The eWeek article says "Mozilla flaw," not "Windows flaw." It also says this:
Current versions of Mozilla and Firefox pass unknown protocol handlers to the operating system shell to handle.
I don't mind the occasional security hole, it's unavoidable. But don't pin this one on Windows. No browser should be passing unchecked commands from a web page to the shell.
Anyone else notice the horrendous moderation on this article? It seems the OSS zealots are out in force tonight, eager to hide any comments that potentially threaten their arguments. I posted a similar comment to this one and it was called flamebait. Why? I guess these comments are too dangerous to the groupthink here on Slashdot.
OK, that's it you guys. No more talk of how IE is so insecure because of Microsoft's 'monoculture.' Security issues, it seems, are a way of life in software. There are plenty of other arguments against Microsoft so there's no reason to use this one any more.
Personally I'm still going to use FireFox. It's a better browser than IE and I'm happy that they patched it in a single day. It's a little worrisome that this issue sat around on Bugzilla, hopefully this will motivate the Mozilla team to figure out some procedures to keep security bugs from slipping through the cracks.
Come on. E2 is an insular community where a small group of users write hundreds of wanky nodes so they can earn imaginary numbers in a database. I'm not saying all the nodes are bad, there are some real gems there but the reason they're gems is because they're creative, daring, and they're owned by a single user. E2 is not an encyclopedia, and it shares neither the goal or the software capabilities of Wikipedia.
Wikipedia could be described as a directed anarchy. The community is startlingly accepting of new editors and controversial viewpoints, and I believe this is because Wikipedia users insist on adhering to the project's goal: an encyclopedia, nothing more.
In contrast E2 is a clique. Those who have "earned their bullshit" are basically worth more than normal users. There's no stated goal and while E2 is much more creative and productive than your average message board, it doesn't rise far above the level of "net hangout."
In response to the comment, Wikipedia is also peer-reviewed. Every user is an editor, not just a hand-picked group of pals who can be counted upon to enforce the groupthink. As for lacking editorial wars, maybe I'm dating myself on E2 but I recall a certain user named dman...
I mean, they're not right to include copy protection on CDs, but Macrovision's statement is accurate. Slashdot and the tech media jumped on that story with cries of "spyware! virus!" but it turns out that neither of these claims are correct. While the copy protection software certainly isn't noble in intent, even its critics have to concede that it's not a virus or spyware.
I saw this demonstrated on a Pocket PC about a year ago. I'm pretty sure it works through the normal cell network. They can pull up all your information based on your name, license plate, driver's license number, etc. I thought it was just for Mass. residents but I could be wrong. Doesn't seem any worse than "running your numbers" through a dispatcher, it just takes less time so it makes the police more efficient.
I don't believe SP2 affects COM objects. Only DCOM, which almost nobody used. I haven't used SP2 so I'm not 100% sure, but I don't think it affects run-of-the-mill VB6/COM software at all.
That's not really the same. For one thing you're dicking around with the iPod wheel and squinting at the screen while driving. The BMW setup allows you to control the iPod with your head unit. Alpine has a HU that controls the iPod too, if you're not into getting a new Bimmer.
The tape adapter also sounds much worse than a direct hookup. I have an MP3-CD head unit now, previously I had a discman with a tape adapter. It really is no contest, it sounds much better without the tape kludge.
They can be invisible behind a firewall and still have real IP addresses. NAT isn't a real solution to anything. The correct solution to the IP shortage is IPv6, and the correct solution to "hard outside, soft inside" security is a combination of firewalling and keeping internal machines patched.
The Internet was supposed to connect everything to everything. Instead we have millions of unreachable hosts, which make it a real pain to use any application that requires direct connections. NAT is a step backwards and it creates more problems than it solves.
I agree, it's a terrible situation. I'm a Windows fan but this is not one of the times to defend Microsoft's software - the XP installation problem stinks. You simply can't follow their instructions and install XP without getting hit by an RPC worm. What I'd recommend is to either leave the firewall on while installing the patch, or download the network install of SP1 (this is a full installer that you can use offline), the RPC fix, and the LSASS fix, and install them with the network unplugged.
Another option is to order the security update CD from Microsoft - they'll send this to any Windows user for free.
