I have done a ton of work with Office 12 and users, and the curve isn't as bad as you think, I swear. It looks like it will be, but I was really impressed with how fast everyone got the ribbon bar.
Seriously, though, the fact that he overlooked the OpenDocument blows me away. You can now construct an Office document on the server that can be read by several different software suites - including Microsoft - with out invoking a black box. Might... just... change... everything.
So what are you doing to find the similarities between languages? It would seem that if I searched for an Italian word, I would get the Latin root and them the related languages. This is more than a dictionary this is 65,000 years of human history, if you so allow it!
Today we posted updated information to http://www.microsoft.com/security/incident/aspnet. mspx with additional information about the nature of the reported vulnerability and an additional mitigation best practice. Our additional guidance is an HTTP Module that you can install onto a server that will mitigate all ASP.NET applications on the box and protect them against canonicalization issues we knew about at the time of publication. This is easier then updating the global.asax for each application and if you are dealing with a whole lot of servers much easier to deploy. You can grab the MSI installer for the HTTP Module at http://www.microsoft.com/downloads/details.aspx?Fa milyId=DA77B852-DFA0-4631-AAF9-8BCC6C743026.
OK, I am an independant programmer that writes most of my code in ASP.NET. I'll give a taste of what this does to people like me.
Remember, there are actually TWO vunerabilities that affect programmers in Microsoft right now - the GDI+ JPEG overflow and the new canonicalization overflow. Microsoft has fixed neither effectively, so the coders have to fix both.
I manage eleven ASP.NET sites and five C# Windows Forms applications. Between those sixteen apps, I need to:
- load them up in Visual Studio - Go back to the last stable build in SourceSafe - fix the reference to GDI+ - add the mappath check to the Global.asax file - munge the global error handler so I don't get 12,434 error emails when the hacks start coming - compile - regression test the app - redeploy
Now, admittedly, that only took about 20 hours for all 16 apps, but for CRYING OUT LOUD can't they just test this stuff BEFORE they send it out? I have the highest respect for the ASP.NET team, I have worked with many of them on the many books I have written on the topic. Nonetheless, I now have to spend 12 precious, non-billable hours on a problem that is covered at length in 'the bible' - Howard and LeBlanc's Writing Secure Code 2.
Why do I write in ASP.NET? It is FAST - much much much faster than Java or perl or CF any other middleware out there. It is perfect for what I do. But how many of these are there? How many security flaws that the black hats know about that we don't?
1) they are talking about Total Cost of Ownership (TCO), not the price of the software. TCO is hard to measure. It includes hiring flunkies and MS flunkies are cheaper than Linux flunkies. Of course, you need fewer.
2) you need more than the server OS, you need database, groupware, developer tools and workstations. While Linux is free, Oracle isn't.
... IM providers are NOT joining forces... IM convergence would mean...
Note that I did NOT say IM convergence. I DID say they are joining forces. They are. Despite all of the vitrol, reality has forced them to hold hands and play nice. I'm sure the ability to send a message from one platform to another using a common P2P platform is not far off, despite your claims.
How exactly is Google making a gMail messenger any different from MSN mesenger, or Yahoo messenger? All great brands, all good technology. Will it be better because you like Google more? Don't get me wrong, I like Google too, but how will a fourth standard make it any better?
From our (the developer's) perspective, it is different. From the User's perspective, it is the same. That's what I was going for. But your point is taken.
Point taken. It is Sun people doing much of the work, though, and is largely built around the Java language, which is Sun controlled. But you are right, it is The Man versus The People, I suppose.
I hate to disagree, but everyone who uses MSN Messenger has a passport. That's what, 2 million users? Not an insignificant start. I remember when Netscape had two million users and people said the browser wars were over...
Actually, I have had two laptop LCDs and one handheld LCD replaced there over the last seven years, no questions asked. Also two motherboards and one complete machine replacement.
Not to disagree with the rant on Best Buy - I hate the heavy handed selling and the attitudes too, but I have had nothing but good experiences, especially with the laptops and the PSP
Remember that the one year's manufacturer warrenty is often only in effect if you mail it back to the manufacturer, and the PSP gives you the ability to have it worked on in the store. Generally, I have made money on the PSPs, spent around $990 on them over the years, and have had about $5,895 worth of work done, all of it long after the manufacturer's warrenty has expired.
