Really? None of those old Windows 98 programs that require write access to the Windows directory for their INI files? Or explode when they try to open a CD-ROM device in read/write mode?
XP is definitely the best desktop from Microsoft so far, but there's a ton of old, poorly coded applications that won't run under XP without either modification or escalated access priveleges.
In TFA, the author traced the calls that this validation program was using. It specifically checks for a registry key named "SOFTWARE\Wine\Wine\Config" and then gives a generic error if found. So no, it's not a case of Wine being an inaccurate emulator.
You're telling me that if I simply Google for "asbestos" - or better yet, "asbestos health problems" - and subsequently click five advertising links that I'm costing lawyers up to 500 dollars? I now have something to fill my lunch break.
There's comments in this very Slashdot article that praise the graphics. Here is one example. And IMHO the graphics are great - everything feels like a fluid cartoon, and the art direction is phenomenal.
I hear you I guess. I just think (IMHO) that it shoulnd't be "Trust No One" on the web. I think the advent of the rich media like Flash, ActiveX, etc. open us up to all of this, and I don't think it's worth the price. Oh well.
Sure. The first Google hit (just for kicks) is from Spyware Warrior and describes exactly what I'm talking about.
My work machine is an XPSP2 system and last year this IFRAME vulnerability was found in October and patched in December. I had tested in on my work machine (against the warnings of my coworkers) and sure enough, using the Secunia exploit example a web page was able to add items to my startup folder with no prompt whatsoever. And according to this story (from November, pre-patch) one of The Registers' advertisers used this very exploit to stealth install spyware.
So I'm not a crazy looney (well, I am but for other reasons entirely), this stuff does happen. And often.
Oh and one other followup - it turns out that the "friend" I spoke of wasn't the landlady's teenage son. It was the landlady herself. So I doubt that a single mom is going out and grabbing random binaries off Kazaa or anything:-)
I disagree about the amount of foreknowledge required to operate and own a computer. My parents can easily use Linux with a Knoppix CD - and it's quite secure too. I understand fully the argument about how virus authors target the most popular platform, but I also think that you're ignoring large areas of software where Microsoft is not dominant.
For example webservers. Apache is (I hope) still number one, and the vulnerabilities in Apache are not nearly the same level as IIS.
Virus writers don't target Windows only because it's the most popular - it's also the easiest target. By your logic, the virus writers should be using all of the Apache servers out in the wild to send spam - which they're not.
When the Apache server has a vulnerability, it's patched extremely rapidly and all distributions pick up that patch and get it to the users. For example the Debian server I use will pull the update from the Debian Security repository.
If a vulnerability in MSIE is found, it can be months before the patch makes it out. I truly the think the deployment process and speed of these patches is crucial, and that's really where Microsoft is falling short.
You do make good sense about the anti-virus software, firewall and spyware scanner. Except the firewall is now built into Windows XP SP2 and can be programatically disabled or circumvented by software on the same box. That's true of any firewall software, but now users are most likely to have the SP2 firewall - making it an easier target, since there's less choice in the matter for the user (if the user knows what a firewall is).
And the spyware scanner that Microsoft is releasing will have updates on a monthly basis. So if the new spyware definitions are released on the 5th of each month, then the spyware authors will release their new code on the 6th. Doesn't that strike you as... terrifying?
Feel free to e-mail me if you like about these issues - I really enjoy this kind of talk:-)
Thank you for providing an example that's the exception to the rule! Remember that IFRAME hole that was patched just before Christmas? The exploit for that one was floating around the Internet since October.
You know, just to provide you with a counter-example.
If the browser were secure, the user should be able to throw any garbage at the HTML parsing code, image handler routines, etc, and not have any buffer overruns, underruns, and so on.
When a new user goes to Google and searches for a random string, then clicks through to a malicious site that has previously poisened that search string the browser should not be fucking compromised. Us programmers (at least, the non-Microsoft ones) have a saying that goes "Never trust user input." HTML is user input, and something that exploits the IFRAME code of Internet Explorer is also user data.
