You're conflating running an an application, that which users would be expected to do, and installing an application, something which often requires administrator privileges.
Of course the OS is at fault if it lets applications escape the sandbox (memory management, file permissions, socket openning restrictions etc.) that they ought to be running in. Of course it's the OS's fault if it has nothing even approximating such a sandbox.
And of course it's the installer's fault if it demands administrator privileges and then abuses them.
Nope, that's a model for a ruled Moebius band which self-intersects in a straight line, as can be seen in the reference to American Mathematical Monthly, 91 (1984).
This one's different, it's not allowed to self-intersect I presume.
I think you're missing his point. His point is that an extruded mobius strip is as much a mobius strip as one made from deformation and glueing of a strip. The topological property, which is the only thing previously of interest, is there in both of them, so they're both mobius strips, even if you made them a different way. Of course, his construction is utterly uninteresting and irrelevant to the question in hand, which is not one of topology, but one of mechanics.
Surely that can't be correct, can it? The energy density will not be equal at all points on the surface, which means that you can skew the mean energy density by making the strip wider at the low-energy-density places, and narrower at the high-energy-density places. Of course, the *strip* nature excludes these homotopies, which makes me think that a purely topological view cannot be appropriate to this problem. Surely this is just another minimisation problem like splining, well into the applied maths domain rather than pure maths?
I'm also sure the 'answer' depends on more than just the relative width, it must surely depend on the material too, as different materials respond differently to torsion than tension, and forming a mobius strip requires both.
Note that in the above "surely" means nothing more than "I, who pretty much flunked applied maths, would like to believe".
That used to be the logic: loop = complicated => don't inline. I think since 3.x days, gcc has realistically evaluated sizes of potentially-inlinable functions and won't barf arbitrarily at loops any more. However the example I gave wasn't so much an example of that, but more an example of constant folding. fact2(4) is nothing more than a deterministic sequence of operations on constants with known arithmetic properties (floating point values have run-time-dependent behaviour so are harder to safely deal with) which can be evaluated entirely at compile time. I have no idea what level of tech MS compilers have reached, I've not touched one for ever and a day.
You're deliberately misinterpretting what he means by "a negative". He means the non-existance of a specified property in an entire _class_ of things, not that any specified individual from some class fails to have that specified property.
So "there are no 300-foot tall humans" would be and example of what you'd need to prove.
""".globl foo.type foo, @function foo:
movl $24, %eax
ret """
Personally, I hate languages within languages, or should I say languages around languages.
So doing stuff with excessive C pre-processor is evil _unless_ there's a clear automatic code generation phase for separate modules which are written only in the pre-processor macros. The fact that they become C is then pretty much irrelevant, it's as if you're just using 2 different languages (or 3 if you also have soms asm components too, say), nothing wrong in mixed-language development. It's just the merging of C stuff with pre-processor stuff that turns ugly.
Ditto templates and C++, but of course, the problem with them is you then physically cannot avoid merging the template meta-programming with the plain C++ programming. Yeugh.
Anyway, to contribute to the original topic - for _beautiful_ code, utterly transparent C, and a joy to work with, I'd have to point to the Texas Instruments Multitasking Executive (TI-ME), a real-time micro-kernel, which came bundled with their DSP development kits back in the 90s. I can say that now, as I no longer work for their main competitor in the DSP market!
Nope, not Penn Gillet, Mr., or should I say Mrs. Garrison. """
Now I, for one, think evolution is a bnuch of BULLCRAP. But I've
been told I have to teach it anyway. It was thought up by Charles
Darwin and it goes something like this: [goes up to a large poster
of evolution and begins pointing things out with her pointer.] In
the beginning we were all fish. Okay? Swimming around in the
water. And then one day a couple of fish had a retard baby, and
the retard baby was different, so it got to live. So Retard Fish
goes on to make more retard babies, and then one day, a retard
baby fish crawled out of the ocean with its [waves his left hand
limply] mutant fish hands... and it had buttsex with a squirrel or
something and made this. [points to a rodent] retard frog
squirrel, and then that had a retard baby which was a... monkey
fish-frog... And then this monkey fish-frog had buttsex with that
monkey, and... that monkey had a mutant retard baby that screwed
another monkey and... that made you! [faces the class. A new girl
is seated in the front row, looking around] So there you go!
You're the retarded offspring of five monkeys havin' buttsex with
a fish-squirrel! Congratulations! """:-D
The theoretical effectiveness of a dirty bomb was studied in my home country 4 decades ago. They decided that it would be cheaper and more effective to just replace the nuclear part of the payload with more conventional explosive.
So you're not just ignorant, you're 4 decades out of date.
No, you read the description of the exploit. The original Safari one.
