notjustjay
Apr 6, 11:58 AM
forgot to add that the "+" (maximize) button is wildly inconsistent in its function.
maximizing to full screen in general isn't the way OS X "works", which is why most programs don't do that...but it seems Apple never really decided what the maximize button is supposed to do.
That's because Apple didn't decide what the maximize button was supposed to do. That was supposed to be up to each application developer.
Don't think of it as a "maximize" button, think of it as "optimize". As in "Hey, application, the user just clicked your green button. Go ahead and resize yourself to whatever you think is most appropriate given what document is currently open." Most apps should resize their window to display the full width without needing scrollbars. In theory.
I agree with the person a few posts up who said "Don't think about how you did it in Windows. Think about what you think would make sense" and it usually works.
As for the other little quibbles discussed in this thread: yes, OS X is a little different (most of these issues are with Finder versus Explorer, I notice). You just get used to it. I use XP at work and OSX at home every day, and I learn to work with each. I do some of the tricks mentioned in this thread (like adding a shortcut to my Applications folder on the dock to mimic a Start menu) but not so much because "I prefer the Windows way" as "this is efficient and makes sense".
maximizing to full screen in general isn't the way OS X "works", which is why most programs don't do that...but it seems Apple never really decided what the maximize button is supposed to do.
That's because Apple didn't decide what the maximize button was supposed to do. That was supposed to be up to each application developer.
Don't think of it as a "maximize" button, think of it as "optimize". As in "Hey, application, the user just clicked your green button. Go ahead and resize yourself to whatever you think is most appropriate given what document is currently open." Most apps should resize their window to display the full width without needing scrollbars. In theory.
I agree with the person a few posts up who said "Don't think about how you did it in Windows. Think about what you think would make sense" and it usually works.
As for the other little quibbles discussed in this thread: yes, OS X is a little different (most of these issues are with Finder versus Explorer, I notice). You just get used to it. I use XP at work and OSX at home every day, and I learn to work with each. I do some of the tricks mentioned in this thread (like adding a shortcut to my Applications folder on the dock to mimic a Start menu) but not so much because "I prefer the Windows way" as "this is efficient and makes sense".
edifyingGerbil
Apr 27, 03:04 PM
I'm afraid you are.
The Hebrew god is the same god as in polytheistic days, but once he had conquered all his fellow gods, he was left with unrivalled power. The Hebrew religion became monotheistic, and their new old god acquired sole power, but the root of the deity was no more or less than a shared and ancient mythology.
But these arguments don't refer to God as being derived from El, the arguments can only work if "God" is shorthand for "the entity described in the Judaeo-Christian Biblical texts".
The fact he is described on tablets in Ugarit doesn't matter for the purposes of ontological arguments that try to answer does "God" (the Judaeo-Christian God) exist?
This was my point, waaay back, about why I use the Judaeo-Christian God as opposed to god. Someone took umbrage at my use of Judaeo-Christian.
The Hebrew god is the same god as in polytheistic days, but once he had conquered all his fellow gods, he was left with unrivalled power. The Hebrew religion became monotheistic, and their new old god acquired sole power, but the root of the deity was no more or less than a shared and ancient mythology.
But these arguments don't refer to God as being derived from El, the arguments can only work if "God" is shorthand for "the entity described in the Judaeo-Christian Biblical texts".
The fact he is described on tablets in Ugarit doesn't matter for the purposes of ontological arguments that try to answer does "God" (the Judaeo-Christian God) exist?
This was my point, waaay back, about why I use the Judaeo-Christian God as opposed to god. Someone took umbrage at my use of Judaeo-Christian.
AndrewLockhart
Aug 25, 03:47 PM
For once I am glad to live in the UK. Usually we get ripped off left right and center. The iPhone4 is available on all networks, even if there is little difference in price.
