It's really amazing! I'm listening to section 4.1 right now. It sounds like a complete orchestra making very long, slowly changing notes, such as background music for a movie.
I guess LoTR will use it when the final 6+n hour long LoTR DVD is released?:)
It's not a bug, it's a feature! That's what Microsoft says anyway... It's been known for YEARS that if you click on a url in Outlook Express it is opened in Internet Explorer, despite Mozilla being default in my case.
What? How come almost all products have ONE year warranty? And I'm not just talking about computer stuff. Matrox hard drives are sold with a one year warranty here in Finland.
Unfortunately the DMCA prevents this document being issued to US citizens. This document is a copyrighted work. The authors choose to exercise their first distribution rights to prohibit the distribution of this work in the United States Of America, its dependancies, embassies and anywhere else under US law.
Redistibuting this document in the USA may be a criminal offence under the Digital Millenium Copyright Act with punishment including jail sentences. Attempting to test these holes in the USA, even with the permission of the system owner may be an offence. Discussing this document with a US citizen may be an offence.
This document is made available for free without warranty or other right of recourse implied or otherwise. No statement save one in writing by the owner of the copyright changes this usage agreement. Any export download is at your own risk and liability.
There is no other user agreement, should your local law make such an agreement invalid you are prohibited from using this document, and may be committing an offence by redistributing it.
NO WARRANTY
BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-- END LEGALESE --
Security Holes Fixed In Linux 2.4.19
None of the holes documented here are remote. All these problems were uncovered by auditing and there are no current exploits available. In the interest of openness and ensuring people are aware of the security fixes they are documented.
- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory
- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present
- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present
- The/proc/slabinfo file could exceed a buffer size and cause
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption
- By setting the TF flag a carefully constructed binary could hang
the kernel dead
- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit
- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur
- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)
- The rt_cache_proc file could be tricked into returning chunks of
kernel data.
- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.
- Multiple/proc files could be persuaded to dump kernel data
due to a sanity checking bug in the proc file handlers
- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions
We also fixed problems that required privileges to exploit. These affected the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file system, the ewrk3 network driver, module loading, the microcode driver and vm86. We document these in the interest of completeness.
Finally on a -ac based tree with PnPBIOS enabled a problem existed in some quite common BIOS implementations that causes a crash when certain 32bit BIOS calls are made. This allowed users to crash some systems by reading files in/proc. These files are now root private. The base tree is not affected as it lacks PnPBIOS support
Credits
The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen, Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a more secure kernel.
+/* If the user set TF, it's simplest to clear it right away. */ + if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK)) + goto clear_TF; +/* Mask out spurious debug traps due to lazy DR7 setting */
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])
Here is a paper about how frozen methane may offer hope as alternate fuel
Link to the pop-up blocking...
on
Netscape 7.0 is Out
·
· Score: 3, Informative
http://ufaq.org/files/adblocker.xpi
I have not tried it with the final version of Netscape 7, but it should work unless they've blocked it some how.
Mozillazine has more info...
on
Netscape 7.0 is Out
·
· Score: 5, Informative
So that you wont have to/. mozillazine.org here's the text with links:
Netscape Communications Corporation today launched the final version of Netscape 7.0. This latest release is based on Mozilla 1.0.1, making it the first Netscape browser to be built upon post-1.0 code. The new version boasts several enhancements over the 0.9.4-based Netscape 6.2, including tabbed browsing, the ability to save complete web pages, print preview, site icons (Favicons), a download manager, full screen mode (Windows only), Quick Search within Mail Newsgroups and Address Book, return receipts, mail labels, (Secure Multipurpose Internet Mail Extensions) S/MIME mail encryption, CSS support in Composer and one-click web page publishing.
Netscape 7.0 also has several features not found in Mozilla. These include the ability to access Netscape Webmail and AOL accounts directly from within Mail Newsgroups, a button to easily toggle the display of My Sidebar in Navigator and P3P (Platform for Privacy Preferences) support for automated cookie handling. Improved instant messaging features including file transfers, Buddy Alerts and Buddy Icons are provided by AOL Instant Messenger for Netscape and ICQ for Netscape. There's also a round throbber with a cool animation.
