Windows Vista has been released:

http://osnews.com/comment.php?news_id=16430&offset=0&threshold=-1&msg=8#180
138

Phew! Coming so hot on the heels of Windows XP. I really can't believe it!

27 responses total.

We're supposed to get our volume license keys for Vista on the 30th, and
our media kit shortly after. I suppose now I can start my Vista
stopwatch. Six months from now it will be ready for production.

Oh, #1 feature I look forward to in Vista is no more floppy disks for
SCSI/RAID drivers! YAY!

Re: #1, Hahah, ain't it the truth.

Windows is for wimps. You fucking pussies, get a real OS like OpenVMS.

You remind me of someone who used to frequent party, hayz3141. Hayz
would change religions every week...religiously (pun intended). Towards
the end there it got interesting because he had run out of popular
religions and had to find some really obscure ones.

I see HLN doing the same thing, except with operating systems. First he
was all about Unix, then he boasted his knowledge of NetBSD. Then it was
Linux, and now it is OpenVMS. Soon he will profess the superiority of OS
X, or Solaris. But eventually he will have to start prosthelitizing some
obscure OSs. He'll be calling us pussies because we don't run some
obsolete 20 year old operating system like Minix or something.

I'm really fucking bitter because I don't have a clue about TCP/IP. This
pretty much fucking sucks.

RE: #5. Minix has been updated! Apparently Tannenbaum has finally given in
to the people who "want to turn Minix into BSD", made some technical
improvements and (I think) given up his anti-X Window System jihad.

re 7: Is Minix still a microkernel?

re 6: I think you probably know more about TCP/IP than you think, and
probably more than most people. Do you know what an IP address and
subnet mask is? Or what a port is? What about NAT? I think people in
general have a pretty good grasp on TCP/IP but still think they're
clueless about it.

Anyway, I think to have a good grasp on TCP/IP you need to have a good
working knowledge of the OSI model, including the ability to associate
different protocols with different layers. After that you should tackle
IPv4, starting with subnetting. The classful subnets (255.0.0.0
255.255.0.0 and 255.255.255.0) are easy. But you should be able to look
at an address with a subnet of 255.255.255.192 and know how many
addresses are in that network, what those addresses can be, what the
broadcast address is, etc.

Re: #7. If anything, it's more like a microkernel now than ever. Minix
previously included several things in the "microkernel" that technically
shouldn't be in one, as a performance hack. There are efforts underway to
progressively remove those bits.

Michael Howard spoke at my UW class last Wednesday night about the .dll's they
scrubbed and the "SAL" program they use to scrub out bad code.  It was pretty
intriguing.  I have to say that Vista looks like it will be fairly
revolutionary for Microsoft.

I'm not buying into the whole Vista secure bullshit. I'd be more adept to
believe that someone would make nylons that don't run before MS created a OS
that doesn't need an anti-virus system.

Here are some of the API's they banned in Vista:
trcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW,
lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy
strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW,
lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW,
StrCatChainW, _tccat, _mbccat
strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW,
StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW
strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW,
StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn
CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW,
CharToOemBuffA, CharToOemBuffW, wnsprintf, wnsprintfA, wnsprintfW, sprintfW,
sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf,
_snwprintf, _snprintf, _sntprintf, wvsprintf, wvsprintfA, wvsprintfW,
vsprintf, _vstprintf, vswprintf, _vsnprintf, _vsnwprintf, _vsntprintf,
wvnsprintf, wvnsprintfA, wvnsprintfW
strtok, _tcstok, wcstok, _mbstok
makepath, _tmakepath,  _makepath, _wmakepath, _splitpath, _tsplitpath,
_wsplitpath
scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf,
_sntscanf
_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot,
_ultow
gets, _getts, _gettws
IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr,
IsBadCodePtr, IsBadStringPtr
strlen, wcslen, _mbslen, _mbstrlen,

Other things they did was ban old crypto, fuzz tested the hell out of data
for buffer overruns, eliminated weak ACLs, and tested overflows underflows
truncations and signedness....

