IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New It inspires me
to write a GUI version that is easier to use. One that has a way of polling what users/systems are out there and allowing the user to select only the ones to send the message to. It would take investigation of the API calls used, or shelling out to the NET.EXE program multiple times.

While I could make money off of that, I was thinking of making it open sourced and making it so that anyone could download it and use it.

Unless, of course, someone already wrote one.



"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

New Re: It inspires me
Windows has no real user context so you can forget about it. After all these years Windows is every bit as stupid as it was in the beginning. It got rich by a combination of crime and luck and so it has expensive, tawdry clothes, but it still wears a crooked dimestore toupee and wanders around pretending no one knows.

Every day I have to shovel the shit that Windows begat off my doorstep before I can read my email. And why are all the jobs vanishing to India? Because for every real systems guy out there, a hundred, five hundred punk-ass X-er Windows jackoffs are sucking the life out of IT as a respectable profession. So when the cheap fuck managers who ordered this type of world decide to get shed of some deadwood, they throw out the good logs out with the wormy ones.

Thanks Billy, and thanks to all the Windows assholes who made him possible.
-drl
Expand Edited by deSitter Jan. 1, 2004, 12:11:51 PM EST
New On this we agree
too many "Nick Burns your company's computer guy" making the rest of us looking bad. Too many people getting into IT for the money, rather than the love of it. I keep hearing radio commercials "Get Microsoft certified and make over $60K a year" and every snot nosed kid with an attitude problem signs up for that course and then makes the rest of us look bad. Then you got the code monkies, people who write code very fast and very sloppy, skills learned from fast food joints. Management expects everyone else to code as fast as these code monkies, so the end result is poor quality programs that crash the system at random times. Makes us look bad, so they send the jobs overseas.



"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

New Windows has no user context?
I am not sure what you mean by "user context", but surely windows has more developed system of user right management than any default installation of Linux.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New process-level user context
A login is not a user. In principle, the Windows idea of a "user" hasn't changed since LAN Manager.
-drl
New I am still at a loss as to what you mean
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New A login is a profile
on a Windows machine, which can have custom settings, policies, and other things. It has to log into a server part to become a user, except for peer to peer networking where it is treated as a virtual user. Each profile has a password assigned to it, no password is just a blank password on Windows 9X/ME and on those machines one can simply hit "Cancel" to log in on the default profile on the login box. The server password may be different than the profile password. There are ways around policies in 9X/ME, like removing the group policies program, or tweaking the registry to no longer load it. This makes Windows security a joke.



"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

New Re: I am still at a loss as to what you mean
The user features of Windows systems are pasted onto the kernel. The UNIX kernel itself understands how to assign privileges to processes based on user context. Try googling "Windows process accounting" - you won't find many hits.

I guess the best way to say it - all Windows processes are on the same level inside the "Windows NT Executive", with no concept of ownership, while UNIX processes are always in a parent-child relationship. UNIX uses user and group IDs to maintain process access and hierarchy, while Windows uses "access tokens" and there is no process heirarchy. When a process in Windows creates another process, it donates its access token to the new process. Every process has to maintain its own table of associated processes.
-drl
New You're much mistaken
WRT Windows NT and XP.

Every object in the kernel has ownership and access priveleges. You can restrict access to things like mutexes, processes, threads, files, file handles, directories, pipes - anything at all. The user management and privileges are completely customizable, you can create you own secured objects with their own prveleges, although the APIs are obscure, obtuse and rarely used.

I certainly do agree with you about Win 95 family - there, security is limited to a network share and completely useless.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New Can you be logged in as two people at once?
With the two people having different access levels?

Without paying for an additional product like Windows Terminal Server that is.

This capability is central to how *nix works. You always have processes around who are logged in as different users with different privileges. You can even have many GUIs running.

Cheers,
Ben
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
New Not log in, no.
But you can have multiple processes running under different user permissions at the same time.
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
New I'll tuck that away in case I ever need it
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
New Yes you can and it is a weak security system
that allows it. If you can run CMD.EXE in the NT/2K/XP/2003 schedule program, it will be run as Admin access. Any program you open from that CLI will get run with Admin access inculding NET.EXE, horror of horrors!

Users can bypass the program install block by installing certain software to their Documents directory which has write access. A real secure system wouldn't even let them run the install program. Some programs check for Admin rights before installing, but some like OOo does not. It is up to the install program to check for access rights before installing.

If the user has access to the Notepad or Wordpad, they can give themselves access to almost anything. Usually by "Viewing Source" in IE, they get a Notepad program, even if their policies and rights disable it. All they do is clear out the HTML source and write in a batch file and save it somewhere writable, like their start menu or documents folder. Then click on it. Create a command to add CMD.EXE to the scheduler, and they can get Admin access or whatever the system runs those programs as.

