Posts by h4rm0ny

Re: @h4rmony

>>"I said it multiple times, "attacked by the ignorance" meant not necessarily security. It's ignorance of existence of free software often of superior quality"

I actually don't see anywhere that you said you weren't talking about security. But now that you've made that clear - so the story and conversation is about security but you're just using it as an opportunity to attack people who are using your non-preferred formats.

I don't think it's fair to berate people for sending you an Excel spreadsheet, much less say they're 'attacking you with their ignorance'. But anyway, it's off-topic. We're talking about security and OOXML and ODF are equivalent in the issue of macros. Actually I was corrected by Uffe elswhere - Windows actually flags files received over the Internet and Office will run these in "low integrity mode" even if you enable the macros, meaning reduced privileges.

>>"I was simply arguing that if you use atril document viewer (like me) you're safer and more comfortable. The proprietary extension part of this file would not run, because it's not supported"

For most people, a PDF viewer that seemingly randomly failed to handle PDF files wont constitute "better". ('seemingly' because few users are going to know an attachment is this standard or that standard when it just says SomeFile.pdf). This doesn't support PDFs going on a list of more trustworthy attachments.

>>A user is safer to use a free PDF viewer recognizing this standard and ignoring non-standard proprietary bits. I think I made it clear.

And a viewer that doesn't implement common parts of real world PDFs might be more purist and safer, but is going to be frustrating for most users, which is what I am saying. Most people will have a more full-featured viewer installed. In a discussion on attachment security, PDFs should not be on any preferred list is all that I'm arguing.

Re: receiving a document in a proprietary format

>>"So fucking why did I get 2 downvotes here,"

Same reason I get downvoted sometimes - snide, sanctimonious tone.

Either that or your proclaiming of how you often send people attachments in a format you pretty much know they wont be able to read ; )

(You're down to three downvotes now, at time of posting, btw)

Re: receiving a document in a proprietary format

>>"Every piece of Windows software might have contained malware in the past"

Which is why we have things like virus scanners. Windows having a history of malware doesn't mean PDFs don't also - it's not a competition. You put PDFs on your list of attachments you considered acceptable. It has an ignoble history of exploits. Windows malware doesn't justify preferentially treating PDFs.

>>"To be on a safer side, to create PDF documents, use La(TeX), postscript and pdf tools, conversion by means of a PostScript driver would also help "

We're not talking about ways to avoid creating malware. You can do that just by, well... not creating malware. We're talking about receiving these documents, not whether there's a security risk in creating them!

>>>>Also, OOXML is an open standard, btw.

>>I hope you weren't born yesterday and know about all the controversies of this standardization, in case, you haven't heard there is an article on it.

Yes, very familiar with the history. More interested in the present. The old OOXML was a hatchet job containing a lot of parts that still hadn't been documented properly. It shouldn't have been approved, all agree and I opposed it too at the time. The new version is much, much better and is an open standard. Things move on.

Re: js and pdf proprietary extension, @big_D

>>"I am not sure which scenario you're alluding to"

The one that I quoted in the post you replied to where you wrote that you feel "attacked by ignorance" if someone sends you an attachment in a format other than on your list. We talking about receiving files as attachments. You put ODF and PDF on your list of ones that you don't feel attacked by. I pointed out that PDF has a history of security risks and that ODF works on the same principles as OOXML in that it can contain embedded macros and relies on a user being informed enough to say "no".

>>>>I don't think any recipient of an email attachment is going to know whether RandomFile.pdf is some sub-set of the general PDF files that isn't a risk or if it's not

>>He or she might not know, that is why I warned against the use of acrobat reader, use a better PDF viewer

I'd say the overwhelming majority of users wouldn't know what version of PDF standard a file attachment comes in. Ergo, your arguing that PDF as an extension should be on the list of less dangerous attachments because some versions of the standard are safer is wrong. That is simple enough.

>>"FYI, the two-dot (or three-dot) sign is called an ellipsis,"

Yes, everyone with basic English knows what ellipses are. Rather obviously I was asking what "ad..." was supposed to be / what you were trying to say. It sounded vaguely like you were trying to mock something but I didn't get your meaning.

