Archives for: "April 2008"

iReboot's developer(s) show their ignorance about UAC

I saw a post on Slashdot titled "Coding Around UAC's Security Limitations", which pointed towards this.

The whole angle of the post on Slashdot is trying to make it seem that UAC doesn't do anything and is worthless, the iReboot developers certainly have that angle too, in what I'm sure some would call a childish tirade.

iReboot is an application that sits in the tray, and allows you to select an OS you want to reboot into. It does this by changing the boot loader so the OS you selected is the default and then rebooting the machine.

To modify the boot loader, you obviously need administrative privileges, this is a system-wide change and wrongly altered can render the system unbootable.

On Windows XP the iReboot application required you to be logged in as an administrator, for obvious reasons (standard users not having the rights to change the boot loader).

On Windows Vista, iReboot would also require administrative privileges to work. With UAC, even users logged in as administrators have their applications run as standard users, which is why applications need to elevate to run as administrators.

The developer goes on to write:

But there was one flaw in iReboot that made all the hard work we put into making it as unobtrusive and minimalistic as possible almost meaningless: if you had UAC enabled, iReboot will not run automatically at startup, no matter what you do.

iReboot could run automatically at startup with UAC enabled, the developer doesn't seem to be aware that you can write an application to ask for elevation. His application didn't - and so it just fails. Like it should. Obviously automatically starting an application and asking for elevation isn't a very good experience, which is why it shouldn't be done this way either.

I'm sure you all know that the Windows NT line (and other modern operating systems) has had the concept of "services". It seems the developer had to do some "digging around" for solutions, come on, any Windows geek knows how services work, this guy actually had to do research?

Services are usually started automatically by the system, for example the time service which goes out to the internet and corrects the time on your system. Changing the time requires administrative privileges, and as such the time service runs with administrative privileges. The same can be said about the 50 or so other services that run on the system.

He goes on to say:

only possible fix would be to split iReboot into two parts. One would run in the background as a service, running under the SYSTEM or LOCAL SERVICE accounts and having privileged access to the OS without requiring admin approval or UAC elevation, and with the second half running as an unprivileged userspace client program which interacts with the service backend to get stuff done.

This is also how it should be done on Windows XP, 2000 etc so that your application would work on standard user accounts, but it seems he doesn't care about standard users on Windows XP where he says "everyone runs as an Administrator", which isn't quite true. Others and myself have long tried to get people running as standard users on Windows XP, it is thanks to developers like this that kept people from running as standard users and greatly reduced the security of the world's computer base.

The developer then goes onto complain about how long all this took:

[G]etting this far wasn't easy. With Windows Vista, what should have been 100 lines of code maximum ended up being a dozen times longer, split across two different processes, and requiring way too much man-hours to write the most minimalist and to-the-point piece of software we've released to date.

Of course if the guy had bothered to look at the development guidelines and documentation that is almost a decade old now he would of seen this is how his application should of been written in the first place. Instead of him assuming he will have administrative rights forever, Microsoft have been hammering on about testing your applications as standard users for years and years before Windows Vista shipped, it isn't like they just pulled this out of the bag.

The developer then makes one final stab at UAC:

Perhaps most importantly though, is the fact that Windows Vista's newly-implemented security limitations are artificial at best, easy to code around, and only there to give the impression of security [his emphasis]. Any program that UAC blocks from starting up "for good security reasons" can be coded to work around these limitations with (relative) ease. The "architectural redesign" of Vista's security framework isn't so much a rebuilt system as much as it is a makeover, intended to give the false impression of a more secure OS.

Essentially claiming that UAC is worthless and can be coded around (by using services), which is false because in order for you to install that service in the first place you must elevate the installer, else it cannot create or modify the service.

Just today a new exploit was discovered in QuickTime (yes another one), with UAC enabled the exploit doesn't work. Because QuickTime isn't running as an administrator, but only as a standard user. Just another example of how UAC just gives the "impression" of security.

Windows Defender's Software Explorer & future improvements

Out in the technical communities I still see a lot of people telling people to use msconfig (Microsoft System Configuration Utility) to stop applications running on startup with Windows.

Now this was a fine tool - back in the old days (it first shipped with Windows 98), but it hasn't changed much since then and is geared towards technical users.

Windows Defender is often overlooked as being a simple anti-spyware application. But it has some great features which surpass a lot of the functionality that msconfig was often used for.

