If it was just a lookup, there wouldn't be this much fuss about it.
Erm, what fuss? Oh, you mean Slashdot crying about some way that Microsoft has supposedly persecuted them? Maybe you're new here, but that pretty much happens on an hourly basis, kid.
Michael, why must you be so ignorant?
on
.NETly News
·
· Score: 4, Informative
From the summary (yes, it was written by Michael, not the submitters): Numerous readers pointed to several stories about a buffer overflow problem in Visual Studio.NET which was supposed to be immune to buffer overflows - but it had passed Microsoft's stringent new security audit.
Where to begin with this mess of falsehoods?
This isn't a VS.NET buffer overflow, it's about a way to attack code generated by the Visual C++ compiler when the/GS compiler switch is used.
Nobody ever came close to claiming that VS.NET would automatically create C++ code that would be immune to buffer overflows. The boldest claim I've seen Microsoft make is "Also, the Microsoft® Visual Studio®.NET C compiler has support for a new/GS switch that protects your code from many common buffer overrun problems." There does indeed seem to be a flaw, similar to what makes StackGuard attacks possible, but even if you get rid of this problem, it wouldn't be immune to programmers writing potential buffer overflows into their code -- the only thing that these tools do is try to get rid of the most common errors.
The security audit was about making sure that one's computer/network isn't made vulnerable by having Visual Studio.NET installed on it.
On a side note, since this only affects unmanaged code, it's not really related to the.NET/CLR stuff.
Not to get on your case too much, man, but how hard did you look? The vendor list, after all, is in alphabetical order. Anywho, if you're not in the mood to go back to the web page, here's the Nortel section in toto:
The CERT Coordination Center has issued a broad based alert to the technology industry, including Nortel Networks, regarding potential security vulnerabilities identified in the Simple Network Management Protocol (SNMP), a common networking standard. The company is working with CERT and other network equipment manufacturers, the U.S. Government, service providers, and software suppliers to assess and address this issue.
You'll notice that Microsofts response was to turn off the SNMP service until they get a patch ready.
Yeah, those bastards. Why can't they do things like the following model citizens?
Red Hat: "Red Hat Inc. has investigated this vulnerablity, and currently has a candidate fix which is undergoing regression testing. Updated ucd-snmp packages incorporating this fix will be available shortly from this page shortly."
Sun Microsystems: "Sun is currently generating patches for this issue and will be releasing a Sun Security Bulletin once the patches are available."
Caldera: "A fix for supported versions of OpenServer 5 will be available at a later date."
SGI: "SGI acknowledges the SNMP vulnerabilities reported by CERT and is currently investigating. No further information is available at this time."
Cisco: "Cisco Systems is addressing the vulnerabilities identified by VU#854306 and VU#107186 across its entire product line."
Netscape: "As a result, we have created fixes which will resolve the issues, and these fixes will appear in future releases of our product line. To Netscape's knowledge, there are no known instances of these vulnerabilities being exploited and no customers have been affected to date."
Lucent: "Fixes for the rest of the affected product portfolio will be available shortly."
HP: "Patches in process. Watch for the associated HP Security Bulletin."
Novell: "The SNMP and SNMPLOG vulnerabilities detected on NetWare are fixed and will be available through NetWare 6 Support Pack 1 & NetWare 5.1 Support Pack 4. [None of which are available yet.]"
Compaq: "At the time of writing this document, COMPAQ continues to evaluate this potential problem and when new versions of SNMP are available, COMPAQ will implement solutions based on the new code."
Redback Networks: "Redback Networks, Inc. has identified that the vulnerability in question affects certain versions of AOS software on the SMS 500, SMS 1800, and SMS 10000 platforms, and is taking the appropriate steps necessary to correct the issue."
Network Computing Technologies: "Network Computing Technologies has reviewed the information regarding SNMP vulnerabilities and is currently investigating the impact to our products."
DMH Software: "It is unclear at this point if our snmp-agent is sensitive to the tests described above."
Avaya: "Avaya Inc. acknowledges the potential of SNMP vulnerabilities and is currently investigating whether these vulnerabilities impact Avaya's products or solutions. No further information is available at this time."
AdventNet: "The release of AdventNet Inc's. Service Pack correcting the behavior outlined in VU#617947, and OUSPG#0100 is scheduled to be generally available to all of AdventNet Inc.'s customers by February 20, 2002."
Right now Google tends to be among the bigger darlings of Slashdot, but will they remain that way if they release this product and it's not Open Source? 'Cause they're nuts if they're planning on charging $20K for it but making it Open Source. Are they traitors to the cause, or is it just another understandable case of "Money talks, bullshit walks" when it comes to Open Source and the Real World?
Now, obviously, if MS looked at what you downloaded they could make a guess at what you have, but such snooping could at least be said to be an invasion of privacy. Now they have made you explicitly say that such snooping is ok.
Where in that snippet does it say that checking is no longer done client side?
Moreover, in this snippet of the agreement, at least, it does not say such snooping will always be for the express purpose of system upgrades.
The snippet Slashdot has reads "may automatically check the version of the Product and/or its components that you are utilizing [...]" So yes, it sounds like checking is done for the express purpose of system upgrades — The Product and/or its components. There some other snippet you were referring to? Because that one shows you to be pretty much 100% wrong.
Heh, you got that right. Thankfully winter here has been a mild one, because everytime the road ices up, I find it hard to resist drifting around the corners like I was doing a Kudos challenge in Project Gotham Racing. I can practically see the meter racking up Kudos as I slide through the corner just barely in control.
When my father was in town visiting for my birthday, I asked him if he ever had the same urges, especially because he used to be a race car driver and he also plays some racing games on his PC. He looked at me like I was nuts and threatened (jokingly, but still!) to call up my insurance agent.
Diablo II came out in the middle of 2000, so that's a ton of sales that don't count toward the 2001 figures.
Re:Two Kettles Arguing over whos Blacker
on
Bill Joy's Takes on C#
·
· Score: 0, Flamebait
Java's constraints don't make it more secure than C#, but they do make it easier to write robust code.
I've gotta ask for some explanation of this statement. Just because C# gives programmers the option of using things like pointers, doesn't make it any more difficult to write robust code. If some Java programmer were wanting to write a program in C#, there's absolutely nothing about it that would make him feel like he should start using pointers all of a sudden. What strikes me as the silliest thing about the article is that the Java platform lets you write the same type of "unsafe" code as C#, using JNI — it seems like Joy thinks the big sin is that the programmer can actually use his preferred language (C#) to do it, whereas with JNI you have the headache of having to write the native bits in a whole different language than Java. Anyway, because Microsoft has come up with a better language than Java, I personally find that its simplicity (like with Properties), makes code development much easier than with Java. And I'm just talking about regular Java-like, non-unsafe code.
When Ted Turner made his announcement, he said that he was donating 1 billion dollars. The fine print was the he was donating that 1 billion dollars over 10 years. Gates has given 24 billion out of his 67 billion. Have you given over a third of your money to charity? Have you even given a tenth of your money to charity?
I'm sorry, but your post just isn't right. You can see NPD Techworld's numbers here (news.com.com/2100-1040-827272.html), which show that U.S. handheld sales reached 4.9 million units in 2001, which amounts to a growth of 36% over the previous year. That kind of growth isn't indicative of the market having been oversaturated.
Stop. Please. Now. Ami, you seem like the nicest person from your posts, and I know I tend to have an itchy trigger finger around here, and I really am trying to be a good boy tonight, so please bear with me...
This is not a direct frontal attack. Microsoft is pleased about Mono. Last month they even had a front page interview with Miguel at the MSDN site about his opinions on.NET and Mono. Microsoft wants.NET to spread, which is why they standardized it with ECMA to begin with (along with the not-so-subtle jab at Sun's own Java standardization foibles). The more interest there is in.NET, the less there is in Java, and consequently the more Sun is put over a barrel with regards to Java, especially at a time in Sun's history in which they been losing money for a few quarters now, and especially when Sun already has rocky relations with the open source community as it is.
I know most people at Slashdot love to think that Microsoft is a company of bumblers and that every move they make is some fatal step that will spell their downfall, but well, we've been hearing that for years now, and frankly all the marketshare numbers, server and desktop, show the opposite has been happening. Slashdot might never admit it, but there's some decent evidence out there that *gasp* Microsoft actually knows what it's doing. HP and Intel were the two biggest contributors with Microsoft in the.NET standardization process, and Microsoft actually expects them to help spread the word that.NET is A Good Thing. The Mono classes getting out from under the GPL is icing on the cake.
Between Kallisti!OS and the various attempts to create a Linux boot system for Linux-based games there's going to be one hell of a platform on the way for developers.
Yeah, just like the Indrema, right? Besides, the only Linux developer that was worth a damn at all when it comes to Linux gaming is about to go tits up.
I've always thought chromatic had some interesting things to say here as a poster, and am curious about how much detail he goes into in his book about Slashcode. Also, not just the code itself, but the ethics involved in running such a site.
For example, does he (or do you, if you happen to be reading this, chromatic) go into things like the admins using "bitchslaps" on their users, and when they should/shouldn't. Or from a somewhat disturbing example from the past week (http://slashdot.org/comments.pl?sid=26315&cid=285 0660), does he discuss things like scripts which flood the stories with "Offtopic" moderations, basically using (abusing?) the admin power to instantly try to squelch both user and moderator opinions? Any philosophical discussions about whether there is any point in giving users moderation power for any reason to shut them up for a while, seeing as there isn't really much point in moderation when some admin with a chip on his shoulder is going to come by and stomp on everyone's opinions by using his unlimited mod points to make sure that something stays marked "Offtopic" (over 250 so far)?
Good luck with the book, chromatic, like I was saying, you're one of the better posters here!
I would imagine that everytime a new kernal is released that world+dog go to view the site.
Why would you think that? Let's say _all_ Linux users did that, you're still only talking about 0.24% of computer out there. Of course, realistically, not all Linux users are going to visit the site for every new kernel release. Just imagine if Linux ever gets 1% of the computer world, that's going to be over 4 times the load that they're complaining about now. Say it with me, kids, "Scalability nightmares."
I cannot fathom why you had so much trouble figuring out what was a link and what wasn't on that page. The entire page was basically story titles, and it takes about half a second to figure out that they're all clickable. I'm glad that the site doesn't insult my intelligence by underlining them, because it's just ugly, not to mention silly, to have every single word on the site underlined.
Now, if this were some article containing interspersed links, it would be a big mistake not to differentiate them from the rest of the text. And if you click on any of the articles, you'll notice that that's exactly what they do. However, complaining that they don't point out all the links on a page that is nothing but links, that just shows an unflexible and unhealthy devotion to strict rules without even considering whether they make sense in a particular situation or not. Think about it.
But is it any more of a PR move than Slashdot, owned by an open source (mostly) tools vendor focused mainly on Linux, pretending that Visual Studio.NET wasn't just made available last night? As well as the.NET framework SDK and redistributable runtime, free for download? VS.NET is probably more impressive than any software that's ever been released for Linux, but I think it's a remarkable job of denial that's been pulled off by the Slashdot editors so far in pretending it doesn't exist.
Sorry, but Palm is most definitely not the choice of the tech savvy user. Its very limited hardware and OS are both way behind the times and Microsoft is increasing the gap more by the day. Here's a very accurate description of why Palm is in such trouble: http://news.cnet.com/news/0-1006-201-8480246-0.htm l
Slashdot Mirror
Didn't these scientists ever go to college?
If it was just a lookup, there wouldn't be this much fuss about it.
Erm, what fuss? Oh, you mean Slashdot crying about some way that Microsoft has supposedly persecuted them? Maybe you're new here, but that pretty much happens on an hourly basis, kid.
From the summary (yes, it was written by Michael, not the submitters): Numerous readers pointed to several stories about a buffer overflow problem in Visual Studio .NET which was supposed to be immune to buffer overflows - but it had passed Microsoft's stringent new security audit.
Where to begin with this mess of falsehoods?
On a side note, since this only affects unmanaged code, it's not really related to the .NET/CLR stuff.