If you fundamentally believe still that this is the fault of the user, then I don't think you quite understand what a security hole is.
Are you that naive? Seriously? Shitloads of spyware, spam trojans and the ilk use security holes in Internet Explorer to install themselves. On one of the recent machines that I've seen compromised, a "stupid user" simply surfed to a bunch of sites using Google via Internet Explorer. One of the sites was malicious, and with no software installation prompts suddenly the network traffic goes nuts. I do an iptraf monitor and see that her computer is scanning IP address sequentially, trying to access port 135 (hello DCOM+ vulnerability). And connecting to IRC networks, then subsequently to port 25 to send spam.
If you truly believe that viruses and other types of malware don't exploit these holes then I doubt I'll be able to convince you. Look around with Google.
You're talking about XSLT. The article talks about XSL for formatting (specifically XSL:FO to output a PDF). And the purpose is for printing, not formatting just the screen representation.
You kinda missed the article, right? I mean, the author was talking about the lack of reviews with depth and intellectual discourse in current gaming publications. You just made a nice list of examples proving his point.
You can subtract one from your total there - I personally couldn't give a fuck about these idiots and their guild "politics". In fact, I doubt most people care about that "event".
China, Japan, Korea, Singapore - ok, most SE Asian countries don't have enough public IP addresses allocated to them to hadn out to consumers. So consumers get a NAT'd IP address, and no inbound connections possible. This would certainly protect their systems a lot more than having all of the default Windows ports exposed to the world.
So I think the States - which has the largest pool of public IP addresses - will always come out ahead in this one.
Bullshit on that one. It took my system 10 minutes to unlock - after 2.5 hours of attempting to contact the Steam servers. If it can't get the private key for the data, it can't really decrypt it.
Nothing like paying for a single player game months in advance and then not being able to play it. Valve has managed to delay the game even after the release!
Maybe boot from a Gentoo/Knoppix/Fedora CD and run the full reiserfsck plus a badblocks scan on the device. I'm just saying I wouldn't jump to conclusions about Fedora causing this (unless you have nothing critical on there).
Slashdot Mirror
XP is definitely the best desktop from Microsoft so far, but there's a ton of old, poorly coded applications that won't run under XP without either modification or escalated access priveleges.
Ah, so that's why it was down. Do you have a link to any more info?
In TFA, the author traced the calls that this validation program was using. It specifically checks for a registry key named "SOFTWARE\Wine\Wine\Config" and then gives a generic error if found. So no, it's not a case of Wine being an inaccurate emulator.
You're telling me that if I simply Google for "asbestos" - or better yet, "asbestos health problems" - and subsequently click five advertising links that I'm costing lawyers up to 500 dollars? I now have something to fill my lunch break.
There's comments in this very Slashdot article that praise the graphics. Here is one example. And IMHO the graphics are great - everything feels like a fluid cartoon, and the art direction is phenomenal.
I hear you I guess. I just think (IMHO) that it shoulnd't be "Trust No One" on the web. I think the advent of the rich media like Flash, ActiveX, etc. open us up to all of this, and I don't think it's worth the price. Oh well.
My work machine is an XPSP2 system and last year this IFRAME vulnerability was found in October and patched in December. I had tested in on my work machine (against the warnings of my coworkers) and sure enough, using the Secunia exploit example a web page was able to add items to my startup folder with no prompt whatsoever. And according to this story (from November, pre-patch) one of The Registers' advertisers used this very exploit to stealth install spyware.
So I'm not a crazy looney (well, I am but for other reasons entirely), this stuff does happen. And often.
