I have a CD of Bob Geldof. I ripped it to Ogg and shared it on Kazaa. I don't think anyone noticed, so I think I'm perfectly safe. If someone checked though they'd figure I'm a "pirate" and prosecute me.
This is the model of the world Sir Bob Geldof is promoting? Is that the virtue he received the knighthood for?
Oh wait, maybe it's because Geldof organized Live Aid and saved many people in Africa from famine. And maybe Gates is getting his because he's donated billions for unimportant things like, oh, vaccinations and disease research. Imagine that.
Take your "viva la revolucion komandante!!!" rant and go back to your mom's basement.
I don't understand these knee-jerk mods. The parent has an opinion. It's not "flamebait". It's not a troll. It's on topic. Maybe it shouldn't be +5, but why slam it like this?
RAR compression is better and has a very nice archive spanning feature. Believe me... this is ever so handy when backing up 40GB of data to a file system/Software that can't address files larger then 2GB.
Microsoft's CAB (MSZIP) compression is better than standard ZIP and has far better volume spanning capabilities, but this is not about the format, it's about the tool. WinZip and other ZIP-oriented file managers tend to be far more user friendly than things like WinRAR or 7Zip, which are often confusing because they use the directory metaphor (or something worse).
ZIP is quite simply a "standard" that works 99% of the time for 99% of the people. The argument that a given standard compression is better is pointless if the tools are difficult to use. Heck, LZO is better than ZIP. But your aunt Emma doesn't care about deflate ratios, hash support or r0xx0r fractal transform algorithms. She just likes those nice big colorful buttons in the WinZip toolbar and the fact that she can email and cook dinner from within the app. Nothing else.
Not all of them, no. The Windows installer has the capability to do certain things under different accounts. And how is that different from any other operating system? If only due to the need to write to normally protected directories (Program Files |/usr/bin or whatever).
It would be no different from having to drop down to root and do a make install or some such.
As long as people are logged in as admins when they install that REALLY COOL KAZAA CLONE they donwloaded from a server in ROMANIA, they're screwed. Just like root on Unix, the admin can do just about anything (though some things are more difficult because of ACLs).
It was just a matter of time, really. This problem will go away only if people realize they're at risk by running under an admin account and companies (including Microsoft) and independent developers learn to write applications that don't need god-like powers to function. Without user pressure (don't buy or use apps that require admin rights!!) this won't happen.
Windows has had this capability since NT4. I think it's time we started using it.
I love it when he asks why Microsoft has such "virulent hatred" of Linux or whatever. Does he not read his own website?
Childish and unprofessional, catering to the/. crowd that will snicker and whine whatever the answers are. It's too bad you can't really say "M$", otherwise he would have used it as well.
And this is a guy that calls himself a "journalist". I guess that's how Malda and his pals call themselves "editors".
Because the first one would have been a bit difficult given the way the books were being cooked at the time (of course MCI was called "WorldCom" back then, but hey, change thy name and stay shiny).
You can make it as impossibly difficult for the user to do stupid things and they'll still crap out their computers. These are the people that, by your reckoning, would be perfectly safe running Linux. I'd like to see that one day.
Microsoft has a lot of design problems with security issues as a result, but opening an email attachment and running it (or installing crap that in turn installs other crap) is not one of them.
If you think you can engineer away user stupidity I have some beachfront property in Switzerland that I'd like to sell you.
Millions of americans didn't know about Napster back in the day, nor did they know about these "MP3" thingies. Millions of americans didn't know there was a search engine called "Google", they were still using Yahoo and Altavista. Millions of americans didn't know Netscape Navigator 2.0 existed, they were... well, they weren't doing anything yet.
The internet is a wonderful thing. It's the great equalizer. If other operating systems were a viable option for millions of Americans then why aren't they actively wiping Windows off their PCs and installing a Linux distro or running a live CD? Do you think maybe Mitch Kapoor or even Larry Ellison wouldn't plop down a cople of mill to do an AOL-ish mass CD mailing campaign? Just to stick it to Microsoft? You think Microsoft could keep up their "monopolistic strong-arming" in the face of a social revolution of that magnitude?
The idea that people don't know better is disingenious. I'm not saying they don't think Windows sucks to one degree or the other, just that out there in the real world the alternatives (be that Linux or BSD or whatever) are simply not very palatable. With the possible exception of OS X and a MiniMac, I must admit.
BTW, the world is bigger than America. There are 5.7 billion additional people out there. Think about that.
I am genuinely curious and puzzled as to why you agreed to this "interview" given the notoriety of Slashdot's well-documented petty hatred of all things Microsoft and the never-ending stream of childish pointless bashing that originates from this site. Related to this, what would you think would happen if Microsoft sponsored a website whose sole purpose in life is to bash free software day in and day out - the same way OSDN does? Has Microsoft ever considered doing that?
