The difference is that at least on the client side is that if I hack a website with SOAP web services the results can now affect the software running locally. Thus manipulating software on the client side to do things they were not intended to do.
The difference is subtle, with CGI programs attacks would affect the backend, deleting accounts, intercepting charge cards, outputting misinformation, etc.
With SOAP/CGI they can do all of that plus control the software running locally. And they could easily subvert the firewall at the same time.
That to me seems like a potential security problem to me.
While I do not think you are a troll, I think you have rushed to judgement without thinking clearly.
Schnier never said SOAP was a Microsoft product he said "Implementation of Microsoft SOAP...." The reason why web services are so convienent is because they can bypass inconvienent security devices by tunneling through other protocols such as HTTP/HTTPS. Embedding a control protocol (SOAP) in a data protocol (HTTP) is just as bad (security-wise) as macros in email documents.
It is not easy to disable SOAP services without disabling HTTP. Sure you can use a packet filter but that just adds another layer of issues to deal with.
Seperating IIS from one large service to a many smaller services is a good idea. If a flaw is found in ftp it will be less likely to hurt the http server.
Redoing the protocols does not make any sense from a business point of veiw. Adding new open standard protocols to IIS (leading by example), is a more logical idea.
Re:What's difference between the versions of DBZ?
on
NY Times on Anime
·
· Score: 1
Go to china town and pick up a fansubbed version to find out.
I don't know; I saw a fan subbed version of Cowboy Bebop before I saw the american. I felt that the vocal expressions of Spike and Ed had a lot more depth than the english voice actors. Not to say the english voice actors were not good. The japanese language seems just a little more emotionally expressive than english.
I do not always watch the japanese version first, because you need to concentrate to watch it and it is easy to miss certain subtle details. Sometimes the english voice acting is so hollow that I have no choice but to watch it in japanese.
Maybe I should just learn japanese and watch anime in its raw form!:>
Why I do not like the Mainstreaming of Anime
on
NY Times on Anime
·
· Score: 1
The reason I watch anime in the first place is because it is different than the mainstream. The stories range from amazing to extremely strange and unbelieveable.
Once you "mainstream" Anime you loose those qualities that make it such a great artform. Just look at the pokemon phenomenon. You take one unique anime and then market it to death. Now all you have are clones of pokemon-like garbage, because that is only thing that can be funded. It kills the artform.
In the USA parent groups like censoring everything, so that will be a problem as well. Watching the Japanese version of Dragon Ball Z and the funimation/cartoon network version is like watching two different shows.
Will shows like Cowboy Bebop, BoogiePop phantom, Serial Experiments Lain be funded in the new world of mainstream Anime. I think not.
I assume that the multiple VMs do not map directly to the hardware it runs on.
The user mode software is probably directly mapped and context switched in/out just like any other multitasking OS. The kernel mode drivers may just be gateways communicating with the host VM manager.
The OS on the VM uses virtual generic interfaces for the harddisks, networks, ttys, etc. Those generic interfaces talk to the VM manager to be mapped to the actual hardware. The I/O calls that are pending are probably optimized by the VM manager.
I assume this is how it is done. I could be wrong.
Poor people are going to be less likely to own a computer than, richer upper class people. Well Duh?
I cannot believe people even question the existence of the digital divide, it is something that anyone with reason could understand.
Why even bother categorizing this problem. There have been disenfranchised people since the day humans stopped hunting and gathering and turned to an agricultural system.
The problem with this article is that it assumes that the digital divide problem is software related. It is not even a hardware problem. The problem is poverty. Yes I do know that point is obivious! But it is a social problem that world leaders have failed to fight directly.
The problem is that politians constantly restate the problem of poverty by categorizing diffent it into different subsets. It is as if catogerizing poverty into different subpoints helps solve the problem. I think politicans and civil rights leaders are ill equipped to solve the problem directly, so they divide it into subpoints inorder not to be held accountable for their inablility to fight it.
A poor kid in the shanty town in South Africa with a computer, is still a poor kid.
By "bridging digital divide", you do nothing to address what caused the divide in the first place. "Bridging the digital divide" does nothing to affect the infrastructural problems that allow the poverty to exist in the first place. The resources that could be channeled into finding a soultion to poverty, are waisted in a futile effort.
