The company who owns blender burned what, E10mil?, in the last 2 years... on what? I still remember the loudmouth directing the company telling everybody who wanted to hear it that blender would be so profitable... What did he do with all the funds he raised? Will the people who invested in the company be thrilled the source is sold for 100K? I don't think so.
Besides, blender the product, is ok, but the interface is so darn goofy it takes a hell of a lot of time to get used to it, especially when you compare it to the big boys in 3D world: 3DSMax, lightwave and Maya
Since when is a language which fixes a couple of serious flaws in Java 'mickeyware' ?
Oh, I see... It's not C++, so it must be stuff for kids or 'loonies' who think they are real programmers, right?
Grow up, kid. C# brings real type safety to the table + GC, which virtually eliminates the crap which bugs (pun intended) C++ code up till today and tomorrow. C++ is nice, but for most projects, it's just a language which requires too much overhead, too much typing (on the keyboard that is) and results in too complex code. Gee, Java and C# do a much better job in those areas. Limit yourself by choosing a language which holds you back in productivity, I don't care, nor do your competitors.
Sorry, but you don't know a lot about the x86 world with their OS-es. When you buy a system from, say, Dell, with OS, say, Windows XP, you get hardware and software that is thouroughly tested to work together well, on par or better than Apple's hw with their software. Where's the el cheapo x86 stuff you're referring to? Nowhere in sight.
Oh, and the Dell box with OS from a different vendor is way cheaper than the Apple solution. True, you're then not owning an Apple product, but not every person on this planet gets a woody by touching an apple keyboard.
Sharing INFORMATION is something different than sharing worddocuments. However a lot of people tend to think that 'information' should be stored in worddocuments, which then have to be harvested into databases and / or distributed by a CMS on top of that.
Why on earth would anyone start to hammering in texts into a worddocument when there will be no paper-version of the document, ever? There is no need for a wordprocessor to share information, on the contrary.
...and return 'true' or whatever value the check function should return. No matter how smart the protection is, the weak spot is where the code which checks if the copyprotection is in place is called and where the result of that code is examined. The copy protection code is then useless, and the game can be copied freely.
This is known for years, and still companies tend to invent smart copy protection schemes without addressing this weak spot.
So use it for this purpose, then hide the icon in program files/funny games/crap/IE or something:)
People really should read http://technet.microsoft.com more often and the security homepage where 'best practises' how-to's are linked which will explain which little registry tweaks and services should be disabled/enabled to prevent attacks.
Why not add a link to the patch as well, Slashdot?
on
Microsoft News Update
·
· Score: 5, Informative
But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.
(good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")
It's a great browser, however it uses the IE control to render the HTML. Dunno if that means that the vulnerabilities in IE will also be present in this browser, but it does come with some nice features missing from IE. I keep it!:)
Without InnoDB's betasoftware, does MySQL do: -Transactions? No. -Nested transactions? No. -Savepoints in transactions? No. -Triggers? No. -Nested triggers? haha... No. -User defined types? No. -User defined functions? No. -Views? No. -Indexed views? Haha... No. -Partitioned views (i.e. a view created from subviews retrieved from nodes in a cluster)? No. -Subselects? No. -Stored procedures? No. -Role based security? No.
In other words: it's nice when you don't need all the stuff above, but trust me, every decent mission critical application does need some or all of the stuff above. So a thread to big database vendors?
You should see some counseler, dude. I don't see the link between software making and afghanistan.
and FYI: I'm a far left wing participant, 'bombs back to the stone age' is an expression, it has nothing to do with death nor with war.
About the GPL: I don't agree with RMS' POV so I'll never choose a non-freedom license like the GPL.
About the GPL and some EULA: I live in the Netherlands, where like in other European countries, some judges have decide no EULA can bound a user of a product in its creativity, so the EULA can't limit me in what I do with what I create. And yes, GPL-ed software can't be using the.NET api. Not because MS doesn't want it, but because the viral part of the GPL which states that libs linked to the GPL-ed code should also be GPL-ed. In the case of the.NET api, this means that the.NET code also should be GPL-ed. Which is of course utterly stupid, because who am I to tell another company what to do?
(oh, and the same thing is valid for a piece of GPL-ed java code and Sun's non-GPL JVM + java api).
I just think VS.NET makes a hell of a difference when it comes to raw productivity, when you compare the total package with a combination of tools on Linux. That's all there is to say about the sig. I also think you should read more serious media and less rant'n'raves on trollsites like The Register.
ps: my OSS is solely for Win32/.NET and BSD licensed, but still open source.
