True. Major distros will hold back on upgrading to gcc 4.3.0. Unless they already upgraded. For the most part, this bug will only cause headaches (and possibly suicides) to people trying to diagnose issues in their code, either because they didn't get the memo, and are using gcc 4.3.0, or because they are helping someone with run-time issues, who are using gcc 4.3.0. If I remember correctly, we had similar problems with gcc 4.0.x. I don't recall any reported deaths.
1) Nobody is getting on gcc's case. As I understand it, they are doing the right thing, and reverting to the older, safer, although slightly slower, behavior.
2) Perhaps you haven't gotten the news, but IE8 is doing the right thing too, by using their "less broken" mode by default. This is a switch from what they announced earlier, where you would have to opt-in to better standards compliance.
3) The difference between IE, and gcc is IE is broken, and gcc is not. Clearing the DF does not break standards in any way. In fact, according to the ABI, it needed to be done anyway (although the kernel is supposed to do it). Guess what happens when you clear the DF twice?
If ipX is a known Russian Control Server, and ISP finds Client Y connecting to it, it makes sense Client Y needs to be disconnected and contacted, or say, have access restricted to antivirus update / download sites for say an hour (arbitrary) and then full access restored.
That's going to cause a lot of problems. And support calls. If Client Y is infected, they might need help to get clean. The best source for that is usually web searches and online forums, which you have just cut them off from. You may have cut them off from their antivirus updates as well; there is no way that your list is complete. Also, just connecting to the Russian Control Server doesn't necessarily mean that they are infected. They could be a security researcher. Or maybe the Russian Control Server is a compromised Russian website which Client Y regularly visits.
Just what is the Windows equivalent of sudo that ships standard with Windows XP?
It's called, "runas". It is a Windows program that allows you to run an arbitrary program as any other user (if you know the password, of course).
Windows won't let you do anything of substance once you're running as non-administrator. That is the problem.
That's not what I've observed. Back when I was using Windows 2K, I regularly ran as an ordinary user. Most programs worked just fine. Almost all of the Windows programs worked under a regular user, except for the ones that genuinely needed Admin access.
Ever tried to install software... as an unprivileged user on W2K??
You can install software as an unprivileged user if you don't require Admin access to write to the directory you are installing to. So for example, if you install into your "My Documents" folder, you do not need Admin access. If, however, you want to install to "Program Files", then you need Admin access, unless you have altered Program Files to be editable by everyone. It pretty much works exactly like it does on Linux.
Now that I've gotten your inaccuracies out of the way, I'd like to point out that Windows, and many of the program written for it, don't seem to understand Least User Authority. The main goof Microsoft did was give the regular user Admin privileges at install-time. Windows requires Admin privileges just to look at the clock/calendar. Many programs written for Windows need to be manually "finessed" after installing, so that they can work properly for regular user accounts.
WP doesn't allow copyrighted work like journals to be posted verbatim on the site--even IF the author grants explicit permission signed in blood and double-notarized to have the material published there too... So, the ONLY way this material could be posted on Wikipedia... would be if the author released it under GFDL.
WTF? Are you trying to imply that the GFDL is worse than signing in blood and double-notarizing?
So, the ONLY way this material could be posted on Wikipedia... would be if the author released it under GFDL. Which no one wants to do with anything, especially if it's their livelyhood.
You'd be surprised what some people will do to get their stuff published. If you had read the fucking summary, you would realize that some people will actually sign over the copyright to their papers.
An EMP will cause the device to fail. He will get the best first aid, and then be rushed to the hospital. He will most likely survive. Causing a fatal jolt to his heart, on the other hand, will kill him.
a) cops are on their best behavior when they know that they are being video taped. b) the network only gets permission to ride with the cops if they agree to make the cops appear to be good guys.
"Cops" is for entertainment only. It is not, and will never be educational.
Can anybody translate this into something that makes sense?
OK. Via spam, F-Secure found a malware web page with an ftp link. They think this is going to be a trend. Some businesses proxy http connections, and scan downloads for viruses. They believe that malware authors will shift away from http to ftp because there is a less likely chance that downloads will be scanned.
