Isn't this something the gov't has been trying to do for years and years with no (public) level of success?
Are you sure? My impression was that this technology is pretty good. Additionally, I know someone who did his thesis in college on facial recognition, and the impression he gave me is that this is a problem we have a pretty good handle on already.
This already existed. It was for cd's rather than dvd's, but it worked the same. You put the cd in a "caddy" that protected it and then you would put the caddy in your system, so that the disc would always be protected. People hated them. They like small, flat discs because you can (for example) store them all in a cd (or dvd) binder.
The intranet zone is still more permissive than the internet zone. This is needed for companies with internal apps that they want to do things that they wouldn't allow from the internet. Also, the zones concept lets turn off scripting in general and then turning it on for specific sites you trust by adding them to your trusted zone.
Whoah. I didn't know ambulance missions gave you that. Is this true in both gta 3 and vice city? Also (I've wondered this for a while), does success at ambulance, firetruck, etc. missions count towards your percent complete in the stats? I've never actually went for 100%, so I don't know what counts and what doesn't. Thanks.
No, I was serious. At the beginning of the game, if your character runs more than a few feet, he gets tired and out of breath and needs to walk for a while before he can run again. Which is pretty inconvenient during a mission when your car blows up and you are trying to quickly run to grab another car, to evade people on foot, etc. By the time you reach the end of the game, you have built up enough stamina to run much further than you could at the beginning. There's no "stamina" statistic that you can view, but you can go to the stats and see how much running you've done (in feet or miles or something) which will give you a sense of where you are.
I agree that this sort of micromanagement might detract from the game. I would rather just focus on my current mission, rather than having to worry about keeping track of all my gangs, etc. That might lead to lots of tedious maintenance between missions. Also, I'm a little wary of swimming. If missions (or items) are going to require me to swim, that might be annoying. But maybe I'm just biased because I don't like, for example, driving boats on gta or swimming in mario 64, so more swimming seems like it could be a pain.
I'm not sure what would qualify hear as "an equivalent real-life situation". This is pretty concrete situation, even if it is contrived. What would be a "real-life" situation that "most people" would handle correctly?
You have to look up the correct spelling using a computer, because who cares about learning how to spell anymore[?]
I would imagine that someone who looks up correct spellings probably does. Why would you look up how to spell a word if you didn't care about learning how to spell it correctly?
In SP2, by default, the local machine zone actually has even less security priviledges than the internet zone. So injecting script into from the internet wouldn't create any elevation of priviledge. So in this case, yes, SP2 would keep you "super-safe" (as long as you didn't muck with the settings to turn the local machine zone back into a super-priviledged zone like it was in the past).
GTAs are nice in that your character doesn't powerup (except for the health/armor bonus possibility) and is basically the same at the end as at the begining
By the end, you've probably also built up his stamina by running a lot.
Or maybe it's just a joke. You're not allowed to notice or point out some of the absurdities in consumerist culture without completely rejecting our culture or fighting against? No one is ever allowed to find humor in himself or something of which he is part? The world would be a much worse place if everyone had to take themselves as seriously as you suggest, being afraid to point out any of the absurdities of their own society lest they be labelled a hypocrite for being part of that society.
Opening up IE and doing the same caused explorer.exe to open. It doesn't look good. Maybe they will fix it in the final version of SP2?
The IE situation was discussed before. Even though it works if you actually type it in the address bar, it won't work if you try to access the same uri via clicking a link, or script in a webpage, or whatever. Similarly, if you type a file:// path to a local exe into the address bar, it will run, but that doesn't work via a link.
Its the same thing over here - if mozilla says blue screen yourself MS OS shouldn't do so just because an application is asking it.
But that's not what Mozilla is saying. Mozilla is saying "I wantt to invoke the following application". When one program tells the operating system that it wants to start another program, the operating system isn't really expected to say "Wait. Are you sure? Are you asking me to invoke this application because of untrusted user input? Maybe I shouldn't start the process you asked me to, just in case you're wrong and don't really want me to start it."
That's fair, although it's not true that it's only available for English. The wegpage says "It is currently available in English and German. Note that this version requires an existing installation of Windows XP. For information regarding the Japanese version of SP2, please go to the Japan TechNet site.". I followed the link to the Japanese site, but don't know what's going on there because, surprisingly, it's in Japanese. But it sounds like it probably has sp2 for download, so that's three languages, although you're right that finnish isn't one of them.
First, it's not a Mozilla exploit, it's a Windows exploit.
