Well, basically yes, thsts where its going.

He can't let anyone use it for gov stuff anyway or cia gets to read whats on there.

But look euro countries are thinking of moving governance out of MS now too due to trump crossing the line publicly of ordering ms around.

Was anyone buying ipods in the latter years when they were just idevices without the phone and they just started making the smaller version of ipad anyway then.

Yes inherently its just running on the customers computer anyway, so they don't actually have control.

Not sending other players locations when not necessary etc would be cooler.

And you can cheat by off-device means anyway, you can do an aimbot that doesn't run any code on the computer now.

Wow came out like a decade after my bank at the time had 2fa.

Sure at first it was over telnet and phone lines so it wasn't terribly secure at first..

To teach you don't need massive amounts of content, lessons don't need to be superfacially unique at all, they're scalable on their own.

The need to make new books for schools etc every year is based just on the need to sell them too, basics of languages do not change every year, a student doesn't benefit from unlimited amounts of basic class learning material.

Thats not entirely true. To update an old ios app to be uploadable into the store is significant amount of work due to apple themselves deprecating stuff and requiring you use a newer xcode. You can't just "update the api call" and expect it to be publishable.

You can only download, put it on the device and read it as long as they decide that they and by extension you have the right to read the book.

You're just renting an access to the book with the drm. Under terms that aren't clear to you since you don't know these dates and contracts that they have with the creator and publisher.

"The area that Google did well in that would not have happened had I not been distracted is Android, where it was a natural thing for me. I was trying, although what I didn't do well enough is provide the operating system for the phone. That was ours for the taking."

The antitrust case was overturned by the Appellate Court in 2001. The DOJ and Microsoft settled the outstanding portions in November 2001.

Android Inc. was started in 2003, and was four guys using pre-existing Open Source components to build an OS for mobile phones. Google bought them in 2005, and the first handset using Android was released in 2008.

Bill, you had seven years and the entire backing of a massive corporation (including all of its employees and intellectual property) after the antitrust case was settled, and couldn’t pull off what four guys started and Google finished in five using Open Source components.

Yaz

The existential threat implied is a bit different to what a sql database did to office workers.

It’s not as if Microsoft leaves them a whole lot of choice. Since Windows NT 3.1, Windows has only ever supported two of the four Intel rings of execution — Ring 0 (kernel mode) and Ring 3 (user mode). If drivers had the option of running in Ring 1 they could potentially be isolated when they misbehave without risking corrupting kernel structures — but that option doesn’t exist. The only place where CrowdStrike Falcon Sensor can functionally run on Windows is in Ring 0. That’s a Windows architecture flaw IMO.

AFAIK there are no sufficient APIs to allow Ring 3 processes in Windows to monitor kernel events.

In contrast, on macOS CrowdStrike Falcon Sensor runs as a System Extension entirely in user space (Ring 3 on Intel; I’m not sure if Apple Silicon uses the same notation). It used to be a kext (kernel extension) that ran in Ring 0/kernel mode, but after Apple introduced Endpoint Security Framework (and limitations to running/installing kexts on Apple Silicon) CrowdStrike redeveloped Falcon Sensor to use these new facilities to run completely in Ring 3. Had this flaw hit macOS, the OS simply would have isolated the misbehaving Falcon Sensor without crashing the system.

So I’d say it’s less that CrowdStrike “insisted” on “god level” privs on Windows than it is that they don’t have any choice. Where they do have choice (macOS) they run in plain old user mode — and by all accounts, continue to function just as well as they ever did running in kernel mode.

Yaz

I’ll admit I’ve never done development with fanotify, so I’m open to being corrected here.

From what I understand of fanotify, it’s well suited for something like a virus scanner — but what CrowdStrike Falcon Sensor does is much more than file-level scanning. It’s also doing in-memory checks, and looks for patterns of events that may indicate malicious activity.

Indeed, the P-code file that killed Windows instances the other week was intended to check for certain types of improper use of Windows named pipes (one of the reasons why the flaw didn’t affect any other platforms was that only Windows was vulnerable to the type of attack being monitored, and thus macOS and Linux didn’t require that specific p-code). From what I understand of fanotify, it wouldn’t have been useful in this situation.

Yaz

The junky overhead makes it so that you'll end up with the same problems with containers.

FWIW, in this case the external file contains P-code which then gets to run in kernel context.

No, there is sufficient reason to also blame Microsoft. Tools like CrowdStrike must run in Kernal mode in part because Microsoft doesn’t really give them a lot of other options. Back when NT 3.1 was being developed, Microsoft made the decision to only support Ring 0 and Ring 3 (Kernal mode/user mode respectively) for performance reasons — switching between rings can take 150+ clock cycles, and can be slow. But the Intel CPU supports four Rings of execution, with Ring 1 intended for device drivers.

Modern Windows works in this way to this day. Had Microsoft been more focussed on safety and less on raw performance, drivers could run in Ring 1 and could be isolated from the kernel. A Ring 1 CrowdStrike Falcon Sensor driver could, in theory, be isolated from the system when it misbehaved, allowing the system to remain online. But Microsoft being Microsoft, they chased performance over safety — so we have a situation where an errant driver like the Falcon sensor can bring the whole system down.

If you want to see a system that does it right, look at how Falcon Sensor runs on macOS. There the Falcon Sensor is written as a modern System Extension, and leverages DriverKit Endpoint Security extensions — where it has all the access it needs to system events, but runs completely in user mode. Should CrowdStrike on macOS run into a similar problem, the system can just isolate it and shut it down without crashing the entire system like Windows.

What the FSF is failing to say here is that Linux has the same basic flaws that Windows has when it comes to misbehaving drivers. Linux also only supports Ring 0/Ring 3, and doesn’t provide a way for something like the Falcon Sensor to run in user mode ala macOS. Indeed, certain Linux distros with certain kernel revisions have already had kernel panics due to CrowdStrike earlier this year.

You can’t wait a week for your security software to be updated when there are actors online active exploiting zero-day vulnerabilities. CrowdStrike absolutely screwed the pooch on this one. But both Microsoft and Linux still assume we live in the device driver works of the 1990s, where you release a driver and maybe just do a few bug fixes every few months, and which eventually becomes stable enough not to change. In the 202X online world we need both security software that is constantly updated and appropriate driver protection guarantees to simply disable misbehaving divers like this one. Unfortunately, the only major OS doing any work in this area seems to be Apple — Linux could learn something from them in this regard. Maybe instead of claiming that being able to choose from multiple OS vendors using the same kernel is the solution the FSF could instead work with the Linux Kernel maintainers to look at mechanisms to isolate drivers, so when they misbehave they don’t take down the entire system with them.

Yaz

The % being low doesn't mean anything, it just means people don't terminate and it could be due to the fees or not.

Rolling out a new version for "reasons" is way too common nowadays without the new version having feature parity with the old version.

Often just for a design refresh that could have been done on the old one just as well! And the new versions supposed to then be easier to maintain, but has some architecture that actually makes it hard to do the missing features due to choosing an architecture thats in fashion rather than an architecture for the codebase that suits the application being made, a non-architecture if you will.

Would you consider that a rendering engine, a git client, a bank app and a drawing app all should have the same structure and philosophy in regards of data and interface code? Probably not but thats the world we're living in. I'm sure they got tests for checking that the network codes middle classes though so it has yk be working correctly (that parse the data into an object that gets converted with a converter class to an object that gets used for the data for the ui).

So it's not that it feels like legacy software, it feels like new software!