Windows Genuine Advantage -- Indeed?
Martha Adams
Hopefully I'm clear of WGA, because when it turned up as an
"improvement" updating my Windows, it looked suspicious to me
and I did not download it. Then I scouted around, and I found out
what it really is....
I see a value thing in this. If I have valuable data in my system, or
if my system is running an invalid's life support, etc etc, and my
system is running a Windows, does Microsoft thereby own it all and
can use my property for a ransom operation? Like a terrorist?
Anyhow, there is mention of a "30 day window" to get back in good
with the Microsoft people. Aha! Plenty of time to make backups using
a non proprietary software and generally get squared away. Then if
Microsoft acts on their threat, just move over into a Linux.
Or, if you're caught in some sort of a squeeze and your computer
turns up dead, your good stuff is still in there and I can see people
working *right now* for Linux utilities that salvage your files from
a machine after Microsoft has killed their Windows for you.
Meanwhile, when this WGA first came along, I turned off my auto
update. I'm going to have to go in there and kill the "feature" that
keeps reminding me that update is off now.
Cheers -- Martha Adams
Keith F. Lynch
> If I have valuable data in my system, or if my system is running an
> invalid's life support, etc etc, and my system is running a Windows,
> does Microsoft thereby own it all and can use my property for a
> ransom operation? Like a terrorist?
I'm sure that use of Windows in a life-critical application would be
considered gross negligence. The all too common blue screen of death
should never be allowed to result in a real death.
But things would certainly get interesting if Microsoft does start
holding data ransom, or randomly disabling systems that they wrongly
think are running stolen copies of Windows. They would quickly be
sued into bankruptcy, unless they've somehow succeeded in buying off
the whole court system. If they were sued into bankruptcy, Windows
would quickly be replaced by better software, to everyone's advantage.
And if they did succeed in buying off the whole court system, this
would be obvious to everyone, and would lead to a long-overdue
universal rejection of the court system. So we win either way.
> Anyhow, there is mention of a "30 day window" to get back in good
> with the Microsoft people. Aha! Plenty of time to make backups
> using a non proprietary software and generally get squared away.
> Then if Microsoft acts on their threat, just move over into a Linux.
Or BSD, or VMS, or some other operating system. Linux isn't the only,
or in my opinion the best, non-Microsoft OS.
Numerous VMS systems have continuous uptimes of over 15 years. Has
any Windows machine managed to stay up for that many *days*? While
getting any actual use, I mean? What's the record for Linux?
I hope everyone is making regular backups, and storing them offsite,
in any case. Even without malice on the part of Redmond, hardware
and software do fail. Or one's computer can be stolen, seized by the
police, or wrecked in a flood or fire. Where I used to work, one of
the sites we supported was wiped off the map by a tornado. Another
one was buried by a volcano.
> Meanwhile, when this WGA first came along, I turned off my auto
> update. I'm going to have to go in there and kill the "feature"
> that keeps reminding me that update is off now.
We get those automatic updates at work. It feels really weird to me.
For most of my working life, my understanding was that you don't make
*any* changes to the system software on a production machine without
a very good reason, nor do you make it without thoroughly testing and
studying the proposed changes.
I suppose that means we have WGA at work. (Is there any way I can
check?) I guess we all get a lengthy vacation if the thing goes all
Forbin on us next fall. Our clients would be screwed, but we'd all
still get paid money from Bill Gates, thanks to what would no doubt
be the world's largest ever class-action lawsuit.
I wouldn't begrudge Bill Gates his tens of billions if they came from
honest labor. But I sincerely believe his software has made the
world a worse place, as it's the worst crap I've used since the late
unlamented NOS/BE. Nor is he satisfied with getting money from
those who choose to use his software. If you buy a PC, it's nearly
impossible not to buy a copy of Windows to go with it, even if your
intention is to immediately install NetBSD. It's as if it was almost
impossible to buy a DVD player without also paying for an unwanted
copy of _Battlefield Earth_.
--
Keith F. Lynch - http://keithlynch.net/
Please see http://keithlynch.net/email.html before emailing me.
Karl Johanson
news:e88v59$pl8$1...@panix2.panix.com...
> Martha Adams <mh...@verizon.net> wrote:
>> If I have valuable data in my system, or if my system is running an
>> invalid's life support, etc etc, and my system is running a Windows,
>> does Microsoft thereby own it all and can use my property for a
>> ransom operation? Like a terrorist?
>
> I'm sure that use of Windows in a life-critical application would be
> considered gross negligence. The all too common blue screen of death
> should never be allowed to result in a real death.
A common cause of blue screen syndrome is an insufficient power supply
for the number of pieces of hardware. Someone might by a premade
computer, which has an adequate power supply, then put in a more
advanced video card, and keep the original video card for a second
monitor, and put in an Ethernet card, a second hard drive, etc. and then
the power supply isn't always up to providing adequate power at all
times. Too many computers (or other devices) plugged into a single power
circuit can be a problem as well. (To be sure, there are many other
causes of blue screen crashes.)
> But things would certainly get interesting if Microsoft does start
> holding data ransom, or randomly disabling systems that they wrongly
> think are running stolen copies of Windows. They would quickly be
> sued into bankruptcy, unless they've somehow succeeded in buying off
> the whole court system. If they were sued into bankruptcy, Windows
> would quickly be replaced by better software, to everyone's advantage.
Or maybe another large monopoly. Trying to predict market directions is
like trying to predict the specifics of Brownian motion.
> And if they did succeed in buying off the whole court system, this
> would be obvious to everyone, and would lead to a long-overdue
> universal rejection of the court system. So we win either way.
>
>> Anyhow, there is mention of a "30 day window" to get back in good
>> with the Microsoft people. Aha! Plenty of time to make backups
>> using a non proprietary software and generally get squared away.
>> Then if Microsoft acts on their threat, just move over into a Linux.
>
> Or BSD, or VMS, or some other operating system. Linux isn't the only,
> or in my opinion the best, non-Microsoft OS.
>
> Numerous VMS systems have continuous uptimes of over 15 years. Has
> any Windows machine managed to stay up for that many *days*? While
> getting any actual use, I mean? What's the record for Linux?
>
> I hope everyone is making regular backups, and storing them offsite,
> in any case.
Excellent advice.
> Even without malice on the part of Redmond, hardware
> and software do fail. Or one's computer can be stolen, seized by the
> police, or wrecked in a flood or fire. Where I used to work, one of
> the sites we supported was wiped off the map by a tornado. Another
> one was buried by a volcano.
>
>> Meanwhile, when this WGA first came along, I turned off my auto
>> update. I'm going to have to go in there and kill the "feature"
>> that keeps reminding me that update is off now.
>
> We get those automatic updates at work. It feels really weird to me.
> For most of my working life, my understanding was that you don't make
> *any* changes to the system software on a production machine without
> a very good reason, nor do you make it without thoroughly testing and
> studying the proposed changes.
There are new security threats all the time, and Some of the updates are
intended to deal with those. The problem of viruses tends to just be
vandals. The problems with spyware, adware, foistware, keyloggers, etc.
is of a different level. This isn't just vandals bent on fucking things
up for amusement, this is companies wanting lots of money. There are
billions of dollars being spent creating these new security threats and
ad annoyances, because there are more $billions to be made from them.
Most of the attacks are on Windows based systems, as that's the largest
market share of the computer market. If Mac or Linux had the largest
market share, they would likely be subject to considerably more attacks
than they are now. I wouldn't count on updates handling all security
issues, and I recommend anti-spyware as well as anti virusware (watch
for scam anti-spyware programs though). Some of the people who use the
anti-syware I work on also run 3 other antispyware programs as well.
> I suppose that means we have WGA at work. (Is there any way I can
> check?) I guess we all get a lengthy vacation if the thing goes all
> Forbin on us next fall. Our clients would be screwed, but we'd all
> still get paid money from Bill Gates, thanks to what would no doubt
> be the world's largest ever class-action lawsuit.
>
> I wouldn't begrudge Bill Gates his tens of billions if they came from
> honest labor. But I sincerely believe his software has made the
> world a worse place, as it's the worst crap I've used since the late
> unlamented NOS/BE. Nor is he satisfied with getting money from
> those who choose to use his software. If you buy a PC, it's nearly
> impossible not to buy a copy of Windows to go with it, even if your
> intention is to immediately install NetBSD.
How is it even conceivable that you can think it's nearly impossible?
> It's as if it was almost
> impossible to buy a DVD player without also paying for an unwanted
> copy of _Battlefield Earth_.
So? Gates made deals with the computer sellers. Few things are as
amusing as an anarchist complaining about the direction of market
forces...
Karl Johanson
Doug Wickstrom
<karljo...@shaw.ca> wrote:
>How is it even conceivable that you can think it's nearly impossible?
For the same reason that he thinks it odd not to frequent
restaurants, or to cook one's food, or to prefer temperatures in
one's personal space closer to 70F than to 85.
He's not human, I tell you, he's from Mars, and after decades of
study, he still doesn't understand us.
Keith F. Lynch
> (To be sure, there are many other causes of blue screen crashes.)
My understanding is that the most common causes are memory leaks and
arrays going out of bounds. Incompetent programming at Microsoft, in
other words.
> "Keith F. Lynch" <k...@KeithLynch.net> wrote:
>> If they were sued into bankruptcy, Windows would quickly be
>> replaced by better software, to everyone's advantage.
> Or maybe another large monopoly.
The other major OSs are currently all open source. I suppose this
could eventually change, but I see no sign of that. And WGAmageddon,
if it happens at all, is supposed to be this year.
>> We get those automatic updates at work. It feels really weird to
>> me. For most of my working life, my understanding was that you
>> don't make *any* changes to the system software on a production
>> machine without a very good reason, nor do you make it without
>> thoroughly testing and studying the proposed changes.
> There are new security threats all the time, and Some of the updates
> are intended to deal with those. The problem of viruses tends to
> just be vandals. The problems with spyware, adware, foistware,
> keyloggers, etc. is of a different level. This isn't just vandals
> bent on fucking things up for amusement, this is companies wanting
> lots of money. There are billions of dollars being spent creating
> these new security threats and ad annoyances, because there are more
> $billions to be made from them.
Good point. But see below.
> Most of the attacks are on Windows based systems, as that's the
> largest market share of the computer market. If Mac or Linux
> had the largest market share, they would likely be subject to
> considerably more attacks than they are now.
Most of the attacks are on Windows based systems because the way
Windows interacts with the Internet is so profundly broken. Web
browsers, mail readers, and newsreaders ought to only be able to
display text and images on the screen and makes sounds in the
speakers. They should *never* be able to save executable code
the web page, email, or newsgroup posting to disk, or run it,
without the user's explicit permission.
> So? Gates made deals with the computer sellers.
And then refused to honor its contracts. Google on "Windows
Refund Day."
David Goldfarb
Keith F. Lynch <k...@KeithLynch.net> wrote:
>any Windows machine managed to stay up for that many *days*? While
>getting any actual use, I mean?
Oh, come on. I'm no fan of Windows or Microsoft, but here you're
just being stupid.
We have a box at work running XP, and a network gateway running NT.
Both have often gone months without a reboot. (The NT box might well
be up to a year or two by now. We don't use it for much besides
being the central server for the local network and gateway to the
Internet.)
--
David Goldfarb |"I came to Casablanca for the waters."
gold...@ocf.berkeley.edu | "The waters? What waters? We're in the desert."
gold...@csua.berkeley.edu |"I was misinformed."
Paul Ciszek
In article <e896rc$quh$1...@panix2.panix.com>,
>
>The other major OSs are currently all open source. I suppose this
>could eventually change, but I see no sign of that. And WGAmageddon,
>if it happens at all, is supposed to be this year.
I am still running Windows 2000. Will WGA be able to paralyze it?
--
Please reply to: | "Any sufficiently advanced incompetence is
pciszek at panix dot com | indistinguishable from malice."
Autoreply is disabled |
Karl Johanson
news:e896rc$quh$1...@panix2.panix.com...
> Karl Johanson <karljo...@shaw.ca> wrote:
>> (To be sure, there are many other causes of blue screen crashes.)
>
> My understanding is that the most common causes are memory leaks
> and arrays going out of bounds. Incompetent programming at Microsoft,
> in
> other words.
Memory leaks (and handles leaks or GDI leaks) are often application
problems. Something I regularly look for in application testing.
Registry problems can be a cause of system crashes as well. I just QA'd
a Registry Cleaner program. Interesting stuff. Windows does Registry
back-ups, but not everyone knows how to use that functionality (I don't
understand as much of it as I'd like).
If an application wants a 'Designed for Windows' logo it has to go
through certification, which includes memory leak checking.
>> "Keith F. Lynch" <k...@KeithLynch.net> wrote:
>>> If they were sued into bankruptcy, Windows would quickly be
>>> replaced by better software, to everyone's advantage.
>
>> Or maybe another large monopoly.
>
> The other major OSs are currently all open source. I suppose this
> could eventually change, but I see no sign of that.
In part because there's an existing large monopoly. I expect some other
product would catch an increasing returns wave, if Windows was gone.
>And WGAmageddon,
> if it happens at all, is supposed to be this year.
>
>>> We get those automatic updates at work. It feels really weird to
>>> me. For most of my working life, my understanding was that you
>>> don't make *any* changes to the system software on a production
>>> machine without a very good reason, nor do you make it without
>>> thoroughly testing and studying the proposed changes.
>
>> There are new security threats all the time, and Some of the updates
>> are intended to deal with those. The problem of viruses tends to
>> just be vandals. The problems with spyware, adware, foistware,
>> keyloggers, etc. is of a different level. This isn't just vandals
>> bent on fucking things up for amusement, this is companies wanting
>> lots of money. There are billions of dollars being spent creating
>> these new security threats and ad annoyances, because there are more
>> $billions to be made from them.
>
> Good point. But see below.
>
>> Most of the attacks are on Windows based systems, as that's the
>> largest market share of the computer market. If Mac or Linux
>> had the largest market share, they would likely be subject to
>> considerably more attacks than they are now.
>
> Most of the attacks are on Windows based systems because the way
> Windows interacts with the Internet is so profundly broken.
Do you think as many gigabucks would be spent writing Linux malware if
it were a 'broken' as Windows, with its trivial market share? As I said,
much of the modern malware is about money. There are more Windows users
than any other OS (more than all the others combined), so they're the
biggest target as that's where the most money is. Macs are a smaller
market (even as they're cool products), but are still targeted, partly
because they represent a significant market share and partly because so
many people believe the stories of them being hack proof. Linux is a
trivial market, even as it seems a cool product, so there is trivial
money in writing Linux malware.
> Web
> browsers, mail readers, and newsreaders ought to only be able to
> display text and images on the screen and makes sounds in the
> speakers.
It's possible to run malware using the decompression routines of some
image types, although I understand recent windows updates prevent some
possible forms of this.
> They should *never* be able to save executable code
> the web page, email, or newsgroup posting to disk, or run it,
> without the user's explicit permission.
Much of the executable malware comes in as Trojans (scanners or active
monitors can catch some of those). A significant amount of other
executable malware actually describes what it does in the EULA, but many
people don't read them & can't understand all of it if they do.
>> So? Gates made deals with the computer sellers.
>
> And then refused to honor its contracts. Google on "Windows
> Refund Day."
What? And the market place didn't fix it? I'm shocked...
Karl Johanson
David G. Bell
gold...@OCF.Berkeley.EDU "David Goldfarb" wrote:
> In article <e88v59$pl8$1...@panix2.panix.com>,
> Keith F. Lynch <k...@KeithLynch.net> wrote:
> >Numerous VMS systems have continuous uptimes of over 15 years. Has
> >any Windows machine managed to stay up for that many *days*? While
> >getting any actual use, I mean?
>
> Oh, come on. I'm no fan of Windows or Microsoft, but here you're
> just being stupid.
>
> We have a box at work running XP, and a network gateway running NT.
> Both have often gone months without a reboot. (The NT box might well
> be up to a year or two by now. We don't use it for much besides
> being the central server for the local network and gateway to the
> Internet.)
Earlier versions of Windows, certainly up to Win98, were notorious for
uptime-related crashes. Windows XP derives from NT and doesn't have
those problems.
Knowing Keith's oft-expressed knowledge of computers, I suspect he's
badly out of date,
--
David G. Bell -- SF Fan, Filker, and Punslinger.
"I am Number Two," said Penfold. "You are Number Six."
Doug Wickstrom
("David G. Bell") wrote:
>On Sunday, in article <e89lkd$1gvq$1...@agate.berkeley.edu>
> gold...@OCF.Berkeley.EDU "David Goldfarb" wrote:
>
>> In article <e88v59$pl8$1...@panix2.panix.com>,
>> Keith F. Lynch <k...@KeithLynch.net> wrote:
>> >Numerous VMS systems have continuous uptimes of over 15 years. Has
>> >any Windows machine managed to stay up for that many *days*? While
>> >getting any actual use, I mean?
>>
>> Oh, come on. I'm no fan of Windows or Microsoft, but here you're
>> just being stupid.
>>
>> We have a box at work running XP, and a network gateway running NT.
>> Both have often gone months without a reboot. (The NT box might well
>> be up to a year or two by now. We don't use it for much besides
>> being the central server for the local network and gateway to the
>> Internet.)
>
>Earlier versions of Windows, certainly up to Win98, were notorious for
>uptime-related crashes. Windows XP derives from NT and doesn't have
>those problems.
Well, last week, because of the heat load in the house, I turned
off a Win 98 (OE) box that I had last turned on last August. As
it did not ask for my network logon, but merely displayed the
desktop when I "woke it up," I assume that I'd had no power
failures, and that it hadn't so much as performed an uncommanded
reboot during the interim.
I will admit that would not have been able to do that today, as
I've had at least three momentary power outages since then.
However, my server, running 2000 Server, and UPS-protected,
hasn't been rebooted since last March, except during software
installations. And the problem in March was a hardware failure.
Yes, Keith's knowledge is out of date. Or out of whack. Lots of
his knowledge is based on his personal experiences, which as
nearly as I can tell, aren't even remotely representative of
anyone else on this planet.
Wim Lewis
Karl Johanson <karljo...@shaw.ca> wrote:
>"Keith F. Lynch" <k...@KeithLynch.net> wrote in message
>news:e88v59$pl8$1...@panix2.panix.com...
>> impossible not to buy a copy of Windows to go with it, even if your
>> intention is to immediately install NetBSD.
>
>How is it even conceivable that you can think it's nearly impossible?
There was a period in which it was quite difficult. It's gotten a
lot easier in the last five or ten years.
>So? Gates made deals with the computer sellers. Few things are as
>amusing as an anarchist complaining about the direction of market
>forces...
Well, only if they're an anarcho-capitalist-libertarian-whatever (you
know, the free market uber alles people). Not all anarchists are such.
--
Wim Lewis <wi...@hhhh.org>, Seattle, WA, USA. PGP keyID 27F772C1
Paul Ciszek
In article <%1Opg.663$Sr1.572@trndny08>,
Martha Adams <mh...@verizon.net> wrote:
>
>Meanwhile, when this WGA first came along, I turned off my auto
>update. I'm going to have to go in there and kill the "feature" that
>keeps reminding me that update is off now.
I am still running Windows 2000. Every few months, I click the
"update" button and install the recommended updates. Is it already
to late?
Bernard Peek
> Meanwhile, when this WGA first came along, I turned off my auto
> update. I'm going to have to go in there and kill the "feature" that
> keeps reminding me that update is off now.
It makes more sense to reject that update and leave auto-update enabled.
--
--
Bernard Peek
b...@shrdlu.com
Konrad Gaertner
>
> In rec.arts.sf.fandom Martha Adams wrote:
>
> > Meanwhile, when this WGA first came along, I turned off my auto
> > update. I'm going to have to go in there and kill the "feature" that
> > keeps reminding me that update is off now.
>
> It makes more sense to reject that update and leave auto-update enabled.
I tried that, and it came back.
--
Konrad Gaertner - - - - - - - - - - - - - - email: gae...@aol.com
http://kgbooklog.livejournal.com/
"I don't mind hidden depths but I insist that there be a surface."
-- James Nicoll
Tim McDaniel
Paul Ciszek <nos...@nospam.com> wrote:
>I am still running Windows 2000. Every few months, I click the
>"update" button and install the recommended updates.
Patch Tuesday is the second Tuesday of each month. You should check
for updates then, to minimize your exposure.
--
Tim McDaniel; Reply-To: tm...@panix.com
Doug Wickstrom
Ciszek) wrote:
>I am still running Windows 2000. Every few months, I click the
>"update" button and install the recommended updates. Is it already
>to late?
No. WGA doesn't install on W2K. It only works with XP.
James A. Donald
> If you buy a PC, it's nearly
> impossible not to buy a copy of Windows to go with it, even if your
> intention is to immediately install NetBSD.
Except for laptops, I have never purchased a computer with windows
installed. This was not a result any great effort on my part, or even
any deliberate intention. It just turned out that way, as a side
effect of my efforts to get the most computer for the least money.
--
----------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/ James A. Donald
James A. Donald
> > My understanding is that the most common causes are
> > memory leaks and arrays going out of bounds.
> > Incompetent programming at Microsoft, in other
> > words.
"Karl Johanson"
> Memory leaks (and handles leaks or GDI leaks) are
> often application problems. Something I regularly look
> for in application testing.
They are, in fact, usually application problems, but
should not be possible in a well designed operating
system: But when windows, and for that matter linux, was
created, we really did not know what was needed for a
secure operating system.
Linux inherited from Unix security against untrusted
users, but this is of limited value against untrusted
programs - every file and system resource should not
only have a user that owns it, but an installed package
that owns it.
A well designed operating system should imprison each
GUI thread in a VM and give it only such privileges as
it needs to do its job. For example no normal
application should have authority to write in the file
system anywhere it pleases. Instead, when it wants to
save a file, it should ask special privileged code
outside its VM to pop up a file save dialog, and that
privileged code should give the application a file
handle, which can only be used to write to the file that
the user selected. Similarly, the window frames should
be run by privileged and trusted code outside the
application's VM, and all the application inside the VM
should get is a virtual device handle that allows it to
paint to the screen inside its windows, and see the input
that is sent to its windows. Mark Samuel Miller has
written a thesis on this kind of access control "Robust
Composition"
http://www.erights.org/talks/thesis/index.html
Since all resources are labeled by their owner, closing
down a program should automatically and necessarily free
up all resources associated with running the program,
thus it should not be possible for an application
program to create the blue screen of death. A single VM
containing a single GUI thread might die, but all other
applications would be unaffected, and uninstalling the
program should automatically and necessarily remove
everything that was installed. Thus trojans and viruses
would unavoidably and necessarily show up in the
installed list (under false names and false pretenses,
no doubt, but they would show up), would be
uninstallable, and if installed would not be able to
grab limitless control of all resources and snoop through
and modify all user files.
We now know how to create a secure operating system.
But only *now* do we see the what needs to be done.
Keith F. Lynch
> They are, in fact, usually application problems, but should not be
> possible in a well designed operating system: But when windows, and
> for that matter linux, was created, we really did not know what was
> needed for a secure operating system.
When was this? Linux dates to 1990, Windows to 1985. But VMS got it
right in 1978, as did Multics in 1969 and CTSS in 1961.
Keith F. Lynch
> Bernard Peek wrote:
>> It makes more sense to reject that update and leave auto-update
>> enabled.
> I tried that, and it came back.
Sometimes at work my desktop machine, running XP, wants to reboot
to install something new. It allows me to say "do it later." But
then it asks me again, and again and again, every half hour, until
I relent.
David Dyer-Bennet
> "Keith F. Lynch"
> > > My understanding is that the most common causes are
> > > memory leaks and arrays going out of bounds.
> > > Incompetent programming at Microsoft, in other
> > > words.
>
> "Karl Johanson"
> > Memory leaks (and handles leaks or GDI leaks) are
> > often application problems. Something I regularly look
> > for in application testing.
>
> They are, in fact, usually application problems, but
> should not be possible in a well designed operating
> system: But when windows, and for that matter linux, was
> created, we really did not know what was needed for a
> secure operating system.
Oh, baloney. Multics far predates either, and is more secure than
either.
> Linux inherited from Unix security against untrusted
> users, but this is of limited value against untrusted
> programs - every file and system resource should not
> only have a user that owns it, but an installed package
> that owns it.
Trusted programs is mostly a pretty risky idea anyway (suid being the
most common Unix instance).
> A well designed operating system should imprison each
> GUI thread in a VM and give it only such privileges as
> it needs to do its job.
Why should such user-level constructs as "GUI" even be visible to the
OS?
> For example no normal application should have authority to write in
> the file system anywhere it pleases.
Nor does it, even on Windows. And hasn't on Unix since the very
earliest days.
> Instead, when it wants to save a file, it should ask special
> privileged code outside its VM to pop up a file save dialog, and
> that privileged code should give the application a file handle,
> which can only be used to write to the file that the user selected.
It's not acceptable to require user interaction for every file open
for write. And we can already control where it rights with ACL. I
think you're proposing a cure that's worse than the disease you see,
when there's already a *real* cure available.
> Similarly, the window frames should be run by privileged and trusted
> code outside the application's VM, and all the application inside
> the VM should get is a virtual device handle that allows it to paint
> to the screen inside its windows, and see the input that is sent to
> its windows. Mark Samuel Miller has written a thesis on this kind of
> access control "Robust Composition"
> http://www.erights.org/talks/thesis/index.html
Yes, that's what the window manager and the device drivers are.
> Since all resources are labeled by their owner, closing
> down a program should automatically and necessarily free
> up all resources associated with running the program,
> thus it should not be possible for an application
> program to create the blue screen of death.
Of course not. And it isn't, generally; Windows being the one major
exception. Microsoft deliberately made Windows less reliable in the
transition from NT 3.x to NT 4.0 (from which 2000 and XP both derive)
by giving user programs more access than they should have to device
drivers.
> A single VM containing a single GUI thread might die, but all other
> applications would be unaffected, and uninstalling the program
> should automatically and necessarily remove everything that was
> installed.
Getting several things confused here. Process destruction does
reliably free process memory and file handles in every OS I know.
Tracking installed stuff is an interesting idea, but troublesome; I
frequently need to bypass apt (Debian) or rpm (Redhat) for locally
developed software.
> Thus trojans and viruses would unavoidably and necessarily show up
> in the installed list (under false names and false pretenses, no
> doubt, but they would show up), would be uninstallable, and if
> installed would not be able to grab limitless control of all
> resources and snoop through and modify all user files.
You're exaggerating the access they get here. And I think being very
optimistic on their inability to hide.
> We now know how to create a secure operating system.
> But only *now* do we see the what needs to be done.
No, this was pretty well understood in the 1960s; it's just that
nobody much *cares*. Sadly.
--
David Dyer-Bennet, <mailto:dd...@dd-b.net>, <http://www.dd-b.net/dd-b/>
RKBA: <http://www.dd-b.net/carry/>
Pics: <http://dd-b.lighthunters.net/> <http://www.dd-b.net/dd-b/SnapshotAlbum/>
Dragaera/Steven Brust: <http://dragaera.info/>
Konrad Gaertner
>
> Konrad Gaertner <gae...@aol.com> wrote:
> > Bernard Peek wrote:
> >> It makes more sense to reject that update and leave auto-update
> >> enabled.
>
> > I tried that, and it came back.
>
> Sometimes at work my desktop machine, running XP, wants to reboot
> to install something new. It allows me to say "do it later." But
> then it asks me again, and again and again, every half hour, until
> I relent.
Yeah, but that is after download and partial install. I told it
not to download WGA last month, and it's asking me again this month.
BTW, how critical is it to auto-upgrade Java? I've got J2SE
Runtime Enviroment 5.0 with Update 6 (I believe from Sun not MS).
It recently wanted to check for updates, and I said no, because
the last time it updated, it caused Windows Explorer (the file
manager) to crash every time I opened a directory containing a
QuickTime movie.
