I saw this "exploit" on full-dis, where it started a rather large thread, given how silly this bug actually is (a screensaver breaker...ooooh now I'm quaking in my boots). I thought it was excessive that -anyone- responded to his thread, and now it got posted on/. ? What gives?
Because it's not just a bug with the screensaver, but rather with one of the default components of Cocoa. If there's an application out there that accepts data from the network and runs it through a edit field for any reason, this could easily become a remote exploit.
Q: Microsoft took out a license from SCO. Do you think that was necessary and that the timing seemed strange?
A: It's not exactly clear what they licensed.
Microsoft's been quite honest about what they licensed from SCO. Significant portions of Interix (the Unix subsystem for Windows) are direct ports of SCO's IP (the stuff SCO actually owns, not just what they say they own).
They weren't funding SCO's lawsuit, but it was a PR play. Now Microsoft can point to all of SCO's chest-puffery and say that they're compliant with SCO's licenses and that if you pick the Microsoft solution, you're safe from all of that liability.
Otherwise the next time somebody discovers a Windows security hole that applies to NT4, you're screwed. No vendor patch, ever.
Possibly, but patches to the core operating system for security purposes are relatively rare. Most patches Microsoft puts out are for the various applications they ship with the OS, and if you've properly locked down your server and firewalled it to only expose the services you're using, most patches don't even apply to you.
Err... maybe the approx. £1000 that forking out for a Win2K server license will cost. Take it from me, but for a small business, even months later you can be feeling the pain of an unnecessary cost like that.
Your existing NT4 installation isn't suddenly going to stop working, meaning that you aren't going to have to buy 'unnecessary' Win2K server licenses.
Until then, I insist everyone refer to him as "MIT/Stallman" and his project as "MIT/GNU" since he wouldn't be where he is now without the space, time, and other resources that MIT has given him over the years.
Well and obviously GNU is fashioned after Unix, even though it's not Unix itself, so it should be referred to as AT&T/Unix/MIT/GNU.
And of course, SCO is more correctly referred to as UNICS/TSS/XENIX/BSD/SystemV/TS/SunOS/OpenServer/AT &T/Unix/MIT/GNU/Linux/SCO.
At the moment, she has a 73MB inbox, and Mozilla mail seems to be having some trouble with it. I'm not sure how you make a system proof against stuff like this.
It's quite simple actually, she just needs to submit a patch to the Mozilla dev team that makes it handle large mailbox files better.
We are building on advanced work at Microsoft Research in fields such as machine learning â" the design of systems that learn from data and grow smarter over time.
In other news, Skynet went on-line on Monday, June 30th, 2003 and becomes self aware at 2:14 a.m. June 31st, 2003....
Man, if Skynet was trained on spam, no wonder it wanted to destroy humanity.
Speak for yourself. No MPAA or RIAA member has gotten any of my money in twenty years, nor have I made unauthorized copies of anything of theirs.
You're the exception, not the rule. Your average Slashdotter fumes angrily about the MPAA one day, then drools over the upcoming release of the new Lord of the Rings or Matrix or Star Wars movie the next day.
though Boies' typical roster of slashdot-friendly clients has now, one assumes, been somewhat besmirched
Lawyers are hired guns. They'll fight for whoever pays them. To be personally offended because a lawyer you thought was on "your side" is fighting for "the enemy" is to be ignorant of the world.
Please provide us in 77 words or fewer, a better definition of hacker politics than the one ESR posted.
How about this:
Hackers' political views range from reasoned, to reactionary, to insane; and generally cover the entire spectrum of points of view. Your judgement of such will largely be based on your own views. Look for hints such as spelling Microsoft with a $ instead of an S, or statements like "Slashdot is a trustworthy news source" as warnings of reactionary extremism.
But how about "free" fries and "free" toast -- it rolls off the tongue easier and isn't so in-your-face. If you like free software, you can dig on this too.
Of course, you say, but the photographer will then have to choose among his best work and pick the ones for which he wants to keep the copyright! Blah. You can't resolve it like this. Suddenly you'll have poor artists who will be exploited because they didn't pay their copyright fee, and you'll have rich art whores who'll pay to have every single piece of their crap copyrighted.
Copyright is not about doing something and having it be yours forever. Copyright is intended to encourage public art by giving authors a time period to profit from their work. If you can't make a buck in 50 years, it should be released to the public who might do something with it.
If the TiVo viewing data really gets distributed there will be MUCH better ratings for/. TV like Star Trek(s), Red Dwarf, Blackadder, The Office, Buffy,... and the stuff on TechTV and the Sci-Fi channel.
It's modded up as funny, but it's actually true. Not only can TiVo determine which shows are being watched, but they've in the past released statistics as to which parts of shows are watched the most.
TiVo is the Neilsen of the 21st century.... except much better; now there's a much larger sample to draw from, meaning the numbers are more accurate, and there's less chance of a sleeper hit slipping by unnoticed.
I thought the lawsuits addressed two features only: automatic commercial skipping and Internet video sharing between ReplayTV units.
Video extraction is the first step of Internet video sharing in the MPAA's eyes. They're more against getting a [i]perfect digital[/i] copy of the recording than just making a copy of it, as TiVo has a "Record to VCR" option.
Curiously, TiVo [i]does[/i] still have the 30-second skip button if you know how to enable it.
Maybe not a RICO case, but certainly clear-cut extortion. SCO has effectively said "You're infringing on something we think we own, and the only way we're going to give you the information you need to stop that infringment is to sign this restrictive contract with us, or else we'll sue you."
I wonder if someone threatened with a lawsuit could sign the NDA, disclose everything, then have the NDA thrown out in court as it was signed under duress.
So if Win9x isn't supported, ISPs don't want it supported, home networking devices aren't going to support it (most home routers just drop the packets, I had to go back to using Linux as my NAT in order to enable IPv6), how is it going to get adopted?
IPv6 adoption on a wide scale is several years out. Win9x is obsolete already. Adding IPv6 to Win9x would be like adding shoes on a dead horse.
WinXP and up come with IPv6 out of the box. Win2K can install it.
One of the most important features of Bittorrent is that it is almost completely decentralized.
Other than the centralized tracker server, of course. How long do you think it would be able to go on before the MPAA makes forwarding any packet containing the text ".torrent" illegal?
Slashdot Mirror
I saw this "exploit" on full-dis, where it started a rather large thread, given how silly this bug actually is (a screensaver breaker...ooooh now I'm quaking in my boots). I thought it was excessive that -anyone- responded to his thread, and now it got posted on /. ? What gives?
Because it's not just a bug with the screensaver, but rather with one of the default components of Cocoa. If there's an application out there that accepts data from the network and runs it through a edit field for any reason, this could easily become a remote exploit.
Q: Microsoft took out a license from SCO. Do you think that was necessary and that the timing seemed strange?
A: It's not exactly clear what they licensed.
Microsoft's been quite honest about what they licensed from SCO. Significant portions of Interix (the Unix subsystem for Windows) are direct ports of SCO's IP (the stuff SCO actually owns, not just what they say they own).
They weren't funding SCO's lawsuit, but it was a PR play. Now Microsoft can point to all of SCO's chest-puffery and say that they're compliant with SCO's licenses and that if you pick the Microsoft solution, you're safe from all of that liability.
Otherwise the next time somebody discovers a Windows security hole that applies to NT4, you're screwed. No vendor patch, ever.
Possibly, but patches to the core operating system for security purposes are relatively rare. Most patches Microsoft puts out are for the various applications they ship with the OS, and if you've properly locked down your server and firewalled it to only expose the services you're using, most patches don't even apply to you.
Err... maybe the approx. £1000 that forking out for a Win2K server license will cost. Take it from me, but for a small business, even months later you can be feeling the pain of an unnecessary cost like that.
Your existing NT4 installation isn't suddenly going to stop working, meaning that you aren't going to have to buy 'unnecessary' Win2K server licenses.
reefer asks: Is there any system in place or a plan on developing some system to prevent duplicate posts?
CmdrTaco: Whatever. Next.
Great attitude there, Rob.
And they want people to pay for this?
The next dupe will be posted soon, but subscribers can see it early!
There'll be a day when Linux has that many defects, if it doesn't already. All it takes is complexity.
Bugzilla reports that Mozilla alone has 31288 open bug reports right now, and Mozilla is a considerably smaller project than Windows.
A count of bug reports means nothing. The actual bugs themselves are what matters.
Until then, I insist everyone refer to him as "MIT/Stallman" and his project as "MIT/GNU" since he wouldn't be where he is now without the space, time, and other resources that MIT has given him over the years.
T &T/Unix/MIT/GNU/Linux/SCO.
Well and obviously GNU is fashioned after Unix, even though it's not Unix itself, so it should be referred to as AT&T/Unix/MIT/GNU.
And of course, SCO is more correctly referred to as UNICS/TSS/XENIX/BSD/SystemV/TS/SunOS/OpenServer/A
user_pref("browser.urlbar.clickSelectsAll", true);
user_pref("browser.urlbar.clickAtEndSelects", true);
Is there a pref to get rid of the text selection drag-and-drop in Mozilla?
At the moment, she has a 73MB inbox, and Mozilla mail seems to be having some trouble with it. I'm not sure how you make a system proof against stuff like this.
It's quite simple actually, she just needs to submit a patch to the Mozilla dev team that makes it handle large mailbox files better.
