The Official Windows 7 Wallpapers are now available for download from the NeoSmart Image Gallery. Only several wallpapers have been released accompanying various Windows 7 builds thus far, but we’ll keep adding new ones to the gallery as they’re shipped.

Here are some of our favorite new wallpapers:

You can see these and more at the gallery here, along with the old Windows Vista ones here and here.

We’re taking hundreds of screenshots of Windows 7 and its new features & components even as we’re posting this – keep your eyes peeled, they’ll be joining our extensive collection of Operating System screenshots in the same fashion as the Windows Vista screenshots were added: build-by-build with all the little details covered in true geek fashion.

But it looks like someone may have been a bit to hasty to pull that switch (perhaps itching to get some of the limelight Microsoft has been receiving for adding OpenID to all Live ID accounts just the day before yesterday)… because whatever it is that Google has released support for, it sure as hell isn’t OpenID, as they even so kindly point out in their OpenID developer documentation (that media outlets certainly won’t be reading):

1. The web application asks the end user to log in by offering a set of log-in options, including Google.
2. The user selects the "Sign in with Google" option.
3. The web application sends a "discovery" request to Google to get information on the Google authentication endpoint. This is a departure from the process outlined in OpenID 1.0. [Emphasis added]
4. Google returns an XRDS document, which contains endpoint address.
5. The web application sends a login authentication request to the Google endpoint address.
6. This action redirects the user to a Google Federated Login page.

As Google points out, this isn’t OpenID. This is something that Google cooked up that resembles OpenID masquerading as OpenID since that’s what people want to see – and that’s what Microsoft announced just the day before.

It’s not just a “departure” from OpenID, it’s a whole new standard.

With OpenID, the user memorizes a web URI, and provides it to the sites he or she would like to sign in to. The site then POSTs an OpenID request to that URI where the OpenID backend server proceeds to perform the requested authentication.

In Google’s version of the OpenID “standard,” users would enter their @gmail.com email addresses in the OpenID login box on OpenID-enabled sites, who would then detect that a Google email was entered. The server then requests permission from Google to use the OpenID standard in the first place by POSTing an XML document to Google’s “OpenID” servers. If Google decides it’ll accept the request from the server, it’ll return an XML document back to the site in question that contains a link to the actual OpenID URI for the email account in question.

This is shown quite clearly in the following image (courtesy of Google, ironically):

As you can see, steps 3 & 4 are not part of OpenID and leave Google’s implementation of OpenID, such as it is, incompatible with everyone else.

Google actually mentions this in passing:

Starting today, we are providing limited access to an API for an OpenID identity provider that is based on the user experience research of the OpenID community. Websites can now allow Google Account users to login to their website by using the OpenID protocol. We hope the continued evolution of both the technical features of OpenID, as well as the improvements in user experience. will lead to a solution that can be widely deployed for federated login. One of the companies using this new service is www.zoho.com.

Eric Sachs, author of the blog post in question, doesn’t actually come out and say, but he does come very close.

Basically, Google has rewritten OpenID. Not only is it not exactly the same as the current OpenID protocol, it’s so different that existing OpenID relying parties won’t be able to use it. Only a handful of “partner sites” have been updated to understand Google’s perverted version of the OpenID standard, and anyone else hoping to authenticate via “OpenID” to Google’s servers will need to do the same.

But OpenID is an open, community-based standard. Stabbing them in the back by creating an incompatible standard “based on” the same technology and masquerading under the same name isn’t the way to go. Google may have the best interests of decentralized authentication in mind, and perhaps even the better protocol to boot; but this is no way to prove a point.

OpenID is on tenterhooks as it is, and cannot withstand any more efforts to splinter its adoption. Never mind the fact that almost all the big names adopting OpenID are joining only as providers and not as relying parties (rendering the whole basis of OpenID useless) – now even the provider side of things is chaos.

Thanks, Google. Good to see you’re still doing the whole “Do no evil” thing, the community really appreciates this kind of approach to improving de facto standards and pushing decentralized authentication!

