my code ends up in %USERPROFILE%\code
and then I have %USERPROFILE%\dump where I put other stuff that might have ended up in Documents if there wasn't like a hundred folders in there already.
End on
I wish that someway, somehow, that I could save every one of us
0
Options
Monkey Ball WarriorA collection of mediocre hatsSeattle, WARegistered Userregular
I guess my main problem with UAC is that windows is fundamentally insecure and UAC does not and can not fix that, so I don't see the point in even the mild inconvenience.
"I resent the entire notion of a body as an ante and then raise you a generalized dissatisfaction with physicality itself" -- Tycho
In what way is Windows "fundamentally insecure", and in what way does UAC not, at the very least, help to fix it's deficiencies?
I'm curious as to what fundamentally core portion of the OS is inherently insecure, especially on the systems that use UAC (Vista, 7). I assume this fundamental insecurity is something not present in *nix variant OS's (OS X included)?
I can see (I've made|am making) it a fun Friday in the coding thread...
0
Options
jackalFuck Yes. That is an orderly anal warehouse.Registered Userregular
edited May 2012
I would agree that it is fundamentally insecure if you run as admin, but that's true of all OSes. There's this fundamental problem where you buy a PC and you turn it on and asks you for a user name instead of two. It's hard to say, "Look, even if there is one of you, you are two users. One of these users like's to run any exe you get your hands on and go to the most questionable of websites. The other is the one that's responsible for the actual computer, and you have to be both. User two doesn't put in his UAC password just because user one wanted to see titties and now something is trying to install itself, and maybe it will install itself to user one's account because it can do that, but now user two can just wipe user one's profile out and boom, at least no OS reinstall." This is kind of the fundamental problem with consumer computers.
jackal on
0
Options
Monkey Ball WarriorA collection of mediocre hatsSeattle, WARegistered Userregular
edited May 2012
I thought that windows' poor security was a universally accepted fact. As far as UAC not fixing it, there was this a few years ago. Not that those guys don't have a vested interest in making Windows sound less secure, but that's not exactly a hard sell.
I would agree that it is fundamentally insecure if you run as admin, but that's true of all OSes. There's this fundamental problem where you buy a PC and you turn it on and asks you for a user name instead of two. It's hard to say, "Look, even if there is one of you, you are two users. One of these users like's to run any exe you get your hands on and go to the most questionable of websites. The other is the one that's responsible for the actual computer, and you have to be both. User two doesn't put in his UAC password just because user one wanted to see titties and now something is trying to install itself, and maybe it will install itself to user one's account because it can do that, but now user two can just wipe user one's profile out and boom, at least no OS reinstall." This is kind of the fundamental problem with consumer computers.
Linux's setup with sudo/gksudo solves that problem perfectly. If windows had a real user/permission system, then they could emulate it fine, but as it is I'm pretty sure Window's user setup is a thin veneer of security theater.
To be fair, my feelings on this matter are colored by 15 years of dealing with windows, back to Win95, which has left me with a fundamental lack of trust in microsoft's competence in this area.
I am reminded of when I was a kid, my mom set a password on her new 486, and I got around it by pressing "cancel" on the login dialog, which dropped me to the desktop.
EDIT: Wait this is a programming thread! Right, uh.
Writing this app in WebPy has been a rollercoaster of "Wtf why isn't this working" and "Holy crap I can't believe just that works"
Monkey Ball Warrior on
"I resent the entire notion of a body as an ante and then raise you a generalized dissatisfaction with physicality itself" -- Tycho
The 95/98 line had literally no security. The NT line does. Modern windows is no more insecure than anything else. All that link shows is that if you run viruses then UAC won't help you, most viruses can be quite happy running as a normal user anyway if they can't get admin, especially botnet ones. The solution is to not run viruses, because running viruses on your linux box will infect that too. The real question is: if you run a virus, can it get higher permissions?