I don't see this happening. It is speculation, and I think malware authors will just use whatever servers they have access to, or whatever they know how to set up. Few organizations scan http or ftp files that go through their gateways.
To be fair to F-Secure, though, they used tech terms correctly. They properly distinguished between email attachments, http, and ftp. They didn't use the word URL in the entire article. The reporter (or possibly CmdrTaco) likely didn't fully understand what the article says, and thought, "ZOMG!! NEW HAX ATTACKS!! MUST ALERT SLASHDOT!!!"
I never heard of httpshare.com. After reading the summary, I went to the website, to see what it was. I still don't know what it is, because it is in Hebrew. However, in plain English, they mention that they upgraded their servers, and they thank IFPI for the free advertising.
I do know they know who I am. Even if they know I know they know (which they should), they should know that creeping people out is not a good marketing plan. One of the reasons I feel good about blocking advertisements with adblock plus is behavior like this (though not this behavior specifically).
My first attempt at doing this, please feel free to ammend/critique:
Your post advocates a ( ) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting spam (and malware). Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(X) We have no idea wtf you are talking about ( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(X) People need to understand your idea in order to incorporate it ( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) You are an incoherent hack ( ) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
> And why are people flocking to buy this decade's Betamax? Simple, they did the math.
What? The summary does a good job of describing why HD-DVD is a good buy, although they have to make up facts to do it, such as pricing a DVD player at $60. However, I think it is more likely that most of the people buying HD-DVD players don't know that it is dead. Never attribute to average people doing math that which can be adequately explained by incompetence.
I thought the 1%/50% comment was stupid, too. The majority of wikipedia users hardly edit anything. I've only edited a few pages myself. How is that elitism?
My thoughts exactly. This post reminds me of the congressmen who say, "I'm going to do something about identity theft by making more laws!" We're having enough trouble keeping our current Bill of Rights. What good would another Bill of Rights do that basically says the same thing?
I'm not the OP, but until recently, I used ndiswrapper to make my wireless card work (and might go back. the OSS driver is buggy.)
>> I am an open source advocate
> Like in "Do as I say (use open source), but not as I do (use closed source drivers)"?
No, as in I advocate open source, but am not a hardcore zealot. I have to work in the real world, and prefer function over ideals.
>> but the driver for my network card
> Get another card. Reward manufacturers supporting Open Source by supporting them.
I thought I did. I researched as much as I was willing to for a small purchase, and discovered that the card they sell at the local Wal-mart used a Prism GT chipset, which was fully supported by an open source driver. After I actually tried to get the thing to work, I noticed that "fully supported" is not how I would have defined it. Because it is a USB card, it requires the special "islsm" driver, which is buggy, unmaintained, and doesn't work with recent kernel versions. Islsm is difficult to compile.
I totally agree with supporting manufacturers who release OSS linux drivers. Unfortunately, the information is hard to find, or at least was harder a few years ago. But it's been several years, and the card still works with ndiswrapper. I see little reason to buy another one.
>> Trying to get rid of it will only restrict Linux adoption.
>> If you have to use closed source to just connect your Linux box to a network, then just fuck it and stay with Windows or buy a Mac....
>> If all "open source supporters" had your attitude, free software wouldnt have survived the 90s.
Wow. That isn't even worth responding too. But what Cheaply said is worth repeating, "it's an open source fundamentalist! Let's ban closed-open source marriages since they aren't pure and the most Holy of Programmers has spoken out against it."
Wales may be squandering Wikipedia funds, but that's not the same as "corruption" or embezzlement.
Buying a server you don't need would be squandering funds. Using company funds for personal expenses is the definition of embezzlement. It is similar to putting company funds into a personal bank account for later use of personal expenses. I would shed no tears over Jimmy Wales going to jail. Maybe it is common, but that doesn't make it right, legal, or acceptable.
