Correct me if I'm wrong, but don't you have to have admin rights to patch Internet Explorer also? I mean, it doesn't let unprivileged users apply patches does it?
I agree with the other replies to this, but I'll also point out that FF's auto updates are entirely dependant on an internet connection. Not quite true. Firefox looks for updates from a configurable URL, this is set to Mozilla's website by default, but can be changed to point to an intranet server or local filesystem.
I'm guessing, though, that a tool could be developed fairly easily that puts the updates in the correct directory so that FF sees them the next time it starts and then installs them automatically. Just add: user_pref("app.update.url", "http://your.company.net/helpdesk/updates/firefox") to prefs.js;
Then once you've tested the new version, you put it on your intranet server, and everybody updates.
Do you keep user's home directories on a remote server? If you do then just over-write any changes to the Local Settings\Application Data\Mozilla\Firefox directory with a single managed copy (this could be accomplished with a log in script if you don't keep remote home directories). It may not stop them from installing add-ons, but it will remove them whenever they reboot.
But really, if you already lock down the internet, what risk is there of them installing add-ons?
showing 0 (zero) just makes it painfuly obvious there is a problem... what we need is to design an effective open system so that there are no errors, or a way that the public at large can be assured that their vote counted. True, but showing 0 (zero) votes also makes it obvious that this was a mistake, not a conspiracy. If someone wanted to reduce the number of Ron Paul votes, or shift them to another candidate, they wouldn't make it so glaringly obvious.
I find it more likely that a stack of 31 paper ballots was overlooked while counting the multiple-hundreds of ballots stacks, than somebody trying to secretly alter the vote by removing _all_ of Ron Paul's votes. That being said, it could be that the person counting the vote is as annoyed by Ron Paul supporters as the rest of us, and did this just to screw with them.
Interesting, and with implications beyond CC licenses as well. Suppose I create a small application, license it under the GPL, and distribute it from my own website. Then, some company starts to use and re-distribute it, following the GPL. Next I scrub my site and my code of all references to the GPL, and claim it was never licensed as such. Wouldn't this cause a very similar situation?
I had a wonderful experience with Perl, it remains one of my favorite languages actually. It's not that it's a bad language, it's that it's a bad first language because what you learn in Perl doesn't usually translate well to other languages. As another poster already mentioned, it's object model is very much a hack and in it's syntax, while wonderful once you know it, makes the transition to other languages much more difficult. Perl is very good, but it's habit forming, and not all of those habits are good.
I guess for the next generation of pc users, we need to educate them. I always said owning a computer is like ownign a car, you would never use a car without knowing how to drive, although you did buy the car. Even more important, I think, is to educate the next generation of programmers. Just because you know how to make a car, doesn't mean you know how to make a safe car. Even if you are an expert driver, you really have no way of knowing if taking a specific car over 75 mph will cause a critical joint in the engine to fail. Saying that drivers should never drive any car above 75 mph to avoid that possibility isn't an acceptable solution.
Only this isn't a Windows virus, it's an SQL injection attack. Most likely the vulnerability isn't even in Microsoft code, but in some popular business web application that uses MS SQL for the backend. Tweaking that to exploit a PHP application that uses MySQL for the backend wouldn't be any more difficult.
70,000 server admins could just as easily leave a LAMP system unprotected from SQL injection, but you wouldn't be trolling then, would you. Yes we would, only we'd be mocking PHP coders not Microsoft.
It sounds like for you, and the professors in the article, the problem is not that teaching Java is bad, it's that teaching _only_ Java is bad. This absolutely makes sense, and is in no way a "slam" on Java, as the/. headline suggests. Teaching _only_ assembly, or _only_ C, or _only_ Lisp would be equally bad. They make several cases about why Java is a bad choice for a first language, but that is mainly because it makes hard things easy, but you can still teach students most of those hard things in Java. I agree that they need to teach more languages, I wish I had been taught more languages while I was in school.
I taught myself Perl first (talk about a bad first language), then learned a bit of VB and C/C++ (not enough) at a community college, was taught mostly Java at university, then taught myself PHP at work, am now working on C#, and have a Python project already set as my next language.
Nobody seems to know how the malicious code actually got into the server in the first place. Simple SQL injection is definitely a prime suspect, but it's also possible that there is some flaw in SQL Server's processing of properly parameterized code that still allows the tainted user-input to be executed.
Only a problem for far-sighted people, and making room for glasses isn't going to fix that.
The images your eye will be focusing on is only a couple of inches away, even if it "appears" to be 2 meters away. Your stereoscopic vision will be focused 2 meters out, but your lens will be focused only an inch or two out, so near-sighted users would just take off their regular glasses when they use this.
