 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 09 Sep 2013 19:06:53 -0700, Patrick Elliott wrote:
> On 9/8/2013 11:47 AM, Jim Henderson wrote:
>>> Sigh.. You do realize that when they came up with this absurd solution
>>> it was back with like 98/XP, where half the security they added since
>>> didn't exist at all? So, sorry, but its not nonsensical to suggest
>>> adding things that don't bloody exist *at all* in the OS in the first
>>> place.
>>
>> Explain how saying "security" is a *specific* solution, Patrick.
>> Provide some details as to what you mean - what would you
>> /specifically/ add to provide "security"?
>>
> Explain how "add a lock" to a door that doesn't have one is a "specific
> solution". I mean, your not specifying what sort of lock, right? Sigh...
> Enough.
You're not talking about something as simple as a door lock. You're
talking about computer security, so you have to be specific.
You want a lock that can distinguish between two identical keys, one used
for "legitimate" uses, and one that isn't.
That sort of lock doesn't exist.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 09 Sep 2013 19:14:46 -0700, Patrick Elliott wrote:
> Oh, and.. more to the point, now that they have something semi-decent,
What, you mean MS Security Essentials? You think a /reactive/ tool is
semi-decent? One that isn't based on behaviour, but based on pattern
matching?
> they still block networking tools why? Its not like the botnet code is
> going to, unless there is something fatally wrong with their "solution",
Which there is - it's REACTIVE, not PROACTIVE or BEHAVIOURAL in nature.
The best types of behavioural technology are things like AppArmor and
SELinux, but those actually require a fair amount of expertise and skill
to set up - there isn't an "out of the box" configuration that works for
everyone, and it's not something your grandmother is going to be able to
set up reasonably.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2013-09-07 16:49, Jim Henderson a écrit :
> On Fri, 06 Sep 2013 17:01:44 -0400, Francois Labreque wrote:
>
>> Why would they need fewer people to support FAT32 by arbitrarily
>> limiting the size of the drives you can use it on to 1/1000th of its
>> full potential?
>
> Because when the code was written, it was written. To extend the
> limitation requires more code be written.
What do you mean by extend the limitation? When a programmer was
assigned the task of writing support for FAT32, why would he (or she) be
told to only support 1/1000th of the specifications full potential?"
(Apart from an oops where the programmer checked for a 16 gigabytes
limit instead of the 16 terabytes supported by the spec)
The 16 GB does not fall on any "natural" limit of the specification.
Even if the programmer decided to only write support for 512 byte
sectors, it could still format a drive as big as 2TB.
> To support that extra space in other applications requires testing and QA.
I know that. I still don't see why this is an issue here. When the
programmers were asked to implement the FAT32 system, why would they
only cripple the implementation? No sane manager would purposefully ask
his employees to half ass the job, because he should know that it will
only lead to more work down the road when his team has to finish the
work, unless there was a direction from upper management to prevent
users from using FAT32 and force them into a proprietary format.
I usually refrain from conspiracy theories about Microsoft's decisions,
but those two are the only two possible reasons here:
1. Upper management prevented large disks from using the FAT32
filesystem on purpose.
2. An incompetent programmer can't differentiate between gigabytes and
terabytes.
> Have you worked in a software company?
Only for the last 18 years, yes. (albeit, not in the software division,
but I interact with developpers on a daily basis)
> Do you know how software development and QA is done?
Yes. That's why I'm saying it doesn't make sense to say that, when the
specification says you can 2^32 sectors on the disk, the programmers
would arbitrarily set an upper limit or 2^26 sectors with 512b sectors
or 2^22 sectors with 4096b sectors. It creates a lot more scenarios to
validate.
>
> Even a /minor/ change to the code (say to make disk space reports not
> turn up negative numbers) requires regression testing to make sure it
> doesn't break anything else. *Trivial* stuff being fixed, done by large
> software companies, certainly, is not actually a trivial thing.
>
That's why I'm saying it would have made more sense to implement the
full specification the first time, instead of arbitrarily setting a
limit way below the actual limit.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2013-09-10 10:07, Francois Labreque a écrit :
> Le 2013-09-07 16:49, Jim Henderson a écrit :
>> On Fri, 06 Sep 2013 17:01:44 -0400, Francois Labreque wrote:
>>
>>> Why would they need fewer people to support FAT32 by arbitrarily
>>> limiting the size of the drives you can use it on to 1/1000th of its
>>> full potential?
>>
>> Because when the code was written, it was written. To extend the
>> limitation requires more code be written.
>
> What do you mean by extend the limitation? When a programmer was
> assigned the task of writing support for FAT32, why would he (or she) be
> told to only support 1/1000th of the specifications full potential?"
