Slashdot Mirror
Slashback: Gopherectomy, Portacinema, Disunity
Throwing the gopher out with the bathwater. An Anonymous Coward writes: "As reported on News.com and discussed on Slashdot, MSIE's gopher support had a serious security vulnerability that allowed your machine to get ROOT'ed.
Well, it seems that Microsoft is unwilling or unable to make the fix, so it is removing support for the gopher protocol from IE. Not that MSIE's gopher support isn't very poorly implemented anyways."
Kept out of the U.S. by the secret conspiracy, no doubt. Buggalo writes "When I saw the article about the Pogo Flipster I thought I'd mention this too. Of course, it's not available in the US (not yet at least), but it sounds cool anyway. It plays MP4 video as well as MP3 audio. One thing that differentiates it from the Flipster is that this one includes video inputs so you don't even need a computer to get anything onto it. It also seems to have a larger screen. From what I can tell it has 64 megs of flash memory built in, and has an SD memory card slot as well. Sorry the website is in Japanese, but you can use Babelfish to translate it."
Not betting on a United front. dgb2n writes "Smart Money Magazine published an excellent article covering the business implications of the United Linux consortium. It provides some good insight into Red Hat's business model, stock price, and future prospects and names a potential winner in the Linux market."
At least this one aspect is happy. Hellkitten writes "The password for the database has been found, it was as simple as 'ladepujd', the name of the database's creator spelt backwards This previous Slashdot article explains the problem they had.
Aasentunet posted this notice, telling the password and thanking everyone that helped"
ZDNet has the story here as well."
It's nice to see how quickly the password was hacked into. Now maybe people will realize how encryption and password protection is simply a smokescreen for system infiltration by hackers.
Did the data need to be encrypted? Nope.
I have been pwned because my
Because the RIAA isn't looking for MP3 sites, the BSA isn't looking for warez sites, and the IDSA isn't looking for ROM sites on the gopher:// protocol. Oh well, the clued already aren't using IE anyway, so no loss.
What Microsoft should add is a protocol manager that shows all the protocols your system can access, whether it be through Microsoft or other 3rd party vendors like Real's prn protocol
See, if you really think customer demand and usefulness doth an MS product make, you're just as bad as our conspiracy theorist. Of course it enters the equation. But if you think its the only factor, keep dreaming.
Customers dont know what to demand. Go ask your mother what the next feature of Windows should be. Most people dont know. I dont believe that MS and Intel have an agreement to push hardware requirements, however, the possibility that execs and project managers 'suggest' things to eath other (hey, keep that feature in there, whats the damage, or hey, we're thinking of do this and that, what do you think) doesn't require a conspiracy to influence the design decisions. And if you think glib, ignorant purely business strategy speak doesnt influence decision decisions suggests that your no less niave than he is conspiracy theorist.
"Old man yells at systemd"
"The problem is that you are dealing with 50 million lines of code and everything depends on everything else,"
I'm prety sure that was established as bad form, oh, about 20 years before MS's birth.
They never cease to amaze me with thier forward thinking 'inovation' though... Apparently spagetti code must be 'the wave of the future'. I guess I must not be hip enough, my boss better hirry up and fire me!
I live in a giant bucket.
While I didn't explicitly say that customer demand and usefulness of a feature were all that go into making feature decisions, I can see how you would read that out of my post. I wasn't trying to make that point. Obviously other factors matter (say, feasability -- if the cost and time-to-market of implementing a customer-demanded and/or useful feature is too expensive, it probably won't get done until V.Next).
I think you'd be surprised at the amount of autonomy given to product groups, and even feature teams within product groups, at any company (not just Microsoft). Sure, the higher-ups will usually need to sign-off on the big-picture design, but do you really think BillG or Steve Balmer care whether or not IE still supports Gopher (using the current discussion as an example)? Maybe the feature team leads or the product group leads are in communication with hardware companies like Intel (probably only if their product is related in some way to that company), but in that case I would classify that business relationship as a "customer" relationship (some may call it a "partner" relationship, but that's essentially the same thing except that the "partner" has a little more direct control over feature suggestions).
Also, let me reiterate that I believe this applies to all companies, not just Microsoft. I'm sure Apple's software division isn't in cahoots with their hardware division to slow down OS X so people will ditch their G3s and go buy G4s (if so, then X.1 wouldn't have been released). AOL likely doesn't conspire with AMD or Intel to push hardware sales by writing a crappy, bloated walled-garden UI. And so on, and so on. It's just business, not tin-foil hat paranoid conspiracies.
That's already in PGP. You can make split keys easily. And it is easy to program your own: to make an m-of-n system, where you need m of the n pieces to recover the password, let r_1 through r_m-1 be lists of random integers 0 to 256, with lengths equal to that of the password.
^ (m-1)*password[i] all mod 257. If you have m of the shares, say keys numbered s_1...s_m, you reconstruct (leaving out the [i]'s this time) as password=key_s_1/((s_1-s_2)(s_1-s_3)...)+key_s_2/( (s_2-s_1)(s_2-s_3)...)+...+key_s_m/((s_m-s_1)...).
Then share number s of the password, part i is r_1[i]+s*r_2[i]+s^2*r_3[i]+...+s^(m-2)*r_m-1[i]+s
I hope that isn't patented, it's just a back-of-the-envelope calculation with VanderMonde matrices. All you have to do then is have everyone encrypt their share(s) with a different password, and integrate the key-rejoining routine with the password-entry system so that the employees don't get to see it after reconstructing it, and you're done. The cool thing about the system is that m-1 of the shares give no information about the password, assuming the random number generator you used is good enough.
I hereby place the above post in the public domain.
...spread viruses/virii/whatever.
In all seriousness though, I do like to see a reduction in duplication of effort. However, diversity is a fundamental construct of open source philosophy. So as with anything else, United Linux has its positive and negative aspects.
Remember: umount it before you fsck it.
Americans......
"djupedal" means "deep valley" in Norwegian, and is a reasonably common surname.
American cultural imperialism is already imperiling the Norwegian heritage with given names like "Roger" and "Angela", but the surnames are still holding on against the flood.
Where is Ivar Aasen when you need him.....?
In other words, you have to figure that, as many clueless people are not patching their systems, our co-worker represents a large number of quite saavy people that are completely apathetic to wanting to be bothered. They don't have the interest to want to take the time; we can't reach these people using fear or logic. How, then, do we protect ourselves?
As quoted from the M$ Gopher article:
Marc Maiffret, 21-year-old security prodigy and chief hacking officer for eEye Digital Security, doesn't fault old code for security problems. He said that programmers who don't review the code before using it are at fault. Old code may have more security holes in it, but those holes should be caught, he said
Okay, so they're interviewing a 21-year old who thinks he knows more about Microsoft's code than Microsoft itself. Yes it's true, in a perfect world we would all have infinite time to review legacy code and peek into shared libraries, but the matter of the fact is that fundamental reason we reuse code is to save time and effort. If we all spent our time rereading and retesting code whenever we glue it into something else, we'd be better off starting from scratch every time.
This kid is a fast-talking idiot, nothing more.
-Billco, Fnarg.com