Its impressive and I can't wait to see what the first major glitch is.

There are many ways to fuck yourself in structured programming. Buffer
overrun, uderflows, truncations, and signedness are just the tip. There are
also

format string attacks, unicode attacks, off byte one byte attacks, and a shit
load of other things. I would encourage people like nhardon and tweenex to
take some remedial CS classes at Devry and read some of the back issues of
the Phrack.

Microsoft won't make an OS that doesn't need an antivirus system,
because they're moving into that market.  They want to sell you the
insecure OS, then sell you the software to clean it up, too.

re #13
Threat models and code review should be mandatory annual refreshers for
anybody involved in application development and deployment.
I know that standard annotation language (SAL) was used extensively in Vista
as well as static analysis tools like PREfast and /analyze from Visual Studio
2005.  Here's an example of a before & after:

void FillString(
        TCHAR* buf,   
        size_t cchBuf,   
        TCHAR ch) {  
 
  for (size_t i = 0; i < cchBuf; i++)   {     
    buf[i] = ch;   
  } 
}

The arguments
       TCHAR* buf,
>       size_t cchBuf,
are related but the compiler doesn't know.  So after SAL checks it you get:
void FillString(
        __out_ecount(cchBuf) TCHAR* buf,   
        size_t cchBuf,   
        TCHAR ch) {  
 
  for (size_t i = 0; i < cchBuf; i++)   {     
    buf[i] = ch;   
  } 
}
So there is your 'out buffer' in the __out_ function and then there is the
byete count element in _ecount

I'll quit here, though.  I don't want someone mistaking me for a programmer.

Interesting.  Some of the API's they banned make little sense to me.  Still
what makes even less sense to me is that, for an OS written in C++, why not
use a *class* for string handling, so that all of this C-style string gunk
can be factored out?  I suppose you'd have to do it somewhere (at, say,
boundary points for entry into the operating system - system calls and the
like), but that's about it.

Vista is the most unstable OS since Win 3.1.  A new disability came to my
attention when I needed to send a facsimile and found out that the capacity
comes only with Vista Business edition.  Home and Premium buyers are just shit
out of luck.

It took me a bit of searching, but FaxZero fit my purposes.

Vista sucks.

I thought Microsoft Office's profusion of versions with different
feature sets was confusing enough.  Extending that to the OS itself just
makes things worse.

 Yes, it does, but we can't have it both ways.  For years now,
 Microsoft has been criticized by anti-trust crusaders for bundling
 software with its OS and abusing its monopoly powers.  Now that
 they're selling versions of the OS that come unbundled from the
 extra software, nobody's happy.

I think it's partly that, and partly an attempt to cripple cheaper
versions so they can upsell.  I doubt anti-trust concerns played any
role in preventing Windows XP Home from joining a domain, for example.

 Right.  Similarly with Vista Microsoft insists that if you want
 to run the OS in a virtual machine, you must buy a business version.
 There's no good technical reason for that, they just want more of
 your money (which, given they're a for-profit business, is neither
 surprising nor inappropriate, it's just what you get when you deal
 with them.)

What frustrates me is that one cannot buy the components one wants as
bolt-on packages. If I want manageability and remote access and
semi-server capabilities, but do not want aerodesktop or media center,
there is no "this piece from ultimate that I want" that I can add to the
most basic versions. 

 I think it's kind of unreasonable to expect such an approach, and if you
 think about it such a pricing model breaks down very quickly.

Can linux do what you want?

Re resp:21: Yeah, sort of like how on XP, if you were going to remotely
access the machine, you were supposed to have XP licenses for *both*
computers involved.

I just replaced Vista with Windows XP. Much better, I tell you. 
Now I can play Doom 3 !

 :):):)

Response not possible - You must register and login before posting.

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss