A serious problem with dumping Sun's Java into OpenOffice is that it limits portability. If you want to port OpenOffice to a platform that Sun doesn't support, you have a major problem.
GCC supports far more CPU and OS targets than Java does. Worse, with proprietary software, targets can be suddenly dropped. Windows NT once supported PowerPC, DEC Alpha, MIPS, and x86. If you bought an Itanium, you're out in the cold now, too.
Anybody who calls themself "drunkenblog" isn't going to be taken seriously.
The real analysis of CherryOS and VX30 is on Tliquest. The "drunkenblog" guy just took excerpts from there.
What's so wierd about the VX30 mess is that they've apparently developed a reasonably decent video player written in Java. (It's not "playerless"; the player is a Java applet.) Which anyone can download. "VX30" is just the encoder.
The player is at "http://movies.mxsinc.com/NewHome/vxmPlayer.jar".
It's clear that Google is gearing up for a crackdown on search engine spamming. They've already started to kill off "link farms". They're checking spam blacklists. And they're not stopping there.
Note that Google is now looking at domain ownership information. This may result in a much lower level of bogus information in domain registrations. It's probably a good idea to make sure that your domain registration information, business license, D&B rating, on-site contact info, and SSL certificates all match.
"Domain cloaking" will probably mean that you don't appear anywhere the top in Google. So that's on the way out.
The whole concept of browsers installing executables is just wrong. Microsoft created Active-X as a way to make sites incompatible with non-IE browsers and to fight Java, not because it was a useful idea. So then Mozilla goes and implements their own answer to Active-X for downloading and installing executable add-ons. Then Apple does the same.
Then these downloaded executables then get run with all the user's privileges, not in a jail or sandbox.
Java may not be perfect, but at least Sun understood they had to run applets with less privileges than user applications.
Live Shot has been talking this up for a year, and it's still not on line. All they have is target practice with paper targets. It's vaporware. Like Hunt for Bambi.
Although bringing those two concepts together has real potential for a porno site...
this problem is equivalent to xpinstall having a buffer overflow exploit which allows code execution.
No, it's not. This isn't anything subtle like a buffer overflow. This exploit uses standard features to download an executable (which shouldn't be allowed) and then execute it (even worse). This is a designed-in hole. It passed Mozilla's code review on April 9, 2002.
Personally, i'm all for removing extensibility of firefox, dropping support for helper applications and external view source. are you really a proponent of such things?
Yes. The Netscape/Mozilla "browser as platform" thing didn't work out. That's why Firefox exists. Firefox has legacy code from the Mozilla era, and much of it needs to come out.
In general, it's best to avoid buying online from companies in Florida, even if they're not spammers. The overall level of criminality is just too high.
This exploit will work on Linux and MacOS, too, if anybody bothers to write an attack for them.
The basic problem is that the Mozilla developers, in their futile attempt to create a "platform", put in a mechanism comparable to Active-X - a way to dynamically download executable programs. Of course, they tried to make sure this "feature" could not be used for purposes of evil. Like Microsoft, they failed.
Understand, this isn't subtle. The code uses built-in Mozilla JavaScript extensions to create a local file in a very straightforward way. It then calls "nsILocalFile::launch()" (which does exactly what you think it does) to launch it. Those are capabilities that shouldn't be in a browser's JavaScript engine at all.
Having designed in a potential security hole big enough to drive a semitrailer through, they tried to make it "secure" with the usual crap approaches - signatures, lists of trusted sites, and disabling for certain types of URLs. They failed. They forgot to make those checks for "favicon.ico" files (Mozilla's implementation of a Microsoft icon-in-the-toolbar gimmick.)
Plugging that hole is not the answer. The problem is more fundamental. "nsILocalFile::launch()" needs to be removed. Browsers have no business launching arbitrary executable programs. Period.