Andy Lockhart
http://www.youtube.com/watch?v=R5GOFMuiFkk
Andy Lockhart
http://www.youtube.com/watch?v=R5GOFMuiFkk
JoEw
Jan 20, 11:22 PM
i really divided on the matter i think android has a possibility of surpassing iphone market share only because android platform is on more then just 1 smart phone. However iphone is simplistic and has the app store which has way more developer backing then android does at the moment. Mainly because there is money to made from the app store where android simply does not have enough popularity for developers to make money from its store. I think the biggest thing hurting the iphone is the fact that it is locked on ATT. I think it needs to be on all major US cell networks or at least on verizon.
AppliedVisual
Oct 14, 03:58 PM
Wow, the Quad Xeon is the Pentium D all over again!
The Quad Xeon is two Dual Xeons glued together, and the Pentium D was two Pentium 4s glued together.
Its still faster than the Dual Xeons, but it isnt as good as it can be.
Yeah... Kinda disappointing. Although, my 3D rendering work will benefit just fine from them as while it's CPU intensive, it's not bandwidth hungry and the software itself isn't all that great for thread scheduling, so it's better to run multiple software instances for each CPU/core. I'm curious to see how the Clovertowns compare to the upcoming AMD quad-core chips, which have full 4-way shared data pipe and L2 cache. I think it's going to be just like the AMD X2 vs. the Pentium-D all over again. AMD will hold the quad-core performance title until Intel releases their 45nm process chips with all 4 cores being fully linked. But such is the way it's been for the last few years, AMD and Intel continue to play leap-frog. Which is great for the consumer as it drives CPU tech ahead so fast... Too bad my wallet can't keep up. :(
The Quad Xeon is two Dual Xeons glued together, and the Pentium D was two Pentium 4s glued together.
Its still faster than the Dual Xeons, but it isnt as good as it can be.
Yeah... Kinda disappointing. Although, my 3D rendering work will benefit just fine from them as while it's CPU intensive, it's not bandwidth hungry and the software itself isn't all that great for thread scheduling, so it's better to run multiple software instances for each CPU/core. I'm curious to see how the Clovertowns compare to the upcoming AMD quad-core chips, which have full 4-way shared data pipe and L2 cache. I think it's going to be just like the AMD X2 vs. the Pentium-D all over again. AMD will hold the quad-core performance title until Intel releases their 45nm process chips with all 4 cores being fully linked. But such is the way it's been for the last few years, AMD and Intel continue to play leap-frog. Which is great for the consumer as it drives CPU tech ahead so fast... Too bad my wallet can't keep up. :(
ddtlm
Oct 12, 03:46 PM
nixd2001, others:
Please note I am editing my previos post (last one on page 7) to address the issue.
Please note I am editing my previos post (last one on page 7) to address the issue.
KnightWRX
May 2, 09:31 AM
Unix Security FTW
Please, enlighten us how "Unix Security" is protecting you here, more than it would on Windows ? I'd be delighted to hear your explanation.
A lot of people trumpet "Unix Security" without even understanding what it means.
Please, enlighten us how "Unix Security" is protecting you here, more than it would on Windows ? I'd be delighted to hear your explanation.
A lot of people trumpet "Unix Security" without even understanding what it means.
Caliber26
Apr 15, 10:40 AM
No- what you will not tolerate is difference of opinion. And now you've taken your ball and gone home. You can't even handle one bit of criticism without running away. Well, good luck in life, dude. You're gonna need it.
Read before you post. One more time: READ BEFORE YOU POST.
I'm not wound up about people having opinions that don't match with mine. What's really got me on a roll here is the fact that another poster took the freedom to JUDGE me, and LABEL me, as a self-hater. THAT is what has me irritated. I 'attacked' the media and its approach towards the issue of homosexuality. My attack was not on my own community or no one individual. Are you really having a hard time understanding that?
Read before you post. One more time: READ BEFORE YOU POST.
