Even more reassuring is their comment on the e-mail vector:
As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.
Recommendation: Do not visit untrusted websites or view unsolicited email
Turn off your computer and make sure it powers down Drop it in a forty three foot hole in the ground Bury it completely, rocks and boulders should be fine Then burn all the clothes you may have worn any time you were online
I've often thought application sandboxing should be a fundamental aspect of OS design. Why should IE have access to anything other than its cache and a download directory? Why should MSWord be able to hit C:\Program Files\Mozilla? These kinds of things should be exceptions which are explicitly allowed. Unfortunately, I think such a system would be difficult for many users to understand. But if it could be made to work right, it would be inherently much more robust.
Well, I was trying to come at it from both points, since you weren't specific about the kind of proxy. Just pointing out that you could probably get around both solutions.
You could probably block the easier ones, yes. But first off, I'm not sure the file has to be named with a.ANI extension. Second, it's probably you could do the CSS via javascript rather than have it hardcoded like in my examples. Doing these two things would make scrubbing via a proxy much more difficult.
For those people saying "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:
body {cursor: url('cursor.ani');} <BODY style="CURSOR: url('cursor.ani')"> <BODY style="CURSOR: url('http://www.example.com/cursor.ani')">
You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified.ANI file which exploits the hole in IE.
I am almost positive there is no way to disable this in IE.
Near as I can tell, this doesn't take you downloading an animated cursor. There's IE-specific CSS code that allows you to replace the cursor in IE. You can't turn it off. If only MS had added that as an option, we'd at least have a workaround.
What kind of mouthbreather would even install an animated cursor in the first place?
I'm not sure that's really the problem. Wouldn't either of those articles have listed it as a workaround if so? I think this is the actual problem:
With Microsoft Internet Explorer 6 or 7 you can use your own animated or static cursor on your webpage instead of the standard system cursor. All you have to do is add a little code to your HTML-documents or the CSS-stylesheet and upload the cursor file (*.ani or *.cur) to the webserver.
I'm not sure that's really the solution. Wouldn't either of those articles have listed it as a workaround if so? I think this is the actual problem:
With Microsoft Internet Explorer 6 or 7 you can use your own animated or static cursor on your webpage instead of the standard system cursor. All you have to do is add a little code to your HTML-documents or the CSS-stylesheet and upload the cursor file (*.ani or *.cur) to the webserver.
http://www.anicursor.com/webcursor.htm l
I don't know that there is any way to turn that off in IE or Outlook using IE's rendering.
The game may be good or bad, but I seriously don't get the appeal of Sonic and Mario together. They're games were just too different for them to be in any way combinable. It's like if they came out with a game that teamed up Simon Belmont with Crash Bandicoot.
This thread brings up the usual "Delphi is dead" or "well, that about does it for Delphi" type comments. As I posted before, Delphi developers have been hearing that for almost a decade. The very fact that it's not dead should tell you something.
The thing about Delphi is that it has ALWAYS been a niche product. Ever since MS started really pushing their coding tools and the other code tool creators started dropping, Delphi has been stuck in a box. But the very fact that it HAS still survived should show you that there's a reason. It is a damn good language and solves business problems in ways that can be FAR superior to anything MS has put out. It's just generally a less painful process.
However, pretty much everything else that Borland has done has failed because there is no nice for it. C++ Builder had some success, but the people going that route were already firmly entrenched in MS or open source products. The same is true for their Java IDE. Then they tried getting into linux with Kylix and Qt stuff. Again, no market. Their C# and.NET stuff has been about as unsuccessful, again because the people doing those things already have a way they want to do it. And when these products don't have a big market, they get neglected. And when they are neglected, even those who would have tried to use them are turned off by the crappy quality. So they wither and die, while the read Delphi remains. Even with all this waste effort dragging the company down, Delphi remains.
Sadly, it appears CodeGear is going to follow in their footsteps. I give the Delphi for PHP thing a year before they stop updating it. Then another year or two before they drop it altogether. Yet again, it's a product without a market.