We are building on advanced work at Microsoft Research in fields such as machine learning â" the design of systems that learn from data and grow smarter over time.
In other news, Skynet went on-line on Monday, June 30th, 2003 and becomes self aware at 2:14 a.m. June 31st, 2003....
Man, if Skynet was trained on spam, no wonder it wanted to destroy humanity.
Speak for yourself. No MPAA or RIAA member has gotten any of my money in twenty years, nor have I made unauthorized copies of anything of theirs.
You're the exception, not the rule. Your average Slashdotter fumes angrily about the MPAA one day, then drools over the upcoming release of the new Lord of the Rings or Matrix or Star Wars movie the next day.
That said, maybe the prices of image editing applications will drop slightly when corporations don't have to pay fees to Unisys
Ahh what I wouldn't give to be young and naive again...
though Boies' typical roster of slashdot-friendly clients has now, one assumes, been somewhat besmirched
Lawyers are hired guns. They'll fight for whoever pays them. To be personally offended because a lawyer you thought was on "your side" is fighting for "the enemy" is to be ignorant of the world.
Please provide us in 77 words or fewer, a better definition of hacker politics than the one ESR posted.
How about this:
Hackers' political views range from reasoned, to reactionary, to insane; and generally cover the entire spectrum of points of view. Your judgement of such will largely be based on your own views. Look for hints such as spelling Microsoft with a $ instead of an S, or statements like "Slashdot is a trustworthy news source" as warnings of reactionary extremism.
But how about "free" fries and "free" toast -- it rolls off the tongue easier and isn't so in-your-face. If you like free software, you can dig on this too.
Sorry, I prefer "fries libre" and GNU/toast.
The majority of hack attacks happen immediately after a patch is announced,
Sorry, but history proves you quite wrong on this point.
Of course, you say, but the photographer will then have to choose among his best work and pick the ones for which he wants to keep the copyright! Blah. You can't resolve it like this. Suddenly you'll have poor artists who will be exploited because they didn't pay their copyright fee, and you'll have rich art whores who'll pay to have every single piece of their crap copyrighted.
Copyright is not about doing something and having it be yours forever. Copyright is intended to encourage public art by giving authors a time period to profit from their work. If you can't make a buck in 50 years, it should be released to the public who might do something with it.
Here's a better idea, make it more frequent, and logarithmic.
Gee... a dollar versus a million dollars... wonder which one Disney would lobby against and effectively kill?
If the TiVo viewing data really gets distributed there will be MUCH better ratings for /. TV like Star Trek(s), Red Dwarf, Blackadder, The Office, Buffy,... and the stuff on TechTV and the Sci-Fi channel.
It's modded up as funny, but it's actually true. Not only can TiVo determine which shows are being watched, but they've in the past released statistics as to which parts of shows are watched the most.
TiVo is the Neilsen of the 21st century.... except much better; now there's a much larger sample to draw from, meaning the numbers are more accurate, and there's less chance of a sleeper hit slipping by unnoticed.
I thought the lawsuits addressed two features only: automatic commercial skipping and Internet video sharing between ReplayTV units.
Video extraction is the first step of Internet video sharing in the MPAA's eyes. They're more against getting a [i]perfect digital[/i] copy of the recording than just making a copy of it, as TiVo has a "Record to VCR" option.
Curiously, TiVo [i]does[/i] still have the 30-second skip button if you know how to enable it.
Maybe there's a RICO case here.
Maybe not a RICO case, but certainly clear-cut extortion. SCO has effectively said "You're infringing on something we think we own, and the only way we're going to give you the information you need to stop that infringment is to sign this restrictive contract with us, or else we'll sue you."
I wonder if someone threatened with a lawsuit could sign the NDA, disclose everything, then have the NDA thrown out in court as it was signed under duress.
And unlike bypassing subscriptions, it's not something that is going to cost TiVo money, so I don't see why they would be concerned by it.
Turning a blind eye to people hacking their units to enable limitless video extraction is what led to the lawsuits that bankrupted SonicBlue.
The MPAA is not above driving TiVo into the ground if they don't submit to their will.
So if Win9x isn't supported, ISPs don't want it supported, home networking devices aren't going to support it (most home routers just drop the packets, I had to go back to using Linux as my NAT in order to enable IPv6), how is it going to get adopted?
IPv6 adoption on a wide scale is several years out. Win9x is obsolete already. Adding IPv6 to Win9x would be like adding shoes on a dead horse.
WinXP and up come with IPv6 out of the box. Win2K can install it.
[cough]Internet Explorer anyone?
You think Netscape 4 was better?
One of the most important features of Bittorrent is that it is almost completely decentralized.
Other than the centralized tracker server, of course. How long do you think it would be able to go on before the MPAA makes forwarding any packet containing the text ".torrent" illegal?