There is a buffer overrun bug in your usenet/rfc822 dates in C page.
May I suggest using a "sizeof(buffer)" construct, rather than "50" as the second argument to strftime? Especially when your buffer is only 30 bytes long as is from alloca() memory. Sizeof is totally portable, right back to K&R-ANSI-draft at least. More portable than strftime!
It is potentially exploitable because you are not checking the locale before calling strftime(). The formatting of strftime() varies based on locale rules and so forth. For example, %a will yield "Mon" in english, but "Lun" in french.
So, actually, by not flipping explicitly into the C locale, and tzset()ting to GMT, your example is incomplete. I'm fairly certain that both 821 and 1123 explicitly call for date headers to be in english.
Boy, I'm a pedantic pain in the ass, aren't I? Just one of those days, I guess, eh?:)
So, what if, oh, say, the CO2 scrubbers need to work differently depending on how many days the mission has been run. So, they keep track of the first day number, and the current day number. The amount of CO2 scrubbing then is varied based on elapsed days.
^^and here's the key -- it's something you don't know about^^
Now, you make your little 5-second fix, and send seven astronauts into space.
New Year's Eve rolls around, and suddenly the mission started on day 360 and it's now day 1. Holy crap, says the scrubber, we have to scrub as though it's a 359-day mission, instead of a lousy 6.
Scrubbers go into overtime, and break. (Or, scrubber math is done in eight bits, and they think the shuttle's still on the ground and not ready to launch for another ~100 days due to integer roll-over. Or any other set of unforseen possibilities.)
Next, astronauts die of CO2 poisoning because the scrubber subsystem has been compromised.
Give the guy a break, he is a native Japanese speaker.
He meant to type "Ritter, Larry seams". As in -- the connecting stiches on Larry Ritter's pants. Unfortunately, he has misremembered his Three's Company trivia; he is not talking about John Ritter's character (Jack Tripper), but rather his hairy-chested neighbour, Larry Dallas (nee Dalliapolis).
So, get off your high horse. It should be quite clear he was talking about putting bell-bottommed pants on dolphins. Which would only be possible if they could grow vestigial limbs!
You should've just bought a million computers, then, instead of just one. I'm sure you would have gotten Windows for the same price as everybody else buying a million licenses at a time.
It seems to vary, computer-to-computer, without rhyme nor reason.
One interesting observation, I have never seen it leak on Win98.
But I have seen it leak, BADLY, on XP. My tablet has 512MB of RAM, and sometimes I can get Firefox to break 700MB of RAM in an afternoon. That's just unacceptable.
(Note -- haven't used the tablet PC since just before 1.5 came out)
1. The M-W dictionary doesn't count. Daniel Webster published his own dictionary, and randomly changed a bunch of stuff, just be different. And then you idiots adopted it, because none of you knew the right way to spell anyhow.
2. Canada most certainly *does* have unique English dialects. However, they are vanishing... as with any perfume lain next to a steaming pile of dog shit, Canada is also beginning to smell.
6. I find it interesting how even Americans know that everything they touch turns to crap. You are all like the inverse of King Midas. Yet, for some reason, you don't care. Why not? Oh yes, you touch yourselves.
Incidentally, a litre of water weighs one kilogram, and a cubic meter is one thousand litres. At least the units mean *something*.
10. Stout is an Irish invention. Ireland is not part of the UK, and never was. Except for a little piece, roughly analogous to Guantanamo Bay, Cuba. Oh, except that the Brits don't consider it to be a "Human-Rights-Free" zone.
12. I don't like baseball, but at least I'm smart enough to point out that the World Series is named for a newspaper, not the location of the teams. It's hard to blame a citizen of the US for not knowing this, however, as I understand nobody over there actually knows how to read anymore.
14. It is our plan to decriminalise murder until you solve your gun problem.
15. Camilla will become your next queen by royal appointment. She will be the Queen of the Fat Cows, and represent Ms. Average American.
> who uses WMP other then people too lazy to download something else?
Me. FYI, I'm running wmplayer v11 beta 2 ATM.
> What does it have to offer?
1. It works pretty much perfectly, out-of-the-box, with my remote control (which also happens to appear as an HID mouse + keyboard).
2. It is easily scriptable for custom quick-and-dirty applications. I run one such application to allow me to play audio and video content on my television, controlled from other PCs in the house. The application is just a full-screen HTA automating wmplayer pretty much as you would on a web page ('cept I can access WSH objects). Great for a UNIX guy who knows jack about windows but has had to make the odd web page work with wmplayer and so knows the javascript/COM turf.