I don't really think you're being honest here. Yes, there have always been terrorists or guerrilla forces that could use explosives to blow things up. But we're really living in a lot situation today. Back then it was highly unlikely some group halfway across the world could successfully plot an attack on American soil. It's also a matter of scale. You have to admit that there's SOME breakpoint where it doesn't matter how much better you can make weapons. If an old weapon will kill X people, it will ALWAYS be scary as hell and something people worry about others getting their hands on. I think we reached that point with the atom bomb. Todays nuclear bombs have gone far beyond that.
I have been very happy with my Speakeasy service, but I expect the long, horrible downhill phase to begin almost immediately. BB has had absolutely zero success at not turning cool independent companies to shit after buying them. The final slap in the face comes from the press release:
Best Buy, like Speakeasy, is known for its high level of customer service. Our reputation as a trusted provider of voice and data services with stellar customer service will not change. Our values are similar too -- Best Buy shares our customer passion, respect for individuals, and drive to do the right thing while achieving results.
Tenant has moments ("that's the sort of man I am" from 'The Christmas Invasion') but on the whole he just seems too goofy for a guy who's supposed to exploring the whole of time and space.
The point of me posting that quite is the claim should stand on it's own, not on the authority of the person speaking it. People put far too much stock in the opinions of recognizable historical figures.
"When the powerful Jew is at last traced and his hand revealed, then comes the ready cry of persecution and it echoes through the world press." -- Henry Ford (from The International Jew: The World's Foremost Problem, ISBN: 978-0765315526)
Once you get past a certain size, the brain stops processing you as "moving object" and puts you in the "unmoving landmark" category. At least, that's my theory.
(Okay, I know this turned into a long post, but I hope you'll take the time to read it through. I'm not arguing for the crowd here, because I'm pretty sure they all went home a long time ago. I'm speaking directly to you. I used to be anti-CFL due to the mercury issue [plus the horrible light quality in early generations of CFLs]. But I did some research and crunched the numbers and did a 180. So please, take the time and hear me out. Thanks.)
I don't think that word means what you think it means. You just said they must not be recycled.
Well, I guess that makes two of us who don't know what a word that starts with "must" means.;)
Reduce the number of coal plants, or their emissions, and all incandescents become "greener". Reduce the emissions, and CFLs still have to be recycled... and still won't be, in the main.
And what in the history of EPA regulation and industry purchased loopholes makes you think this is going to happen in the next 50 years? Even the new mercury reduction regulations that just went into effect have enough loopholes to be useless. Seriously, check it out.
Another issue is that mercury in CFLs will be concentrated in landfills while the mercury from power plants - while a horrible thing - is at least more diffused.
Do you have any actual citations for atmospheric mercury being better than mercury in a landfill? Logic would seem to come down on the opposite side. When mercury is released into the atmosphere, it combines with water vapor and falls back to the surface of the Earth. The surface of the Earth contains things like people, food crops and livestock. Also, from there it goes directly into streams, rivers and lakes. This water then gets into the groundwater. On the other hand, burying mercury in the ground risks it getting into the groundwater. Second, anaerobic bacteria in landfill can release mercury back into the atmosphere. However, this is thought to only happen to about 5% of the mercury in landfills. All of this information can be verified by doing some google searches. So, do you still hold that dumping mercury into the atmosphere is better than burying it in the ground?
Another factor is the amount of mercury. Over the lifetime of 5 years, a CFL consumes enough power to generate 2.4mg of atmospheric mercury from power plants. Add this to the 4mg of mercury in the bulb and you get 6.4mg of mercury. Over five years, incandescent bulbs would use enough power to release 10mg of mercury in the atmosphere. This means there is 36% less mercury to go anywhere. Even if no one recycled their bulbs and ALL the mercury that was buried in landfills went directly into the groundwater, this would still be a big environmental win. Would I like the mercury in CFLs or another long-life, low-power bulb replacement to be zero? Sure. But the way to effective environmentalism is all about tradeoffs and making the best choice from a list of imperfect ones.