No, it's a Mozilla exploit. Mozilla was passing unverified user input to the shell (to Windows) and effectively telling Windows "I want you to run this program". Windows would then run the program. The bug here is that Mozilla should not be giving untrusted input to the operating system. The bug is not the fact that it is possible to pass something to the OS in that way, it's that Mozilla was not validating what input it was passing. Not blindly trusting user input is one of the first prinicpals of writing secure code, and Mozilla neglected that pricipal while IE didn't (but apparently MSN and Word did). It was probably a good idea to remove this from the OS (as was apparently done in xp sp2) since it was being abused, but it was not a "bug" in Windows. There was also a pretty short article in eweek about the topic which you might find interesting.
However, you CAN
type a filename in and have it open in its associated application. If that filename is too long, you can exploit a buffer overflow in the helper application. There happens to be a plentitude of client applications on a standard XP box with buffer overflow possibilities. Once you're there, go anywhere you want with the privileges of the user on the XP box
I can type in a filename to get the same priviledges as the user (meaning myself)? How is this an exploit? The shell: problem was that it could be exploited via a link to a uri. I don't see how something that has to be typed in to the address bar is much of a vulnerability. If you can convince someone to run the arbitrary program with the buffer overrun, you've already won since you've convinced them to run an arbitrary program for you.
Good. Go download it. Or don't. But at least don't be a hypocrite like half the people here and say that sp2 "doesn't count" until it reaches final release form, while firefox "counts" even though it's also in pre-release form (not even at 1.0 yet). Sort of like when people claim that IE on xp doesn't have popup blocking but firefox does.
The article is short on details. Does this really work on xp sp2? I know that xp sp2 protected against the Mozilla exploit, so I would imagine the same is true here. Which would make your claim that these sorts of things are only fixed "in the open source world" seem pretty specious.
If people want to, they can download and install sp2 today. I'm running it, and have been happy with it. Every recent exploit that has been announced was blocked on it.
I assumed that for.net bytecode, there was some equivalent of the.pdb symbol files we use for native dll's, which contain all of the local variable names, etc. (or at least for whatever wasn't optimized away by the compiler). If you had these for your.net class, you would be all set. Do they exist? Obviously, if someone didn't want you figuring out how their code works they wouldn't givey you this (and would probably use Dotfuscator from VS, or somesuch), but if the assumption is that you are translating code of someone you know from vb to c# or whatever, then you would presumably have the symbols.
Slashdot Mirror
I find it hard to believe that you really don't see how the second point explains the first.
Are you sure? My impression was that this technology is pretty good. Additionally, I know someone who did his thesis in college on facial recognition, and the impression he gave me is that this is a problem we have a pretty good handle on already.
This is getting tedious. I propose we take a break and debate the spelling of "Supercalafragalisticexpialadocious" instead.
I can read books at the library for free as well, that doesn't mean I'm never willing to buy them.
This already existed. It was for cd's rather than dvd's, but it worked the same. You put the cd in a "caddy" that protected it and then you would put the caddy in your system, so that the disc would always be protected. People hated them. They like small, flat discs because you can (for example) store them all in a cd (or dvd) binder.
The intranet zone is still more permissive than the internet zone. This is needed for companies with internal apps that they want to do things that they wouldn't allow from the internet. Also, the zones concept lets turn off scripting in general and then turning it on for specific sites you trust by adding them to your trusted zone.
Whoah. I didn't know ambulance missions gave you that. Is this true in both gta 3 and vice city? Also (I've wondered this for a while), does success at ambulance, firetruck, etc. missions count towards your percent complete in the stats? I've never actually went for 100%, so I don't know what counts and what doesn't. Thanks.
Maybe you don't, but there are plently of us who would perfer not to broadcast with the world information about everyone with whom we communicate.
No, I was serious. At the beginning of the game, if your character runs more than a few feet, he gets tired and out of breath and needs to walk for a while before he can run again. Which is pretty inconvenient during a mission when your car blows up and you are trying to quickly run to grab another car, to evade people on foot, etc. By the time you reach the end of the game, you have built up enough stamina to run much further than you could at the beginning. There's no "stamina" statistic that you can view, but you can go to the stats and see how much running you've done (in feet or miles or something) which will give you a sense of where you are.
I agree that this sort of micromanagement might detract from the game. I would rather just focus on my current mission, rather than having to worry about keeping track of all my gangs, etc. That might lead to lots of tedious maintenance between missions. Also, I'm a little wary of swimming. If missions (or items) are going to require me to swim, that might be annoying. But maybe I'm just biased because I don't like, for example, driving boats on gta or swimming in mario 64, so more swimming seems like it could be a pain.
