> Full disclosure: I'm currently a local IT guy for a smaller > company, with enough on my to-do list that if I thought outsourcing > email would work well for my users and save us time & money, I'd be > all over it.
It's worked well for me so far -- half the company had been forwarding all mail to gmail anyhow, because it's search engine for multi-gigabyte mail spools is very, very hard to implement locally.
Yeah, they were hit by matter instead of light. You know, like asteroids. In an asteroid field. The kind created, when, say, a big weapons platform annihilates a planet.
A NULL-dereference is not exploitable any modern platform. Coding around the Mac OS library calls would be necessary if Apple doesn't fix their stuff; basically what's going on is Firefox says "Here, render this string" and the Mac OS X library goes "ka-boom". The only thing Firefox can do is pre-validate every string to be rendered in this case. Which will be a real killer for people speaking languages whose character sets aren't in the BMP!
Note - I'm not an expert, just a guy reading bug reports.
document.write() is a vestigial piece of crap left over for the 4-browser days. Once upon a time it was used to modify the contents of layers and divs in Netscape 4.
Nobody uses it anymore except for ad-mongers, web metricians, and their ilk. Nowadays people use something called DOM, the Document Object Model.
Mozilla do both extensive static analysis and fuzz testing. The fact of the matter is, no set of automated tools is going to find every problem.
The bug in this article has nothing to do with the JIT, either. Basically, some guy forgot to check the return value from malloc, and when it returns NULL he tries to de-reference it and crash the browser. Big deal. Browser crashes *whooo*, guess I'll start it up and not visit that site with the malware again until it's patched (which I bet won't take long).
I'm surprised their roadmap doesn't mention upgrading the javascript engine ahead of the other browser components.
Tracemonkey had, and I'm sure will have again, a JIT to emit native PPC code. That will be a MAJOR performance increase across the whole browser (recall, Mozilla is held together with bailing wire and JavaScript). The embedder-facing JS API has only had one incompatible change that I know of in the last bajillion years, and I'd be willing to bet the "JS_FRIEND"ly stuff wouldn't be too bad either.
Tracing only appeared with 1.9.1, but I see no reason why it couldn't be backported. It would be like getting free CPU cycles, which most of the machines in the target audience probably desparately need.
Check the connections on your monitor where your cord hits the circuit board. I'll bet you find cold solder joints or similar on the blue and green wires.
> In Germany we have schemes that pay for empty bottles returned to the shop and I still manage to > get flat tyre on my back fairly frequently due to all the glass splitter and that even though there > are people that actually collect the bottles to get some cents for their own beer.
That's funny, I cut my big toe on a Coke bottle in Germany in 1978 and still have the scar to show for it. I was hoping Germany had improved in this regard since then!
Germans are the #1 beer consumers per capita, Canadians are #2. In Ontario, Canada (~30% of the national population) we have a beer bottle recycling program run by The Beer Store which collects 95% of the bottles sold.
This is clearly a social issue of some kind. The Beer Store is a state-run entity with a near monopoly on beer sales, and makes returning beer bottles incredibly convenient. They are also incredibly efficient -- generally serving you in under a minute -- and stock a wide variety of beer.
Loading immediate worked, otherwise indirect addressing with the accumulator would have been a giant pain in the ass. (assumption: INY and DEY would not be present if the silicon lacked direct load)
LDY #$FF :label LDA buffer,Y STA newBuffer,Y DEY BEQ label
was a fairly common idiom, IIRC. Maybe a CPY #0 before the BEQ, I forget if DEY set the zero flag. I'm about 90% sure it did, though. I'm certain you're thinking of PLA and PLP.
> The scary thing is that I remember ANY of this shit over 25 years later...
GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.
The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.
It was on the news about 10 years ago. Two friends, one of whom had been ticketed the day before in a blitz for driving 115. They had traffic backed up for *miles*
Slashdot Mirror
> Full disclosure: I'm currently a local IT guy for a smaller
> company, with enough on my to-do list that if I thought outsourcing
> email would work well for my users and save us time & money, I'd be
> all over it.
It's worked well for me so far -- half the company had been forwarding all mail to gmail anyhow, because it's search engine for multi-gigabyte mail spools is very, very hard to implement locally.
Wayyyy too obvious.
You should have told him to download them all with Outlook Express, then get Thunderbird to import them.
> McAfee and I go back a long way. It's been one crummy relationship.
I dunno, man. Back in the early 90s, their e-mail tech support was top-notch.
Yeah, they were hit by matter instead of light. You know, like asteroids. In an asteroid field. The kind created, when, say, a big weapons platform annihilates a planet.
....what do other people say?