I bet, when the radio started to overtake written forms of communication, people started to worry that there were not enough radios for everyone. Once the radio problem was solved, TV appeared. When there was a TV in every home, computers appeared an so-on. The problems derived from poverty are dynamic an complex, once you solve one, another appears. To solve only a subset, but not the root, is a futile effort at best.
We could wire every house in America, but without an infrastructure to support it, it will fall apart. In order fight poverty you have to provide the direct cause of the poverty not the results.
Yeah a simple analysis shows that the xbox_emulator.exe was written in Borland Delphi.
What a joke.
The least they could have done is copy the XBOX intro movie and play it while the user starts it up. They could have also accessed data the DVD-ROM drive to mimic data access. This is just stupid, not even worthy of an April fool jokes.
It is truely a hoax!!! strings xbox.vxd |grep -in "wolfenstein"
8234:Wolfenstein-1
8471:has not been verified for use with Wolfenstein.
10212:Wolfenstein
It takes no longer than a minute to verify. Shame on the slashdot maintainers for rushing this article.
It is amazing what they could get away with in those days. They cut those offensive scenes in the repeats they show nowadays, but I will never forget them.
kin_korn_karn should not complain about the Japanese being xenophobic, while old looney-tunes as a counter example.
I will agree that anime stories tend to be confusing to the point of torture or nonexistent.
Although, when an anime story is written clearly, I believe it is usually experience I cannot find anywhere else. That is why I watch anime. The good anime usually overflows with creative and imaginative characters and environments.
I see you are a fan of the classic Warner Brothers cartoons. I remember when they were xenophobic and sometimes blatantly hateful to minorities. I remember for a time there was a stereotypical Aunt Jemima type character in Tom and Jerry.
I do agree that some Japanese need to improve on there veiw of the gaijin, but you cannot generalize the Japanese people based on your closed minded views.
Also the jerkiness is not necessarily a bad thing. The anime style is cheaper to make than the american style.
Jokes aside, the reason why no one will convert to metric bytes is because there is no reason.
This is a solution to a nonproblem. I did not go to work last friday and say "boy I wish 1K was 1000 bytes". And anyway 1MiB=2^19.93156857 (Yuk!)
The problem is that having too many measurement standards may introduce problems. Remember the mars probe mission? 1MB=2^20 'nuff said. Go solve problems that need to be solved, and don't waste my time.
Almost every post is about why OS X does not have a future or why X11 is too bulky or why the poll results are wrong because of .
OS X has only a small fraction of the "desktop market" (whatever that is) and Linux probably has an even smaller fraction..45% or even 2% is a joke in comparison to Windows dominance in the market.
No matter how much you cry, wine, or lament this is a fact. The best thing to do is to stop whinning and use the desktops you love and if you have the skill attempt to improve the desktops you believe are worth supporting. OS wars are childish.
This article is irrelivant and reading this constant bickering makes my stomach turn.
Two major competing desktops is a bad thing. Thirty desktops is even worse. The problem is the deversion of talent and time needed to work on these platforms. I cannot contribute to one desktop without hurting the other.
Although my KDE apps work in GNOME and visa-versa it is hard for them to interoperate with the environment.
ie.Try loading a KDE app in GNOME it looks alien.
also: Try embedding a KDE control into a GNOME app and using an enlightenment theme in GNOME.
Even if you can find a way to do this how easy is it to program an app to do this?
I agree that competition is generally a good thing. But this form of competition has a price, the price of talentened hackers.
I believe with one environment businesses, engineers, and hackers can create a GUI platform that would rival XP or OS X.
Oh well there is nothing that can be done about this anyway but that is my 2 cents.
True but Id also makes money from licensing the use of their 3D engine. If you GPL it right away, there would be no incentive for other companies to pay for the use of the engine. (remember id also wants to make money)
This may not be the best for the opensource world but it is a sound business practice. This time release formula is a good practice other software companies should follow.
You don't code much do you? The point is that the environment you are given may not work as told.
This sounds like sloppy coding by trial-and-error, at its worst.