The best stress tester was a company called Envive, which was a distributed attack sort of focus, with server time and space all over the world. You write a script, and then can watch the attack from a web browser. Proof positive that Siege is more popular though - they went out of business.
And better the stores doing it than the government. Sounds like one of those: "Well, the stores didn't fulfill their duty to the consumer, so WE'D like those records, please..."
All it takes is/one/ desktop (or suite of software options) to make it easy for these users -- perhaps it doesn't exist yet, but when it does, it can be used, even by the majority of users, regardless of whether or not there are other options.
That is wrong. A working office suite is not enough. Linux needs a group to work with manufacturers so that average hardware comes with a Linux driver disk, and had web driven upgrades. This is a massive undertakung. I am writing this on a TouchStream keyboard - the FIRST device I have ever bought with Linux drivers in the box - and I an your average geek - I buy lots of toys.
How are we going to keep track, though? Wear a watch that beeps when there is an internet connection nearby, and stop and check out email? Is there going to be a list? Hell, I can't even find an accurate list of the coffehouses in Columbus that have WiFi!!!
We could handle it like they do the rat mazes, and give the user a little giftie when they have voted, like their "I Voted Today" sticker (or a piece of cheese, I s'pose). Then poll workers might be able to tell if they didn't get it right, and the user would feel fulfilled in the process!
Slashdot Mirror
I have done a ton of work with Office 12 and users, and the curve isn't as bad as you think, I swear. It looks like it will be, but I was really impressed with how fast everyone got the ribbon bar.
... just ... change ... everything.
Seriously, though, the fact that he overlooked the OpenDocument blows me away. You can now construct an Office document on the server that can be read by several different software suites - including Microsoft - with out invoking a black box. Might
S
And when will people learn the difference between possessive and plural?
the two Mark's set out
Does nothing in Firefox except scale to 8%. What's it supposed to do again? It IS just a beige box.
So what are you doing to find the similarities between languages? It would seem that if I searched for an Italian word, I would get the Latin root and them the related languages. This is more than a dictionary this is 65,000 years of human history, if you so allow it!
Oh, and IMNAL - I am not a linguist.
There has been an update by bgold:
. mspx with additional information about the nature of the reported vulnerability and an additional mitigation best practice. Our additional guidance is an HTTP Module that you can install onto a server that will mitigate all ASP.NET applications on the box and protect them against canonicalization issues we knew about at the time of publication. This is easier then updating the global.asax for each application and if you are dealing with a whole lot of servers much easier to deploy. You can grab the MSI installer for the HTTP Module at http://www.microsoft.com/downloads/details.aspx?Fa milyId=DA77B852-DFA0-4631-AAF9-8BCC6C743026.
Today we posted updated information to http://www.microsoft.com/security/incident/aspnet
FYI...
S
That would be WONDERFUL.
Aside frthe fact that they are on 11 different machines, on 11 domains, behind 11 firewalls.
S
Not when they are my problems. But for a broken product? You bet! I whine like crazy!
OK, I am an independant programmer that writes most of my code in ASP.NET. I'll give a taste of what this does to people like me.
Remember, there are actually TWO vunerabilities that affect programmers in Microsoft right now - the GDI+ JPEG overflow and the new canonicalization overflow. Microsoft has fixed neither effectively, so the coders have to fix both.
I manage eleven ASP.NET sites and five C# Windows Forms applications. Between those sixteen apps, I need to:
- load them up in Visual Studio
- Go back to the last stable build in SourceSafe
- fix the reference to GDI+
- add the mappath check to the Global.asax file
- munge the global error handler so I don't get 12,434 error emails when the hacks start coming
- compile
- regression test the app
- redeploy
Now, admittedly, that only took about 20 hours for all 16 apps, but for CRYING OUT LOUD can't they just test this stuff BEFORE they send it out? I have the highest respect for the ASP.NET team, I have worked with many of them on the many books I have written on the topic. Nonetheless, I now have to spend 12 precious, non-billable hours on a problem that is covered at length in 'the bible' - Howard and LeBlanc's Writing Secure Code 2.