There is no need for any IE to have any knowledge of command line switches in order to sanitise the command line.
The problem is turning what should be one command line argument, a URL, into more than one command line argument, including some harmful switches. That is done by escaping from the quotes. Which is done by permitting quote symbols (and then spaces) onto the command line, rather than escaping them.
It really is that simple to solve. This is done in a million other places quite happily. IE forgetting to do it here is sloppy and, in simple terms, a bug.
So you're introducing another executable into the chain? No wonder windows requires great gobs of RAM and dual core processors. Spawning ain't cheap on windows. OK, have it your way, have a separate application whose sole job is to sanitise the URL before passing it safely to the real firefox, if you like. Shame it's only useful for one single role, as it can't be given any parameters to change its behaviour. I wonder how many of these helper applications you'd need for different methods of invocation. You seem to be forgetting that the command line switches were put into Firefox for a reason.
So you *really* don't think it would just be simpler for IE to just escape characters that mean something to the command line parser?
Side impact bars are not the solution to drunk driving.
It's just another piece of government propaganda to keep the population scared.
One of the reading rooms of the university library (previously a chemistry lab) was way more dangerous - both mercury and asbestos. I bet near any highway in the average metropolis there's way more carcinogenic shit in the air than from any mythical 'dirty bomb'.
I bet you it takes me less than 20 seconds to come up with a string which will break your template.
Wait a second, I think I already asked you for one, and you didn't supply one... hmmm.... suspicious...
You may alternatively respond "there is no safe template, MS designed the interface in such a way, namely broken, that no security could be guaranteed unless *all* clients of the interface take responsibility for sanitising the string they pass".
"the actual problem is that they are expecting the quotes they put into the registry string to protect them from spaces. This is not the case."
Wrong. It protects them from spaces. It doesn't protect them from quote characters.
MS designed the command line. MS designed it broken. MS designed the way that the registry entry is used to construct a command line. MS designed that broken too. IE uses these interfaces in a broken way. Firefox is a victim of all of these things.
You are right that simply avoiding these broken interfaces is the best option. Simply avoiding anything designed by microsoft is the better option.
Well I wasn't the only one who pointed out the fact that what you reported indicated that you hadn't followed the instructions. The fact that you come back with a different report of what you did implies that either you admit you got it wrong first time, or that you reported it incorrectly the first time. You made a mistake. Get over it. Move on.
Anyway, quite what happens on that lame-arse OS, I have no idea, and I couldn't give a shit. Doesn't work for you? Whoopie doo, you're safe for another week.
It's not supposed to know. It shouldn't know. That would be dreadful coupling.
It's supposed to ensure that the command line it asks the OS to execute is encoded such that the string it thinks is the URL is what will be parsed by firefox as the URL. Given that Firefox is written in C and built using MS's visual studio, then it should use the rules that MS provide (I included a link to MSDN in one of my other posts) regarding how the command line will be parsed. That means that it should escape all characters which have important meanings in command line parsing. That way the URL will be interpreted by firefox as a single string with dodgy characters in it which is then subsequently rejected, rather than as a sequence of different strings, one of which is interpreted as the URL and others as other switches.
The question now becomes whether the -chrome option being able to contain javascript is a bug or a feature. It's the bloatware developers who think it's a feature, and you who thinks it's a bug. I'll bow out.
And stop calling it "injecting code into the command line parser", it's not injecting anything, it's just a command line. It accepts the command line, it parses the command line, including the -chrome switch, as it's just a command line. A command line created by a buggy piece of software that let you inject undesirable arguments into what it creates. See for example his comments on Safari: """ With a simple link you cannot pass along arbitrary characters to the command line which is later executed and most attempts at doing so will simply be URL escape, such that myprotocol://someserver.com/some"[SPACE]argument is turned into
Slashdot Mirror
You're conflating running an an application, that which users would be expected to do, and installing an application, something which often requires administrator privileges.
Of course the OS is at fault if it lets applications escape the sandbox (memory management, file permissions, socket openning restrictions etc.) that they ought to be running in. Of course it's the OS's fault if it has nothing even approximating such a sandbox.
And of course it's the installer's fault if it demands administrator privileges and then abuses them.
These are two entirely different issues.
"""
Kernel module (scsi/usb/sane) not loaded - solution: reboot/reconfigure.
"""
?!?!?!??
If the problem is that the kernel module is not loaded, then insmod it.
No reconfiguring, no rebooting, just a simple insmod or modprobe.
That's why it's a _module_, you see.
And the same in laboratory conditions, using a high speed camera:
http://www.youtube.com/watch?v=sVVcWafi-MU
Nope, that's a model for a ruled Moebius band which self-intersects in a straight line, as can be seen in the reference to American Mathematical Monthly, 91 (1984).
