It's a new version of CE, 3.0, along with the new apps, mainly, although for the most part, the devices for it will be new ones (while a few are the old devices with new ROM chips, which will let the current users of those models upgrade via a new ROM). Pocket Internet Explorer (PIE...mmmmm, pie...) is new for the palm-sized devices, although other browsers have been available, and PIE, like Pocket Excel and Pocket Word, was available for the handheld-style models (the ones with keyboards). Other than the OS upgrade, the PocketPCs introduce Word, Excel, IE, MS Reader, and MS Money. All the reports say that it also introduces MS Streets and Windows Media Player, but these have already been available to the current users.
Oh, don't get me wrong, I wasn't bitching at you, just griping about publications, especially Ziff-Davis ones -- if they're reporting on advances to the PDAs, they should know which things are actually improvements, and which ones are already available. (Actually, someone pointed the same thing out in one of the recent ZDnet talkbacks, and no, he and I aren't the same person, so don't send your Slashdot hate mail to that guy;) ).
Now, on to your question, 'cause I'm not one of those usual Slashdot interview snob types who only answers questions which were moderated to a 5!.:)
First off, I can't speak for any of the other CE devices, because the Cassiopeia 105's the only one I've used. That said, I did a good bit of research before buying, and this model is considered the top of the line of the Palm-sized CE devices by a lot of different sources (not all, of course). I've got a Palm Pilot and a Palm III, and I've used the Palm Vx before, and I just can't imagine going back. It's got all the data-tracking tools that I need in Pocket Outlook (contacts, appointments, tasks, email), which are essential in a PDA, and it integrates perfectly with Outlook on my regular computer whenever I sync. So, it has the same things that I needed out of my Palm, and if that's all you need, then you might not want to fork over the extra bucks for an E-105.
For me, though, it's the extras which sold me. I travel two or three times a month, and this thing has been perfect for plane rides when I want to relax and not bother with any work. I can download some MP3s to listen to on it -- and the Windows Media Player, as well as the Mobile Audio Player before it, sound great -- but what I've been doing lately is listening to the audio version of Dennis Miller's Ranting Again. It was only $3.99 for the three-hour audio book, and worth every penny -- even despite the occasionial odd look I'll get when I suddenly bust out laughing. Another common plane/limo-in-traffic thing for me is the Color GameBoy emulator I downloaded. It's pretty sweet. It also comes with a voice recorder, which, although I've never been much of a voice recorder user, does make good-sounding recordings if that's something you're into. Pocket Streets is very nice, and I use it a lot, and Doom is pretty fun just for the "Whoa!" factor in showing people, although I'm not really into the game, myself.
All of the applications that I've used are very very usable -- both on Palm and the E-105 -- although one of the reasons why I'm not jumping up and down waiting for Pocket Word is because I don't have much interested in inputting long documents into my PDA, whether it's via Palm's Graffiti or the 105's Jot -- I'm fairly fast with both, but both are just glacial compared to doing it on a keyboard. I installed CE Python for kicks and got tired of entering all those characters before I even finished my second program. Besides, full color Doom on a PDA is a better show-off toy than Python programs on a PDA for all but the most jaded geek.;)
As for how the new CE devices will fare against the Palm, I erally have no idea. I think they'll always be more expensive, so it's just how much people are willing to pay for the extra coolness factor, i.e., the great graphics and sound, and the standard apps. I myself can't imagine going back, but Palm's already got a huge entrenched market share, plus I don't know how many people are going to need the new features of CE, compared to what's already available for the current CE devices, which I'm already thrilled with. For example, I'm really looking forward to checking out the new MS Reader, but I'm not yet convinced that people are going to start craving books on their PDAs anytime soon. Pocket IE is sweet, but how many people will have internet access on their devices (I do, on my Palm III and E-105, but I know I'm not in the majority)?
Anyway, that's the take on it from a Palm and CE user who hasn't yet tried CE 3.0. There are a couple of other things I could add, but it feels like I've already written an eBook's worth of stuff in this post, so I'll spare your time and mine until next time.
I'm tired of the countless articles telling what software/features these devices will have, implying that the current generation doesn't already have them. The Cassiopia E-105 (DeepDarkSky, the new PocketPC version is actually the E-115), which is the one I've got, already offers, and has for months now, the Windows Media Player, Pocket Streets, web browsers, and Outlook. When I upgrade(*), the main things I'm interested in are MS Money, Excel, IE, and Reader -- especially looking forward to trying the reader -- but I enjoy the other stuff enough that I haven't touched my Palm III since December.
(*) On the bad news front is the upgrade situation. Casio says they'll upgrade the ROMS for those of us with E-100/105s (other than the ROM, the E-105 and new E-115 hardware are identical), but not until the summer. Arggggh.:/
I'm definitely no fan of the royalty, but it just amazes me how Blair and his Third Way bullshit comrades want the U.K. to be dragged down by all the socialist baggage of the E.U. Do most of your countrymen really support this idiocy? Not that Clinton wouldn't be trying the same thing if he thought he could get away with it...
Why should I have to twiddle with the URL to be able to see posts that were actually moderated up? Why would someone even think that they'd have to do such a thing, except for those that happen to see this discussion? When I set my threshold higher, I do it so that I can quickly see the posts that were moderated up. I think that's everyone's expectation, so for Slashdot to force some posts to be -2 even when moderators score them up, well, it doesn't seem too kosher.
Maybe they could put up a disclaimer that says something along the lines of "Even if you set your threshold, you will still not be able to see certain posts, no matter how favorably they were moderated. >Click here< for quickie instructions on how to see those posts."
But free speech is the right to say what you want; not the right to be heard anyway.
If this is really the Slashdot line of thinking, can we please see an end to the countless stories on things like CyberPatrol? (I'm sure you've seen them before, they're all posted with the icon of the guy with his mouth taped shut.) After all, they don't keep any web sites from saying what they want, they just keep them from being heard by CyberPatrol's paying customers.
I totally disagree, because taking away freedoms is a slippery slope. Everyone's always quick to tell us how teensy-weensy their particular form of censorship is -- "No comparison at all to muzzling the people!" they exclaim.
But then, years later, a freedom lost here, a freedom lost there, ho-hum, it all adds up. Then when you bother to reflect upon it, you see just how far the bar has moved. Remember how silly and innocuous those "1001 Tasteless Jokes" books used to be when you were a kid? Try telling one of the "blonde" jokes in there at your average university these days, and if you're lucky, someone won't overhear you and you won't be dragged in front of the student judicial board on charges of sexism. If you don't think that your freedoms have eroded over the years, and worse, if you think that it only happens in "Big Story" cases that you hear about, rather than a gradual erosion over time due to tiny things you never even thought twice about, you just haven't been paying attention.
Cheers, ZicoKnows@hotmail.com
Re:Yes, it *is* a "Linux stock tumble"
on
Tech Stocks Tumble
·
· Score: 2
Okay, you'd like to use March 10 as your date, but did you do the comparisons? The tank-job of Linux stocks looks even worse. A la my original post, here are the losses:
Dell: -8%
Intel: -9%
Compaq: -14%
Microsoft: -26%
NASDAQ itself: -34%
RedHat: -65%
Caldera: -67%
VA Linux: -73%
Andover.net: -74%
Heh, no offense, but could you have picked a worse example?:)
The way that some posters' writings are automatically shoved to -2, even when marked up by moderators, Slashdot seems to be engaging in a double standard when they rail against censorship.
The bottom line is that it's mighty easy to wave the free speech flag, but pretty meaningless if you aren't willing to stick up for it, even in cases whereby it negatively affects you.
Heh, this month's Brill's Content had an article on the phenomenon, specifically how female writers were approaching it, complete with an illustration of Spock and Kirk making out. <SHUDDER> I haven't read it yet, so I don't know if it's an entertaining read or not, but it's on their web site here (http://www.brillscontent.com/features/slash_0500. html).
Linux stocks have been dropping all year, even when NASDAQ was going up. Since April 3, when all the tech stocks started getting hammered, Linux stocks in particular have been tremendous losers. Some numbers, in increasing order of losses:
Anyone else get the feeling that Greenspan is pissed that all his New York/Washington socialite pals have been making a killing on the stock market, and that deep down inside, he feels a little extra incentive to shut them up?
send in your clowns to spread hate and misery, to discredit the opponent.
As long as Slashdot continues to post garbage and lies like the ESR article, neither Microsoft nor anyone else needs to send people here to discredit Slashdot -- it's doing a heckuva job on its own.
you don't know how much of those ESR (or anyone) sold off
FWIW, Everyone knows how much ESR has sold off: exactly zero shares. He's not allowed to sell any until 6 months after the IPO, which will be in June. At the current rate, VA Linux could be a penny stock by that point, especially after that recent report showing how they were trounced by the competition in the sale of Linux computers. Honestly, by the way that they're dwarfed by the other hardware vendors, companies which are already profitable, what does VA Linux have going for it which would keep this stock from going even lower? They're not looking to turn a profit anytime soon, and today's Wall Street has very little patience for stocks like that.
What if they decided to use for their string something like the following: "I've seen a report compiled by private detectives that detail a very sordid private life by Sun CEO Scott McNealy. It appears that various times within the last 24 months, he has forced subordinates, both female and male -- one a 16-year old high school exchange program coder -- into engaging in sexual acts with him under the threat of losing their jobs. Our source indicates that all employees -- some current employees and some who have departed -- were paid off with a secret discretionary fund controlled by Sun's board of directors."
Now, any reporter making something like that up would get their testes sued off, but what if a company purposesly put it into a common library, knowing that it'd be found, just biding time until someone looked at it with a hex editor? Yeah, it's pretty far out there on the realm of possibilities, but I have a hard time believing that a new judge would keep the precedent set by the one you mentioned in such a case.
Restores a lot of faith after the ESR article. And no, I don't mean any of this in a snotty way. Thanks.
As to the real deal, I was under the impression that there really is a hole, just no backdoor, and way less serious than originally thought.
My own quick summary: If multiple web sites are hosted on a NT4/IIS4 server with FrontPage 98 extensions installed, then webmaster A with web authoring permissions on his own site could potentially inappropriately read the.asp (and possibly the global.asa, but no others) files of webmaster B's web site if he knew where they existed on the same server. Note that to be able to do this, user B would have had to have granted user A read permissions (explicitly, or by giving read access to "Everyone") on those files -- otherwise, user A would be unable to read the files.
There's also the buffer overrun, although I don't know if anyone has successfully been able to exploit yet.
Bottom line: Just delete the dang dvwssr.dll. Do not pass GO, just delete it. I don't know a single person still using Visual Interdev 1.0, and even then you'll just lose the "Link View" feature. I could care less if they ever release a fixed version of this nasty DLL.
does anyone have any doubt that Zico is easily Slashdot's most frequently moderated up troll, period
Heh, well, I have no idea if that's true or not, but if it is, it's due to one simple fact: It helps to be correct.
All the Anonymous Cowards love to howl and moan about my posts, but all their wind falls on deaf ears because they aren't bright enough to refute anything I'm saying. Yep, everything I say must be lies and PR, but amazingly, none of them are ever able to point out where I'm incorrect -- they just make themselves look like immature little ranters. Do they actually think that they're helping to support those points of view which run counter to mine? Yeah, right.
I've noticed that almost invariably, the people who can actually make some good arguments with me are the ones who bother to put their names behind it. And if you ever notice, I'm not miserly with the respect for any replier who posts with respect themselves when they disagree with me. So anyway, that's my theory.