If that's what you really want, you can buy a passive backplane and plug in CPU and peripheral boards, up to and including dual Xeons Passive backplanes are used in specialized industrial applications, and will cost you far more than a "loaded" motherboard. This is not something desktop users buy. But they do exist.
The first "intelligent graphical user interface" was probably General Railway Signal's NX system, in 1937. Interlocking systems, which prevented setting signals and switches in incorrect ways, predated NX, but NX was the first system that went beyond interlocking to actually helping the user do things.
The dispatcher selected a train, and NX would light up all the potential routes the train could take, taking into account all conflicts. The dispatcher could then select a route, and NX would set and lock all the switches and signals for that route, releasing the resources as the train passed. This was the birth of "user-friendly" systems.
The first computerized system with a GUI was SAGE,
the air defense system. This had CRTs and pointing devices in 1958. The pointing device was a light gun, and it really looked like a gun. This was appropriate, because, in the appropriate modes, pulling the trigger on the light gun could launch a surface to air missile.
There were a number of graphical CAD systems well before the PARC effort. Sutherland's Sketchpad, in 1963, was the first prototype. The General Motors DAC-1, in 1964, was the first commercial one.
The PLATO system, a very early computer-based instruction system, was demoed in 1960, but, like most of the other systems of that era, tied up a whole mainframe for one user. Plato was gradually scaled up - by 1967, there were special plasma flat panel displays (red only) and time-shared access.
So by the early 1970s, there were quite a few GUI projects that worked. They just cost too much.
Getting the cost down took a while. The early minicomputer-based workstations like the Alto were in the $25-50K range. The UNIX workstations of the early 1980s (Sun, Apollo, PERQ) were in that price range. The original Apple Lisa, a good but expensive machine, cost $10K. The original cost-reduced Macintosh was around $2500, and, lacking a hard drive, it really wasn't very useful. Not until the Macintosh was built up to a reasonable hardware level (512K and a hard drive) could you really get any work done with it.
By then, in the late 1980s, the hardware was finally ready. You could get a megabyte of memory, a bit-mapped display, a reasonable CPU, and a hard drive in a desktop box for under $3K.
At which point Microsoft moved into the field.
It's easy to make and install only because the cylinder sections fit through a standard doorway. If the cylinder is made big enough for a wheelchair, the sections become too big to get into most houses.
They're planning a larger version, but it will usually be installed in new houses during construction.
Residential elevators have been around for years, but they require more on-premises assembly and customization.
Google's "help wanted" ads
on
Gates on Google
·
· Score: 2, Interesting
What they're actually referring to is Google's practice of using their AdWords system for recruiting. If you search Google for obscure, advanced topics in computer science, a Google employment ad may appear.
For this to be a useful optimization, you have to have a web page where 1) the web page really has to be generated from a database, 2) the options for the SELECT vary enough that they need to be retrieved from a database, 3) the specific page is loaded enough that cacheing is helpful, 4) the number of different pages with this issue is moderate, and 5) traffic is high enough that any of this matters.
That combination isn't all that common.
The more likely situation is that the Java fanatics got carried away and generated every page dynamically, whether it needed to be or not, and as a result, the server is choking.
While its true that gallium appears to be not very toxic on its own, it is also true that extensive tests of gallium's toxicity on humans has not been done.
Yes, it has. Gallium-67, a radioactive isotope of gallium, is routinely injected for medical diagnostic tests. Some gallium compounds have some toxicity, but the pure metal is mostly harmless.
"Metallic gallium as well as the nitrate produced no skin injury, and subcutaneous injections of relatively large amounts could be tolerated both by rabbits and rats without evidence of injury."
"Solid gallium can be picked up with ordinary housekeeping utensils. Liquid gallium should have cold water spilled on it to solidify it."
As geeks, we LOVED Card because he wrote about Ender Wiggin; a very bright young boy who could not get along with his peers because of his intellectual capacity.
Actually, "Ender's Game" reminded me of Heinlein's juveniles. And his idea of military strategy is a joke.
