So, you have a contract that specifies software escrow. And when the company goes bankrupt and you find the source is not in escrow (or not all of the source is in escrow, or there is third-party IP in the escrowed source, or...):
While I agree, nothing beats having the source all the time, escrow accounts typically designate where (exactly) and how often the source code is brought to a 3rd party location -- typically a bank safe deposit box.
The contract allows access to the safe deposit box if the company folds.
Yep, the company could ignore the escrow requirement...and then you would indeed be SOL.
Rule: Contracts are only as good as the people (and to a lesser degree corporation) behind them.
Well call me a monkey's uncle, since when can you use a non-IE browser to check OWA. I just tried it and sure enough it DOES work. I was blown away. Maybe Mozilla/Firebird just got better at rendering the Microsoft Craptacular (TM) HTML it spits out. I definitely remembering not being able to access OWA six months to a year ago.
Here's one trick if your browser blocks popups: Turn off the block for your web server. If you don't, you won't be able to read or reply and/or to any messages.
On a current version of Mozilla, it's easy; load the site, click the ! icon in the lower right hand corner, and allow popups from that site.
I call BS -- I use Outlook Web Access with Firebird from home with absolutely no problems. It works differently than it does if you use IE, but it still works.
Agreed, though OWA is crummy under IE, Mozilla, and Firebird (Windows or Linux). I use two other web-based email/groupware programs and they handilly beat it into a pulp.
If anyone can tell me how to use a normal email program such as Evolution when the admins won't set up POP/IMAP/... I'd appreciate it.
Note: The company I work for is using Exchange Server 5.5x, so most of the elegent methods such as the available plugins and proxy servers won't work (unless I'm mistaken!). Very lazy company.
There is absolutely no reason to launch an executable file from an email attachment. If you attach a non-executable document file to an email, sure, let the application that filetype is associated with open it up from within Outlook, but any attempt to execute an EXE/COM/BAT/PIF/SCR file should result in 'not allowed.'
Nope; it's a bad idea to fire off an associated program to view or edit the file either.
That said, the main problem isn't really buffer overflow -- though that is a problem -- it's how Windows handles files in general;
Isolation of user-run applications from the rest of the system is poor or non-existant in practice. (In theory, there's no problem...in theory.)
File extentions. Rename an executible from nifty_virus_laden_screensaver.scr to program.exe or this.is_an_example_of_how_windows_treats_all_files , and the results 'running' each named version differ substantially.
Do Unix-like systems suffer from this? For program isolation, most Unix systems do not have complete isolation between each process that that the user runs but do seperate the supervisor account from a normal user's account. Windows can seperate user-data/apps from system level data/apps, though this is usually not the way that the systems are configured.
Unix-systems often use the 'magic' value (characteristics of the file) to determine what the file is and what happens to it. While better than Windows, it is not completely and consistantly followed.
Well, that's to be expected. While I'm no big fan of MacOS, though I also have nothing against it, it does go to show that MS is still following Apple's lead.
As for DirectX used in the UI; I would be surprised if they used anything else.
Prediction: A fancy zoomable application bar along the bottom will be one of the highly visible features. OK, not much of a prediction -- it's a given -- followed by comments about how MS 'invented' the idea.
...and software is capable of destroying your products, you're fucking fired.
You'd think that, though the initial plug and play specificiation encouraged BIOS designers to make parts of the BIOS writeable...by any program. Have a driver scan memory with a read/write test, and wreck your machine. Joy!
(As far as I can tell, nobody lost a job over that one.)
Consider Artificial Intelligence might never happen because if this kind of thing, bots could be unable to "clone themselves" due to End User License Agreement.
Here's a thought: With quantum computing, there may be 'software' that can't be copied...not even by the original developers.
Since then, I only nod dully when a friend explains how he put together a "bad-ass" system for $250. I don't tell him what I really think -- why would I want to ruin his day?
I guess I should do the same. I tell friends and family to buy quality, and they almost always buy cr&p. Reminding them later doesn't make any difference; they still want help, and tend to buy a different brand of cr&p.
It's used ("recertified"). Still cheap, though that over-hyped add reminds me why I don't like Tiger or TigerDirect. I wonder if my old CEO still works there? (He was a perfect fit for that place.)
Sounds like one way to store or show passwords without the **** nonsense. Encrypt the data, and only display it in a the non-machine decypherable form. (Hold your objections...read on.)