Not always:
Example: The hardware on device X has a timing hazard under conditions Y. Even if your code is perfect it will not work under every condition (that is the real world). So under that condition you do something that seems to have nothing to do with the design under normal condtions. Voila! Problem is solved your code is more robust.
In the land of make-believe you can just ask the hardware maker to recall their million+ units to fix your silly little issue, but we live in reality.
Those "ugly little hairs" may not make sense to the 10th maintainer on the project that was ported three platforms ago (Even if commented). I've seen alot of opensource code and some of its pretty damn unreadble. I've seen libraries given with no api reference or samples, drivers with no documentation, and the list goes on. I guess "real men" figure it out just by reading the source. While wasting hours trying to get the code to work in their project.
Poorly documented open source is just as closed as proprietary code.
Yeah, I would not even consider buying a cell/phone pda unless it was color and thinner than the treo.
Re:MS-DOS strings end with a '$'?
on
Lineo Frees CP/M
·
· Score: 1
It is well known that Gates added CP/M compatiablity in MS-DOS to gain instant market share. Wordstar and other popular CP/M applications could easily be ported to MS-DOS.
If I am not mistaken Wordstar was converted by changing one line in assembly maybe the int 20h->int 21h call.
I may not agree with Stallman on every issue, but for what it is worth I respect the fact that he has put his money where his mouth is.
People critisize Stallman for his free software only ideals, but do you have the strength or the resolve to do what he has done? He believes proprietary software/IP rights and the rights of software users are not compatible. Right or wrong he is worried about your rights as a software user and I could never understand how people could hate him so.
Try zone alarm it is free! Or grab a *nix box and set up ipchains (or a secure equivalent). Or you can try one of those routers with NAT for your security.
I am actually planning on using alternate forms of authentication such as fingerprint scanning to help prevent such attacts. Does any one know of a *nix supported product?
Slashdot Mirror
Schneier did not say that SOAP was not useful he implied that it was a security risk. Security and usefulness are not the same thing.
Network transparancy is masking remote services to look like local services. SOAP, sunRPC, SMB, NFS, network printing are all examples of that.
Good point!
The difference is that at least on the client side is that if I hack a website with SOAP web services the results can now affect the software running locally. Thus manipulating software on the client side to do things they were not intended to do.
The difference is subtle, with CGI programs attacks would affect the backend, deleting accounts, intercepting charge cards, outputting misinformation, etc.
With SOAP/CGI they can do all of that plus control the software running locally. And they could easily subvert the firewall at the same time.
That to me seems like a potential security problem to me.
While I do not think you are a troll, I think you have rushed to judgement without thinking clearly.
Schnier never said SOAP was a Microsoft product he said "Implementation of Microsoft SOAP...." The reason why web services are so convienent is because they can bypass inconvienent security devices by tunneling through other protocols such as HTTP/HTTPS. Embedding a control protocol (SOAP) in a data protocol (HTTP) is just as bad (security-wise) as macros in email documents.
It is not easy to disable SOAP services without disabling HTTP. Sure you can use a packet filter but that just adds another layer of issues to deal with.
Seperating IIS from one large service to a many smaller services is a good idea. If a flaw is found in ftp it will be less likely to hurt the http server.
Redoing the protocols does not make any sense from a business point of veiw. Adding new open standard protocols to IIS (leading by example), is a more logical idea.
Go to china town and pick up a fansubbed version to find out.
I don't know; I saw a fan subbed version of Cowboy Bebop before I saw the american. I felt that the vocal expressions of Spike and Ed had a lot more depth than the english voice actors. Not to say the english voice actors were not good. The japanese language seems just a little more emotionally expressive than english.
:>
I do not always watch the japanese version first, because you need to concentrate to watch it and it is easy to miss certain subtle details. Sometimes the english voice acting is so hollow that I have no choice but to watch it in japanese.
Maybe I should just learn japanese and watch anime in its raw form!
The reason I watch anime in the first place is because it is different than the mainstream. The stories range from amazing to extremely strange and unbelieveable.
Once you "mainstream" Anime you loose those qualities that make it such a great artform. Just look at the pokemon phenomenon. You take one unique anime and then market it to death. Now all you have are clones of pokemon-like garbage, because that is only thing that can be funded. It kills the artform.
In the USA parent groups like censoring everything, so that will be a problem as well. Watching the Japanese version of Dragon Ball Z and the funimation/cartoon network version is like watching two different shows.
Will shows like Cowboy Bebop, BoogiePop phantom, Serial Experiments Lain be funded in the new world of mainstream Anime. I think not.
I assume that the multiple VMs do not map directly to the hardware it runs on.
The user mode software is probably directly mapped and context switched in/out just like any other multitasking OS. The kernel mode drivers may just be gateways communicating with the host VM manager.
The OS on the VM uses virtual generic interfaces for the harddisks, networks, ttys, etc. Those generic interfaces talk to the VM manager to be mapped to the actual hardware. The I/O calls that are pending are probably optimized by the VM manager.
I assume this is how it is done. I could be wrong.
Poor people are going to be less likely to own a computer than, richer upper class people. Well Duh?
I cannot believe people even question the existence of the digital divide, it is something that anyone with reason could understand.
Why even bother categorizing this problem. There have been disenfranchised people since the day humans stopped hunting and gathering and turned to an agricultural system.
The problem with this article is that it assumes that the digital divide problem is software related. It is not even a hardware problem. The problem is poverty. Yes I do know that point is obivious! But it is a social problem that world leaders have failed to fight directly.
The problem is that politians constantly restate the problem of poverty by categorizing diffent it into different subsets. It is as if catogerizing poverty into different subpoints helps solve the problem. I think politicans and civil rights leaders are ill equipped to solve the problem directly, so they divide it into subpoints inorder not to be held accountable for their inablility to fight it.
A poor kid in the shanty town in South Africa with a computer, is still a poor kid.
By "bridging digital divide", you do nothing to address what caused the divide in the first place. "Bridging the digital divide" does nothing to affect the infrastructural problems that allow the poverty to exist in the first place. The resources that could be channeled into finding a soultion to poverty, are waisted in a futile effort.
I bet, when the radio started to overtake written forms of communication, people started to worry that there were not enough radios for everyone. Once the radio problem was solved, TV appeared. When there was a TV in every home, computers appeared an so-on. The problems derived from poverty are dynamic an complex, once you solve one, another appears. To solve only a subset, but not the root, is a futile effort at best.
We could wire every house in America, but without an infrastructure to support it, it will fall apart. In order fight poverty you have to provide the direct cause of the poverty not the results.
Yeah a simple analysis shows that the xbox_emulator.exe was written in Borland Delphi.
What a joke.
The least they could have done is copy the XBOX intro movie and play it while the user starts it up. They could have also accessed data the DVD-ROM drive to mimic data access. This is just stupid, not even worthy of an April fool jokes.
It is truely a hoax!!!
strings xbox.vxd |grep -in "wolfenstein"
8234:Wolfenstein-1
8471:has not been verified for use with Wolfenstein.
10212:Wolfenstein
It takes no longer than a minute to verify.
Shame on the slashdot maintainers for rushing this article.
If someone wants a resume in word format, just send it to them in html format. They will most likely be too ignorant to know the difference.
Now it could be a problem, when they send you stuff back in word format.
Just look up the specs on the PS1 controller/system. It might be easier to find. And the PS1 controller is compatible with the PS2.
Does anyone know any websites that talk about creating Quake 2 skins, and mods for the quake 2 engine?
Thanks in advance.
It is amazing what they could get away with in those days. They cut those offensive scenes in the repeats they show nowadays, but I will never forget them.
kin_korn_karn should not complain about the Japanese being xenophobic, while old looney-tunes as a counter example.
I will agree that anime stories tend to be confusing to the point of torture or nonexistent.
Although, when an anime story is written clearly, I believe it is usually experience I cannot find anywhere else. That is why I watch anime. The good anime usually overflows with creative and imaginative characters and environments.
I see you are a fan of the classic Warner Brothers cartoons. I remember when they were xenophobic and sometimes blatantly hateful to minorities. I remember for a time there was a stereotypical Aunt Jemima type character in Tom and Jerry.
I do agree that some Japanese need to improve on there veiw of the gaijin, but you cannot generalize the Japanese people based on your closed minded views.
Also the jerkiness is not necessarily a bad thing. The anime style is cheaper to make than the american style.
Jokes aside, the reason why no one will convert to metric bytes is because there is no reason.
This is a solution to a nonproblem. I did not go to work last friday and say "boy I wish 1K was 1000 bytes". And anyway 1MiB=2^19.93156857 (Yuk!)
The problem is that having too many measurement standards may introduce problems. Remember the mars probe mission? 1MB=2^20 'nuff said. Go solve problems that need to be solved, and don't waste my time.
Almost every post is about why OS X does not have a future or why X11 is too bulky or why the poll results are wrong because of .
.45% or even 2% is a joke in comparison to Windows dominance in the market.
OS X has only a small fraction of the "desktop market" (whatever that is) and Linux probably has an even smaller fraction.
No matter how much you cry, wine, or lament this is a fact. The best thing to do is to stop whinning and use the desktops you love and if you have the skill attempt to improve the desktops you believe are worth supporting. OS wars are childish.
This article is irrelivant and reading this constant bickering makes my stomach turn.
Two major competing desktops is a bad thing. Thirty desktops is even worse. The problem is the deversion of talent and time needed to work on these platforms. I cannot contribute to one desktop without hurting the other.
Although my KDE apps work in GNOME and visa-versa it is hard for them to interoperate with the environment.
ie.Try loading a KDE app in GNOME it looks alien.
also: Try embedding a KDE control into a GNOME app and using an enlightenment theme in GNOME.
Even if you can find a way to do this how easy is it to program an app to do this?
I agree that competition is generally a good thing. But this form of competition has a price, the price of talentened hackers.
I believe with one environment businesses, engineers, and hackers can create a GUI platform that would rival XP or OS X.
Oh well there is nothing that can be done about this anyway but that is my 2 cents.
I guess you do not write much kernel code. I see gotos all of the time high performance C code and interrupt handlers.
True but Id also makes money from licensing the use of their 3D engine. If you GPL it right away, there would be no incentive for other companies to pay for the use of the engine. (remember id also wants to make money)
This may not be the best for the opensource world but it is a sound business practice. This time release formula is a good practice other software companies should follow.
You don't code much do you? The point is that the environment you are given may not work as told.
This sounds like sloppy coding by trial-and-error, at its worst.
Not always:
Example: The hardware on device X has a timing hazard under conditions Y. Even if your code is perfect it will not work under every condition (that is the real world). So under that condition you do something that seems to have nothing to do with the design under normal condtions. Voila! Problem is solved your code is more robust.
In the land of make-believe you can just ask the hardware maker to recall their million+ units to fix your silly little issue, but we live in reality.
Those "ugly little hairs" may not make sense to the 10th maintainer on the project that was ported three platforms ago (Even if commented). I've seen alot of opensource code and some of its pretty damn unreadble. I've seen libraries given with no api reference or samples, drivers with no documentation, and the list goes on. I guess "real men" figure it out just by reading the source. While wasting hours trying to get the code to work in their project.
Poorly documented open source is just as closed as proprietary code.
Yeah, I would not even consider buying a cell/phone pda unless it was color and thinner than the treo.
It is well known that Gates added CP/M compatiablity in MS-DOS to gain instant market share. Wordstar and other popular CP/M applications could easily be ported to MS-DOS.
If I am not mistaken Wordstar was converted by changing one line in assembly maybe the int 20h->int 21h call.
Brillant move on MSFT's part.
I may not agree with Stallman on every issue, but for what it is worth I respect the fact that he has put his money where his mouth is.
People critisize Stallman for his free software only ideals, but do you have the strength or the resolve to do what he has done? He believes proprietary software/IP rights and the rights of software users are not compatible. Right or wrong he is worried about your rights as a software user and I could never understand how people could hate him so.
Try zone alarm it is free! Or grab a *nix box and set up ipchains (or a secure equivalent). Or you can try one of those routers with NAT for your security.
I am actually planning on using alternate forms of authentication such as fingerprint scanning to help prevent such attacts. Does any one know of a *nix supported product?