Gå til innhold

Den frie kafeen


Anbefalte innlegg

Videoannonse
Annonse

Vil bare sitere (et veldig langt) innlegg fra Slashdot fra saken om Longhorns nye RSOD:

Shouldn't Microsoft be working on a way to reduce the number of BSOD/RSOD through better kernel-land code and better handling of userland errors, instead of trying to create a more informative BSOD process? Darn... Wait a while, and Clippy the talking paperclip will show up during the BSOD to explain what all the gibberish in hexadecimal means, and why "Windows is busy waiting" or whatever the BSOD says nowadays.

 

Speaking of reliability, I was just thinking how Microsoft could reduce the complexity of the next version of Windows, Longtooth, due in 2009.

 

Longtooth will include a tremendous amount of new features implemented in completely new code. Many, but not all, existing features would be reimplemented in VisualBasic.NET just for the heck of it, even if mature versions are already implemented in C or C++. Programmers making the new VisualBasic.NET code would not be allowed to look at the code that already exists, so that new ideas might be better implemented. The features will be chosen by random for reimplementation.

 

All Microsoft code would assume that any Microsoft code (the OS and any Microsoft applications) is secure. This code will always execute with no checks to make it run faster. All other code will be subject to Longtooth's new security system, dubbed Microsoft Longtooth Security Center 2003. This feature will give users more control over processes that execute in their computers. I will explain some of its features here:

 

To maximize security, Microsoft Longtooth Security Center 2003 will make certain assumptions about the user. For example, users who use Microsoft products are assumed to know what they are doing. However, users of 3rd party applications not made by Microsoft are always assumed to be complete idiots. Therefore, all user interface events occurring outside of Microsoft applications will trigger a safety mechanism.

 

For example, each time the user moves the mouse in an area not controlled by a Microsoft application, the user will see crosshairs moving across the screen to indicate where the mouse will be located. When the user stops moving the mouse, an authentication window will appear and state: "The user has requested that the mouse be moved to the location on the screen indicated by the crosshairs. This area of the screen is controlled by untrusted code that may cause damage to your computer, your documents, or your network. Do you wish to allow the mouse to move to this location?" Buttons for "yes", "no", "details", and "help" will be displayed.

 

Selecting "no" will cause the mouse cursor to remain at its previous location. Selecting "yes" will bring up another window, requesting the user's password to authenticate the movement of the mouse. If the user enters the correct password, the mouse cursor movement will be authenticated to that user and the cursor will be placed at the new location. Selecting "details" will display the X and Y coordinates of the new position, followed by warnings against using untrusted rogue code such as Linux.

 

For additional protection, clicks, keys pressed on the keyboard, items selected in a menu, or other input events will trigger similar security mechanisms. Since Microsoft code is considered secure, these checks will not occur in windows owned by Microsoft code. Also, the mouse may be used to click on the above buttons and fields during mouse movement authentication. If any such movement of the mouse takes place during the authentication process, the mouse will still be moved to the location indicated by the crosshairs, but a bug in Windows will cause the cursor to immediately "bounce" back to the location where it was last used during authentication. Microsoft will refuse to fix the bug unless Linux is outlawed in all countries, even those countries that have no computers.

 

Many other authentication checks will be made by Windows. I'll return to this topic in a moment. First, let me mention that Clippy, the talking paperclip, along with other Microsoft characters, will appear during this process to help the user make an informed decision. If the user is totally unsure, Clippy will provide several options to make a random choice. One option is to flip a virtual coin, which will come with cool animations and sounds. For additional fun, the user will even be able to choose from over 100 different contemporary and historical coins. Microsoft is also said to include an optional full-screen animation with cool 3D effects, which can be used during this process or as a screensaver. Another option is to pit two Microsoft characters, such as Clippy and Einstein, against each other in a variety of games, such as Scissors/Paper/Rock, Chess, Backgammon, Checkers, or Monopoly, with the winning character making the decision. Also, a "best out of three" option will be presented. By adding these innovations, Microsoft hopes to make the authentication process fun and inviting, rather than scary and intimidating.

