Forgot your password?
typodupeerror
Windows

Windows 7's Virtual XP Mode a Support Nightmare? 413

Posted by kdawson
from the twice-as-many-windows-to-wash dept.
CWmike writes "Microsoft's decision to let Windows 7 users run Windows XP applications in a virtual machine may have been necessary to convince people to upgrade, but it could also create support nightmares, analysts said today. Gartner analyst Michael Silver outlines the downsides. 'You'll have to support two versions of Windows,' he said. 'Each needs to be secured, antivirused, firewalled and patched. If a company has 10,000 PCs, that's 20,000 instances of Windows.' The other big problem Silver foresees: Making sure the software they run is compatible with Windows 7. 'This is a great Band-Aid, but companies need to heal their applications,' Silver said. 'They'll be doing themselves a disservice if, because of XPM, they're not making sure that all their apps support Windows 7.'"
Internet Explorer

IE8 Beta 2 Fatter Than Firefox and XP 597

Posted by timothy
from the other-than-that-how-was-the-parade dept.
snydeq writes "Consuming twice as much RAM as Firefox and saturating the CPU with nearly six times as many execution threads, Microsoft's latest beta release of Internet Explorer 8 is in fact more demanding on your PC than Windows XP itself, research firm Devil Mountain Software found in performance tests. According to the firm, which operates a community-based testing network, IE8 Beta 2 consumed 380MB of RAM and spawned 171 concurrent threads during a multi-tab browsing test of popular Web destinations. InfoWorld's Randall Kennedy speculates that Microsoft may be designing IE8 for the multicore future. But until your machine sports four or eight discrete processing cores, IE8 will remain 'porcine,' Devil Mountain's Craig Barth says."
United States

McCain Picks Gov. Palin As Running Mate 1813

Posted by ScuttleMonkey
from the the-one-upping-continues dept.
Many readers have written to tell us about McCain's choice of Alaskan Governor Sarah Palin as his VP choice. "Palin, 44, a self-described 'hockey mom,' is a conservative first-term governor of Alaska with strong anti-abortion views, a record of reform and fiscal conservatism and an outsider's perspective on Washington. [...] If elected, Palin would be the first woman US vice president, adding another historic element to a presidential race that has been filled with firsts. Obama, 47, is the first black nominee of a major US political party. The choice of a vice president rarely has a major impact on the presidential race. Palin will meet Biden, chairman of the Senate Foreign Relations Committee, in a debate in October."

Comment: Overhyped and Not What It Seems (Score 3, Informative) 415

by ThinkFr33ly (#24532587) Attached to: Vista's Security Rendered Completely Useless

Ok, I just read most of the actual white paper (http://taossa.com/archive/bh08sotirovdowd.pdf) and this technique requires:

1.) A browser exploit that allows for a buffer overflow.

2.) A .NET control or Java applet loaded into the browser's memory whose PE header has been modified to include the malicious shell code.

Given these two things (only the 2nd of which is actually a given), you would still be constrained by Protected Mode in IE. In other words, the best you could do would be to crash the browser and maybe generate an error dialog of some sort.

If, however, the exploit was in a component that used a broker class to facility communications with a browser plugin, and that broker class was running as the current user, then you could at least access that user's files/data. If the broker class was running as system (which none do), you could take over the machine.

Flash is an example of a BAD, BAD plugin that has a broker class which could be used to facilitate an attack like this.

But let me reiterate that you first need an exploit, and that exploit must be one in an existing browser plugin (basically just Flash) that has a brokering mechanism that bypasses Protected Mode.

Without that, this doesn't do jack. Really, this is just a reliable way to defeat DEP/ASLR. Nothing more. It just makes the Flash exploit used in the hacking contest a few months back a bit more interesting. That exploit has since been patched, btw.

This is bad, but very, very overhyped.

Bug

Dual Boot Not Trusted, Rejected By Vista SP1 525

Posted by timothy
from the that's-south-of-luckless dept.
Alsee writes "Welcome to our first real taste of Trusted Computing: With Vista Enterprise and Vista Ultimate, Service Pack 1 refuses to install on dual boot systems. Trusted Computing is one of the many things that got cut from Vista, but traces of it remain in BitLocker, and that is the problem. The Service Pack patch to your system will invalidate your Trust chain if you are not running the Microsoft-approved Microsoft-trusted boot loader, or if you make other similar unapproved modifications to your system. The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive. If you are not running BitLocker then a workaround is available: Switch back to Microsoft's Vista-only boot mode, install the Service Pack, then reapply your dual boot loader. If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L."
Software

Software Update Shuts Down Nuclear Power Plant 355

Posted by Soulskill
from the we-have-safety-systems-because-we-are-very-stupid dept.
Garabito writes "Hatch Nuclear Power Plant near Baxley, Georgia was forced into a 48-hour emergency shutdown when a computer on the plant's business network was rebooted after an engineer installed a software update. The Washington Post reports, 'The computer in question was used to monitor chemical and diagnostic data from one of the facility's primary control systems, and the software update was designed to synchronize data on both systems. According to a report filed with the Nuclear Regulatory Commission, when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant's radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown.' Personally, I don't think letting devices on a critical control system accept data values from the business network is a good idea."
Programming

