Apple is an existential threat to the PC

Apple are not selling their $3k+ laptops to college kids. They are selling their high-end laptops - the higher-end Intel i7/i9 and M1Max devices with 32Gb of more of RAM, with 2Gb+ SSDs to content creators not college kids - and the Mac Pro and XDR monitors to pros. And no, not even with educational discount. What you may consider a high-end laptop, Apple may consider as an entry-level device.

Unless college kids are idiots. I get their purpose for buying a laptop is to learn at college, but I very much issue they are not morons going into higher education.

 

Yes, NVIDIA is doing very well and even with more non recurring costs per item (due to lower volume) they probably do rival Apple. NVIDIA could probably afford N5 for their high end, if their customers gave a shit about power consumptions.

That doesn't help Intel/AMD for consumer processors. Nor does it help NVIDIA for lower end, where Apple can also afford N5 and massive dies.

 

A lot of those kids are buying 1K$ phones and paying 30k$ tuition ... it's a drop in the pond. College kids with more money (and debt) than sense far outstrip professionals.

The not yet existing M1 based Mac Pro ... making my case here for me really. Macbook Pros bring in the money, Mac Pro is a halo device.

I disagree.

 

It's not NVIDIA getting that inflated price, their pricing hasn't changed much if at all. It's (some of) the steps after NVIDIA sells the chips off that makes the big bucks.

 

Yes you're correct according to nvidia site
They're selling a 3090 from between €1,549.00 -> €3,699.00 depending on model/cooling
though the 1550 one aint available

https://store.nvidia.com/es-es/gefo...0 SUPER~1,GTX 1660~1,GTX 1650 Ti~1,GTX 1650~8

 

And you think PNY or whoever's making the board gets nothing?

 

It's kinda funny, there are now some indications that Google will make Chromebooks with dGPU which run SteamOS in a VM with passthrough of the dGPU ... if they end up allowing windows VMs with passthrough too it's basically how I've thought Valve should handle SteamOS hardware for nearly a decade.

Also how Microsoft should should handle PC hardware for that matter. Old school win32 applications don't belong in normie windows user space because they can't ever get windows secure that way ... infinite hardware configurations and keeping win32 core to windows is dragging them down. Which isn't to say Microsoft should kill win32, but they should properly isolate it (throwing all win32 applications in one giant sandbox isn't proper isolation) just like Chromebooks can now isolate Linux applications.

Google has great engineering, shame it's Google.

 

How secure 32-bit apps are in a 64-bit operating system is dependant on two things: the OS and the CPU. Windows 10 (and I assume 11) have fairly robust software virtualisation for 32-bit apps but how secure they really are depends on the virtualisation features of your CPU.

The use of Win32 is still really popular for Windows developers, i.e. Steam is a 32-bit app on Windows (and linux) whilst being a 64-bit app on macOS.

 

It's not about 32-bit apps, it's about the win32 API ... just read win32/win64 when I say it. The attack surface is too f'ing huge, when Microsoft gave up on eliminating win32 for third parties they just threw their hands up and made msix full trust. Process sandboxing win32 is a no go, VM is the only way.

 

The win32 API can only be used by 32-bit apps - and 16-bit apps using an API called CallProc32W. Are you saying that you're worried about 64-bit Windows apps using win32? If so, I don't think that can happen.

To the best of my knowledge, on 64-bit Windows operations systems, win32 only exists in a Windows module called WOW64 which is a 32-bit emulator. Any API called by a 64-bit app is to win64.

Am I misunderstanding you? Or what am I missing?

edit: I should have googled this first. Microsoft documentation confirming you can't call win32 from 64-bit apps.

 

I know about win32 API, and I also know about process and app isolation capabilities in modern Windows operating systems. Win32 is a problem without argument. Win32 on modern Windows 10 and 11 operating systems can absolutely be properly isolated from the host ecosystem. Both Isolated User Mode (the heavier-handed option) and AppContainer (a slightly lighter weight option) are both excellent solutions to these needs.

AppContainer for Legacy Applications - Win32 apps | Microsoft Docs
Isolated User Mode (IUM) Processes - Win32 apps | Microsoft Docs

These are solved problems.

 

Yet every win32 package on the Microsoft store is full trust and then there's all the win32 programs which will never even be modernly packaged. IUM is for developers, not a mechanism to isolate existing applications.