 

The network layer will be similarly protected. Any time a packet is received over the network, an authentication window will ask: "A network packet has been received. Do you wish to allow the network packet in?" Again, buttons for "yes", "no", "details", and "help" will be displayed. Obviously, selecting "no" will reject the packet and notify the sender by sending a screenshot in JPG format; "yes" will accept it after getting the required password; "details" will show a disassembly of the packet and its contents, and "help" will direct the user to a website about avoiding any network traffic with Linux hosts for security purposes.

 

Since Microsoft code is considered secure, packets received while control is in an application known to be made by Microsoft, such as any file called EXPLORER.EXE, will bypass the entire security layer, including the Windows Personal Firewall, if the user activated it, and the packet will be accepted without further troubling the user.

 

By the way, to make sure that a "bot" or some other automated system isn't automatically clicking "yes" and entering the user's password, and to foil password cracking programs, Microsoft will implement several innovative new technologies. Sometimes, the "yes" and "no" buttons will be swapped. For password entry, sometimes the user will be asked to enter his password backwards. Other times, the password form will request every other character of the password, or every third character, or an ASCII sum of characters located in prime number locations (e.g., the 1st, 2nd, 3rd, 5th, 7th, 11th, etc., characters of the password) in BCD notation, or some other method. (Windows will provide a programmer's calculator for figuring that one out when it happens.) Additionally, Windows will sometimes display an image of text that is slightly warped (to foil OCR algorithms that might be present in password crackers) that the user must enter correctly before typing the password.

 

Microsoft will build hooks into its operating system which force application code to be authenticated to the user. Before any executable loads, the user will be asked: "The application WK4992LMB.EXE is attempting to load. This application is not made by Microsoft and may contain rogue code. If you run applications not made by Microsoft, you risk damage to your data, your computer, your network, or your bank account or other private information. Do you wish to allow this application to load?" Again, buttons for "yes", "no", "details", and "help" will be displayed, and the user will have to enter a password to authenticate. Since Microsoft code is considered secure, any application made by Microsoft, such as any file called NOTEPAD.EXE, will not require authentication.

 

Other hooks will perform similar functions. Any time an application not made by Microsoft attempts to call a Windows API function of any kind, the user will be asked: "The user has requested that the Windows API function FlushConsoleInputBuffer be called. Do you wish to allow the function to be called?" Pressing "details" will bring up the Windows API reference, so that the user will learn the details of the function before deciding whether to authenticate it. If the user has not installed Microsoft Visual Studio.net 2009, Windows will allow the user to enter credit card information to order a copy, so that the function reference could be displayed. If the user selects "no", the function will not be called, but control will return to the application as if nothing strange has happened. Usually, this will cause the application to get into an unknown state, but strong security is more important than proper operation. Again, since Microsoft code is considered secure, applications known to be made by Microsoft, such as any file called NOTEPAD.EXE, may call any Windows API function without requesting the user's password.

 

Any time an application not made by Microsoft attempts to execute an assembly instruction of any kind, a similar window will be displayed... "The user has requested that Windows execute the assembly instruction mov ax,bx. Do you wish to allow this assembly instruction to execute?" Windows will implement this functionality similar to an assembly-level debugger. Selecting "no" will cause the instruction to be skipped. Windows will place the instruction pointer at the following instruction, without executing the one that the user did not authenticate. Usually, this will cause the application to get into an unknown state, but strong security is more important than maintaining a known state in user applications. Remember that Microsoft code is not subject to these checks.

 

All of these authentications will make the computer nearly unusable. Microsoft applications will still function normally, but any applications made by a third party will not be usable because the user will spend hours and hours entering his password before the application even finishes loading. To solve this problem, Microsoft will release a special application called Microsoft Longtooth Password Accelerator 2003. This product will be released in 2009 as an optional component of Longtooth. With this accelerator, whenever Longtooth will attempt to ask the user one of the above questions with a password, Microsoft Longtooth Password Accelerator 2003 will prevent those windows from appearing and will enter the administrator password, authenticating the action to the administrator account. This will allow applications not made by Microsoft to execute in Longtooth with Administrator priviledges, so that all of the user's time won't be taken up in authentication and password entry. To make sure that the system is still somewhat secure, the authentication form will still appear at random times when using non-Microsoft code. So you might be playing Doom 3 and suddenly a window asks you if you want to execute mov eax,ebx.

 

By implementing such a widespread and well-designed security system, Microsoft will finally achieve a level of security that is satisfactory for Windows in the 21st century.