Socially, people like to pick dumb passwords. Tell them what makes a good password...and they will nod and pick a dumb password...then loose it. So, demanding that people follow good practices is not possible (unless you make fools of people with poor passwords by sending out funny but embarasing email using the person's own account).
Key recovery systems (email me my password) help, though they usually send the password in clear text and require network access. Making it non-machine recognizeabe would be better, but still not ideal.
Use the algorythm that generates the obscured password as a human readable one as an alternate password itself. Instead of using a dumb password such as "mypassword" (clear text digits) generate the nonsense data from the dumb password atomically at the point of entry and transmit that.
Yes, this second idea would be useless on desktop computers (too easy to thwart using social methods or key trappers). It might be handy for key-based systems that require high security. For example, put the encoder in a small part of a smart card (used from next gen ATMs through to secure area access cards)
Debate...discuss...shoot holes in this. Should be easy!
Why don't they simply mandate open and free protocols and file formats. It would essentially be the same as there is no way that Microsoft would open theirs up. At the same time, Microsoft could not (with a straight face) complain that the government is being unfair if that were the case. This also has the benefit that those that need/want/find more beneficial closed source products can still do so.
Agreed. One 'gotcha';
MS Office uses XML...is it open? MS networks run on TCP/IP...is it open? If MS provides documentation that is incomplete, or does not reflect thier own implementation (one they may pronounce defective), is it still open?
Conversely, if an open source project does not document all details, does the source become the documentation for the open protocol or format? What if it changes?
My fear is that MS will likely redefine itself -- make no changes -- and still continue with business as usual...and that others who aren't MS will attempt to do the same.
I just installed it for the 5th time (test systems) on a mix of Linux and Windows systems. If you run into trouble attempting to load the web page, try two things;
1. Verify the database port in the dcl/inc/config.php configuration file. Note: If you encounter errors, keep in mind that MySQL often uses port 3306.
2. For any file paths, make sure that the slash is the same.
The config.php file has changed some in the CVS release, so be careful if you use it.
Choosing IE means using the state of the art in technology of 1998. That was a good choice in 2001, still defendable in 2002, somewhat backwards right now and not really an option in the future. Internet explorer is old technology, it has not evolved in any significant way since version 6.0 (two years ago) which was a somewhat disappointing minor update to the previous, much older versions in the first place.
While I agree it is disapointing -- IE is quite dated -- MS has no plans to upgrade IE outside of the current shipping operating systems. Because of that, most people (who use Windows) will stick with the version that they currently have -- security defects, lack of features, and all.
I would hope that this would open up a chance that Mozilla and Firebird will become more widely used, though after installing it for my immediate family and even giving them a good tour, I have a hit rate of only 1 out of 4 (parents use Firebird), and for friends the ratio is even lower (1 switched and he uses Linux too). It's an even harder sell to folks at work who will oooh! and ahhhh!, consider that there must be a catch, and then continue to use IE. Without looking like some kind of freak, it's hard to get anyone to consider switching.
With the horridness that is IE -- and people still think it and Windows is great for some reason -- I see little chance that Microsoft will all the sudden wake up and improve the browser for all Windows users. I doubt we'll see much except for a "me too" release for XP users to clone some of the Mozilla/Opera/Firebird features, followed by nothing of note till the next big Windows release (Longhorn anyone?).
That said, I'm slowly comming to the conclusion that it's a good idea to "have a secret weapon" (use open source and any other good tools) without promoting others use them.
Why give someone {insert favorite deity}-like power when you can instead just have that power for yourself and look like that much more of an expert?
(Posted from Mozilla with 18 windows up and each with 4-20 tabs each.)
...sadly, it's still lacking database software, unless you count StarOffice's ADABAS package.
Adabas is just a database backend and not very important, though I admit it would be nice to bundle one of the existing open source backends just to remove the need to fetch and install one.
Granted, this page has been there a long time and removing it does nothing regarding the particular flaws it used to list. However, there is no logic in posting full exploit code or all the details of a flaw of a newly discovered flaw until it has been patched and there has been enough time for people to apply that patch.
So, the listed security defects are currently being repaired? Patches are soon to be available? That is news to me.
