with more love for Slashdot. Pinball Wizard, Bungi, Diablo
Mwahahaha!! Did you read my response to that post, or do you just blanket consider me a "troll"?
It seems to me twitter that you'll simply call "troll" anyone who doesn't share the slashbot hive groupthink, so as far as that goes I think I'll take your label as a compliment.
You on the other hand are one of the most extreme examples of what I've always thought is one of the biggest problems with free software and open source: blind hatred of Microsoft (or "M$", as you like to call them) and an unflinching, hysterical belief that you've attained some sort of moral high ground just because you give software away (well, not you but the people who actually write the software you use). Your stupid generalizations and blatant lies about what Microsoft does or does not do may be masked in all the phylosophical ramblings and syntactic sugar you like to use in your insight-filled essays, but most normal people can see that you're just a dumb zealot with a jumbo-sized chip on your shoulder and really deficient spelling skills.
After all, I'm not the one who has three or four people following me around posting the worst of my Slashdot acid trips every time I hit 'Submit' on that form.
Since the renderer is a library mapped into the process space of the application that hosts it, a memory exception should bring it down, except if the library itself is preventing the exception to bubble up that far.
It's fairly easy to test this since you can always host mshtml somewhere else (as an OCX on a VB/VBA application for example) and see if you can make the hosting process die. It's possible that the iexplore process has an application exception hook eating up stack or heap corruption scenarios, but again you could prove or disprove that easily.
Of course it might be simply that the renderer does not crash because it's written that way, and the process never sees any exceptions because there are none.
You need to inform yourself a tad more. You sound very authoritative and I'm sure the mods agreed, but you're wrong.
iexplore.exe provides the process, mshtml.dll provides the rendering and the shdocvw library provides the COM glue. IE has nothing to do with explorer.exe, which is the default Windows shell *and* the actual file explorer application. The shell can use the renderer and the glue library to show "web folders" and all that stuff, but it doesn't need them. Quite simply, IE would not run if you were using an alternative shell like Geoshell or BB4Win, and that's not the case. You can launch iexplore.exe and never see a single instance of explorer.exe loaded anywhere in your system. IE and Explorer do share DLLs (like the Common Controls and so on), but those are system libraries, not specific to either of them.
Well OK, but I could make the same argument about any Unix-class OS. That Windows has the means to work as a fully secure environment is a fact - that almost no one is able or willing to take advantage of this is unfortunate and, I would concede, MSFT's fault to a certain extent (yes, their marketing is very good. No, that doesn't mean everyone has to swallow it verbatim). Perhaps there is a higher percentage of clueless admins and developers (hey make the account an admin!!) in the Windows world. Certainly that would match the percentage of clueless users. That's what happens when you lower the entry barrier.
Spyware that requires a "OK" to install itself, worms that come in inside password-protected ZIP files and millions of unpatched zombied Windows machines talk more about (IMO) the fact that computers are not easy to use, and Microsoft sure as heck didn't figure out how to combine ease and security. But, if they hadn't made the effort to make the PC easy to use there wouldn't be a million desktops to target - sometimes I really wonder which of the two evils is the worst. I don't think however that Linux or any other open source product is the silver bullet that will cure all these problems. You cannot engineer user stupidity away, you will never write 100% secure code from the get go, and you can never ensure that everyone who is using your product will constantly upgrade and patch - free or not.
I wasn't aware of Google spreading FUD about someone else.
Oh, no. I wasn't talking about Google, I was talking about Slashdot. You didn't really read my post, did you?
No one ever said [...] that "M$" was funny [...] the same tit-for-tat flawed premise [...] Trading "$" for "S"oftware... it's meant to be ironic, not funny
Thanks for validating the meaning contained in the sig. Not that I needed that, but thanks regardless.
Since documents can and should be stored in a per-user context and an NTFS drive can be easily made secure to avoid this sort of thing, how exactly do you figure this is a "windows exploit" again?
With IE, I've never been able to figure out exactly where the cache is, much less how to kill it without trashing the OS. [...] it's so much easier to take care of it in Opera
Tools, Internet Options, Delete Files, check "Delete all offline content". You can also clear auto-complete history for form user IDs and password stored in the isolated storage system.
Your IE cache is stored under [rootDrive]:\Documents And Settings\\Local Settings\Temporary Internet Files, if you feel so inclined to look at them in some other way or delete them manually, which it must be said, has never "trashed the OS" in any way shape or form.
FUD, clear and simple. With the usual hysterical Slashbot "OMFG TEH COMPANIE IS TEH SUXXORZ!!1!" byline. It's amazing how once a company starts entering different areas and markets everyone starts whining, crying wolf and feeling threatened.
Windows users have had "home" directories that are inaccesible to anyone except themselves and a domain administrator since NT4 was released. If this Google tool is allowed to index things it's not suppose to index, then that's not Google's fault, and it's certainly not Microsoft's. It's the fault of whomever configured that machine. AFAIK NTFS security has not been comprimised yet.
And the "spyware" tag? Love it. FUD works both ways, doesn't it?
The concept of marriage has, in our societies and cultures, always been that. Married arab men were "permitted" to keep young male lovers, the Greeks didn't have a problem with that either and homosexual relations have always existed (and encouraged and recognized, for example in militarized societies like Sparta and Macedonia).
The western concept of the civil legal contract called "marriage" has always been between a man and a woman. That it has always been from the judeo-christian standpoint (which predates the civil one) as well.
So when you say "bullshit" you must be referring to something else, I hope.
How often do I "update a driver"? Not very often, really. The last time I saw a user space application require a restart was the last time I used Windows 98, which I figure was late 1998. If you're installing applications that require system wide updates then you have a problem - exceptions such as Visual Studio notwithstanding, which in any case are not installed by average consumers. Besides, even VS.NET requires reboots only if you're running older versions of Windows. On Windows 2003 (used as a desktop) it requires no reboots at all, while on Windows 2000 it requires three... but that's bad design, really. Nothing installed by VS.NET should require more than one reboot. Microsoft just played it safe.
And I've never, in my entire GNU/Linux using history, had to "crap around in/etc for thirty minutes" after compiling a driver.
Well now that's what I call luck. The last time I tried to set up ALSA on a Leenucks box I spent about two hours figuring out how to update the system, not to mention I had to spend about an hour trying to figure out why the driver would not compile to begin with - it turns out I had to 'touch' <linux.h> (amazingly so) in order to get it to work.
So assuming an average of thirty minutes (even if you're being slightly careful) and not even counting build times, I'd say "bloaty" Windows drivers are still better, even with a reboot.
Once you get used to an operating system that doesn't require so many reboots
I don't know what you do with your computer, but again, I don't "require so many reboots" except when I update drivers, install things like VS.NET or some such. And that's uncommon indeed. My computer stays on 24/7 and gets rebooted every weekend or so just out of habit, or when I apply a patch that requires a restart. I can always go smoke a cigarette or something while it comes up. It's not like I'm chained to the thing.
With the exception of a proof of concept GDI+ exploit posted to USENET, none of these vulnerabilities are known to be exploited.
The shell and compressed folder vulns require user interaction, just like 99% of all other "worms". As long as your mail application is patched you can't get hooked via email and if you visit "malicious websites" with anything other than Lynx you probably should be shot anyway. Ditto for a decent firewall.
On the other hand, I wonder why things like these for soem reason never get posted.
Someone, somewhere is going to engineer some bug or plant or animal that will cause an environmental conflagration, either directly or indirectly. Ecosystems are resilient things, but all it takes to make them tumble is the right lever. Call it the environmental butterfly effect, if you will.
I'm not against GM products, on the contrary. As population pressures grow in a seemingly exponential way we are going to need these things to survive. The planet can only do so much on its own.
But it's bound to happen eventually. We just need to be aware of the risks and weigh them against the benefits.
But compiling the driver and then crapping around/etc for thirty minutes isn't.
It's a desktop PC. God will kill no kittens and the world will not come to an end if you reboot once in a while. If you do not want to reboot a desktop PC it's either because you have some psychological issues or you're running some mission-critical application on it, which is dumb to begin with.