Oh and one other followup - it turns out that the "friend" I spoke of wasn't the landlady's teenage son. It was the landlady herself. So I doubt that a single mom is going out and grabbing random binaries off Kazaa or anything :-)
I disagree about the amount of foreknowledge required to operate and own a computer. My parents can easily use Linux with a Knoppix CD - and it's quite secure too. I understand fully the argument about how virus authors target the most popular platform, but I also think that you're ignoring large areas of software where Microsoft is not dominant.
For example webservers. Apache is (I hope) still number one, and the vulnerabilities in Apache are not nearly the same level as IIS.
Virus writers don't target Windows only because it's the most popular - it's also the easiest target. By your logic, the virus writers should be using all of the Apache servers out in the wild to send spam - which they're not.
When the Apache server has a vulnerability, it's patched extremely rapidly and all distributions pick up that patch and get it to the users. For example the Debian server I use will pull the update from the Debian Security repository.
If a vulnerability in MSIE is found, it can be months before the patch makes it out. I truly the think the deployment process and speed of these patches is crucial, and that's really where Microsoft is falling short.
You do make good sense about the anti-virus software, firewall and spyware scanner. Except the firewall is now built into Windows XP SP2 and can be programatically disabled or circumvented by software on the same box. That's true of any firewall software, but now users are most likely to have the SP2 firewall - making it an easier target, since there's less choice in the matter for the user (if the user knows what a firewall is).And the spyware scanner that Microsoft is releasing will have updates on a monthly basis. So if the new spyware definitions are released on the 5th of each month, then the spyware authors will release their new code on the 6th. Doesn't that strike you as... terrifying?
Feel free to e-mail me if you like about these issues - I really enjoy this kind of talk :-)
You know, just to provide you with a counter-example.
When a new user goes to Google and searches for a random string, then clicks through to a malicious site that has previously poisened that search string the browser should not be fucking compromised. Us programmers (at least, the non-Microsoft ones) have a saying that goes "Never trust user input." HTML is user input, and something that exploits the IFRAME code of Internet Explorer is also user data.
If you fundamentally believe still that this is the fault of the user, then I don't think you quite understand what a security hole is.
If you truly believe that viruses and other types of malware don't exploit these holes then I doubt I'll be able to convince you. Look around with Google.
You realize that buffer overflows in IE - when found - are fixed on a monthly schedule, right? And the fix is often delayed months?
So when the user gets a spam trojan installed on their system due to a security hole in IE where no patch yet exists, it's their fault right?
So when the user gets a spam trojan installed on their system due to a security hole in IE where no patch yet exists, it's their fault right?
You think my grandmother can afford a Mac? She's on a very fixed income!!!
You're talking about XSLT. The article talks about XSL for formatting (specifically XSL:FO to output a PDF). And the purpose is for printing, not formatting just the screen representation.
You kinda missed the article, right? I mean, the author was talking about the lack of reviews with depth and intellectual discourse in current gaming publications. You just made a nice list of examples proving his point.
I would have been more impressed if the 20 year old file was not in the Attic :-)
You can subtract one from your total there - I personally couldn't give a fuck about these idiots and their guild "politics". In fact, I doubt most people care about that "event".
So I think the States - which has the largest pool of public IP addresses - will always come out ahead in this one.
AFAIK, the "spurious interrupt" messages are just a debugging statement that RedHat removed. Not really a fix, just turning down the verbosity a bit.
Try Second Life.
I found it way more fun - and easier - to drive all of the vehicles in Halo using the mouse and keyboard. Maybe that's just me though.
Bullshit on that one. It took my system 10 minutes to unlock - after 2.5 hours of attempting to contact the Steam servers. If it can't get the private key for the data, it can't really decrypt it.
Nothing like paying for a single player game months in advance and then not being able to play it. Valve has managed to delay the game even after the release!
Maybe boot from a Gentoo/Knoppix/Fedora CD and run the full reiserfsck plus a badblocks scan on the device. I'm just saying I wouldn't jump to conclusions about Fedora causing this (unless you have nothing critical on there).