> (Apart from an oops where the programmer checked for a 16 gigabytes
> limit instead of the 16 terabytes supported by the spec)
>
Correction to my prior post.
When the programmer was assigned the task of writing support for FAT32,
why would he or she be told to support the full specification for
reading and writing, but only allow formatting drives that are 1/1000th
or less of the size allowed infull specification? Apart from an oops
where the programmer checked for a 16 gigabytes limit instead of the 16
terabytes supported by the spec)
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/9/2013 9:50 PM, Jim Henderson wrote:
> On Mon, 09 Sep 2013 19:14:46 -0700, Patrick Elliott wrote:
>
>> Oh, and.. more to the point, now that they have something semi-decent,
>
> What, you mean MS Security Essentials? You think a /reactive/ tool is
> semi-decent? One that isn't based on behaviour, but based on pattern
> matching?
>
No, I meant the just adding in the "basic" functionality, without even
the extra, "You need to pay us more money to fix the gaping hole, which
it still won't fix.", that got added. The one that says, "This thing
needs to alter your machine, are you sure you want that?" In a sense, I
was semi-joking. But, only just. They are putting locks, and alarms,
etc. on the doors, and bars that come down, so if something gets in, it
can't get out (presumably, only.. not really), and leaving an unlocked
pet door, a shitty email client, default functionality, etc. all in
place, and their "solution" is, as you say, to make you pay more money
for something that only reacts "after" the fact... Hell, I can download
and install free tools to do that, and many of them watch the system for
changes, and specifically tell me which key changes, and whether or not
I want the damn thing to auto-run, or roll back the changes. So much for
"reactive" tools.
My point though is.. they can't even get the basics right, and, as a
result, basic shit that you can do safely in *nix, is locked, in case
your stupid enough to click something in an unprotected email, which
redirects you to a bad site, using "by default" 1005 active scripting,
to download a program, with no run restrictions, which will then, if the
writer has the slightest clue what they are doing, or buys the right
tool kit, will just disable everything it sees that might find it,
and/or alters the "whitelists" for those things, to include itself, or
any number of other things it **shouldn't have permission to do in the
first place**. Yet, they can't even do something as simple as adding a
NoScript like feature, into their web browser, which runs "everything"
on the machine, including their shitty email client... But, they block
security tools. You know.. the things you need to figure out why the
frak your network is going spastic, or even just your machine, due to
all the crap they let in the front door, but them Hotel California-d -
anything can check in, but its not allowed to leave. lol
You can argue all you want about my not having "solutions". The issue
here is just how bloody stupid the one things they added, and never
removed, 3-4 OS versions ago, actually is.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 10 Sep 2013 10:07:48 -0400, Francois Labreque wrote:
>> Even a /minor/ change to the code (say to make disk space reports not
>> turn up negative numbers) requires regression testing to make sure it
>> doesn't break anything else. *Trivial* stuff being fixed, done by
>> large software companies, certainly, is not actually a trivial thing.
>>
>>
> That's why I'm saying it would have made more sense to implement the
> full specification the first time, instead of arbitrarily setting a
> limit way below the actual limit.
Yeah, I'm not arguing that point. Fixing it, though, is another matter
altogether.
The limitation /is/ stupid, especially since it's so easily worked around.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 10 Sep 2013 19:13:32 -0700, Patrick Elliott wrote:
> On 9/9/2013 9:50 PM, Jim Henderson wrote:
>> On Mon, 09 Sep 2013 19:14:46 -0700, Patrick Elliott wrote:
>>
>>> Oh, and.. more to the point, now that they have something semi-decent,
>>
>> What, you mean MS Security Essentials? You think a /reactive/ tool is
>> semi-decent? One that isn't based on behaviour, but based on pattern
>> matching?
>>
> No, I meant the just adding in the "basic" functionality, without even
> the extra, "You need to pay us more money to fix the gaping hole, which
> it still won't fix.", that got added. The one that says, "This thing
> needs to alter your machine, are you sure you want that?" In a sense, I
> was semi-joking. But, only just. They are putting locks, and alarms,
> etc. on the doors, and bars that come down, so if something gets in, it
> can't get out (presumably, only.. not really), and leaving an unlocked
> pet door, a shitty email client, default functionality, etc. all in
> place, and their "solution" is, as you say, to make you pay more money
> for something that only reacts "after" the fact... Hell, I can download
> and install free tools to do that, and many of them watch the system for
> changes, and specifically tell me which key changes, and whether or not
> I want the damn thing to auto-run, or roll back the changes. So much for
> "reactive" tools.
MSE isn't an additional cost, it's just a download you can get. I use it
in my Windows VMs. But I'm under no misapprehensions as to what it
actually does or how useful it is. It's like the chain you put across
the door in a cheap motel room. It's something, but it's not much.