You can now download ToolTipFixer 2.0 which has a number of changes and improvements based on the feedback we’ve received during the past year. First, for those of you that aren’t familiar with ToolTipFixer, it’s a nifty “patch” for a very frustrating bug in Windows which winds up rendering tooltips behind the taskbar, leaving them unreadable and generally annoying the user to no end:

ToolTipFixer sits silently and invisibly in the background, intercepting this problem and fixing it as it happens – letting you read those tooltips and use your PC the way you should be able to.

Now for the good stuff: the number one request we’ve had was to eliminate the Microsoft .NET Framework as a requirement for using ToolTipFixer. As a matter of productivity and preference, Microsoft’s .NET Framework has a special place in our hearts, but we realize that many people would prefer something a bit… lighter and as such ToolTipFixer 2.0 has been rewritten from scratch in C++ with no dependencies – not even the MSVC++ runtime libraries.

The second oft-made request was improvements to ToolTipFixer’s memory usage. This particular component is tightly-tied to the development platform of choice, and with the switch over to unmanaged C++, it’s become possible to further-tune the amount of memory that TTF uses and bring it down as much as possible, something that’s not in the developers’ hands when using the .NET Framework – which, with its automated garbage cleanup, makes memory usage highly variable at best.

TTF 2 has drastically improved memory management – it’ll take so little memory, you won’t even know it’s there (from 0.3 to 1.5 MiB in our extended testing, depending on OS and platform).

Then there are those 64-bit Windows users, and more of them than ever before. Just because you have 4+ GiB of RAM in that machine of yours doesn’t mean you can’t get rid of this bug too – ToolTipFixer 2.0 has full support for Windows XP/Vista x64!

And to save the best for last, ToolTipFixer can now be run in what we call “standalone mode.” During setup, you’ll have the option of either installing TTF the traditional way – as a system application sitting silently and invisibly in the background – or as a standalone module that you run only when you need it. Some people experience the tooltip corruption problem less often than others, and if it doesn’t bother you incessantly then you can choose to only run TTF when you need it!

Download: ToolTipFixer 2.0

Despite PC users’ widely-varying taste and preference in operating systems and platforms, gamers need Windows. In fact, one of the biggest reason people around the globe tend to dual-boot is their undying love for gaming and the fact that no other OS out there can boast the wide range of gaming titles and genres available for their platform like Windows can. The traditional choice faced by most non-Windows users has been to either install and dual-boot Windows or bite the built and buy a gaming console - ask us, we would know.

But this is all about to change, thanks to Microsoft’s reckless abandon for one of its few truly-loyal userbases.

When Microsoft first began its frenzied Vista marketing campaign in 2006, one of the points it focused on most and repeated over and over again was just how big of a gaming revolution Windows Vista was. Gaming was a large part of the Vista WOW campaign, but it has since failed to disappoint. But this isn’t an article about Vista, it’s about how Windows is poised to lose its gaming advantage if Microsoft doesn’t get its act together sometime soon.

The problem is that Windows - standalone or in a dual-boot - is quickly becoming the lesser-appealing option when compared to a gaming console… in large part thanks to Microsoft’s ridiculous, biased, and fairly infuriating decisions to release games for Xbox and then for PC.

A major part of the gaming/entertainment Vista PR that went out around the same time as the OS: Microsoft Announces Spectacular Windows Vista Title Lineup. Spectacular? Hardly so. Take a look at the Microsoft Game Studios release history for 2006 and 2007, you’ll find a great disparity between the number of titles MGS released for Windows verses those for the Xbox (360)…

If you ignore expansion packs (the Zoo Tycoon development team seems to love these), you’ll find that Microsoft Game Studios released a total of nineteen titles for the Xbox over these two years, compared to a mind-blowing six titles for the PC over that same period - half of which were either available on the Xbox simultaneously or years before!

But what does Microsoft have to say about the obvious deterioration of the Windows gaming market?

The Windows gaming world continues to evolve, and we believe in the future of that property.

-Shane Kim, Microsoft’s Vice President of Interactive Entertainment

Sorry Mr. Kim, but we find that a bit hard to believe. Mr. Kim’s statement came in response to the recent (shocking) news that Microsoft’s (PC game development) Ensemble Studios - authors of Microsoft’s Age of Empires claim-to-fame hit series - would be shut down for "fiscal reasons."