As many have suggested, you can install behind a router. Not an ideal solution but it does the job. I hate NAT, and I hate recommending that people use it for security. NAT is a step backwards.
IT professionals can slipstream SP2 onto an installation CD once that comes out. It's due within a month or two. SP2 includes all current security patches and the new firewall, which is on by default. The new firewall also loads before TCP/IP, so there's no window of vulnerability during startup.
Autopatcher still doesn't solve the problem of installing Windows XP without getting infected during SP1 installation. I don't even know what the purpose of Autopatcher is, what's wrong with the XP automatic updater?
Re:What is google gaining from your personal life?
on
Gmail in the News
·
· Score: 4, Insightful
Read their SEC filings, then tell me they're not making any money on ads. There's also no shortage of "serious discussion" about the perceived harms of Google - if you've never seen GoogleWatch then you haven't been looking too hard.
The complaints are garbage. Same old "oh no their cookie doesn't expire til 2038" bullshit. No idea why you people target Google when every other website shows ads too, has the same privacy policy, and has the same expiration date on their cookies. I guess you just like to be contrarian.
iTunes has DRM and lossy compression. It won't play on my Tivo or in my car without burning it to a CD, ripping it again, and compressing it to MP3.
The audio tracks on the real CD have no DRM and aren't compressed. Took me 15 minutes to rip it and make MP3's. No comparison here, the CD is the winner.
What's best? Probably RAID 0+1 for you. It's striping and mirroring, you gain a good deal of performance, almost double your reliability, and lose 50% of the space.
But geez, what kind of question is this for the front page? Ask on a hardware board or do some reading on your own.
Slashdot Mirror
Writing M$ is always a sure sign of maturity. Go back to reading your tentacle porn books, you fucking nerd.
Sorry, I trust eWeek over random anonymous OSS zealot guy.
The eWeek article says "Mozilla flaw," not "Windows flaw." It also says this:
Current versions of Mozilla and Firefox pass unknown protocol handlers to the operating system shell to handle.
I don't mind the occasional security hole, it's unavoidable. But don't pin this one on Windows. No browser should be passing unchecked commands from a web page to the shell.
Anyone else notice the horrendous moderation on this article? It seems the OSS zealots are out in force tonight, eager to hide any comments that potentially threaten their arguments. I posted a similar comment to this one and it was called flamebait. Why? I guess these comments are too dangerous to the groupthink here on Slashdot.
OK, that's it you guys. No more talk of how IE is so insecure because of Microsoft's 'monoculture.' Security issues, it seems, are a way of life in software. There are plenty of other arguments against Microsoft so there's no reason to use this one any more.
Personally I'm still going to use FireFox. It's a better browser than IE and I'm happy that they patched it in a single day. It's a little worrisome that this issue sat around on Bugzilla, hopefully this will motivate the Mozilla team to figure out some procedures to keep security bugs from slipping through the cracks.
Come on. E2 is an insular community where a small group of users write hundreds of wanky nodes so they can earn imaginary numbers in a database. I'm not saying all the nodes are bad, there are some real gems there but the reason they're gems is because they're creative, daring, and they're owned by a single user. E2 is not an encyclopedia, and it shares neither the goal or the software capabilities of Wikipedia.
Wikipedia could be described as a directed anarchy. The community is startlingly accepting of new editors and controversial viewpoints, and I believe this is because Wikipedia users insist on adhering to the project's goal: an encyclopedia, nothing more.
In contrast E2 is a clique. Those who have "earned their bullshit" are basically worth more than normal users. There's no stated goal and while E2 is much more creative and productive than your average message board, it doesn't rise far above the level of "net hangout."
In response to the comment, Wikipedia is also peer-reviewed. Every user is an editor, not just a hand-picked group of pals who can be counted upon to enforce the groupthink. As for lacking editorial wars, maybe I'm dating myself on E2 but I recall a certain user named dman...
I mean, they're not right to include copy protection on CDs, but Macrovision's statement is accurate. Slashdot and the tech media jumped on that story with cries of "spyware! virus!" but it turns out that neither of these claims are correct. While the copy protection software certainly isn't noble in intent, even its critics have to concede that it's not a virus or spyware.