No, but it still gives slashbots a chance to bash "M$" with glee. Also I love how some of them are already yelling "SEE?? M$ MUST DIE!!!" when their own "monoculture" theory does not hold up in this case - there are far more AIM users than MSN could even hope to have.
The problem is between the keyboard and the chair. It doesn't matter what OS or IM client you're running.
I call bullshit
on
Java 1.5 vs C#
·
· Score: 5, Insightful
There is no apparent point to this "story". It's full of grammatical errors and obvious flamebait arguments (flamebait in the context of the slashbot groupthink). What, "C# is teh roxx0rz and Java.. well, I forgot teh point I was makeing for Java"? "The open source crap argument"? Way to go.
Here's my theory. Along with the ubiquitous slashvertisements and the Microsoft-bash-of-teh-day barrage posts, these are a perfect opportunity to create a story that will generate 1,000+ comments and ten times those many page views and ergo ad impressions.
C'mon, C# vs. Java? Outside of "RIAA sues 86 year-old grandma", "We hate Bush, let's talk" and "Microsoft patents KDE" there is no better source of inflammatory material in the dorkosphere.
Slashdot Mirror
Mwahahaha!! Did you read my response to that post, or do you just blanket consider me a "troll"?
It seems to me twitter that you'll simply call "troll" anyone who doesn't share the slashbot hive groupthink, so as far as that goes I think I'll take your label as a compliment.
You on the other hand are one of the most extreme examples of what I've always thought is one of the biggest problems with free software and open source: blind hatred of Microsoft (or "M$", as you like to call them) and an unflinching, hysterical belief that you've attained some sort of moral high ground just because you give software away (well, not you but the people who actually write the software you use). Your stupid generalizations and blatant lies about what Microsoft does or does not do may be masked in all the phylosophical ramblings and syntactic sugar you like to use in your insight-filled essays, but most normal people can see that you're just a dumb zealot with a jumbo-sized chip on your shoulder and really deficient spelling skills.
After all, I'm not the one who has three or four people following me around posting the worst of my Slashdot acid trips every time I hit 'Submit' on that form.
It's fairly easy to test this since you can always host mshtml somewhere else (as an OCX on a VB/VBA application for example) and see if you can make the hosting process die. It's possible that the iexplore process has an application exception hook eating up stack or heap corruption scenarios, but again you could prove or disprove that easily.
Of course it might be simply that the renderer does not crash because it's written that way, and the process never sees any exceptions because there are none.
iexplore.exe provides the process, mshtml.dll provides the rendering and the shdocvw library provides the COM glue. IE has nothing to do with explorer.exe, which is the default Windows shell *and* the actual file explorer application. The shell can use the renderer and the glue library to show "web folders" and all that stuff, but it doesn't need them. Quite simply, IE would not run if you were using an alternative shell like Geoshell or BB4Win, and that's not the case. You can launch iexplore.exe and never see a single instance of explorer.exe loaded anywhere in your system. IE and Explorer do share DLLs (like the Common Controls and so on), but those are system libraries, not specific to either of them.
Spyware that requires a "OK" to install itself, worms that come in inside password-protected ZIP files and millions of unpatched zombied Windows machines talk more about (IMO) the fact that computers are not easy to use, and Microsoft sure as heck didn't figure out how to combine ease and security. But, if they hadn't made the effort to make the PC easy to use there wouldn't be a million desktops to target - sometimes I really wonder which of the two evils is the worst. I don't think however that Linux or any other open source product is the silver bullet that will cure all these problems. You cannot engineer user stupidity away, you will never write 100% secure code from the get go, and you can never ensure that everyone who is using your product will constantly upgrade and patch - free or not.
Oh, no. I wasn't talking about Google, I was talking about Slashdot. You didn't really read my post, did you?
No one ever said [...] that "M$" was funny [...] the same tit-for-tat flawed premise [...] Trading "$" for "S"oftware... it's meant to be ironic, not funny
Thanks for validating the meaning contained in the sig. Not that I needed that, but thanks regardless.
Um, no. Not on an NT system, at least.