And to all the ACs with brains out there putting up the good fight, the above isn't referring to you, so keep up the good work!
Actually, it's a rare day indeed when an actual Linux exploit makes news at Slashdot. Usually the farthest they go toward that end is bringing up hypothetical problems. I don't have a problem with that standard of reporting -- I subscribe to Bugtraq and NTbugtraq for that kind of information, I'm not looking for it at Slashdot -- although the inconsistency of their Microsoft reporting on the same topic is a bit annoying.
Now, this second thing needs to be cleared up: I am not ripping Slashdot for reporting the original story -- everyone else was reporting it, so I'd be surprised if Slashdot didn't. I'm ripping them for publishing this essay, propatating the lie that there's some evil back door involved. It was known yesterday afternoon that there was no back door, and in fact, Slashdot even posted an update to that story (albeit incorrect in other, innocent ways) which stated this. For them to now drag out ESR's essay, built upon a lie which Slashdot itself had already discounted, is inexcusable.
"Completely belies"? That's certainly misleading. The fact is that there is a vulnerability in that DLL, both in its security (although, if a webmaster had the proper permissions on his files, he would be immune to this), and that there's a potential buffer overrun situation in the code.
Now...
If Slashdot would like to start posting essays on every Linux buffer overrun that comes down the pike, and -- most importantly -- get everyone worked up in a frenzy by not describing them as the bugs that they are, but instead as EVIL BACKDOORS (!) so that the authors could hack your server anytime they felt like it, then I'm all for it. Somehow I don't think that Andover.net and VA Linux would be too interested in this new policy. Until that policy is instituted, I can only assume that Erik Raymond's -- and Slashdot's by posting this -- priority lies in generating untrue, positive PR for the benefit of VA Linux's stock price, and not the quest for truth and objective debate.
Sure. This links to my post of information (http://slashdot.org/comments.pl?sid=00/04/14/0619 206&cid=494) from Russ at NTbugtraq which explains their findings that a back door wasn't involved. It turns out that there was/is a vulnerability that this post didn't catch, but the back door was clearly counted out. This was posted sometime before 4pm EDT yesterday, so ESR definitely had time to find this out.
Secondly, here's an updated link (http://slashdot.org/comments.pl?sid=00/04/14/0619 206&cid=540) which describes what the vulnerability is all about. (It also contains two more links for further, more detailed information.
Sorry, Sam, but this article was very poor. You claim that ESR is giving Microsoft the benefit of the doubt. How could you possibly believe this when he is trying to propagate a lie of there being a back door to begin with? Authorized or unauthorized, it doesn't exist.
It sure as Hell is a lot more relevant to readers of this site than a completely fabricated story from ESR. For anyone who still hasn't bothered to keep up with yesterday's news, listen up: There is no back door.
Which is it, Hemos? Is Slashdot more interested in discussing the truth openly, or does VA Linux prefer that you trumpet lies?
Not only that, but this has been known since yesterday. Was ESR too busy thinking up pithy one-liners for his article to bother checking out the facts?
Oh well, wouldn't want to let that stop ESR from shooting his mouth off. Since when was he ever concerned about the truth anyway?
Slashdot Mirror
It's a new version of CE, 3.0, along with the new apps, mainly, although for the most part, the devices for it will be new ones (while a few are the old devices with new ROM chips, which will let the current users of those models upgrade via a new ROM). Pocket Internet Explorer (PIE...mmmmm, pie...) is new for the palm-sized devices, although other browsers have been available, and PIE, like Pocket Excel and Pocket Word, was available for the handheld-style models (the ones with keyboards). Other than the OS upgrade, the PocketPCs introduce Word, Excel, IE, MS Reader, and MS Money. All the reports say that it also introduces MS Streets and Windows Media Player, but these have already been available to the current users.