Re: js and pdf proprietary extension, @big_D

>>"I see that you confuse the standard of PDF 1.0--1.7 with some proprietary inclusions for Adobe Acobrat. No, JavaScript is not a part of generally accepted PDF ISO standard!"

I don't think any recipient of an email attachment is going to know whether RandomFile.pdf is some sub-set of the general PDF files that isn't a risk or if it's not. That's the scenario that you gave when you put it on a list with text files, et al. that you were happier to receive as email attachments.

>>>>And ODF has a macro language as well...

>>Yes it does, it is defaulted to not being active, moreover, a user is warned multiple times, and I was referring to not only this...

It's the same as in MS Office. I just created a macro in Libre Office, saved it as part of the document then re-opened after restarting the program. I got a message saying the document contained macros and that this could be dangerous. I clicked "ok" and then I enabled macros. Only difference in MS Office that I see is that it highlights at the top that macros are disabled under the heading: "Security Warning" and puts the option to enable it there under that. In LibreOffice I have to go into a menu to do it and there isn't a message about security.

I don't see either way as significantly different - they're both just relying on the user knowing not to do this.

>>"Please don't take me for a clueless Windows ad.. I mean user."

"Windows ad"...?

Re: receiving a document in a proprietary format

>>"Exactly, when I receive mail with an attachment containing a document in a format other than text or other fully open document format, such as pdf, odf, abw, djvu, ps etc., I feel attacked by someone's ignorance"

PDFs have contained malware in the past. You shouldn't put it on a list of inherently trustworthy attachments. Similarly an ODF document is actually a library which can contain macros for the document. And (correct me if I'm wrong somebody) the standard language used for macros in Libre Office can make system and file system calls. You can try this yourself very easily - just create a new document in Writer, open the macro editor and create a new module under that document and save it.

You'll get a warning of "this document contains macros" just the same as you do in MS Office. No better, no worse, really. They're both dependent on the recipient knowing well enough not to enable them.

Also, OOXML is an open standard, btw.

Re: Really Shitty Impractical Security Advice..

>>"Part of the problem is this... Rapid Application Development hasn't progressed much since legacy VB6. Instead M$ just keeps cynically changing things for ongoing lock-in. That means the roundabout start-to end app dev time hasn't improved at all."

There has been some recent progress on this. But the snag is it's Windows 8 onwards. So whilst it's nice, it will be a long time coming to the banking sector. Basically the new Web Plugins system for Office uses ONLY signed code which is accompanied by a manifest.xml file. The file defines exactly what permissions the running code has - e.g. a whitelist of remote servers it can access, what other files it can read from, whether it can access your address books, etc. It's pretty detailed. Adherance to the published restrictions is baked into the OS itself. But like I say, Windows 8 onwards only, so not a general fix any time soon.

Re: business

I think the boos are probably mainly because people didn't get what you were trying to say. I know that I didn't on first read.

Re: Users, Who'd have 'em.

>>"I know of one ERP suite that requires the Macro settings in Office to be turned to allow macros from any source to be executed"

I hope you told them why they're not getting your business. What kind of a company would do something like that?

Re: Toughened Glass

>>"but because it's associated with an Apple product he feels the need to get all tumescent about it."

I don't even own any Apple products and I think this is cool. Just because tech companies are treated like football teams by some tragic cases, doesn't mean many of us don't just really like good technology and science.

Re: What's to look forward to?

>>"Are you are assuming, or asserting, that I haven't done that already? Beleive me, I have gone through the code where it handles the various database objects time and time again and it makes no difference."

Well I'm certainly not asserting, because I don't know. I'm assuming that you haven't done so in sufficient depth to identify where it's going wrong because otherwise you would know, by definition. And yes, there is an implicit assumption that it is possible to diagnose the problem in my argument I admit. But I think that is reasonable - you may not uncover the precise cause, but with sufficient code profiling, you would be able to compare the runs on XP vs. 7 and see what calls are taking increased time. Probably you would narrow it down to a very small area and that would help diagnosis.

I'd also observe that you appear to be using Visual Studio 6. As that came out in 1998 and actually (iirc) runs on Windows 9x, you might (should) see some benefits moving to something more modern. Honestly, I'm almost surprised VS6 runs on Win7.