Even though I think throwing all of traditional win32 + MSIX-win32 in one giant VM sandbox as they were planning for Windows10x is a stupid halfway solution, Windows 11 doesn't even have that.

 

"just read win32/win64 when I say it", it being win32. What Microsoft has found is that win32 programs are too god damn of a mess to have a hope of properly sandboxing it outside of going full VM. That's why they wanted to move third parties to UWP ... that didn't work, but it's still a god damn mess and there's no VM isolation.

 

Not actually true, actually quite a few 32-bit apps are AppContainerized. Last I checked, the actual Calculator app was still an AppContainer image.

The entire reason Windows has persisted for this long is the immense capability around backwards compatibility. I do agree with one of your earlier statements: make WOW64 an optional feature which could be disabled, for those people or application platforms which desire utmost security. At the same time, blurting out to the world that Microsoft just needs to throw away Win32 also therefore assumes two decades of backwards compatibility should simply be ignored -- and about 90% of the software everyone on Windows uses on a regular basis.

All of that said, AppContainers do still solve the full trust issue for those who care. It takes all of about five minutes in VStudio to create your own process wrapper; give it a try: Cheap sandboxing with AppContainers - Blah Cats

Now, do you want to clamor about how some Jane or John Doe user isn't going to know how to do this? Fine, you are right, yet literally nothing stops malware source code from being simply recompiled in 64-bit format, and we're right back again to having machines getting randomware'd into oblivion.

Said another way: thou doth protest too much.

 

MfA, you're just repeating yourself but providing no clarification. You said "win32" which is accessible though 32-bit (and ancient 16-bit apps) which is what I said. I still don't know what Windows OS you are concerned about because you have not said. @Albuquerque provided links to show how win32/32-bit apps can be secured under modern Windows operating systems.

With regard to this bolded bit, can you provide a link to Microsoft's documentation? Discussion in technicals forums should be a treasure hunt for facts.

 

First party and third party are an entirely seperate matter, nevermind that they now allow non windowsapp win32 programs on the store too.

 

"just read win32/win64 when I say it", it being win32.

The API's aren't designed to be sandboxed, there's an infinity of ways to escape, it's like pretending chroot on Linux is a sandbox. Could they make an actual good sandbox without VM regardless? Maybe, we'll know when win32 apps on the store don't require full trust any more and there's high bug bounties for sandbox escapes. But that still would not solve all the win32 programs with classical installers floating around.

There were good reason for the windows 10x approach, half-hearted as it was. Still more than delivered now.

 

Ok, and?

I've consistently demonstrated Win32 processes can be properly isolated on a modern Windows operating system, yes even including Windows 11. You've consistently demonstrated that you hate Win32 and have no further interest in a conversation, rather you'd prefer to rant. When you're done ranting and want to continue with logic, please mention it in your post so we can then continue to engage like adults. Until then, I see no further need to reply to your ravings.

 

The systems even if they worked and were proven to work with high bug bounties are irrelevant when not used, only UWP apps can be submitted with limited capabilities. Win32 remains a wild west with Microsoft doing very little to protect their users from rogue program behaviour.

I love win32, I just prefer if it wasn't trivial for programs including from say mod authors with inherently little reputation on the line to steal all my data. Also I'd prefer if (modifiable)windowsapps as a destination for games would burn in hell.

Borealis will provide a strong enough security boundary Google can trust SteamOS on Chromebooks, a container model inside the main kernel is not something they would ever consider secure enough for that. Way too much attack surface. I don't think Microsoft thinks differently in that respect, they are not going to put their money (bugbounties) where their mouth is.

 

Microsoft has done everything they can to provide reliable and comprehensive Win32 isolation and protection -- again, as I've consistently demonstrated.

Microsoft has no authority over the application developers to enforce use of the tooling they provde, and any overtures akin to your prior statements of "Win32 just needs to die" aren't based on rationality. Again, much of Windows existence is owed to the significant work done around keeping more than two decades of backwards compatibility in even the most modern iteration of the OS.

All of that said, tooling still exists to take a Win32 app and make it secure. If your'e worried about mod authors "stealing all your data", then stop downloading mods which contain executable binaries. Or even better, you seem IT savvy enough, go write a generic AppContainer wrapper (I posted one above, code is available freely on Github) and wrap up your heavily modified games so they can't touch the rest of your system. Tada, done!