A NULL-dereference is not exploitable any modern platform. Coding around the Mac OS library calls would be necessary if Apple doesn't fix their stuff; basically what's going on is Firefox says "Here, render this string" and the Mac OS X library goes "ka-boom". The only thing Firefox can do is pre-validate every string to be rendered in this case. Which will be a real killer for people speaking languages whose character sets aren't in the BMP!
Note - I'm not an expert, just a guy reading bug reports.
Nice astroturfing. How does AppArmor prevent invalid unicode from entering the system?
Thanks for the literal "LOL"
document.write() is a vestigial piece of crap left over for the 4-browser days. Once upon a time it was used to modify the contents of layers and divs in Netscape 4.
Nobody uses it anymore except for ad-mongers, web metricians, and their ilk. Nowadays people use something called DOM, the Document Object Model.
Mozilla do both extensive static analysis and fuzz testing. The fact of the matter is, no set of automated tools is going to find every problem.
The bug in this article has nothing to do with the JIT, either. Basically, some guy forgot to check the return value from malloc, and when it returns NULL he tries to de-reference it and crash the browser. Big deal. Browser crashes *whooo*, guess I'll start it up and not visit that site with the malware again until it's patched (which I bet won't take long).
Dude, they're already there, it's too late, they can't rebel, Big Brother and Bobby Oppressor are everywhere.
Seriously. Law & Order UK is on TV this summer, I've been watching, it's freakin' insane.
"Oh, did this guy commit a crime?"
"We don't know! Let's watch 500 hours of him on CCTV to find out!"
"Was there a crime here?"
"We don't know! Let's watch 500 hours of that spot on CCTV to find out!"
Bloody crazy!
Once a year is way too often to use soap. Heck, I don't even use corba once a year!
I'm surprised their roadmap doesn't mention upgrading the javascript engine ahead of the other browser components.
Tracemonkey had, and I'm sure will have again, a JIT to emit native PPC code. That will be a MAJOR performance increase across the whole browser (recall, Mozilla is held together with bailing wire and JavaScript). The embedder-facing JS API has only had one incompatible change that I know of in the last bajillion years, and I'd be willing to bet the "JS_FRIEND"ly stuff wouldn't be too bad either.
Tracing only appeared with 1.9.1, but I see no reason why it couldn't be backported. It would be like getting free CPU cycles, which most of the machines in the target audience probably desparately need.
Check the connections on your monitor where your cord hits the circuit board. I'll bet you find cold solder joints or similar on the blue and green wires.
> In Germany we have schemes that pay for empty bottles returned to the shop and I still manage to
> get flat tyre on my back fairly frequently due to all the glass splitter and that even though there
> are people that actually collect the bottles to get some cents for their own beer.
That's funny, I cut my big toe on a Coke bottle in Germany in 1978 and still have the scar to show for it. I was hoping Germany had improved in this regard since then!
Germans are the #1 beer consumers per capita, Canadians are #2. In Ontario, Canada (~30% of the national population) we have a beer bottle recycling program run by The Beer Store which collects 95% of the bottles sold.
This is clearly a social issue of some kind. The Beer Store is a state-run entity with a near monopoly on beer sales, and makes returning beer bottles incredibly convenient. They are also incredibly efficient -- generally serving you in under a minute -- and stock a wide variety of beer.
How is it handled in Germany?
Loading immediate worked, otherwise indirect addressing with the accumulator would have been a giant pain in the ass. (assumption: INY and DEY would not be present if the silicon lacked direct load)
was a fairly common idiom, IIRC. Maybe a CPY #0 before the BEQ, I forget if DEY set the zero flag. I'm about 90% sure it did, though.
I'm certain you're thinking of PLA and PLP.
> The scary thing is that I remember ANY of this shit over 25 years later...
I hear ya there, brother.
And the case of binary data, you're dead wrong.
GSM SMS payload is 140 8-bit characters, or bytes, depending how you look at it.
The default SMS text encoding format uses 7-bits, and employs a bit-shifting algorithm to pack 160 7-bit characters in to 140 bytes. Binary formats can't use this compression, as, well, they need all eight bits.
It was on the news about 10 years ago. Two friends, one of whom had been ticketed the day before in a blitz for driving 115. They had traffic backed up for *miles*
People have been cited for driving 100 km/hr on the 401.
How did you get a knob stuck in a dog?
Why don't you compile Tracemonkey with MSVC, GCC, and ICC, then run the sunspider benchmark. Make sure you have PGO turned on for the MSVC build.
Then you can go eat your hat.
Tell them you tracked the owner doing 3 mph over the speed limit, and that the phone took a picture of him smoking marijuana.
He'll be served with a no-knock warrant and shot in the face faster than you can say "thank you!"
I think you may have forgotten to read the GPL.
The correct way do detect your leak is to brush warm, soapy water on to all your joints, looking for bubbles.
Now, go fix your grill and make some cardboard steak.
With lasers on their heads.
Best. Plan. Ever.