Armchair generals talk strategy. Real generals talk logistics. Read "Moving Mountains", by Gen. Gus Pagonis, the head logistician for Desert Storm. If you can get most of the right stuff to the right place at the right time before the battle, and the other side can't, you usually win the big battles.
If it weren't for Microsoft endless Direct-X N upgrades, everything would just run OpenGL 2, which is well-defined, stable, and supports everything the current generation of hardware can do, including pixel and vertex shaders.
Microsoft created the upgrade problem to churn the customer base. It's purely a Microsoft-created problem.
Gallium would be a good choice for metal cooling. Melts at 29C. Non-toxic. Non-flammable. Costs about $550/Kg, so you'd probably have $50-$100 of metal in a cooling loop.
Magnetic pumping of liquid metal is a standard practice. You run a current through the metal in the transverse direction, and put it in a DC magnetic field. This induces a force proportional to the cross product of the field and the current.
No moving parts, and no seals to leak.
The whole concept is probably pointless, but quite possible.
I just realized that spam filtering has been blocking my subscription to California emergency incident reports. I've been missing weather and power warnings.
GCC supports far more CPU and OS targets than Java does. Worse, with proprietary software, targets can be suddenly dropped. Windows NT once supported PowerPC, DEC Alpha, MIPS, and x86. If you bought an Itanium, you're out in the cold now, too.
The real analysis of CherryOS and VX30 is on Tliquest. The "drunkenblog" guy just took excerpts from there.
What's so wierd about the VX30 mess is that they've apparently developed a reasonably decent video player written in Java. (It's not "playerless"; the player is a Java applet.) Which anyone can download. "VX30" is just the encoder.
The player is at "http://movies.mxsinc.com/NewHome/vxmPlayer.jar".
In other news, there are reports of books on "CCNA Certification" which tell hackers how to take control Cisco's internal router software.
Note that Google is now looking at domain ownership information. This may result in a much lower level of bogus information in domain registrations. It's probably a good idea to make sure that your domain registration information, business license, D&B rating, on-site contact info, and SSL certificates all match.
"Domain cloaking" will probably mean that you don't appear anywhere the top in Google. So that's on the way out.
Then these downloaded executables then get run with all the user's privileges, not in a jail or sandbox. Java may not be perfect, but at least Sun understood they had to run applets with less privileges than user applications.
Although bringing those two concepts together has real potential for a porno site...
No, it's not. This isn't anything subtle like a buffer overflow. This exploit uses standard features to download an executable (which shouldn't be allowed) and then execute it (even worse). This is a designed-in hole. It passed Mozilla's code review on April 9, 2002.
Personally, i'm all for removing extensibility of firefox, dropping support for helper applications and external view source. are you really a proponent of such things?
Yes. The Netscape/Mozilla "browser as platform" thing didn't work out. That's why Firefox exists. Firefox has legacy code from the Mozilla era, and much of it needs to come out.
"As seen on TV! Click here to install the patch Microsoft announced on TV last night!".
In general, it's best to avoid buying online from companies in Florida, even if they're not spammers. The overall level of criminality is just too high.
The basic problem is that the Mozilla developers, in their futile attempt to create a "platform", put in a mechanism comparable to Active-X - a way to dynamically download executable programs. Of course, they tried to make sure this "feature" could not be used for purposes of evil. Like Microsoft, they failed.
Understand, this isn't subtle. The code uses built-in Mozilla JavaScript extensions to create a local file in a very straightforward way. It then calls "nsILocalFile::launch()" (which does exactly what you think it does) to launch it. Those are capabilities that shouldn't be in a browser's JavaScript engine at all.
Having designed in a potential security hole big enough to drive a semitrailer through, they tried to make it "secure" with the usual crap approaches - signatures, lists of trusted sites, and disabling for certain types of URLs. They failed. They forgot to make those checks for "favicon.ico" files (Mozilla's implementation of a Microsoft icon-in-the-toolbar gimmick.)