Also, Windows is actually the one with the "real" user/permission setup - ACLs vs user/group/other
Linux's setup with sudo/gksudo solves that problem perfectly. If windows had a real user/permission system, then they could emulate it fine, but as it is I'm pretty sure Window's user setup is a thin veneer of security theater.
Have you never looked at the ACL options available on NTFS filesystems? There is a real user and permission system.
UAC is, AFAIK, basically like a Linux GUI app triggering a gksudo/kdesu dialog.
Barrakketh on
Rollers are red, chargers are blue....omae wa mou shindeiru
Super fun to play around in still though. Trying to get my hands on windows 3.1 to put it in a VM still.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
0
Options
Monkey Ball WarriorA collection of mediocre hatsSeattle, WARegistered Userregular
No I have not looked at it at all. I mean, I saw that they implemented some sort of permission system back in XP, but I assumed it was trivially circumventable, because it was windows.
I guess my philosophy with Microsoft is the "Walder Frey Disappointment Principle": if I have no expectations of it, I will never be disappointed.
I really don't want to pollute this code thread with a MS vs. Linux argument though.
"I resent the entire notion of a body as an ante and then raise you a generalized dissatisfaction with physicality itself" -- Tycho
The 9x line died with Windows ME. May it burn in hell forever.
You've got it backwards; the 9x line is hell, an undeniable incarnation of the unholy nether realm.
0
Options
jackalFuck Yes. That is an orderly anal warehouse.Registered Userregular
edited May 2012
This reminds me of an argument a couple of my friends had about MMOs. One was like, "Rift is so much better than WoW. It has so many features that WoW doesn't."
The other replied, "Are you kidding. Rift is fine, but it doesn't win on features."
...various nerd-linger hand waving...
First Guy finally says, "Are you kidding Rift has... (some list of features)".
"WoW has had all of those features for years."
"Oh, I haven't played since Vanilla."
Edit: Actually this argument happened more directly. My father in law kept his windows 98 computer for almost a decade. Finally he upgraded to a Mac, and he couldn't stop raving about how much better it was than Windows. And it might be, but he wouldn't know.
siiiiiigh, so our company is (FINALLY) starting the slow swtich from XP -> Win 7. We've been using Oracle Developer suite (9.0.4) for years. Guess what's not supported in Win 7 anymore :S. Guess our one developer with Win 7 isn't doing any form/report work for a while.
Sent an email to our licensing guy to see if our current license has coverage to the lowest supported version (10.1.2) or we're going to have to pay $texas to get an upgrade. Though we're already paying $texas for 9.0.4 so maybe it won't be so bad.
That's one of the things where it's fast because the processor has special handling to prevent it treating the xor as creating a read dependency. And it's shorter than mov eax, 0
I relate about the UAC stuff. I'm the only Dev at work that keeps it on. I run into goofiness all the time with it. I have to run Visual Studio, SQL Managment Studio and a few other things as Administrator and every time I have something not working it usually means I need to run it as an Administrator explicitly to get it to work.
Linux's setup with sudo/gksudo solves that problem perfectly. If windows had a real user/permission system, then they could emulate it fine, but as it is I'm pretty sure Window's user setup is a thin veneer of security theater.
They do have it. It's just that running as administrator is basically running as a "super user" in linux all the time. This is generally regarded as a terrible idea in linux and it should generally be regarded as a terrible idea in Windows. The problem is that too many programs decide to do things that require admin access because it's more convenient to do it that way. UAC was less intended to make you more secure. It was supposed to annoy you to encourage developers to not do unsafe things because it would now also promote a bad user experience. It would also alert users that the people making the program were doing something they probably shouldn't. Noble goal, universally hated in practice.
In short, everytime a UAC thing pops up, that is more or less something that would require a "sudo" to do in linux, as I understand it.
Also, I haven't been around here in forever. How you guys doing?
@Incindium what are you doin' with Visual Studio that's requiring you to run it as Admin? I've never heard of that before. Is it some sort of plugin needing Admin rights?