This one's different, it's not allowed to self-intersect I presume.
I think you're missing his point. His point is that an extruded mobius strip is as much a mobius strip as one made from deformation and glueing of a strip. The topological property, which is the only thing previously of interest, is there in both of them, so they're both mobius strips, even if you made them a different way. Of course, his construction is utterly uninteresting and irrelevant to the question in hand, which is not one of topology, but one of mechanics.
Surely that can't be correct, can it? The energy density will not be equal at all points on the surface, which means that you can skew the mean energy density by making the strip wider at the low-energy-density places, and narrower at the high-energy-density places. Of course, the *strip* nature excludes these homotopies, which makes me think that a purely topological view cannot be appropriate to this problem. Surely this is just another minimisation problem like splining, well into the applied maths domain rather than pure maths?
I'm also sure the 'answer' depends on more than just the relative width, it must surely depend on the material too, as different materials respond differently to torsion than tension, and forming a mobius strip requires both.
Note that in the above "surely" means nothing more than "I, who pretty much flunked applied maths, would like to believe".
That used to be the logic: loop = complicated => don't inline.
I think since 3.x days, gcc has realistically evaluated sizes of potentially-inlinable functions and won't barf arbitrarily at loops any more. However the example I gave wasn't so much an example of that, but more an example of constant folding. fact2(4) is nothing more than a deterministic sequence of operations on constants with known arithmetic properties (floating point values have run-time-dependent behaviour so are harder to safely deal with) which can be evaluated entirely at compile time. I have no idea what level of tech MS compilers have reached, I've not touched one for ever and a day.
You're deliberately misinterpretting what he means by "a negative". He means the non-existance of a specified property in an entire _class_ of things, not that any specified individual from some class fails to have that specified property.
So "there are no 300-foot tall humans" would be and example of what you'd need to prove.
Hmmm....
Don't use recursion, and let good old fashioned C work things out at compile time:
// == (4 * 3 * 2 * 1) == 24
.globl foo .type foo, @function
"""
static inline int fact2(int n)
{
int r=1;
while(n>1)
{
r*=n; n--;
}
return r;
}
int foo()
{
return fact2(4);
}
"""
Which becomes
"""
foo:
movl $24, %eax
ret
"""
Personally, I hate languages within languages, or should I say languages around languages.
So doing stuff with excessive C pre-processor is evil _unless_ there's a clear automatic code generation phase for separate modules which are written only in the pre-processor macros. The fact that they become C is then pretty much irrelevant, it's as if you're just using 2 different languages (or 3 if you also have soms asm components too, say), nothing wrong in mixed-language development. It's just the merging of C stuff with pre-processor stuff that turns ugly.
Ditto templates and C++, but of course, the problem with them is you then physically cannot avoid merging the template meta-programming with the plain C++ programming. Yeugh.
Anyway, to contribute to the original topic - for _beautiful_ code, utterly transparent C, and a joy to work with, I'd have to point to the Texas Instruments Multitasking Executive (TI-ME), a real-time micro-kernel, which came bundled with their DSP development kits back in the 90s. I can say that now, as I no longer work for their main competitor in the DSP market!
I've detected plenty of humans using the internet, still looking for the grey matter...
I get mixed messages from his competitors:
http://www.cn.stir.ac.uk/~tgeng/research.html
They seem to call their 4-legged contraptions 'bipeds'.
Nope, not Penn Gillet, Mr., or should I say Mrs. Garrison. :-D
"""
Now I, for one, think evolution is a bnuch of BULLCRAP. But I've
been told I have to teach it anyway. It was thought up by Charles
Darwin and it goes something like this: [goes up to a large poster
of evolution and begins pointing things out with her pointer.] In
the beginning we were all fish. Okay? Swimming around in the
water. And then one day a couple of fish had a retard baby, and
the retard baby was different, so it got to live. So Retard Fish
goes on to make more retard babies, and then one day, a retard
baby fish crawled out of the ocean with its [waves his left hand
limply] mutant fish hands... and it had buttsex with a squirrel or
something and made this. [points to a rodent] retard frog
squirrel, and then that had a retard baby which was a... monkey
fish-frog... And then this monkey fish-frog had buttsex with that
monkey, and... that monkey had a mutant retard baby that screwed
another monkey and... that made you! [faces the class. A new girl
is seated in the front row, looking around] So there you go!
You're the retarded offspring of five monkeys havin' buttsex with
a fish-squirrel! Congratulations!
"""
"retarded fish monkeys"
Bullshit?
The theoretical effectiveness of a dirty bomb was studied in my home country 4 decades ago.