Keith F. Lynch
> Earlier versions of Windows, certainly up to Win98, were notorious
> for uptime-related crashes. Windows XP derives from NT and doesn't
> have those problems.
> Knowing Keith's oft-expressed knowledge of computers, I suspect he's
> badly out of date,
I know that each of the XPs where I work crash nearly every day.
Of course I haven't disassemled the OS code, so I don't know if it's
directly because of uptime or for some other reason or reasons.
Keith F. Lynch
> Much of the executable malware comes in as Trojans (scanners or
> active monitors can catch some of those).
Hence my workplace, like many, has a firm rule against users
installing software.
Perhaps due to the many bugs in Outlook, it's been disabled at my
workplace. They haven't disabled Explorer, since we need to do
frequent Google searches and other lookups. To mitigate this risk,
I telnet to my ISP as soon as I get to work each morning, and do all
the Google searches from it, using lynx. It also gives me a cleaner,
faster, user interface, without popup ads and other distracting
clutter.
Yes, I know that in principle someone could intercept my password when
I telnet. Hence I only do it once a day, and stay logged in until
quitting time.
>>> So? Gates made deals with the computer sellers.
>> And then refused to honor its contracts. Google on "Windows
>> Refund Day."
> What? And the market place didn't fix it? I'm shocked...
As you know, in our society, the market has mostly abdicated its
reputation-evaluating function to the court system. And in this case,
like so many, the court system didn't do its job. I won't venture to
guess whether this was mere incompetence or whether Microsoft bought
them off.
Matthew B. Tepper
letters to be typed in news:e8cmrk$12c$1...@panix1.panix.com:
> David G. Bell <db...@zhochaka.org.uk> wrote:
>> Earlier versions of Windows, certainly up to Win98, were notorious
>> for uptime-related crashes. Windows XP derives from NT and doesn't
>> have those problems.
>
>> Knowing Keith's oft-expressed knowledge of computers, I suspect he's
>> badly out of date,
>
> I know that each of the XPs where I work crash nearly every day.
> Of course I haven't disassemled the OS code, so I don't know if it's
> directly because of uptime or for some other reason or reasons.
So XP machines can stay up for untold amounts of time for some people ...
but in your presence, they crash all the time.
Keith, maybe it's you?
--
Matthew B. Tepper: WWW, science fiction, classical music, ducks!
My personal home page -- http://home.earthlink.net/~oy/index.html
My main music page --- http://home.earthlink.net/~oy/berlioz.html
To write to me, do for my address what Androcles did for the lion
Take THAT, Daniel Lin, Mark Sadek, James Lin & Christopher Chung!
Randolph Fritz
> "Keith F. Lynch" <k...@KeithLynch.net> appears to have caused the following
> letters to be typed in news:e8cmrk$12c$1...@panix1.panix.com:
>
>> David G. Bell <db...@zhochaka.org.uk> wrote:
>>> Earlier versions of Windows, certainly up to Win98, were notorious
>>> for uptime-related crashes. Windows XP derives from NT and doesn't
>>> have those problems.
>>
>>> Knowing Keith's oft-expressed knowledge of computers, I suspect he's
>>> badly out of date,
>>
>> I know that each of the XPs where I work crash nearly every day.
>> Of course I haven't disassemled the OS code, so I don't know if it's
>> directly because of uptime or for some other reason or reasons.
>
> So XP machines can stay up for untold amounts of time for some people ...
> but in your presence, they crash all the time.
>
Matthew, keep in mind that to keep XP secure, it has to be patched and
rebooted every so often. I don't think we've gone three months this
year without major security patches.
Randolph
Karl Johanson
Karl Johanson
news:e8cmrk$12c$1...@panix1.panix.com...
> David G. Bell <db...@zhochaka.org.uk> wrote:
>> Earlier versions of Windows, certainly up to Win98, were notorious
>> for uptime-related crashes. Windows XP derives from NT and doesn't
>> have those problems.
>
>> Knowing Keith's oft-expressed knowledge of computers, I suspect he's
>> badly out of date,
>
> I know that each of the XPs where I work crash nearly every day.
Are you running Made for Windows certified programs? What anti-spyware
program(s) are you running?
Maybe it's Twonks. I have it. I could get IMacs to crash pretty
regularly (a good trait in a software QA). It may be genetic. My
grandmother could crash a stove.
Karl Johanson
David Goldfarb
Keith F. Lynch <k...@KeithLynch.net> wrote:
>Yes, I know that in principle someone could intercept my password when
>I telnet. Hence I only do it once a day, and stay logged in until
>quitting time.
Why not use SSH? (The Open Computing Facility at UC Berkeley has
in fact disabled straight telnet entirely.)
--
David Goldfarb | "And it came to pass by the way in the inn,
gold...@ocf.berkeley.edu | that the LORD met him, and sought to kill him."
gold...@csua.berkeley.edu | -- Exodus 4:24
Bernard Peek
> David G. Bell <db...@zhochaka.org.uk> wrote:
> > Earlier versions of Windows, certainly up to Win98, were notorious
> > for uptime-related crashes. Windows XP derives from NT and doesn't
> > have those problems.
>
> > Knowing Keith's oft-expressed knowledge of computers, I suspect he's
> > badly out of date,
>
> I know that each of the XPs where I work crash nearly every day.
> Of course I haven't disassemled the OS code, so I don't know if it's
> directly because of uptime or for some other reason or reasons.
Given that XP is normally pretty stable everywhere else there has to be
a cause local to your site. Either there's a badly written application
running on all of the machines or someone set all of the systems badly.
Bernard Peek
IIRC only one patch so far this year required a reboot.
Bernard Peek
> Bernard Peek wrote:
> >
> > In rec.arts.sf.fandom Martha Adams wrote:
> >
> > > Meanwhile, when this WGA first came along, I turned off my auto
> > > update. I'm going to have to go in there and kill the "feature"
> > > that keeps reminding me that update is off now.
> >
> > It makes more sense to reject that update and leave auto-update
> > enabled.
>
> I tried that, and it came back.
Did you select the option that tells Windows not to show you that patch
again? I've certainly used it on one high priority patch (the one that
breaks MySQL.)
Doug Wickstrom
<kgae...@worldnet.att.net> wrote:
>BTW, how critical is it to auto-upgrade Java?
Not at all. Don't upgrade it if you don't have an applet that
needs the upgrade.
Andy Leighton
>>
>> Konrad Gaertner <gae...@aol.com> wrote:
>> > Bernard Peek wrote:
>> >> It makes more sense to reject that update and leave auto-update
>> >> enabled.
>>
>> > I tried that, and it came back.
>>
>> Sometimes at work my desktop machine, running XP, wants to reboot
>> to install something new. It allows me to say "do it later." But
>> then it asks me again, and again and again, every half hour, until
>> I relent.
>
> Yeah, but that is after download and partial install. I told it
> not to download WGA last month, and it's asking me again this month.
>
> BTW, how critical is it to auto-upgrade Java? I've got J2SE
> Runtime Enviroment 5.0 with Update 6 (I believe from Sun not MS).
Not at all critical if you don't run Java software regularly. Even if you
run Java software regularly (and it works) it isn't critical. There were
bugs, some documentation issues, and some performance issues fixed and
support for a few encryption schemes added. It shouldn't hurt to install
it but if I was you I would pick a time that suits you.
--
Andy Leighton => an...@azaal.plus.com
"The Lord is my shepherd, but we still lost the sheep dog trials"
- Robert Rankin, _They Came And Ate Us_
J.J. O'Shea
(in article <e8a6ml$jml$1...@reader2.panix.com>):
>
> In article <e896rc$quh$1...@panix2.panix.com>,
>>
>> The other major OSs are currently all open source. I suppose this
>> could eventually change, but I see no sign of that. And WGAmageddon,
>> if it happens at all, is supposed to be this year.
>
> I am still running Windows 2000. Will WGA be able to paralyze it?
>
>
No. WGA won't even see your system unless you deliberately install it, and
even then it's looking for bogus copies of XP.
--
email to oshea dot j dot j at gmail dot com.
James A. Donald
> > They are, in fact, usually application problems, but
> > should not be possible in a well designed operating
> > system: But when windows, and for that matter linux,
> > was created, we really did not know what was needed
> > for a secure operating system.
"Keith F. Lynch"
> When was this? Linux dates to 1990, Windows to 1985.
> But VMS got it right in 1978, as did Multics in 1969
> and CTSS in 1961.
No one has gotten it right. No existing operating
system is workable when connected to every scammer and
hacker in the world, and when hundreds of programs
coexist on the machine, each with full privilege to use
the entire machine without limit.
James A. Donald
> Multics far predates either, and is more secure than
> either.
The only secure environments are very modern operating
systems. Nothing was written to face the challenges of
a fully connected world.
> Trusted programs is mostly a pretty risky idea anyway
> (suid being the most common Unix instance).
Suid is an unworkably bad idea. We now have better
methods.
> It's not acceptable to require user interaction for
> every file open for write. And we can already control
> where it rights with ACL. I think you're proposing a
> cure that's worse than the disease you see, when
> there's already a *real* cure available.
I don't think you understand "my" proposal - which is to
say I don't think you understand modern concepts for
dealing with the modern problems that we now face.
Doug Wickstrom
<jam...@echeque.com> wrote:
>David Dyer-Bennet
>> Multics far predates either, and is more secure than
>> either.
>
>The only secure environments are very modern operating
>systems. Nothing was written to face the challenges of
>a fully connected world.