Cheers,
ZicoKnows@hotmail.com
Oh, don't get me wrong, I wasn't bitching at you, just griping about publications, especially Ziff-Davis ones -- if they're reporting on advances to the PDAs, they should know which things are actually improvements, and which ones are already available. (Actually, someone pointed the same thing out in one of the recent ZDnet talkbacks, and no, he and I aren't the same person, so don't send your Slashdot hate mail to that guy ;) ).
Now, on to your question, 'cause I'm not one of those usual Slashdot interview snob types who only answers questions which were moderated to a 5!. :)
First off, I can't speak for any of the other CE devices, because the Cassiopeia 105's the only one I've used. That said, I did a good bit of research before buying, and this model is considered the top of the line of the Palm-sized CE devices by a lot of different sources (not all, of course). I've got a Palm Pilot and a Palm III, and I've used the Palm Vx before, and I just can't imagine going back. It's got all the data-tracking tools that I need in Pocket Outlook (contacts, appointments, tasks, email), which are essential in a PDA, and it integrates perfectly with Outlook on my regular computer whenever I sync. So, it has the same things that I needed out of my Palm, and if that's all you need, then you might not want to fork over the extra bucks for an E-105.
For me, though, it's the extras which sold me. I travel two or three times a month, and this thing has been perfect for plane rides when I want to relax and not bother with any work. I can download some MP3s to listen to on it -- and the Windows Media Player, as well as the Mobile Audio Player before it, sound great -- but what I've been doing lately is listening to the audio version of Dennis Miller's Ranting Again. It was only $3.99 for the three-hour audio book, and worth every penny -- even despite the occasionial odd look I'll get when I suddenly bust out laughing. Another common plane/limo-in-traffic thing for me is the Color GameBoy emulator I downloaded. It's pretty sweet. It also comes with a voice recorder, which, although I've never been much of a voice recorder user, does make good-sounding recordings if that's something you're into. Pocket Streets is very nice, and I use it a lot, and Doom is pretty fun just for the "Whoa!" factor in showing people, although I'm not really into the game, myself.
All of the applications that I've used are very very usable -- both on Palm and the E-105 -- although one of the reasons why I'm not jumping up and down waiting for Pocket Word is because I don't have much interested in inputting long documents into my PDA, whether it's via Palm's Graffiti or the 105's Jot -- I'm fairly fast with both, but both are just glacial compared to doing it on a keyboard. I installed CE Python for kicks and got tired of entering all those characters before I even finished my second program. Besides, full color Doom on a PDA is a better show-off toy than Python programs on a PDA for all but the most jaded geek. ;)
As for how the new CE devices will fare against the Palm, I erally have no idea. I think they'll always be more expensive, so it's just how much people are willing to pay for the extra coolness factor, i.e., the great graphics and sound, and the standard apps. I myself can't imagine going back, but Palm's already got a huge entrenched market share, plus I don't know how many people are going to need the new features of CE, compared to what's already available for the current CE devices, which I'm already thrilled with. For example, I'm really looking forward to checking out the new MS Reader, but I'm not yet convinced that people are going to start craving books on their PDAs anytime soon. Pocket IE is sweet, but how many people will have internet access on their devices (I do, on my Palm III and E-105, but I know I'm not in the majority)?
Anyway, that's the take on it from a Palm and CE user who hasn't yet tried CE 3.0. There are a couple of other things I could add, but it feels like I've already written an eBook's worth of stuff in this post, so I'll spare your time and mine until next time.
Cheers,
ZicoKnows@hotmail.com
I'm tired of the countless articles telling what software/features these devices will have, implying that the current generation doesn't already have them. The Cassiopia E-105 (DeepDarkSky, the new PocketPC version is actually the E-115), which is the one I've got, already offers, and has for months now, the Windows Media Player, Pocket Streets, web browsers, and Outlook. When I upgrade(*), the main things I'm interested in are MS Money, Excel, IE, and Reader -- especially looking forward to trying the reader -- but I enjoy the other stuff enough that I haven't touched my Palm III since December.
