Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Windows 7 RTM Support Ending Soon

Ralish Speaking of idiots (173 comments)

It's pretty clear you don't understand what a Windows Service Pack is and is not, despite you calling other people idiots in your ignorance. So allow me to attempt to correct your misconceptions.

Do you know how many security patches are in the average Windows SP?
Yes, all the ones that had previously been released for the given version of Windows up to the time of release of the Service Pack. Service Packs are not, nor ever have been, a sole source for the installation of security updates. They offer a convenient package for the cumulative set of prior released security updates, but they do not patch "new" vulnerabilities that have not been previously patched. That is, all the security patches they include are already available separately on Windows Update. For a period of time, two years for Windows, new security updates are made available for both the SP version and whatever came before it, so your security risk is largely imagined. The only issue here is the two year support period is coming to a close so patches will no longer be offered for the original Windows 7.

I'm sorry but anybody who has waited this long and not applied SP1 is indeed an idiot because every script kiddie on the planet uses those patches and SPs to reverse engineer new exploits specifically targeting fools that don't update the thing.
Dude, script kiddies don't wait for Service Packs. SPs do not patch previously unknown security issues. They merely include all the previously released security patches in a single update (among many other updates). Hackers wanting to reverse engineer a security update can do so as soon as it's released as part of the monthly MSFT patch cycle. Why wait for a Service Pack? And yes, I say hackers. Reverse engineering binaries and creating exploit code is generally outside the realm of script kiddies. If you keep up-to-date with monthly Windows updates you have all the security patches that the system with the Windows SP has. In fact, if the latter isn't keeping up-to-date with monthly patches you have more than the Windows SP system has.

So there really is no excuse......you can take a bare drive and have a fully loaded fully patched Win 7 system in less than an hour and a half
I'm going to tell you something that is going to surprise you. The two year support overlap for Windows patches isn't about you. Microsoft doesn't invest the no doubt significant additional resources of developing multiple versions of a given patch for different Service Pack releases so home users have a nice two years to update. The issue here is corporate customers who have anywhere from 10's to 10's of thousands of computers to update. Service Packs for modern releases of Windows include hundreds to thousands of updates, and quite often, new features. They can and do introduce breaking changes, and so there's no guarantee that software that used to work will continue to after a Service Pack (though in the overwhelming majority of cases it should). Systems need to be tested before deploying a SP, and for larger companies, two years isn't unreasonable. Deploying a major OS update to 10,000 computers in a sane way with minimal breakage is not trivial.

In future, please understand what you discuss before flaming others.

about a year and a half ago
top

IE Patch To Fix 57 Vulnerabilities

Ralish Re:Someone got on their case (91 comments)

The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security)...

It's being patched because IE6 shipped with Windows XP and MS guarantees they will support the version of IE that was shipped with a given release of Windows for the support lifetime of that Windows release. Windows XP is supported into 2014, so Internet Explorer 6 on Windows XP is as well. This is not a secret.

about a year and a half ago
top

IE Patch To Fix 57 Vulnerabilities

Ralish Editorial standards are for lamers (91 comments)

At least, I assume that is the prevailing attitude on Slashdot these days? Let's see:

IE Patch to Fix 57 Vulnerabilities
No, as per the linked Security Bulletin Advance Notification a total of 57 vulnerabilities are being fixed across Windows, Internet Explorer, Office & the .NET Framework. There are not 57 vulnerabilities exclusively in Internet Explorer as the title suggests. We can likely further expect certain vulnerabilities to only be applicable to certain versions of Internet Explorer once the full details are available.

Microsoft is advising users to stick with other browsers until Tuesday
Source?

...when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
No, as noted above, the vulnerabilities are across a variety of products. Further, 13 "patches" (aka. updates or bulletins if you prefer) are being released as multiple vulnerabilities are often patched in a single update. As per the linked bulletin, there are two bulletin's being released for Internet Explorer, which would typically result in two updates for Internet Explorer for a given Windows installation. Of course, there'll be many different updates released for different versions of IE and architectures (ie. 32-bit/64-bit/etc...) but a given Windows installation shouldn't have more than two applicable to it.

No word on whether IE 10 will be included as part of the 57 updates.
Apart from the explicit reference to Internet Explorer 10 being affected by at least some of these vulnerabilities in the linked MS Advance Notification? Have you tried reading the very articles you post? I'm reliably informed it helps comprehension.

Are the editors trying to set a new record for inaccuracies within a small paragraph of text?

about a year and a half ago
top

64GB MS Surface Pro Only Has 23GB of Free Space

Ralish Re:On linux (588 comments)

I'm not disputing your central point but there a few technical reasons that account in part for the much greater usage of space on modern Windows operating systems relative to Linux distributions. They may interest some, and are worth keeping in mind:

WoW64 Compatibility Layer
Specific to 64-bit installs is that 32-bit binaries are also installed for the vast majority of the operating system. This is due to the WoW64 compatibility layer that allows for (generally) seamless usage of 32-bit software on a 64-bit Windows operating system. Effectively, a full 32-bit copy of all the OS libraries and binaries are installed alongside the 64-bit native copies. During usage of the operating system you're generally running 64-bit native code with some exceptions (e.g. Internet Explorer is by default 32-bit due to the plug-in problem), however, when you run a 32-bit application it will be able to pull in all the 32-bit libraries it needs from the Windows install. On modern Windows Server systems you can actually outright remove the WoW64 compatibility layer, removing all those extra binaries, and in the process losing the ability to run 32-bit applications. This isn't an option on client versions of Windows (although it would be nice). Obviously, what with the overwhelming majority of Linux software being open-source, the need to include 32-bit libraries is much diminished due to most software being ported to 64-bit with relative ease and native 64-bit packages being offered. At any rate, the WoW64 compatibility layer will easily add several gigabytes to the install.

Windows Servicing
Another key distinction with Linux systems is how the system is service (ie. OS updates are applied). When you install an update to Windows via Windows or Microsoft update an update package is downloaded and installed which will include any number of updated binaries. Crucially, the original binaries are not removed but kept in a cache in case they are needed later. This is important in the event an update is removed in future, as it allows Windows to automatically downgrade the affected binaries to the "next best" available binaries available in the servicing cache (which might be the originally released versions, or those from an earlier update). Obviously, this results in Windows installations growing larger over time as they accumulate many additional versions of binaries as they are distributed via Windows or Automatic updates. The effect is doubled in the case of 64-bit installations as the update will typically include both 32-bit and 64-bit binaries in the case that WoW64 includes 32-bit versions of the targeted binaries. For the curious, you can find all the distinct packages installed on a Windows system under C:\Windows\WinSxS. The directory will typically be huge both in size and number of files/folders. Almost everything in the C:\Windows folder and various other parts of the system are in fact just hard links to files in this folder. When an update is installed (or removed), these hard links are updated to point to the appropriate binary files in the associated packages in the cache.

At any rate, these two aspects of Windows alone can add a substantial amount of extra data to the installation. That being said, storage is cheap, so it generally outweighs the negatives, but with SSDs being smaller capacity than most traditional HDDs, you can in some cases feel the pressure!

about 2 years ago
top

History Will Revere Bill Gates and Forget Steve Jobs, Says Author

Ralish Re:The big difference here is (679 comments)

How sad and cynical do you have to be to seriously believe that all the time and money Gates has spent, especially post-Microsoft, is some sort of elaborate ploy to make people think better of him? I'm sure he's under no illusion that he can convince certain elements of the Slashdot community, but really, that's far more a reflection on those people than it is him.

Your comment has truly depressed me. Doubly so that it got modded anything other than flamebait.

more than 2 years ago
top

In Australia, Google Pays Just $74k Tax On Claimed Revenues of $200 Million

Ralish Re:Google isn't the villain here (345 comments)

Let me re-phrase on your behalf:
"What kind of company wouldn't exploit every loophole or legal avenue available to pay the absolute minimum amount of taxes in the country they do business in and reap the benefits of? Hey, provided it's not actually illegal, who cares if it's wholly unethical?"

At some level, it's a frankly depressing picture of humanity that we can so easily rationalise away doing pretty much anything in the name of material pursuit, so long as it doesn't outright violate national laws. What's worse, is that I hate the fact that governments are seemingly enacting ever more legislation, ever more restricting our rights, and yet, it seems that when it comes to things like tax law, the reason is because if they don't, people will abuse it unless it is absolutely watertight. Hell, people admit they are looking for and exploiting the system as if it's a badge of honour, as if they'd be somehow morally liable if they didn't abuse the system.

more than 2 years ago
top

Windows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

Ralish Re:Bad enough I pay for microtransactions in MMO's (734 comments)

You can code multithreaded applications with Visual C++ Express, and you can develop 64-bit applications with Visual C++ Express. So, you're a troll, ignorant, or both. You are correct that profiling requires a (seriously expensive) Visual Studio edition, but profiling is an advanced compiler feature, not a "I need this to develop useful stuff" feature. I do think it would be nice if it weren't locked away in an expensive VS edition, but, it's hardly something you need to code your apps.

more than 2 years ago
top

Windows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

Ralish Re:Bad enough I pay for microtransactions in MMO's (734 comments)

Um, Microsoft makes its C/C++ compiler available for free, along with the Windows SDK. You're probably thinking of Visual Studio, but Microsoft makes a basic version for C/C++ free as Visual C++ Express; effectively, a basic Visual Studio edition purely for C/C++ coding without the enterprise features. If you need those features, you're probably doing more than hobbyist development/basic development.

more than 2 years ago
top

Windows 8 Won't Play DVDs Unless You Pay For the Media Center Pack

Ralish Licensing costs (734 comments)

This does actually make some level of sense, the reason being, Microsoft has to pay to license the required codecs for playback of DVDs, Blu-rays, HD-DVDs, etc... when they bundle them with Windows (think H264, for example). This does result in a price increase to the cost of every Windows license. Media playback is one of the very few areas of the Windows operating system where Microsoft has to pay a per-license additional cost for the inclusion of this extra code (I can't think of any others, but I'm sure other Slashdotters may have insight here).

So, why should everyone have to pay the extra fee for these codecs if they have no interest in using them? I can't even remember the last time I watched a physical Blu-ray or DVD on a computer, and when I do watch media, I do it through VLC Media Player. And, after all, this isn't a DRM restriction, go and install VLC Media Player, or ffdshow, or whatever you please, and you can get many/all these codecs via 3rd-party for free. So, honestly, who gives a damn?

more than 2 years ago
top

Why We Should Buy Music In FLAC

Ralish Re:Compatibility (550 comments)

Can you please provide links?

more than 3 years ago
top

Why We Should Buy Music In FLAC

Ralish Compatibility (550 comments)

Because FLAC is very poorly supported among both portable media devices and media center devices? Further, the difference in actual perceptible quality between a high quality mp3/ogg/wma/whatever encoding and a FLAC encoding is between negligible and non-existent, negating pretty much any benefit of FLAC. Media archival is one area where FLAC is an obvious choice for, but bit-for-bit storage is generally something only a subset of music enthusiasts care about, and so unless constantly transcoding FLAC into a format that your chosen non-PC device supports is your idea of a good time, then it's just not worth the effort...

more than 3 years ago
top

Windows DLL Vulnerability Exploit In the Wild

Ralish Re:Application developers fault (178 comments)

Microsoft created a liberal dynamic library search path that allows (or even encourages) applications to not fully specify DLL locations. Now, after the fact, they publish this security statement saying not to use the dynamic library searching they documented previously.

So basically, your suggestion is to design an OS that ensures that it is secure by taking away API calls that could be misused in a way that compromises security? By your own admission, it is a documented specification, and it is behaving exactly as it is intended to do so. It isn't a "bug" in the API, it's misuse by various developers. However, Microsoft is at fault for how developers (its own or 3rd-party) misuse an API call that is fully documented and behaving exactly as intended? This makes absolute, perfect sense.