The person who found the SSL flaw in IE (and thus in Windows) said in his first mail to the bugtraq mailing list that he didn't bother mentioning this to Microsoft because he didn't believe it would help anyway.
I can only say that this kind of stupid behaviour is ruining more people than it does any good. Yesterday Microsoft released a patch for SQLServer, the fix was for a flaw which was reported in late July. At the same day the patch was released, the person who found the bug mails to the bugtraq mailing list.
THAT's how it should be done.
And yes, some KDE developers fixed it in 90 minutes and MS hasn't come up with a patch. Who cares who comes first. With MS you can be sure it's tested on a large set of setups. With the KDE patch, you can be sure it's not tested on a large set of setups. It's a client side risk now, but in general, do you trust patches on mission cricital systems when it's not tested on a large amount of setups? I surely won't.
It seems that it isn't TOTALLY browser related. Verisign and Microsoft both know about this error, according to the people in the thread. It's a good read with a lot of detailed info about the flaw and where the flaw exactly is.
A service with no gui can't be exploited by this 'get handle for window and exploit it'-hack, stated in the article.
MS doesn't release services with a gui. Never. All services in windows coming from MS are gui-less, i.e.: the process ITSELF isn't opening a gui. Therefor the user has to open an application, thus it runs under the user's SID, to communicate with the service, via a process-communication scheme.
Yes, but who's fault is it? Not MS'!
on
Shattering Windows
·
· Score: 4, Insightful
When I put a service on Win2k, running under 'System' and that service listens to a port and executes all the crap that is posted to that port, is it MS' fault? No. It's the fault of the developer of the service.
Now, under win32, the application you start, runs under the user you log in with. The virusscanner window in the example, SHOULD run under the user that is logged in, but instead, it's a GUI created from the service, running under 'System'.
Bad programming. Not from Microsoft, but from the Virusscanner developer. They should have created, AS stated by MS, a GUI less service (the virusscanner engine) and a GUI application which talks to that service via a named pipe or any other process communication mechanism. That GUI should then be started by the logged in user (since that user sees the gui and works with it), so there wouldn't have been ANY flaw like this, since the GUI isn't ran under 'System', but under the user who's logged in, in the example the 'guest' account.
It sounds serious, it's absolutely nothing.
Oh, and it takes a local user to exploit it. Get a huge hammer and give it to the local user. Ask that user to smash the computer. There ya go, a DoD attack which isn't fixable, you can get that attack-script at any hardwarestore.
To all the people whining about how crappy hotmail is:
Read aloud: "It's a free service, I get what I paid for".
If you want good quality webmail/email, hook up with an ISP who delivers that webmail/email for you. Yes, that probably will cost you money, but the last time I checked, my groceries weren't free either.
If you're dutch or from belgium: check out XS4all. This ISP has webmail, plus they have an antispam service, which lets you create a shadow mailbox which is used to dump the spam in (i.e.: you can check it if the filters have moved some mail as spam but it is legitimate). The filters use all blacklists available and some other sophisticated mailfilters. I received 25 spammails per day or so on my account there, and after I applied the filters this dropped down to 0.0. Especially the filters to block.cn and.tw originating domains was a good one.:)
You can run SQLServer under any account you want, just select a different user in the services snap-in. If you read the 'best practises' documentation on the MS Security website you'll learn these kind of small things.
You can also do that for IIS, plus you can select for each website which user should be used to run the website under, which can then be used to connect to f.e. SQLServer. It's easy:)
And why's that? WSDL isn't MS proprietry language, it's a standard defined by many companies, and should be used with UDDI, currently in v2.0..NET is a framework which IS ready for primetime, because it offers all the functionality needed to build mission critical applications which have to serve thousands of users.
So, f00zbll, show me the beef where.NET falls short when it comes to delivering what's promised.
ps: I develop a lot of.NET software, I know what I'm talking about.
It's not a magic bullet as in 'take this pill and you're free of trouble!', but it's a great start to finally do something about it.
What I find fascinating is that when it comes to the lack of help provided by C++ for the programmer, the frase 'but it's the sloppy programmer!' comes up a lot as the possible reason why programs written in C++ have memleaks and other crappyness.
This is totally a proof a lot of people are 'in denial'. True, memory leaks are possible in Java and f.e. also in.NET (CLR boxing stuff can lead to memleaks, albeit small), but most developers using these platforms like Java and.NET will not create code that can lead to a memleak or buffer overflows, stackcorruption, memory corruption etc.
