Wow Michael, Thanks for the history :-) I totally agree with you on the C blaming comments, however, it is not only strings where we have problems, and it is not only buffer overrun which is a security concern. I agree with the part as well that we definitely need a better approach on development in term of security, however, all runtime checks have some footprints which are less and less problems for nowadays computing power and availability of memory and storage -- but back in days Dennis Ritchie designed C all these things were crucial and needed the most simple solutions. Btw, Win 95 was a big step forward indeed as fas as I remember as it had a full 32 bit support with most OS elements compiled to 32 bit running on the true preemptive scheduler. It was much more stable than Win 3.11 Workgroup. And 16 bit DOS and Windows apps were running on virtual boxes so if they crashed the OS was still stable, which sounds normal nowadays but by that time it was pretty new. NT and OS/2 was better, yes, but that did not run o= n average desktops. Plus Win 95 was the first Windows copying Mac OS GUI principals -- except Microsoft put the Start button on the bottom as oppose= d to the top. Anyway, nowadays I use Mac and Linux as host OS pretty much everywhere and try to use virtual hardware and Win XP or 7 when needed and possible -- but not everything runs on virtual machines correctly. For example games, and b= y games I also mean my RC model airplane simulator. So now I am also looking for a dual boot capabilities, most probably on the Mac/Bootcamp -- but that does not do anything with the OP as MPLAB works pretty ok on VirtualBox. Tamas On 18 October 2011 13:33, Michael Watterson wrote: > M.L. wrote: > > On Mon, Oct 17, 2011 at 10:04 PM, V G wrote: > > > >> Linux never failed me. Pick your favourite distro and rock on. But if > you > >> /have/ to use winbloze, I guess XP is the way to go since most program= s > are > >> known to work on it. > >> > > > > I used Linux extensively through college. I could probably still use > > it now, but it's just easier to get things running on Windows. I still > > use Linux on my email server. > > > > It may be fun to rip on Windows, but I'd guess you've never had to use > > Windows 95. It's orders of magnitude better now than it was then. > > > > > Win95 was just DOS based Win3.11 with a new GUI. Win3.11 had 32bit > networking, graphics, disk, virtual memory options. It ran 16bit code > natively thus was a pig on Pentium Pro (which had no simple mechanism to > switch from 32bit to 16bit). > > The Earlier NT 3.1, 3.5 and 3.51 were real 32 bits and ran 16bit windows > via WOW api mapping to 32 bit and the same NTVDM used for DOS on a > virtual machine. > They should never ever have released Win95 other than as a console. > NT4.0 in 1996 was far superior. It wasn't until XP that they managed to > recover from the poor decision to let Win95 be used for general purpose > windows rather than just consoles. But they were more worried about OS/2 > Warp than doing the right thing. > > I had Explorer as a preview shell on NT3.51. Since unlike NT4.0 the GDI > was not in kernel, Explorer couldn't crash NT3.51 They made poor > decisions regarding NT 4.0 simply to port Direct X for games a bit > faster and improve video by about 10%. Stupidity since almost none of > the games worked on NT 4.0 (the ones that did often used OpenGL anyway, > not Direct X). Since 1994 it seems MS OS development has been dominated > by GUI considerations. But in the last few years the same is true of OS > X and Ubuntu. > > Most of the security issues are due to C and using C style string or > other buffers in C++. These exist in Linux and OS X too. They would not > exist if using a "decent" C++ string library and possibly "proper" > libraries in Objective J, Turbo Pascal, Modula-2 or Ada. Inherently, > properly applied the NT security model was one UNIX and Linux could only > dream of with their 3 sets of flags for r, w, x. By win 2000 of course > MS didn't seem to understand the security model and too many > applications were written in total ignorance of the security model (for > win9x) so would only work easily as "Administrator". COM. DCOM and > ActiveX of course very broken concepts totally contrary to NT Security > model compared to Named Pipes. When you copy stuff from one PC to > another there is of course no assurance the resources needed by COM, > DCOM, ActiveX exist. Allowing such in Web pages and supporting Browser > was of course total idiocy. ActiveX and similar only at all make sense > as an alternative to importing a DLL API and then distributing the > entire "thing" as a monolithic install .exe or msi or cab package such > that the activeX parts are always there and correct version. There are > and always were ways to avoid DLL Hell and the similar issues with COM, > DCOM and ActiveX. > > C style strings and buffers should not be used except in the most > limited circumstance where you 100% can be sure the buffer/sting is > always correct. > > > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > --=20 int main() { char *a,*s,*q; printf(s=3D"int main() { char *a,*s,*q; printf(s=3D%s%s%s, q=3D%s%s%s%s,s,q,q,a=3D%s%s%s%s,q,q,q,a,a,q); }", q=3D"\"",s,q,q,a=3D"\\",q,q,q,a,a,q); } --=20 http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .