A common response to the GPL is, "You released the code, now we can use it."
The GPL is a statement that my open source is NOT avaliable for any purpose, but you must use it under specific situations/circumstances.
Not that I believe the GPL will fail, in court--It is a granting of extra rights.
Incidentally, your view is the correct one: This is a test of copyright infringement. Some people attempt to say that the GPL is actually a mis-assignment of rights, that licensing under the GPL is tantemount to giving your works into the public domain.
But this is not the case, and infact the GPL is the only possible justificaiton one can have for using GPL'd code.
Anything else is copyright infringement, and yes, copyright infringement is a well founded legal discpline.
We got similar advise once. One of our supposed 'distribution partners' tried to license a product of ours, under their own name.
They walked away from the deal, started selling a different product under that name, but claimed our performance numbers (this was a fire supression chemical), and even quoted our test results, for a totally dissimilar product!
One of our legal staff advised us, "It's going to be a terrible pain to sue them. Rather, continue selling your products, use the same marketing literature, and 'copy-cat' them right back. Force them to sue you, if they dare."
The PearPC community should do this to CherryOS. Create a gui, that matches CherryOS exactly.
Release it as CherryOS Plus. Even use the same name. If they have the balls to take you to court, lots of interesting things will have to be revealed in discovery.
It'll cost you the same amount in lawyer fees, but it'll cost them much more. (Easier to defend, especially in a GPL question, where discovery will reveal the code).
What, do you work for CherryOS? Expecting PearPC to provide you with a debugger, too?
Sorry, I apologize for being quite so snide, but really, its their (PearPC's developers) baby, so they can do as they like with it. If they license it under the GPL, they can pursue people who do not follow their license agreements.
If the GPL is not properly defended, it encourages infringement.
Yes, CherryOS will not succeed by itself. But imagine a company takes Linux, makes modifications, releases it as their own, and becomes a massive success.
I'm comparing Apples to Oranges, but it is most definitely the principle of thing.
You can install Xcompmgr from the DVD, and drivers for everything are there.
It's also a one click install, purely graphical, no text/console test/anything ugly from first install screen->first bootup. It's defintely one click. You start it, it asking you if you want to make any changes, and usually you can just click 'no'.
9.3 will have kompmgr/metacity alpha/shadows, and kompose (expose type stuff) in the default install.
The desktop is pretty clean, too. "My Computer", "Local Network", "SuSE", "Help", "Office", "Trash".
No applets loaded by default except system tray and clock. YaST has gotten much better with plug'n'play hardware, too. Plug in a mouse, and a popup screen appears, "Would you like to configure Logitech Cordless Pro?"
Same for printers, DVD burners, etc. ..
I like it, and it passes the non-totally computer literate parents test.
Even on their wank-ass Sony PCV-W510G desktop in a laptop form factor.
DRM? Like, more media DRM? We have that now, everywhere, even on Linux, with Wine.
Trusted Computing? Is this the little 't' computing, with the NX bit set? Linux. Check. Mac OS X has similar functionality, if IIRC.
Trusted Computing, with the big 'T'? Palladium style? Good. I'd love to see all the Windows Boxen out there totally locked down, so the next time some uber worm comes out, it'll own then, and pwn palladium configuration as well, so you won't be able to remove the damn thing.
Proprietary XML documents. Well....
Oh... I get it. You were being sarcastic. Sorry, didn't realize it, now I'm just a sorry troll.
Still drinking the first coffee of the day, I'm a bit fuzzy at the edges./slap WhiteWolf666.
A Mac mini will probably be around the same price of Longhorn pro.
Not happy with a Mac Mini because its not sophisticated enough to game one?
Run Linux on your current desktop. Use the latest KDE 3.4 with kompmgr, bask in eye-candy. Get Transgaming's Cedega, and run games like City of Hereos, World of Warcraft, and Half-life 2.
Why wait for longhorn. That future is already here now, with half the bugs, and at the same price, to boot.