To be fair, according to the summary the Air Force never closed the stable doors. Perhaps they were thinking, "Oh well. What's done is done." The thing is, they really should stop sending sensitive information via email in order to lessen future threats.
On the other hand, this will make it easier to kill the president.
Slashdot Mirror
True. Major distros will hold back on upgrading to gcc 4.3.0. Unless they already upgraded. For the most part, this bug will only cause headaches (and possibly suicides) to people trying to diagnose issues in their code, either because they didn't get the memo, and are using gcc 4.3.0, or because they are helping someone with run-time issues, who are using gcc 4.3.0. If I remember correctly, we had similar problems with gcc 4.0.x. I don't recall any reported deaths.
1) Nobody is getting on gcc's case. As I understand it, they are doing the right thing, and reverting to the older, safer, although slightly slower, behavior.
2) Perhaps you haven't gotten the news, but IE8 is doing the right thing too, by using their "less broken" mode by default. This is a switch from what they announced earlier, where you would have to opt-in to better standards compliance.
3) The difference between IE, and gcc is IE is broken, and gcc is not. Clearing the DF does not break standards in any way. In fact, according to the ABI, it needed to be done anyway (although the kernel is supposed to do it). Guess what happens when you clear the DF twice?
In order to find out if beer is good or bad for scientists, I have to read the article?
That's going to cause a lot of problems. And support calls. If Client Y is infected, they might need help to get clean. The best source for that is usually web searches and online forums, which you have just cut them off from. You may have cut them off from their antivirus updates as well; there is no way that your list is complete. Also, just connecting to the Russian Control Server doesn't necessarily mean that they are infected. They could be a security researcher. Or maybe the Russian Control Server is a compromised Russian website which Client Y regularly visits.
It's called, "runas". It is a Windows program that allows you to run an arbitrary program as any other user (if you know the password, of course).
Windows won't let you do anything of substance once you're running as non-administrator. That is the problem.That's not what I've observed. Back when I was using Windows 2K, I regularly ran as an ordinary user. Most programs worked just fine. Almost all of the Windows programs worked under a regular user, except for the ones that genuinely needed Admin access.
Ever tried to install softwareYou can install software as an unprivileged user if you don't require Admin access to write to the directory you are installing to. So for example, if you install into your "My Documents" folder, you do not need Admin access. If, however, you want to install to "Program Files", then you need Admin access, unless you have altered Program Files to be editable by everyone. It pretty much works exactly like it does on Linux.
Now that I've gotten your inaccuracies out of the way, I'd like to point out that Windows, and many of the program written for it, don't seem to understand Least User Authority. The main goof Microsoft did was give the regular user Admin privileges at install-time. Windows requires Admin privileges just to look at the clock/calendar. Many programs written for Windows need to be manually "finessed" after installing, so that they can work properly for regular user accounts.
Jack Valenti? Is that you?
Seriously. I skimmed the summary, and thought this article was something completely different.
The article mentions nothing about Al Gore.
3.5) ????
I won't respond to your comment, but DRM is BUILT-IN to the Operating System. How much more serious can it get?
WTF? Are you trying to imply that the GFDL is worse than signing in blood and double-notarizing?
So, the ONLY way this material could be posted on WikipediaYou'd be surprised what some people will do to get their stuff published. If you had read the fucking summary, you would realize that some people will actually sign over the copyright to their papers.
An EMP will cause the device to fail. He will get the best first aid, and then be rushed to the hospital. He will most likely survive. Causing a fatal jolt to his heart, on the other hand, will kill him.
Two problems you have to overcome:
a) cops are on their best behavior when they know that they are being video taped.
b) the network only gets permission to ride with the cops if they agree to make the cops appear to be good guys.
"Cops" is for entertainment only. It is not, and will never be educational.
OK. Via spam, F-Secure found a malware web page with an ftp link. They think this is going to be a trend. Some businesses proxy http connections, and scan downloads for viruses. They believe that malware authors will shift away from http to ftp because there is a less likely chance that downloads will be scanned.
I don't see this happening. It is speculation, and I think malware authors will just use whatever servers they have access to, or whatever they know how to set up. Few organizations scan http or ftp files that go through their gateways.