Also worth noting is that the Dell offering is going so well with Ubuntu that they offer more systems with freakin openDOS. Dell offered OpenDOS for quite a long time before they offered Ubuntu, so it shouldn't be any more surprising than noting that they offer more systems with Windows.
According to Mr. Raff Firefox fails to sanitize... Read like "Mr. Raff Firefox", because of a missing comma. Should be:
According to Mr. Raff, Firefox fails to sanitize...
The article cites 36% as default + dictionary. GP says a full 33.3% are probably default alone, with the implication that a dictionary attack would get more than 2.7% more, so therefore a combined 36% is "lowball".
It means don't give your f*ing password out to people who come to you. I have a password on my bank account, and whenever I go to my bank I have to give them my password, but I would never _ever_ give my password if someone from my bank contacted me (which actually happened once).
Look at the type of bugs, not just the number. One spoofing vulnerability does not compare to one remote code execution vulnerability.
It's like saying there are 10 ways a thief can trick a Toyota user into handing over their car keys, but only 1 way a thief can remotely start your Lexus and drive it wherever they want without you even realizing they've done so. Therefore Toyota's are less secure. Or, conversely, it's like saying paper is more dangerous than dynamite, because more people get paper cuts than blow themselves up.
You know, by helping them you're only enabling their bad behavior. Yes, but that's only because I care more about my relationship with them then I do about their computing experience. I wouldn't enable drug use or alcoholism, mind you, but using Windows is an annoyance, it's not going to ruin their lives. I drive an automatic transmission, even through I've had terrible luck with automatic transmissions in the past, because it's easier that learning to drive a stick and having to get a new car.
So cut them off, tell them "you know, I haven't really used windows for years and I don't know so much about it anymore. I've actually been doing that lately, and it isn't a lie. My parents and inlaws both have new computers with Vista on them, which seems nothing at all like XP when it comes to administration tasks, and even my XP knowledge is fairly limited since I've been using Linux for so long now. More than once I've had to say "Sorry, I don't know how Vista works".
But if you ever have any linux questions I'd be happy to give you a hand. I usually let them know that I use Linux, and that it is an option for them too, that I can install it for free (legally). No takers yet, but I do have most of them using Firefox, a couple using OpenOffice.org, and things like 7zip and VLC are pretty common too. Photoshop is one of the biggest issues, as those who use it want to keep using it, even if Gimp or Krita can do everything they need.
That way you don't offend them by saying no, you don't have to deal with the hassles of fixing windows computers, and they have an incentive to use an OS that doesn't break as much. Win-win all around. To be honest, I don't get many hassles anymore. More often than not it's a hardware issue, as Windows users seem to just accept that software issues happen and don't even bother to try and get them fixed anymore. And I don't think things would be completely hassle free if I switched them to Linux, I still have occasional problems (my xorg.conf gets over-written whenever I reboot, leaving out "AddARGBGLXVisuals" so that my desktop loads with no window manager) and I'm pretty technical.
You could argue that you might want to get a driver or such. But you know there are CD's to reinstall the machine, or reset's that can be triggered to reset your machine.
If you want to recover the machine then you can set it to lowest common denominator safety restore at the Windows boot and it will work. Restore partitions are relatively new, so most of my Windows-using acquaintances do not have that option. Only a few have a system restore CD provided by the manufacturer, and of those most have added hardware that wouldn't be recognized by a re-image. Also there is the fact that they usually do not want to completely erase their hard drive, they just want it to boot again. I usually use a LiveCD to mount their Windows file system, do a virus scan, replace any corrupt/infected system files, etc. But when a re-install is required, I have on more than one occasion had to download drivers for their network card that Windows didn't recognize, but my LiveCD did. Use Linux to download and write it to their windows partition or USB drive, reboot into Windows, and you've got it. And of course you can use the Linux LiveCD to copy all of their personal documents to CD, USB drive or over the network somewhere safe, when Windows isn't bootable.
Ok so tell me how often are you going to be visiting the Microsoft website if you happen to be a Linux and Firefox user? Whenever a Windows-using acquaintance hoses their box and I have to boot a LiveCD to fix it.
Slashdot Mirror
Correct me if I'm wrong, but don't you have to have admin rights to patch Internet Explorer also? I mean, it doesn't let unprivileged users apply patches does it?
Then once you've tested the new version, you put it on your intranet server, and everybody updates.
Do you keep user's home directories on a remote server? If you do then just over-write any changes to the Local Settings\Application Data\Mozilla\Firefox directory with a single managed copy (this could be accomplished with a log in script if you don't keep remote home directories). It may not stop them from installing add-ons, but it will remove them whenever they reboot.