Obviously Microsoft is in a hard place here, needing to cater to both of the (competing) PC and gaming console markets at the same time. However, due to the serious 3rd-party hardware/platform competition in the gaming console market it seems that Microsoft’s decision has been to give Xbox the priority here.

It’s obviously not Microsoft’s job to develop games for its own platform - technically, all they have to do for either the PC or the Xbox is develop the APIs and provide 3rd party gaming developers with the tools and support they need to make it work. And 3rd party developers have not let anyone down, with astonishing numbers of titles being published for both platforms.

But if Microsoft wants to ensure that its platform retains its current hold on the PC gaming market they’re going to need to do a bit more to convince potential Windows gamers to stick to their platform and not go out and get a gaming console instead. It’s quite a logical choice to focus on Windows here - there are literally millions of Windows users who would be using something else if it wasn’t for Windows’ vice-like grip on the gaming market.

The fact is, PC gamers and console gamers aren’t the same market targets. It won’t kill Microsoft’s Xbox division to treat their Windows gamers with a little bit more respect than they’re currently doing - if not for the users’ sake then for their own.

But no matter what Microsoft Game Studios does or doesn’t do, it can’t actually damage the Windows gaming platform - all it does is create a scenario wherein another OS can work hard and potentially overtake Windows at its own game (pun intended!).

Mac OS and Linux both have a rare opportunity on the horizon - but for it to have any impact on the current PC gaming sector’s dynamics, they’ll have to put a bit more effort into the gaming scene than they’re currently doing. Something that requires this sort of centralized coordination is definitely not one of Linux’s strong suites, so the ball is now squarely in Apple’s playing field, and it’s up to them what they do with it.

Basically, Microsoft needs to watch its step. The incentives for PC gaming are at their lowest levels in years with even real-time strategy games - the PC’s long-standing forte - being developed first for the gaming consoles and then, possibly, for the PC (yes, we’re looking at you, Halo Wars!).

And then there’s Bungie - cross-platform game developers bought up by Microsoft years ago, authors of the internationally-acclaimed “Halo” series, and now released from Microsoft’s reigns with its sights set squarely on developing games for the Mac once more.

At the end of the day, Microsoft’s size is getting the better of itself once more; with its own divisions failing to compete with themselves they way they should. Microsoft needs to pick up on this slow degradation of PC gaming satisfaction and do something to buck the trend, or else they could suffer some serious consequences.

For a device that’s supposed to do Firefox, Skype and not much more, an underpowered PC with a touchscreen isn’t going to accomplish much. For one thing, Firefox is a huge performance drain and a memory hog to boot that underpowered hardware (even on-par with an Eee) simply won’t support and for another, there’s no way to get PC hardware down to the sub-$200 price range.

What TechCrunch wants – whether they know it or not – is an oversized PDA, not an underpowered PC. And it’s not just a question of semantics, it’s a question of foundations and principles – and it makes a huge difference in terms of end-user experience and the bottom line.

For the functionality that TechCrunch is trying to pack into this opensource, mass-market web gadget, there’s nothing that wouldn’t work better, faster, and cheaper on specialized hardware rather than on generic PC components.

While the world is now in the midst of a touch-screen craze, it’s important to keep in mind when and where that works. For a web browser and a VoIP client, a touchscreen doesn’t provide much added value, but it does add quite a hefty amount to the bottom line. A couple of buttons at the top/side of the device that provide basic functionality (Go/Dial, Stop/End) would certainly suffice for most purposes. A thin slide-out keyboard is far-cheaper and more user-friendly than an onscreen keyboard, and would make things like entering site addresses and using email clients and Google Docs quite enjoyable.

A PDA-style ARM processor, running software compiled for the ARM platform could provide a more satisfactory end-user experience with regards to performance and can come in smaller form-factors and/or as embedded systems.

It’s important to bear in mind the difference between consumer electronics and a computer. Whereas Asus had to keep their Eee x86 so that it can run whatever a a PC user could demand from it, a web browsing tablet only needs to run what the manufacturer intends it to. In hardware design, there’s a constant compromise between flexibility and complexity which is directly tied to price, size, and ease-of-use.