Of course it's only a double standard when you feel it's being applied unfairly to you.
The vast majority of malware in people's computers comes from stupidity, plain and simple. The notion that a Windows computer is hopelessly insecure is disingenious at best and FUD at worst - please don't insult my intelligence by suggesting I'm perfectly secure running Firefox. Or Linux, for that matter.
The "hardened" (as it were) version of IE that is currently shipping with XP SP2 is leagues ahead of the stock patched IE6. This is really what FF is going against right now.
In reality though, as long as people continue to open those "Here is teh document" emails written in bad engrish, clicking "OK" in the "WOULD U LIKE TO INSTALLA THIS SUPER-HELFUL SEARCHING ASSITANTE" ActiveX prompts because they just have to see this "cool" web page and installing crapware like seedy P2P apps, spyware is not going away any time soon. With FF's increased install base and XPI malware beginning to appear in some websites, it's only a matter of time until it's a two-browser and much spyware world anyway.
That's interesting because around here it seems that Microsoft is to blame when aunt Tilly opens and executes a password-protected ZIP file that contains a worm with Outlook or IE.
But when aunt Tilly does it with Firefox and Thunderbird, "security is a process, not a product".
I see your point, but let's put things in perspective - Windows 3.x was not snappy on common hardware available in that day, which was pretty much a 486DX2-50/66 with 8MB (average) of RAM and slowish IDE HDs. It really wasn't until the Pentium 60/66 became more mainstream (and I managed to get my hands on one) that 3.x actually seemed damn fast. This was especially true for WFW, which was rather slow on a DX33, but OTOH it actually got better if you threw 32MB or RAM at it, whereas the normal version of Windows stopped noticing once you went past 16-24MB.
Don't get me wrong, I'm not saying it was unusable. It just wasn't particularly snappy.
It's always been this way - when Windows XP came out the majority of people were still running PIII's in the 450-900MHz range; it wasn't until you got a P4 that things started looking rosy. XP/2003 on a 3GHz P4 with HT are positively snappy. But as long as Intel continues to deliver...
You have no idea what you're talking about, do you?
OLE is a framework that runs on top of COM. It was first introduced with Windows 3.1/Word/Excel 5.x. ActiveX is the same. It runs on top of COM. Visual Basic did not use OLE internally, it used ActiveX. "Slapping" an Excel spreadsheet into a VB or VFP or VC++ form is OLE, but that doesn't mean VB used OLE. It was just a control, called "OLE control" or something like that. The binary interop model for VB controls and containers was ActiveX through and through.
ActiveX was initially not designed to be run in a sandbox. That was added after Microsoft decided to use it as a plugin technology in IE. The IE team added the scripting security extensions and interfaces and then published the specs necessary to build controls that ran in IE, which were slightly different (more complicated in some respects and less in others) than normal ActiveX ones. The core technology was still the same: ActiveX/COM.
I have no idea what you mean by "base ActiveX on OLE", and as for the "dumb hackable trust" part, you might want to look at XPI. It's based on trust and user intervention as well. It just doesn't have zones, which while more flexible than whitelists also are more complex to manage correctly (and shipped with insecure defaults anyway). If anything, Mozilla has dumbed down plugin security.
Next time try reading a bit before posting. It helps.
By your definition the only issue with ActiveX is the control over the sandbox it installs and runs under, which has nothing to do with the technology itself but with the container. The zone system works if it is properly configured and you know what you're doing. It is no different than the cute Mozilla "whitelist" system for servers, although it is more complex, perhaps unecessarily so. In any case, even for trusted zones the default can be modified to prompt. Does that make sense? The configuration can be modified, by yourself or by a network administrator using policies at the domain level. That no one does that is also not Microsoft's fault.
If anything, Microsoft's blunder was to ship shipping IE with settings that made ActiveX insecure by default. That has nothing to do with the viability of ActiveX as a technology.
The rest is just user stupidity. In untrusted zones controls don't just install themselves, you get a prompt. Every single time - unless your system is already compromised and the zone setting modified to allow automatic installation, which many malware controls do (I've seen it myself). And this is no different than a malicious piece of XPI plugin writing to my "whitelist", even if I still get a prompt. The shortest route between a stupid user and a malware infestation is an OK button. It doesn't matter what browser or OS they're using.
This whole "article" is not news (as the author has already acknowledged). It's just another one of those daily "Hey let's pick a random subject and bash M$ while displaying our ignorance!!" deals the slashbots enjoy so much.
"Hence", yes. 'u' make 'teh' most wonderful arguments.
Now get off your fucking porch and get back on to your couch. Idiot.
'u' seem to have a slight case of a) poor grasp of the english language; b) retardation; or c) hyper-sensitivity. I suggest 'u' hold off on breeding before getting 'urself' checked out thoroughly.
but also tuning your television on to the sci-fi channel and muting the sound, so that Sci-Fi gets paid for these shows and they may be able to continue producing them.
