copies which of course don't patch system because they're afraid of being identified and their system locked down. They could run the shiniest lates OS but will click on any "pOwn me" sign as long as it is pretty and colorful.
Re: Garage PC
As long as you don't have anything important on it, or do anything like using it to buy something over the Internet, you may accept the risk. But as soon as you read your email, buy some of those parts or something like this on that machine, log on to some site, or the like, you're accepting a not little risk. No FW or AV will protect you enough - and the problem is not what they may delete, is what they could steal without you even knowing it.
Maps can be already stored to SD on a Lumia.
You can already store maps on the SD car on a Lumia - you have to install Lumia Storage Check. It has an option (details section) to store maps on the SD - on a 620 I have more than 2GB of maps on the SD, while only 21MB occupied in the phone storage.
It's appalling how many people still think an OS is its shell, and vice versa. They look deeply stuck in the MSDOS/Win 3.x model, where Windows looked just a GUI atop DOS.
I thought Linux told most that an OS it's not a shell, but it looks it failed too. Well, after all most distros are identified by their desktop managers, not what's below, even if most Linux server use no X.
Windows 8 *shell* is broken by design (the OS below is even a little better than 7). But luckily for MS, that's the easiest part to fix, as long as someone in Redmond understand he has to swallow his ego fully and admit that shell was big mistake for non-tablet PCs, and Sinofsky was not the only responsible for it.
From many perspective Vista was a far larger mistake than 8, because the issues were deeply within the OS itself, not in the new GUI. It required to bring in people like Mark Russinovich to help iron them out.
Re: Under the hood?
That's exactly the mistake MS avoided and explains why Linux has risible desktop share well below OSX one, that 'strangely' enforces a single UI exactly like Windows does. Standardization is often a good thing.
It's wasted time. They do not understand how system programming evolved over the past thirteen years to support an evolving hardware, and they judge an OS just from the shell and widgets look.
Understanding the changes underneath requires knowledge not everybody has, it's an highly specialized kind of programming, and became pretty complex. Moreover, the mainstream development moved to web applications and managed/scripted languages, the less developers had to cope with an OS 'internals', and they give for simple and granted features that require a fairly complex management in the background.
Re: Wasting taxpayer's money again
"So their inability to plan ahead has cost us £5.5mill. Nice."
I wonder what the IT management was doing in the past 13 years. Didn't they see this coming a little earlier? Whatever the solution could be, finding and planning it before April 8th, 2014? No one fired for usch a blatant lack of proper management?
Re: Wasting taxpayer's money again
You may not believe it, but there are some workers who spend their whole working life producing documents.
Re: Wasting taxpayer's money again
Banks usually run higky skilled security teams to cover all the risks they have to face (IT and non IT ones), because money matters. They are also able to enforce their internal policies far better than other businness (but they are compromised anyway). When it comes to different type of businness, you can't rely on such level of competence and resources. You have to protect your businness in a different way. AV and FW won't protect you enough if you're a good target which can attract skilled attackers with ad-hoc techniques.
Re: Upgrade cycle
It's most lame developers who couldn't code a Windows application properly now moved to web development...
Before re-installing an old machine, always check for new drivers before....
When reinstalling an old machine with a new operating system, is always better to check in the old OS which devices are installed and were drivers are from. Then download the drivers for the new OS before clearing the old one. Not every vendor submits its drivers to Windows Update, and many devices are rebranded ones, the only hope you have sometimes its to look for the OEM. Also, some Vista drivers may work in 7 too.
For the matter, I recently got an ASUS motherboard that didn't even boot with a newer Intel CPU until I updated the BIOS - luckily that board allows updating the BIOS even without a CPU.
A female assistant good at sports results?
C'mon, that's impossible! This is pure marketing s**t!
Re: @ moiety -
Should we reminde Cook said "Apple is working to make the UNIVERSE better" (capital mine)? When it comes to marketing, they have no shame.
Re: It's not only Microsoft
But is this an MS fault? There's XP embedded for such systems, not plain XP. There are other industrial OSes available. The issue here is not they use Windows XP, the issue is they use NetBEUI instead of TCP/IP. Even if they had used some protocol over a serial link (RS-422), they would have no problem upgrading the OS. Instead they choose to use a protocol that was already obsolete because they didn't want/know to use a serial link or add TCP/IP to DOS.
If someone chose the wrong tool for the job, who's to blame? I guess there's also a lot of industrial handheld devices out there using PalmOS, Windows Mobile, and other mobile OSes... they're being replaced by Android ones, why nobody complains? I had to buy USB-serial adapters because some networking devices requires to be able to connect through a serial port if you can't access them via network, why nobody complains that most shiny new laptops have no more serial ports? Or maybe we should blame MS for this also?
They could send it to a maintenance group in India (if they didn't it already...) and have some lame, cheap developer working on it. That would be the best way to make people upgrade to a later version...
- Asteroids as powerful as NUCLEAR BOMBS strike Earth TWICE YEARLY
- Apple stuns world+dog with SEVEN-way split: What does that mean?
- Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
- Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call