I mean seriously, are we going to get a "security researchers uncover HUGE NEW RISK in Windows N" story, for every damn piece of crud Microsoft haven't fixed from the previous versions.
The extension "exploit" was being used to spread malware for donkeys years, and any sensible user turns it off the minute they do a fresh install. Why MS haven't fixed the default is beyond me, but it's NOT new, NOT huge, and definately NOT news for nerds.
But they can't do that... that would be anti-competitive !
Damned if they do, damned if they don't.
Having said that, the fact that most infections are due to Windows poor design, the antivirus writers have made an absolute fortune off Microsofts's IP (Insecure Programming).
The thing is, when horse-and-carts became automobiles, human beings weren't required to rewrite their own biology, or grow an extra arm because the car designer moved all the controls behind the seat.
But every "upgrade" in just about every language I've come across usually requires massive rewrites or horrible conversion utilities that munge your once perfectly working code into a mess of spaghetti soup.
This breaking backward compatibility is just a way to sell more conversion software / services. Why should essentially a collection of cumulative security packages (once marketed as a new version), suddenly decide to reverse the syntax, or decide to use a different concatenation operator (I'm looking at you Perl 6).
One thing about Cantor's Diagonalization that bugs me, is that he speaks about an infinite list and then uses a transform to define elements that cannot be in the list.
Surely the whole point about a list of infinite size is that, by definition, it contains every possible permutation, and therefore nothing can be excluded.
So let's not do anything else, ever, regardless of the possible future benefits in huge CO2 emission savings, because of the potential to add some CO2 now !
Damn, your as bad as the gubmint with it's carbon credits nonsense.
How about we all go back to living in the trees ? Would that make you happy ?
I think the parent's point is that the data submitted to McAfee's database and subsequently rendered back out on the following page is PERSONAL data belonging to you, and is unlikely to be seen by anyone else.
It's like making a purchase online... at what point would anything you submitted (name, address, credit card number etc), be rendered back out for a third party to view ?
Notwithstanding it's a poorly designed website, the mitigation is that anything YOU submit is unlikely to cause a third party to fall foul of the XSS exploit.
And security researchers just love sensationalising these things (it gets them more business after all)... for me it's a bit of a non-story to be honest.
User submitted implies that he's talking about server side validation of the received POSTed data. Also he specifies that he is properly escaping dangerous characters before sending the response BACK to the browser.
No where could it be interpreted as client-side validation.
There's such a thing as "due diligence" before one company buys out another. So are you telling me that YouTube's former operators were running at a loss, and somehow hid this from Google's accountants before they bought it ?
Or perhaps just that Google didn't anticipate the explosion in storage requirements for all those videos ? Come on, they handle one of the biggest volumes of data in the world, and they didn't see THAT possibility ?
Sounds to me like it's more the current global downturn, i.e. even less people are making purchases online before, hence conversion on clickthrus is down. And indeed advertisers themselves are scaling back on the number of placements they do, also to save money.
Anyway, going back to the original point... I feel that even if they offer premium content, it's always going to be seen as more expensive than before, or indeed more expensive than simply torrenting it.
Once you run a free model, and later try to add on subscription services, it never works out. You have to do both from the outset, or not at all. Trying to crowbar it in now will just turn users to other sites.
This I feel is a good analogy to old fashioned snail mail.
A package gets delivered by mistake to your house, it is obviously intended (addressed) for someone else, but you open it anyway.
Regardless of whether the contents are legal or illegal (drugs, fake currency, or just a birthday card) etc., you are still comitting a crime by opening it. You'd be hard pressed to use the "I'm a researcher" defense on that one.
I mean, that implies that anyone intercepting a botnet's stolen data can simply claim "they didn't write it, they were just researching it".
Slashdot Mirror
I was using Skype on a 33.6k modem years ago ... AFAIK, it self-adjusts to the pipe available, so don't think it's the bandwidth that's the problem.
Mod +1 Educational.
That's the best explanation I've heard of protocol handshaking in a long time.
UDP says "here, take it" ... might make that my next sig ;-)
Win 95 called, they want their story back.
I mean seriously, are we going to get a "security researchers uncover HUGE NEW RISK in Windows N" story, for every damn piece of crud Microsoft haven't fixed from the previous versions.
The extension "exploit" was being used to spread malware for donkeys years, and any sensible user turns it off the minute they do a fresh install. Why MS haven't fixed the default is beyond me, but it's NOT new, NOT huge, and definately NOT news for nerds.
We knew you were right,
To say that it was too long
But they can't do that ... that would be anti-competitive !
Damned if they do, damned if they don't.
Having said that, the fact that most infections are due to Windows poor design, the antivirus writers have made an absolute fortune off Microsofts's IP (Insecure Programming).
What, you mean like Perl does ?
But I thought you all regarded Perl as an antiquated 90s dinosaur ?
Alanis called, she wants her song back.
The funny thing is, Perl apps that were written ten or even fifteen years ago still work. PHP code that was written LAST WEEK is already broken.
