I'm more surprised that someone actually reads his drivel.
Probably, someone at Microsoft knew about the existance of the blog. Or maybe a routine Googling found it. Or, since they have their own search service, it may be configured to automatically flag new pages with certain keywords (probably the names of their products and competitors) for review.
I'd be more surprised if MS didn't find out about the site at some point.
I'd love if we could run these as dumb terminals with *nix, however that won't be an option for the general public.
Why not? What are these machines doing that makes Windows absolutely irreplacable? Decide what apps will be running on these machines. Since they're university computers, they probably won't be running games. Exchanging Office documents? If everybody in the university uses OpenOffice, that limits the requirements for MS Office to out-of-uni work. A few, limited-access, machines could be used to fix up MS Office <-> Open Office transfers.
I wonder if it'll be anything like the original Doom's deathmatch - one guy wearing bright, glowing green, with three in dark colours. That was fun, as long as you weren't player 1.
A calendar can be replaced by a MM/DD/YY select lists, but those are much more cumbersome to use, and allow the user to select impossible combinations (February 31 for example), which then require error handling. It's always best to create a situation where it's impossible for the user to input erroneous information to begin with.
Ack! You're saying that, if the page automatically forced correct values, you wouldn't handle errors?!
Remember, your attacker (always assume that you have one, and that he's smarter than you) has direct access to the HTTP protocol. If he discovers that all your validation is on the client side, he has an easy way into your site, through invalid form inputs. A little trial-and-error, and he can break a database query. From there, it's simple for him to grab anything that's in the database.
reducing the memory requirement from 2-pills-a-day to one-chip-per-7-months
I'm not so sure about that one. If you take the pills twice a day, it's easy to get into a routine. Wake up, breakfast, pills. Pills, brush teeth, bed.
If it's twice a year, it's not as much of a routine to get into. Especially if you travel - "Oh shit, I need to get my medicine refilled, but I'll be in Timbuktu for that entire week". How much of a grace period do these chips allow for? Are they removed at refill time, or do they dissolve entirely? If it's removed, then you could probably get your refill early (but you'd still have to remember it). If it dissolves, you would have a week of overdosing while you have both chips in your system.
Neither I, nor anybody that I know, has been infected by Welchia. If this were to occur, I would look it up. I do not see the need to research how every virus/worm/trojan works, because that would take too much time away from doing anything useful (and I am aware of the irony of saying such a thing on/.).
Just because it hit the nightly news does not mean I need to figure out how it works. In fact, in order to fix it I would need to know exactly nothing about how it works. Instead, I would just go to McAffee or Symantec or another antivirus corporation, and use their knowledge in order to fix it. Their job is knowing all about viruses. My job, as a programmer, is knowing about vulnerabilities in my code, and that of my team. That's quite enough for me.
I don't know the specifics of how this specific worm works. That's OK, because I'm not in a position where I need to know this, as I keep up to date on my patches, have a firewall, and have a limited Linux box (only two services available from outside on boot, others available only locally or by manual activation).
But just because this worm crashes RPC, it does not mean that every worm must crash RPC. If a worm finds a different way in, or is able to get in through RPC without crashing, it will have complete control over the computer. This gives it time to do anything it wants.
But the computer only reboots because Welchia tells it to (or so I assume). If Welchia told it to flash the BIOS instead of rebooting, or if it included a delay before instructing the computer to reboot, it would have all the time it wanted.
The BIOS doesn't need to be flashed immediately. The worm could spread for an hour, then flash. It'll still be able to cause significant damage.
Does Windows even use the BIOS after it's booted? The worm could flash the BIOS, then continue to spread until reboot, at which point the machine will become useless. Even more damaging goodness.
I replied to Forbes using their "Send comments" link:
Subject: Licensing
Your article seems to miss one very important point. This point is that, in order to distribute Linux, Broadcom, Linksys, and Cisco were required to comply with the GPL. This is the license that allows them to distribute Linux without paying for it.
With most software, you pay for it and receive a list of rules (generally referred to as an End User License Agreement, or EULA). This tells you what you may or may not do with the software. It may prohibit you from duplicating it, for example, or from reverse-engineering it, or even writing a negative review about it. If you break the rules, you are subject to litigation.
The GPL, under which Linux is licensed, also comes with a set of rules. However, unlike with commercial software, the GPL only takes effect when you modify and distribute the software. At that point, it is required that you distribute the source code for that software. It is part of the agreement that comes with receiving the software. As with the commercial examples, if you break the rule, you are subject to litigation.
Before you write another article regarding software license issues, please ensure that you know what the licenses entail.
Use procmail to filter it into folders. I think there is a Squirrelmail plugin that lets you edit procmail recipes, so you don't need to give your users shell access.
First, I think this will lead to ISPs only allowing "approved" OSs on their networks, in order to prevent themselves from getting fined. Unfortunately, the approved list will probably contain the worst offenders.
Second:
ISPs must receive freedom from liability for dropping the identified traffic. False detections are the fault of the "Independent Authority", who should also be free from liability.
Sorry we blocked your critical data, but you can't do anything about it.
I don't really care about investors who don't take the time to research their purchases. However, these investors are feeding the FUD machine that is SCO. If they weren't there to keep giving SCO money, how would they be able to pay the lawyers?
Slashdot Mirror
I'd be more surprised if MS didn't find out about the site at some point.
I wonder if it'll be anything like the original Doom's deathmatch - one guy wearing bright, glowing green, with three in dark colours. That was fun, as long as you weren't player 1.
Remember, your attacker (always assume that you have one, and that he's smarter than you) has direct access to the HTTP protocol. If he discovers that all your validation is on the client side, he has an easy way into your site, through invalid form inputs. A little trial-and-error, and he can break a database query. From there, it's simple for him to grab anything that's in the database.
Actually...
Didn't you all see the fireball that baby made?
Braille.
If it's twice a year, it's not as much of a routine to get into. Especially if you travel - "Oh shit, I need to get my medicine refilled, but I'll be in Timbuktu for that entire week". How much of a grace period do these chips allow for? Are they removed at refill time, or do they dissolve entirely? If it's removed, then you could probably get your refill early (but you'd still have to remember it). If it dissolves, you would have a week of overdosing while you have both chips in your system.
Damn "500" errors. How many attempts will it take for me to submit this time?
Ah, yes. Dumb, unenforced laws. Always good for a laugh.
Neither I, nor anybody that I know, has been infected by Welchia. If this were to occur, I would look it up. I do not see the need to research how every virus/worm/trojan works, because that would take too much time away from doing anything useful (and I am aware of the irony of saying such a thing on /.).
Just because it hit the nightly news does not mean I need to figure out how it works. In fact, in order to fix it I would need to know exactly nothing about how it works. Instead, I would just go to McAffee or Symantec or another antivirus corporation, and use their knowledge in order to fix it. Their job is knowing all about viruses. My job, as a programmer, is knowing about vulnerabilities in my code, and that of my team. That's quite enough for me.
But just because this worm crashes RPC, it does not mean that every worm must crash RPC. If a worm finds a different way in, or is able to get in through RPC without crashing, it will have complete control over the computer. This gives it time to do anything it wants.
But the computer only reboots because Welchia tells it to (or so I assume). If Welchia told it to flash the BIOS instead of rebooting, or if it included a delay before instructing the computer to reboot, it would have all the time it wanted.
Use procmail to filter it into folders. I think there is a Squirrelmail plugin that lets you edit procmail recipes, so you don't need to give your users shell access.
Why bother with the notice? You have copyright on your publications by default. Stick it to them anyway.
But it can happen in Canada too.
You're asking slashdot, during the middle of the work day, what we do at work?
Second:
Sorry we blocked your critical data, but you can't do anything about it.I don't really care about investors who don't take the time to research their purchases. However, these investors are feeding the FUD machine that is SCO. If they weren't there to keep giving SCO money, how would they be able to pay the lawyers?