When the RIAA comes and demands they cut off access to warez.org, they'll be in less of a position to say they can't/don't do content-based filtering. In for a penny, in for a pound; this may be shooting themselves in the foot.
How so? The RIAA has cleary stated that THEY WILL actively attack P2P users on any computer that is distributing music. They are protecting users here, not filtering.
Okay, so let's say I've bought 20-30 licenses for Windows 2000. So far each computer I've ordered from Dell has been w/o a license.
Now then, I order another 30 licenses for Windows 2000 because Microsoft has decided to dump the sale of W2K. Do I get my money back from Microsoft after I get a new license from Dell with the new computers?
Has anyone else noticed that you cannot authenticate with Passport if you are using Mozilla! I get the following error with Mozilla 1.0 Browser Not Supported Microsoft®.NET Passport no longer supports the Web browser version you are using. Please upgrade to a current Web browser, such as Microsoft Internet Explorer version 4.0 or later, or Netscape Navigator version 4.08 or later.
It used to work just fine, oh well... guess they don't think that Mozilla is worth supporting.
that in India there is 1,000,000,000 people. That's roughly 1/6th of the worlds population.
Okay, so all of them wont be surfing the internet. But even if 10% would that would still be 100,000,000 and imagine if only 10% of those would be surfing MSN , eBay or Yahoo! that would be 10,000,000. I bet that's worth paying for.
What about artificial (sp?) gravity? Anti Gravity is usefull to get stuff into orbit and to help disabled people not to mention commercial use in general.
But what about artificial gravity? Once we get into space zero-gravity is a problem. Do you just rotate it to the left instead of right or vice-versa?
Slashdot Mirror
I guess LoTR will use it when the final 6+n hour long LoTR DVD is released?
It's not a bug, it's a feature! That's what Microsoft says anyway... It's been known for YEARS that if you click on a url in Outlook Express it is opened in Internet Explorer, despite Mozilla being default in my case.
:)
So consider it a feature!
For those of you who are interested, here is a link to the new roadmap
source: mozillazine.org
Don't forget about 3.11 - it comes with networking support, oh wait... ;)
it's a joke, laugh
Will this new processor let me have my laptop on my lap without burning my penis like this guy did
http://www.rfid.org/
yes, I am karma whoring!
What? How come almost all products have ONE year warranty? And I'm not just talking about computer stuff. Matrox hard drives are sold with a one year warranty here in Finland.
-- LEGALESE --
/proc/slabinfo file could exceed a buffer size and cause
/proc files could be persuaded to dump kernel data
/proc. These files are now root private. The base tree is not
/usr/src/exclude linux.20pre1/arch/i386/kernel/traps.c linux.20pre1-ac1/arch/i386/kernel/traps.c
/* If the user set TF, it's simplest to clear it right away. */ /* Mask out spurious debug traps due to lazy DR7 setting */
PLEASE READ FIRST.
Unfortunately the DMCA prevents this document being issued to US citizens.
This document is a copyrighted work. The authors choose to exercise their
first distribution rights to prohibit the distribution of this work in the
United States Of America, its dependancies, embassies and anywhere else
under US law.
Redistibuting this document in the USA may be a criminal offence under the
Digital Millenium Copyright Act with punishment including jail sentences.
Attempting to test these holes in the USA, even with the permission of the
system owner may be an offence. Discussing this document with a US citizen
may be an offence.
This document is made available for free without warranty or other right of
recourse implied or otherwise. No statement save one in writing by the owner
of the copyright changes this usage agreement. Any export download is at your
own risk and liability.
There is no other user agreement, should your local law make such an
agreement invalid you are prohibited from using this document, and may be
committing an offence by redistributing it.
