Slashdot is interested in getting people worked up because when people are worked up, they post a larger number of interesting comments. In theory.
Which, of course, translates into a higher number of page/banner views. Not only by the people waging the flamewar, but by the thousands of observers.
They probably see a revenue spike whenever a 1000-comment article gets postes. Can you really blame them? After all, they're just doing the good ol stimulus response dance. No point in being any better than that...
So the quotes from the bible were tarnishing the reputation/diluting the trademark of the soccer team? Would that imply that they're a bunch of evil bastards? =)
There are a few key things which need to be reusable (system libraries, toolkits, and specifically designed embeddable widgets (an HTML renderer, et al)), and as such are reusable.
The reusability of code is a programmer issue, not a technical one. If you want to write code that can be intelligently reused in another application, you have to design the objects involved appropratley. If you want to reuse it, you can right now - drop it in a gtk or, hell, you could put a Motif widget wrapper around it (as jwz was in the process of doing to XEmacs at one point). If you don't want to, is it really worth reusing anyway?
Okay, after doing a bit of research, it's not as easy as a cvar. However, with access to the maps, it would be fairly trivial to recompile them to have no visibility information (so the game will actually draw the things which you don't see - which does bring up an interesting point - how could that wireframe hack work at the driver level? the information to draw a Person You Can't See is never sent to the graphics card in the first place....? This is probably the most damming point =)).
* Is there any confirmation of this outside of this guy's site? Does anyone here actually have said drivers?
* Go to ASUS's site, and read press releases by Mr. Tsang - he is much more articulate in them than he is in the press release on Riva Station (which, coincidentally, is NOWHERE on ASUS' site).
* The Wireframe screenshots were, also coincidentally, taken *both* in the Q3 engine, which happens to have a wireframe cvar you can use if cheats are enabled.
My point is is that this bug has nothing to do with thier security model or thier philosophy, regardless of how much you want to innovate new ways to hate them.
It's a buffer overflow in the Date: field. A bug. Pure and simple. Not the result of a design decision, or a philosophy. There have these bugs in pretty much every major software package written in C/C++. It's only news here because/. is a nexus for MS haters.
This is the man p... err, help document for the utility used to alter the behaviour of System File Protection.
What I would guess, is that when you install software as Administrator, in which case the installer would run this after the software was installed - so that the definitions of Protected Files in the database gets updated, and the new versions cached. You wouldn't be able to do this as a normal user... I guess, anyway. I don't see how this would affect IE fixing Outlook's bug.
It's not an answer, but it should shed some light on the matter.
Now I'll sit here and wait for MS's lawyers to come at/. for copyright infringement. =)
System File Checker
System File Checker (sfc.exe) is a command line utility that scans and verifies the versions of all protected system files after you restart your computer. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file.
Scans all protected system files every time the computer is restarted.
/cancel
Cancels all pending scans of protected system files.
/quiet
Replaces all incorrect file versions without prompting the user.
/enable
Returns Windows File Protection to default operation, prompting the user to restore protected system files when files with incorrect versions are detected.
/purgecache
Purges the Windows File Protection file cache and scans all protected system files immediately.
/cachesize=x
Sets the size, in MB, of the Windows File Protection file cache.
Notes
You must be logged on as an administrator or as a member of the Administrators group to run System File Checker.
If the %systemroot%\system32\dllcache folder becomes corrupt or unusable, use Sfc/scannow, Sfc/scanonce, or Sfc/scanboot to repair the contents of the Dllcache directory.
Do you have any idea what a buffer overflow actually is?
Basically, you fill a fixed-size array with enough data so that you overwrite other parts of the program, do some magic (which is somewhat explained here), and then get the program to execute some arbitrary code of your own writing. Developing said code (i.e. actually writing the exploit) generally takes time, and is limited to one software/os/platform/version combination.
This has *no* relation to how the code is initially written.
A program which reads one line of code from the user, saves it to a fixed sized buffer, and then prints it out is vulnerable to a buffer overflow.
- Mac OS Rumours is commonly abbreviated MOSR. - There is a (relatively) famous, umm, 'porn' (I guess) actress named Veronica Moser, whose specialty appears to be oral consumption of fecal matter.
Could the name of the site be a subtle dig at the ones reading it...? =)
Please refrain from further metaphors equating urine (or any other form of excrement) with food (or drink) in your future postings to Slashdot.
It's a good thing you don't drink american beer then. (judging by your dietary preference, I'd wager a guess that you aren't a fan of the american be... err, rancid cow urine.)