Not to get on your case too much, man, but how hard did you look? The vendor list, after all, is in alphabetical order. Anywho, if you're not in the mood to go back to the web page, here's the Nortel section in toto:
You'll notice that Microsofts response was to turn off the SNMP service until they get a patch ready.
Yeah, those bastards. Why can't they do things like the following model citizens?
I'll buy you a nice big Japanese beer if you go back and redo the survey, this time including the questions you somehow left out:
Right now Google tends to be among the bigger darlings of Slashdot, but will they remain that way if they release this product and it's not Open Source? 'Cause they're nuts if they're planning on charging $20K for it but making it Open Source. Are they traitors to the cause, or is it just another understandable case of "Money talks, bullshit walks" when it comes to Open Source and the Real World?
Now, obviously, if MS looked at what you downloaded they could make a guess at what you have, but such snooping could at least be said to be an invasion of privacy. Now they have made you explicitly say that such snooping is ok.
Where in that snippet does it say that checking is no longer done client side?
Moreover, in this snippet of the agreement, at least, it does not say such snooping will always be for the express purpose of system upgrades.
The snippet Slashdot has reads "may automatically check the version of the Product and/or its components that you are utilizing [...]" So yes, it sounds like checking is done for the express purpose of system upgrades — The Product and/or its components. There some other snippet you were referring to? Because that one shows you to be pretty much 100% wrong.
Any Dairy Queen should serve up Orange Juliuses (not Julius'!!! that's a posessive).
Careful, being that we're at Slashdot, some bastard is probably going to start referring to the plural as "Orange Juliii." ;)
Heh, you got that right. Thankfully winter here has been a mild one, because everytime the road ices up, I find it hard to resist drifting around the corners like I was doing a Kudos challenge in Project Gotham Racing. I can practically see the meter racking up Kudos as I slide through the corner just barely in control.
When my father was in town visiting for my birthday, I asked him if he ever had the same urges, especially because he used to be a race car driver and he also plays some racing games on his PC. He looked at me like I was nuts and threatened (jokingly, but still!) to call up my insurance agent.
Diablo II came out in the middle of 2000, so that's a ton of sales that don't count toward the 2001 figures.
Java's constraints don't make it more secure than C#, but they do make it easier to write robust code.
I've gotta ask for some explanation of this statement. Just because C# gives programmers the option of using things like pointers, doesn't make it any more difficult to write robust code. If some Java programmer were wanting to write a program in C#, there's absolutely nothing about it that would make him feel like he should start using pointers all of a sudden. What strikes me as the silliest thing about the article is that the Java platform lets you write the same type of "unsafe" code as C#, using JNI — it seems like Joy thinks the big sin is that the programmer can actually use his preferred language (C#) to do it, whereas with JNI you have the headache of having to write the native bits in a whole different language than Java. Anyway, because Microsoft has come up with a better language than Java, I personally find that its simplicity (like with Properties), makes code development much easier than with Java. And I'm just talking about regular Java-like, non-unsafe code.
mappoint.msn.com is pretty useful for me, and is made from ASP.NET code in C#.
When Ted Turner made his announcement, he said that he was donating 1 billion dollars. The fine print was the he was donating that 1 billion dollars over 10 years. Gates has given 24 billion out of his 67 billion. Have you given over a third of your money to charity? Have you even given a tenth of your money to charity?
I'm sorry, but your post just isn't right. You can see NPD Techworld's numbers here (news.com.com/2100-1040-827272.html), which show that U.S. handheld sales reached 4.9 million units in 2001, which amounts to a growth of 36% over the previous year. That kind of growth isn't indicative of the market having been oversaturated.
Mono is a direct frontal attack.
Stop. Please. Now. Ami, you seem like the nicest person from your posts, and I know I tend to have an itchy trigger finger around here, and I really am trying to be a good boy tonight, so please bear with me...
This is not a direct frontal attack. Microsoft is pleased about Mono. Last month they even had a front page interview with Miguel at the MSDN site about his opinions on .NET and Mono. Microsoft wants .NET to spread, which is why they standardized it with ECMA to begin with (along with the not-so-subtle jab at Sun's own Java standardization foibles). The more interest there is in .NET, the less there is in Java, and consequently the more Sun is put over a barrel with regards to Java, especially at a time in Sun's history in which they been losing money for a few quarters now, and especially when Sun already has rocky relations with the open source community as it is.