How Microsoft Dropped the Ball With Developers 814

Posted by kdawson
from the new-vistas dept.
cremou writes "As part of an Ars Technica series on how one developer migrated from Windows to OS X (and why), this second article concentrates on how Microsoft bungled the transition from XP to Vista. The author looks at some unfortunate decisions Microsoft made that have made Windows an unpleasant development platform. 'So Windows is just a disaster to write programs for. It's miserable. It's quite nice if you want to use the same techniques you learned 15 years ago and not bother to change how you do, well, anything, but for anyone else it's all pain... And it's not just third parties who suffer. It causes trouble for Microsoft, too. The code isn't just inconsistent and ugly on the outside; it's that way on the inside, too. There's a lot of software for Windows, a lot of business-critical software, that's not maintained any more. And that software is usually buggy. It passes bad parameters to API calls, uses memory that it has released, assumes that files live in particular hard-coded locations, all sorts of things that it shouldn't do.'"
Security

New Attack Exploits "Safe" Oracle Inputs 118

Posted by Soulskill
from the it's-safe-until-it-isn't dept.
Trailrunner7 writes "Database security super-genius David Litchfield has found a way to manipulate common Oracle data types, which were not thought to be exploitable, and inject arbitrary SQL commands. The new method shows that you can no longer assume any data types are safe from attacker input, regardless of their location or function. 'In conclusion, even those functions and procedures that don't take user input can be exploited if SYSDATE is used. The lesson here is always, always validate and prevent this type of vulnerability getting into your code. The second lesson is that no longer should DATE or NUMBER data types be considered as safe and not useful as injection vectors: as this paper (PDF) has proved, they are,' Litchfield writes."
Math

Psychologists Don't Know Math 566

Posted by Zonk
from the one-plus-one-equals-your-mother dept.
stupefaction writes "The New York Times reports that an economist has exposed a mathematical fallacy at the heart of the experimental backing for the psychological theory of cognitive dissonance. The mistake is the same one that mathematicians both amateur and professional have made over the Monty Hall problem. From the article: "Like Monty Hall's choice of which door to open to reveal a goat, the monkey's choice of red over blue discloses information that changes the odds." The reporter John Tierney invites readers to comment on the goats-and-car paradox as well as on three other probabilistic brain-teasers."
Microsoft

Vista is Slower, But XP Is Still Dying 573

Posted by Zonk
from the ugly-truth dept.
An anonymous reader writes "Though the Redmond software giant may be extending the lifetime of XP on low-end laptops, the end is nigh for the aging OS. That extension makes perfect sense, as recent studies have shown XP is far faster than Vista across a number of platforms. Still, Microsoft is 'sticking to its guns' when it comes to drop-dates for most other uses of the XP operating system. 'There are several dates that apply, but the one you're probably thinking of is the June 30 deadline that Dix referred to. That's the last day when large computer makers -- the Dells, HPs and Lenovos of the world -- will be allowed to preinstall Windows XP on new PCs. It also marks the official end of XP as a retail product.'"
Windows

Windows Vista SP1 Meeting Sour Reception In Places 501

Posted by Zonk
from the just-a-bit-more-testing dept.
Stony Stevenson writes "A day after it was released for public download, Windows Vista SP1 is drawing barbs from some computer users who say the software wrecked their systems. 'I downloaded it via Windows Update, and got a bluescreen on the third part of the update,' wrote 'Iggy33' in a comment posted Wednesday on Microsoft's Vista team blog. Iggy33 was just one of dozens of posters complaining about Vista Service Pack 1's effect on their PCs. Other troubles reported by Vista SP1 users ranged from a simple inability to download the software from Microsoft's Windows Update site to sudden spikes in memory usage. To top it all off, the service pack will not install on computers that use peripheral device drivers that Microsoft has deemed incompatible."
Windows

Little Demand Yet For Silverlight Developers 314

Posted by kdawson
from the they-can-afford-to-wait dept.
ericatcw writes "At its Mix08 Web development conference, Microsoft said that its Silverlight rich Internet application platform is downloaded and installed an average of 1.5 million times every day; Microsoft has a goal of 200 million installs by midyear. But Silverlight is at the beginning of a long slog towards gaining traction. Computerworld did a quick analysis of job listings at nine popular career sites and found that an average of 41 times more ads mentioned Adobe's Flash than mentioned Silverlight. As expected only 6 months after Silverlight's introduction, the number of programming books carried on Amazon.com was also heavily skewed in favor of Flash."
Internet Explorer

+ - Microsoft Says That IE8 Will Play Nice->

Submitted by spikedLemur
spikedLemur (1243792) writes "It looks like Microsoft is planning to make standards compliant mode the default for IE8. This is a major departure from their previous position, which required the non-standard X-UA-Compatible header to make IE8 support modern web standards. Is it possible that all the negative feedback caused them to see the light?"
Link to Original Source
Networking

Where's Our Terabit Ethernet? 218

Posted by CmdrTaco
from the i-already-made-a-bandwidth-pr0n-joke-today dept.
carusoj writes "Five years ago, we were talking about using Terabit Ethernet in 2008. Those plans have been pushed back a bit, but Ethernet inventor Bob Metcalfe this week is starting to throw around a new date for Terabit Ethernet: 2015. He's also suggesting that this be done in a non-standard way, at least at first, saying it's an opportunity to "break loose from the stranglehold of standards and move into some fun new technologies.""
Windows

Vista SP1 Update Locks Out Some Users 410

Posted by kdawson
from the lather-rinse-repeat dept.
Echostorm writes with word that Windows Vista SP1, which began rolling out via Automatic Update, has left some users' machines unbootable. The update loops forever on "Configuring updates: Stage 3 of 3 — 0% complete. Do not turn off your computer." "Shutting down"... restart and loop. Echostorm notes having found traces of what sounds like the same bug in early beta releases of SP1. It's unclear how many users are affected. So far there is no word on a fix from Microsoft.

Always draw your curves, then plot your reading.

Working...