A tablet designed to surf the web and run Skype doesn’t need to do anything else; but it shouldn’t do anything else if price and size are of any concern. It’s easy to get caught up imagining a device that can do anything and everything; but you can only go so far before things begin to spiral out of control.

With this update the installation process has been simplified somewhat, in particular the need modify HTTPD.INI to set the server variables has been eliminated – you just need to install ISAPI_Rewrite 3, configure php.ini to load up request_uri.inc, and you’re set.

Request_URI for Windows 1.1 retains backwards compatibility with ISAPI_Rewrite 2.x for those of you who’d rather not switch to the new (and much-improved) version 3.x.

Download Request_URI for IIS 1.1

The full instructions for installing and configuring Request_URI for Windows can be found at the original posting. Please post any support questions in the forums.

NeoSmart Technologies is not affiliated with Helicon software in any way.

While that’s a stunning number of Vista-only OEM machines running Windows XP, Mr. Kenney seems to have forgotten about those of us that dual-boot. As champions of dual-booters everywhere, we’ve got to put our two cents in here.

If you keep in mind the type of people who would install the Windows Sentinel tool and take part in such a geeky program you’ll realize that it’s not too out there for a good number of these people to be the kind that run multiple operating systems on their machines.

Obviously not all of Windows Sentinel’s (only) three thousand subscribers are included in the numbers above (it’s highly unlikely that even 80% of the 3000 subscribers are using hardware that only comes from the OEM with Windows Vista installed). And of the percentage that are using late-model hardware, a hefty percentage dual-boot.

We don’t have any numbers as far as the number of dual-booters out there, but they’re certainly not few enough to be discounted. Keeping that in mind, it’s rather unprofessional of InfoWorld to claim that 35% of all Vista users will downgrade to Windows XP. Obviously big numbers make for better headlines, but this is the kind of stuff that can damage stocks and ruin jobs – you don’t want that on your conscious, at least, not without good reason.

Not that we’re suffering from any delusions or hallucinations with regards to Windows Vista’s relatively shoddy performance and stability, but you’ll agree that it’s a rather far cry to go from “a lot of people have reservations about upgrading to Windows Vista” to “a lot of people will take the time and effort to remove Vista from a PC and put Windows XP in its stead;” especially keeping in mind that Vista’s been out for two years now and there’s an (unfortunately) increasingly-large number of Vista-only products out there on the market.

More data from InfoWorld and the Windows Sentinel service would certainly be most-welcome in giving a clearer picture of what the actual numbers are and where end-users stand in this OS mess.

Facebook recently conducted a poll which showed up on the homepage newsfeed, and asked Facebook members just how exactly did they think Facebook’s “friend finder” worked when it prompted them for their email address & password in order to get a list of contacts. The numbers pretty much speak for themselves, here’s what they looked like near the end of the campaign:

Now ignore the dark blue bar: it’s a red herring and doesn’t contain any interesting info. The real juicy bit is the “Yes” option, and its 20% response.

20% of Facebook’s 80 Million active users (give or take) believe that the passwords for their email addresses are being stored when they use the Friend Finder…. and that doesn’t bother them in the least. That’s sixteen million people who don’t give a damn about their privacy, the contents of their email, or who has control of their entire online personas.

This is a subject that’s been chewed half to death already countless times by people far more in the know than myself; Jeff Atwood’s excellent article on the topic covers the dangers of sites asking for users’ email addresses & passwords, and – far more importantly – presents several more secure alternatives for web application developers looking to expand their social networks.

To put things in perspective, take a look at this downright horrifying tale on ReadWriteWeb about software that prompted users for their email addresses & passwords, then proceeded to save them for malicious use… then realize that 16 million Facebook users out there don’t care if this happens to them. Think about all the private, sensitive, confidential information available on your email account and just how truly terrible it would be for that info to fall in the wrong hands.

Of course all this begs the question: who’s to blame for this bout of end-user stupidity (for lack of a more politically-correct term)? Is it naïveté/trust in the goodwill of others that gets users to give out such sensitive data to people (Facebook has 500 employees!) they don’t know from Adam? Or is it that they just don’t get how dangerous it can be (see the ReadWriteWeb article for proof)? Or is it, maybe, that they’ve simply gotten accustomed to being asked for their email address and corresponding password by “trusted” sites they love to visit, too caught up in the “gather as many friends as you can” game to give a second thought to identity theft and fraud?