Even if you don't use something that can specify the transport agent to use, it's possible to replace/usr/bin/mail with fetchmail, or to use it in.forward.
s/fetchmail/procmail/ ?
Anyway, I do specify procmail in my.forward, just using fetchmail to get it.
BTW, do you know if there is any way to get fetchmail/procmail to work without the need for an open SMTP port?
You can do it with procmail, if you have something like fetchmail getting your mail for you, but I don't know where NS likes to look for mail.
It's been a while since I've seen procmail, but judging by this entry :
:0 f * ^From:.*@hotmail\.com |/home/iwarford/bin/strip_hotmail_ads.pl
I could do a fairly simple perl script that would do a switch on the email address, and play a sound based on it.
i.e.
in procmailrc :
:0 f * ^From:.*@.* |/home/iwarford/bin/email_sounds.pl
in the perl script :
#!/usr/bin/perl # email_sounds.pl
my $email = <STDIN> $email = s/From[: ]*//;
sub play_sound { ... }
SWITCH: { if ($email=~/mom\@hotmail\.com/) then { play_sound("mom.wav"); last SWITCH; } if ($email=~/girlfriend\@hotmail\.com/) then { play_sound("gf.wav"); last SWITCH; } }
or something more complex, depending on your tastes.
Well, raw meat from the supermarket is generally bad because it's been dead for hours or days, and had time to get bacteria infesting it. This isn't how we ate meat when we were animals =)
What you should be asking, is "do we go out, kill an animal, and eat it's raw meat off the bone?". That wouldn't be nearly as bad for you as eating raw processed supermarket meat.
The problem arises when more than just websites are run by the ASP model.
The original intention of the GPL was to prevent a situation in which you have data, and because of limitations of the software that created/used that data, at some point in the future you loose access to that data. Imagine, if you had a bunch of files in some old word processing format from the 80's (PFS Write or something like that) - the only legal way to make use of that data would be to buy a copy of that software, which by now would be completley unavailable. So, you'd have to resort to illegal methods, assuming it was possible at all.
Flash forward to the 2010's - you are using a wordprocessor on an ASP's site to edit your work. Let's say you can get access to your files stored on there, but suddenly the company goes belly up. What happens to your data? The software that the ASP was running is completley unavailalbe to you.
The GPL was created to make sure that if you used a Free program to create your data, you'd always be able (one way or another) to have access to a way to interpret it. The question people are asking now is how can we assure the user of an ASP service that they will always be able to have access to the data that they use an ASP's application to manipulate.
(This problem encompasses more than just the software - there are also issues regarding access to the data. But if you could get your data off of an ASP, how could you be guaranteed that you could manipulate it without them?)
Note that this really isn't an issue with most current websites, but as web-based applications become more complex, I'm sure it will be one.
That's not the point. The point is that the person using and modifying the software package never has to redistribute it - so the GPL doesn't apply. There is nothing forcing them to make thier changes available if they just execute it on thier servers.
Aside from the (-1, Offtopic) nature of this rant, how is this different from movies?
If a parent found thier child watching an R-rated movie that they either picked up for them mistakenly (not knowing that it was as bad as it was), or the child picked up for themselves, we would expect a similar outcome (and not really take any special notice, either).
This is just about video games being treated like movies - and really, why shouldn't they be? It's about having sufficent warning so that parents can make informed decisions, and not allowing the children to make those decisions without thier parents consent.
How do you, as a parent, intend to 'control what your kid sees' (as everyone here wants every parent to do), if they're allowed to walk into a movie/game store and buy whatever the hell they want?
As for the animal slant, talk about focusing on an irrelevant point. Anyway, as a parent, would you really be comfortable with your kid looking at stuff like this.
Slashdot Mirror
You're forgetting something - the half-life of web applications is frighteningly small.
Websites tend to get rewritten and redesigned every year or so in order to stay 'fresh'.
Slashdot is interested in getting people worked up because when people are worked up, they post a larger number of interesting comments. In theory.
Which, of course, translates into a higher number of page/banner views. Not only by the people waging the flamewar, but by the thousands of observers.
They probably see a revenue spike whenever a 1000-comment article gets postes. Can you really blame them? After all, they're just doing the good ol stimulus response dance. No point in being any better than that...
So the quotes from the bible were tarnishing the reputation/diluting the trademark of the soccer team? Would that imply that they're a bunch of evil bastards? =)
Fine, it's not a fake, I was wrong.
I can't help being a cynic, especially in a situation in which one site was the sole source of this news.
I still think that press release was faked, though. No sane company would write that.
Is resusable code *really* that great?
