Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

William Kempf wkempf
  • whats your style for anonymous methods?

    public void SomeMethod()
    {
       ...
       InvokeDelegate(() => if (something) MessageBox.Show("Hello"));
    }

  • Peace At Last

    Jason Cox wrote:
    Agreed. Granted if this was reported 2 years ago, it should have been fixed 1 year and 10 months ago at most, but the disclosure forced Microsoft to have to rush a patch out, probally without all the testing they would have liked to have done, and some people have suffered for it.

    I love how the article says they 'helped protect users'. Now instead of having a an undisclosed flaw that malware writers werent targeting, its now fully disclosed and anyone who doesnt update is screwed.


    I don't agree.  No matter the reasoning, 1 year is certainly more than enough time to "sit on" a security report before going public.  Microsoft can spin it all they want, this time they should have patched earlier.

  • Cursor flaw throws doubt on Vista security

    Are you a developer?  If you are, I don't understand how you can ask the questions you're asking.  It doesn't take much effort to understand what people have told you, and responses like "well, if you implement it correctly there won't be any problems" would be statements you should feel reluctant to utter.  First of all, as all developers know, there's no such thing as bug free code.  Period.  End of discussion.  Second, you can't discuss improving code with out addressing concerns with your concepts.  Otherwise, you're only going to make things worse, not better.

    Again, you seem to be looking for something that can't exist, and has certainly never been promised for you.  Vista is more secure.  That doesn't mean it can't be hacked.  It means it's more difficult to do so.  This specific exploit doesn't prove otherwise, and this circular argument is pointless.

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    
    JChung2006 wrote: 
    SecretSoftware wrote: 
    Okay, Advice Accepted. Though I will not change FF, because its more responsive than IE. IE is heavy.

    Security isn't really a concern for you then, is it?  So why are you making a fuss when you choose to use a browser that doesn't protect you from the very exploit you're complaining about?


    I am a security freak. I mean I am the paranoid type. Simply because all my business is in my pc networks.

    How does using FF make you careless in security? Why is this exploit even FireFox's problem? or any other browser's problem? Its a core OS problem.

    Plus, FireFox was paraded as being , and still more secure than IE7, with cross side scripting and all the rest of these stuff.

    Why are people making all the blame fall on the browser and not on the Windows Vista Team for shipping a faulty DLL?


    How is it a core OS problem?  Because this specific bug is in the OS (granting a large description of what an OS is)?  Then why is IE more secure in this case?  Doesn't that make it sound like it's not just a core OS problem to you?

    Try to be more than just paranoid about security.  Try to understand it.  You'll be much better off (and maybe a little less paranoid).

  • Cursor flaw throws doubt on Vista security

    SecretSoftware wrote:
    So let me ask for this:

    Why not design a way so that no- code would execute without my consent, even if its non-admin? I mean no code aside from code run by services that MS designs in the system.

    Basically what I am asking is how to prevent this scenario from happening again in the future with another file type? Does this mean maybe UAC should be updated to mitigate scenarios of this type?


    1.  This would drive every user nuts.  Just look at the complaints about UAC as it is, where in normal usage you never see a prompt.  I mean, really, for this reason alone I can't believe you're asking this.

    2.  Even if a process required a prompt, not all vectors involve something as heavy as a process.  Plugins, COM objects, etc., are all avenues for executing code that do not create a process.  And if you think there should be some way to ask the user for permission to load these things... can I have some of what you're smoking?

  • Cursor flaw throws doubt on Vista security

    For the slow:

    1.  All software has bugs.
    2.  Eventually a hacker will exploit any bug that exists.
    3.  Security can't change 1 & 2.
    4.  Security is aimed at limiting the damage that can be caused by an exploit.
    5.  UAC limits the damage by not allowing the process to elevate privileges.

    If UAC is enabled, an exploit such as this one will only give the attacker your user privileges (unless your dumb enough to let UAC elevate via the prompt).  This means they have access to YOUR data, but not to the OS or to the data owned by other accounts on the machine.  The attacker can do a lot to your account, but that's what he's limited to.

    Protected mode goes further.  Applications that run in protected mode have their own little sandbox of rights.  This means an exploit here won't even have access to YOUR data.

    Protected mode is something that any application can make use of.  If FF doesn't (I believe they're working on it) then that's an issue with FF, not with the Vista security model.  NO security model can prevent software flaws.  The best it can do is limit the damage that can be caused.  UAC and protected mode do this as best as they can given the needs of the user.

