Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:How is this news? Cygwin has been around since (Score 2) 170

Ok - I fail to see how this is news. Cygwin has provided Gnu tools in windows forever. Cygwin-X has provided X11 in Windows forever.

SFL and Cygwin have drastically different performance profiles.

SFL is syscall translation in kernel space running on pico processes; Cygwin is syscall emulation in userspace running Windows processes and Windows threads.

Windows is built around an object oriented philosophy (handles) where, for instance, access rights are established upon handle creation. Handles covers many more types of resources in Windows compared to e.g. file descriptors or inodes in Linux. But the key difference is in lifetime. Under Linux access rights are checked on each access. Under Windows you request access rights on handle creation, a jump table is established with an entry for each operation - some of them pointing to "access denied" - and hence Windows does *not need* to check rights on each access. Now, if you want to emulate Linux inodes/fds, you would need to create/dispose the handle on each access, or design some system with cache/sweep. Either way you are going to sacrifice some performance. And this is just one example.

SFL uses pico processes which do not own Windows handles the way Windows processes do. It is Linux like processes running on top of pico processes. I believe the real work for MS has been in the areas where those processes touch the same interfaces (such as file system) which must allow for the Linux way of accessing resources.

Comment Re:How does it work? (Score 2) 170

So it's Line as in "Line is not an emulator"?

Yeah, pretty much. The NT kernel was designed from the start to support multiple subsystems (think OS/2, POSIX, Windows). Hence, there's an abstraction layer that lay dormant but came in handy for something like this.

SFL builds upon something called "pico processes" - which is derived from the initial idea of multiple subsystems. A pico process is a process that is stripped for everything OS specific. It can be used to build "Linux-like" processes on top instead of Windows processes. But it seems that it really is just realizing the original design idea.

Cygwin was pure userspace, as in the syscalls were implemented as userland services. SFL is implemented as kernel-level syscalls from processes/threads that are not Windows processes/threads.

Comment Re:Better summary (Score 1) 133

Anything that connects to the display (and keyboard and mouse or other SHARED input/output device by implication) needs to be trusted.

That's true in Windows and Linux and Unix and IBM mainframes and on and on.


Guess they'll have to reinvent User Interface Privilege Isolation. Don't hold your breath, though.

Comment Re:How about something more useful? (Score 1) 156

When the kernel enters the BSOD/crash routine, nothing is guaranteed to be safe. The stuff that was pre-allocated and set aside? Not safe.

Incorrect. Any memory that has been marked as read-only can absolutely be considered safe. Indeed, the STOP condition may have been caused by some process or the kernel attempting to write such memory. So if the OS marks its core memory (code, jump tables etc) as readonly after loading, those jumptables and that code can absolute be assumed to be safe.

How does a CPU "know" where the QR code routines are at? By a jump table full of pointers to locations in RAM

No, initialized pointer to jump table sitting in readonly memory pages.

I have seen computers crash so hard that they could not even spit out their error message and the result of trying was to do some nasty things with the floppy disk controller.

Obviously that can happen. If the graphics card misbehaves, attempts to use the screen could fail miserably. Likewise with disk controllers.

That not the point, though. The point is what *extra* assumptions generating QR codes makes about what components are still safe to use. If QR code generation makes further assumptions, then yes, it could be a problem. But as it stands, the STOP handling code already uses the screen (error message) and disk (dump to pagefile). If coded correctly (engineered for failure) it makes no further assumptions and thus does not increase any risk.

It's like you and GP totally ignore the most basic principles of OS design and common engineering principles. No, I have not seen MS's code and cannot claim that they make no further assumptions about heap, device drivers etc. But cannot the the reverse either. I *assume* that they are more competent than you and GP, however, and make good use of read-only memory.

Comment Re:How about something more useful? (Score 2) 156

Now some dip shit from marketing wants to put a 100% worthless QR code on the screen. Thats something that has to be calculated. That means intentionally doing more computations on an unstable system and ignoring all conventional wisdom. The QR code provides no benefit and adds risk.

Why do you think it's a marketing idea?

There is absolutely no reason the QR code could not be calculated without additional risk. If the space has been set aside, the kernel thread has it's own "safe" space for the stack (which it must have since also creating a dump in the swap file requires at least some call instructions). You can absolutely work out in advance how much has to be set aside for the QR code and -computation. Just like with the minidump.