I know most people at Slashdot love to think that Microsoft is a company of bumblers and that every move they make is some fatal step that will spell their downfall, but well, we've been hearing that for years now, and frankly all the marketshare numbers, server and desktop, show the opposite has been happening. Slashdot might never admit it, but there's some decent evidence out there that *gasp* Microsoft actually knows what it's doing. HP and Intel were the two biggest contributors with Microsoft in the .NET standardization process, and Microsoft actually expects them to help spread the word that .NET is A Good Thing. The Mono classes getting out from under the GPL is icing on the cake.
Between Kallisti!OS and the various attempts to create a Linux boot system for Linux-based games there's going to be one hell of a platform on the way for developers.
Yeah, just like the Indrema, right? Besides, the only Linux developer that was worth a damn at all when it comes to Linux gaming is about to go tits up.
I've always thought chromatic had some interesting things to say here as a poster, and am curious about how much detail he goes into in his book about Slashcode. Also, not just the code itself, but the ethics involved in running such a site.
For example, does he (or do you, if you happen to be reading this, chromatic) go into things like the admins using "bitchslaps" on their users, and when they should/shouldn't. Or from a somewhat disturbing example from the past week (http://slashdot.org/comments.pl?sid=26315&cid=285 0660), does he discuss things like scripts which flood the stories with "Offtopic" moderations, basically using (abusing?) the admin power to instantly try to squelch both user and moderator opinions? Any philosophical discussions about whether there is any point in giving users moderation power for any reason to shut them up for a while, seeing as there isn't really much point in moderation when some admin with a chip on his shoulder is going to come by and stomp on everyone's opinions by using his unlimited mod points to make sure that something stays marked "Offtopic" (over 250 so far)?
Good luck with the book, chromatic, like I was saying, you're one of the better posters here!
I would imagine that everytime a new kernal is released that world+dog go to view the site.
Why would you think that? Let's say _all_ Linux users did that, you're still only talking about 0.24% of computer out there. Of course, realistically, not all Linux users are going to visit the site for every new kernel release. Just imagine if Linux ever gets 1% of the computer world, that's going to be over 4 times the load that they're complaining about now. Say it with me, kids, "Scalability nightmares."
I cannot fathom why you had so much trouble figuring out what was a link and what wasn't on that page. The entire page was basically story titles, and it takes about half a second to figure out that they're all clickable. I'm glad that the site doesn't insult my intelligence by underlining them, because it's just ugly, not to mention silly, to have every single word on the site underlined.
Now, if this were some article containing interspersed links, it would be a big mistake not to differentiate them from the rest of the text. And if you click on any of the articles, you'll notice that that's exactly what they do. However, complaining that they don't point out all the links on a page that is nothing but links, that just shows an unflexible and unhealthy devotion to strict rules without even considering whether they make sense in a particular situation or not. Think about it.
But is it any more of a PR move than Slashdot, owned by an open source (mostly) tools vendor focused mainly on Linux, pretending that Visual Studio.NET wasn't just made available last night? As well as the .NET framework SDK and redistributable runtime, free for download? VS.NET is probably more impressive than any software that's ever been released for Linux, but I think it's a remarkable job of denial that's been pulled off by the Slashdot editors so far in pretending it doesn't exist.
Stinger's advanced features are likely to be useless to those who aren't running Windows as their primary desktop platform.
Well damn, guess they're going to have to fight over that niche of, um, what, 95% of the market? What dopes they are, huh?
Sorry, but Palm is most definitely not the choice of the tech savvy user. Its very limited hardware and OS are both way behind the times and Microsoft is increasing the gap more by the day. Here's a very accurate description of why Palm is in such trouble: http://news.cnet.com/news/0-1006-201-8480246-0.htm l
I've heard that Julia sometimes breaks into song during the show. I give it three weeks. :)
I see this .NET stuff being unleashed upon us with holes in it before it even gets started.
Ermmm, which holes? You *did* read the article right? Or did you just not understand it?