Personally, I can recall a time when most “normal people” I know would refuse flat-out to share such sensitive data with a site (phishing, tech support, etc. obviously excluded); but in the wake of “Web 2.0” it’s become so normal to ask for email addresses and passwords that no one ever gives it a second thought.

And it’s not just Facebook. To be totally frank, even if Facebook were to store end users’ passwords in their database, the access to that info would probably be very highly guarded… but when every new social network on the block is suddenly doing the same thing – you can get a good picture of just how easy it would be to steal users’ passwords.

MQ’s 3 Steps for World Domination

1. Send out an email purporting to be from “the hottest new social network around” informing the recipient that their “friends” want them to join: “Click here to show Peter you’re a real friend!”
2. Get the user to register a new account – make the procedure as pain-free and simple as possible… and right then and there on the registration page ask for the user’s email address and password so as to “make it easy to tell all your friends you care and get popular really fast…”
3. Profit.

As soon as it’s OK for one person to do it, it’ll be OK for everyone to… and then we’ll be in too deep to do anything about it.

So why does Facebook - after polling their end users and seeing just how dire the situation is - continue to use the same flawed mechanism of harvesting email addresses… especially when better, safer alternatives exist?

And this is your internet on drugs bandwidth meters:

Cartoon originally published by Toles for The Washington Post.
[source]

Richard Stallman: legendary founder of the Free Software Foundation, purveyor of the GPL, defender of open source. And – as of today – expert FUD manipulator.

Obviously someone was seriously pissed off at the abundance of (largely positive) press coverage Bill Gates has been receiving as he stepped down from his final roles at Microsoft.. and it appears Mr. Stallman just couldn’t bear to let the man he hates more than any other step down without getting that last word in.

In an article by Richard Stallman published on BBC today, Stallman pulled back no punches bashing not only Bill Gates, Microsoft, and makers of proprietary software everywhere but also took the incredibly cheap shot of accusing the Bill & Melinda Gates Foundation of working to ruin the very countries they’re trying to help:

Gates’ philanthropy for health care for poor countries has won some people’s good opinion. The LA Times reported that his foundation spends five to 10% of its money annually and invests the rest, sometimes in companies it suggests cause environmental degradation and illness in the same poor countries.

Never mind the fact that those are unsubstantiated rumors following money trails several-hundred pockets deep – what does the Bill & Melinda Gates Foundation have to do with Free Software? Is Stallman so desperate to make Mr. Gates out to be the bad guy that he’d sink this low?

Stallman, one of first people to accuse people of spreading FUD to further their opinions, doesn’t stop there:

Gates is personally identified with it, due to his infamous open letter which rebuked microcomputer users for sharing copies of his software.

It said, in effect, "If you don’t let me keep you divided and helpless, I won’t write the software and you won’t have any. Surrender to me, or you’re lost!"

Here Stallman is referring to Gates’ now-famous letter asking people illegally copying, distributing, and using Altair Basic to stop. Stallman somehow neglects to mention that – regardless of whether morally acceptable or not – Microsoft had the legal right to demand payment in exchange for their software. Ignore for a second whether or not Bill Gates and Microsoft were in the right or in the wrong to ask for payment in exchange for their work – is Richard Stallman seriously suggesting that it’s right to illegally obtain copyrighted software?

It’s one thing to say that Gates should never have charged for his software and another to say that it’s OK to use it without paying. Gates chose to ask for money, users (as Richard Stallman himself has advocated on many occasions in the past) should be looking for an alternative if they don’t want to front the cash.

Who Richard Stallman thinks he’s kidding, we don’t know. But he’s obviously crossed that line that shouldn’t be crossed; apparently desperate enough to stop Microsoft the minute he senses an opening… even if it means spreading FUD, making pointless accusations, and generally talking nonsense to get his point across. This isn’t any way for a respected figure in the open source community to act, especially not when it comes to someone who has – whether Stallman likes it or not – contributed as much to the tech community as Bill Gates has.