Also IIS and other programs run as certain users and have a certain level of access that the logged in user may not have. So an ASP web page can be used to write to a file or database, when the user cannot, via IIS.



"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

New Re: Yes you can and it is a weak security system
If you can run CMD.EXE in the NT/2K/XP/2003 schedule program, it will be run as Admin access.
Wrong. The CMD.EXE process will be run as the user that started it, and security will work accordingly.


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New Certainly
Telnet Server is available

Terminal Server comes bundled with XP

Every service runs on an account different from the currently logged on user: either a special "system" account, or whatever the adminstrator chose.

Any process can start a subprocess as different user. API has full support for it, even though shell has none.

In any case, "paying for additional products" reflects price structure and marketing, not technology.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New Re: Certainly
Exactly - Terminal server is an add-on to the base operating system, because the latter is not really a multi-user OS. Only one user in base NT has a "desktop" context. In order to have many desktops you have to change the OS in such a way that large parts of it are replicated for every user. And this is just the login context.
-drl
New You keep hearing yourself, not me
NT can have arbitrary number of desktops, only one of them normally visible on a given console. All services run on an invisible desktop (I am not aware of any way to make that one visible). Terminal server gives you the ability to make invisible desktops visible. Another way to get an alternative desktop, I believe (I may be wrong here) is to hit ctrl-alt-del. The visual you see is actually a different desktop.

Also, you don't have to have a desktop to run a process, hence telnet server.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New Re: You're much mistaken
As I said, this is done with the glommed-on idea of access tokens - it's not a hierarchy of processes as in UNIX. I don't consider the former to be multi-user, and neither do OS theorists.
-drl
New What does hiererchy of processes have to do with it?
And, btw, you can emulate hierarchy with process groups. Not nice, but possible.

--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New Re: What does hiererchy of processes have to do with it?
Because it guarantees that a process will have a determinate user context. As you know, there are floating "NT_AUTHORITY" and "SYSTEM" contexts in NT that are only there so legacy code can run. Plus, there is no simple way to isolate everything executing in a given context in NT - you have to slog through all the processes and get their access tokens. NT was deliberately not built with a determinate user context so that legacy code would run.

Eric Raymond wrote a FAQ about UNIX programming, I think he talks about it in there. He points out that because of all the compromises related to legacy code, NT become practically impossible to make secure. The boundaries are "too porous" as he put it. In a real multi-user system, the user context is always known and determinate.

To give a practical example, suppose I want to immediately remove a user from a UNIX system. I remove his login, find his top-level processes and terminate them, and he's gone. In NT, you make a change to the user database, this has to propagate everywhere, his processes still run until they quit. Because there is no determinate user context, he fades away.
-drl
New I am not sure what NT_AUTHORITY is
But System is a very definite context. It has all rights of Adminstartor account on a local machine and no rights on the network. It has no user name/password associated with it, so users cannot log in on it.

Legacy is indeed a major problem for Windows, but it's mostly in GUI and SMB code. Avoid both, and you should be OK.

On single NT or Unix machine, you remove the user the same way: disable login and terminate processes. It's immaterial whether you jave to kill all processes or "top-level" processes: in practice, in Unix and NT you keep killing till there is nothing to kill. And yes, NT knows who started the processes.

On multi-machine installations, such as NIS or NT Domain, you disable the user in the central database and it may or may not have to propagate. Apples to apples, please.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New Except:
But System is a very definite context. It has all rights of Adminstrator account on a local machine and no rights on the network. It has no user name/password associated with it, so users cannot log in on it.


That's not the same thing as saying users can't execute code under its authority. Just run a service as System.
I was one of the original authors of VB, and *I* wouldn't use VB for a text
processing program. :-)
Michael Geary, on comp.lang.python
New RIght you are
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
New Bottom line
If you can start a service, you can start it as System.


Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
New Careful there . .
. . if you use Microsoft programming tools the ULA specifically forbids creating open source products.
[link|http://www.aaxnet.com|AAx]
New Does it really?
I thought that they forbid open source products with any of a series of licenses that they dislike (including the GPL), but had no objection to, say, the BSD license.

Cheers,
Ben
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
New I don't remember all the details . . .
. . but I'm pretty certain they won't allow distribution of anything that includes their libraries if you haven't paid for the development product. That would place redistribution encumbrances on the source code which would be non-compliant with the BSD license and pretty much any other open source license.
[link|http://www.aaxnet.com|AAx]
New The licenses are more forgiving than you think
There is nothing stopping me from writing source-code and distributing the source under a BSD license, no matter what the copyrighted material that the compiled source has to pull in.