Sorry about getting my panties in a bunch about Windows security, and dragging us on a tangent. It's just that it has gotten A LOT better with things like ACL and UAC (hell, even the Malicious Software Removal Tool via Windows Update), and it bugs me when people pull a "Windows is sooooo insecure." The thing that provides the biggest gap in Windows security right now is the same thing that provides the biggest gap in other OS's: users going "clicky-clicky, ooooh, boobies/computer-speeder-upper, I need those/that."
so today the jackoff IT guy came over and tried to tell me how great it would be if I let him migrate my windows VM to the server so I could just remote into it
something I abhor and detest
i stonewalled him as much as possible
i've got eight cores, dawg. i don't need "the cloud", as he referred to it. and by "the cloud" he means a small rack of Windows 2008 machines on the 5th floor
i guess they don't teach microsoft networking guys what a cloud is
I relate about the UAC stuff. I'm the only Dev at work that keeps it on. I run into goofiness all the time with it. I have to run Visual Studio, SQL Managment Studio and a few other things as Administrator and every time I have something not working it usually means I need to run it as an Administrator explicitly to get it to work.
You and @iTunesisEvil
Tell your coworkers to turn it back on. UAC isn't just that annoying password box that pops up. A lot of other background security stuff depends on it, and when you turn it off, those stop working too. http://support.microsoft.com/kb/2526083
Go the More Information section. I didn't look super closely to see if any of those only apply to server OSes and not desktop, but some of them are definitely both. Such as File and Registry Virtualization and Protected Mode IE.
@Incindium what are you doin' with Visual Studio that's requiring you to run it as Admin? I've never heard of that before. Is it some sort of plugin needing Admin rights?
Sorry about getting my panties in a bunch about Windows security, and dragging us on a tangent. It's just that it has gotten A LOT better with things like ACL and UAC (hell, even the Malicious Software Removal Tool via Windows Update), and it bugs me when people pull a "Windows is sooooo insecure." The thing that provides the biggest gap in Windows security right now is the same thing that provides the biggest gap in other OS's: users going "clicky-clicky, ooooh, boobies/computer-speeder-upper, I need those/that."
We use a bunch of windows batch file (cmd) stuff for post/pre build steps and building our DB template as part of the solution build. That stuff just doesn't work without running VS as Administrator if UAC is on (at least that was the easiest fix for me).
@Incindium what are you doin' with Visual Studio that's requiring you to run it as Admin? I've never heard of that before. Is it some sort of plugin needing Admin rights?
Sorry about getting my panties in a bunch about Windows security, and dragging us on a tangent. It's just that it has gotten A LOT better with things like ACL and UAC (hell, even the Malicious Software Removal Tool via Windows Update), and it bugs me when people pull a "Windows is sooooo insecure." The thing that provides the biggest gap in Windows security right now is the same thing that provides the biggest gap in other OS's: users going "clicky-clicky, ooooh, boobies/computer-speeder-upper, I need those/that."
We use a bunch of windows batch file (cmd) stuff for post/pre build steps and building our DB template as part of the solution build. That stuff just doesn't work without running VS as Administrator if UAC is on (at least that was the easiest fix for me).
Why can't those run unelevated, or run things as administrator themselves?
I was part of the win7 pre-deployment test group at work and there were a bunch of UAC/admin issues. Our build system would outright fail if not run as a real administrator; the linker was trying to use a temporary file at \tmpzzzz.bin or something, root of the drive instead of %TEMP%.
Additionally, IT uses these no-UI installer scripts, which fail horribly if not run as a real admin and Windows doesn't detect it's an installer so no prompts. This would be fine, but they either fail silently or just never complete.
I also do debugging of apps and services that have to interact with drivers, so I would have to run as a real admin to enable cross-user debugging
I was part of the win7 pre-deployment test group at work and there were a bunch of UAC/admin issues. Our build system would outright fail if not run as a real administrator; the linker was trying to use a temporary file at \tmpzzzz.bin or something, root of the drive instead of %TEMP%.
Additionally, IT uses these no-UI installer scripts, which fail horribly if not run as a real admin and Windows doesn't detect it's an installer so no prompts. This would be fine, but they either fail silently or just never complete.
