Posts by h4rm0ny

Re: What a great idea

"This way, if Microsoft catches an interesting program early on. It will use (copy) the concept right away and get its lawyers involved earlier on. I smell patent heaven."

You don't seem to know how the code-signing process works or what it is. If you buy a Cert from Verisign to sign a binary blob so that it can be authenticated when someone installs it, that is not the same as you sending your ideas to MS for approval.

Re: Haven't they been doing this for years?

"The Windows monthly updated Malicious Software tool, from Windows XP (as an option) forwards, has a licence that authorises Microsoft in perpetuity to delete files on your PC that in their opinion shouldn't be there. I assume that this includes Linux, or it will at their discretion. I mean they'll delete Linux."

You are the definition of Tin Foil Hat. You're actually suggesting that MS are going to classify Linux as malicious software and set Security Essentials to delete it? Have you any aware how paranoid you sound. I run Linux on Windows all the time. Many, many people do. We haven't had any problems. What possible evidence do you have that MS would do something so massively self-destructive to themselves as you propose.

Re: One way mirror?

"So am I right in assuming that to get approval MS get to see all of your 'trade secrets' of your source code, quite possibly to copy (sorry, "influence") for new MS products, but you don't get to see theirs?"

No. For a start, you can use a certificate from any company you like that is recognized - e.g. VeriSign, StartCom or others. There's quite a bit of choice, just as you can buy a SSL certificate for your domain from a range of providers. Secondly, source code is not signed, compiled binary code is signed. If you think about it, signing source code would mean that you could only verify that source code and that you would then have to carry out the entire compilation process during each install.

So just to re-iterate, it's compiled code that you sign, not source code (unless you want to for some reason, but that's not what is talked about here), and it can be signed with a certificate purchased by a range of providers, not just MS.

"A nuisance yes, but considering the potential sums you can make from a good (I use that term loosely) piece of scareware, $59 a shot isn't bad."

Just to re-emphasize what I wrote, it's not $59 a shot for your malware. If you just made one version and only had to come up with a fake company or register with a fake passport once, then it's a nuisance, but not as bad. But a piece of malware goes through scores of iterations typically. Both because the writer needs to change how it works to deal with changing servers, etc. and because they're engaged in an ongoing war with those who detect and identify instances of malware. Combine that with the fact that you will need to do a separate business or fake individual for each version (unless you want to see everything taken down the moment one thing signed under that certificate is detected) and that every instance means a new payment that is a potential lead in tracking you down... It's a significant thing. It's not "$59 a shot".

"I'm sure they can, but what about the smaller and less well funded projects? What about derivative releases of a bigger project?"

Whilst I don't want to trivialise costs for anyone, a project has to become pretty small before getting your code signed becomes a relevant part of your costs. I looked up the cost with Startcom and they sell a certificate you can use to sign code for US$59. And just to be clear, you can sign as many programs and versions of programs as you like with that. Anyone releasing software that finds that significant will just have to accept the warnings, I would guess. It might be a shame, but digitally signing code is a good thing to have as an industry standard. So basically, my answer to your question about smaller and less well-funded projects, is that these will be fine too.

"but as others have said this system offers no real protection in that users will probably continue just to click 'yes'"

If signing software to be installed is the default (as it will become), then unsigned code really will stand out and will therefore more likely make users think.

"Those who release the nasties will find a way to sign their code, and the cycle of catch-up will continue."

Some will, but signatures will get revoked and revoked fast. Repeatedly. Not only that, but when a piece of malware has been signed, registered to a company, then you can quickly check all the other things that company has signed. You say "will find a way to sign their code", but if you're having to go through a whole new registration process as a new company / individual and require pay a new fee every single time Kapersky Labs or MS or whoever notice and report your latest malware, that rapidly becomes a real nuisance. Which would you rather?

" In fact, from where I'm sitting, the only one who stands to gain is MS by pushing more of the smaller devs towards the Metro store"

I think smaller Devs will already gravitate toward the Windows Store. They want the advertising, the security, the streamlined way of getting paid and handling licences and hopefully the reduced piracy. I don't think this will be a factor one way or another. I mean if you feel that Windows Store isn't the best fit for your business model, paying US$50 dollars is unlikely to tip the scales toward it, imo.

Re: Firewall

"And why can't this trafic be stopped using Windows or a third party Firewall? Firewall work in outbound as well as inbound traffic."

Of course it can be blocked. Though as you can turn this feature off, it would be simpler to merely do so. Is it actually a major concern that your PC checks software you install against an online database, though?

Re: sign the code?

"If all you need to do is sign the code then the fake AV guys can afford a key. Are you saying their scam software will show up as good?"

Well firstly, if someone has to register and pay to get their malware signed, and typically you would expect a company to be doing this, then that is already a step toward catching people. Secondly, you forget that the moment it is identified as malware the key can be revoked.

"No meaningless warnings are a bad thing"

Are they meaningless? In this day and age, any commercial software should be signed. As has been pointed out below, the cost to do this is pretty low, apparently <£100. Which addresses the below comment:

"If your computer is always crying wolf, no one will notice a real wolf when it shows up."