"One thing users should be aware of is that Longhorn will include a new kernel and will thus not offer the same level of compatibility with legacy 16-bit and 32-bit code that Windows XP does today. For business users, Microsoft believes that Virtual PC 2007 will help broaden corporations' compatibility options."
I don't believe this. This is market speech. This is totally impossible. If this is the case, we will see the end of the Microsoft monopoly with the release of Longhorn.
Why run Longhorn and upgrade all your apps (except for the one for which the vendors have died out, but 50% of your department insists on continuing to use because it 'just works'), or run them in a Virtual Machine, when you can get Linux, for free, run Wine, which will offer better compatability, or run either a) Qemu, b) VMware, or c) Remote Desktop into a Windows XP server box for legacy apps.
I refuse to believe this thing about compatability, because the entire Microsoft monopoly is built on compatability. Microsoft would never drop such a golden ticket into the hands of Windows opponents.
If this is true, it makes the barriers to either Mac OS X or Linux transitions non-existent. Windows would have to compete on merits alone (security, usability, extensibility).
Bwahahaha. I'll go back to the real world now. This'll never happen.
I believe the rule in the U.S. is that of 'good faith'.
If the evidence is collected illegally, but the police involved did not know, (i.e. illegal on some kind of minor technicality), its permitted.
If the police committed some gross violation of law, or knowingly committed a crime (I'm just hacking into this, it's okay, we'll find some dirt, or, "We'll go ahead an download this stuff, even though downloading is bad, because we'll catch people like that"), it will not qualify for a 'good faith' exemption.
Obviously, there's quite a bit of room for interpretation here, so a police-biased judge/bad lawyer will mean the police will get away with alot, while a defendant-biased judge/good lawyer will mean the police will get away with very little, and have to be extremely careful.
I'm not sure which system is right. Both seem to have their downfalls. Given the rather indiscrimante prosecution that occurs in the U.S., though, I'm happy its like this. As I understand it, prosecutors are more reasonable in the E.U., so I guess its not such a big deal.
All in all, their business practices are abhorrent. Intentionally introduced, easy to fix incompatibilities piss me off.
Releasing all this FuD when its not necessary. (They are still the marketing leaders in most areas).
The atrocious way they've dealt with some of the ex-partners (competitors). Like Stacker, or Corel, or Caldera.
I can't stand it, and that's why I won't recommend a Microsoft product, ever. There's always either an almost as good solution, or a better solution, from another supplier, and given that the gap between Microsoft (even when they are ahead) and other suppliers is never that big, I'll ALWAYS recommend the other supplier.
Thankfully, other suppliers are getting closer and closer, and its easier to recommend them for most tasks.
I always thought that one day Microsoft would 'grow-up', and develop into an IBM of the PC world. Always there, always 85% competitive, always an important part of the market, but not this paranoid schizophrenic behavior pandering for marketshare (even more importantly than PROFIT, which is shocking) at all costs.
MS Money, for example. That's a product they should drop. They should simply give up in that area, and work on something else. MS Money is generally agreed to be inferior to all its competitors, and has never turned a profit for MS.
Yet they continue to develop it, at a loss, because Microsoft will NEVER give up a chance at control.
Very strange, and to me, not the behavior of a good component to the 'eco-system' of the software world.
But in some jurisdictions in the U.S., similar behavior by the police/corporation and a moderately sophisticated defense lawyer would get the judge to dismiss the case, and stare down the prosecutor while say, "Are you Nuts???!!"
Hopefully, Sweden will work out the same way.
One law for everyone, not one law for the corporations, another for individuals.
If they jail this guy, they should jail those involved in the APB operations.
Xpdf (Pdf) is nice, as are Ghostview (Kghostview), but they are not capable of reading overly complex PDFs, or at least it takes them for ever to render overly complex PDFs. I'm not talking about 300 pages of text, I'm talking about 1 page of vector graphics. I design vector images in Illustrator, on Mac OS X. I save all my files as pdfs, either 1.4 or 1.5, and dump them on my Linux box. Other people in my office then print them as needed from the Linux box.