    If you're not trolling, then you're delusional.  You expect a utopian security model where any and all exploits are immediately handled by the OS.  That's like expecting a police force to prevent all crimes before they occur.  Can't be done.  And MS has never claimed Vista can do this.  Because no OS can.

  • GPL 3 to kill ​Microsoft/​Novell deal

    corona_coder wrote:
    
    wkempf wrote: 

    Currently, it is grandfathered, and you're only speculating that that may not remain the case when the GPLv3 is finalized.  However, your speculation is based on what you want politically, not on legal grounds or even what's best for the FSF, the GPL and Linux.  If you took your head out of the sand, you'd likely still be mad enough to spit bullets, but you'd realize that trying to use the GPL license in this manner is not in your own best interests.


    Its not grandfathered and not allowing the deal to continue would be whats best for the GPL, Linux and the community.  There will be no grandfather clause and whats written now is the equivalent of a house bill thats put put up for vote to legalize marijuana.  No chance of that happening and if RMS and the FSF are smart they will kill this.  RMS has Novells throat in his hands and now all he has to do is squeeze.


    In the current draft, it IS grandfathered.  You can't argue that point.

    corona_coder wrote:


    wkempf wrote: 
    I don't care to Google it.  You're the one making claims you've not backed up, you Google it and provide us with proof.  Otherwise, you're spreading unsubstatiated FUD.  IOW, you're a troll.  And not a very effective one.


    Told you where to find the information now go find it.  Do away with the petty insults.

    Th future does look bright for OpenSolaris because its going under the GPL 3.  The BSD Project will die out as will DRM.  Its happening now.  Did you know that now the BSD community is violating the GPL?  Read more here
    and here


    Yeah, you told me where to find it.  *rolls eyes*  That's like having someone on the street ask you for directions to town hall, and you respond "it's somewhere in the city, just go find it!"  Only in this case, it's worse.  It's more like someone saying "there's a UFO that landed in Yellowstone" and when being asked to prove it responding "it's in the forest, go find it".

    OpenSolaris may not go GPL at all, let alone GPL3.  But nice try.

    As for your BSD rantings... funny how the grass is always greener on the other side of the fence.  Someone claims some GPLed project is violating copyright and/or patents, and the accuser is an evil entity with no proof and can go stuff it.  When some GPL contributor claims someone else has violated copyright and the GPL license, we instead rush to back him up and decry the accused and proclaim them "dead".

    *IF* the accusations are proven, BSD will handle things the same way Linux would have... by removing the offending code.  This certainly won't lead to the "death" of BSD.

    Oh, and DRM, if we're all lucky, may no longer be used for copy right enforcement, but it's not going to go away.

  • Powershell questions

    tribalcactus wrote:
    Get-ChildItem would probably work for you here.  Or even more simply, just use Dir (it's an alias for get-childitem).

    Something like

    dir * -include *.exe -recurse

    would search for all .exe files and would search the current directory and all subdirectories.

    Help Dir -full will give the full help for this cmdlet.


    This is really a replacement for find, not locate.  locate uses an index file for faster searches.  We don't have an equivalent in PowerShell, AFAIK.  Though I'm willing to bet there's some way to hook into desktop search for even more power than locate.

  • GPL 3 to kill ​Microsoft/​Novell deal

    corona_coder wrote:
    
    wkempf wrote: 

    Nope, the deal is grandfathered.  And preventing any such future deals might not be a good thing, even if your politics lead you to believe the current deal is bad.


    No its not grandfathered.  The clause is in deliberation and it appears they will remove it when the final version is done.  Sorry.


    Currently, it is grandfathered, and you're only speculating that that may not remain the case when the GPLv3 is finalized.  However, your speculation is based on what you want politically, not on legal grounds or even what's best for the FSF, the GPL and Linux.  If you took your head out of the sand, you'd likely still be mad enough to spit bullets, but you'd realize that trying to use the GPL license in this manner is not in your own best interests.

    corona_coder wrote:



    wkempf wrote: 

    Source?  I don't believe any such attempt, even if it were made, could be successful.  The GPL license in this case works against the FSF.  There's no legal grounds on which they could prevent Novell from distributing GPL software.