It wont because how much software would the overwhelming majority of users be installing that wasn't signed? If you stick Adobe PDF reader or the GIMP on there, you would expect it to be signed. So the computer will very far from be "always" crying wolf. Secondly, you are arguing in favour of a system whereby no cry is raised at a real wolf, which does not seem safer to me than a system with the occasional false positive.

"It's to frighten ordinary users off open source, every time they try to install the majority of OSS apps they will get a warning. Nothing else."

I'm sure that the Mozilla Foundation or Apache can spring for £100 to have their code signed. Doesn't even have to be signed by Microsoft. Signing your code is good practice. In what way would the OS flashing up a warning that you were about to install software that couldn't be verified be innaccurate?

Re: Offline install?

"So what happens if you install something while you are offline?"

You get a message telling you that your system is unable to verity the program with Microsoft and that they can't therefore tell you if the program is safe or not, and asks you whether you want to actually proceed or not. It's similar to the message you get if the program you are installing isn't known to Microsoft, with the exception that it explains the failure is due to being offline so that you can go online if you choose and check it.

Re: lets hate hate apple

"Get some girlfriends and be quiet for once."

Downvote for presuming none of us might be hetero females commenting here.

Re: google groupies, hankies to the ready!

"go, ggroupies go, let's hear your whining :)"

You're a short-sited idiot if you think this isn't bad for all of us who want a healthy, competitive market with a variety of products to choose from. Even in Europe where this ruling doesn't take effect, it means that Samsung may not (probably will not) make the products that they otherwise would for any of us.

Re: I completely disagree

"One of the reports from Best Buy showed many of the returns for Samsung's tablet were from people who had thought they bought an iPad."

We cannot build our legal system or society based around the most stupid members of it. At some point, blame for something has to lie with a person's stupidity rather than with a company for not being able to do their thinking for them.

Re: as it provides stimulus for the companies that make your device "

I prefer to assume that the person I am talking with is a reasonable and intelligent person.

Re: WP7 not upgradeable?

I have the Lumia 710. I don't feel particularly bothered by the lack of upgrade. I bought my device SIM-free for £160 and it will still do all the same things after Win8 is released as it does now. The loudest people on how unfair it is not to have an upgrade on these forums have typically been those who are anti-MS in the first place.

I don't need anyone to be angry on my behalf, thanks. I grew up in a time when phones weren't upgradeable and I don't see it as some human right that after having bought it, someone should come along for free and magically grant it the hardware it needs to run a newer OS that was released long after it was designed. I get security updates, etc. Sure, it's nice with other phones if you can install a future OS on it (and that this doesn't cause your legacy hardware to run like a dog, which often seems to be the case), but I knew what I was buying and I still like it.

Re: Just two?

Other companies than Nokia are producing Windows Phone 8 devices. There's probably going to be quite a range of hardware to choose from.

Why would you celebrate the end of a company (which you've hardly shown will happen)? Competition is good. If you (I am presuming) have an iPhone or Android device, then the better Windows Phone devices are the happier you should be as it provides stimulus for the companies that make your device to keep pushing forward.

Re: Cheers

Left and Right are not particularly useful definitions since the US two party-system has polarized all sorts of thing as belonging to Left or Right on an entierly arbitrary basis. Anti-abortion apparently that's lumped in with believing in low taxes for some reason? Compulsory medical insurance? Left wing thing apparently (despite forcing people to pay for private health care via insurance seeming pretty non-socialist to me). They just become two camps that grow increasingly logically inconsistent.

But what's really interesting with "Left" and "Right" is how little they match up to many people's perceptions. Biggest political donations in the Obama vs. John McCain presidential fight? Goldman Sachs donated 75% to Obama and 25% of their donations to McCain. Microsoft donated 70% of their contributions to the Democrats. Time-Warner: another big Dem. backer. Ask most Left wing people and they'll insist that the Right is the corrupt big business end of the scale, better funded, and that the Left are the underdogs. But Obama got and spent around double what his rival did in the presidential campaign. I'm not ranting about the Left here, political contributions need reigning in massively all around. But the image most people have of the "Left" is seriously at odds with the reality.

I even saw someone on these forums rant about fascists as a right-wing idealogy. Uh, Mussolini - pretty much responsible for the modern term, was a socialist. The NAZIs were the National Socialism party and when they gained power, economically turned into a kind of state managed industrialism (hardly capitalist). But somehow some people want to cast these things as tendencies of "The Right".

The Tea Party - considered very Right-wing - were pretty much all against foreign wars whilst the Democrats were voting to fund them. Reality vs. Popular Depiction clashing once again.

They're not useful terms. They were back in the days of Pitt the Younger, but modern American politics has turned them as much into camps of allegiance, as based on consistent ideology. And hypocrisy is rampant.

Addressed the problem how, exactly? I can realize in advance that someone might shoot me, but I can't just decide to be immune to bullets.