(*) On the bad news front is the upgrade situation. Casio says they'll upgrade the ROMS for those of us with E-100/105s (other than the ROM, the E-105 and new E-115 hardware are identical), but not until the summer. Arggggh. :/
Cheers,
ZicoKnows@hotmail.com
I'm definitely no fan of the royalty, but it just amazes me how Blair and his Third Way bullshit comrades want the U.K. to be dragged down by all the socialist baggage of the E.U. Do most of your countrymen really support this idiocy? Not that Clinton wouldn't be trying the same thing if he thought he could get away with it...
Great post.
Cheers,
ZicoKnows@hotmail.com
Why should I have to twiddle with the URL to be able to see posts that were actually moderated up? Why would someone even think that they'd have to do such a thing, except for those that happen to see this discussion? When I set my threshold higher, I do it so that I can quickly see the posts that were moderated up. I think that's everyone's expectation, so for Slashdot to force some posts to be -2 even when moderators score them up, well, it doesn't seem too kosher.
Maybe they could put up a disclaimer that says something along the lines of "Even if you set your threshold, you will still not be able to see certain posts, no matter how favorably they were moderated. >Click here< for quickie instructions on how to see those posts."
If this is really the Slashdot line of thinking, can we please see an end to the countless stories on things like CyberPatrol? (I'm sure you've seen them before, they're all posted with the icon of the guy with his mouth taped shut.) After all, they don't keep any web sites from saying what they want, they just keep them from being heard by CyberPatrol's paying customers.
Cheers,
ZicoKnows@hotmail.com
I totally disagree, because taking away freedoms is a slippery slope. Everyone's always quick to tell us how teensy-weensy their particular form of censorship is -- "No comparison at all to muzzling the people!" they exclaim.
But then, years later, a freedom lost here, a freedom lost there, ho-hum, it all adds up. Then when you bother to reflect upon it, you see just how far the bar has moved. Remember how silly and innocuous those "1001 Tasteless Jokes" books used to be when you were a kid? Try telling one of the "blonde" jokes in there at your average university these days, and if you're lucky, someone won't overhear you and you won't be dragged in front of the student judicial board on charges of sexism. If you don't think that your freedoms have eroded over the years, and worse, if you think that it only happens in "Big Story" cases that you hear about, rather than a gradual erosion over time due to tiny things you never even thought twice about, you just haven't been paying attention.
Cheers,
ZicoKnows@hotmail.com
Okay, you'd like to use March 10 as your date, but did you do the comparisons? The tank-job of Linux stocks looks even worse. A la my original post, here are the losses:
Heh, no offense, but could you have picked a worse example? :)
Cheers,
ZicoKnows@hotmail.com
The way that some posters' writings are automatically shoved to -2, even when marked up by moderators, Slashdot seems to be engaging in a double standard when they rail against censorship.
The bottom line is that it's mighty easy to wave the free speech flag, but pretty meaningless if you aren't willing to stick up for it, even in cases whereby it negatively affects you.
Cheers,
ZicoKnows@hotmail.com
Heh, this month's Brill's Content had an article on the phenomenon, specifically how female writers were approaching it, complete with an illustration of Spock and Kirk making out. <SHUDDER> I haven't read it yet, so I don't know if it's an entertaining read or not, but it's on their web site here (http://www.brillscontent.com/features/slash_0500. html).
Linux stocks have been dropping all year, even when NASDAQ was going up. Since April 3, when all the tech stocks started getting hammered, Linux stocks in particular have been tremendous losers. Some numbers, in increasing order of losses:
Cheers,
ZicoKnows@hotmail.com
Anyone else get the feeling that Greenspan is pissed that all his New York/Washington socialite pals have been making a killing on the stock market, and that deep down inside, he feels a little extra incentive to shut them up?
Cheers,
ZicoKnows@hotmail.com
send in your clowns to spread hate and misery, to discredit the opponent.