Microsoft can choose whether to let me distribute the binary under a BSD license, but the source is OK. (And if I have bought licenses to their development environment for production use, their license normally allows me to compile things for redistribution. After all that is what I was purchasing it for.) Anyone who has not purchased the Microsoft libraries won't be able to compile it, but the BSD license insists on nothing like that. Heck, even the GPL would be fine with linking with some of their proprietary libraries if it falls under the OS exemption.

This is well-trodden ground. Open source people have worked in proprietary environments for decades and have a well-understood set of compromises to follow.

But the issue was far worse. As I recall, if you agreed to their user agreement, then you couldn't do something as simple as use their editor to edit a piece of existing GPLed C code which you were then going to compile on another platform. Likewise while you could compile anything that you wanted and sell it to your neighbour, you couldn't download a GPLed program, compile it, and then give it to your neighbour.

I'm not sure of the current status of that mess, but I think that they backed away. (Even if they didn't, I don't care, I no longer use Windows for anything.)

Cheers,
Ben
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
New Really interesting issue
please let me know what you guys find out about it.

I've seen open sourced code that was written to compile under Visual C++ like the GiFT file sharer. I haven't been able to get it to compile, and the VC++ documentation is missing on how to do that, but people on their forum claim they have compiled with VC++ and VC++.Net to get the program to work.

I figure if an open sourced program can be written to use VC++, it also can be made to use VB as well. Unless these guys are violating the ULA that Microsoft has.

I can now see why some open sourced projects actually charge money for Windows ports of the programs.

Thanks.



"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

New Bah! I'll make it freeware then.
Unless Microsoft has a EULA condition against that as well?



"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"

New that's what I did
drop down box with "SEND ALL" as well as each individual system, a text box for the message and a button for SEND.

I've also filtered out the server names as it got annoying having to click thru all the messages on them.
Darrell Spice, Jr.                      [link|http://www.spiceware.org/cgi-bin/spa.pl?album=./Artistic%20Overpass|Artistic Overpass]\n[link|http://www.spiceware.org/|SpiceWare] - We don't do Windows, it's too much of a chore
     NET SEND to all except a few systems? - (SpiceWare) - (42)
         Send to group -NT - (Silverlock)
         If you send not to machine names, but... - (CRConrad) - (6)
             Re: If you send not to machine names, but... - (deSitter) - (5)
                 "Messenger" != "NET SEND" ? - (CRConrad) - (4)
                     NET SEND Help - (orion)
                     Re: "Messenger" != "NET SEND" ? - (deSitter) - (2)
                         Alternatively... - (pwhysall)
                         So if Darrell's gang use W2K or later, they could try my way -NT - (CRConrad)
         update - (SpiceWare)
         Re: NET SEND to all except a few systems? - (qstephens) - (32)
             ROFL - (deSitter) - (31)
                 It inspires me - (orion) - (30)
                     Re: It inspires me - (deSitter) - (22)
                         On this we agree - (orion)
                         Windows has no user context? - (Arkadiy) - (20)
                             process-level user context - (deSitter) - (19)
                                 I am still at a loss as to what you mean -NT - (Arkadiy) - (18)
                                     A login is a profile - (orion)
                                     Re: I am still at a loss as to what you mean - (deSitter) - (16)
                                         You're much mistaken - (Arkadiy) - (15)
                                             Can you be logged in as two people at once? - (ben_tilly) - (7)
                                                 Not log in, no. - (admin) - (3)
                                                     I'll tuck that away in case I ever need it -NT - (ben_tilly)
                                                     Yes you can and it is a weak security system - (orion) - (1)
                                                         Re: Yes you can and it is a weak security system - (pwhysall)
                                                 Certainly - (Arkadiy) - (2)
                                                     Re: Certainly - (deSitter) - (1)
                                                         You keep hearing yourself, not me - (Arkadiy)
                                             Re: You're much mistaken - (deSitter) - (6)
                                                 What does hiererchy of processes have to do with it? - (Arkadiy) - (5)
                                                     Re: What does hiererchy of processes have to do with it? - (deSitter) - (4)
                                                         I am not sure what NT_AUTHORITY is - (Arkadiy) - (3)
                                                             Except: - (FuManChu) - (2)
                                                                 RIght you are -NT - (Arkadiy)
                                                                 Bottom line - (pwhysall)
                     Careful there . . - (Andrew Grygus) - (5)
                         Does it really? - (ben_tilly) - (3)
                             I don't remember all the details . . . - (Andrew Grygus) - (2)
                                 The licenses are more forgiving than you think - (ben_tilly) - (1)
                                     Really interesting issue - (orion)
                         Bah! I'll make it freeware then. - (orion)
                     that's what I did - (SpiceWare)

HOWLING WOLVES OF CALUMNIATION!
164 ms