I'm not wound up about people having opinions that don't match with mine. What's really got me on a roll here is the fact that another poster took the freedom to JUDGE me, and LABEL me, as a self-hater. THAT is what has me irritated. I 'attacked' the media and its approach towards the issue of homosexuality. My attack was not on my own community or no one individual. Are you really having a hard time understanding that?
dgree03
Apr 28, 02:06 PM
By the "real world" you are ignoring the vast majority of users who need nothing like the power of a standard desktop today, and won't need software requiring a decacore processor in 10 years. Power users will always have PCs. The other 90% of humanity will do the majority of their work on tablets.
Software might not need that powerful of a processor, but what about OS? Heck Itunes shutters on my bros 2008 Macbook Pro, which is basic software. Flash can barely run on his computer also.
Software might not need that powerful of a processor, but what about OS? Heck Itunes shutters on my bros 2008 Macbook Pro, which is basic software. Flash can barely run on his computer also.
marksman
Mar 18, 02:57 AM
Big Thumbs up AT&T. I am glad they are just taking it to enroll people into the 2gig plan and add tethering, saves people the trouble of having to do it themselves!
Plus I won't have to subsidize their data usage from their stealing bandwidth and access from AT&T.
I can't wait though, in a few weeks / months, though, when we start seeing people complaining how AT&T screwed them and changed their dataplan even though they did nothing wrong and weren't using MyFi and AT&T is horrible and a crook.
It is coming...
By the way the supposition as to how they are detecting this is likely way off base. It is probably pretty easy for them to determine it. I suspect Apple has included some kind of method for them to determine it. People who think it is not detectable just don't understand how it works/what it is doing at the device level.
Plus I won't have to subsidize their data usage from their stealing bandwidth and access from AT&T.
I can't wait though, in a few weeks / months, though, when we start seeing people complaining how AT&T screwed them and changed their dataplan even though they did nothing wrong and weren't using MyFi and AT&T is horrible and a crook.
It is coming...
By the way the supposition as to how they are detecting this is likely way off base. It is probably pretty easy for them to determine it. I suspect Apple has included some kind of method for them to determine it. People who think it is not detectable just don't understand how it works/what it is doing at the device level.
edifyingGerbil
Apr 24, 12:09 PM
Great, let's have a race to the bottom to see which faith is the more bigoted.
If you're being burnt at the stake, it doesn't make much difference whether that's because of a story someone made up 2000 years ago, or a story a priest made up today. Faith is still the excuse, and the result is the same.
I'm not trying to further some Christian agenda or proselytise. I'm saying these things because I would rather support Christianity/Judaism/Atheism/whatever than Islam.
These days you'd be hard pressed to find someone being charged in a Western democracy for blasphemy but it's an almost every day occurrence in the Muslim world. The only time it happens in the West is when someone insults Islam, then it's classed as hate speech.
If you're being burnt at the stake, it doesn't make much difference whether that's because of a story someone made up 2000 years ago, or a story a priest made up today. Faith is still the excuse, and the result is the same.
I'm not trying to further some Christian agenda or proselytise. I'm saying these things because I would rather support Christianity/Judaism/Atheism/whatever than Islam.
These days you'd be hard pressed to find someone being charged in a Western democracy for blasphemy but it's an almost every day occurrence in the Muslim world. The only time it happens in the West is when someone insults Islam, then it's classed as hate speech.
KPOM
Mar 11, 08:55 PM
Tonga (thousands of miles away) was just hit by a magnitude 6.1 earthquake. Eerie coincidence. And there was just another magnitude 6.8 aftershock in Japan. :(
Open your wallets for this one. Unlike Haiti, the Japanese government won't waste the money, and it will do some good.
Open your wallets for this one. Unlike Haiti, the Japanese government won't waste the money, and it will do some good.
d.perel
Mar 18, 03:47 PM
Wish he'd do something useful like cracking WMA.
paul pierce dunking on kobe.
PJ Brown dunks on Malaka Kobe
2010 NBA Playoffs: Paul Pierce
Paul Pierce added 21 points
Can Paul Pierce shake Kobe
paul pierce dunk on chris
ct2k7
Apr 24, 04:29 PM
no, i've not posted these before...