Plugging that hole is not the answer. The problem is more fundamental. "nsILocalFile::launch()" needs to be removed. Browsers have no business launching arbitrary executable programs. Period.
If that's what you really want, you can buy a passive backplane and plug in CPU and peripheral boards, up to and including dual Xeons Passive backplanes are used in specialized industrial applications, and will cost you far more than a "loaded" motherboard. This is not something desktop users buy. But they do exist.
The first computerized system with a GUI was SAGE, the air defense system. This had CRTs and pointing devices in 1958. The pointing device was a light gun, and it really looked like a gun. This was appropriate, because, in the appropriate modes, pulling the trigger on the light gun could launch a surface to air missile.
There were a number of graphical CAD systems well before the PARC effort. Sutherland's Sketchpad, in 1963, was the first prototype. The General Motors DAC-1, in 1964, was the first commercial one.
The PLATO system, a very early computer-based instruction system, was demoed in 1960, but, like most of the other systems of that era, tied up a whole mainframe for one user. Plato was gradually scaled up - by 1967, there were special plasma flat panel displays (red only) and time-shared access.
So by the early 1970s, there were quite a few GUI projects that worked. They just cost too much.
Getting the cost down took a while. The early minicomputer-based workstations like the Alto were in the $25-50K range. The UNIX workstations of the early 1980s (Sun, Apollo, PERQ) were in that price range. The original Apple Lisa, a good but expensive machine, cost $10K. The original cost-reduced Macintosh was around $2500, and, lacking a hard drive, it really wasn't very useful. Not until the Macintosh was built up to a reasonable hardware level (512K and a hard drive) could you really get any work done with it.
By then, in the late 1980s, the hardware was finally ready. You could get a megabyte of memory, a bit-mapped display, a reasonable CPU, and a hard drive in a desktop box for under $3K. At which point Microsoft moved into the field.
They're planning a larger version, but it will usually be installed in new houses during construction.
Residential elevators have been around for years, but they require more on-premises assembly and customization.
I'd love to see spammers investigated by the people who did America's Dumbest Criminals.
A lightsaber is a chainsaw redesigned by frogdesign.
Are any of these blocked in your area?
What they're actually referring to is Google's practice of using their AdWords system for recruiting. If you search Google for obscure, advanced topics in computer science, a Google employment ad may appear.
The more likely situation is that the Java fanatics got carried away and generated every page dynamically, whether it needed to be or not, and as a result, the server is choking.
Yes, it has. Gallium-67, a radioactive isotope of gallium, is routinely injected for medical diagnostic tests. Some gallium compounds have some toxicity, but the pure metal is mostly harmless.
"Metallic gallium as well as the nitrate produced no skin injury, and subcutaneous injections of relatively large amounts could be tolerated both by rabbits and rats without evidence of injury."
"Solid gallium can be picked up with ordinary housekeeping utensils. Liquid gallium should have cold water spilled on it to solidify it."
Actually, "Ender's Game" reminded me of Heinlein's juveniles. And his idea of military strategy is a joke.
Armchair generals talk strategy. Real generals talk logistics. Read "Moving Mountains", by Gen. Gus Pagonis, the head logistician for Desert Storm. If you can get most of the right stuff to the right place at the right time before the battle, and the other side can't, you usually win the big battles.
Microsoft created the upgrade problem to churn the customer base. It's purely a Microsoft-created problem.
Orson Scott Card said that?
Magnetic pumping of liquid metal is a standard practice. You run a current through the metal in the transverse direction, and put it in a DC magnetic field. This induces a force proportional to the cross product of the field and the current. No moving parts, and no seals to leak.
The whole concept is probably pointless, but quite possible.
Possible, yes. In this case, no. The Free Software Foundation is a Massachusetts corporation.
I just realized that spam filtering has been blocking my subscription to California emergency incident reports. I've been missing weather and power warnings.