Unless I am very careful, and go from ps -> pdf using ghostscript, Xpdf doesn't render these correctly. Even when it does render them correctly, it takes upwards of 30-45 seconds to open the file, while Acrobat reads them instantly.
This isn't a problem for most thing--->I usually have my desktops (all linux boxen) setup to use Kpdf as a Kpart in Konqueror, but for these specific files Kpdf (Xpdf) is a pain.
Of course, Acrobat Reader 5 didn't work, because although it would render the file correctly, it couldn't print for some reason (Acrobat 7 printed them find from a Windows/Mac OS X) box. (Just got blank pages from the Linux version). I'm hoping that Acrobat Reader 7 (linux) will print these correctly, as that will give me a fast, non-clunky, no fuss solution to my printing issues.
By the way, no, Mac OS X preview does not render them correctly either, or takes forever to load them as well, but it exhibits problems with different files (some work fine in preview and break Xpdf, some work fine in Xpdf and break preview).
Don't get me wrong, for just about ANY pdf I get from the web, I use Kpdf. I also use Kpdf after I fuss with the files to make them work. But if Acrobat Reader can do the job better, I'll use that for my projects so I don't have to run them through ghostscript filters.
Sun does not rely on a whitelist, but rather relies on requesting security permissions.
A Java whitelist would be a huge task to put together, and would restrict many independant developers.
The current system for Java works, IMHO. Users need to be taught to always click 'No'.
If a site owner really wants his Java applet to work, he should post a warning about the warning on his site, explain why that applet needs permission, and acknowledge that the user may get burned on this permission request.
At some point, the user must take some responsiblity for their own security.
System doing something unintended, without user notification or permission? Security exploit.
System doign something unitended, after user notificition and approval? Idiot exploit.
The ONLY way to stop idiots from being exploited to take the permission/aprroval step out of their hands, and give it to someone else.
Either the sys-admin, or the OS manufacturer.
The sys-admin route is already possible. We don't need anything else for that. These boxes are secure, but a giantic pain to work with, depending upon what you users needs/wants are.
The OS manufactuer route. This is the route Microsoft would love to push us all.
Dump Java. It's insecure. User our New(TM) Palladium(TM) Super-Secure Trust-In-Our-Magic-Decision-Making Signed Certificate, only MS(TM) software ActiveSecureX.
The only way to prevent (idiot) exploits such as this one, is to prevent any 'unapproved' application installs.
Ask for that, and you're asking for Trusted Computing(TM).
And I'll bet ten grand that someone will figure out how to exploit THAT, and then you'll have an pwned box that is unfixable.
This is Microsoft. Even though your users make DAMN STUPID decisions on what to install (Press Yes to Install MySpware Super-Happy Plugin!), Microsoft has proven itself to be just as, if not far more vulnerable.
Just because its a 'java' application, which only has in-browser warnings that say 'THIS APPLICATION MAY NOT BE SECURE, I HOPE YOU TRUST YOUR SOURCES', does not mean it is not an application from an untrusted source.
Are the popups that Kazaa spews because of flaws in IE? Or in Windows, for that matter?
No.
When you install spyware yourself, its a flaw with the user, not the operating system.
I'm probably the biggest MS hating, trash-talking Linux fanboi on slashdot, and even I recognize that this is not a security 'hole'.
This is java working as designed. There is no way to fix this problem.
Except to disable many of java's local privledges.
Pick: Reduced ease of use, or security.
Why is that? Because some jack-nut out there is going to press 'Yes' whenever a dialog pops up, no matter what.
"This java applet will delete your harddrive, continue?"
"Yes or No?"
There will be people that will press yes. Then they'll call up tech support or the help desk and demand immediate attention. Yes, this is an aspect of security.
Some security cannot be done in hardware/software. Some security must be done in user. That is all.
This is no different than downloading a script that does 'rm -r -f/', and running it.
The truth regarding this security 'problem' is so clear that many of you are unable to see it.
Slashdot Mirror
Eh? How would they be committing copyright infringement in my example?
They are using PearPC code in CherryOS.
Ergo, CherryOS is GPL licensed.
That's the defense, anyways.
On my Powerbook laptop, and SuSe desktop, I panic when my system crashes.
Why? With OS X and Linux, its usually a hardware failure.
Which is a pain in the wallet.
On Windows, you hear people talking about crashses all the time, but the answer is always just to reinstall Windows.
Well, 1% of the time its a hardware failure.
No, its a test of the GPL.
A common response to the GPL is, "You released the code, now we can use it."
The GPL is a statement that my open source is NOT avaliable for any purpose, but you must use it under specific situations/circumstances.
Not that I believe the GPL will fail, in court--It is a granting of extra rights.
Incidentally, your view is the correct one: This is a test of copyright infringement. Some people attempt to say that the GPL is actually a mis-assignment of rights, that licensing under the GPL is tantemount to giving your works into the public domain.
But this is not the case, and infact the GPL is the only possible justificaiton one can have for using GPL'd code.
Anything else is copyright infringement, and yes, copyright infringement is a well founded legal discpline.
We got similar advise once. One of our supposed 'distribution partners' tried to license a product of ours, under their own name.
They walked away from the deal, started selling a different product under that name, but claimed our performance numbers (this was a fire supression chemical), and even quoted our test results, for a totally dissimilar product!
One of our legal staff advised us, "It's going to be a terrible pain to sue them. Rather, continue selling your products, use the same marketing literature, and 'copy-cat' them right back. Force them to sue you, if they dare."
The PearPC community should do this to CherryOS. Create a gui, that matches CherryOS exactly.
Release it as CherryOS Plus. Even use the same name. If they have the balls to take you to court, lots of interesting things will have to be revealed in discovery.
It'll cost you the same amount in lawyer fees, but it'll cost them much more. (Easier to defend, especially in a GPL question, where discovery will reveal the code).
What, do you work for CherryOS? Expecting PearPC to provide you with a debugger, too?
Sorry, I apologize for being quite so snide, but really, its their (PearPC's developers) baby, so they can do as they like with it. If they license it under the GPL, they can pursue people who do not follow their license agreements.
If the GPL is not properly defended, it encourages infringement.
Yes, CherryOS will not succeed by itself. But imagine a company takes Linux, makes modifications, releases it as their own, and becomes a massive success.
I'm comparing Apples to Oranges, but it is most definitely the principle of thing.
I'm probably feeding a troll....
Someone please correct me if I'm wrong.
6 6shous e
If you are given an unlimited (or sufficiently large) permissible number of characters, than why not just use a whole sentance you can remember.
For my WPA security key I used to use:
ThisisthelocalwirelesspasswordforWhiteWolf6
Yes, I've change it now, so feel free to use that to try and log into random access points.
Fairly easy to remember, extremely long, and IIRC, not susciptible to dictionary attacks.
Are you using Photoshop in Windows?
I could swear its got WYSIWYG font selection on OS X....
Lemme check.... I know Illustrator does.....
Holy crap! It doesn't!
That's what I get for being an Illustrator Monkey.
I guess you could always load up FontBook, on a Mac, anyways..
So WEIRD! WYSIWYG in Illustrator, but not in Photoshop. WTF is up with that?
SuSE 9.2 has almost all this stuff.
.
You can install Xcompmgr from the DVD, and drivers for everything are there.
It's also a one click install, purely graphical, no text/console test/anything ugly from first install screen->first bootup.
It's defintely one click. You start it, it asking you if you want to make any changes, and usually you can just click 'no'.
9.3 will have kompmgr/metacity alpha/shadows, and kompose (expose type stuff) in the default install.
The desktop is pretty clean, too. "My Computer", "Local Network", "SuSE", "Help", "Office", "Trash".
No applets loaded by default except system tray and clock. YaST has gotten much better with plug'n'play hardware, too. Plug in a mouse, and a popup screen appears, "Would you like to configure Logitech Cordless Pro?"
Same for printers, DVD burners, etc. .
I like it, and it passes the non-totally computer literate parents test.
Even on their wank-ass Sony PCV-W510G desktop in a laptop form factor.
I dunno.
I guess I'm spoiled by 64-bit linux. For the most part, everything works.
I've got only one minor problem. I can't get Cedega (transgaming's wine) to load positional audio using Alsa.
OSS emulation mode (2 speaker) works great, and everything runs fine in 32-bit mode.
Linux-64 was a pretty simple upgrade. Is Win64 really that much of a pain?
WHY!!! OH!!! THE HUMANITY!!!!
:)
There's already a SP1 on Longhorn's roadmap?
I guess there are improvement scheduled to fit inbetween 2006-2007.
Microsoft couldn't possibly believe that a series of security patches will be necessary
I bet there won't be a Classic Desktop.
There might be a compatability Desktop, that you can start up to run your old apps, like a quasi-virtual machine.
DRM? Like, more media DRM? We have that now, everywhere, even on Linux, with Wine.
/slap WhiteWolf666.
Trusted Computing? Is this the little 't' computing, with the NX bit set?
Linux. Check.
Mac OS X has similar functionality, if IIRC.
Trusted Computing, with the big 'T'? Palladium style?
Good. I'd love to see all the Windows Boxen out there totally locked down, so the next time some uber worm comes out, it'll own then, and pwn palladium configuration as well, so you won't be able to remove the damn thing.
Proprietary XML documents. Well....
Oh... I get it. You were being sarcastic. Sorry, didn't realize it, now I'm just a sorry troll.
Still drinking the first coffee of the day, I'm a bit fuzzy at the edges.
Cheers!
Are you going to get a new pc for longhorn?
Then get a Mac Mini after Tiger comes out.
Are you going to just purchase longhorn?
A Mac mini will probably be around the same price of Longhorn pro.
Not happy with a Mac Mini because its not sophisticated enough to game one?
Run Linux on your current desktop. Use the latest KDE 3.4 with kompmgr, bask in eye-candy. Get Transgaming's Cedega, and run games like City of Hereos, World of Warcraft, and Half-life 2.
Why wait for longhorn. That future is already here now, with half the bugs, and at the same price, to boot.
Theres even an error in the mockup.
Why does
"View All Documents"
Have a reference number
000125-J00896
While
"View All E-mails"
Doesn't?
Oops.
I don't believe this. This is market speech. This is totally impossible. If this is the case, we will see the end of the Microsoft monopoly with the release of Longhorn.
Why run Longhorn and upgrade all your apps (except for the one for which the vendors have died out, but 50% of your department insists on continuing to use because it 'just works'), or run them in a Virtual Machine, when you can get Linux, for free, run Wine, which will offer better compatability, or run either a) Qemu, b) VMware, or c) Remote Desktop into a Windows XP server box for legacy apps.
I refuse to believe this thing about compatability, because the entire Microsoft monopoly is built on compatability. Microsoft would never drop such a golden ticket into the hands of Windows opponents.
If this is true, it makes the barriers to either Mac OS X or Linux transitions non-existent. Windows would have to compete on merits alone (security, usability, extensibility).
Bwahahaha. I'll go back to the real world now. This'll never happen.
Didn't you know, Microsoft invented INVENTING?
Innovation. Microsoft Patented.
Everything else is derivative.
I find that odd and unfortunate.
I believe the rule in the U.S. is that of 'good faith'.
If the evidence is collected illegally, but the police involved did not know, (i.e. illegal on some kind of minor technicality), its permitted.
If the police committed some gross violation of law, or knowingly committed a crime (I'm just hacking into this, it's okay, we'll find some dirt, or, "We'll go ahead an download this stuff, even though downloading is bad, because we'll catch people like that"), it will not qualify for a 'good faith' exemption.
Obviously, there's quite a bit of room for interpretation here, so a police-biased judge/bad lawyer will mean the police will get away with alot, while a defendant-biased judge/good lawyer will mean the police will get away with very little, and have to be extremely careful.
I'm not sure which system is right. Both seem to have their downfalls. Given the rather indiscrimante prosecution that occurs in the U.S., though, I'm happy its like this. As I understand it, prosecutors are more reasonable in the E.U., so I guess its not such a big deal.
I agree wholeheartedly.
Some of their products are good.
Some of them suck.
All in all, their business practices are abhorrent. Intentionally introduced, easy to fix incompatibilities piss me off.
Releasing all this FuD when its not necessary. (They are still the marketing leaders in most areas).
The atrocious way they've dealt with some of the ex-partners (competitors). Like Stacker, or Corel, or Caldera.
I can't stand it, and that's why I won't recommend a Microsoft product, ever. There's always either an almost as good solution, or a better solution, from another supplier, and given that the gap between Microsoft (even when they are ahead) and other suppliers is never that big, I'll ALWAYS recommend the other supplier.
Thankfully, other suppliers are getting closer and closer, and its easier to recommend them for most tasks.
I always thought that one day Microsoft would 'grow-up', and develop into an IBM of the PC world. Always there, always 85% competitive, always an important part of the market, but not this paranoid schizophrenic behavior pandering for marketshare (even more importantly than PROFIT, which is shocking) at all costs.
MS Money, for example. That's a product they should drop. They should simply give up in that area, and work on something else. MS Money is generally agreed to be inferior to all its competitors, and has never turned a profit for MS.
Yet they continue to develop it, at a loss, because Microsoft will NEVER give up a chance at control.
Very strange, and to me, not the behavior of a good component to the 'eco-system' of the software world.
But in some jurisdictions in the U.S., similar behavior by the police/corporation and a moderately sophisticated defense lawyer would get the judge to dismiss the case, and stare down the prosecutor while say, "Are you Nuts???!!"
Hopefully, Sweden will work out the same way.
One law for everyone, not one law for the corporations, another for individuals.
If they jail this guy, they should jail those involved in the APB operations.
I disagree with the other poster.
Xpdf (Pdf) is nice, as are Ghostview (Kghostview), but they are not capable of reading overly complex PDFs, or at least it takes them for ever to render overly complex PDFs. I'm not talking about 300 pages of text, I'm talking about 1 page of vector graphics. I design vector images in Illustrator, on Mac OS X. I save all my files as pdfs, either 1.4 or 1.5, and dump them on my Linux box. Other people in my office then print them as needed from the Linux box.
Unless I am very careful, and go from ps -> pdf using ghostscript, Xpdf doesn't render these correctly. Even when it does render them correctly, it takes upwards of 30-45 seconds to open the file, while Acrobat reads them instantly.
This isn't a problem for most thing--->I usually have my desktops (all linux boxen) setup to use Kpdf as a Kpart in Konqueror, but for these specific files Kpdf (Xpdf) is a pain.
Of course, Acrobat Reader 5 didn't work, because although it would render the file correctly, it couldn't print for some reason (Acrobat 7 printed them find from a Windows/Mac OS X) box. (Just got blank pages from the Linux version). I'm hoping that Acrobat Reader 7 (linux) will print these correctly, as that will give me a fast, non-clunky, no fuss solution to my printing issues.
By the way, no, Mac OS X preview does not render them correctly either, or takes forever to load them as well, but it exhibits problems with different files (some work fine in preview and break Xpdf, some work fine in Xpdf and break preview).
Don't get me wrong, for just about ANY pdf I get from the web, I use Kpdf. I also use Kpdf after I fuss with the files to make them work. But if Acrobat Reader can do the job better, I'll use that for my projects so I don't have to run them through ghostscript filters.
BTW: I am an Adobe customer.
This is whitelisting of sites that install XPIs.
Not Java applets, as far as I know.