The Software Explorer is one of them, you can find it under Tools. It offers a few different options from the drop down menu, startup programs, which allows you to see and block any specific applications from starting with the system.

Software Explorer, startup programs

Although a common source of confusion for non-technical users is the 'Show for all users' button, which is required to make any system-wide changes (most applications set themselves to startup system-wide). So you often need to elevate using that button to make any changes, else the buttons are greyed out. I think that needs to be made more clear, or Defender needs to ask for elevation automatically upon starting the Software Explorer.

It also let's you see currently running programs, and also programs that are connected to the network (you previously had to go to the command line to check that), and also to which addresses they are connected.

Software Explorer network connected programs

What would I like to see done to Defender in future versions?

Consider moving the Software Explorer function out and having it as a standalone application, and put it under Programs in the Control Panel, although it does have a sub-option (View currently running programs) under Defender I think it is worthy of its own entry. Also put a shortcut in the System Tools folder in the Start Menu.

In addition I'd like to see Windows Defender move on to provide basic anti-virus. Windows Defender is already the best anti-spyware application out there in my opinion, it doesn't put icons in the tray, it doesn't launch loads of junk on startup and it doesn't pop up nagging you about things, with definition updates installed automatically over Windows Update is great.

This is really something where Microsoft are out in front of the pack (except with Windows Live Messenger), other software developers write software that tries to take over half your computer and load dozens of applications at startup slowing everything down, instead of getting out of the way and letting you get on with things. No doubt Microsoft would face an anti-trust investigation for bundling anti-virus with Windows (may be they could make it a downloadable plug-in), but it would be worth it for the end-user experience.

No doubt people will mention OneCare, but OneCare is a heavy all-in-one application suite, I don't see the point in having a firewall, anti-spyware etc when that stuff is already built into the system. Let OneCare be the heavy security suite, let Defender be the minimalistic simple low resource anti-malware application that it could be.

International Year of Astronomy video

The International Astronomical Union recently released a trailer for the International Year of Astronomy 2009. Here's the YouTube version:

They've got higher quality versions on their website in a mix of MPEG formats. I've taken the liberty of re-encoding their 1080p video to VC1/WMV, so that people who don't like installing 3rd party software can still watch it (yes ideally WMP should support H.264).

I'll be hosting it here, for a while it weighs in at 86MB, if it gets too much traffic I'll have to pull the download and stick it somewhere else. Please download only (right-click and save as), I doubt the server will be able to stream it.

One last thing, which I am somewhat concerned about, in the trailer itself they show "preserving the world's dark skies", sure I guess its good they mention that issue. But I think if we want to preserve astronomy we need not only preserve the dark sites we already have, we need to wipe out light pollution, hundreds of millions, if not billions of people are missing out on the night sky because they happen to live in cities or towns, or have a poorly designed street light shining over their property. We need to do much more than just preserve the dark locations we have, the damage to the next generation of astronomers and the public judging on some predictions would be immense, some I've seen for the next 15-20 years would practically wipe out astronomy in western Europe, that's a brain drain you can't afford.

Anyway aside from that, enjoy.

The Apple reality distortion field

I came across a perfect example of the reality distortion field yesterday. I was so impressed I saved the comment for later use, I didn't think at the time to save the website it was posted on if anybody knows let me know and I'll add the URL (doesn't seem to be in Google's index yet). Anyway this was what was said:

John W - You might want to review your links before you post erroneous information. The Hack Contest had no winners on Day 1, it was only after the rules were fully relaxed did someone “break into a browser” on Vista and OSX. Gosh, when a hacker has full physical and password access to a Mac, they break in… wow, film at 11, how amazing!

This is in relation to the recent PWN to OWN contest, which I briefly wrote up about here.

He seems to be under the illusion that Windows Vista was also cracked on day two, along with OS X (which was cracked in 2 minutes). This is false.

Day one's rules were you could only remotely carry out an attack. No machines were compromised. On day two you could use user interaction on the machine, for example opening a specific website, or opening an e-mail attachment. At no point were the crackers given "full physical" access to the machine or passwords, the user on the machine could only open e-mails or web pages. Safari was compromised within 2 minutes. Windows Vista and Ubuntu both survived the day, in the end only compromised on day three with the help of 3rd party code, namely Adobe's Flash player.

Fact is, no Mac has ever been broken into from the outside, no viruses, no malware, etc. OSX is the most secure mainstream OS there is

False. I'd say it is the least secure mainstream operating system out there, all of Apple's software is plagued by security issues. Just last year a group of security researches exposed dozens of security issues in Mac OS, so many they were doing one a day for the whole month of the project.

and that’s just another reason why it’s so popular.

I wouldn't define "popular" as 2% market share. Alone it would be funny, but when there are thousands of these trolls running around its just sad.

Ubuntu Linux getting worse

Ubuntu 6.x. First version of Ubuntu I tried installs and works, well by works I mean as well as any other version of Linux.

Ubuntu 7.x requires huge work-arounds to get video to work to get the thing installed, and then requires the same work-arounds every few updates, and won't automatically connect to my wired network.

Ubuntu 8.04 released today, won't even start the installer without throwing "isapnp: checksum for device 1 is not valid (0×89)".

Tried two ISOs from different servers, still no joy. The troubleshooting information on the internet is weak to say the least, with suggestions like turning off hardware acceleration and reducing the RAM to 256MB being unfruitful.

And the fanboys actually want people's grandparents to install this instead of Windows! Are they nuts?

John Wiseman and democracy

John Wiseman, the prospective parliamentary candidate for Westmorland and Lonsdale has picked up some attention for his recent entry on Labour Home where he made a plea to Gordon Brown to reinstate the 10p rate of tax.

He's running into a lot of flak, some of it to be frank quite ghastly with plenty of ad hominem attacks thrown in against him too. He has also picked up a lot of support too, with for example Grimmer weighing in on this issue too.

The Labour Party, according to my membership card is a democratic socialist party. If members of the Westmorland and Lonsdale Labour Party and the public there think the 10p rate should be re-introduced then their candidate should be representing them and speaking out on their behalf - that's the candidate's first priority, represent the party membership and the working class. The Labour Party is a broad political party that is rich with a diverse set of opinions, far more so than the other two political parties so of course we're not all going to agree on everything all the time. Long may that continue and long may our members and candidates have the right to freedom of speech and the freedom to criticise. This is a strength - not a weakness.

Those calling on John Wiseman to "shut up" and represent the party leadership top-down need a strong reminder of what living in a democratic society and working within a democratic organisation means.

International Astronomical Union, star names and Pluto

I saw an article over on Universe Today on the whole star naming scam. This has been one of my pet peeves for a long while - private companies conning you into thinking they're naming a star for you, when they have no such authority with which to do so.

The article goes into how the International Astronomical Union is the only organisation who has any authority to name stars etc. To get to the point one of their comments was as follows, as far as I can tell she's a bit of a Pluto-planetary status advocate (why anybody would be passionate about how we catalogue solar system objects - I have no idea):

Why should only the IAU be authorized to name celestial bodies? Who provides such authorization? They messed up royally with Pluto. That decision is not accepted by many astronomers and lay people, and it cannot help but lead one to question why this group should be the defining authority for the whole world.

Now as I'm sure many of my readers know I'm strongly in favour of letting science run off and do its own thing, that's how I think it works best.

So it seems only natural to let astronomers decide what to call things, and where to categorise things in the sky. The IAU is made up of 10000 or so working astronomers which meets every three years at its General Assembly, it unites various national organisations. At least 60 countries recognise the IAU and have representation within the organisation.

If you can think of a better way to do it, please share your ideas.

Then comes up this ridiculous Pluto issue. As I had already written years prior to the decision at the last General Assembly when they voted for a new definition for planets within this system, there was only one logical or consistent way they could go. That was to either remove Pluto, or add every other Pluto-sized world we find in the outer solar system, dozens or even hundreds of them to our list of planets.

Obviously trying to teach school children about the 130 or so "planets" out there, may prove somewhat challenging.

It's not like this is hasn't happened before, for example the then planet Ceres in the 19th century. When lots of other objects started being discovered in the same sort of orbit as Ceres, it was demoted, it was just the largest member of a big pile of leftover rubble from the formation of the solar system. Exactly what we have found with Pluto, except its not even the largest out of its rubble pile any more.

Of course it is also good that we put together a proper definition for planet, even if it only applies to this solar system.

So no, I don't think they "messed up" I think they made the only practical decision they could make.