But anyway, this is probably unproductive. Beer o'clock as everyone is saying - this is probably enough argument for one day. ;)

Re: What's to look forward to?

>>"So, back to you; when has the last time you have compiled a C++ project with dozens of thousands of line of code in VS6 under W7/8?"

Never, I'm actually a UNIX programmer (at least when I still program. I'm mainly project managing and consulting these days). HOWEVER, I find it staggeringly hard to believe that Windows 7 could be so massively inferior to XP when compiling code. There is something very wrong here if this is happening to you and I don't believe it has any relation to general performance, hence my comment about gamers deserting Win 7 for XP. Which wasn't an attempt to "twist your words" but showing that there isn't a general failure of performance in 7. In fact the metric I have seen show 7 to be faster.

Given that such massive performance drops as you claim are not general, you should look to your own project to see what might be causing it, rather than condemning Windows 7.

Re: What's to look forward to?

>>"I can tell you that Windows 7 and Visual Studio 6 are a match made in hell and for any decent sized project won't even load, let along compile, under Windows 7."

I honestly find it hard to believe that projects cannot be compiled on Windows 7 or that Windows 7 cannot run any "decent sized project". I also find your comments that Windows 7 takes six or more times as long to run the same process. IF that is true in your case, and it contradicts my own experiences of performance and reputable published metrics, then it must be down to something else.

If Windows 7 is six or seven times slower than XP that must explain all the gamers I see rushing out to install XP to keep their framerates up. /sarcasm. Think this through - do you really think it wouldn't have been noticed when Windows 7 came out that it was massively slower at the same tasks than XP? That IF this is true, then it's something very peculiar to your set up?

>>As for Office? Well, one can't beat the flexiblity of the old menu system. If one doesn't want certain things on the menu then a few lines of VBA will sort that out.

Or for the majority of the world, they can right-click on the ribbon / icon they want and remove the icon. The only reason you like your commands buried in a nested menu system is because that's what you're used to. Which might be an argument for you to carry on using the old system personally, but is not an argument that the old is better than the new. The horizontal ribbon layout allows one to get away with a lot less nesting and therefore searching around than the old menus - objective fact. And the fact that the icons are still grouped into sections within that ribbon preserves the virtue of organization from menus.

Re: What's to look forward to?

>>"There are quite a lot of similarities between providing service for vehicles and service for software."

And quite a lot of differences. But if you actually read my post rather than shifting topic, I wrote that Windows 7/8 were significantly better than XP and said nothing about services. Well I did say something about services - I wrote that legacy inertia said nothing about the quality of the OSs. If you don't disagree with that, then don't try and find different misinterpretations of what I wrote so that you can disagree with my post. OP said that what "people" liked about MS was mostly in the past. I don't see an argument that someone still has legacy apps they can't get rid of - which is what you're previous post which I replied to disputed - does anything to prove that.

In short, you're writing paragraph after paragraph attacking your own strawman. Well, that and the odd swipe at MS based on nothing I wrote:

>>"As a fact, end of sales of PCs pre-installed with Windows XP was October 22, 2010. Microsoft could not be arsed to provide support for even 4 years"

End of Life for XP was known long before that and XPs replacement was out three years before that cut off date. If MS immediately cut off availability of XP the moment Vista came out, they would be doing a disservice to their enterprise customers who had large XP deployments and just needed to add in replacement PCs from time to time. And I strongly suspect you would be quick to condemn that if they did. But any IT department buying in an explicitly legacy OS in bulk when its replacement had already been out for three years and that replacement's replacement had already been released to manufacturing (7 was released to OEMs in July 2009) should be strung up. There's no way you can cast that as negligence on MS's part.

Using your reasoning in your post any cut off point for support for XP would be negligence. But there comes a point in any software lifecycle where the update is no longer a patch, but a new version. There's only so many updates you can release before you have to put a new number on it.

But again, this is just picking out parts from a rant that has little to do with the post that you are actually replying to and undermines what I actually wrote not at all.

Re: What's to look forward to?