If MS *did* take these defects seriously, I'd give them the benifit of the doubt. Much too often -- 31 security holes in 1 product!!!! -- They don't till it becomes a public embarasment, and even then they don't follow through with a complete fix -- instead, it's a minor patch or the fault of the users.
These aren't minor faults (read the original list if it's still in the Google cache) most of these are quite serious.
It's called a Sharp Zaurus 5500. and you can buy one for dirt ($199.00US) most anywhere now.. in fact a couple of guys at work got them from tiger direct lately...
Then they got a good deal...the cheapest price for any Zaurus (5500 or otherwise) is ~$250usd though the average price is over $300.
Bill Gates has said in interviews even before their recent legal trouble that software patents were crippling the industry and that if things had been like this back when they were starting up, MS wouldn't have had a prayer.
And yet, the mantra of "IP rights" is all we hear from Microsoft now.
Naturally, because of the larger deployed base of Windows machines I would expect any vulnerability for Windows to be magnified in its importance just because of how many machines it affects, independent of whether Windows has more flaws, worse flaws, poor design, etc.
Slashdot Mirror
While I agree, nothing beats having the source all the time, escrow accounts typically designate where (exactly) and how often the source code is brought to a 3rd party location -- typically a bank safe deposit box.
The contract allows access to the safe deposit box if the company folds.
Yep, the company could ignore the escrow requirement...and then you would indeed be SOL.
Rule: Contracts are only as good as the people (and to a lesser degree corporation) behind them.
ARGH!!!! (Bashes head on desk.)
Go into a corner and repeat this phrase till you automatically think of it when people ask you if product X is secure or not;
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.
Here's one trick if your browser blocks popups: Turn off the block for your web server. If you don't, you won't be able to read or reply and/or to any messages.
On a current version of Mozilla, it's easy; load the site, click the ! icon in the lower right hand corner, and allow popups from that site.
Agreed, though OWA is crummy under IE, Mozilla, and Firebird (Windows or Linux). I use two other web-based email/groupware programs and they handilly beat it into a pulp.
If anyone can tell me how to use a normal email program such as Evolution when the admins won't set up POP/IMAP/... I'd appreciate it.
Note: The company I work for is using Exchange Server 5.5x, so most of the elegent methods such as the available plugins and proxy servers won't work (unless I'm mistaken!). Very lazy company.
Nope; it's a bad idea to fire off an associated program to view or edit the file either.
Two words: Buffer overflow.
That said, the main problem isn't really buffer overflow -- though that is a problem -- it's how Windows handles files in general;
Do Unix-like systems suffer from this? For program isolation, most Unix systems do not have complete isolation between each process that that the user runs but do seperate the supervisor account from a normal user's account. Windows can seperate user-data/apps from system level data/apps, though this is usually not the way that the systems are configured.
Unix-systems often use the 'magic' value (characteristics of the file) to determine what the file is and what happens to it. While better than Windows, it is not completely and consistantly followed.
As for DirectX used in the UI; I would be surprised if they used anything else.
Prediction: A fancy zoomable application bar along the bottom will be one of the highly visible features. OK, not much of a prediction -- it's a given -- followed by comments about how MS 'invented' the idea.
You'd think that, though the initial plug and play specificiation encouraged BIOS designers to make parts of the BIOS writeable...by any program. Have a driver scan memory with a read/write test, and wreck your machine. Joy!
(As far as I can tell, nobody lost a job over that one.)
Aero? Sounds inventive. Reminds me of Aqua. Hmmm. I take it back. It does not sound inventive.
Here's a thought: With quantum computing, there may be 'software' that can't be copied...not even by the original developers.
I guess I should do the same. I tell friends and family to buy quality, and they almost always buy cr&p. Reminding them later doesn't make any difference; they still want help, and tend to buy a different brand of cr&p.
Nope. Prior art goes to a work associate of mine who named his lizard Scsi. This was in the late 80s or early 90s. Probably not the first, either!
It's used ("recertified"). Still cheap, though that over-hyped add reminds me why I don't like Tiger or TigerDirect. I wonder if my old CEO still works there? (He was a perfect fit for that place.)
Socially, people like to pick dumb passwords. Tell them what makes a good password...and they will nod and pick a dumb password...then loose it. So, demanding that people follow good practices is not possible (unless you make fools of people with poor passwords by sending out funny but embarasing email using the person's own account).
Key recovery systems (email me my password) help, though they usually send the password in clear text and require network access. Making it non-machine recognizeabe would be better, but still not ideal.