I also do debugging of apps and services that have to interact with drivers, so I would have to run as a real admin to enable cross-user debugging
Sounds a lot like they should've been using NSIS for their scripts. I've never had any trouble with NSIS and UAC, even in silent mode provided I set it to ask for administrator rights.
Oh they're terrible. I got VS2010 installed a few weeks ago, but I was running low on space on C (we also get really small drives too!) so I told them to install to D instead. But nope, they just ran the wrapped up installer normally which did its thing, failed without any warning in like 2 minutes due to lack of space, then the sent me an email telling me it installed fine to C.
I ended up moving the extracted installer from c:\windows\temp to another drive, freeing up the 2GB for that, then running it myself
You know, exponential cost blowouts are not nice things. And if I had a few machines and the patience to rewrite and test the existing codebase, I could probably process this dataset in a few hours. But, because of aforementioned exponential costs, I can't tell in advance. It's a frustrating combination of a fundamentally complex process (empirical analysis of an exponential algorithm) and hilarious implementation inefficiencies.
But you know what? I'm still not dealing with the inane things urahonky is, so that's a blessing.
so today the jackoff IT guy came over and tried to tell me how great it would be if I let him migrate my windows VM to the server so I could just remote into it
something I abhor and detest
i stonewalled him as much as possible
i've got eight cores, dawg. i don't need "the cloud", as he referred to it. and by "the cloud" he means a small rack of Windows 2008 machines on the 5th floor
i guess they don't teach microsoft networking guys what a cloud is
Nothing bothers me more in the IT world than the phrase "the cloud". It's just a remote server, that's all. Nothing new, so stop acting like "the cloud" is new technology... goddamit.
0
Options
Monkey Ball WarriorA collection of mediocre hatsSeattle, WARegistered Userregular
so today the jackoff IT guy came over and tried to tell me how great it would be if I let him migrate my windows VM to the server so I could just remote into it
something I abhor and detest
i stonewalled him as much as possible
i've got eight cores, dawg. i don't need "the cloud", as he referred to it. and by "the cloud" he means a small rack of Windows 2008 machines on the 5th floor
i guess they don't teach microsoft networking guys what a cloud is
Nothing bothers me more in the IT world than the phrase "the cloud". It's just a remote server, that's all. Nothing new, so stop acting like "the cloud" is new technology... goddamit.
You can put a sticky note on it that says "The Cloud" if that makes you feel better.
"I resent the entire notion of a body as an ante and then raise you a generalized dissatisfaction with physicality itself" -- Tycho
Posts
my code ends up in %USERPROFILE%\code
and then I have %USERPROFILE%\dump where I put other stuff that might have ended up in Documents if there wasn't like a hundred folders in there already.
I'm curious as to what fundamentally core portion of the OS is inherently insecure, especially on the systems that use UAC (Vista, 7). I assume this fundamental insecurity is something not present in *nix variant OS's (OS X included)?
I can see (I've made|am making) it a fun Friday in the coding thread...
Linux's setup with sudo/gksudo solves that problem perfectly. If windows had a real user/permission system, then they could emulate it fine, but as it is I'm pretty sure Window's user setup is a thin veneer of security theater.
To be fair, my feelings on this matter are colored by 15 years of dealing with windows, back to Win95, which has left me with a fundamental lack of trust in microsoft's competence in this area.
I am reminded of when I was a kid, my mom set a password on her new 486, and I got around it by pressing "cancel" on the login dialog, which dropped me to the desktop.
EDIT: Wait this is a programming thread! Right, uh.
Writing this app in WebPy has been a rollercoaster of "Wtf why isn't this working" and "Holy crap I can't believe just that works"
Also, Windows is actually the one with the "real" user/permission setup - ACLs vs user/group/other
UAC is, AFAIK, basically like a Linux GUI app triggering a gksudo/kdesu dialog.
I guess my philosophy with Microsoft is the "Walder Frey Disappointment Principle": if I have no expectations of it, I will never be disappointed.
I really don't want to pollute this code thread with a MS vs. Linux argument though.
You've got it backwards; the 9x line is hell, an undeniable incarnation of the unholy nether realm.
The other replied, "Are you kidding. Rift is fine, but it doesn't win on features."
...various nerd-linger hand waving...
First Guy finally says, "Are you kidding Rift has... (some list of features)".
"WoW has had all of those features for years."
"Oh, I haven't played since Vanilla."
Edit: Actually this argument happened more directly. My father in law kept his windows 98 computer for almost a decade. Finally he upgraded to a Mac, and he couldn't stop raving about how much better it was than Windows. And it might be, but he wouldn't know.
Sent an email to our licensing guy to see if our current license has coverage to the lowest supported version (10.1.2) or we're going to have to pay $texas to get an upgrade. Though we're already paying $texas for 9.0.4 so maybe it won't be so bad.
Should return a 0 right?
So yes, since every digit will be the same in both values, the result for every digit in the new value will be false (zero).
Good to know, thanks
http://codepad.org/DIg1LVp6
Nintendo ID: Incindium
PSN: IncindiumX
They do have it. It's just that running as administrator is basically running as a "super user" in linux all the time. This is generally regarded as a terrible idea in linux and it should generally be regarded as a terrible idea in Windows. The problem is that too many programs decide to do things that require admin access because it's more convenient to do it that way. UAC was less intended to make you more secure. It was supposed to annoy you to encourage developers to not do unsafe things because it would now also promote a bad user experience. It would also alert users that the people making the program were doing something they probably shouldn't. Noble goal, universally hated in practice.
In short, everytime a UAC thing pops up, that is more or less something that would require a "sudo" to do in linux, as I understand it.
Also, I haven't been around here in forever. How you guys doing?
Sorry about getting my panties in a bunch about Windows security, and dragging us on a tangent. It's just that it has gotten A LOT better with things like ACL and UAC (hell, even the Malicious Software Removal Tool via Windows Update), and it bugs me when people pull a "Windows is sooooo insecure." The thing that provides the biggest gap in Windows security right now is the same thing that provides the biggest gap in other OS's: users going "clicky-clicky, ooooh, boobies/computer-speeder-upper, I need those/that."
Let's move on though on OS security and get back to watching honky dance from project to project. :popcorn:
something I abhor and detest
i stonewalled him as much as possible
i've got eight cores, dawg. i don't need "the cloud", as he referred to it. and by "the cloud" he means a small rack of Windows 2008 machines on the 5th floor
i guess they don't teach microsoft networking guys what a cloud is
*
Tell your coworkers to turn it back on. UAC isn't just that annoying password box that pops up. A lot of other background security stuff depends on it, and when you turn it off, those stop working too.
http://support.microsoft.com/kb/2526083
Go the More Information section. I didn't look super closely to see if any of those only apply to server OSes and not desktop, but some of them are definitely both. Such as File and Registry Virtualization and Protected Mode IE.
Nintendo ID: Incindium
PSN: IncindiumX
Why can't those run unelevated, or run things as administrator themselves?
Additionally, IT uses these no-UI installer scripts, which fail horribly if not run as a real admin and Windows doesn't detect it's an installer so no prompts. This would be fine, but they either fail silently or just never complete.
I also do debugging of apps and services that have to interact with drivers, so I would have to run as a real admin to enable cross-user debugging
Sounds a lot like they should've been using NSIS for their scripts. I've never had any trouble with NSIS and UAC, even in silent mode provided I set it to ask for administrator rights.
I ended up moving the extracted installer from c:\windows\temp to another drive, freeing up the 2GB for that, then running it myself
But you know what? I'm still not dealing with the inane things urahonky is, so that's a blessing.
Nothing bothers me more in the IT world than the phrase "the cloud". It's just a remote server, that's all. Nothing new, so stop acting like "the cloud" is new technology... goddamit.
You can put a sticky note on it that says "The Cloud" if that makes you feel better.