So far, they have known about it for over two years and have done nothing.
I don't see anything in the article that states that Microsoft knew about the bug for two and a half years, but simply that it's existed since IE 5.0, which came out two and a half years ago. The headline, and the Slashdot writeup on it smells horribly like FUD-slinging.
In fact, the article says it was only reported to Microsoft late last month and that they're testing a patch now.... two and a half week turnaround time is much different than two and a half years.
And no, Open Source isn't the silver bullet to prevent bugs like this.... how long was that recent root exploit in the Linux kernel before anyone noticed it?
Why didn't they start 36 hours earlier a year ago and get it right the first time? Have everyone on the team stay late an hour for a week or two.
Stay late an hour for a week or two? You're obviously not too familiar with game development. For the past three months, the entire EQ development team has been pulling 15+ hour days. (The lead programmer is a good friend of mine, he's been basically at work every moment he's been awake since September.) It's called "crunch time", and every game project has it.
The main problem is that you don't know about those "only 36 hours more" problems until the product gets in the hand of a large number of users. Beta testing can only catch so many bugs.
Yup, another example of the Windows ease-of-use. "You'll damn well accept things the way that we want to present them to you". To change that, you have to horse around with all sorts of goodies.
Change one config file in Linux/Unix and the job's done.
What was that about Linux being hard to use again?....
Hmm... change one config file in Linux to uninstall something.... change one config file in Windows to uninstall something....
Yeah, you're right. Linux is a whole lot easier than Windows.
To deal with this, Gecko has a wonderful feature - 'quirks' mode. When handling a web page that doesn't have a strict DTD declaration, Gecko emulates the rendering bugs of IE
Quirks mode emulates the bugs of previous versions of Netscape, not IE.
I thought most security exploits that get released by the major groups are usually passed through MS first and allow them time to provide a patch before issuing the details of the exploit.
It begs the question though... if the supposed reason that the source is released is because the vendor didn't respond to the threat, then why does the source to the exploit STILL get released even if the vendor DOES issue a patch?
Apparently this same mechanism accidentally results in executables being run as an attempt to pass them along for further processing to the OS. It's obviously a security whole in retrospect, but understandable how it occured.
Mac OS has always been more dangerous as far as trusting data files goes, simply because their forked file format allowed executable code to be attached to any otherwise "pure" data file. If I'm not mistaken (I'm not overly familiar with the internals of the Mac OS), this behavior was used so that data files could FIND their host application, or another suitable application instead, when they were double-clicked. It's a great convenience feature, but it also makes spreading illicit code easier... you don't have to virus scan a.txt file on Windows, but you do on a Mac.
I wonder if this exploit has anything to do with that.
When I write 'Information Wants to be Free', I'm not trying to anthropomorphise Information. What I mean is rather that information itself is intrinsically freely copyable; that efforts like laws or copyrights that restrict that copying are running against the most prominent features of the information itself.
Information doesn't want to be free. You want information to be free. There's nothing intrinsic about information copying itself --- that requires user intervention to do.
I do have one question, though... being a Unix-derrived OS, does the average user on a Mac OS X system have sufficent privlages to destroy anything outside of his home directory?
Probably not, but when it comes down to brass tacks, the part of the system that stings the user the most when it gets damaged is the user's data, which is accessible to the user and fair game to a trojan horse/virus/backdoor.
I'm only out an hour if I just have to reinstall the OS. I'm out possibly several months if my data gets wiped out and I don't back up (like the average user).
I seem to remember that one of the scenes in Dragons Lair was some flaming ropes or chains that you had to swing across a pit of fire with.
If I'm not mistaken, that was the intro to the Dragon's Lair television cartoon. I don't recall it being part of the game, but I could very well be wrong.
Wathing CNN right now. Kabul, Afghanistan is being attacked from the air.
I saw this on one of the other discussions, but it deserves repeating for anyone that might have missed it: If you can't get CNN on TV, or you're stuck at work, you can read the CNN closed caption stream by pointing an IRC client to chat.cnn.com, and joining channel #CNN_Newsfeed
However as directly useless as this may be to science it's doubtless opened the eye's of Britians youth to what promises to be only the first of the many pointless exercises they will be required to go through in their lives, always a lesson worth learning.
It also could have interested a few children in seismology, or science in general, and some of those children may grow up to become a world-reknowned scientist who discovers a way to accurately predict earthquakes, saving innumerable lives.
Controversial website adequacy.org has the skinny on autistic people being used by the NSA to crack RC5. Apparantly, each autist is capable of 1 megaflop per second, and there are many thousands of unused autists in our fine country. Are we not using their potential as we should?
Of course we're not! Can you imagine a beowulf cluster of those things?!
Also, the "or any later version" provision of the (L)GPL does not allow RMS to "to screw you when it pleases him", because the license explicitly states that "Such new versions will be similar in spirit to the present version."
If you think you'd be able to prove in a court of law that a change violates the "spirit" of a license, you've got another think coming. That line is legally nothing more than verbal masturbation -- it accomplishes nothing except make you feel good.
Never mind that when I purchase or download a Linux version 70% or more of the included software is GNU. Right?
Being under the GPL is not the same as being GNU. I've written stuff and released it under the GPL and I'll be damned if anyone is going to tell me that the FSF deserves naming credit for my software.
The people who designed the game are obviously most familiar with the real world economy, so some of their basic assumptions are going to be framed in terms of conventional economics.
Not necessarily. Due to the massively multiplayer aspect of the game, an in-game economy would have popped up no matter what, just because people want to interact and trade with each other. There aren't any economists on the EQ development team.
With the impending recession it might actually be a good, (if somewhat risky!) investment to transfer your savings to EQ.
And if it doesn't work out, at least you'll finally be able to afford that uber armor you've been drooling over for the past year. Win-win situation.;)
Slashdot Mirror
So far, they have known about it for over two years and have done nothing.
I don't see anything in the article that states that Microsoft knew about the bug for two and a half years, but simply that it's existed since IE 5.0, which came out two and a half years ago. The headline, and the Slashdot writeup on it smells horribly like FUD-slinging.
In fact, the article says it was only reported to Microsoft late last month and that they're testing a patch now.... two and a half week turnaround time is much different than two and a half years.
And no, Open Source isn't the silver bullet to prevent bugs like this.... how long was that recent root exploit in the Linux kernel before anyone noticed it?
"Arnold Schwarzenegger" is "back" to do "Terminator 3". This should be "good".
Why didn't they start 36 hours earlier a year ago and get it right the first time? Have everyone on the team stay late an hour for a week or two.
Stay late an hour for a week or two? You're obviously not too familiar with game development. For the past three months, the entire EQ development team has been pulling 15+ hour days. (The lead programmer is a good friend of mine, he's been basically at work every moment he's been awake since September.) It's called "crunch time", and every game project has it.
The main problem is that you don't know about those "only 36 hours more" problems until the product gets in the hand of a large number of users. Beta testing can only catch so many bugs.
Yes, but certain people are more pron to addiction.
... nevermind... nothing to see here...
I am not addicted to pron! I can stop looking at it anytime I want!
...oh?
vi versus emacs
I personally can't wait!
...and she's not petrified.. and I didn't see ANY hot grits!
Screw that! I've been reading Slashdot for the past few years... Lucas is gonna have to do better if he wants to impress ME!
Yup, another example of the Windows ease-of-use. "You'll damn well accept things the way that we want to present them to you". To change that, you have to horse around with all sorts of goodies. ....
Change one config file in Linux/Unix and the job's done.
What was that about Linux being hard to use again?
Hmm... change one config file in Linux to uninstall something.... change one config file in Windows to uninstall something....
Yeah, you're right. Linux is a whole lot easier than Windows.
How's this article showing up in my Older Stuff slashbox for the front page with only two posts on it?
DR's Gary Kildall sat down at an IBM PC supplied by IBM and, using a secret code, got it to pop up a Digital Research copyright notice.
I happen to have a copy of the secret code he used:
echo "Copyright 1981, Digital Research Corporation."
To deal with this, Gecko has a wonderful feature - 'quirks' mode. When handling a web page that doesn't have a strict DTD declaration, Gecko emulates the rendering bugs of IE
Quirks mode emulates the bugs of previous versions of Netscape, not IE.
eBay has fraud protection guidelines where they'll reimburse up to $200 of the loss.
I thought most security exploits that get released by the major groups are usually passed through MS first and allow them time to provide a patch before issuing the details of the exploit.
It begs the question though... if the supposed reason that the source is released is because the vendor didn't respond to the threat, then why does the source to the exploit STILL get released even if the vendor DOES issue a patch?