Lenke til kommentar

Nokon som har tips til program som kan lese ReiserFS frå Windows?

 

Treng berre lesetilgang.

 

Har all musikk osv på ReiserFS og må bruke Windows til å overføre sangar til MP3-spelaren min.

 

Overfører forløpig til server frå Linux via NFS. Så til Windows via Samba når eg har boota Windows.

Lenke til kommentar
Vil bare sitere (et veldig langt) innlegg fra Slashdot fra saken om Longhorns nye RSOD:
..... One option is to flip a virtual coin, which will come with cool animations and sounds. For additional fun, the user will even be able to choose from over 100 different contemporary and historical coins.....

:lol: Konge!

Lenke til kommentar

Kanskje dette ikke er noe nytt for folk, men jeg har lenge lurt på hvordan man kan få alle knappene på musen til å funke. Har en MX900. Det har gått men alltid involvert i ekstra programmer og mye styr. Nå klarte jeg å fikse det i xorg.conf.

 

Section "InputDevice"

Identifier "Configured Mouse"

Driver "mouse"

Option "CorePointer"

Option "Device" "/dev/input/mice"

Option "Protocol" "ExplorerPS/2"

Option "Buttons" "7"

Option "ZAxisMapping" "4 5"

EndSection

 

Nå virker både fram og tilbake og ned knappen perfekt. Det er jo bare de to første jeg har savnet. Oppknappen virker som oppknapp, men i tillegg sender den meg til startsiden min. Den siste knappen vet jeg ikke hva er til. Har prøvd både med buttons lik 6/7/8, De to siste ga både fram og tilbake, mens 6 ikke virket med tilbake, selv om musen min har seks knappe. Men jeg er fornøyd, gidder ikke forske på det!!

Lenke til kommentar
..... One option is to flip a virtual coin, which will come with cool animations and sounds. For additional fun, the user will even be able to choose from over 100 different contemporary and historical coins.....

Herregud, burde de ikke brukt disse ressursene til å oppdatere den bedritne sikkerheten dette OS-et har? (Hvis det arver noen av metodene til XP/W2k, såklart).

Lenke til kommentar
..... One option is to flip a virtual coin, which will come with cool animations and sounds. For additional fun, the user will even be able to choose from over 100 different contemporary and historical coins.....

Herregud, burde de ikke brukt disse ressursene til å oppdatere den bedritne sikkerheten dette OS-et har? (Hvis det arver noen av metodene til XP/W2k, såklart).

Velmont: Derfor kalte jeg det troll :p

 

Min erfaring med mennesker er at det alltid er noen som vil ta slikt seriøst :dontgetit:

Men det er mer en svakhet i menneskets natur heller enn han som skrev innlegget. Moro var det, som sagt :)

Lenke til kommentar

Veldig synd at de ikke har klart å bruke HTML korrekt... :(

Hvorfor skrive slikt når man har <ol>?

<p><strong>I løpet av de siste par månedene har vi</strong><br />
1) Testet alle aktuelle publiseringssytemer.<br />
2) Laget all grafikk og design dere ser her, og laget enda flere utkast som dere aldri vil få se.<br />
3) Skrevet vår egen kode for å integrere Drupal med phpBB. Når jeg er ferdig med dette og eksamener så vil denne gjøres tilgjengelig under GPL, men akkurat nå er mye hardkodet for disse sidene.<br />
4) Testet diverse moduler som gjør Drupal mer interessant<br />
5) Skrevert våre egne programmer for å ta med innholdet fra de gamle sidene og legge inn i Drupal, samt håndtere overlapp.<br />
6) Forbedret oversettelsen av Drupal.</p>

Lenke til kommentar
..... One option is to flip a virtual coin, which will come with cool animations and sounds. For additional fun, the user will even be able to choose from over 100 different contemporary and historical coins.....

Herregud, burde de ikke brukt disse ressursene til å oppdatere den bedritne sikkerheten dette OS-et har? (Hvis det arver noen av metodene til XP/W2k, såklart).

Velmont: Derfor kalte jeg det troll :p

 

Min erfaring med mennesker er at det alltid er noen som vil ta slikt seriøst :dontgetit:

Men det er mer en svakhet i menneskets natur heller enn han som skrev innlegget. Moro var det, som sagt :)

Jeg tviler ikke et sekund på at dette finnes i Longhorn.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...