As long as Slashdot continues to post garbage and lies like the ESR article, neither Microsoft nor anyone else needs to send people here to discredit Slashdot -- it's doing a heckuva job on its own.
Cheers,
ZicoKnows@hotmail.com
you don't know how much of those ESR (or anyone) sold off
FWIW, Everyone knows how much ESR has sold off: exactly zero shares. He's not allowed to sell any until 6 months after the IPO, which will be in June. At the current rate, VA Linux could be a penny stock by that point, especially after that recent report showing how they were trounced by the competition in the sale of Linux computers. Honestly, by the way that they're dwarfed by the other hardware vendors, companies which are already profitable, what does VA Linux have going for it which would keep this stock from going even lower? They're not looking to turn a profit anytime soon, and today's Wall Street has very little patience for stocks like that.
Cheers,
ZicoKnows@hotmail.com
Actually only to sound important -- most of what you post is neither correct nor relevant.
Give it a try sometime, if you can muster it, Alex. It's so much more becoming than the bitter and humorless nerd image that you project. :)
Cheers,
ZicoKnows@hotmail.com
KARMA WORE IS SUK
Heh, now I know I've seen everything when I — supposedly Microsoft shill extraordinaire — get called a karma whore at Slashdot!
Cheers,
ZicoKnows@hotmail.com
What if they decided to use for their string something like the following: "I've seen a report compiled by private detectives that detail a very sordid private life by Sun CEO Scott McNealy. It appears that various times within the last 24 months, he has forced subordinates, both female and male -- one a 16-year old high school exchange program coder -- into engaging in sexual acts with him under the threat of losing their jobs. Our source indicates that all employees -- some current employees and some who have departed -- were paid off with a secret discretionary fund controlled by Sun's board of directors."
Now, any reporter making something like that up would get their testes sued off, but what if a company purposesly put it into a common library, knowing that it'd be found, just biding time until someone looked at it with a hex editor? Yeah, it's pretty far out there on the realm of possibilities, but I have a hard time believing that a new judge would keep the precedent set by the one you mentioned in such a case.
Cheers,
ZicoKnows@hotmail.com
WTF is that string doing in this dll?
It's just a string used for encryption. It could've been anything, but the programmers decided to make it a jab at Netscape.
#2, Can Netscape sue for libel?
Only if they can prove that their engineers are not indeed weenies. In other words, not bloody likely!! ;-)
Cheers,
ZicoKnows@hotmail.com
Restores a lot of faith after the ESR article. And no, I don't mean any of this in a snotty way. Thanks.
As to the real deal, I was under the impression that there really is a hole, just no backdoor, and way less serious than originally thought.
My own quick summary: If multiple web sites are hosted on a NT4/IIS4 server with FrontPage 98 extensions installed, then webmaster A with web authoring permissions on his own site could potentially inappropriately read the .asp (and possibly the global.asa, but no others) files of webmaster B's web site if he knew where they existed on the same server. Note that to be able to do this, user B would have had to have granted user A read permissions (explicitly, or by giving read access to "Everyone") on those files -- otherwise, user A would be unable to read the files.
There's also the buffer overrun, although I don't know if anyone has successfully been able to exploit yet.
Bottom line: Just delete the dang dvwssr.dll. Do not pass GO, just delete it. I don't know a single person still using Visual Interdev 1.0, and even then you'll just lose the "Link View" feature. I could care less if they ever release a fixed version of this nasty DLL.
Cheers,
ZicoKnows@hotmail.com
does anyone have any doubt that Zico is easily Slashdot's most frequently moderated up troll, period
Heh, well, I have no idea if that's true or not, but if it is, it's due to one simple fact: It helps to be correct.
All the Anonymous Cowards love to howl and moan about my posts, but all their wind falls on deaf ears because they aren't bright enough to refute anything I'm saying. Yep, everything I say must be lies and PR, but amazingly, none of them are ever able to point out where I'm incorrect -- they just make themselves look like immature little ranters. Do they actually think that they're helping to support those points of view which run counter to mine? Yeah, right.