Re: Willing to be flamed for this, but.....

I don't think it is a freedom of speech issue. I think it's a harrasment issue. The two don't have to go together. If there were a website rating guys and you're name appeared at the top saying: "dick like a worn out pencil - you'd have to be desperate"... Would that negatively impact your life? There will of course be people here who post: "No, because (insert reason)", but they don't speak for everyone. Particularly think how you would feel if you were a thirteen year old boy being mocked by the world.

It's not about freedom of speech, but it's still malicious and harmful.

Re: It's like a home for old people...

"Is there any way you know of making it not take-over the entire screen with new metro[whatever...] app? ie if I wanted to look at a webpage and my email in the same screen?"

Not with the Metro apps other than the 2/3rds and 1/3rd snapping of Metro apps.That would let you,e.g. look at a webpage whilst you had your email in a sidebar. It's okay for some things, like I've had the Financial app on 1/3rd of the screen (the left-most monitor) and had Desktop (which is technically a Metro app in its way) filling up the remaining 2/3rds of the left monitor and all of the right. That way the Metro app functions as a kind of live side bar showing emails, Social Networking feeds or whatever you want whilst not actually taking over the whole screen. It's handy sometimes, but not a fits-all solution. Normally, when I want to multi-task, I just use the Desktop programs and not Metro-apps which I see as more useful for tablets and RT users than if I'm using a Desktop with two monitors. After all, if I have Thunderbird or Outlook running on the Desktop, there's no big reason to use the Metro mail app. (Though as a side-bar, it does the job of letting me work whilst just ticking along on the edge of my vision).

"Or what about having settings open in one monitor and trying to open a webpage/email/whatever in the other monitor - does the dev release still hide the settings screen just to open the other?"

If I'm reading you right, then Settings (as in the side-bar) will close when you start doing something else, but the reverse isn't true. So if you were copying VPN settings from an email or something, that wouldn't be hidden just because you brought up the settings in a side-bar. Not sure if I got your meaning, but that might answer the question. You can still use Control Panel in its own window on Desktop if you want also.

"Oh yeah - and having internet explorer open differently to the metro internet explorer - is just plain weird!?"

Yeah - that's fucked up. I actually prefer the Metro version normally because you get more screen estate. But I switch back to the Desktop one when I want to work with my bookmarks, copy from Browser to emails, etc. That needs work.

Re: @Eddy

"Some stuff seems hardwired into the system. Well, that is; maybe you can configure it but I haven't found that yet. So; insert an audio CD and the Metro cd player will pop up."

Right click on the file, pick "Open With-> Choose default program."

Low values of 'hardwired,' then? ;)

Re: Hmph

<riversong>Spoilers</riversong>

Re: @AC

"That's not what the release candidate currently shows us."

There are three different modes in Server 2012. There's the "Server Core" mode which lacks the full GUI, there's a full GUI version and there's a completely stripped down mode which you manage with Server Manager and use Microsoft Management Console plug-ins. This last one runs on a normal Desktop and lets you manage lots of GUI-less servers from it. MS have said that Server Core is the preferred mode. Your preview is the one with the GUI apparently, but it is definitely not the recommended approach. Possibly you even selected to have a GUI when installing it?

At any rate, it would have been very easy for you to fact check this before suggesting that the AC above is wrong (they aren't). There's an article that covers the GUI-less aspects of Server 2012 here.

Re: Last Chance Saloon for Mr Balmer

"The games creators are not at all happy about this, and are already porting their games to alternative platforms. [Very interesting article on this in Micromart this week]"

Well Valve are certainly upset anyway - hardly surprising as the MS Marketplace could (probably will) make Steam redundant. But if other game makers have a choice of whether to sell via Marketplace of Steam, surely that choice can only be a good thing for customers. Competition is beneficial, yes?

Re: 1-2% of PC shipments

"MS betting the farm on this is pretty scary"

MS aren't even close to betting the farm on this. They don't expect the entire business world or personal user base to suddenly get up and march to the shops and buy upgrades. Just as they didn't expect it to happen with Windows 7. They even issued advice to Corporate saying they don't advise an immediate rush to upgrade to Windows 8. I have no idea where you got the idea that MS are betting everything on sales of the Surface. It seems primarily to be a stick with which to beat OEMs into shape.

Re: TIFKAM

"Does Dell already know that TIFKAM is also present on Server 2012 ? ;-)"

By default, Server 2012 is effectively GUI-less. Powershell is the normal way of managing it and the GUI is essentially a major re-write of the previous tools as wrappers for Powershell commands. Good to see MS finally catching up to Linux in this area. ;)

The reason it is GUI-less is that Server 2012 virtualizes extremely well (both as host and guest). The lack of GUI helps keep the memory and processor footprint small when you have a thousand of these buggers all virtualised. Turning on the GUI when you need it is pretty easy. Likewise, when you're done, you can just turn it off again. Though I imagine most real sysadmins will do everything through Powershell, usually remotely.