Not you - someone presented these to me before. They have been heavily edited to suit a point. In some cases, what's being said contradicts an earlier sentence.
the point of
is that if he says whoever guards his chastity is guaranteed paradise then the opposite is true.
Yes. However, remaining in chastity is a real gem. I don't think anyone, till date has ever achieved that.
Most honour killings occur in muslim majority countries, or are perpetrated by muslims.
Correlation does not mean causation. (This phrase is hardwired into my head - it was the only mark I lost in a Biology A Level paper).
and also:
A manual of Islamic law certified as a reliable guide to Sunni orthodoxy by Al-Azhar University, the most respected authority in Sunni Islam, says that "retaliation is obligatory against anyone who kills a human being purely intentionally and without right." However, "not subject to retaliation" is "a father or mother (or their fathers or mothers) for killing their offspring, or offspring's offspring." ('Umdat al-Salik o1.1-2).
I guess Islamic clerics are also misinterpreting Islam's message of peace and inclusion? A person might kill his offspring or offsprings offspring for dishonouring the family.
The thing with that, and I remember someone talking about it, is that there had to be certain conditions which were met before honour killing was even an option.
In the cases I've seen, it is murder without trial. Now Islam upholds the sanctity of life, and the Quran declares that killing one innocent human being is akin to killing the entire human race.
Now, the problem of �honour killings� is not a problem of morality or of ensuring that women maintain their own personal virtue; rather, it is a problem of domination, power and hatred of women who, in these instances, are viewed as nothing more than servants to the family, both physically and symbolically.
Islamic Scholars have continuously condemned honour killings. It is not for us to judge, that is for Allah to decide.
in your refutations of my point you don't seem to find any problem with women being beaten for being unchaste lol.
[quote]
You didn't bring it to my attention ;)
[quote]
my point in mentioning Bukhari: Volume 7, Book 63, Number 196: and the other one which deals with testifying against oneself four times is that it shows that counts as four witnesses for the purposes of someone being found guilty of adultery.
Yes. Whilst this may seem weird, the person giving the witness, if indeed four times, must be trustworthy. In this case she was. She wanted to repent, knowing the proceeds that would occur.
Not you - someone presented these to me before. They have been heavily edited to suit a point. In some cases, what's being said contradicts an earlier sentence.
the point of
is that if he says whoever guards his chastity is guaranteed paradise then the opposite is true.
Yes. However, remaining in chastity is a real gem. I don't think anyone, till date has ever achieved that.
Most honour killings occur in muslim majority countries, or are perpetrated by muslims.
Correlation does not mean causation. (This phrase is hardwired into my head - it was the only mark I lost in a Biology A Level paper).
and also:
A manual of Islamic law certified as a reliable guide to Sunni orthodoxy by Al-Azhar University, the most respected authority in Sunni Islam, says that "retaliation is obligatory against anyone who kills a human being purely intentionally and without right." However, "not subject to retaliation" is "a father or mother (or their fathers or mothers) for killing their offspring, or offspring's offspring." ('Umdat al-Salik o1.1-2).
I guess Islamic clerics are also misinterpreting Islam's message of peace and inclusion? A person might kill his offspring or offsprings offspring for dishonouring the family.
The thing with that, and I remember someone talking about it, is that there had to be certain conditions which were met before honour killing was even an option.
In the cases I've seen, it is murder without trial. Now Islam upholds the sanctity of life, and the Quran declares that killing one innocent human being is akin to killing the entire human race.
Now, the problem of �honour killings� is not a problem of morality or of ensuring that women maintain their own personal virtue; rather, it is a problem of domination, power and hatred of women who, in these instances, are viewed as nothing more than servants to the family, both physically and symbolically.
Islamic Scholars have continuously condemned honour killings. It is not for us to judge, that is for Allah to decide.
in your refutations of my point you don't seem to find any problem with women being beaten for being unchaste lol.