Use the algorythm that generates the obscured password as a human readable one as an alternate password itself. Instead of using a dumb password such as "mypassword" (clear text digits) generate the nonsense data from the dumb password atomically at the point of entry and transmit that.
Yes, this second idea would be useless on desktop computers (too easy to thwart using social methods or key trappers). It might be handy for key-based systems that require high security. For example, put the encoder in a small part of a smart card (used from next gen ATMs through to secure area access cards)
Debate...discuss...shoot holes in this. Should be easy!
Agreed. One 'gotcha';
MS Office uses XML...is it open? MS networks run on TCP/IP...is it open? If MS provides documentation that is incomplete, or does not reflect thier own implementation (one they may pronounce defective), is it still open?
Conversely, if an open source project does not document all details, does the source become the documentation for the open protocol or format? What if it changes?
My fear is that MS will likely redefine itself -- make no changes -- and still continue with business as usual...and that others who aren't MS will attempt to do the same.
Some of the projects are highly usable now as they are, though the core tools are available to create your own customized company-wide applications.
1. Verify the database port in the dcl/inc/config.php configuration file. Note: If you encounter errors, keep in mind that MySQL often uses port 3306.
2. For any file paths, make sure that the slash is the same.
The config.php file has changed some in the CVS release, so be careful if you use it.
While I agree it is disapointing -- IE is quite dated -- MS has no plans to upgrade IE outside of the current shipping operating systems. Because of that, most people (who use Windows) will stick with the version that they currently have -- security defects, lack of features, and all.
I would hope that this would open up a chance that Mozilla and Firebird will become more widely used, though after installing it for my immediate family and even giving them a good tour, I have a hit rate of only 1 out of 4 (parents use Firebird), and for friends the ratio is even lower (1 switched and he uses Linux too). It's an even harder sell to folks at work who will oooh! and ahhhh!, consider that there must be a catch, and then continue to use IE. Without looking like some kind of freak, it's hard to get anyone to consider switching.
With the horridness that is IE -- and people still think it and Windows is great for some reason -- I see little chance that Microsoft will all the sudden wake up and improve the browser for all Windows users. I doubt we'll see much except for a "me too" release for XP users to clone some of the Mozilla/Opera/Firebird features, followed by nothing of note till the next big Windows release (Longhorn anyone?).
That said, I'm slowly comming to the conclusion that it's a good idea to "have a secret weapon" (use open source and any other good tools) without promoting others use them.
Why give someone {insert favorite deity}-like power when you can instead just have that power for yourself and look like that much more of an expert?
(Posted from Mozilla with 18 windows up and each with 4-20 tabs each.)
Adabas is just a database backend and not very important, though I admit it would be nice to bundle one of the existing open source backends just to remove the need to fetch and install one.
Backends that are currently supported by both StarOffice and OpenOffice include MySQL, Postgress, and any data source exposed by ODBC 3.0, JDBC, ADO, dBase, or if you want to go low tech flat CSV files.
When most people say they want an Access-like tool, they mean a frontend, something that OpenOffice and StarOffice already have.
To help you out, the main database section of OpenOffice.org has atips and tricks section.
Then, there are the forums that have some very interesting threads on the subject...
So, the listed security defects are currently being repaired? Patches are soon to be available? That is news to me.
If MS *did* take these defects seriously, I'd give them the benifit of the doubt. Much too often -- 31 security holes in 1 product!!!! -- They don't till it becomes a public embarasment, and even then they don't follow through with a complete fix -- instead, it's a minor patch or the fault of the users.
These aren't minor faults (read the original list if it's still in the Google cache) most of these are quite serious.
Then they got a good deal...the cheapest price for any Zaurus (5500 or otherwise) is ~$250usd though the average price is over $300.
AFAICT Tiger doesn't sell them anymore.
And yet, the mantra of "IP rights" is all we hear from Microsoft now.
How would you know?
Or, they are using PDAs, slow connections (cellular), and other newer devices. (OK, probably not...)
Naturally. Obviously. It stands to reason. Common sense. Yadda yadda yadda...Didn't we just go over this one?
Yes, I realize your version is a variation on the dead horse being dragged out and pummled these days...though it's not much different, is it?
Even if I'm wrong about the government or marketing, I am certian that there are fancy pants involved.