NO WARRANTY
BECAUSE THE DOCUMENT IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE DOCUMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE DOCUMENT IS WITH YOU. SHOULD THE
DOCUMENT PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE DOCUMENT AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE DOCUMENT (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE DOCUMENT TO OPERATE WITH ANY OTHER
DOCUMENTS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
-- END LEGALESE --
Security Holes Fixed In Linux 2.4.19
None of the holes documented here are remote. All these problems were
uncovered by auditing and there are no current exploits available. In
the interest of openness and ensuring people are aware of the security
fixes they are documented.
- If the Stradis driver is loaded (hardware must be present) a
maths overflow allowed the user to scribble into kernel memory
- It was possible to feed the SE401 USB hardware driver signed
values and fool kernel checks. This requires the hardware is
present
- The usbvideo driver could be fooled due to a maths overflow corner
case. This requires drivers to be present
- The
corruption of the kernel. This is really beyond user control but
if it occurs then the user can trigger the corruption
- By setting the TF flag a carefully constructed binary could hang
the kernel dead
- By misusing the rlimit resource limits it was possible to avoid
acct data being written on your process exit
- The joystick driver had erroneous copies in obscure ioctl cases
that could be used to patch the kernel as any user. Hardware
must be present and the module loaded for this vulnerability
to occur
- Multiple errors in the vm86 handling allowed users to force an
"Oops" from the kernel and in some cases to corrupt kernel data.
An additional small fix is needed for 2.4.19 but not 2.4.19-ac
(see bottom)
- The rt_cache_proc file could be tricked into returning chunks of
kernel data.
- On a system with over 1Gb of RAM the loop driver could in some
cases fail and expose kernel data. This is not under user control.
On 2.4.19 the loop driver works fine with large memory systems.
- Multiple
due to a sanity checking bug in the proc file handlers
- The XMM SSE registers were not always cleared for new processes
and could expose data from a different task. While it was not
possible to modify another tasks registers there is a small risk
because some cryptographic systems have XMM acceleration functions
We also fixed problems that required privileges to exploit. These affected
the IBM S/390 dasd driver, Openprom on Sparc systems, the Intermezzo file
system, the ewrk3 network driver, module loading, the microcode driver and
vm86. We document these in the interest of completeness.
Finally on a -ac based tree with PnPBIOS enabled a problem existed in some
quite common BIOS implementations that causes a crash when certain 32bit
BIOS calls are made. This allowed users to crash some systems by reading
files in
affected as it lacks PnPBIOS support
Credits
The authors would like to thank Silvio Cesare, Stas Sergeev, Andi Kleen,
Alan Cox, Solar Designer, and many others for their work on making 2.4.19 a
more secure kernel.
-- Additional Required Patch --
diff -u --new-file --recursive --exclude-from
--- linux.20pre1/arch/i386/kernel/traps.c 2002-08-06 15:40:50.000000000 +0100
+++ linux.20pre1-ac1/arch/i386/kernel/traps.c 2002-08-06 15:42:19.000000000 +0100
@@ -305,8 +319,13 @@
static void inline do_trap(int trapnr, int signr, char *str, int vm86,
struct pt_regs * regs, long error_code, siginfo_t *info)
{
- if (vm86 && regs->eflags & VM_MASK)
- goto vm86_trap;
+ if (regs->eflags & VM_MASK) {
+ if (vm86)
+ goto vm86_trap;
+ else
+ goto trap_signal;
+ }
+
if (!(regs->xcs & 3))
goto kernel_trap;
@@ -514,10 +533,15 @@
{
unsigned int condition;
struct task_struct *tsk = current;
+ unsigned long eip = regs->eip;
siginfo_t info;
__asm__ __volatile__("movl %%db6,%0" : "=r" (condition));
+
+ if ((eip >=PAGE_OFFSET) && (regs->eflags & TF_MASK))
+ goto clear_TF;
+
if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
if (!tsk->thread.debugreg[7])
On what planet are you on?
DVD is no where near as popular as VHS! It will take years before VHS is even considered to be dropped.