To be fair to F-Secure, though, they used tech terms correctly. They properly distinguished between email attachments, http, and ftp. They didn't use the word URL in the entire article. The reporter (or possibly CmdrTaco) likely didn't fully understand what the article says, and thought, "ZOMG!! NEW HAX ATTACKS!! MUST ALERT SLASHDOT!!!"
I never heard of httpshare.com. After reading the summary, I went to the website, to see what it was. I still don't know what it is, because it is in Hebrew. However, in plain English, they mention that they upgraded their servers, and they thank IFPI for the free advertising.
I do know they know who I am. Even if they know I know they know (which they should), they should know that creeping people out is not a good marketing plan. One of the reasons I feel good about blocking advertisements with adblock plus is behavior like this (though not this behavior specifically).
That's never stopped them before.
My first attempt at doing this, please feel free to ammend/critique:
Your post advocates a
( ) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting spam (and malware). Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(X) We have no idea wtf you are talking about
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(X) People need to understand your idea in order to incorporate it
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) You are an incoherent hack
( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
> And why are people flocking to buy this decade's Betamax? Simple, they did the math.
What? The summary does a good job of describing why HD-DVD is a good buy, although they have to make up facts to do it, such as pricing a DVD player at $60. However, I think it is more likely that most of the people buying HD-DVD players don't know that it is dead. Never attribute to average people doing math that which can be adequately explained by incompetence.
I thought the 1%/50% comment was stupid, too. The majority of wikipedia users hardly edit anything. I've only edited a few pages myself. How is that elitism?
My thoughts exactly. This post reminds me of the congressmen who say, "I'm going to do something about identity theft by making more laws!" We're having enough trouble keeping our current Bill of Rights. What good would another Bill of Rights do that basically says the same thing?
Simple solution. They can go back in time and steal plutonium from themselves.
I'm not the OP, but until recently, I used ndiswrapper to make my wireless card work (and might go back. the OSS driver is buggy.)
>> I am an open source advocate
> Like in "Do as I say (use open source), but not as I do (use closed source drivers)"?
No, as in I advocate open source, but am not a hardcore zealot. I have to work in the real world, and prefer function over ideals.
>> but the driver for my network card
> Get another card. Reward manufacturers supporting Open Source by supporting them.
I thought I did. I researched as much as I was willing to for a small purchase, and discovered that the card they sell at the local Wal-mart used a Prism GT chipset, which was fully supported by an open source driver. After I actually tried to get the thing to work, I noticed that "fully supported" is not how I would have defined it. Because it is a USB card, it requires the special "islsm" driver, which is buggy, unmaintained, and doesn't work with recent kernel versions. Islsm is difficult to compile.
I totally agree with supporting manufacturers who release OSS linux drivers. Unfortunately, the information is hard to find, or at least was harder a few years ago. But it's been several years, and the card still works with ndiswrapper. I see little reason to buy another one.
>> Trying to get rid of it will only restrict Linux adoption.
>> If you have to use closed source to just connect your Linux box to a network, then just fuck it and stay with Windows or buy a Mac....
>> If all "open source supporters" had your attitude, free software wouldnt have survived the 90s.
Wow. That isn't even worth responding too. But what Cheaply said is worth repeating, "it's an open source fundamentalist! Let's ban closed-open source marriages since they aren't pure and the most Holy of Programmers has spoken out against it."
Buying a server you don't need would be squandering funds. Using company funds for personal expenses is the definition of embezzlement. It is similar to putting company funds into a personal bank account for later use of personal expenses. I would shed no tears over Jimmy Wales going to jail. Maybe it is common, but that doesn't make it right, legal, or acceptable.
To be fair, according to the summary the Air Force never closed the stable doors. Perhaps they were thinking, "Oh well. What's done is done." The thing is, they really should stop sending sensitive information via email in order to lessen future threats.
On the other hand, this will make it easier to kill the president.
Yes. Or, they could not send sensitive information via email.