If you "encrypt" a message by XORing it with 0xDEADBEEF, don't be suprised when your super-secret encryption is broken.
You should use the much more secure method of XORing it with 0xFEEDFACEDEADBEEF instead.
Apparently this same mechanism accidentally results in executables being run as an attempt to pass them along for further processing to the OS. It's obviously a security whole in retrospect, but understandable how it occured.
.txt file on Windows, but you do on a Mac.
Mac OS has always been more dangerous as far as trusting data files goes, simply because their forked file format allowed executable code to be attached to any otherwise "pure" data file. If I'm not mistaken (I'm not overly familiar with the internals of the Mac OS), this behavior was used so that data files could FIND their host application, or another suitable application instead, when they were double-clicked. It's a great convenience feature, but it also makes spreading illicit code easier... you don't have to virus scan a
I wonder if this exploit has anything to do with that.
When I write 'Information Wants to be Free', I'm not trying to anthropomorphise Information. What I mean is rather that information itself is intrinsically freely copyable; that efforts like laws or copyrights that restrict that copying are running against the most prominent features of the information itself.
Information doesn't want to be free. You want information to be free. There's nothing intrinsic about information copying itself --- that requires user intervention to do.
I do have one question, though... being a Unix-derrived OS, does the average user on a Mac OS X system have sufficent privlages to destroy anything outside of his home directory?
Probably not, but when it comes down to brass tacks, the part of the system that stings the user the most when it gets damaged is the user's data, which is accessible to the user and fair game to a trojan horse/virus/backdoor.
I'm only out an hour if I just have to reinstall the OS. I'm out possibly several months if my data gets wiped out and I don't back up (like the average user).
I seem to remember that one of the scenes in Dragons Lair was some flaming ropes or chains that you had to swing across a pit of fire with.
If I'm not mistaken, that was the intro to the Dragon's Lair television cartoon. I don't recall it being part of the game, but I could very well be wrong.
Wathing CNN right now. Kabul, Afghanistan is being attacked from the air.
I saw this on one of the other discussions, but it deserves repeating for anyone that might have missed it: If you can't get CNN on TV, or you're stuck at work, you can read the CNN closed caption stream by pointing an IRC client to chat.cnn.com, and joining channel #CNN_Newsfeed
Note that he didn't fumble and stutter.
Yes, he did. He also took three seconds between each sentence to prepare for the next sentence. I'm glad Chaney's running the Situation Room.
However as directly useless as this may be to science it's doubtless opened the eye's of Britians youth to what promises to be only the first of the many pointless exercises they will be required to go through in their lives, always a lesson worth learning.
It also could have interested a few children in seismology, or science in general, and some of those children may grow up to become a world-reknowned scientist who discovers a way to accurately predict earthquakes, saving innumerable lives.
But it's much more fun to be jaded, isn't it?
Controversial website adequacy.org has the skinny on autistic people being used by the NSA to crack RC5. Apparantly, each autist is capable of 1 megaflop per second, and there are many thousands of unused autists in our fine country. Are we not using their potential as we should?
Of course we're not! Can you imagine a beowulf cluster of those things?!
Also, the "or any later version" provision of the (L)GPL does not allow RMS to "to screw you when it pleases him", because the license explicitly states that "Such new versions will be similar in spirit to the present version."
If you think you'd be able to prove in a court of law that a change violates the "spirit" of a license, you've got another think coming. That line is legally nothing more than verbal masturbation -- it accomplishes nothing except make you feel good.
Never mind that when I purchase or download a Linux version 70% or more of the included software is GNU. Right?
Being under the GPL is not the same as being GNU. I've written stuff and released it under the GPL and I'll be damned if anyone is going to tell me that the FSF deserves naming credit for my software.
The people who designed the game are obviously most familiar with the real world economy, so some of their basic assumptions are going to be framed in terms of conventional economics.
Not necessarily. Due to the massively multiplayer aspect of the game, an in-game economy would have popped up no matter what, just because people want to interact and trade with each other. There aren't any economists on the EQ development team.
With the impending recession it might actually be a good, (if somewhat risky!) investment to transfer your savings to EQ.
;)
And if it doesn't work out, at least you'll finally be able to afford that uber armor you've been drooling over for the past year. Win-win situation.