This is an interesting idea, but NASA would probably want to license the design (after all, they paid for it) and I'm sure P&G doesn't have the facilities to actually launch and build a spacecraft, so they'd have to "offshore" that to NASA as well.
So the question is not whether or not it's legal for a corporation to do this, but how far the US government (which controls NASA) is willing to go to bat for a corporation. Maybe they'll offer to do it on the cheap, but what's the motivation for the government?
So you're left with what, corporations funding NASA? That's not gonna happen, and for good reason. Would you like to see a General Motors sticker on a Mars rover or the Golden Arches (TM) painted on the side of a probe landing on Triton? I wouldn't.
No, these types of missions have no commercial value yet. You're going to see big business go to space as funding sources for projects that would directly benefit their bottom line, even if it's indirectly.
Slashdot Mirror
This is the model of the world Sir Bob Geldof is promoting? Is that the virtue he received the knighthood for?
Oh wait, maybe it's because Geldof organized Live Aid and saved many people in Africa from famine. And maybe Gates is getting his because he's donated billions for unimportant things like, oh, vaccinations and disease research. Imagine that.
Take your "viva la revolucion komandante!!!" rant and go back to your mom's basement.
I don't understand these knee-jerk mods. The parent has an opinion. It's not "flamebait". It's not a troll. It's on topic. Maybe it shouldn't be +5, but why slam it like this?
Microsoft's CAB (MSZIP) compression is better than standard ZIP and has far better volume spanning capabilities, but this is not about the format, it's about the tool. WinZip and other ZIP-oriented file managers tend to be far more user friendly than things like WinRAR or 7Zip, which are often confusing because they use the directory metaphor (or something worse).
ZIP is quite simply a "standard" that works 99% of the time for 99% of the people. The argument that a given standard compression is better is pointless if the tools are difficult to use. Heck, LZO is better than ZIP. But your aunt Emma doesn't care about deflate ratios, hash support or r0xx0r fractal transform algorithms. She just likes those nice big colorful buttons in the WinZip toolbar and the fact that she can email and cook dinner from within the app. Nothing else.
It would be no different from having to drop down to root and do a make install or some such.
It was just a matter of time, really. This problem will go away only if people realize they're at risk by running under an admin account and companies (including Microsoft) and independent developers learn to write applications that don't need god-like powers to function. Without user pressure (don't buy or use apps that require admin rights!!) this won't happen.
Windows has had this capability since NT4. I think it's time we started using it.
Yeah, they can take back the popup notification bar FF copied from IE6 SP2.
Childish and unprofessional, catering to the /. crowd that will snicker and whine whatever the answers are. It's too bad you can't really say "M$", otherwise he would have used it as well.
And this is a guy that calls himself a "journalist". I guess that's how Malda and his pals call themselves "editors".
Interesting.
Microsoft has a lot of design problems with security issues as a result, but opening an email attachment and running it (or installing crap that in turn installs other crap) is not one of them.
If you think you can engineer away user stupidity I have some beachfront property in Switzerland that I'd like to sell you.
Not that that has ever prevented Slashdot from reporting things like these as "vulnerabilities".
The internet is a wonderful thing. It's the great equalizer. If other operating systems were a viable option for millions of Americans then why aren't they actively wiping Windows off their PCs and installing a Linux distro or running a live CD? Do you think maybe Mitch Kapoor or even Larry Ellison wouldn't plop down a cople of mill to do an AOL-ish mass CD mailing campaign? Just to stick it to Microsoft? You think Microsoft could keep up their "monopolistic strong-arming" in the face of a social revolution of that magnitude?
The idea that people don't know better is disingenious. I'm not saying they don't think Windows sucks to one degree or the other, just that out there in the real world the alternatives (be that Linux or BSD or whatever) are simply not very palatable. With the possible exception of OS X and a MiniMac, I must admit.
BTW, the world is bigger than America. There are 5.7 billion additional people out there. Think about that.
He wants his article summary back.
I am genuinely curious and puzzled as to why you agreed to this "interview" given the notoriety of Slashdot's well-documented petty hatred of all things Microsoft and the never-ending stream of childish pointless bashing that originates from this site. Related to this, what would you think would happen if Microsoft sponsored a website whose sole purpose in life is to bash free software day in and day out - the same way OSDN does? Has Microsoft ever considered doing that?
Thanks.
The vast majority of malware in people's computers comes from stupidity, plain and simple. The notion that a Windows computer is hopelessly insecure is disingenious at best and FUD at worst - please don't insult my intelligence by suggesting I'm perfectly secure running Firefox. Or Linux, for that matter.
Not an actual exploit based on the reported vulnerability.