>>Of course, the goal of all that development was driving the manufacturing cost down (you know, commoditisation) rather than putting (mostly) all sorts of nice new shiny in

Which supports my point. It's not analogous to an Operating System which does have new features added. I already linked you to the GIT source of the Linux kernel and invited you to take a look through. It beggars belief that you think all those developers have been putting in all those hours over all those years yet the OS hasn't grown in significant ways. In fact, it's pretty insulting.

>>rather than putting (mostly) all sorts of nice new shiny in so that Marketing can claim all sorts of new functionality.

Yeah, you call it "new shiny" for "Marketing". You're simply telling us how little you know about the improvements in OSs. Virtualization, better RAID, vastly improved security models, modern hardware support, new APIs, hibernation, support for new filesystems, networking protocols, graphics handling. Again, go and read the link I posted to the Linux kernel source. LOOK at all those changes. Then come back and tell is it's just "new Shiny" for Marketing and that comparing an OS to a switch that hasn't changed its technical specifications in a decade is a good analogy.

Re: What's to look forward to?

>>"@h4rm0ny: I have bad news for you. The car you bought 3 years ago uses an engine that is in production since 15 years now. We would like to provide you spare parts, of course, but our production line is ageing and we can't be arsed to invest in such old rubbish that hardly gives any return. You understand our situation, do you?"

I understand that when people have to switch to poorly thought out car analogies in order to argue against something that it's best to dispense with the entire flawed response. You are aware that is not sufficient to simply start talking about cars and expect that to carry any logical weight without showing that cars are actually analogous to operating systems? For example you ramble about "there are all these fuel leaks suddenly" which suggests you think that MS have suddenly introduced bugs into existing XP systems. Or that a new car wont start without an Internet connection! Something that applies to neither 7 or 8 which I was talking about.

TL;DR: Making a bad analogy isn't argument.

Re: How to prefer XP to 7/8

>>"Microsoft's insistence on 'secure' boot convinced me to keep old X86 hardware going until low priced ARM became fast enough."

Secure Boot isn't Microsoft's technology - it's a product of the UEFI consortium which is about thirteen big hardware players such as Samsung, Lenovo and others. MS have one seat on the consortium and if you think they're pushing companies like Samsung around you have some weird ideas. The only thing that MS "insisted" on is that Secure Boot could be turned OFF by a physically present user. It's one of the requirements for Windows 8 certification. I can link you to the requirements document if you really don't believe that.

All that aside, Ican't understand why you would stay on old hardware because of something that is as easily turned on or off as it is to change which drive you boot from. (Seriously, enter the UEFI on boot, just as you would an old BIOS, and select "Secure Boot: Off").

I especially don't understand why you held off in favour of ARM when you state Secure Boot is your worry as the MS "insistence" that Secure Boot can be turned off only applies to x86. On ARM the manufacturer can lock it to on if they wish and MS can't stop them. You have it precisely backwards!

Re: Market growth / Sales

>>"Yes MS IE, especially 6 was stupid. XP though isn't inherently slow and insecure. Problem is stuff on by default, people being admin, stupid MS IE & Outlook and badly written apps that needed gurus to set them up so non-Admin users could run them."

IE6 was actually very much loved by many at the time - it was ahead of everything else in features. The problems were that MS they exploited that lead to shut out other browser makers with some nasty tricks and that Mozilla made a terrible error in trying to rebuild Netscape from the ground up rather than an iterative process - which put them even further behind. The reason that IE6 has been such a pain to finally kill off is not that it was a disaster, but that it was a success. There weren't even mature standards for half the things we take for granted these days. Throw in ActiveX and it created a tarpit that we've only just escaped from. But it wasn't "stupid". It was a huge triumph for Microsoft. (A triumph that MS have been paying for ever since with their inability to kill it off).

Your comments about the problem being "stuff on by default" or "people being admin" are ignoring the cause of these things - which are that XP has a far weaker security model than Vista onwards which is really what causes people and processes to need to be admin by default. You'll note that on Windows 7 / 8 very little is. The reason is only slightly more educated developers and more that the new model means people don't have to do this to get it to do what they want.

Re: What's to look forward to?

>>"Compare, f'rinstance, the price of a gigabit switch today with 10 years ago."