But really, if you already lock down the internet, what risk is there of them installing add-ons?
Somebody who bought a $200 pc because of the price isn't going to also buy an external DVD drive just to install Windows on it.
I find it more likely that a stack of 31 paper ballots was overlooked while counting the multiple-hundreds of ballots stacks, than somebody trying to secretly alter the vote by removing _all_ of Ron Paul's votes. That being said, it could be that the person counting the vote is as annoyed by Ron Paul supporters as the rest of us, and did this just to screw with them.
Interesting, and with implications beyond CC licenses as well. Suppose I create a small application, license it under the GPL, and distribute it from my own website. Then, some company starts to use and re-distribute it, following the GPL. Next I scrub my site and my code of all references to the GPL, and claim it was never licensed as such. Wouldn't this cause a very similar situation?
I had a wonderful experience with Perl, it remains one of my favorite languages actually. It's not that it's a bad language, it's that it's a bad first language because what you learn in Perl doesn't usually translate well to other languages. As another poster already mentioned, it's object model is very much a hack and in it's syntax, while wonderful once you know it, makes the transition to other languages much more difficult. Perl is very good, but it's habit forming, and not all of those habits are good.
Only this isn't a Windows virus, it's an SQL injection attack. Most likely the vulnerability isn't even in Microsoft code, but in some popular business web application that uses MS SQL for the backend. Tweaking that to exploit a PHP application that uses MySQL for the backend wouldn't be any more difficult.
It sounds like for you, and the professors in the article, the problem is not that teaching Java is bad, it's that teaching _only_ Java is bad. This absolutely makes sense, and is in no way a "slam" on Java, as the /. headline suggests. Teaching _only_ assembly, or _only_ C, or _only_ Lisp would be equally bad. They make several cases about why Java is a bad choice for a first language, but that is mainly because it makes hard things easy, but you can still teach students most of those hard things in Java. I agree that they need to teach more languages, I wish I had been taught more languages while I was in school.
I taught myself Perl first (talk about a bad first language), then learned a bit of VB and C/C++ (not enough) at a community college, was taught mostly Java at university, then taught myself PHP at work, am now working on C#, and have a Python project already set as my next language.
Nobody seems to know how the malicious code actually got into the server in the first place. Simple SQL injection is definitely a prime suspect, but it's also possible that there is some flaw in SQL Server's processing of properly parameterized code that still allows the tainted user-input to be executed.
C# is a language, .Net is a collection of APIs.
Only a problem for far-sighted people, and making room for glasses isn't going to fix that.
The images your eye will be focusing on is only a couple of inches away, even if it "appears" to be 2 meters away. Your stereoscopic vision will be focused 2 meters out, but your lens will be focused only an inch or two out, so near-sighted users would just take off their regular glasses when they use this.
Hmmm, Ubuntu has one GUI toolkit, and one installer. Fedora has one GUI toolkit and one installer. I don't see what you're getting at here.
The article cites 36% as default + dictionary. GP says a full 33.3% are probably default alone, with the implication that a dictionary attack would get more than 2.7% more, so therefore a combined 36% is "lowball".
It means don't give your f*ing password out to people who come to you. I have a password on my bank account, and whenever I go to my bank I have to give them my password, but I would never _ever_ give my password if someone from my bank contacted me (which actually happened once).
Look at the type of bugs, not just the number. One spoofing vulnerability does not compare to one remote code execution vulnerability.
It's like saying there are 10 ways a thief can trick a Toyota user into handing over their car keys, but only 1 way a thief can remotely start your Lexus and drive it wherever they want without you even realizing they've done so. Therefore Toyota's are less secure. Or, conversely, it's like saying paper is more dangerous than dynamite, because more people get paper cuts than blow themselves up.
If you want to recover the machine then you can set it to lowest common denominator safety restore at the Windows boot and it will work. Restore partitions are relatively new, so most of my Windows-using acquaintances do not have that option. Only a few have a system restore CD provided by the manufacturer, and of those most have added hardware that wouldn't be recognized by a re-image. Also there is the fact that they usually do not want to completely erase their hard drive, they just want it to boot again. I usually use a LiveCD to mount their Windows file system, do a virus scan, replace any corrupt/infected system files, etc. But when a re-install is required, I have on more than one occasion had to download drivers for their network card that Windows didn't recognize, but my LiveCD did. Use Linux to download and write it to their windows partition or USB drive, reboot into Windows, and you've got it. And of course you can use the Linux LiveCD to copy all of their personal documents to CD, USB drive or over the network somewhere safe, when Windows isn't bootable.
Because I've given up on evangelizing. When they want it, I'll install it.