3. It will display jpegs and gifs, even retrieving them by http. This important for my problem above, as my television gets nasty-jerky (sync issue) when changing to and from full-screen mode. I have a screen saver/photo album, and it's much easier on the TV to retrieve them via
I have recently started using mplayer-classic for movies, however, as I spent a few hours one night reprogramming its "hot keys" to match the buttons on my remote control, AND I can get it to full-screen without changing the resolution/refresh. But I have yet to figure out how to (or if I can) automate it like wmplayer or mplayer2.
mplayer-classic author, if you're watching, please 1. Make the pageup/down keys scriptable 2. Give focus to the files in the dialog box when opening the browse window. Hitting tab-tab-tab-tab-tab on my remote before cursoring around is a pain.
I still watch TV on 27" JVC TV I purchased in 1995. I think it looks great. The picture was awesome the day I bought it, and the picture is still great today.
I watch TV on Bell ExpressVu (Canadian Dish Network), rent the odd DVD, and watch the occasional torrent movie or TV show I missed.
You know what? I think it looks great. Of course, I sit six or eight feet back from the TV.
I am really missing anything? The new TVs in the stores look fine, but every time I visit a friend who has an enormous screen, I can't help but think "Man, those guys look all blocky and stretched" when Hockey Night in Canada is on.
> Sun (unless they seriously commit to supporting x86 -- doubtful)
Sun is seriously supporting x86 architecture that's on the HCL -- they have to, their Opteron boxes are both "the new way" and effectively x86.
Will Sun support all the myriad consumer crap that M$ does? Not a chance! And why would they want to??
Now... does Solaris make sense on the desktop? It barely did in 1992, and it sure as hell doesn't any more. If I were a major corporation looking to deredmondify, I would look square at OS X on x86.
Slashdot Mirror
We have toe nails. I think those count as cloven hooves.
IIRC posting AC requires a captcha.
I think logging in, too... but it's been LONG time since I've had to log in!
It might only do it if you don't get your password right N times in a row. Gmail does that.
There is a buffer overrun bug in your usenet/rfc822 dates in C page.
:)
May I suggest using a "sizeof(buffer)" construct, rather than "50" as the second argument to strftime? Especially when your buffer is only 30 bytes long as is from alloca() memory. Sizeof is totally portable, right back to K&R-ANSI-draft at least. More portable than strftime!
It is potentially exploitable because you are not checking the locale before calling strftime(). The formatting of strftime() varies based on locale rules and so forth. For example, %a will yield "Mon" in english, but "Lun" in french.
So, actually, by not flipping explicitly into the C locale, and tzset()ting to GMT, your example is incomplete. I'm fairly certain that both 821 and 1123 explicitly call for date headers to be in english.
Boy, I'm a pedantic pain in the ass, aren't I? Just one of those days, I guess, eh?
So, what if, oh, say, the CO2 scrubbers need to work differently depending on how many days the mission has been run. So, they keep track of the first day number, and the current day number. The amount of CO2 scrubbing then is varied based on elapsed days.
^^and here's the key -- it's something you don't know about^^
Now, you make your little 5-second fix, and send seven astronauts into space.
New Year's Eve rolls around, and suddenly the mission started on day 360 and it's now day 1. Holy crap, says the scrubber, we have to scrub as though it's a 359-day mission, instead of a lousy 6.
Scrubbers go into overtime, and break. (Or, scrubber math is done in eight bits, and they think the shuttle's still on the ground and not ready to launch for another ~100 days due to integer roll-over. Or any other set of unforseen possibilities.)
Next, astronauts die of CO2 poisoning because the scrubber subsystem has been compromised.
Great fix, mister five-second-coder.
Actually, I heard they were growing legs just so they could swim to DC, get out of the water, and kick George W. Bush in the balls.
Damn. My process tree is full of llama functions!
Well, in that case...
I for one welcome our... tasty? overlords!
> literally seems
Give the guy a break, he is a native Japanese speaker.
He meant to type "Ritter, Larry seams". As in -- the connecting stiches on Larry Ritter's pants. Unfortunately, he has misremembered his Three's Company trivia; he is not talking about John Ritter's character (Jack Tripper), but rather his hairy-chested neighbour, Larry Dallas (nee Dalliapolis).
So, get off your high horse. It should be quite clear he was talking about putting bell-bottommed pants on dolphins. Which would only be possible if they could grow vestigial limbs!
The have been online since 1996, and still haven't figured out H1 tags.
I think we can safely punch the "incompetent" chad.
You should've just bought a million computers, then, instead of just one. I'm sure you would have gotten Windows for the same price as everybody else buying a million licenses at a time.
> Microsoft's locked in monopoly is sined, sealed and delivered.
I think you're getting off on a tangent.
Actually, they should just offer to host the front page for them.. Google can afford the bandwidth...
s/firebird/phoenix
If MS OSed IE, you'd be getting 3-4 new e-mails from Secunia every hour. That would KILL the IE market entirely.
It seems to vary, computer-to-computer, without rhyme nor reason.