[quote]
You didn't bring it to my attention ;)
[quote]
my point in mentioning Bukhari: Volume 7, Book 63, Number 196: and the other one which deals with testifying against oneself four times is that it shows that counts as four witnesses for the purposes of someone being found guilty of adultery.
Yes. Whilst this may seem weird, the person giving the witness, if indeed four times, must be trustworthy. In this case she was. She wanted to repent, knowing the proceeds that would occur.
ender land
Apr 23, 10:50 PM
In another forum that I left recently (because of the poor quality of discussion) someone used this same type of argument to "prove" the existence of aliens visiting the Earth.
And this invalidates what I said how? I'm not even trying to "prove" anything. Of course it doesn't prove something. But statistics are annoying. Maybe moreso to me because of my math/science background.
I'm sorry, but that sentence makes no sense at all.
Perhaps you should define atheism for me.
I was under the impression it was the belief no god(s) existed. Which would then lead to someone with atheistic beliefs affirming the veracity of the statement "there are no god(s)."
edit, iphone3gs16gb, yeah you really do ;)
And this invalidates what I said how? I'm not even trying to "prove" anything. Of course it doesn't prove something. But statistics are annoying. Maybe moreso to me because of my math/science background.
I'm sorry, but that sentence makes no sense at all.
Perhaps you should define atheism for me.
I was under the impression it was the belief no god(s) existed. Which would then lead to someone with atheistic beliefs affirming the veracity of the statement "there are no god(s)."
edit, iphone3gs16gb, yeah you really do ;)
NebulaClash
Apr 28, 09:59 AM
Piggie, I think Apple is satisfied with their Mac market trend (climbing) and is viewing phones and tablets as the future (and it's where they make the vast majority of their corporate profits now). And when a family in the UK walks into a store and sees the tablet displays, they will find that the best tablet (iPad) is also the tablet that costs no more than the rivals.
Since within ten years the average English family will care more about tablets than about desktop PCs or laptops, Apple is on this trend at the right time. Ten years from now no one will care that Apple only makes high-end desktops and laptops.
Since within ten years the average English family will care more about tablets than about desktop PCs or laptops, Apple is on this trend at the right time. Ten years from now no one will care that Apple only makes high-end desktops and laptops.
theelysium
May 16, 05:52 PM
I have a huge drop call and coverage issue at my new home in Rancho Cordova, CA. I live by Jackson HWY (16). I have been excessive with my reports through my AT&T iPhone app "Mark The Spot". After 6 months of reports for only about 10% of the issues (I have so many issue here 10% was a lot :eek: of reporting!) I've experience they sent me a message letting me know that my reports helped pinpoint a tower issues and it will be replaced in a few weeks!
I know AT&T has issues, but I'd like to see if Verizon would actually do something like this! I am not happy with the network experience I've had here, but I am really happy to see that my voice was heard from a large company using innovative tools created by them on my iPhone.
I can tell that the tower is currently being worked on, because my service is getting worse. It won't be long now that I'll finally be able to a constant signal and hopefully no more dropped calls.
Before I received the message that they would replace the tower I ordered an AT&T micro cell. I think I'll install it anyway just to see how it will improve my coverage. This also brings up another point that they are giving us the ability to fix coverage issues with the Micro Cell they are offering. I know it's $150 (expensive), but at least they are offering an alternative for you.
One thing I've noticed as a customer is any aspect of the New AT&T that was legacy Cingular seems in the most part to be fine. It's all the junk they merged in from the legacy AT&T Wireless. This goes for call centers, towers, policies, etc. If I call customer service and have an excellent experience I'll ask the rep, "Are you legacy Cingluar or AT&T?" Every time they say Cingular. Of course if I have the opposite and ask "Are you legacy Cingluar or AT&T?" They either don't know what the word legacy means (which I then have to explain) or they say of course AT&T! I wish Cingular stayed Cingular and let AT&T die off! Legacy AT&T is the cancer in the New AT&T which is just Cingular with AT&T's name.