Three problems with your analogy. Firstly, this product hasn't changed in ten years. A Gb switch is still a Gb switch. There is no active development, no research costs to recoup - any changes are trivial and unnecessary. Secondly, ten years ago it was modern technology whereas today we're now seeing 10Gb switches! I could buy a laptop with specs from ten years ago and expect the price to be massively lower - commoditized as you say. But I don't because I want something that has kept pace with the rest of the world. Thirdly, it requires no care or updates.

Saying that something which hasn't changed in ten years and needs no support is a good analogy for OSs is badly mistaken. Unless you're arguing that modern OSs are pretty much the same as they were ten years ago. In which case I invite you to have a quick read here (n.b. it may take you a while).

Re: What's to look forward to?

>>"Which still presumes you have an exclusive on how best to configure our company IT. As you know nothing about it may I say that may be both presumptuous and even wrong?"

You may not. Anything you can do on XP can be done as easily or more easily on Windows 7 / 8. Or shouldn't be done at all. I fully invite you to find a counter-example. For that simple reason I don't need to know anything about your own company's configuration to make my statement. I'd say that anything you find an advantage of XP over Windows 7 / 8 is actually just legacy software. And indeed your later paragraphs confirm that. The existence of legacy software says nothing about which OS is superior. (It only says that the legacy software writers haven't written it well as software which uses the documented XP APIs is pretty forward compatible as I understand it).

Such an argument indicates nothing about which OS is better any more than if I tried to argue that Win7 was a better OS than GNU/Linux because software X was written only for Windows. I wrote that Win 7 / 8 was better than XP and I even defined better - superior security model, more capabilities, better use of hardware.

That some are trapped in the past doesn't contradict anything that I wrote. And seriously - XP was replaced seven years ago this year. Lack of investment by some companies in their IT is not an argument I will accept to support "people prefer XP". Being trapped is not preferring.

>>"Yet we moved in the opposite direction to you."

You've made an assumption there. Outside of home use, I mostly work with organizations with CentOS (and occasional Debian). I never said anything about organizations moving OSs. I was just talking about what I know - technical and usability comparisons between OSs.

>>It also means that we are unlikely to trust Microsoft again

Because an OS released in 2001 thirteen years ago has finally been retired after twice extending the deadline for cutting off patches finally, seven years after they stopped selling it?

How many software and OS providers do you know that offer support seven years after their product's end of life? You don't even have to pay for that support - the patches are openly distributed? I just don't get this "unlikely to trust Microsoft again" line.

Re: What's to look forward to?

>>>>"How can people prefer the poor-security, slower and less manageable XP to modern 7/8?"

>>"Me for one, since you asked so nicely."

The question was "how" not "if". Go ahead - the forum is yours. I said XP had poorer security, was slower and was less manageable than Windows 7 and 8. Explain to me how you prefer XP over 7 or 8 in these regards.

>>"Did I say nicely? My mistake."

It was rubbish to say 'what people liked about MS is in the past'. Most people hated MS back in the day for a start! Its products are much more respectable these days. You saying you like XP doesn't make a sweeping statement about what "people like" any better. Now I'll be interested to see you justify XP as a better OS than 7 / 8. A preference based on "get off my lawn" tendencies is no good argument, imo.

Re: What's to look forward to?

Okay, then I apologise for the rather strong wording of "stupid". Misinformed would be a better and less confrontational term. Things get a bit heated here with a lot of very aggressive comments, not infrequently easily disprovable as well.

I don't know about the price of Windows 7 relative to general inflation - I'd have to check. I wouldn't read too much into small price rises, however. That's what prices do. And yes, you do find some people griping about how XP still works for them. They're entitled to use it if it suits their needs but it's far less secure and far less capable than Windows 7 or 8 and that's objectively provable. The security model in XP and before was extremely limiting. From Vista onwards, it's very good. MS have improved things in many areas. Go back ten years and I was pretty anti-MS. These days I really like their products.

Re: No real change, due to no real alternatice

>>"Once you data and compute are in someone else's cloud, they have you hostage. And as Azure is MS-only, you are well and truly screwed."