Now, imagine a world where somehow we fixed all the legislation and the power companies were perfectly cooperative and we managed to reduce mercury emissions by 40% over the next 10 years. At that point, what would be the comparison between CFLs and incandescents? Well, you'd still have 4mg in the CFL bulb. But the mercury via power usage over five years would drop from 2.4mg to 1.44mg (60% of 2.4mg). This would total 5.44mg of mercury over the life of the bulb. So how much mercury would the incandescents release via power usage over 5 years? 6mg. That's right, the CFL would still release about 10% less mercury than the incandescents. And again, that's assuming a ZERO recycling rate to recapture the mercury. So with the CFLs, you've saved all the OTHER byproducts power plants produce, caused less coal to be mined, caused fewer trucks to be on the road shipping incandescent bulbs which need to be replaced frequently and caused fewer trips to the store to replace them. All that, a
On the other hand, this is a fascinating tidbit of sociology. This is one possible future of human society. Even the most obviously crackpot study circulates around and is used by evidence by people who are eager to believe its conclusion. So eager that they never bother actually looking past the headline. It would probably be terrifying to know how many people will have this in their head as a "fact" for the next decade and beyond.
Slashdot Mirror
Even more reassuring is their comment on the e-mail vector:
As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources.
Recommendation: Do not visit untrusted websites or view unsolicited email
Turn off your computer and make sure it powers down
Drop it in a forty three foot hole in the ground
Bury it completely, rocks and boulders should be fine
Then burn all the clothes you may have worn any time you were online
I've often thought application sandboxing should be a fundamental aspect of OS design. Why should IE have access to anything other than its cache and a download directory? Why should MSWord be able to hit C:\Program Files\Mozilla? These kinds of things should be exceptions which are explicitly allowed. Unfortunately, I think such a system would be difficult for many users to understand. But if it could be made to work right, it would be inherently much more robust.
Well, I was trying to come at it from both points, since you weren't specific about the kind of proxy. Just pointing out that you could probably get around both solutions.
You could probably block the easier ones, yes. But first off, I'm not sure the file has to be named with a .ANI extension. Second, it's probably you could do the CSS via javascript rather than have it hardcoded like in my examples. Doing these two things would make scrubbing via a proxy much more difficult.
RTFAs. That's why they're there.
For those people saying "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:
.ANI file which exploits the hole in IE.
body {cursor: url('cursor.ani');}
<BODY style="CURSOR: url('cursor.ani')">
<BODY style="CURSOR: url('http://www.example.com/cursor.ani')">
You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified
I am almost positive there is no way to disable this in IE.
Near as I can tell, this doesn't take you downloading an animated cursor. There's IE-specific CSS code that allows you to replace the cursor in IE. You can't turn it off. If only MS had added that as an option, we'd at least have a workaround.
I don't know that there is any way to turn that off in IE or Outlook using IE's rendering.
I don't know that there is any way to turn that off in IE or Outlook using IE's rendering.
The game may be good or bad, but I seriously don't get the appeal of Sonic and Mario together. They're games were just too different for them to be in any way combinable. It's like if they came out with a game that teamed up Simon Belmont with Crash Bandicoot.
This thread brings up the usual "Delphi is dead" or "well, that about does it for Delphi" type comments. As I posted before, Delphi developers have been hearing that for almost a decade. The very fact that it's not dead should tell you something.
.NET stuff has been about as unsuccessful, again because the people doing those things already have a way they want to do it. And when these products don't have a big market, they get neglected. And when they are neglected, even those who would have tried to use them are turned off by the crappy quality. So they wither and die, while the read Delphi remains. Even with all this waste effort dragging the company down, Delphi remains.
The thing about Delphi is that it has ALWAYS been a niche product. Ever since MS started really pushing their coding tools and the other code tool creators started dropping, Delphi has been stuck in a box. But the very fact that it HAS still survived should show you that there's a reason. It is a damn good language and solves business problems in ways that can be FAR superior to anything MS has put out. It's just generally a less painful process.
However, pretty much everything else that Borland has done has failed because there is no nice for it. C++ Builder had some success, but the people going that route were already firmly entrenched in MS or open source products. The same is true for their Java IDE. Then they tried getting into linux with Kylix and Qt stuff. Again, no market. Their C# and
Sadly, it appears CodeGear is going to follow in their footsteps. I give the Delphi for PHP thing a year before they stop updating it. Then another year or two before they drop it altogether. Yet again, it's a product without a market.