I'm not sure what would qualify hear as "an equivalent real-life situation". This is pretty concrete situation, even if it is contrived. What would be a "real-life" situation that "most people" would handle correctly?
I would imagine that someone who looks up correct spellings probably does. Why would you look up how to spell a word if you didn't care about learning how to spell it correctly?
In SP2, by default, the local machine zone actually has even less security priviledges than the internet zone. So injecting script into from the internet wouldn't create any elevation of priviledge. So in this case, yes, SP2 would keep you "super-safe" (as long as you didn't muck with the settings to turn the local machine zone back into a super-priviledged zone like it was in the past).
By the end, you've probably also built up his stamina by running a lot.
Or maybe it's just a joke. You're not allowed to notice or point out some of the absurdities in consumerist culture without completely rejecting our culture or fighting against? No one is ever allowed to find humor in himself or something of which he is part? The world would be a much worse place if everyone had to take themselves as seriously as you suggest, being afraid to point out any of the absurdities of their own society lest they be labelled a hypocrite for being part of that society.
Ok then, tough guy, what's the missing letter in "ain't"?
The IE situation was discussed before. Even though it works if you actually type it in the address bar, it won't work if you try to access the same uri via clicking a link, or script in a webpage, or whatever. Similarly, if you type a file:// path to a local exe into the address bar, it will run, but that doesn't work via a link.
But that's not what Mozilla is saying. Mozilla is saying "I wantt to invoke the following application". When one program tells the operating system that it wants to start another program, the operating system isn't really expected to say "Wait. Are you sure? Are you asking me to invoke this application because of untrusted user input? Maybe I shouldn't start the process you asked me to, just in case you're wrong and don't really want me to start it."
That's fair, although it's not true that it's only available for English. The wegpage says "It is currently available in English and German. Note that this version requires an existing installation of Windows XP. For information regarding the Japanese version of SP2, please go to the Japan TechNet site.". I followed the link to the Japanese site, but don't know what's going on there because, surprisingly, it's in Japanese. But it sounds like it probably has sp2 for download, so that's three languages, although you're right that finnish isn't one of them.
No, it's a Mozilla exploit. Mozilla was passing unverified user input to the shell (to Windows) and effectively telling Windows "I want you to run this program". Windows would then run the program. The bug here is that Mozilla should not be giving untrusted input to the operating system. The bug is not the fact that it is possible to pass something to the OS in that way, it's that Mozilla was not validating what input it was passing. Not blindly trusting user input is one of the first prinicpals of writing secure code, and Mozilla neglected that pricipal while IE didn't (but apparently MSN and Word did). It was probably a good idea to remove this from the OS (as was apparently done in xp sp2) since it was being abused, but it was not a "bug" in Windows. There was also a pretty short article in eweek about the topic which you might find interesting.
I can type in a filename to get the same priviledges as the user (meaning myself)? How is this an exploit? The shell: problem was that it could be exploited via a link to a uri. I don't see how something that has to be typed in to the address bar is much of a vulnerability. If you can convince someone to run the arbitrary program with the buffer overrun, you've already won since you've convinced them to run an arbitrary program for you.
Good. Go download it. Or don't. But at least don't be a hypocrite like half the people here and say that sp2 "doesn't count" until it reaches final release form, while firefox "counts" even though it's also in pre-release form (not even at 1.0 yet). Sort of like when people claim that IE on xp doesn't have popup blocking but firefox does.
The article is short on details. Does this really work on xp sp2? I know that xp sp2 protected against the Mozilla exploit, so I would imagine the same is true here. Which would make your claim that these sorts of things are only fixed "in the open source world" seem pretty specious.
If people want to, they can download and install sp2 today. I'm running it, and have been happy with it. Every recent exploit that has been announced was blocked on it.
The last major release is the new version in xp sp2, and it definitely does not drop the ball "from a security standpoint".
I assumed that for .net bytecode, there was some equivalent of the .pdb symbol files we use for native dll's, which contain all of the local variable names, etc. (or at least for whatever wasn't optimized away by the compiler). If you had these for your .net class, you would be all set. Do they exist? Obviously, if someone didn't want you figuring out how their code works they wouldn't givey you this (and would probably use Dotfuscator from VS, or somesuch), but if the assumption is that you are translating code of someone you know from vb to c# or whatever, then you would presumably have the symbols.