|
Why do something once when you can do it twice? Or is this a tacit admission that MS's previous practices were inherently unsafe, and just 'pushing code out' by coders unable to write safe code in older languages? I'm going with 'Yes'.
|
|
|
|
|
David O'Neil wrote: Or is this a tacit admission that MS's previous practices were inherently unsafe, and just 'pushing code out' by coders unable to write safe code in older languages? I'm going with 'Yes'.
No. The fact is that nobody can write safe code in earlier languages. E.g., web browsers and Android have the same memory-related security vulnerabilities and stats as Windows (about 70% of security vulnerabilities being memory-related).
Android has already rewritten chunks in Rust and a while back I saw some stats showing an objective benefit, i.e., comparing before and after. Linux is also moving in this direction.
People keep mixing up
- Devs who don't know what they're doing and therefore write unsafe low-level code.
- Devs who do know what they're doing but write unsafe low-level code because they're human and make mistakes in complex software.
Kevin
|
|
|
|
|
Kevin McFarlane wrote: People keep mixing up
Devs who don't know what they're doing and therefore write unsafe low-level code.Devs who do know what they're doing but write unsafe low-level code because they're human and make mistakes in complex software. 3. Devs who do know what they do, but they get pressed by moronic managers and have no time to properly do their job
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Nelek wrote: Devs who do know what they do, but they get pressed by moronic managers and have no time to properly do their job
Good spot!
Kevin
|
|
|
|
|
It appears to me that over the last few years MS has tried every development strategy, except hiring good developers and qualifying their product with a good QA team. Using the right language can help, but it's no substitute for a thorough understanding of algorithms, multitasking, and many other subjects.
Programming is hard, and there are no magic bullets.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Daniel Pfeffer wrote: over the last few years MS has tried every development strategy, except hiring good developers and qualifying their product with a good QA team
In that case you can say the same of Google (Android and Chromium) and the Linux team, as they all report security vulnerabilities that are about 70% memory-related (like Microsoft's) and they're all rewriting bits in Rust.
And my guess is that all of those projects have some of the world's best developers. It doesn't seem to be enough.
Kevin
|
|
|
|
|
Rewriting the libraries like Win32 GDI in Rust to be used in C++ client code is not safe because C++ is not safe and GDI users tend to leak GDI handles because of its C API, it is easy to forget to release the handle. I came across such a leak on StackOverflow:
Deleaker detects resource leaks in StackOverflow answer – Coding Tidbit
Unless GDI is rewritten to be used in Rust, then the leaks are solved.
modified 1-May-23 2:33am.
|
|
|
|
|
So Microsoft (and everyone else) is going to finally catch up with Digital Equipment Corporation's VMS, which was memory safe by design. VMS used counted buffers for all buffer purposes, including strings. It also validated all OS function call parameters, on every call. The upshot is that OpenVMS was the only system to never be breached and even went to a BlackHat convention where no one was able to breach it.
My point is that the knowledge of how to write low level secure code has been known for decades. The issue is that Brian Kernighan and Dennis Ritchie should be keelhauled for failure to ensure C was secure by design.
|
|
|
|
|
WinToys is a user-made app that helps optimize Windows PCs by removing bloatware and applying straightforward system tweaks. Windows? Bloated?
|
|
|
|
|
Mmm...I have to try that home tonight, looks interesting!
Although... I don't think I have any bloatware, it's good to have a second opinion!
And I did notice that FoxitP PDF Reader, and even NVidia control panel or something came with some addon stuff.. and I almost installed Adobe PDF Reader and MSI Control Panel which both, definitely have bloatware (can you believe that both install an anti-virus app?! )
|
|
|
|
|
Big empty tiles with undecipherable icons in the upper left corner and something unintelligible in the bottom right corner. Lovely use of space. Oh wait, they're going for the W10 tile look!
And that post didn't actually say anything useful about why I should use this tool -- a lot of handwaving words and talking about the scary God mode.
|
|
|
|
|
Marc Clifton wrote: Lovely use of space. Well they do say, "WinToys is a user-made app..."
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Are juicy bubble buttons the future of smartphones? Try not to pop it
|
|
|
|
|
Glad to see someone is still working on the tech, but even if 5mm is better than previous versions it's also still way too thick to go into any mass market phone or tablet.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
|
|
|
|
|
Microsoft says Windows 10, version 22H2 will be the last feature update to be released for the Windows 10 operating system. The final version of the final version of Windows
Except for all the newer versions, of course
|
|
|
|
|
I'm not surprised. Windows 10 was first released in July 2015. Final support date of Oct 2025 is slightly more than 10 years. For Microsoft to remain in their two year support window for each version of Windows 10 then they can't release a new version of Windows 10 after Oct 14th of 2023, but since their fall release has skewed back to November this won't work. This makes last November's (Nov 2022) the final release for Windows 10.
|
|
|
|
|
The lawsuit cites statements from Elon Musk promoting the safety of Tesla's self-driving software I'm not a lawyer, but that seems to be an interesting defense strategy
and one I may use from now on for everything
|
|
|
|
|
|
Safer? Absolutely, but he still regularly and constantly oversells it. It's far from, "A Tesla car next year will probably be 90 percent capable of autopilot." (with variations every year since 2014). If he pushed it as driver assist, there'd be no grounds for this case. As it stands, I'm surprised they didn't push for a class action.
TTFN - Kent
|
|
|
|
|
Kent Sharkey wrote: If he pushed it as driver assist, there'd be no grounds for this case Exactly.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Undeniably, technology's ethical and responsible usage equates with a positive and sustainable future for the masses. The other 4% were quoted as saying, "Mwahahaha!"
|
|
|
|
|
I'd love to see each respondent explain what they think "ethical AI" means
|
|
|
|
|
The other 4% are politicans.
|
|
|
|
|
Embarcadero has made available the Community Edition license for the most recent 11.3 release of Delphi and C++Builder. This is a free edition of either Delphi or C++Builder for students, hobbyists and startups. "Don't you, forget about me"
Now I'll watch as you all walk on by
|
|
|
|
|
Hmm. It requires a license key (good for one year only) and has an annual revenue cap of US $5,000. Compare & contrast to Visual Studio Community Edition, which may be used in enterprises with fewer than 250 PCs and with an annual revenue cap of US $1,000,000.
This is basically a trial edition with slightly better terms. I can't imagine why people aren't breaking down the doors to download it. /s
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|