C++ forces the developer to create EXTRA code to make it run perfectly (i.e.: without memleaks, stack corruption etc). To me, that's fine when there is no other choice (read: technology isn't on a level where a RTE can be fault tolerant and fault preventing) but in 2002, technology IS at that level where RTE's will make sure developers don't make mistakes and languages using these RTE's are nowadays able to provide a working environment for the developer where that developer doesn't have to write that EXTRA code to make the logic run correctly, that's already in place, provided by the language/compiler combo and / or the RTE.
Perhaps C++ will get extended to meet those requirements, but I fear a lot of those self-called 'Elitists' now using C++ will not use these extra features simply because (according to them) then 'everybody' can use C++ and thus C++ will 'degrade' to a language of choice for the 'average' programmer, not stay a divider of who's good and who's not.
No offence, but if you need a 3rd party tool to check if the output of the compiler, which was produced after the compiler found that the input (your code) was correct, is correct, perhaps it's time to take a step back and think about a better solution that will fix what I call the 'weak spot' of C++: you have too many stuff to take care of, it backfires on you.
Today, the software that's used to develop software should be there to help developers write solid code from the start without overhead, without the necessity to program the plumbing code which makes your program logic run in the first place.
Some people here have suggested that GC is a better solution than just feed your compiled binary to another tool in the chain of tools and I agree. When you look at.NET and the Java platform, you'll see that there isn't a necessity for the overhead you have to program with C++, so there's also no need for tools like purify or valgrind.
For solutions where C++ is the only way to go, it's probably a welcome addition to the set of tools to work with, but for C++ in general it isn't IMHO, it only shows where C++ should be improved, or better: where the RTE of C++ should be improved so these tools are obsolete in the future.
Slashdot Mirror
The company who owns blender burned what, E10mil?, in the last 2 years... on what? I still remember the loudmouth directing the company telling everybody who wanted to hear it that blender would be so profitable... What did he do with all the funds he raised? Will the people who invested in the company be thrilled the source is sold for 100K? I don't think so.
Besides, blender the product, is ok, but the interface is so darn goofy it takes a hell of a lot of time to get used to it, especially when you compare it to the big boys in 3D world: 3DSMax, lightwave and Maya
Since when is a language which fixes a couple of serious flaws in Java 'mickeyware' ?
Oh, I see... It's not C++, so it must be stuff for kids or 'loonies' who think they are real programmers, right?
Grow up, kid. C# brings real type safety to the table + GC, which virtually eliminates the crap which bugs (pun intended) C++ code up till today and tomorrow. C++ is nice, but for most projects, it's just a language which requires too much overhead, too much typing (on the keyboard that is) and results in too complex code. Gee, Java and C# do a much better job in those areas. Limit yourself by choosing a language which holds you back in productivity, I don't care, nor do your competitors.
Sorry, but you don't know a lot about the x86 world with their OS-es. When you buy a system from, say, Dell, with OS, say, Windows XP, you get hardware and software that is thouroughly tested to work together well, on par or better than Apple's hw with their software. Where's the el cheapo x86 stuff you're referring to? Nowhere in sight.
Oh, and the Dell box with OS from a different vendor is way cheaper than the Apple solution. True, you're then not owning an Apple product, but not every person on this planet gets a woody by touching an apple keyboard.
Sharing INFORMATION is something different than sharing worddocuments. However a lot of people tend to think that 'information' should be stored in worddocuments, which then have to be harvested into databases and / or distributed by a CMS on top of that.
Why on earth would anyone start to hammering in texts into a worddocument when there will be no paper-version of the document, ever? There is no need for a wordprocessor to share information, on the contrary.
...and return 'true' or whatever value the check function should return. No matter how smart the protection is, the weak spot is where the code which checks if the copyprotection is in place is called and where the result of that code is examined. The copy protection code is then useless, and the game can be copied freely.
This is known for years, and still companies tend to invent smart copy protection schemes without addressing this weak spot.
So use it for this purpose, then hide the icon in program files/funny games/crap/IE or something :)
People really should read http://technet.microsoft.com more often and the security homepage where 'best practises' how-to's are linked which will explain which little registry tweaks and services should be disabled/enabled to prevent attacks.
http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-045.asp
But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.
(good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")
It's a great browser, however it uses the IE control to render the HTML. Dunno if that means that the vulnerabilities in IE will also be present in this browser, but it does come with some nice features missing from IE. I keep it! :)
Without InnoDB's betasoftware, does MySQL do:
-Transactions? No.
-Nested transactions? No.
-Savepoints in transactions? No.
-Triggers? No.
-Nested triggers? haha... No.
-User defined types? No.
-User defined functions? No.
-Views? No.
-Indexed views? Haha... No.
-Partitioned views (i.e. a view created from subviews retrieved from nodes in a cluster)? No.
-Subselects? No.
-Stored procedures? No.
-Role based security? No.
In other words: it's nice when you don't need all the stuff above, but trust me, every decent mission critical application does need some or all of the stuff above. So a thread to big database vendors?
No Fscking Way.
You should see some counseler, dude. I don't see the link between software making and afghanistan.
.NET api. Not because MS doesn't want it, but because the viral part of the GPL which states that libs linked to the GPL-ed code should also be GPL-ed. In the case of the .NET api, this means that the .NET code also should be GPL-ed. Which is of course utterly stupid, because who am I to tell another company what to do?
and FYI: I'm a far left wing participant, 'bombs back to the stone age' is an expression, it has nothing to do with death nor with war.
About the GPL: I don't agree with RMS' POV so I'll never choose a non-freedom license like the GPL.
About the GPL and some EULA: I live in the Netherlands, where like in other European countries, some judges have decide no EULA can bound a user of a product in its creativity, so the EULA can't limit me in what I do with what I create. And yes, GPL-ed software can't be using the
(oh, and the same thing is valid for a piece of GPL-ed java code and Sun's non-GPL JVM + java api).
I just think VS.NET makes a hell of a difference when it comes to raw productivity, when you compare the total package with a combination of tools on Linux. That's all there is to say about the sig. I also think you should read more serious media and less rant'n'raves on trollsites like The Register.
ps: my OSS is solely for Win32/.NET and BSD licensed, but still open source.
The person who found the SSL flaw in IE (and thus in Windows) said in his first mail to the bugtraq mailing list that he didn't bother mentioning this to Microsoft because he didn't believe it would help anyway.
I can only say that this kind of stupid behaviour is ruining more people than it does any good. Yesterday Microsoft released a patch for SQLServer, the fix was for a flaw which was reported in late July. At the same day the patch was released, the person who found the bug mails to the bugtraq mailing list.
THAT's how it should be done.
And yes, some KDE developers fixed it in 90 minutes and MS hasn't come up with a patch. Who cares who comes first. With MS you can be sure it's tested on a large set of setups. With the KDE patch, you can be sure it's not tested on a large set of setups. It's a client side risk now, but in general, do you trust patches on mission cricital systems when it's not tested on a large amount of setups? I surely won't.
http://online.securityfocus.com/archive/1/286893/2 002-08-05/2002-08-11/1 (opens in new window).
It seems that it isn't TOTALLY browser related. Verisign and Microsoft both know about this error, according to the people in the thread. It's a good read with a lot of detailed info about the flaw and where the flaw exactly is.
dike-stra is much like it, not totally, but the 'ij' sound is very typical for the dutch language, so there is no similar sound in English.
:)
'Wybe' is pronounced as 'Wee-buh' where the 'wee' part is a short sound, not a long weeeeeee
A service with no gui can't be exploited by this 'get handle for window and exploit it'-hack, stated in the article.
MS doesn't release services with a gui. Never. All services in windows coming from MS are gui-less, i.e.: the process ITSELF isn't opening a gui. Therefor the user has to open an application, thus it runs under the user's SID, to communicate with the service, via a process-communication scheme.
When I put a service on Win2k, running under 'System' and that service listens to a port and executes all the crap that is posted to that port, is it MS' fault? No. It's the fault of the developer of the service.
Now, under win32, the application you start, runs under the user you log in with. The virusscanner window in the example, SHOULD run under the user that is logged in, but instead, it's a GUI created from the service, running under 'System'.
Bad programming. Not from Microsoft, but from the Virusscanner developer. They should have created, AS stated by MS, a GUI less service (the virusscanner engine) and a GUI application which talks to that service via a named pipe or any other process communication mechanism. That GUI should then be started by the logged in user (since that user sees the gui and works with it), so there wouldn't have been ANY flaw like this, since the GUI isn't ran under 'System', but under the user who's logged in, in the example the 'guest' account.
It sounds serious, it's absolutely nothing.
Oh, and it takes a local user to exploit it. Get a huge hammer and give it to the local user. Ask that user to smash the computer. There ya go, a DoD attack which isn't fixable, you can get that attack-script at any hardwarestore.