>
>> Trusted programs is mostly a pretty risky idea anyway
>> (suid being the most common Unix instance).
>
>Suid is an unworkably bad idea. We now have better
>methods.
>
>> It's not acceptable to require user interaction for
>> every file open for write. And we can already control
>> where it rights with ACL. I think you're proposing a
>> cure that's worse than the disease you see, when
>> there's already a *real* cure available.
>
>I don't think you understand "my" proposal - which is to
>say I don't think you understand modern concepts for
>dealing with the modern problems that we now face.
Sun seems to think he understands well enough to employ him.
Matthew B. Tepper
letters to be typed in news:xn0eobgs...@news.individual.net:
It is Keith's presence. It's time we (and he) recognize this.
Kevin J. Maroney
>Given that XP is normally pretty stable everywhere else there has to be
>a cause local to your site. Either there's a badly written application
>running on all of the machines or someone set all of the systems badly.
Our department of 30 people runs on a combination of XP on the
desktops and and MS Server 2003 (a very similar codebase, if I
understand correctly) on the servers. I provide level-one support for
the department, among my other duties. If we had even one machine
crash a day, I would know about it; we don't.
I don't think we've had a server crash except on upgrade this year. We
do reboot all of the servers once per week just as a precaution.
Individual applications crash about once every week, usually one
particular Java application that we know is badly written but is
mission-critical. We're phasing that application out as quickly as
possible.
--
Kevin J. Maroney | k...@panix.com | www.maroney.org
Games are my entire waking life.
David Dyer-Bennet
> David G. Bell <db...@zhochaka.org.uk> wrote:
> > Earlier versions of Windows, certainly up to Win98, were notorious
> > for uptime-related crashes. Windows XP derives from NT and doesn't
> > have those problems.
>
> > Knowing Keith's oft-expressed knowledge of computers, I suspect he's
> > badly out of date,
>
> I know that each of the XPs where I work crash nearly every day.
> Of course I haven't disassemled the OS code, so I don't know if it's
> directly because of uptime or for some other reason or reasons.
Whereas my Windows 98 didn't crash that often -- except when I was
developing Windows software on it, anyway.
The XP here hasn't *crashed* more than a couple of times a year
(uptime is less than that because of reboots for various reasons --
heat reduction, updates that require it).
David Dyer-Bennet
> James A. Donald:
> > > They are, in fact, usually application problems, but
> > > should not be possible in a well designed operating
> > > system: But when windows, and for that matter linux,
> > > was created, we really did not know what was needed
> > > for a secure operating system.
>
> "Keith F. Lynch"
> > When was this? Linux dates to 1990, Windows to 1985.
> > But VMS got it right in 1978, as did Multics in 1969
> > and CTSS in 1961.
>
> No one has gotten it right. No existing operating
> system is workable when connected to every scammer and
> hacker in the world, and when hundreds of programs
> coexist on the machine, each with full privilege to use
> the entire machine without limit.
You say none of them are "workable"; but they *do* work. Society
continues, with relatively minor losses through this kind of problem.
And, again, even on a Windows box programs do *not* have fill
privilege to use the entire machine without limit; not since 98, which
is two or three generations old depending how you want to count.
David Dyer-Bennet
> David Dyer-Bennet
> > Multics far predates either, and is more secure than
> > either.
>
> The only secure environments are very modern operating
> systems. Nothing was written to face the challenges of
> a fully connected world.
Is that a significantly bigger challenge than remotely connected
users, which *were* planned for in Multics and such? If so, why and
how?
[snip "suid" agreement]
> > It's not acceptable to require user interaction for
> > every file open for write. And we can already control
> > where it rights with ACL. I think you're proposing a
> > cure that's worse than the disease you see, when
> > there's already a *real* cure available.
>
> I don't think you understand "my" proposal - which is to
> say I don't think you understand modern concepts for
> dealing with the modern problems that we now face.
And now you're insulting my professional competence. But I don't much
care what *you* think, as it turns out.
Randolph Fritz
No, I've had two or three; they found quite a few day one bugs.
Randolph
Alan Winston - SSRL Central Computing
>James A. Donald:
>> > They are, in fact, usually application problems, but
>> > should not be possible in a well designed operating
>> > system: But when windows, and for that matter linux,
>> > was created, we really did not know what was needed
>> > for a secure operating system.
>
>"Keith F. Lynch"
>> When was this? Linux dates to 1990, Windows to 1985.
>> But VMS got it right in 1978, as did Multics in 1969
>> and CTSS in 1961.
>
>No one has gotten it right. No existing operating
>system is workable when connected to every scammer and
>hacker in the world, and when hundreds of programs
>coexist on the machine, each with full privilege to use
>the entire machine without limit.
But proper time-sharing systems *don't give* each program
full privilege to use the entire machine without limit, so
setting this as a precondition for doing it right is already
setting up the situation to fail.
The development of personal computers seems to have involved
everybody forgetting everything learned in the previous 20
years of time-sharing system development.
-- Alan
Marilee J. Layman
wrote:
>David G. Bell <db...@zhochaka.org.uk> wrote:
>> Earlier versions of Windows, certainly up to Win98, were notorious
>> for uptime-related crashes. Windows XP derives from NT and doesn't
>> have those problems.
>
>> Knowing Keith's oft-expressed knowledge of computers, I suspect he's
>> badly out of date,
>
>I know that each of the XPs where I work crash nearly every day.
>Of course I haven't disassemled the OS code, so I don't know if it's
>directly because of uptime or for some other reason or reasons.
I turn mine off at night and back on the next afternoon, but it's
never crashed.
--
Marilee J. Layman
http://mjlayman.livejournal.com/
jam...@echeque.com
> > The only secure environments are very modern
> > operating systems. Nothing was written to face the
> > challenges of a fully connected world.
David Dyer-Bennet wrote:
> Is that a significantly bigger challenge than remotely
> connected users, which *were* planned for in Multics
> and such? If so, why and how?
In the old days, the machine was connected to a small
trusted community, for example the students on a
university campus, and the amount of software and
programs on the machine was much smaller than it is
today. Today, computers are connected to the world,
Nigeria included, and run a huge amount of software from
very diverse sources. There are simply a lot more
programs running on a given machine, and bigger
programs, with more capabilities, resulting in the
crisis of composition.
As a result of the crisis of composition, we now have
malign programs, trojans and spyware, and benign
programs that process malign data - for example web
browsers visit pages, some of which are designed to
exploit flaws in the web browser, in order to take
control of the viewers computer. These problems did not
exist in the old days, not because web browsers were
better or operating systems were better, but because
there was no such thing as a web browser - no back then
one would be using a tool to process hostile data
generated by someone in Nigeria or one of the fragments
of the former Soviet Union, because it just was not
possible.
Mark Atwood
> > When was this? Linux dates to 1990, Windows to 1985.
> > But VMS got it right in 1978, as did Multics in 1969
> > and CTSS in 1961.
>
> No one has gotten it right. No existing operating
> system is workable when connected to every scammer and
> hacker in the world, and when hundreds of programs
> coexist on the machine, each with full privilege to use
> the entire machine without limit.
Bullshit.
IBM solved this with VM, in the 1960s. It is a *solved problem*.
It's still a solved problem. None of the solutions for multiuser
security since have improved at all on IBM's VM technique, and almost
all of them have fallen short. (The only two exceptions to my
knowledge are P9 and EROS).
An OS that combines UNIX's flexability with the VM family's ironclad
security with Linux's fixability, would be nirvana.
--
Mark Atwood When you do things right, people won't be sure
m...@mark.atwood.name you've done anything at all.
http://mark.atwood.name/ http://fallenpegasus.livejournal.com/
Sea Wasp
> James A. Donald <jam...@echeque.com> writes:
>
>>"Keith F. Lynch"
>>
>>>When was this? Linux dates to 1990, Windows to 1985.
>>>But VMS got it right in 1978, as did Multics in 1969
>>>and CTSS in 1961.
>>
>>No one has gotten it right. No existing operating
>>system is workable when connected to every scammer and
>>hacker in the world, and when hundreds of programs
>>coexist on the machine, each with full privilege to use
>>the entire machine without limit.
>
>
> Bullshit.
>
> IBM solved this with VM, in the 1960s. It is a *solved problem*.
> It's still a solved problem. None of the solutions for multiuser
> security since have improved at all on IBM's VM technique, and almost
> all of them have fallen short. (The only two exceptions to my
> knowledge are P9 and EROS).
>
> An OS that combines UNIX's flexability with the VM family's ironclad
> security with Linux's fixability, would be nirvana.
>
"NERDvana".
--
Sea Wasp
/^\
;;;
Live Journal: http://www.livejournal.com/users/seawasp/
Karl Johanson
> An OS that combines UNIX's flexability with the VM family's ironclad
> security with Linux's fixability, would be nirvana.
You're in charge.
Karl Johanson
David Dyer-Bennet
> James A. Donald:
> > > The only secure environments are very modern
> > > operating systems. Nothing was written to face the
> > > challenges of a fully connected world.
>
> David Dyer-Bennet wrote:
> > Is that a significantly bigger challenge than remotely
> > connected users, which *were* planned for in Multics
> > and such? If so, why and how?
>
> In the old days, the machine was connected to a small
> trusted community, for example the students on a
> university campus,
Stop right there. Associating "small trusted community" with "the
students on a university campus" shows me that you are completely and
totally failing to understand the old time-sharing environment.