That's [rootDrive]:\Documents And Settings\[yourID]\Local Settings\Temporary Internet Files
Since documents can and should be stored in a per-user context and an NTFS drive can be easily made secure to avoid this sort of thing, how exactly do you figure this is a "windows exploit" again?
Tools, Internet Options, Delete Files, check "Delete all offline content". You can also clear auto-complete history for form user IDs and password stored in the isolated storage system.
Your IE cache is stored under [rootDrive]:\Documents And Settings\\Local Settings\Temporary Internet Files, if you feel so inclined to look at them in some other way or delete them manually, which it must be said, has never "trashed the OS" in any way shape or form.
That wasn't too hard, now was it.
Windows users have had "home" directories that are inaccesible to anyone except themselves and a domain administrator since NT4 was released. If this Google tool is allowed to index things it's not suppose to index, then that's not Google's fault, and it's certainly not Microsoft's. It's the fault of whomever configured that machine. AFAIK NTFS security has not been comprimised yet.
And the "spyware" tag? Love it. FUD works both ways, doesn't it?
No, another company's Linux server that had a copy of the code got hacked into and that's where the code was stolen from.
The western concept of the civil legal contract called "marriage" has always been between a man and a woman. That it has always been from the judeo-christian standpoint (which predates the civil one) as well.
So when you say "bullshit" you must be referring to something else, I hope.
Couldn't have said it better.
Neither does IE - as long as you know what you're doing.
It's fairly obvious you have no idea what "root" or "browser help objects" are to begin with.
And I've never, in my entire GNU/Linux using history, had to "crap around in /etc for thirty minutes" after compiling a driver.
Well now that's what I call luck. The last time I tried to set up ALSA on a Leenucks box I spent about two hours figuring out how to update the system, not to mention I had to spend about an hour trying to figure out why the driver would not compile to begin with - it turns out I had to 'touch' <linux.h> (amazingly so) in order to get it to work.
So assuming an average of thirty minutes (even if you're being slightly careful) and not even counting build times, I'd say "bloaty" Windows drivers are still better, even with a reboot.
Once you get used to an operating system that doesn't require so many reboots
I don't know what you do with your computer, but again, I don't "require so many reboots" except when I update drivers, install things like VS.NET or some such. And that's uncommon indeed. My computer stays on 24/7 and gets rebooted every weekend or so just out of habit, or when I apply a patch that requires a restart. I can always go smoke a cigarette or something while it comes up. It's not like I'm chained to the thing.
Are you saying this doesn't happen with Linux? You do realize where the term "rootkit" originated, yes?
http://www.cert.org/advisories/CA-2002-07.html
You're welcome.
With the exception of a proof of concept GDI+ exploit posted to USENET, none of these vulnerabilities are known to be exploited.
The shell and compressed folder vulns require user interaction, just like 99% of all other "worms". As long as your mail application is patched you can't get hooked via email and if you visit "malicious websites" with anything other than Lynx you probably should be shot anyway. Ditto for a decent firewall.
On the other hand, I wonder why things like these for soem reason never get posted.
I'm not against GM products, on the contrary. As population pressures grow in a seemingly exponential way we are going to need these things to survive. The planet can only do so much on its own.
But it's bound to happen eventually. We just need to be aware of the risks and weigh them against the benefits.
But compiling the driver and then crapping around /etc for thirty minutes isn't.
It's a desktop PC. God will kill no kittens and the world will not come to an end if you reboot once in a while. If you do not want to reboot a desktop PC it's either because you have some psychological issues or you're running some mission-critical application on it, which is dumb to begin with.
The problem is between the keyboard and the chair. It doesn't matter what OS or IM client you're running.
Here's my theory. Along with the ubiquitous slashvertisements and the Microsoft-bash-of-teh-day barrage posts, these are a perfect opportunity to create a story that will generate 1,000+ comments and ten times those many page views and ergo ad impressions.
C'mon, C# vs. Java? Outside of "RIAA sues 86 year-old grandma", "We hate Bush, let's talk" and "Microsoft patents KDE" there is no better source of inflammatory material in the dorkosphere.
Sad, really.
Once again I find myself outclassed.
I suggest you seek professional help. You seem to have a reading comprehension problem, among other things.