The thing is, when horse-and-carts became automobiles, human beings weren't required to rewrite their own biology, or grow an extra arm because the car designer moved all the controls behind the seat.
But every "upgrade" in just about every language I've come across usually requires massive rewrites or horrible conversion utilities that munge your once perfectly working code into a mess of spaghetti soup.
This breaking backward compatibility is just a way to sell more conversion software / services. Why should essentially a collection of cumulative security packages (once marketed as a new version), suddenly decide to reverse the syntax, or decide to use a different concatenation operator (I'm looking at you Perl 6).
One thing about Cantor's Diagonalization that bugs me, is that he speaks about an infinite list and then uses a transform to define elements that cannot be in the list.
Surely the whole point about a list of infinite size is that, by definition, it contains every possible permutation, and therefore nothing can be excluded.
But that's just me, IANAM.
So let's not do anything else, ever, regardless of the possible future benefits in huge CO2 emission savings, because of the potential to add some CO2 now !
Damn, your as bad as the gubmint with it's carbon credits nonsense.
How about we all go back to living in the trees ? Would that make you happy ?
Modern games often seem to be designed to let the player grind and grind, with nothing to actually win
There, fixed that for you.
I'll take the English Language for $200, Alex ...
"What do you do when you have constipation from watching too much politics on TV ?"
I will try to not use capitals in future, and find some other means of adding emphasis ;-)
Speaking of viruses, that's a nasty cold you've got there.
How do we thow
I think the parent's point is that the data submitted to McAfee's database and subsequently rendered back out on the following page is PERSONAL data belonging to you, and is unlikely to be seen by anyone else.
It's like making a purchase online ... at what point would anything you submitted (name, address, credit card number etc), be rendered back out for a third party to view ?
Notwithstanding it's a poorly designed website, the mitigation is that anything YOU submit is unlikely to cause a third party to fall foul of the XSS exploit.
And security researchers just love sensationalising these things (it gets them more business after all) ... for me it's a bit of a non-story to be honest.
User submitted implies that he's talking about server side validation of the received POSTed data. Also he specifies that he is properly escaping dangerous characters before sending the response BACK to the browser.
No where could it be interpreted as client-side validation.
It's a web page exploit, wtf does it have to do with Windows ?
Redirects work in all browsers, and while I can't speak for Firefox, at least MSIE 8 will warn you of a possible cross domain phishing attempt.
McAfee also make products for Linux and Apple you know.
Just another anti-ms troll who can't wait to make his mark on /.
Winslows is teh suxxors !!!
Pfft ... this page alone has 105 errors, and from my experience, doesn't display properly in ANY browser ...
Your point was ? That compliance with the w3c spec for HTML is somehow relevant to the interoperability of ODF in Microsoft products ?
Or perhaps you were just engaged in some random finger-pointing and "ha ha microsoft sucks" trollism ?
And the beauty is, if a cartridge springs a leak, you can always use the ink to dip your sushi in.
There's such a thing as "due diligence" before one company buys out another. So are you telling me that YouTube's former operators were running at a loss, and somehow hid this from Google's accountants before they bought it ?
Or perhaps just that Google didn't anticipate the explosion in storage requirements for all those videos ? Come on, they handle one of the biggest volumes of data in the world, and they didn't see THAT possibility ?
Sounds to me like it's more the current global downturn, i.e. even less people are making purchases online before, hence conversion on clickthrus is down. And indeed advertisers themselves are scaling back on the number of placements they do, also to save money.
Anyway, going back to the original point ... I feel that even if they offer premium content, it's always going to be seen as more expensive than before, or indeed more expensive than simply torrenting it.
Once you run a free model, and later try to add on subscription services, it never works out. You have to do both from the outset, or not at all. Trying to crowbar it in now will just turn users to other sites.
This I feel is a good analogy to old fashioned snail mail.
A package gets delivered by mistake to your house, it is obviously intended (addressed) for someone else, but you open it anyway.
Regardless of whether the contents are legal or illegal (drugs, fake currency, or just a birthday card) etc., you are still comitting a crime by opening it. You'd be hard pressed to use the "I'm a researcher" defense on that one.
I mean, that implies that anyone intercepting a botnet's stolen data can simply claim "they didn't write it, they were just researching it".
Hmm, if it was losing millions BEFORE Google bought it, the obvious question must be WHY did they buy it ?
Do we have to subscribe somewhere to find out what #2 and #1 are ?
How about a top 10 list of websites who are hopeless at compiling top 10 lists.
Honourable Mention - Underpants Gnomes
#10 PCAuthority
#2 ???
#1 Profit !!!
No knowledge of facts or law, twisting words, making up irrelevant stuff, and flailing about blindly in any discussion.
That sounds like EVERY politician I've ever known ... in which case, he WOULD make a great politician.
In all likelihood then Joe is a male, 18 to 45, with a stable job and plenty of disposable income.
He's a plumber, isn't he ?