It would seem that between the way Gmail saves and retrieves sessions, existing sessions are authenticated, and views are cached there are one or more loopholes that allow data from a different account (that has nothing to do with yours) to be served instead of the correct data.

I don’t know why, but here’s the how:

• Firefox 3 opened to Gmail on Ubuntu.
• Session accidentally reset with ctrl+alt+bkspc
• Upon reboot & restarting of Firefox, Firefox requested the URIs that were previously open before the crash, partially loading data from local cache and the rest dynamically from the web (because of the AJAX portions of the Gmail interface).

The result:

• Gmail loaded up the email account of a user I’d never contacted before, never heard of, and never knew existed.
• I could see the front page of this user’s inbox, including the people he’d recently contacted, the brief summary of all messages, the total number of messages in the inbox, the number of unread messages in other folders, the dates of all correspondences, and a number of contacts (again, none that I have had contact with) in the sidebar.
• The number of remaining Gmail invites, the amount of space used, and other status values also reflected this mysterious individual’s account.
• I couldn’t browse deeper than the main page of the inbox. Emails couldn’t be opened, nothing past the first 50 correspondences could be seen, and I couldn’t switch to another folder.
• Attempts to do any of the above resulted in Gmail’s “Oops… the system encountered a problem (#102) – Retrying in XXs… <Retry Now>”

Parts of the Gmail interface contained values pertaining to my own account (for instance, the online status indicator) while others referred to this other individual’s account instead.

It’s very bizarre. I don’t know if it can be readily reproduced, but I’d imagine if you forced an exit of Firefox 3 and kept on firing it back up at some point or another you’d see similar behavior. Of course, a deeper analysis of what data Firefox 3 requests from Gmail’s servers verses what’s served from the local session cache may yield further information that could possibly be used to actively take advantage of this data leak.

It seems that Firefox requests a cached session complete with cookies and all from the Gmail URI, which in turn loads the Gmail javascript files that are responsible for retrieving the data associated with a particular email account via AJAX. At this point, either the session key is associated with another account and so Gmail retrieves the information assumming the session to be properly authenticated or else the expired session somehow causes Gmail to get data from elsewhere…

Screenshots of this behavior:

Gmail displaying the other user’s information:

Searching for this user in my own account yields no results:

As we’ve previously mentioned, NeoSmart Technologies is a big proponent of Full Disclosure. We’ve contacted the security department at Google and will post their reply if/when it’s available. We’ve also taken what we feel are the appropriate steps in this case with regards to the screenshots above in terms of what’s been made visible and what’s been blanked out for privacy concerns.

Update

The Google Security Team sent a reply to our inquiry. According to them, this behavior might be caused by broken ISP proxying, pending further investigation. This post will be further updated as soon as new information becomes available.

Update

Google has confirmed that was the result of an ISP caching/proxing problem, and that it’s been known to happen. It seems some ISPs are over zealous in their caching attempts (probably to save some money) - and you can add Cyberia to that list. Much thanks to Chris Evans of the Google Security Team for his feedback on the issue and prompt responses - that’s the way security is supposed to be handled!

Ever since Steve Jobs first unveiled the next version of OS X, dubbed “Snow Leopard,” the internet has been abuzz with excitement and wondering about the supposed “evolutionary” qualities of OS X 10.6. One of the most-hyped improvements is the promised revamp of the SMP capabilities of OS X, with a “breakthrough” in SMP performance.

The codename for the technology behind the SMP improvements in OS X Snow Leopard has been named “Grand Central,” which Apple describes best:

“Grand Central,” a new set of technologies built into Snow Leopard, brings unrivaled support for multicore systems to Mac OS X. More cores, not faster clock speeds, drive performance increases in today’s processors. Grand Central takes full advantage by making all of Mac OS X multicore aware and optimizing it for allocating tasks across multiple cores and processors. Grand Central also makes it much easier for developers to create programs that squeeze every last drop of power from multicore systems.

Our guess is that these SMP “breakthroughs” are going to be delivered in two blows:

1. Improvements to the OS X kernel intended to boost multi-threading & multi-tasking performance and better-distribute the loads across multiple CPU cores more intelligently.
2. Provide an SDK (perhaps as improvements to XCode) that allows developers to more-easily write multi-threaded code, handle forking, and provide load-balancing features on a per-core basis.