According to the MPAA they sold over 639 million pre-recorded videocasettes in 2001.
And don't forget about BSD either. Today we could prove to all the trolls ones and for all that BSD isn't dead yet :D
"I think there is a world market for maybe five computers." -- Thomas Watson Senior, Chairman of IBM, 1943
If anyone is wondering, the link is http://web.mit.edu/ocw/ . It can also be found at www.mit.edu just press the OpenCourseWare link.
Yeah well, that doesn't work for everyone! Look at Bill Gates - no hot chicks
A site with more information is here.
Here is a paper about how frozen methane may offer hope as alternate fuel
http://ufaq.org/files/adblocker.xpi
I have not tried it with the final version of Netscape 7, but it should work unless they've blocked it some how.
So that you wont have to /. mozillazine.org here's the text with links:
Netscape Communications Corporation today launched the final version of Netscape 7.0. This latest release is based on Mozilla 1.0.1, making it the first Netscape browser to be built upon post-1.0 code. The new version boasts several enhancements over the 0.9.4-based Netscape 6.2, including tabbed browsing, the ability to save complete web pages, print preview, site icons (Favicons), a download manager, full screen mode (Windows only), Quick Search within Mail Newsgroups and Address Book, return receipts, mail labels, (Secure Multipurpose Internet Mail Extensions) S/MIME mail encryption, CSS support in Composer and one-click web page publishing.
Netscape 7.0 also has several features not found in Mozilla. These include the ability to access Netscape Webmail and AOL accounts directly from within Mail Newsgroups, a button to easily toggle the display of My Sidebar in Navigator and P3P (Platform for Privacy Preferences) support for automated cookie handling. Improved instant messaging features including file transfers, Buddy Alerts and Buddy Icons are provided by AOL Instant Messenger for Netscape and ICQ for Netscape. There's also a round throbber with a cool animation.
Netscape 7.0 can be downloaded from Netscape's web site or FTP server. More details can be found at Netscape Browser Central or in the Release Notes.
Are we talking about MS02-045 ? If you really MUST supply a link to the attack tool you should AT LEAST supply a link to the fix as well!
How so? The RIAA has cleary stated that THEY WILL actively attack P2P users on any computer that is distributing music. They are protecting users here, not filtering.
Correct me if I'm wrong.
(Original) http://ufaq.org/files/adblocker.xpi
Pleas post mirrors in this thread.
It's Tuesday, so today we love AOL. On Mondays, Wednesday and Fridays we hate AOL. But on Tuesday and Thursday we love AOL.
;)
On weekends we are neutral! Hope this clears things up
Okay, so let's say I've bought 20-30 licenses for Windows 2000. So far each computer I've ordered from Dell has been w/o a license.
Now then, I order another 30 licenses for Windows 2000 because Microsoft has decided to dump the sale of W2K. Do I get my money back from Microsoft after I get a new license from Dell with the new computers?
Has anyone else noticed that you cannot authenticate with Passport if you are using Mozilla!
.NET Passport no longer supports the Web browser version you are using. Please upgrade to a current Web browser, such as Microsoft Internet Explorer version 4.0 or later, or Netscape Navigator version 4.08 or later.
I get the following error with Mozilla 1.0
Browser Not Supported
Microsoft®
It used to work just fine, oh well... guess they don't think that Mozilla is worth supporting.
that in India there is 1,000,000,000 people. That's roughly 1/6th of the worlds population.
Okay, so all of them wont be surfing the internet. But even if 10% would that would still be 100,000,000 and imagine if only 10% of those would be surfing MSN , eBay or Yahoo! that would be 10,000,000. I bet that's worth paying for.
They will give a crap because in India there is ~1,000,000,000 people.
What about artificial (sp?) gravity? Anti Gravity is usefull to get stuff into orbit and to help disabled people not to mention commercial use in general.
But what about artificial gravity? Once we get into space zero-gravity is a problem. Do you just rotate it to the left instead of right or vice-versa?