Sun does not rely on a whitelist, but rather relies on requesting security permissions.
A Java whitelist would be a huge task to put together, and would restrict many independant developers.
The current system for Java works, IMHO. Users need to be taught to always click 'No'.
If a site owner really wants his Java applet to work, he should post a warning about the warning on his site, explain why that applet needs permission, and acknowledge that the user may get burned on this permission request.
Agreed
Most security professionals are paranoid freaks who would never click 'yes' on something like that, especially in a production or work environment.
I don't see any need to castrate java because users are stupid.
Perhaps Sun should make the Java default setting to silenty reject unsigned applets, as well as silently reject various requests for permission.
Then we'd have an equal outrage, the other way.
Java applets can do all sorts of things.
It is not true that they can't 0wn your box.
In fact, whoever told you that should be shot.
Java is very powerful, and can do many, many interesting things.
If it works properly (i.e. no exploits), than a Java applet will not be able to silently 0wn your box.
It'll request permissions, and you'll have to approve it.
There are two possible circumventions.
1. Set system-wide permissions too low. By default, they come pretty restrictive. I would not suggest changing them.
2. Exploit in the JRE. Has happened before (rarely). This doesn't count.
Java is not a pure safe language. Java does not run its applets in an entirely isolated Virtual Machine.
Java, however, does not experience buffer overruns (which lead to exploits), and does not experience a variety of other security problems.
No exploits != No 0wnage.
No explots = No 0wnage without requesting securityt permissions.
Seriously slashdotters. . . .
At some point, the user must take some responsiblity for their own security.
System doing something unintended, without user notification or permission? Security exploit.
System doign something unitended, after user notificition and approval? Idiot exploit.
The ONLY way to stop idiots from being exploited to take the permission/aprroval step out of their hands, and give it to someone else.
Either the sys-admin, or the OS manufacturer.
The sys-admin route is already possible. We don't need anything else for that. These boxes are secure, but a giantic pain to work with, depending upon what you users needs/wants are.
The OS manufactuer route. This is the route Microsoft would love to push us all.
Dump Java. It's insecure. User our New(TM) Palladium(TM) Super-Secure Trust-In-Our-Magic-Decision-Making Signed Certificate, only MS(TM) software ActiveSecureX.
The only way to prevent (idiot) exploits such as this one, is to prevent any 'unapproved' application installs.
Ask for that, and you're asking for Trusted Computing(TM).
And I'll bet ten grand that someone will figure out how to exploit THAT, and then you'll have an pwned box that is unfixable.
This is Microsoft. Even though your users make DAMN STUPID decisions on what to install (Press Yes to Install MySpware Super-Happy Plugin!), Microsoft has proven itself to be just as, if not far more vulnerable.
You download an application.
/', and running it.
You allow it to run.
It's your OWN DAMN FAULT, then.
Just because its a 'java' application, which only has in-browser warnings that say 'THIS APPLICATION MAY NOT BE SECURE, I HOPE YOU TRUST YOUR SOURCES', does not mean it is not an application from an untrusted source.
Are the popups that Kazaa spews because of flaws in IE? Or in Windows, for that matter?
No.
When you install spyware yourself, its a flaw with the user, not the operating system.
I'm probably the biggest MS hating, trash-talking Linux fanboi on slashdot, and even I recognize that this is not a security 'hole'.
This is java working as designed. There is no way to fix this problem.
Except to disable many of java's local privledges.
Pick: Reduced ease of use, or security.
Why is that? Because some jack-nut out there is going to press 'Yes' whenever a dialog pops up, no matter what.
"This java applet will delete your harddrive, continue?"
"Yes or No?"
There will be people that will press yes. Then they'll call up tech support or the help desk and demand immediate attention. Yes, this is an aspect of security.
Some security cannot be done in hardware/software. Some security must be done in user. That is all.
This is no different than downloading a script that does 'rm -r -f
The truth regarding this security 'problem' is so clear that many of you are unable to see it.