The first feature is what’s exciting – we believe there’s a good chance Apple will be using some form of FreeBSD’s ULE scheduler or the other in OS X.

There isn’t much info available on what scheduler(s) OS X is currently using as of 10.5 (the only question we could find on the topic remains unanswered). But OS X has its roots firmly planted in the *nix world, and it’s possible to make some educated guesses on the topic. The XNU Kernel that OS X uses is a mesh of the Mach Kernel and large portions of the FreeBSD project, and OS X uses the Mach kernel’s scheduler – or at least it did back when OS X was first launched.

The FreeBSD project has long been working on alternative scheduler intended to replace the default and aging 4BSD scheduler: the ULE scheduler. ULE is now scheduled to become the default scheduler in the upcoming FreeBSD 7.1 release. ULE has shown significant improvements in multi-core environments, and was designed from the ground up to provide increased SMP scalability. Most importantly is ULE’s overhauled support for per-processor queuing of tasks and the ability to set CPU affinity per-processor-per-thread.

If Apple were to implement a form of the ULE scheduler in OS X 10.6, Snow Leopard would be a formidable OS indeed. Using ULE guarantees huge performance benefits for multi-threaded applications, and would help address the second point listed above: the SMT affinity options provided in ULE would make creating an SDK intended to allow developers to use multiple cores efficiently and evenly quite easy. OS X has always been close to the FreeBSD project, and something like this is a natural fit for an OS looking for improvements to SMP/SMT performance.

Of course any time Apple offers a feature, it has a twist of its own. In this case, it’s OpenCL – a technology Apple says will allow developers to use the GPU as a number-crunching processor right from the usual code without much effort. This lies squarely in ULE’s playing field, since the ULE scheduler was designed with full support for load-balancing and threading across processors of varying performance, clock speeds, and fortés - which isn’t something that other schedulers can do, and would make OpenCL simply a matter of interfacing with the ULE scheduler and add the GPU to the list of CPU cores available for the ULE thread scheduler to take advantage of.

The bottom line is, the history of OS X and the XNU Kernel, the features promised in Snow Leopard, and the design and architecture of the ULE scheduler all point to a high likelihood of Apple using a redesigned thread scheduler that is either an implementation of the ULE scheduler or at least based around it in OS X 10.6. And if this is the case, OS X 10.6 will be one heck of a powerhorse.

Further Reading

• The ULE Thread Scheduer
• Introduction to ULE
• Early benchmarks of the ULE scheduler
• Architecture of the XNU kernel
• Advanced Synchronization in OS X

Memory usage: Several new technologies work together to reduce the amount of memory used by Firefox 3 over a web browsing session. Memory cycles are broken and collected by an automated cycle collector, a new memory allocator reduces fragmentation, hundreds of leaks have been fixed, and caching strategies have been tuned.

We’re sorry to have to break it to you, but if you thought it was too good to be true you were right. Firefox still uses a lot of memory – way too much memory for a web browser.

We haven’t seen it reach 1GiB+ like we have with previous versions, but it’s quite normal for Firefox 3 to be sucking up ~300MiB of memory right off the bat, without a memory leak (the difference between memory leaks and normal memory abusage is that in a memory leak you’ll see the memory usage keep increasing the longer the browser is open/in-use).

This is a screenshot of Firefox’s memory usage after just a half hour or so with only a couple of HTML-only tabs open. This particular screenshot was taken on Linux where Firefox is using the shared GTK libraries – on our Windows PCs, it’s normal to find Firefox 3 taking up ~350MiB or so on both XP and Vista.

The sad thing is that isn’t caused by one of the memory leaks that plagued previous versions of Firefox. It’s Firefox 3 is supposed to take up that much memory – at least, that’s our assumption given how we’ve never seen it take up less.

Firefox 3 has a number of memory-hogging features added to the mix that are probably at least partially responsible for the absolutely gargantuan memory footprint. For example, Firefox now uses an SQL engine to keep track of your history and bookmarks, amongst other things. While that particular feature is powered by SQL-lite, which should – in theory – not take up too much memory, we’re at a loss to explain what else is wasting memory left, right, and center in the world’s most-popular open source web browser.