Pretty sure it's standard SSL. Police IT generally does care about security, contrary to belief.
I saw this demonstrated on a Pocket PC about a year ago. I'm pretty sure it works through the normal cell network. They can pull up all your information based on your name, license plate, driver's license number, etc. I thought it was just for Mass. residents but I could be wrong. Doesn't seem any worse than "running your numbers" through a dispatcher, it just takes less time so it makes the police more efficient.
I don't believe SP2 affects COM objects. Only DCOM, which almost nobody used. I haven't used SP2 so I'm not 100% sure, but I don't think it affects run-of-the-mill VB6/COM software at all.
5 playlists?
I listen to albums, not playlists.. does that mean I only get 5 albums? What a joke!
Yeah, metal cars are so quaint. Rubber and plastic panels are here to stay.
That's not really the same. For one thing you're dicking around with the iPod wheel and squinting at the screen while driving. The BMW setup allows you to control the iPod with your head unit. Alpine has a HU that controls the iPod too, if you're not into getting a new Bimmer.
The tape adapter also sounds much worse than a direct hookup. I have an MP3-CD head unit now, previously I had a discman with a tape adapter. It really is no contest, it sounds much better without the tape kludge.
He should have released ants in front of the camera.
They can be invisible behind a firewall and still have real IP addresses. NAT isn't a real solution to anything. The correct solution to the IP shortage is IPv6, and the correct solution to "hard outside, soft inside" security is a combination of firewalling and keeping internal machines patched.
The Internet was supposed to connect everything to everything. Instead we have millions of unreachable hosts, which make it a real pain to use any application that requires direct connections. NAT is a step backwards and it creates more problems than it solves.
Not really. If we're already burning a CD we can just slipstream SP1 which takes care of most of those reboots.
I agree, it's a terrible situation. I'm a Windows fan but this is not one of the times to defend Microsoft's software - the XP installation problem stinks. You simply can't follow their instructions and install XP without getting hit by an RPC worm. What I'd recommend is to either leave the firewall on while installing the patch, or download the network install of SP1 (this is a full installer that you can use offline), the RPC fix, and the LSASS fix, and install them with the network unplugged.
Another option is to order the security update CD from Microsoft - they'll send this to any Windows user for free.
As many have suggested, you can install behind a router. Not an ideal solution but it does the job. I hate NAT, and I hate recommending that people use it for security. NAT is a step backwards.
IT professionals can slipstream SP2 onto an installation CD once that comes out. It's due within a month or two. SP2 includes all current security patches and the new firewall, which is on by default. The new firewall also loads before TCP/IP, so there's no window of vulnerability during startup.
Autopatcher still doesn't solve the problem of installing Windows XP without getting infected during SP1 installation. I don't even know what the purpose of Autopatcher is, what's wrong with the XP automatic updater?
Read their SEC filings, then tell me they're not making any money on ads. There's also no shortage of "serious discussion" about the perceived harms of Google - if you've never seen GoogleWatch then you haven't been looking too hard.
The complaints are garbage. Same old "oh no their cookie doesn't expire til 2038" bullshit. No idea why you people target Google when every other website shows ads too, has the same privacy policy, and has the same expiration date on their cookies. I guess you just like to be contrarian.
That's not low. My uid isn't even low.
iTunes has DRM and lossy compression. It won't play on my Tivo or in my car without burning it to a CD, ripping it again, and compressing it to MP3.
The audio tracks on the real CD have no DRM and aren't compressed. Took me 15 minutes to rip it and make MP3's. No comparison here, the CD is the winner.
What's best? Probably RAID 0+1 for you. It's striping and mirroring, you gain a good deal of performance, almost double your reliability, and lose 50% of the space.
But geez, what kind of question is this for the front page? Ask on a hardware board or do some reading on your own.
Just making the point that cost doesn't equal quality, in any field. There are plenty of products that cost a lot and completely suck.
So this page is wrong? That page says you can use smtp-resnet.ncsu.edu.
There's nothing wrong with port 25 blocking, as long as the ISP runs its own mail server.
Why can't you use the school's smarthost? I can't think of a situation where you would need your own mail server.