I've noticed that almost invariably, the people who can actually make some good arguments with me are the ones who bother to put their names behind it. And if you ever notice, I'm not miserly with the respect for any replier who posts with respect themselves when they disagree with me. So anyway, that's my theory.
And to all the ACs with brains out there putting up the good fight, the above isn't referring to you, so keep up the good work!
Cheers,
ZicoKnows@hotmail.com
Actually, it's a rare day indeed when an actual Linux exploit makes news at Slashdot. Usually the farthest they go toward that end is bringing up hypothetical problems. I don't have a problem with that standard of reporting -- I subscribe to Bugtraq and NTbugtraq for that kind of information, I'm not looking for it at Slashdot -- although the inconsistency of their Microsoft reporting on the same topic is a bit annoying.
Now, this second thing needs to be cleared up: I am not ripping Slashdot for reporting the original story -- everyone else was reporting it, so I'd be surprised if Slashdot didn't. I'm ripping them for publishing this essay, propatating the lie that there's some evil back door involved. It was known yesterday afternoon that there was no back door, and in fact, Slashdot even posted an update to that story (albeit incorrect in other, innocent ways) which stated this. For them to now drag out ESR's essay, built upon a lie which Slashdot itself had already discounted, is inexcusable.
Cheers,
ZicoKnows@hotmail.com
"Completely belies"? That's certainly misleading. The fact is that there is a vulnerability in that DLL, both in its security (although, if a webmaster had the proper permissions on his files, he would be immune to this), and that there's a potential buffer overrun situation in the code.
Now...
If Slashdot would like to start posting essays on every Linux buffer overrun that comes down the pike, and -- most importantly -- get everyone worked up in a frenzy by not describing them as the bugs that they are, but instead as EVIL BACKDOORS (!) so that the authors could hack your server anytime they felt like it, then I'm all for it. Somehow I don't think that Andover.net and VA Linux would be too interested in this new policy. Until that policy is instituted, I can only assume that Erik Raymond's -- and Slashdot's by posting this -- priority lies in generating untrue, positive PR for the benefit of VA Linux's stock price, and not the quest for truth and objective debate.
Cheers,
ZicoKnows@hotmail.com
Sure. This links to my post of information (http://slashdot.org/comments.pl?sid=00/04/14/0619 206&cid=494) from Russ at NTbugtraq which explains their findings that a back door wasn't involved. It turns out that there was/is a vulnerability that this post didn't catch, but the back door was clearly counted out. This was posted sometime before 4pm EDT yesterday, so ESR definitely had time to find this out.
Secondly, here's an updated link (http://slashdot.org/comments.pl?sid=00/04/14/0619 206&cid=540) which describes what the vulnerability is all about. (It also contains two more links for further, more detailed information.
Cheers,
ZicoKnows@hotmail.com
Sorry, Sam, but this article was very poor. You claim that ESR is giving Microsoft the benefit of the doubt. How could you possibly believe this when he is trying to propagate a lie of there being a back door to begin with? Authorized or unauthorized, it doesn't exist.
Cheers,
ZicoKnows@hotmail.com
It sure as Hell is a lot more relevant to readers of this site than a completely fabricated story from ESR. For anyone who still hasn't bothered to keep up with yesterday's news, listen up: There is no back door.
Which is it, Hemos? Is Slashdot more interested in discussing the truth openly, or does VA Linux prefer that you trumpet lies?
Cheers,
ZicoKnows@hotmail.com
Not only that, but this has been known since yesterday. Was ESR too busy thinking up pithy one-liners for his article to bother checking out the facts?
Oh well, wouldn't want to let that stop ESR from shooting his mouth off. Since when was he ever concerned about the truth anyway?
Cheers,
ZicoKnows@hotmail.com