There are a few key things which need to be reusable (system libraries, toolkits, and specifically designed embeddable widgets (an HTML renderer, et al)), and as such are reusable.
The reusability of code is a programmer issue, not a technical one. If you want to write code that can be intelligently reused in another application, you have to design the objects involved appropratley. If you want to reuse it, you can right now - drop it in a gtk or, hell, you could put a Motif widget wrapper around it (as jwz was in the process of doing to XEmacs at one point). If you don't want to, is it really worth reusing anyway?
Or even wireframe *only* rendering?
Okay, after doing a bit of research, it's not as easy as a cvar. However, with access to the maps, it would be fairly trivial to recompile them to have no visibility information (so the game will actually draw the things which you don't see - which does bring up an interesting point - how could that wireframe hack work at the driver level? the information to draw a Person You Can't See is never sent to the graphics card in the first place....? This is probably the most damming point =)).
From here, setting r_showtris = 1 will show you all the polygon edges. For a screenshot, check out http://www.planetquake.com/lmctf/q3 preview.html. This would provide the wireframe effect.
For transparent textures, just add 50% alpha to all the textures in the game. I know this is easy with Q3.
So, Q3, being the emminently hackable game that it is, seems to be the only engine in site when it comes to demoing this 'driver hack'.
1) the half life pic has nothing to do with the drivers, just a 'modeling program' he found (which, of course, he doesn't substantiate either).
2) Star Trek : Elite Force is a quake 3 engine game.
3) It's also possible he found a hacked driver, and is making up the whole ASUS connection to get hits.
*shrug*
but this whole thing looks like a pile of bullshit.
* Is there any confirmation of this outside of this guy's site? Does anyone here actually have said drivers?
* Go to ASUS's site, and read press releases by Mr. Tsang - he is much more articulate in them than he is in the press release on Riva Station (which, coincidentally, is NOWHERE on ASUS' site).
* The Wireframe screenshots were, also coincidentally, taken *both* in the Q3 engine, which happens to have a wireframe cvar you can use if cheats are enabled.
* This just screams 'page hit scam'.
Did I miss anything?
My point is is that this bug has nothing to do with thier security model or thier philosophy, regardless of how much you want to innovate new ways to hate them.
It's a buffer overflow in the Date: field. A bug. Pure and simple. Not the result of a design decision, or a philosophy. There have these bugs in pretty much every major software package written in C/C++. It's only news here because
This is the man p... err, help document for the utility used to alter the behaviour of System File Protection.
What I would guess, is that when you install software as Administrator, in which case the installer would run this after the software was installed - so that the definitions of Protected Files in the database gets updated, and the new versions cached. You wouldn't be able to do this as a normal user... I guess, anyway. I don't see how this would affect IE fixing Outlook's bug.
It's not an answer, but it should shed some light on the matter.
Now I'll sit here and wait for MS's lawyers to come at
System File Checker
System File Checker (sfc.exe) is a command line utility that scans and verifies the versions of all protected system files after you restart your computer. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file.
Syntax:
sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/quiet] [/enable] [/purgecache] [/cachesize=x]
Parameters:
/scannow
Scans all protected system files immediately.
Scans all protected system files once.
Scans all protected system files every time the computer is restarted.
Cancels all pending scans of protected system files.
Replaces all incorrect file versions without prompting the user.
Returns Windows File Protection to default operation, prompting the user to restore protected system files when files with incorrect versions are detected.
Purges the Windows File Protection file cache and scans all protected system files immediately.
Sets the size, in MB, of the Windows File Protection file cache.
Notes
You must be logged on as an administrator or as a member of the Administrators group to run System File Checker.
If the %systemroot%\system32\dllcache folder becomes corrupt or unusable, use Sfc
You have to remember something though - we only have 4 IDE connectors. You can't just toss an arbitrary number of IDE drivers in there.
Still, you have a point.
Do you have any idea what a buffer overflow actually is?
Basically, you fill a fixed-size array with enough data so that you overwrite other parts of the program, do some magic (which is somewhat explained here), and then get the program to execute some arbitrary code of your own writing. Developing said code (i.e. actually writing the exploit) generally takes time, and is limited to one software/os/platform/version combination.
This has *no* relation to how the code is initially written.
A program which reads one line of code from the user, saves it to a fixed sized buffer, and then prints it out is vulnerable to a buffer overflow.
Thought.
- Mac OS Rumours is commonly abbreviated MOSR.
- There is a (relatively) famous, umm, 'porn' (I guess) actress named Veronica Moser, whose specialty appears to be oral consumption of fecal matter.