Now, what could be the upside? While the QR code cannot contain the minidump itself, it can absolutely contain register values along with the program pointer and the module/device driver (name, version, vendor etc) it was in when the STOP error occurred. That is enough to provide a really valuable service once the user hits the web page through the QR code. A known problem with a faulty device driver can for example direct the user to a later/fixed driver, to boot in safe mode or otherwise uninstall it. It will also provide valuable information to Microsoft/3rd party vendor as to the number of computers experiencing a specific problem.

That is engineering - as in engineering for failure - not marketing.

Or worse still, probably some jackass in the phone group decided that crashes should have a QR code so they could sell phones with QR readers to admins.

Ok. Is your tinfoil hat a bit tight?

Comment Re:How about something more useful? (Score 3, Informative) 156

Like, I don't know, say, a system log that would store messages from drivers and system components like dmesg?

How about a memory dump before crashing that can be inspected later?

What makes you think that Windows does not store messages and does not create a dump (hint: it does. Stop errors are logged in the system log, and default is to create a dump file upon a stop error. Space is even reserved for the dump file on the system drive to guarantee that a dump can be created even if disk is full).

But hey, why don't you make your own assumptions and go by them to diss on something that you obviously don't know anything about?

When you restart your computer, Windows will recognize the dump file and will offer you to upload it to Microsoft. In case of device driver crashes (the most common cause along with hw fails) Microsoft will even notify the vendor if they have registered for crash information.

Comment Re:Outlook has ads? (Score 1) 108

Or are they saying it WILL have ads? I've never seen any.

Summary is misleading. Outlook does not have ads, and never had. does have ads in the free version. is a hosted email solution. You can use it through the web interface or any other email reader - including Outlook (the application).

Comment Re:HERE lies Windows Phone (Score 1) 101

Unless Microsoft comes with a deal with Here Maps, most consumers will shun Windows Phone.The major option available seems to be Bing Maps; is that good enough?

For Windows 10 (both the phone and the desktop editions) there is the Map UWP app. It is actually based on HERE technology licensed by MS. The HERE apps have never been available for Windows 10 - although they would follow along with an upgrade.

IMO the Map UWP app is actually better: It has all of the functionality of all of the HERE apps, but integrated into a single app. It has tremendous 3D maps, turn-by-turn navigation, downloadable maps, public transportation planner etc.

While the HERE apps were quite good, I don't think anyone will miss them when they realize that the Map app is actually the quivalent of all of the HERE apps.

Comment Re:What's the vulnerability here? (Score 1) 97

Is there an actual bug in EDGE's PDF viewer

No. That is, there might be, but the blog post is not about the discovery of a vulnerability.

or are we just saying software can have bugs and that people will try to exploit those bugs?

Yes, pretty much. The slashdot submission actually tries to spin the message of blog post around: Reading the post, the researcher seems to be of the opinion that even with a vulnerability in the PDF library of WinRT - especially with Control Flow Guard protection in Windows 10 - is actually very, very hard to exploit. Not exactly what you read from the submission.

And it makes sense too: A PDF library developed under Secure Development Lifecycle (SDL) is likely to have *fewer* vulnerabilities than age-old adobe code. Firefox approach (PDF renderer exclusively in JavaScript) is somewhat better, but does not allow for the functionality to be used in standalone applications.

Comment Re:Proposed solution (Score 5, Insightful) 173

Just send all the Muslim refugees to college for free.

Oh, we will. You can count on it.

If they are accepted as refugees, after a few years they will be eligible for the same benefits as other citizens. Danish education - including college education - is free. Not only that, but we will even pay students scolarships of around DKK 5100 a month (apx $9200 per year) to cover living costs.

Universities have admission criteria, however. You'll have to be accepted. Most citizens with muslim background seeking higher education tend to go for the types of education that traditionally have high status in their culture: Law, medicine, dentists etc.

I have a high wage. I pay a *lot* of taxes. Do I mind that refugees seek education in Denmark and receive benefits? No, I do not. Any qualified young man or woman seeking higher education is *exactly* what we need. If they're qualified, I'm happy with paying my taxes so that they can receive an education even if they come of circumstances very unlike mine.

Right now we're receiving both refugees and migrants. We are well aware that the generous welfare systems in the Nordic countries and the economic opportunities (and welfare system) in Germany is attractive. Obviously, the Nordic countries cannot open the borders and let in every needy person in the world.

Bit the ones we *do* let in considered needy. And they *will* be eligible for the same benefits as the rest of us. And I'm kind of proud of that. And yes, I pay my high taxes with pleasure. Makes me feel good about it.

Slashdot Top Deals

"Don't think; let the machine do it for you!" -- E. C. Berkeley