2 days ago I saw at www.worthplaying.com a banner which clearly had the text 'Duke Nukem Forever: pre-order NOW!'.
:) I bet the latter.
Apparantly it's almost done... or a scam
To all the people whining about how crappy hotmail is:
.cn and .tw originating domains was a good one. :)
Read aloud:
"It's a free service, I get what I paid for".
If you want good quality webmail/email, hook up with an ISP who delivers that webmail/email for you. Yes, that probably will cost you money, but the last time I checked, my groceries weren't free either.
If you're dutch or from belgium: check out XS4all. This ISP has webmail, plus they have an antispam service, which lets you create a shadow mailbox which is used to dump the spam in (i.e.: you can check it if the filters have moved some mail as spam but it is legitimate). The filters use all blacklists available and some other sophisticated mailfilters. I received 25 spammails per day or so on my account there, and after I applied the filters this dropped down to 0.0. Especially the filters to block
You can run SQLServer under any account you want, just select a different user in the services snap-in. If you read the 'best practises' documentation on the MS Security website you'll learn these kind of small things.
:)
You can also do that for IIS, plus you can select for each website which user should be used to run the website under, which can then be used to connect to f.e. SQLServer. It's easy
LOL :)
.NET is a framework which IS ready for primetime, because it offers all the functionality needed to build mission critical applications which have to serve thousands of users.
.NET falls short when it comes to delivering what's promised.
.NET software, I know what I'm talking about.
And why's that? WSDL isn't MS proprietry language, it's a standard defined by many companies, and should be used with UDDI, currently in v2.0.
So, f00zbll, show me the beef where
ps: I develop a lot of
If costs are an issue, look at what DB2 and Oracle will cost you. Everything comes with a price, never forget that.
Win2k support isn't dropped next april. It's supported till 2007.
It's worlds number 1 database system, and you want to get rid of it?
*WHY* ?
It has everything you want, is rocksolid and lightingfast. Ok it's expensive, but you already have it.
It's not a magic bullet as in 'take this pill and you're free of trouble!', but it's a great start to finally do something about it.
.NET (CLR boxing stuff can lead to memleaks, albeit small), but most developers using these platforms like Java and .NET will not create code that can lead to a memleak or buffer overflows, stackcorruption, memory corruption etc.
What I find fascinating is that when it comes to the lack of help provided by C++ for the programmer, the frase 'but it's the sloppy programmer!' comes up a lot as the possible reason why programs written in C++ have memleaks and other crappyness.
This is totally a proof a lot of people are 'in denial'. True, memory leaks are possible in Java and f.e. also in
C++ forces the developer to create EXTRA code to make it run perfectly (i.e.: without memleaks, stack corruption etc). To me, that's fine when there is no other choice (read: technology isn't on a level where a RTE can be fault tolerant and fault preventing) but in 2002, technology IS at that level where RTE's will make sure developers don't make mistakes and languages using these RTE's are nowadays able to provide a working environment for the developer where that developer doesn't have to write that EXTRA code to make the logic run correctly, that's already in place, provided by the language/compiler combo and / or the RTE.
Perhaps C++ will get extended to meet those requirements, but I fear a lot of those self-called 'Elitists' now using C++ will not use these extra features simply because (according to them) then 'everybody' can use C++ and thus C++ will 'degrade' to a language of choice for the 'average' programmer, not stay a divider of who's good and who's not.
No offence, but if you need a 3rd party tool to check if the output of the compiler, which was produced after the compiler found that the input (your code) was correct, is correct, perhaps it's time to take a step back and think about a better solution that will fix what I call the 'weak spot' of C++: you have too many stuff to take care of, it backfires on you.
.NET and the Java platform, you'll see that there isn't a necessity for the overhead you have to program with C++, so there's also no need for tools like purify or valgrind.
Today, the software that's used to develop software should be there to help developers write solid code from the start without overhead, without the necessity to program the plumbing code which makes your program logic run in the first place.
Some people here have suggested that GC is a better solution than just feed your compiled binary to another tool in the chain of tools and I agree. When you look at
For solutions where C++ is the only way to go, it's probably a welcome addition to the set of tools to work with, but for C++ in general it isn't IMHO, it only shows where C++ should be improved, or better: where the RTE of C++ should be improved so these tools are obsolete in the future.
He did quite a lot of work on the front of visual programming and came up with a lot of programming languages which are definitely worth a look.
Check out the page: http://wouter.fov120.com/proglang/index.html.