> My point though is.. they can't even get the basics right, and, as a
> result, basic shit that you can do safely in *nix, is locked, in case
> your stupid enough to click something in an unprotected email, which
> redirects you to a bad site, using "by default" 1005 active scripting,
> to download a program, with no run restrictions, which will then, if the
> writer has the slightest clue what they are doing, or buys the right
> tool kit, will just disable everything it sees that might find it,
> and/or alters the "whitelists" for those things, to include itself, or
> any number of other things it **shouldn't have permission to do in the
> first place**.
And yet *nix is not very popular on desktops. Hmm, I wonder why (and I'm
a Linux user).
> Yet, they can't even do something as simple as adding a
> NoScript like feature, into their web browser, which runs "everything"
> on the machine, including their shitty email client... But, they block
> security tools. You know.. the things you need to figure out why the
> frak your network is going spastic, or even just your machine, due to
> all the crap they let in the front door, but them Hotel California-d -
> anything can check in, but its not allowed to leave. lol
Well, finally, you've got some actually technological suggestions for
things they can do. Well done. LOL
> You can argue all you want about my not having "solutions". The issue
> here is just how bloody stupid the one things they added, and never
> removed, 3-4 OS versions ago, actually is.
You really overestimate the abilities of the average PC user. Most users
don't want to be bothered with whitelisting or other stuff like that -
they just want to use the damn thing. Most users don't have the need you
apparently do to do "approved unorthodox diagnostic work". They just
reboot and get back to their Word doc.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 9/10/2013 8:16 PM, Jim Henderson wrote:
>> You can argue all you want about my not having "solutions". The issue
>> here is just how bloody stupid the one things they added, and never
>> removed, 3-4 OS versions ago, actually is.
>
> You really overestimate the abilities of the average PC user. Most users
> don't want to be bothered with whitelisting or other stuff like that -
> they just want to use the damn thing. Most users don't have the need you
> apparently do to do "approved unorthodox diagnostic work". They just
> reboot and get back to their Word doc.
>
> Jim
>
True enough.. and, this is a perfect example imo of why, after the Apple
II line, the whole thing went to shit - you no longer had to know how
any of it worked, or, even on a hardware level, could find out (where
Apple gave you a built in language, which you could boot to even without
an OS, and a complete circuit diagram). The whole, "It will work if I
reboot." thing is just.. gah! But, yeah, most people won't even try to
comprehend the basics, and treat a PC likes is a big cell phone (and
have done so since before cell phones).
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Wed, 11 Sep 2013 10:14:24 -0700, Patrick Elliott wrote:
> True enough.. and, this is a perfect example imo of why, after the Apple
> II line, the whole thing went to shit - you no longer had to know how
> any of it worked, or, even on a hardware level, could find out (where
> Apple gave you a built in language, which you could boot to even without
> an OS, and a complete circuit diagram). The whole, "It will work if I
> reboot." thing is just.. gah! But, yeah, most people won't even try to
> comprehend the basics, and treat a PC likes is a big cell phone (and
> have done so since before cell phones).
Well, for most people, PCs are tools. It's like driving a car - most
people don't know how to fix them, but most people also know how to drive
them (allegedly).
There are always those of us who want to see what's "under the hood", but
most people don't really give a shit - they just want to do their job,
and the tool they use helps them do it.
That's a lot of why Windows works the way it does.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 2013-09-11 13:14, Patrick Elliott a écrit :
> On 9/10/2013 8:16 PM, Jim Henderson wrote:
>
>>> You can argue all you want about my not having "solutions". The issue
>>> here is just how bloody stupid the one things they added, and never
>>> removed, 3-4 OS versions ago, actually is.
>>
>> You really overestimate the abilities of the average PC user. Most users
>> don't want to be bothered with whitelisting or other stuff like that -
>> they just want to use the damn thing. Most users don't have the need you
>> apparently do to do "approved unorthodox diagnostic work". They just
>> reboot and get back to their Word doc.
>>
>> Jim
>>
> True enough.. and, this is a perfect example imo of why, after the Apple
> II line, the whole thing went to shit - you no longer had to know how
> any of it worked, or, even on a hardware level, could find out (where
> Apple gave you a built in language, which you could boot to even without
> an OS, and a complete circuit diagram). The whole, "It will work if I
> reboot." thing is just.. gah! But, yeah, most people won't even try to
> comprehend the basics, and treat a PC likes is a big cell phone (and
> have done so since before cell phones).
Most users use their PC they would any other office equipment, and
expect them to be as easy to use and as reliable as a stapler.
Expecting them to be able to understand how everything works in their PC
is akin to asking the average driver to be able to tweak the valve
timing on their car.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