They decided that it would be cheaper and more effective to just replace the nuclear part of the payload with more conventional explosive.
So you're not just ignorant, you're 4 decades out of date.
"most free", sheesh, you are full of it.
No, you read the description of the exploit. The original Safari one.
There is no need for any IE to have any knowledge of command line switches in order to sanitise the command line.
The problem is turning what should be one command line argument, a URL, into more than one command line argument, including some harmful switches. That is done by escaping from the quotes. Which is done by permitting quote symbols (and then spaces) onto the command line, rather than escaping them.
It really is that simple to solve. This is done in a million other places quite happily. IE forgetting to do it here is sloppy and, in simple terms, a bug.
So you're introducing another executable into the chain? No wonder windows requires great gobs of RAM and dual core processors. Spawning ain't cheap on windows. OK, have it your way, have a separate application whose sole job is to sanitise the URL before passing it safely to the real firefox, if you like. Shame it's only useful for one single role, as it can't be given any parameters to change its behaviour. I wonder how many of these helper applications you'd need for different methods of invocation. You seem to be forgetting that the command line switches were put into Firefox for a reason.
So you *really* don't think it would just be simpler for IE to just escape characters that mean something to the command line parser?
Side impact bars are not the solution to drunk driving.
Does anyone actually still believe that myth?
It's just another piece of government propaganda to keep the population scared.
One of the reading rooms of the university library (previously a chemistry lab) was way more dangerous - both mercury and asbestos. I bet near any highway in the average metropolis there's way more carcinogenic shit in the air than from any mythical 'dirty bomb'.
Provide a safe template please.
I bet you it takes me less than 20 seconds to come up with a string which will break your template.
Wait a second, I think I already asked you for one, and you didn't supply one... hmmm.... suspicious...
You may alternatively respond "there is no safe template, MS designed the interface in such a way, namely broken, that no security could be guaranteed unless *all* clients of the interface take responsibility for sanitising the string they pass".
"the actual problem is that they are expecting the quotes they put into the registry string to protect them from spaces. This is not the case."
Wrong. It protects them from spaces. It doesn't protect them from quote characters.
MS designed the command line. MS designed it broken. MS designed the way that the registry entry is used to construct a command line. MS designed that broken too. IE uses these interfaces in a broken way. Firefox is a victim of all of these things.
You are right that simply avoiding these broken interfaces is the best option. Simply avoiding anything designed by microsoft is the better option.
Well I wasn't the only one who pointed out the fact that what you reported indicated that you hadn't followed the instructions. The fact that you come back with a different report of what you did implies that either you admit you got it wrong first time, or that you reported it incorrectly the first time. You made a mistake. Get over it. Move on.
Anyway, quite what happens on that lame-arse OS, I have no idea, and I couldn't give a shit.
Doesn't work for you? Whoopie doo, you're safe for another week.
I've said this before, but you seem clue-resistant:
Firefox does not parse its arguments. The MS runtime startup code parses the arguments according to published MS standards.
So if the executable called 'firefox.exe' is to blame, it's becuase of this entity labelled 'MS'.
I think you can already guess that I disagree.
He who builds the command line is responsible for what it does.
Full stop.
IE doesn't sanitise the input. IE's the one building the command line.
It's not supposed to know. It shouldn't know. That would be dreadful coupling.
It's supposed to ensure that the command line it asks the OS to execute is encoded such that the string it thinks is the URL is what will be parsed by firefox as the URL. Given that Firefox is written in C and built using MS's visual studio, then it should use the rules that MS provide (I included a link to MSDN in one of my other posts) regarding how the command line will be parsed. That means that it should escape all characters which have important meanings in command line parsing. That way the URL will be interpreted by firefox as a single string with dodgy characters in it which is then subsequently rejected, rather than as a sequence of different strings, one of which is interpreted as the URL and others as other switches.
OK, I misread. His punctuation was misleading.
The question now becomes whether the -chrome option being able to contain javascript is a bug or a feature.
It's the bloatware developers who think it's a feature, and you who thinks it's a bug. I'll bow out.
And stop calling it "injecting code into the command line parser", it's not injecting anything, it's just a command line. It accepts the command line, it parses the command line, including the -chrome switch, as it's just a command line. A command line created by a buggy piece of software that let you inject undesirable arguments into what it creates. See for example his comments on Safari:
"""
With a simple link you cannot pass along arbitrary characters to the command line which is later executed and most attempts at doing so will simply be URL escape, such that myprotocol://someserver.com/some"[SPACE]argument is turned into
"C:\Program Files\My Application\myprotocol.exe" "someserver.com/some"%20argument
"""
That's what Safari should be doing with iframes, and IE should be doing too.