One interesting observation, I have never seen it leak on Win98.
But I have seen it leak, BADLY, on XP. My tablet has 512MB of RAM, and sometimes I can get Firefox to break 700MB of RAM in an afternoon. That's just unacceptable.
(Note -- haven't used the tablet PC since just before 1.5 came out)
98% of the people I meet who make this comment are still using document.all() in their IE code.
I read on /. that after removing the icing, the FF team found that the cake wasn't quite done and it was full of bugs.
1. The M-W dictionary doesn't count. Daniel Webster published his own dictionary, and randomly changed a bunch of stuff, just be different. And then you idiots adopted it, because none of you knew the right way to spell anyhow.
2. Canada most certainly *does* have unique English dialects. However, they are vanishing... as with any perfume lain next to a steaming pile of dog shit, Canada is also beginning to smell.
6. I find it interesting how even Americans know that everything they touch turns to crap. You are all like the inverse of King Midas. Yet, for some reason, you don't care. Why not? Oh yes, you touch yourselves.
Incidentally, a litre of water weighs one kilogram, and a cubic meter is one thousand litres. At least the units mean *something*.
10. Stout is an Irish invention. Ireland is not part of the UK, and never was. Except for a little piece, roughly analogous to Guantanamo Bay, Cuba. Oh, except that the Brits don't consider it to be a "Human-Rights-Free" zone.
12. I don't like baseball, but at least I'm smart enough to point out that the World Series is named for a newspaper, not the location of the teams. It's hard to blame a citizen of the US for not knowing this, however, as I understand nobody over there actually knows how to read anymore.
14. It is our plan to decriminalise murder until you solve your gun problem.
15. Camilla will become your next queen by royal appointment. She will be the Queen of the Fat Cows, and represent Ms. Average American.
Actually, we burned your Whitehouse to the ground in 1812, but other than that, basically left you alone.
Do you even know what the War of 1812 was about? Hint - it sure as hell was a war of independence!
I think I have finally figured out why GWB is the president of the USA. He stands among intellectual equals.
Miracle Whip is most certainly not a mayonnaise; in fact, it is specifically manufacturered and marketed as a low-fat mayonnaise alternative.
Hellmann's, on the other hand, IS mayonnaise.
> who uses WMP other then people too lazy to download something else?
Me. FYI, I'm running wmplayer v11 beta 2 ATM.
> What does it have to offer?
1. It works pretty much perfectly, out-of-the-box, with my remote control (which also happens to appear as an HID mouse + keyboard).
2. It is easily scriptable for custom quick-and-dirty applications. I run one such application to allow me to play audio and video content on my television, controlled from other PCs in the house. The application is just a full-screen HTA automating wmplayer pretty much as you would on a web page ('cept I can access WSH objects). Great for a UNIX guy who knows jack about windows but has had to make the odd web page work with wmplayer and so knows the javascript/COM turf.
3. It will display jpegs and gifs, even retrieving them by http. This important for my problem above, as my television gets nasty-jerky (sync issue) when changing to and from full-screen mode. I have a screen saver/photo album, and it's much easier on the TV to retrieve them via
I have recently started using mplayer-classic for movies, however, as I spent a few hours one night reprogramming its "hot keys" to match the buttons on my remote control, AND I can get it to full-screen without changing the resolution/refresh. But I have yet to figure out how to (or if I can) automate it like wmplayer or mplayer2.
mplayer-classic author, if you're watching, please
1. Make the pageup/down keys scriptable
2. Give focus to the files in the dialog box when opening the browse window. Hitting tab-tab-tab-tab-tab on my remote before cursoring around is a pain.
Wow, you think YOUR slashcode bug is annoying.. How would you feel if your user page URL didn't parse?
I still watch TV on 27" JVC TV I purchased in 1995. I think it looks great. The picture was awesome the day I bought it, and the picture is still great today.
I watch TV on Bell ExpressVu (Canadian Dish Network), rent the odd DVD, and watch the occasional torrent movie or TV show I missed.
You know what? I think it looks great. Of course, I sit six or eight feet back from the TV.
I am really missing anything? The new TVs in the stores look fine, but every time I visit a friend who has an enormous screen, I can't help but think "Man, those guys look all blocky and stretched" when Hockey Night in Canada is on.
I mean, WTF?
You need to buy an RF modulator, and a 75-to-300-ohm matching transformer.
HTH.
> Sun (unless they seriously commit to supporting x86 -- doubtful)
Sun is seriously supporting x86 architecture that's on the HCL -- they have to, their Opteron boxes are both "the new way" and effectively x86.
Will Sun support all the myriad consumer crap that M$ does? Not a chance! And why would they want to??
Now... does Solaris make sense on the desktop? It barely did in 1992, and it sure as hell doesn't any more. If I were a major corporation looking to deredmondify, I would look square at OS X on x86.