Sounds catchy - but it's wrong. I have a whole bunch of documents and files in OneDrive. I can pull them off and put them elsewhere at any time. I have properly structured VMs in Azure (yes, Azure offers GNU/Linux) and I can pull the applications and data off them easily and move to another hosting provider at any time. I just SSH in, tar up /srv and my Apache and MySQL configs and copy it all down.

You haven't actually thought this through / are not actually familiar with Azure.

Re: What's to look forward to?

>>"It seems to me that everything people liked about Microsoft is in their past."

Stupid statement. How can people prefer the poor-security, slower and less manageable XP to modern 7/8? Or IE 6/7 to versions 10 or 11? Office 2013 is far more capable than older Office versions and the interface is cleaner too and it supports open standards unlike the older proprietary only versions. You get sleek ultrabooks and work-focused tablets, none of which you had in the past. They've built proper scripting into the OS at a fundamental level and you have management capabilities on Server 2012 that older versions never came close to. Not to mention that it's superbly adapted to be virtualized. Microsoft products are far better (more capable, more manageable, better hardware usage) than they used to be.

What you've written is rubbish.

Re: ISIS's name confuses me anyway

>>"Why would a bunch of muslim extremists name themselves after an ancient Egyptian goddess?"

They didn't. ISIS is an English-language translation of their Arabic name. Just like you saw CCCP on those old Soviet rockets rather than USSR because the words were different in the original language.

They actually prefer to call themselves the Islamic State anyway. They're not constraining their ambitions.

Re: me thinks its time for a jolly jap

I THINK they just typoed "jape", as in a prank or joke.

But while I'm posting, I might as well just add that I despise Blair and the scum should be on trial for war trials for the number of British soldiers who are dead because of him. Iraqi civilians too though the US would have gone to war without us.

Re: I wonder how they got this information?

>>"but I would rather have all my mails logged and analysed than fly on a plane that somone may blow up."

I would not. Same for a lot of other people. Even allowing that scanning all my emails and running word recognition software on my voice calls might help, I do not consider exchanging the certainty that the Government is monitoring me 24/7 for a tiny risk that a plane I'm on might be targeted, an acceptable exchange.

Want to see how many people agree with me? Set up two air services - one with all the checks, shoes off, police interrogation... and one with just luggage scan and metal detector (basically anything that can be done in about 30 seconds). See which people prefer to travel on. Sadly that test will never happen but I think anyone who's ever worked in any area of computer security (and seen how much most people put convenience ahead of rigorous security) knows which service would be most popular. And I think anyone reading this who is honest with themself knows that too.

I don't know where this "demand" for ever tighter security is coming from, but I don't think it's the public. Anyone who has done even just a GCSE in History knows that in the vast majority of cases, we the public have far more to fear from governments grown too powerful than we do from terrorists.

Re: Can women hack it?

>>It would be much more satisfying for the female(s) to beat a male and also be more humiliating for the male."

Why do you think a woman would get extra satisfaction from beating a man at a video game? Or that a male is more humiliated by losing to a female? I don't actually see any reason why someone should feel humiliated by losing to another anyway - it just means you spend less time playing video games - but I especially don't see why the sex of the person you lost to matters.

Re: So?

>>"NSA will have to get a bit of paper rubber stamped and pay MS to provide the data, not just suck up the data for free from one of their taps."

You do your best to make this sound like it has no impact, but having to go through the court process (even if the courts are very friendly) at least creates a paper trail of who and how much the NSA are spying on and forces them to seek judicial oversight (and political climates DO change).

Furthermore, adding a financial cost to this makes a big difference in that they have to be selective. Look at spam - there's a tonne of it because it doesn't even cost pennies to send tens of thousands. With junkmail there's still more than everybody wants, but they have to at least restrict themselves to cases where they expect to get more return on the actual per-letter investment rather than the trivial cost per email of spam. And so with the NSA they have to actually pick who they want to investigate rather than just engage in massive fishing exercises.

Finally, much like the previous point but for more technical reasons, it means that they have to investigate select groups of people they already exist rather than batch-search through everyone's emails looking for particular word groups or sender-recipient combinations.

As I said, you did your best to trivialize it, but this is a significant thing that I welcome.