It's silly to think that the AT&T name is so valuable that they'd buy the crappy company just to use their stupid :eek: name. Who cares if AT&T is as recognizable as Coca Cola overseas?! Why not be so great at what you do that your name (Cingular), becomes as recognizable as Coca Cola! Cingular shouldn't have bought recognition... they should have tried to earn it! If they had tried to earn their recognition we wouldn't have Legacy AT&T's cancer in our cell phone company!:(
I know AT&T has issues, but I'd like to see if Verizon would actually do something like this! I am not happy with the network experience I've had here, but I am really happy to see that my voice was heard from a large company using innovative tools created by them on my iPhone.
I can tell that the tower is currently being worked on, because my service is getting worse. It won't be long now that I'll finally be able to a constant signal and hopefully no more dropped calls.
Before I received the message that they would replace the tower I ordered an AT&T micro cell. I think I'll install it anyway just to see how it will improve my coverage. This also brings up another point that they are giving us the ability to fix coverage issues with the Micro Cell they are offering. I know it's $150 (expensive), but at least they are offering an alternative for you.
One thing I've noticed as a customer is any aspect of the New AT&T that was legacy Cingular seems in the most part to be fine. It's all the junk they merged in from the legacy AT&T Wireless. This goes for call centers, towers, policies, etc. If I call customer service and have an excellent experience I'll ask the rep, "Are you legacy Cingluar or AT&T?" Every time they say Cingular. Of course if I have the opposite and ask "Are you legacy Cingluar or AT&T?" They either don't know what the word legacy means (which I then have to explain) or they say of course AT&T! I wish Cingular stayed Cingular and let AT&T die off! Legacy AT&T is the cancer in the New AT&T which is just Cingular with AT&T's name.
It's silly to think that the AT&T name is so valuable that they'd buy the crappy company just to use their stupid :eek: name. Who cares if AT&T is as recognizable as Coca Cola overseas?! Why not be so great at what you do that your name (Cingular), becomes as recognizable as Coca Cola! Cingular shouldn't have bought recognition... they should have tried to earn it! If they had tried to earn their recognition we wouldn't have Legacy AT&T's cancer in our cell phone company!:(
r.j.s
May 2, 09:20 AM
Hate to break it to you, but it's someone at Apple that flagged "Zip files" as safe for Safari to open ;)
That guy needs his head examined.
So very true, zip files have been carriers for malware and viruses for years.
That guy needs his head examined.
So very true, zip files have been carriers for malware and viruses for years.
Piggie
Apr 28, 02:10 PM
Even our PCs are not standalone by that definition, basically needing a Net connection to get much done.
That makes me smile.. :)
You must be very young :D
It's funny as I'm sure the world of computing managed to perform quite well as did I with all my many computers, many many MANY years before the internet was around and in use my the public in any real numbers and we could download pictures of naked ladies :eek:
A PC can do anything and everything you want, It's a full computer, not a web browser.
That makes me smile.. :)
You must be very young :D
It's funny as I'm sure the world of computing managed to perform quite well as did I with all my many computers, many many MANY years before the internet was around and in use my the public in any real numbers and we could download pictures of naked ladies :eek:
A PC can do anything and everything you want, It's a full computer, not a web browser.
KnightWRX
May 2, 05:51 PM
Until Vista and Win 7, it was effectively impossible to run a Windows NT system as anything but Administrator. To the point that other than locked-down corporate sites where an IT Professional was required to install the Corporate Approved version of any software you need to do your job, I never knew anyone running XP (or 2k, or for that matter NT 3.x) who in a day-to-day fashion used a Standard user account.
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
In contrast, an "Administrator" account on OS X was in reality a limited user account, just with some system-level privileges like being able to install apps that other people could run. A "Standard" user account was far more usable on OS X than the equivalent on Windows, because "Standard" users could install software into their user sandbox, etc. Still, most people I know run OS X as Administrator.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
It's no different than if instead of writing my preferences to $HOME/.myapp/ I'd write a software that required writing everything to /usr/share/myapp/username/. That would require root in any decent Unix installation, or it would require me to set permissions on that folder to 775 and make all users of myapp part of the owning group. Or I could just go the lazy route, make the binary 4755 and set mount opts to suid on the filesystem where this binary resides... (ugh...).