It is of course Microsoft's fault. They didn't consider security at all when loading DLLs, and now they are blaming applications that implemented the documented specification.

Yes, they are blaming applications that have incorrectly used the documented specification. And, they have provided the capability to control remote loading of DLLs through a patch that can be targetted at individual applications or the entire OS. What more can reasonably be done?

The bottom line is that Windows was never designed to be secure, it was designed to have the most functionality, and trying to patch every hole now is almost impossible. Generally, when code reaches this level of complexity and brittleness, it is often the best course to start all over.

And this is factually wrong. Windows NT (as opposed to Windows) was designed from Day 1 to be secure. You can argue whether they succeeded in developing a secure OS, and that might be a far more interesting debate, but to argue that it was never designed to be secure is incorrect. This is a fact of historical record. I'd argue that earlier versions of Windows NT were significantly flawed from a security perspective while modern versions (Vista and newer) are significantly improved, but that's another debate.

Essentially, your entire argument is that it is Microsoft's fault for providing a documented API that can be misused. I'll grant the defaults could have been chosen better, but competent programmers need to be aware of these issues. I'm mildly surprised it's getting the coverage it is, as this isn't some brand new attack; this issue has been known about for some time and not gotten a lot of coverage because it simply isn't that big a deal and is not a flaw in the underlying OS. For example, this blog post from early 2008 covers the issue (and was linked in some more recent blog posts): DLL Preloading Attacks

more than 4 years ago
top

Windows DLL Vulnerability Exploit In the Wild

Ralish Re:Application developers fault (178 comments)

OK, there's a fix for that, but only if you can call the awful kludge that is WinSxS a "fix".

I always thought that WinSxS was quite an elegant fix to a difficult problem. Put it this way, I still have nightmares about DLL Hell from the bad old days, but have yet to encounter a problem due to WinSxS. The closest I've come is one or two applications making assumptions about dependencies (i.e. not bundling the required installers and not failing gracefully). Have you had issues with WinSxS?

more than 4 years ago
top

ScienceBlogs.com Deals With Community Backlash Over PepsiCo Column

Ralish Easy Answer (299 comments)

"How do we empower top scientists working in industry to lead science-minded positive change within their organizations? ... How do companies who seek genuine dialogue with this community engage?"

The answer is:
Said "top scientists working in industry" are welcome to do all of the above, and should be encouraged to do so in fact, but the determining factor of whether their work is published should be one purely of merit; not payment for publicity or any other form of bribe that results in direct gain to the publisher.

more than 4 years ago
top

Clashing Scores In the HTML5 Compatibility Test Wars

Ralish Re:test results are largely irrelevant anyway (203 comments)

Wait, what? No Windows Service Pack has ever forced an update of Internet Explorer; maybe NT 4.0 did as I can't remember that far back, but definitely nothing since Windows 2000 onwards. Windows XP SP3 will install fine with IE 6.0 (XP bundled version). They'd be breaking their own support policy by even doing so, as Microsoft commits to supporting the version of IE that is shipped with every Windows version for the lifetime of support for that OS release. Seriously, where do you trolls get your garbage? You're not picking exceptions, you're claiming shit that has never happened.

more than 4 years ago
top

Microsoft Kills Support For XP SP2

Ralish Re:So what? (315 comments)

That's because XP x64 isn't actually XP (NT 5.1), it's Windows Server 2003 (NT 5.2). That is, it's really only XP in name as it is built off the Windows Server 2003 codebase. It has all the server functionality of its counterparts removed as well as some minor functionality present in XP but absent from the server releases included. Consequently, they share the same service packs and updates, with the latest service pack for Windows Server 2003 being SP2. Unless of course, you meant the original "XP" Itanium release, which really is built off of XP, but support for that was discontinued a long time ago.

more than 4 years ago
top

Win7 Can Delete All System Restore Points On Reboot

Ralish Re:Stop preaching Linux (449 comments)

Then they're not competent, or more likely, they did something catastrophic to the operating system that makes reinstalling the easier solution than hunting down the actual cause(s) and fixing it/them. For example, a seriously nasty virus infection that hoses operating system components, or disk corruption that takes out half the registry without a backup. Linux, while less susceptible to some of these problems for various reasons, isn't immune to them.

I have well over a decade of experience using MS operating systems and I've never had to reinstall a system because I absolutely couldn't fix it; I've chosen to reinstall systems that were compromised by an infection because, although I could remove it, I lack confidence that it is 100% removed and the system is back to a pristine state. I've done the same for Linux boxes that were hit by rootkits; I simply can't guarantee trust of that system anymore knowing that install has been thoroughly compromised. As far as configuration issues go, versus security or data destruction issues, I've never had to revert to a reinstall.

Typically, I also find it unproductive, as you don't learn anything. Even if it's a bastard to track down the issue, you learn a lot from the experience, and that will help you solve the same or similar problems in the future. Reinstalling any operating system is a very blunt approach. More to the point, for most systems I use as well as friends and family, reinstalling is more time consuming in the long run for sheer time and effort invested backing up data, reinstalling apps, restoring data, and getting the configuration back to a state that you like. Then there's the problem that sometimes the reinstall didn't fix the problem, and you've wasted a monumental amount of time. So I view reinstalls as a solution on any OS as a particularly poor solution; it's frustrating it is so common on Windows systems as to me it demonstrates a lack of technical proficiency by many who would claim competence with the system.

more than 4 years ago
top

Win7 Can Delete All System Restore Points On Reboot

Ralish Re:System restore stinks. Image your disk (449 comments)

Security policy is just one aspect of Group Policy, and a small one at that relative to the total set of configurable options. In essence, if it is a configurable Windows setting, Group Policy can configure it; including settings that have no GUI front-end outside of the GPO configuration window (ie. typically registry settings without a Control Panel UI). The point being, of all the configurable settings in Windows (or any OS), security settings tend to be a minority considering everything else.

That aside, while deploying secure systems in the first place is unquestionably the smart thing to do, security tends to be dynamic, and security configurations change. When they do, even on Linux, a mechanism to quickly and easily update security settings company wide (e.g. for LDAP authentication or NFS/SMB authentication) is obviously incredibly useful, and pasting together scripts that modify the relevant files (hopefully at the individual settings level instead of just nuking the entire file with a new copy and potentially wiping out custom settings) is a clunky business at best, and definitely not elegant.

You're correct hands-down though that Linux is far superior for pushing out whole applications through an internal repo or other solution. There's some interesting stuff going on with using WSUS to deploy 3rd-party apps, and AD can do it with MSI packages, but it's still not even close to the power of rpm/deb and associated distribution technologies generally, and certainly not as easy to setup and manage.

more than 4 years ago
top

Win7 Can Delete All System Restore Points On Reboot

Ralish Re:Stop preaching Linux (449 comments)

Inexperienced Linux user:

Windows issues can be fixed.
Linux can be reinstalled. Probably. Or you can get a new distro and migrate your data. Perhaps.

Do you see the point I'm trying to hammer home?

more than 4 years ago
top

Australian Government Delays Internet Filter Legislation

Ralish Re:Won't somebody please think of the children!?!? (255 comments)

Um, Xenophon is against the filter, and has publicly stated this several times. I don't agree with everything he says by a long shot, but he's definitely not a crackpot like Steve Fielding or Tony Abbott. Further, independents can often be a good thing, primarily because they don't toe the party line and are more likely to vote based on their personal beliefs than what will get them a promotion to the front bench. I'd rather politicians who vote for what they believe in (even if I disagree) than vote for what earns them a larger salary or a nicer job. I'd say his electorate and who they vote for is a fair indication of whether he is being a tosser. Considering how difficult it is to get elected as an independent, without the massive financial and human resources you'd have at your disposal as a member of one of the major parties, I'd suggest he by definition has to be quite in tune with them. You might want to check the actual policies and standpoints of members of parliament before unleashing abuse on them.

A recent interview with Xenophon: Q&A: Xenophon on ISPs, Telstra and the cloud.

more than 4 years ago

Submissions

Ralish hasn't submitted any stories.

Journals

Ralish has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?