1. Home
  2. Categories
  3. Side Bar WTF
  4. I'd have preferred XML to this. Even with XSLT.

I'd have preferred XML to this. Even with XSLT.

  • error
    Considered Harmful

    @blakeyrat said:

    And that's the kind of feature people who aren't geeks actually give a shit about.

    Why should we give a shit about what they give a shit about?

    0
  • blakeyrat

    @joe.edwards said:

    Why should we give a shit about what they give a shit about?

    Yeah who cares what 90% of the populace thinks, the true road to success is to program for Linux users! That road is paved with gold.

    0
  • eViLegion

    @blakeyrat said:

    @joe.edwards said:
    Why should we give a shit about what they give a shit about?

    Yeah who cares what 90% of the populace thinks, the true road to success is to program for Linux users! That road is paved with gold.

    It's a shame that the true road to happiness and the true road to success seem to head in different directions.

    0
  • ender

    @dkf said:

    Curious; I do not remember seeing that in practice despite using XP SP1 (and later) for years. I was definitely downloading some executables directly off the internet (by people I really trusted) during this time, and I don't ever recall any kind of warning box turning up.
    Only IE supported it at first, and it took quite a while for other browsers to start marking files as downloaded off Internet (which is what triggers the warning dialog). Also, now that I think about it, it wasn't XP SP1, but SP2 that introduced the feature.

    0
  • error
    Considered Harmful

    @ender said:

    @dkf said:
    Curious; I do not remember seeing that in practice despite using XP SP1 (and later) for years. I was definitely downloading some executables directly off the internet (by people I really trusted) during this time, and I don't ever recall any kind of warning box turning up.
    Only IE supported it at first, and it took quite a while for other browsers to start marking files as downloaded off Internet (which is what triggers the warning dialog). Also, now that I think about it, it wasn't XP SP1, but SP2 that introduced the feature.

    SP2 tolled the death knell of my then-current employer. Their flagship product entirely depended on a drive-by ActiveX installation. It wasn't actually malware but it did run a persistent background process to keep itself updated. It offered an uninstaller and didn't spy on you, it just didn't announce that it was being installed.

    0
  • ?

    @joe.edwards said:

    SP2 tolled the death knell of my then-current employer. Their flagship product entirely depended on a drive-by ActiveX installation. It wasn't actually malware but it did run a persistent background process to keep itself updated. It offered an uninstaller and didn't spy on you, it just didn't announce that it was being installed.
    Ah yes . . . . the "good" malware.

    0
  • locallunatic

    @joe.edwards said:

    SP2 tolled the death knell of my then-current employer. Their flagship product entirely depended on a drive-by ActiveX installation.

    So why didn't you take the appropriate action and burn them to the ground?

    0
  • error
    Considered Harmful

    @locallunatic said:

    @joe.edwards said:

    SP2 tolled the death knell of my then-current employer. Their flagship product entirely depended on a drive-by ActiveX installation.

    So why didn't you take the appropriate action and burn them to the ground?

    They beat me to it.

    There was a wild scramble to put in instructions on how to circumvent the browser security. Just click on the yellow security bar and allow.

    The ActiveX component/updater process was written in VB6 (the rest of everything was C# ASP.NET) by the company president's cousin, who worked remotely and sneered openly at us lowly web developers.

    0
  • ?

    @dkf said:

    Curious; I do not remember seeing that in practice despite using XP SP1 (and later) for years. I was definitely downloading some executables directly off the internet (by people I really trusted) during this time, and I don't ever recall any kind of warning box turning up. Maybe it was a capability that had to be explicitly switched on but which was off by default? If so, it's not likely to protect many people in practice.
     

    As I understand the feature it has to do with a alternate data stream. If you were using FAT32 at the time, no ADS and therefore no 'Zone identifier'  Alternate stream. Before executables were run, if they had a zone identifier they would show a security warning.

    browsers and other download tools were supposed to go ahead and stick in the ADS (there might have been an API call to set the Zone Identifier as well). Internet Explorer did this, but many other browsers did not do so for a while.

     @dkf said:

    The problem with Windows (and also MacOS for a long time) was that it was a platform with an assumption that there would only be one user, and this assumption was an integral part of how applications were written. Such assumptions, especially when part of third-party software, are very hard to shift without causing lots of breakage, and when it came to do so, Apple did it their way — they just broke old apps and told the vendors of the apps to suck it up — and Microsoft did it their way — bending over backwards to keep crufty old code working long past the point where anyone else would've bothered. (Linux, because it started out multiuser, didn't have to do this adaptation in the first place.)

     Pedant: Windows NT was designed for multiple users from the get-go.

     

    0
  • dkf
    Discourse touched me in a no-no place

    @BC_Programmer said:

    As I understand the feature it has to do with a alternate data stream. If you were using FAT32 at the time, no ADS and therefore no 'Zone identifier'  Alternate stream. Before executables were run, if they had a zone identifier they would show a security warning.

    browsers and other download tools were supposed to go ahead and stick in the ADS (there might have been an API call to set the Zone Identifier as well). Internet Explorer did this, but many other browsers did not do so for a while.

    That might explain why I didn't see it; I didn't use IE. Browsers on OSX have been getting this right for quite a long time.@BC_Programmer said:
    Pedant: Windows NT was designed for multiple users from the get-go.
    The real issue is that many of the applications — you know, the things that users really care about — were not designed for multiple users. I remember there being many problems reported with getting apps to work on NT, problems that were never really fixed until XP had been in place a long time (which fixed stuff by ramming the changes down many lazy developers' throats). There were also a lot of really poor drivers about too.

    Which isn't to blame NT for being multi-user, but rather Microsoft for not biting the bullet sooner. Of course, they had good reason for not doing so (supporting crazy amounts of backward compatibility) but it did make things harder to make secure in practice. System security was never just about getting the kernel right.

    0
Log in to reply