> and the amount of software and
> programs on the machine was much smaller than it is
> today. Today, computers are connected to the world,
> Nigeria included, and run a huge amount of software from
> very diverse sources. There are simply a lot more
> programs running on a given machine, and bigger
> programs, with more capabilities, resulting in the
> crisis of composition.
Certainly the larger amounts of software increases the complexity of
the problem, but I don't see it as a difference in kind, requiring
different OS facilities; merely a difference of degree.
David Dyer-Bennet
> An OS that combines UNIX's flexability with the VM family's ironclad
> security with Linux's fixability, would be nirvana.
Hmmm; does Linux running under VM actually achieve that?
Richard Kennaway
> An OS that combines UNIX's flexability with the VM family's ironclad
> security with Linux's fixability, would be nirvana.
Does it exist, and if not, is anyone working on it?
--
Richard Kennaway
Mark Atwood
> Mark Atwood <m...@mark.atwood.name> writes:
>
> > An OS that combines UNIX's flexability with the VM family's ironclad
> > security with Linux's fixability, would be nirvana.
>
> Hmmm; does Linux running under VM actually achieve that?
Not quite. A cracker can still break into a Linux VM instance,
and end up with the same online annoyance power he would have
if he broke an actual online Linux machine.
The true "VM way" also uses VM for the equivalent of login, for parent
process groups, and for fork & exec itself. A webserver in a "true VM
way" machine would think it's the *only* thing on the machine, and
every CGI instance in that webserver would likewise think it's the
only thing on the machine.
IIRC, the filesystem can be similarly nested.
Alan Winston - SSRL Central Computing
(Well, Linux under VM has existed for years, and is part of why IBM has
thrown big bux at Linux. I've never worked with it.)
-- Alan
mike weber
"David G. Bell" wrote:
> Earlier versions of Windows, certainly up to Win98, were notorious for
> uptime-related crashes. Windows XP derives from NT and doesn't have
> those problems.
As a matter of fact, there was a specific time limit on how long at
least some implementations of W98 could run -- i think there was an
internal memory leak or something like that. (Or was it W95?)
mike weber
Matthew B. Tepper wrote:
> So XP machines can stay up for untold amounts of time for some people ...
> but in your presence, they crash all the time.
>
> Keith, maybe it's you?
>
What, the Lynch Effect joins the Fermi Effect in the history of science?
Matthew B. Tepper
letters to be typed in news:1152105973.038975.109690
@m73g2000cwd.googlegroups.com:
The Raman Effect? Damn it, it should have been the Sedgwick Effect!
Jette Goldie
"Marilee J. Layman" <mar...@mjlayman.com> wrote in message
news:9j0ma2tmdbumdpm40...@4ax.com...
Ditto.
In fact the only times I've had any Windows system crash on me
was when the PC had hardware issues and needed an upgrade
anyway.
--
Jette Goldie
je...@blueyonder.co.uk
http://www.jette.pwp.blueyonder.co.uk/
("reply to" is spamblocked)
David G. Bell
<_EQqg.39936$181....@fe3.news.blueyonder.co.uk>
boss...@scotlandmail.com "Jette Goldie" wrote:
> In fact the only times I've had any Windows system crash on me
> was when the PC had hardware issues and needed an upgrade
> anyway.
I probably do more hardware fettling than most. One difference I've
noticed is that Win98SE can do odd things if you change a USB device.
USB is good, but I found the upgrade to WinXP made a huge difference.
Though there still seems to be a major security hole, perhaps just
because of the quality of Microsoft's documentation.
--
David G. Bell -- SF Fan, Filker, and Punslinger.
"I am Number Two," said Penfold. "You are Number Six."
Alan Braggins
>> never crashed.
>
>Ditto.
>
>In fact the only times I've had any Windows system crash on me
>was when the PC had hardware issues and needed an upgrade
>anyway.
Lucky you. But Keith is hardly alone in having to had to deal with flaky
Windows systems, so you and Marilee shouldn't assume your experience can
be extrapolated to everybody.
Randolph Fritz
This morning, I installed East Asian fonts on my Windows XP system. I
had to reboot after (weird!) and then I got the following message from
the Windows update daemon: "Vulnerability in the Korean Input Method
Editor Could Allow Elevation of Privilege".
Insecure by design, I guess.
Randolph
Keith F. Lynch
> Alan Braggins <ar...@chiark.greenend.org.uk> wrote:
>> Lucky you. But Keith is hardly alone in having to had to deal with
>> flaky Windows systems, so you and Marilee shouldn't assume your
>> experience can be extrapolated to everybody.
Actually, I deal with them as little as possible. As for my malign
influence of Windows machines in my vicinity, it's actually so
powerful as to have affected machines at my workplace long before
I started working there.
> This morning, I installed East Asian fonts on my Windows XP system.
> I had to reboot after (weird!) and then I got the following message
> from the Windows update daemon: "Vulnerability in the Korean Input
> Method Editor Could Allow Elevation of Privilege".
How is one supposed to react to that warning? Is there an alternative
other than hang a "welcome" sign for crooks or deleting the fonts?
--
Keith F. Lynch - http://keithlynch.net/
Please see http://keithlynch.net/email.html before emailing me.
Keith F. Lynch
It's so powerful that it even caused Windows machines at my workplace
to crash *years* before I even heard of the place. I guess the
machines somehow knew I would someday work there.
But at the same time it's so weak that it has no effect on anything
not running Windows. Indeed, computer hardware, and almost everything
else, tends to work better and longer around me than elsewhere. I
have a vacuum tube audio amplifier that's older than I am, and I've
never had to replace a tube. Even the light bulb in this room is well
over a year old. The battery-operated electric clock is running fine,
even though I haven't replaced its battery in the better part of a
decade. The VT420 I'm typing at is about 15 years old -- and you know
I've made a fair amount of use of its keyboard. And it wasn't new
when I got it. I could go on and on.
Keith F. Lynch
NetBSD comes pretty close.
Keith F. Lynch
> In the old days, the machine was connected to a small trusted
> community, for example the students on a university campus,
When was this? I'm thinking of the golden age of the dialup modem.
Anyone who had a telephone, a terminal, a 300 bps modem, and too much
time on his hands could attempt to break into any machine with dialup
access. Of which there have been a fair number for a long time.
Remember CompuServe? It dates to 1969.
Also, there was the ARPAnet. It, too, dates to 1969. And had open
dialups called TIPs or TACs. Dial into one of those, in, say, 1979,
and you could try to access any of *hundreds* of machines.
> ... back then one would be using a tool to process hostile data
> generated by someone in Nigeria or one of the fragments of the
> former Soviet Union, because it just was not possible.
Nope, only hostile data generated by someone more local. In the
'70s my phone bill consisted of a punched card. I wondered what
would happen if I repunched it with different data on it, say an
end-of-deck marker. No doubt some people tried it.
Keith F. Lynch
> The development of personal computers seems to have involved
> everybody forgetting everything learned in the previous 20
> years of time-sharing system development.
Very true, if you ignore everything people other than Microsoft were
doing. Microsoft ignored decades of experience, and decades of
academic study, and proceded to reinvent the wheel. To bad they
didn't realize it should be round. But I'm assured that the latest
versions of Windows have fewer corners than ever before.
At the current rate of progress, by 2010 Windows will be about where
the rest of the computer world was by 1970 or so, if you ignore the
fact that it will still be horribly bloated and incredibly slow.
All the computer power it took to put twelve men on the moon wouldn't
suffice to boot up *any* Windows system far enough to even get an
"out of memory" error.
Keith F. Lynch
> No existing operating system is workable when connected to every
> scammer and hacker in the world, and when hundreds of programs
> coexist on the machine, each with full privilege to use the entire
> machine without limit.
Well, maybe each program shouldn't have full privilege to use the
entire machine without limit. I know it's a radical idea, but I'm
sure some bright person at Microsoft will think of it any year now.
After all, the rest of the computer world has only had the concept
for about 49 years so far. Only since the 1950s.
Keith F. Lynch
>> when I telnet. Hence I only do it once a day, and stay logged in
>> until quitting time.
> Why not use SSH?
Because it isn't installed on my work PC, and I'm not allowed to
install programs.
mike weber
Keith F. Lynch wrote:
> mike weber <fairp...@gmail.com> wrote:
> > Matthew B. Tepper wrote:
> >> So XP machines can stay up for untold amounts of time for some
> >> people ... but in your presence, they crash all the time.
>
> >> Keith, maybe it's you?
>
> > What, the Lynch Effect joins the Fermi Effect in the history of
> > science?
>
> It's so powerful that it even caused Windows machines at my workplace
> to crash *years* before I even heard of the place. I guess the
> machines somehow knew I would someday work there.
>
> But at the same time it's so weak that it has no effect on anything
> not running Windows. Indeed, computer hardware, and almost everything
> else, tends to work better and longer around me than elsewhere.
See -- it's just like nuclear physics; there's a strong force and a
weak force.
mike weber
"David G. Bell" wrote:
> On Wednesday, in article
> <_EQqg.39936$181....@fe3.news.blueyonder.co.uk>
> boss...@scotlandmail.com "Jette Goldie" wrote:
>
> > In fact the only times I've had any Windows system crash on me
> > was when the PC had hardware issues and needed an upgrade
> > anyway.
>
> I probably do more hardware fettling than most. One difference I've
> noticed is that Win98SE can do odd things if you change a USB device.
> USB is good, but I found the upgrade to WinXP made a huge difference.