In reality though, as long as people continue to open those "Here is teh document" emails written in bad engrish, clicking "OK" in the "WOULD U LIKE TO INSTALLA THIS SUPER-HELFUL SEARCHING ASSITANTE" ActiveX prompts because they just have to see this "cool" web page and installing crapware like seedy P2P apps, spyware is not going away any time soon. With FF's increased install base and XPI malware beginning to appear in some websites, it's only a matter of time until it's a two-browser and much spyware world anyway.
But when aunt Tilly does it with Firefox and Thunderbird, "security is a process, not a product".
Nice.
I see your point, but let's put things in perspective - Windows 3.x was not snappy on common hardware available in that day, which was pretty much a 486DX2-50/66 with 8MB (average) of RAM and slowish IDE HDs. It really wasn't until the Pentium 60/66 became more mainstream (and I managed to get my hands on one) that 3.x actually seemed damn fast. This was especially true for WFW, which was rather slow on a DX33, but OTOH it actually got better if you threw 32MB or RAM at it, whereas the normal version of Windows stopped noticing once you went past 16-24MB.
Don't get me wrong, I'm not saying it was unusable. It just wasn't particularly snappy.
It's always been this way - when Windows XP came out the majority of people were still running PIII's in the 450-900MHz range; it wasn't until you got a P4 that things started looking rosy. XP/2003 on a 3GHz P4 with HT are positively snappy. But as long as Intel continues to deliver...
OLE is a framework that runs on top of COM. It was first introduced with Windows 3.1/Word/Excel 5.x. ActiveX is the same. It runs on top of COM. Visual Basic did not use OLE internally, it used ActiveX. "Slapping" an Excel spreadsheet into a VB or VFP or VC++ form is OLE, but that doesn't mean VB used OLE. It was just a control, called "OLE control" or something like that. The binary interop model for VB controls and containers was ActiveX through and through.
ActiveX was initially not designed to be run in a sandbox. That was added after Microsoft decided to use it as a plugin technology in IE. The IE team added the scripting security extensions and interfaces and then published the specs necessary to build controls that ran in IE, which were slightly different (more complicated in some respects and less in others) than normal ActiveX ones. The core technology was still the same: ActiveX/COM.
I have no idea what you mean by "base ActiveX on OLE", and as for the "dumb hackable trust" part, you might want to look at XPI. It's based on trust and user intervention as well. It just doesn't have zones, which while more flexible than whitelists also are more complex to manage correctly (and shipped with insecure defaults anyway). If anything, Mozilla has dumbed down plugin security.
Next time try reading a bit before posting. It helps.
By your definition the only issue with ActiveX is the control over the sandbox it installs and runs under, which has nothing to do with the technology itself but with the container. The zone system works if it is properly configured and you know what you're doing. It is no different than the cute Mozilla "whitelist" system for servers, although it is more complex, perhaps unecessarily so. In any case, even for trusted zones the default can be modified to prompt. Does that make sense? The configuration can be modified, by yourself or by a network administrator using policies at the domain level. That no one does that is also not Microsoft's fault.
If anything, Microsoft's blunder was to ship shipping IE with settings that made ActiveX insecure by default. That has nothing to do with the viability of ActiveX as a technology.
The rest is just user stupidity. In untrusted zones controls don't just install themselves, you get a prompt. Every single time - unless your system is already compromised and the zone setting modified to allow automatic installation, which many malware controls do (I've seen it myself). And this is no different than a malicious piece of XPI plugin writing to my "whitelist", even if I still get a prompt. The shortest route between a stupid user and a malware infestation is an OK button. It doesn't matter what browser or OS they're using.
This whole "article" is not news (as the author has already acknowledged). It's just another one of those daily "Hey let's pick a random subject and bash M$ while displaying our ignorance!!" deals the slashbots enjoy so much.
Now get off your fucking porch and get back on to your couch. Idiot.
'u' seem to have a slight case of a) poor grasp of the english language; b) retardation; or c) hyper-sensitivity. I suggest 'u' hold off on breeding before getting 'urself' checked out thoroughly.
Mod parent up, this is funny and absolutely true.
Only on Slashdot.
What a ridiculous bunch of people you are.t sunami/index.html
http://www.cnn.com/2005/WORLD/asiapcf/01/14/asia.
So the question is not whether or not it's legal for a corporation to do this, but how far the US government (which controls NASA) is willing to go to bat for a corporation. Maybe they'll offer to do it on the cheap, but what's the motivation for the government?
So you're left with what, corporations funding NASA? That's not gonna happen, and for good reason. Would you like to see a General Motors sticker on a Mars rover or the Golden Arches (TM) painted on the side of a probe landing on Triton? I wouldn't.
No, these types of missions have no commercial value yet. You're going to see big business go to space as funding sources for projects that would directly benefit their bottom line, even if it's indirectly.