    Google it tons of sites with the information.   Novell and Microsoft not have only violated the GPL but they also have violkated every ethical standard set by the FSF.  I have dumped everything from Novell inclusing opensuse and I encourage others to as well.  They are using an inferior distribution of Linux.  After GNOME and KDE get released as GPL 3 then Novell will not be able to distribute the software without sharing patent protections downstream


    I don't care to Google it.  You're the one making claims you've not backed up, you Google it and provide us with proof.  Otherwise, you're spreading unsubstatiated FUD.  IOW, you're a troll.  And not a very effective one.

    corona_coder wrote:

    wkempf said:

    Terrible message.  First, Novell has been contributing.  Second, "if you don't contribute you can't play" is NOT the message the FSF has been trying to promote for all of these years.  Just because it may be beneficial for their current political agenda does not make changing that a good idea.



    Not a terrible message.  If they want to use the work of others than they must honor the other contributers wishes.  They have continously refused to do so and continuing the deal also is not honoring community wishes and they should be disallowed from contributing and distributing said software..  Novell is no longer a trusted partner.  Microsoft has never been trusted and have never been considered a partner.


    Again, if you pull your head out of the sand, you'll undrestand that this is a terrible message.  First, you're advocating the opposite of what the FSF has pushed so hard politically for so long.  GPLed software is supposed to be "free".  It's not free if I can only use it in the manner in which someone wants it to be used.  That's the problem with giving someone freedom... they may (ab)use that freedom in ways that you don't like.  But if you believe in freedom, you can't then turn around and take it away from them.  Instead, you must try and find a way to persuade them not to behave in the manner you dislike.

    Not to mention the political disaster that the FSF is walking towards.  The hatred of MS has been a political problem for them all along, even if they've not realized it.  But pushing it to the fever point as they've been doing lately is only likely to alienate all the people with out political agendas.  Just like in real politics, you have extremists on both sides, but the majority of people are (relatively) centrists.  If you alienate those centrists, you quickly find yourself in a very small minority and lose all influence.  At this point, I'd say the only hope the FSF has is that there's enough centrists who leans towards their political point of view that can disuade them from their current course.  Otherwise, I suspect to see a severe decline in usage of GPLed projects within a couple of years.

    The future is looking bright for OpenSolaris and BSD, and it's looking about the same for MS.  Sorry.


    corona_coder wrote:

    wkempf wrote:

    First, not everything is going to switch to GPL 3.  It's too difficult to change a license when there are many contributors, so many existing projects will never switch.  Second, even if everyone switched, it might not have any effect on Novell, and it certainly won't have any effect on Microsoft.  Third, there's a possibility that the politics of GPL 3 may have a worse effect on the FSF then on any other entity.


    That not a possibilty.  GPL 3 will unite the community like no other. It will affect Microsoft.  When the GPL is finalized and the Novell-Microsoft deal is invalid than Microsoft wasted their money.  GNOME, KDE even MySQL are switching.  Sun is placing Solaris under the GPL 3.   The GPL 3 is shaping up to be the most used license and any project that refuses to adopt it will see their user base disappear.


    It will unite the extremists.  Don't delude yourself that they consitute the "community".  In any event, even if everything went the way you want it to, I doubt it would effect MS.

  • GPL 3 to kill ​Microsoft/​Novell deal

    corona_coder wrote:
    The new GPL invalidates the Microsoft/Novell deal and keeps companies from being able to initiate any other such deals.


    Nope, the deal is grandfathered.  And preventing any such future deals might not be a good thing, even if your politics lead you to believe the current deal is bad.

    corona_coder wrote:
    Brilliant.  The other note is that the FSF is considering a ban to keep Novell from distributing GPL software.


    Source?  I don't believe any such attempt, even if it were made, could be successful.  The GPL license in this case works against the FSF.  There's no legal grounds on which they could prevent Novell from distributing GPL software.

    corona_coder wrote:
    Quite fitting.  This sends a message, either contribute and be a part of the community or dont use our software.


    Terrible message.  First, Novell has been contributing.  Second, "if you don't contribute you can't play" is NOT the message the FSF has been trying to promote for all of these years.  Just because it may be beneficial for their current political agenda does not make changing that a good idea.

    corona_coder wrote:
    Once everything is changed over to the GPL 3 Novell's and Microsofts days are coming to an end.


    First, not everything is going to switch to GPL 3.  It's too difficult to change a license when there are many contributors, so many existing projects will never switch.  Second, even if everyone switched, it might not have any effect on Novell, and it certainly won't have any effect on Microsoft.  Third, there's a possibility that the politics of GPL 3 may have a worse effect on the FSF then on any other entity.

    Corona, if you're going to play in politics, at least use your brain a little.