Things like full-text on-the-fly searching of the web cache for when you type text in the address bar certainly have an impact as well – that’s a lot of stuff to keep in memory at one time. But Opera 9.5 does the same with a lot less memory, so obviously Firefox 3 is doing something wrong.

It’s a shame that Firefox 3 is on the verge of a release and is so terribly unfit to run on any machine – Windows, Linux, or OS X – with less than at least a couple of gigabytes of memory.

Whether or not MinWin is the very same kernel that went into Vista or not is officially unknown at the moment; but what we do know is that Shipping Seven is either one huge fake, or else that the Windows core programmers at Microsoft are so stupid that they don’t know the first thing about coding, kernels, operating systems and compilers.

The post at Shipping Seven is littered from beginning to end with fallacies, lies, and incorrect deductions that anyone with even the most basic coding skills would know better than to ever post, especially not when attempting to pass it off as the work of some of the more talented coders out there.

Here are some of the more-glaring factual errors in the post that completely strip Shipping Seven of any authenticity or authority it may have on the topic of Windows 7:

How many times has the Ubuntu or Mac OS X kernel been rewritten?

Correction: OS X is powered by a rewrite of the XNU kernel which is a modified version of the Mach kernel which, in turn, is a complete rewrite of the original BSD kernel. And, of course, Ubuntu isn’t an OS in and of itself, rather it’s just a distribution of Linux.

While it can be argued that not every developer at Microsoft is expected to have intimate knowledge of the inner-workings of other operating systems, no one in their right mind would believe that the Windows kernel programmers don’t even know what kernels their strongest competitors are currently using.

We spent a boatload of time during Windows Vista making everything ‘componentizable’ - So that we could (by creating some xml files that our build process uses) create a boatload of different versions of Vista (and Server 2008).

….

You already have MinWin - It is the core system components that Windows Vista needs to function; everything else on the system depends directly or indirectly on it. It is the last thing you could (theoretically) uninstall.

So, if you really really want it, you can get it, I suppose - you probably could (using the command line) uninstall almost every single Windows Vista system component, including the user interface. I don’t know what the hell you’d do with just a kernel and a kernel loader on your machine, though.

Assuming you can get past the way that the post was written (with references like “using the command line” which indicate a general lack of knowledge about computers in general; treating the command line as if it were a “god mode” that can be used to do just about anything), there’s still the matter of factual inaccuracies - and inconsistencies in the article itself.

You can’t change/modify/revert pre-build settings by running commands in the command line. Components that are integrated at compile time simply cannot be removed by running a bunch of commands afterwards - especially not from within the resulting OS itself.

Anyone that’s ever manually compiled a Linux kernel knows this. You can’t strip ext3 support from the kernel after it’s already built any more than you can add Reiser4 support to the kernel without re-building it. As a matter of fact, anyone who’s built anything at all should know this - the same rules apply to any other program as well. For example, you can’t remove PHP support from Apache if you’ve compiled mod_php directly into the binaries.

Shipping Seven is a big, fat fraud. It’s written by someone with only the most basic knowledge of computers, zero knowledge of coding concepts, and absolutely no experience with kernels and operating systems. Shipping Seven is most likely written by the equivalent of script kiddy, eagerly awaiting the first leaked builds of Windows 7 to appease an inner itch - most likely all the while lamenting his lack of involvement in the Longhorn beta. It isn’t worth the time it takes to read, and definitely doesn’t deserve even the questionable authority it now has on the topic.

You’ve got to hand it to the Facebook team though, they have scaling and uptime perfected down to an art. For instance, when servers are due for updates, the maintenance is performed in a staggered manner, updating one set of servers at a time as attested to by the unavailability of certain Facebook accounts while others can still be accessed.

If your account is on one of he servers being serviced/maintained/upgraded, you’ll see a message like this:

If you have another account or a friend nearby, it’s quite likely that a different login attempt will work just fine.

In our opinion, the latest wave of downtime for Facebook accounts is due to the upcoming “major overhaul” to the way Facebook profiles and pages are displayed and interacted with… at least, we hope that’s the reason; because it would royally suck if Facebook were to go the way of some other once-popular services that became victims of their own popularity and lack of scalability.