Could the name of the site be a subtle dig at the ones reading it...? =)
Deja doesn't render HTML in usenet posts. < is converted to < etc.
Please refrain from further metaphors equating urine (or any other form of excrement) with food (or drink) in your future postings to Slashdot.
It's a good thing you don't drink american beer then. (judging by your dietary preference, I'd wager a guess that you aren't a fan of the american be... err, rancid cow urine.)
The goverenment takes children away because of poverty?
news to me.
*One* reply is all that is needed to answer his question, yet I see like 7 here, all saying the same thing in less than a line.
I know you get an adrenaline rush when you see a question to which you know the answer, but *please*, just spare us the repetition.
Even if you don't use something that can specify the transport agent to use, it's possible to replace /usr/bin/mail with fetchmail, or to use it in .forward.
.forward, just using fetchmail to get it.
s/fetchmail/procmail/ ?
Anyway, I do specify procmail in my
BTW, do you know if there is any way to get fetchmail/procmail to work without the need for an open SMTP port?
You can do it with procmail, if you have something like fetchmail getting your mail for you, but I don't know where NS likes to look for mail.
It's been a while since I've seen procmail, but judging by this entry :
:0 f
* ^From:.*@hotmail\.com
|
I could do a fairly simple perl script that would do a switch on the email address, and play a sound based on it.
i.e.
in procmailrc :
:0 f
* ^From:.*@.*
|
in the perl script :
#!/usr/bin/perl
# email_sounds.pl
my $email = <STDIN>
$email = s/From[: ]*//;
sub play_sound {
}
SWITCH:
{
if ($email=~/mom\@hotmail\.com/) then { play_sound("mom.wav"); last SWITCH; }
if ($email=~/girlfriend\@hotmail\.com/) then {
play_sound("gf.wav"); last SWITCH; }
}
or something more complex, depending on your tastes.
Oh, wait.... you were running NT....
Well, raw meat from the supermarket is generally bad because it's been dead for hours or days, and had time to get bacteria infesting it. This isn't how we ate meat when we were animals =)
What you should be asking, is "do we go out, kill an animal, and eat it's raw meat off the bone?". That wouldn't be nearly as bad for you as eating raw processed supermarket meat.
Now I have a desire to try this....
The problem arises when more than just websites are run by the ASP model.
The original intention of the GPL was to prevent a situation in which you have data, and because of limitations of the software that created/used that data, at some point in the future you loose access to that data. Imagine, if you had a bunch of files in some old word processing format from the 80's (PFS Write or something like that) - the only legal way to make use of that data would be to buy a copy of that software, which by now would be completley unavailable. So, you'd have to resort to illegal methods, assuming it was possible at all.
Flash forward to the 2010's - you are using a wordprocessor on an ASP's site to edit your work. Let's say you can get access to your files stored on there, but suddenly the company goes belly up. What happens to your data? The software that the ASP was running is completley unavailalbe to you.
The GPL was created to make sure that if you used a Free program to create your data, you'd always be able (one way or another) to have access to a way to interpret it. The question people are asking now is how can we assure the user of an ASP service that they will always be able to have access to the data that they use an ASP's application to manipulate.
(This problem encompasses more than just the software - there are also issues regarding access to the data. But if you could get your data off of an ASP, how could you be guaranteed that you could manipulate it without them?)
Note that this really isn't an issue with most current websites, but as web-based applications become more complex, I'm sure it will be one.
have you ever tried eating raw meat, the way every other omnivore/carnivore eats meat in the wild?
mmm.... sashimi...
That's not the point. The point is that the person using and modifying the software package never has to redistribute it - so the GPL doesn't apply. There is nothing forcing them to make thier changes available if they just execute it on thier servers.
Aside from the (-1, Offtopic) nature of this rant, how is this different from movies?
If a parent found thier child watching an R-rated movie that they either picked up for them mistakenly (not knowing that it was as bad as it was), or the child picked up for themselves, we would expect a similar outcome (and not really take any special notice, either).
This is just about video games being treated like movies - and really, why shouldn't they be? It's about having sufficent warning so that parents can make informed decisions, and not allowing the children to make those decisions without thier parents consent.
How do you, as a parent, intend to 'control what your kid sees' (as everyone here wants every parent to do), if they're allowed to walk into a movie/game store and buy whatever the hell they want?
As for the animal slant, talk about focusing on an irrelevant point. Anyway, as a parent, would you really be comfortable with your kid looking at stuff like this.
You're forgetting something. Solaris, AIX, etc - all the high priced propriatery unices run on similarly high priced hardware.
SCO runs on x86 hardware. Only.