Office Open XML "protests"

Although I was meaning to post something back when the Office Open XML format was approved by the ISO despite lobbying by the likes of Sun and IBM, I never got around to it but it looks like the issue is back in the news.

I was some what amused to read that the Linux/Open Source aka anti-Microsoft crowd have been protesting, yes actually protesting outside the ISO committee meeting in Norway recently. This goes on top of a large amount of activity over the last few months, even to the point of these protesters tracking down which hotels people have been staying at for meetings.

Mitchell claims that opponents of OOXML have resorted to intimidation. "People have been trying to track down what hotels people have been staying at for the BRMs [Ballot Resolution Meetings]. Many voting decisions are not taken until the day. If you've had no sleep on the night before a vote [because of noisy protests], you might change your voting behaviour," he said.

Mitchell also attacked the 'no' voters who can't justify their actions. "If people vote no or yes you would really like to know why. I have spoken to some people who've voted no and asked them why and they said 'because we don't like it'. If people are representing their country they should be able to more clearly defend what their national technological position is."

The committee even released an open letter calling for an end to "personal attacks".

Of course this doesn't come as any surprise to me, these lunatics have been around for years, I say lunatics because they are almost entirely anti-Microsoft, they read and believe far too much Slashdot for their own good. A decade ago they were protesting because Microsoft wouldn't support international standards. Now that Microsoft do support, and submit specifications to international standards bodies, they still get attacked.

Seriously guys. I'm not one to attack people who are protesting, but this is a bloody document format for heaven's sake!

Vote for Ken Livingstone

The London Mayoral elections are just a few weeks away now, and things are looking pretty neck and neck between Ken Livingstone and Boris Johnson.

Here's Ken's official election broadcast:

I know a lot of socialists will be tempted to vote for Lindsey German, and possibly put Sian Berry from the Green Party as their second vote. I'd like to appeal to them to strongly consider backing Ken Livingstone, he is a socialist and he has been carrying out pro-environment policies in London, sure probably not as far as many of us would like. But there is a real danger of a Tory becoming Mayor of London, such an event would be a considerable setback.

Allow me to embed a few more YouTube videos:

And of course Boris, he may be able to get a few laughs but honestly what's he blabbering on about? Something about cutting funds to Marxists and anarchists, and worse still further destroying UK science which is in enough of a crisis right now and trying to draw a comparison between Ken Livingstone and DPRK's Dear Leader Kim Jong-il.

I think the Tory strategy here is very much to field the biggest nut they can find among their ranks to try and get some attention in the press.

More from Socialist Appeal on Boris Johnson.

Stop using religion as an excuse to be crappy towards people

First off, hat tip to the Stroppyblog for bringing this to my attention.

To quickly quote from the Daily Mail:

Lillian Ladele has launched proceedings against Islington Council in North London, claiming that to officiate at civil partnership ceremonies between same-sex couples is incompatible with her religious principles.

Her refusal to supervise such unions has brought her into conflict with the council, where she has worked for more than ten years.

Now she is taking her case to an employment tribunal, claiming "discrimination or victimisation on grounds of religion or belief".

As said on Stroppyblog, this isn't about her being discriminated against this is about her wanting the right to discriminate people she doesn't like - for no reason what-so-ever, other than she picks some values out of a book that says homosexuals should be stoned to death.


Hopefully her appeal will fail, after all it has nothing to stand on.

If we take her reasoning, I can flatly refuse to talk to people I don't like at work, and then say it is because I have beliefs which say I can only speak to people that are deemed worthy. Racists could demand not to carry out marriages of the "unclean" because it goes against their beliefs. Who knows what people could come up with as an excuse to discriminate against people they don't like.

Honestly Lillian, your gay-bashing it so last century. The rest of the world has moved on, I suggest you do too and stop looking towards the morals of such blood thirsty book, this is the 21st century.

I'm sure she'd go on to say that she doesn't believe in the rape, slavery and genocide that features in the Old Testament or the sadomasochism of the New, but if she discards that why does she hang onto the anti-homosexual stuff? If you believe the bible is the word of god you can't pick and choose what you want out of it and then later try and use the bible to hide behind.

As I've said before many times, religion should be a strictly private affair it should not influence policy, or be used as an excuse to do things, or not do things the rest of society disagrees with.

1 2