Why do I write in ASP.NET? It is FAST - much much much faster than Java or perl or CF any other middleware out there. It is perfect for what I do. But how many of these are there? How many security flaws that the black hats know about that we don't?
It's a little frustrating.
S
RTFA.
"An exception is if an athlete has a personal Web site that they did not set up specifically for the Games."
Because:
1) they are talking about Total Cost of Ownership (TCO), not the price of the software. TCO is hard to measure. It includes hiring flunkies and MS flunkies are cheaper than Linux flunkies. Of course, you need fewer.
2) you need more than the server OS, you need database, groupware, developer tools and workstations. While Linux is free, Oracle isn't.
3) supported Linux distros aren't free.
S
... IM providers are NOT joining forces ... IM convergence would mean ...
Note that I did NOT say IM convergence. I DID say they are joining forces. They are. Despite all of the vitrol, reality has forced them to hold hands and play nice. I'm sure the ability to send a message from one platform to another using a common P2P platform is not far off, despite your claims.
How exactly is Google making a gMail messenger any different from MSN mesenger, or Yahoo messenger? All great brands, all good technology. Will it be better because you like Google more? Don't get me wrong, I like Google too, but how will a fourth standard make it any better?
From our (the developer's) perspective, it is different. From the User's perspective, it is the same. That's what I was going for. But your point is taken.
Point taken. It is Sun people doing much of the work, though, and is largely built around the Java language, which is Sun controlled. But you are right, it is The Man versus The People, I suppose.
S
I hate to disagree, but everyone who uses MSN Messenger has a passport. That's what, 2 million users? Not an insignificant start. I remember when Netscape had two million users and people said the browser wars were over ...
S
Actually, I have had two laptop LCDs and one handheld LCD replaced there over the last seven years, no questions asked. Also two motherboards and one complete machine replacement.
Not to disagree with the rant on Best Buy - I hate the heavy handed selling and the attitudes too, but I have had nothing but good experiences, especially with the laptops and the PSP
Remember that the one year's manufacturer warrenty is often only in effect if you mail it back to the manufacturer, and the PSP gives you the ability to have it worked on in the store. Generally, I have made money on the PSPs, spent around $990 on them over the years, and have had about $5,895 worth of work done, all of it long after the manufacturer's warrenty has expired.
Or perhaps it means he knows exactly what he is talking about.
But don't mind me, I've had a bottle of wine tonight. Site design brings that out in me.
... why the Federal Government was making Macromedia Cold Fusion a web standard after reading that headline? Or an I just a web geek?
S
The best stress tester was a company called Envive, which was a distributed attack sort of focus, with server time and space all over the world. You write a script, and then can watch the attack from a web browser. Proof positive that Siege is more popular though - they went out of business.
Bah! I wrote a voice operated BBS in Assembler for the Apple IIe in 1985!
And better the stores doing it than the government. Sounds like one of those: "Well, the stores didn't fulfill their duty to the consumer, so WE'D like those records, please..."
All it takes is /one/ desktop (or suite of software options) to make it easy for these users -- perhaps it doesn't exist yet, but when it does, it can be used, even by the majority of users, regardless of whether or not there are other options.
That is wrong. A working office suite is not enough. Linux needs a group to work with manufacturers so that average hardware comes with a Linux driver disk, and had web driven upgrades. This is a massive undertakung. I am writing this on a TouchStream keyboard - the FIRST device I have ever bought with Linux drivers in the box - and I an your average geek - I buy lots of toys.
Ritalin is NOT speed for kids. Trust me, I have seen my nephew take it for years. it's a downer before puberty.
How are we going to keep track, though? Wear a watch that beeps when there is an internet connection nearby, and stop and check out email? Is there going to be a list? Hell, I can't even find an accurate list of the coffehouses in Columbus that have WiFi!!!
We could handle it like they do the rat mazes, and give the user a little giftie when they have voted, like their "I Voted Today" sticker (or a piece of cheese, I s'pose). Then poll workers might be able to tell if they didn't get it right, and the user would feel fulfilled in the process!
S
Didn't hear from the Martian Defense Minister or anything. Actually heard about it while listening to SportsCenter. How about that.
S