This is no different on Windows NT based architectures. If you were so inclined, with tools like Filemon and Regmon, you could granularly set permissions in a way to install these misbehaving software so that they would work for regular users.
I know I did many times in a past life (back when I was sort of forced to do Windows systems administration... ugh... Windows NT 4.0 Terminal Server edition... what a wreck...).
Let's face it, Windows NT and Unix systems have very similar security models (in fact, Windows NT has superior ACL support out of the box, akin to Novell's close to perfect ACLs, Unix is far more limited with it's read/write/execute permission scheme, even with Posix ACLs in place). It's the hoops that software vendors outside the control of Microsoft made you go through that forced lazy users to run as Administrator all the time and gave Microsoft such headaches.
As far back as I remember (when I did some Windows systems programming), Microsoft was already advising to use the user's home folder/the user's registry hive for preferences and to never write to system locations.
The real differenc, though, is that an NT Administrator was really equivalent to the Unix root account. An OS X Administrator was a Unix non-root user with 'admin' group access. You could not start up the UI as the 'root' user (and the 'root' account was disabled by default).
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
All that having been said, UAC has really evened the bar for Windows Vista and 7 (moreso in 7 after the usability tweaks Microsoft put in to stop people from disabling it). I see no functional security difference between the OS X authorization scheme and the Windows UAC scheme.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
My response, why bother worrying about this when the attacker can do the same thing via shellcode generated in the background by exploiting a running process so the the user is unaware that code is being executed on the system
Because this required no particular exploit or vulnerability. A simple Javascript auto-download and Safari auto-opening an archive and running code.
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
That's the thing, infecting a computer at the system level is fine if you want to build a DoS botnet or something (and even then, you don't really need privilege escalation for that, just set login items for the current user, and run off a non-privilege port, root privileges are not required for ICMP access, only raw sockets).
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...
In contrast, an "Administrator" account on OS X was in reality a limited user account, just with some system-level privileges like being able to install apps that other people could run. A "Standard" user account was far more usable on OS X than the equivalent on Windows, because "Standard" users could install software into their user sandbox, etc. Still, most people I know run OS X as Administrator.
You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.
It's no different than if instead of writing my preferences to $HOME/.myapp/ I'd write a software that required writing everything to /usr/share/myapp/username/. That would require root in any decent Unix installation, or it would require me to set permissions on that folder to 775 and make all users of myapp part of the owning group. Or I could just go the lazy route, make the binary 4755 and set mount opts to suid on the filesystem where this binary resides... (ugh...).
This is no different on Windows NT based architectures. If you were so inclined, with tools like Filemon and Regmon, you could granularly set permissions in a way to install these misbehaving software so that they would work for regular users.
I know I did many times in a past life (back when I was sort of forced to do Windows systems administration... ugh... Windows NT 4.0 Terminal Server edition... what a wreck...).
Let's face it, Windows NT and Unix systems have very similar security models (in fact, Windows NT has superior ACL support out of the box, akin to Novell's close to perfect ACLs, Unix is far more limited with it's read/write/execute permission scheme, even with Posix ACLs in place). It's the hoops that software vendors outside the control of Microsoft made you go through that forced lazy users to run as Administrator all the time and gave Microsoft such headaches.
As far back as I remember (when I did some Windows systems programming), Microsoft was already advising to use the user's home folder/the user's registry hive for preferences and to never write to system locations.
The real differenc, though, is that an NT Administrator was really equivalent to the Unix root account. An OS X Administrator was a Unix non-root user with 'admin' group access. You could not start up the UI as the 'root' user (and the 'root' account was disabled by default).
Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.
Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.
Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.
All that having been said, UAC has really evened the bar for Windows Vista and 7 (moreso in 7 after the usability tweaks Microsoft put in to stop people from disabling it). I see no functional security difference between the OS X authorization scheme and the Windows UAC scheme.
UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.
There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.
My response, why bother worrying about this when the attacker can do the same thing via shellcode generated in the background by exploiting a running process so the the user is unaware that code is being executed on the system
Because this required no particular exploit or vulnerability. A simple Javascript auto-download and Safari auto-opening an archive and running code.
Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.
That's the thing, infecting a computer at the system level is fine if you want to build a DoS botnet or something (and even then, you don't really need privilege escalation for that, just set login items for the current user, and run off a non-privilege port, root privileges are not required for ICMP access, only raw sockets).
These days, malware authors and users are much more interested in your data than your system. That's where the money is. Identity theft, phishing, they mean big bucks.
archipellago
May 2, 05:00 PM
The Javascript exploit injected code into the Safari process to cause the download of a payload. That payload was the installer.
The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.
An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.
If you had any technical knowledge you could have figured that out yourself via the Intego article.
Installers being marked as safe really doesn't increase the likelihood of user level access as the Javascript exploit already provided user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just the Javascript exploit.
Webkit2 will prevent user level access via an exploit, such as a Javascript exploit.
on the desktop/laptop side which browsers will use webkit2?
Chrome and Safari?
in which case its virtually pojntless (for the community) as the 2 biggest browsers won't have it...or will they have something similar??
The installer is marked as safe to auto-execute if "open safe files after downloading" is turned on.
An installer is used to trick users to authenticate because the malware does not include privilege escalation via exploitation.
If you had any technical knowledge you could have figured that out yourself via the Intego article.
Installers being marked as safe really doesn't increase the likelihood of user level access as the Javascript exploit already provided user level access. I don't understand why you are hung up on this installer being able to auto-execute; it really makes no difference in terms of user level access. The attacker could have deleted your files with just the Javascript exploit.
Webkit2 will prevent user level access via an exploit, such as a Javascript exploit.
on the desktop/laptop side which browsers will use webkit2?
Chrome and Safari?
in which case its virtually pojntless (for the community) as the 2 biggest browsers won't have it...or will they have something similar??
AJ Muni
Jul 11, 10:00 PM
WOW if this is indeed true...and appleinsider has been pretty reliable lately..
jayducharme
May 5, 02:26 PM
Coworkers of mine that have switched from Blackberry on AT&T to iPhone have reported an inordinant number of disconnected calls since switching to the iPhone, even though it's the same carrier, same phone number and same physical location of use.
There seems to be a real split in this thread: people who get lots of dropped calls with the iPhone and people who get none. I haven't had any dropped calls in the two years I've had my iPhone. But there have been many calls that never rang and instead went straight to voicemail.
I'm wondering if Apple might have produced a slew of defective iPhones, and those are the ones that are dropping calls. It's so strange that people are having such vastly different experiences, regardless of the call area. It sounds more like a hardware/software problem.
There seems to be a real split in this thread: people who get lots of dropped calls with the iPhone and people who get none. I haven't had any dropped calls in the two years I've had my iPhone. But there have been many calls that never rang and instead went straight to voicemail.
I'm wondering if Apple might have produced a slew of defective iPhones, and those are the ones that are dropping calls. It's so strange that people are having such vastly different experiences, regardless of the call area. It sounds more like a hardware/software problem.
macwannabe
Oct 13, 11:19 AM
Saying that the 2.8GHz P4 is no good because it is based on 25 year old architecture is nonsense as far as I'm concerned.
Can I take it then that you don't think that any of the cars on the market at the moment are worth having or have been improved at all on the grounds that they are based on an 80 year old design? "I don't think that BMW is any good as it is based on a Ford model T", hmmmmmmmm dodgy logic methinks.
Can I take it then that you don't think that any of the cars on the market at the moment are worth having or have been improved at all on the grounds that they are based on an 80 year old design? "I don't think that BMW is any good as it is based on a Ford model T", hmmmmmmmm dodgy logic methinks.