>
> Though there still seems to be a major security hole, perhaps just
> because of the quality of Microsoft's documentation.
>
Trying to straighten out Windows Media Player sent W2000 south; luckily
i was able to get it back...
Mark Atwood
> Richard Kennaway <drachirREVERSE...@yawannek.gro.ku> wrote:
> > Mark Atwood <m...@mark.atwood.name> wrote:
> >> An OS that combines UNIX's flexability with the VM family's
> >> ironclad security with Linux's fixability, would be nirvana.
>
> > Does it exist, and if not, is anyone working on it?
>
> NetBSD comes pretty close.
Close, but... the only multiuser multiprocess system I actually
*trust* with something important, it's either VM based, or it's
UNICOS.
Mark Atwood
> > Keith F. Lynch <k...@KeithLynch.net> wrote:
> >> Yes, I know that in principle someone could intercept my password
> >> when I telnet. Hence I only do it once a day, and stay logged in
> >> until quitting time.
>
> > Why not use SSH?
>
> Because it isn't installed on my work PC, and I'm not allowed to
> install programs.
There are a couple of SSH clients that have been implemented in JVM,
and thus run in a browser.
Hell, I think there is at least one workable SSH client written in
ECMAscript, so it will run in a browser without Java.
Alan Braggins
>James A. Donald <jam...@echeque.com> wrote:
>> No existing operating system is workable when connected to every
>> scammer and hacker in the world, and when hundreds of programs
>> coexist on the machine, each with full privilege to use the entire
>> machine without limit.
>
>Well, maybe each program shouldn't have full privilege to use the
>entire machine without limit. I know it's a radical idea, but I'm
>sure some bright person at Microsoft will think of it any year now.
Be fair, Windows NT came out in 1993, and with XP ordinary home
desktops have accounts with different privileges too. There's
probably only another five or ten years to go before there aren't
so many programs unnecessarily requiring admin privileges that
most people don't routinely enable them.
(Though that's not a Windows only problem - I've worked somewhere
the LOGIN.COM template included SET PROC/PRIV=ALL. But that was
surprising, unlike using a Windows box as an admin user. (And the
VMS boxes didn't have external network connections.))
constan...@gmail.com
I have repeatedly heard that the Macintosh is relatively free of
viruses and trojans, and I have also repeatedly heard that the reason
it is free is that it isn't popular enough.
Well, it seems to me that whatever the exposure and popularity these
big computers had in the seventies, a typical Internet-connected Mac
has several orders of magnitude more exposure and popularity.
My dad works in a computer department at a business school, has since
the start of the eighties, same department. At a certain point in, I
think it was the late nineties (the years are blurring together) his
job changed, not in title but in focus - the change was a reaction to
what was happening to the computers. His job for years had been to help
people and maybe occasionally, very occasionally, deal with some
intrusion problem. But now the intrusion thing is a major part of his
work, sometimes dominating his attention for weeks at a time. Something
happened at some point, and intrusion and security became a major
issue, where it had not been a major issue before.
Going by my experience, things change even though both the before and
the after have computers with a lot of exposure. Maybe it's the order
of magnitude of exposure, or maybe it's the culture, or maybe it's
something else, but computers in the seventies weren't automatically
exposed to the same security situation as computers today merely
because any joe could reach them by modem. The situation is palpably
different between Macs and PCs and palpably changed in the nineties
even though both sides of the change had a large absolute degree of
exposure.
Alan Winston - SSRL Central Computing
>Alan Winston - SSRL Central Computing <win...@SSRL.SLAC.STANFORD.EDU> wrote:
>> The development of personal computers seems to have involved
>> everybody forgetting everything learned in the previous 20
>> years of time-sharing system development.
>
>Very true, if you ignore everything people other than Microsoft were
>doing. Microsoft ignored decades of experience, and decades of
>academic study, and proceded to reinvent the wheel.
Well, so did Apple, originally. (I'm talking AppleDOS, not MacOS.)
And CP/M, while it did display some exposure to RT11 or some such,
didn't start out as full-on process-protection multi-user-ready stuff.
(Never used, eg, Concurrent CP/M or CP/M-86, so can't comment.)
-- Alan
Mark Atwood
>
> Be fair, Windows NT came out in 1993, and with XP ordinary home
> desktops have accounts with different privileges too. There's
> probably only another five or ten years to go before there aren't
> so many programs unnecessarily requiring admin privileges that
> most people don't routinely enable them.
That problem apparently stems from a cultural issue inside Microsoft,
specifically that all the developers have local admin privileges over
their own corporate workstations.
This is something that no competent BOFH would allow at any other
shop with more than a dozen staff, let alone one with dozens of thousands.
Since they all run with Admin, and they "smoke test" their products by
"eating their own dogfood", their software keeps requiring Admin privs
for the dumbest of reasons.
Apparently, they are just now starting to discuss changing this policy...
Seth Breidbart
Martha Adams <mh...@verizon.net> wrote:
>
>Hopefully I'm clear of WGA,
At least one spyware site detects it as spyware.
Another is looking into it (checking carefully whether it meets their
definition).
Seth
Seth Breidbart
Alan Winston - SSRL Central Computing <win...@SSRL.SLAC.STANFORD.EDU> wrote:
>And CP/M, while it did display some exposure to RT11 or some such,
>didn't start out as full-on process-protection multi-user-ready stuff.
It had no reason to; it ran on single machines that tended not to be
connected to anything else (other than their own fully-controlled
peripherals).
Seth
Seth Breidbart
Mark Atwood <m...@mark.atwood.name> wrote:
>James A. Donald <jam...@echeque.com> writes:
>> No one has gotten it right. No existing operating
>> system is workable when connected to every scammer and
>> hacker in the world, and when hundreds of programs
>> coexist on the machine, each with full privilege to use
>> the entire machine without limit.
>
>Bullshit.
>
>IBM solved this with VM, in the 1960s. It is a *solved problem*.
Under VM, an instance does *not* have "full privilege to use the
entire machine without limit". It has a virtual machine (duh!), which
happens to resemble a real machine (not necessarily the one it's
running on) reasonably well. Why is that better than a virtual
machine which doesn't happen to resemble a particular real machine?
Seth
Seth Breidbart
<jam...@echeque.com> wrote:
>In the old days, the machine was connected to a small
>trusted community, for example the students on a
>university campus,
This is a value for "trusted" with which I am not previously
acquainted.
In the early 1970's, HARV-10 was cracked a number of times over the ARPANET.
> and the amount of software and
>programs on the machine was much smaller than it is
>today.
In bytes, certainly. In capabilities, not so clear.
Seth
Seth Breidbart
Keith F. Lynch <k...@KeithLynch.net> wrote:
>Numerous VMS systems have continuous uptimes of over 15 years. Has
>any Windows machine managed to stay up for that many *days*? While
>getting any actual use, I mean?
Yes. My W2K machine at work can last for months (rebooting it can be
a serious issue when server processes are exported to display on it,
so I only do that on weekends if possible). (I'll be switching stuff
to use screen next time around.)
> What's the record for Linux?
Typically, until power failure or hardware problems.
Work servers get rebooted when the building power is taken down for a
day (UPS might not last long enough, it's safer to go down cleanly).
My colo box has been rebooted twice: once due to UPS switchout, once
to replace a failing hard drive. I know of systems that stayed up for
several years.
>I suppose that means we have WGA at work. (Is there any way I can
>check?)
If you have XP, do Windows Update; if you don't have it, it will tell
you to install it.
Seth
Seth Breidbart
Doug Wickstrom <nims...@comcast.net> wrote:
>However, my server, running 2000 Server, and UPS-protected,
>hasn't been rebooted since last March, except during software
>installations.
Now why should it be necessary to reboot merely to install software?
I've done major installs on my colo box (e.g. web server, ftp server,
mailman) without rebooting.
Seth
Seth Breidbart
mike weber <fairp...@gmail.com> wrote:
>As a matter of fact, there was a specific time limit on how long at
>least some implementations of W98 could run -- i think there was an
>internal memory leak or something like that.
It was a counter that wrapped.
Seth
Doug Wickstrom
Breidbart) wrote:
>In article <3lvha2hpgefqrddgp...@4ax.com>,
>Doug Wickstrom <nims...@comcast.net> wrote:
>
>>However, my server, running 2000 Server, and UPS-protected,
>>hasn't been rebooted since last March, except during software
>>installations.
>
>Now why should it be necessary to reboot merely to install software?
As you know, Seth, Windows applications often require a reboot to
finish installing. Don't ask me why.
Randolph Fritz
>
> I will admit that would not have been able to do that today, as
> I've had at least three momentary power outages since then.
> However, my server, running 2000 Server, and UPS-protected,
> hasn't been rebooted since last March, except during software
>
No security patches? Isn't it vulnerable?
Randolph
Mark Atwood
> >
> >Bullshit.
> >
> >IBM solved this with VM, in the 1960s. It is a *solved problem*.
>
> Under VM, an instance does *not* have "full privilege to use the
> entire machine without limit". It has a virtual machine (duh!), which
> happens to resemble a real machine (not necessarily the one it's
> running on) reasonably well. Why is that better than a virtual
> machine which doesn't happen to resemble a particular real machine?
The machine the VM closely resembles is the machine that the VM runs it.
The resemblance is close enough, and the emulation is efficent enough,
that one can easily nest the VMs.
This goes back to the days when IBM was moving away from having
machines that ran one app at a time in batch mode (and the app
contained it's own "OS", "filesystem", and "device drivers", since
*everything* then ran on the "bare hardware", to actually having an
OS, but without requireing application ports. All these apps
had to think they still had the "real machine".