Meh. People have been telling us Delphi is dead longer than they've been saying that about Macs. We'll believe it when we see it.
I don't really think you're being honest here. Yes, there have always been terrorists or guerrilla forces that could use explosives to blow things up. But we're really living in a lot situation today. Back then it was highly unlikely some group halfway across the world could successfully plot an attack on American soil. It's also a matter of scale. You have to admit that there's SOME breakpoint where it doesn't matter how much better you can make weapons. If an old weapon will kill X people, it will ALWAYS be scary as hell and something people worry about others getting their hands on. I think we reached that point with the atom bomb. Todays nuclear bombs have gone far beyond that.
The point of me posting that quite is the claim should stand on it's own, not on the authority of the person speaking it. People put far too much stock in the opinions of recognizable historical figures.
"When the powerful Jew is at last traced and his hand revealed, then comes the ready cry of persecution and it echoes through the world press." -- Henry Ford (from The International Jew: The World's Foremost Problem , ISBN: 978-0765315526)
Once you get past a certain size, the brain stops processing you as "moving object" and puts you in the "unmoving landmark" category. At least, that's my theory.
To play devil's advocate, when the Hummers are dumped by the original owner, there's a high likelihood that they will be resold.
So it's not such much their theory I find suspect but the results.
Wheels are for technoweenies. Real men use sleds.
Well, I guess that makes two of us who don't know what a word that starts with "must" means. ;)
And what in the history of EPA regulation and industry purchased loopholes makes you think this is going to happen in the next 50 years? Even the new mercury reduction regulations that just went into effect have enough loopholes to be useless. Seriously, check it out.
Do you have any actual citations for atmospheric mercury being better than mercury in a landfill? Logic would seem to come down on the opposite side. When mercury is released into the atmosphere, it combines with water vapor and falls back to the surface of the Earth. The surface of the Earth contains things like people, food crops and livestock. Also, from there it goes directly into streams, rivers and lakes. This water then gets into the groundwater. On the other hand, burying mercury in the ground risks it getting into the groundwater. Second, anaerobic bacteria in landfill can release mercury back into the atmosphere. However, this is thought to only happen to about 5% of the mercury in landfills. All of this information can be verified by doing some google searches. So, do you still hold that dumping mercury into the atmosphere is better than burying it in the ground?
Another factor is the amount of mercury. Over the lifetime of 5 years, a CFL consumes enough power to generate 2.4mg of atmospheric mercury from power plants. Add this to the 4mg of mercury in the bulb and you get 6.4mg of mercury. Over five years, incandescent bulbs would use enough power to release 10mg of mercury in the atmosphere. This means there is 36% less mercury to go anywhere. Even if no one recycled their bulbs and ALL the mercury that was buried in landfills went directly into the groundwater, this would still be a big environmental win. Would I like the mercury in CFLs or another long-life, low-power bulb replacement to be zero? Sure. But the way to effective environmentalism is all about tradeoffs and making the best choice from a list of imperfect ones.
Now, imagine a world where somehow we fixed all the legislation and the power companies were perfectly cooperative and we managed to reduce mercury emissions by 40% over the next 10 years. At that point, what would be the comparison between CFLs and incandescents? Well, you'd still have 4mg in the CFL bulb. But the mercury via power usage over five years would drop from 2.4mg to 1.44mg (60% of 2.4mg). This would total 5.44mg of mercury over the life of the bulb. So how much mercury would the incandescents release via power usage over 5 years? 6mg. That's right, the CFL would still release about 10% less mercury than the incandescents. And again, that's assuming a ZERO recycling rate to recapture the mercury. So with the CFLs, you've saved all the OTHER byproducts power plants produce, caused less coal to be mined, caused fewer trucks to be on the road shipping incandescent bulbs which need to be replaced frequently and caused fewer trips to the store to replace them. All that, a
On the other hand, this is a fascinating tidbit of sociology. This is one possible future of human society. Even the most obviously crackpot study circulates around and is used by evidence by people who are eager to believe its conclusion. So eager that they never bother actually looking past the headline. It would probably be terrifying to know how many people will have this in their head as a "fact" for the next decade and beyond.