About the same time, the business model of leasing out time on a
machine to multiple businesses was really taking off. Each of the
businesses were really really not interested in having some other app
on the same machine knowing that it's neighbors were even *there*, let
alone who they were, or what they were doing.
The top level operator on a VM machine could make multiple VMs, hand
them each out to different corporations, who would have full "root"
power inside that VM, including the power to make VMs under them, and
hand those out to the various departments, and so on down.
I've sat at the operator console of an IBM VM (and had to learn a bit
of JCL in the process). I used it to do some heavy duty statistical
analysis for the biostats dept I was a RA in, using S.
I was about 4 or 5 levels of VM away from the bare hardware, and yet
it looked exactly like the console of the guy who was at level 0. I
had full power over everything under me, and zero visibility or
influence on anything over or around me. At the same time I was
crunching numbers, the same silicon was keeping the Univerity's
finantials, printing the payroll, keeping track of enrollment, doing
class add/drops, and managing everyone's transcripts. *And* any
student at the university who wanted to futz around with it could get
an account just for the asking (tho those were pretty starved for CPU
and storage quota).
David Dyer-Bennet
> ar...@chiark.greenend.org.uk (Alan Braggins) writes:
> >
> > Be fair, Windows NT came out in 1993, and with XP ordinary home
> > desktops have accounts with different privileges too. There's
> > probably only another five or ten years to go before there aren't
> > so many programs unnecessarily requiring admin privileges that
> > most people don't routinely enable them.
>
> That problem apparently stems from a cultural issue inside Microsoft,
> specifically that all the developers have local admin privileges over
> their own corporate workstations.
>
> This is something that no competent BOFH would allow at any other
> shop with more than a dozen staff, let alone one with dozens of thousands.
This is something that is taken for granted at every software
engineering job I've been at, including back to when we were
developing our software on shared timesharing systems. In point of
fact, we couldn't do our jobs without it. We were expected to be same
and reasonably competent in how we used it, of course, and this was
never a problem.
--
David Dyer-Bennet, <mailto:dd...@dd-b.net>, <http://www.dd-b.net/dd-b/>
RKBA: <http://www.dd-b.net/carry/>
Pics: <http://dd-b.lighthunters.net/> <http://www.dd-b.net/dd-b/SnapshotAlbum/>
Dragaera/Steven Brust: <http://dragaera.info/>
Robert Sneddon
<se...@panix.com> writes
Wasn't there a recent report about an error in a core piece of UNIX
code that had lain unnoticed for over two decades? I think it was a data
typing error; the result of multiplying two 32-bit integers was returned
in another 32-bit integer. Can't remember the exact details, but this
code was in the Linux kernel too. Supposedly, thousands of trained
professionals had examined this code minutely over the decades but
no-one had spotted it.
--
To reply, my gmail address is nojay1 Robert Sneddon
Mark Atwood
> Mark Atwood <m...@mark.atwood.name> writes:
> >
> > That problem apparently stems from a cultural issue inside Microsoft,
> > specifically that all the developers have local admin privileges over
> > their own corporate workstations.
> >
> > This is something that no competent BOFH would allow at any other
> > shop with more than a dozen staff, let alone one with dozens of thousands.
>
> This is something that is taken for granted at every software
> engineering job I've been at, including back to when we were
> developing our software on shared timesharing systems. In point of
> fact, we couldn't do our jobs without it. We were expected to be same
> and reasonably competent in how we used it, of course, and this was
> never a problem.
We "have root" at my orkplace as well. Mostly in the form of sudo,
that gives everyone in the dev NIS group access to most of the file
manipulation tools. In fact, the build process can't work without it.
But we don't actually login as root to work. That's just idiotic.
Damien Sullivan
>I have repeatedly heard that the Macintosh is relatively free of
>viruses and trojans, and I have also repeatedly heard that the reason
>it is free is that it isn't popular enough.
The Mac certainly has had many viruses; I remember them being a problem
on school Macs in the early 1990s. No Internet access, minimal
networks, but lots of software being shared via floppy disk.
Unix has design advantages, and lack of popularity, but I think another
big difference is that Unix users tend not to share software among each
other, certainly not binaries. It's more of "go to X to download the
master copy".
-xx- Damien X-)
Daniel Silevitch
> constan...@gmail.com wrote:
>
>>I have repeatedly heard that the Macintosh is relatively free of
>>viruses and trojans, and I have also repeatedly heard that the reason
>>it is free is that it isn't popular enough.
>
> The Mac certainly has had many viruses; I remember them being a problem
> on school Macs in the early 1990s. No Internet access, minimal
> networks, but lots of software being shared via floppy disk.
There was a massive shift when Apple went from OS9 to OSX. The older
version was a single-user OS, with very little in the way of
restrictions in what a program can do. OSX is UNIX with an Apple UI
bolted on top, so the underlying security structure is much much better.
The older versions were, as you say, certainly virus-prone. OSX, much
less so.
-dms
Alan Winston - SSRL Central Computing
Well, yeah.
(That was in my head, but perhaps it didn't make to the page. I was
suggesting that maybe Kildall et al weren't ignorant or forgetful of the state
of the art in timesharing systems even though they didn't take advantage of
those developments in building their single user Control Program Monitor, but
also that Microsoft wasn't unique in not taking advantage of those
developments. Oh well. I remember how pleased we were when Cutler got involved
with NT; we thought that maybe there'd be a version of Windows that really
didn't suck. Well, we got a version of Windows that it was possible to harden;
that's something, anyway.)
-- Alan
David Dyer-Bennet
> David Dyer-Bennet <dd...@dd-b.net> writes:
> > Mark Atwood <m...@mark.atwood.name> writes:
> > >
> > > That problem apparently stems from a cultural issue inside Microsoft,
> > > specifically that all the developers have local admin privileges over
> > > their own corporate workstations.
> > >
> > > This is something that no competent BOFH would allow at any other
> > > shop with more than a dozen staff, let alone one with dozens of thousands.
> >
> > This is something that is taken for granted at every software
> > engineering job I've been at, including back to when we were
> > developing our software on shared timesharing systems. In point of
> > fact, we couldn't do our jobs without it. We were expected to be same
> > and reasonably competent in how we used it, of course, and this was
> > never a problem.
>
> We "have root" at my orkplace as well. Mostly in the form of sudo,
> that gives everyone in the dev NIS group access to most of the file
> manipulation tools. In fact, the build process can't work without it.
>
> But we don't actually login as root to work. That's just idiotic.
Ah, actually spending much time working as root is not so good; though
if I'm in heavy admin mode it's still the way to go for some
sections.
TOPS-20 had the "enable" command, so that your account could have
"wheel" privs but you didn't actually risk doing things by mistake all
the time because you had to "enable" the privs to actually use them.
Karl Johanson
news:e8ht3s$1bk$1...@panix3.panix.com...
>> everybody forgetting everything learned in the previous 20
>> years of time-sharing system development.
>
> Very true, if you ignore everything people other than Microsoft were
> doing. Microsoft ignored decades of experience, and decades of
> didn't realize it should be round. But I'm assured that the latest
> versions of Windows have fewer corners than ever before.
>
> At the current rate of progress, by 2010 Windows will be about where
> the rest of the computer world was by 1970 or so, if you ignore the
> fact that it will still be horribly bloated and incredibly slow.
Lucky for you that you realized all that ahead of time & didn't invest
in Microsoft stock.
It almost makes one think that the most powerful factors in marketing
are promotion, availability and multi-company strategic alliences.
Further that purchasing decisions are often based on aesthetic and
emotional factors rather than just functionality and rational
considerations. ---- It's enough to make one doubt that a free market is
the solution to all of mankind's ills.
Karl Johanson
Tim McDaniel
I believe that it's usually done because Windows does not allow
writing to a file that's open for reading or execution. A simple way
of removing such problems is to allow scheduling of file changes at a
certain point early in the next reboot, and then to force a reboot.
--
Tim McDaniel; Reply-To: tm...@panix.com
Karl Johanson
news:e8k6oj$gsg$1...@tmcd.austin.tx.us...
This site http://www.exodus-dev.com/products/WhyReboot/ discusses the
tool WhyReboot, and some of the reasons why some installation software
needs to reboot. People I know who write installers say that the tool is
interesting, but doesn't cover every reason a reboot may be needed.
Karl Johanson
David G. Bell
karljo...@shaw.ca "Karl Johanson" wrote:
My guess is that Windows has to reboot because, originally, it didn't
have the access control mechanisms that allows multiple users to work
with the same files. And the file system lacked mechanisms which allowed
fast switching from old to new, such as something a bit smarter than a
rename.
It's a long way from the only reasons, but there's the dead hand of
history in there.
--
David G. Bell -- SF Fan, Filker, and Punslinger.
"I am Number Two," said Penfold. "You are Number Six."
mike weber
Damien Sullivan wrote:
> constan...@gmail.com wrote:
>
> >I have repeatedly heard that the Macintosh is relatively free of
> >viruses and trojans, and I have also repeatedly heard that the reason
> >it is free is that it isn't popular enough.
>
> The Mac certainly has had many viruses; I remember them being a problem
> on school Macs in the early 1990s. No Internet access, minimal
> networks, but lots of software being shared via floppy disk.
I remember seing them earlier than that.
constan...@gmail.com
I'm talking magnitude and you both seem to be talking existence.