The 7-Zip message is an error from the decompressor that the blogger is using. The blank dialog is a program that the blogger is running in the background that detects buffer overruns. There wasn't a buffer overrun, so the dialog was blank. This dialog would only show up for the blogger; it's not a Moz thing. Same with the 7-Zip.
Basically the M$ security expert's b0x has already been 0wned, so it's acting up. And he's blaming it on Mozilla. God I love M$ (for a laugh...)
What is Bejing going to do with my social security number?
And why would Taiwan plant a trojan in IE that sends SSNs to bejing? That would be like North Korea putting a trojan in IE that sends the US super secret data. Why?
I have an overclocked 2500+ running almost silent. I got a big Thermalright heatsink and a Thermaltake speed controlled fan for it... even at 1.8V it runs silent (at about 60C).
Even a little fan can do a lot more cooling than convection (no fan), and you probably can't hear it... so I think if you put a tiny (slow 80mm) fan in your box you'll be able run at standard speed.
I run full screen X on mine when I'm doing development stuff. Black background with two xterms and emacs... and twm! (My friend claims that I am the only person on Earth that would buy a Powerbook just to run xterm.)
Sometimes my brain needs a break from all the eye candy (and the clock and CPU meter... just the emacs, thanks).
Nice sig, but to get the modem to hang up you have to get the modem to SEND +++ath0. Me replying to this comment would hang my modem up, but me reading it wouldn't.
Ping a modem user with "+++ath0" in the payload, though, and he'll be disconnected. In-band signaling. Ain't it wonderful.
Local exploit = a user with an account on the machine does something unauthorized Remote exploit = a user without an account on the machine takes over the machine (or some part of it)
I don't have an account on the TA's NASM machine, but I created a file on it. That's a major problem!!
Until you look for security holes and actively exploit them, you won't understand the situation. Learn about it, try your hand at it, then come back and talk to me.
And to be clear, the compiled file doesn't have to be malicious. Example:
There's the file that you run thru nasm. It creates an executable that moves eax to memory. Whatever, that's nothing. But WHILE COMPILING IT, it exploits your system. Hence the exploit. When you type gcc file.c -o file you don't expect gcc to wipe your disks, right? In this case, nasm can do just that.
We're not blaming DJB for our failure. He told us we would fail if we didn't find 10 unique holes. We didn't find 10 holes, so we failed. It's not hard to understand. DJB is not the guy that goes back on his word. He tells you what he means and sticks with it. That's something to respect. (Same with all the DJB-isms. Nothing wrong with saying what you mean and being confident in those statements.)
We're upset about failing, but that's life. It's the hardest CS course at the University (and this is my first semester in college), so it's expected. I know more about C, computer internals, and security than most professionals now, so I'm not too sad:)
The exams and the homework were completely different. DJB should post the exams; there's lots of theoretical holes that we had to find for exams. It was very comprehensive, educational, and practical. It was a great course. (I too failed it, but grades and learning are not necessarily related. For the record I only missed points on exams because my exploit code wasn't C99-compliant:)
Here's the scenario: You are the TA for a CS course. You have 700 NASM programs to grade. What do you do? Compile them and see if they run and return the expected results. Well by doing that, I just compromised your entire account. From the comfort of my own home.
So yes, it's a remote exploit. And not the only one in NASM (There are a few other exploitable buffers, but I couldn't shove a return address over the saved EIP.)
I went to high school and currently attend college in Illinois, and MSN and Yahoo are pretty much unheard of here. I use Jabber to talk to my übernerd friends and AIM for everyone else.
No, they use LaTeX because all you do is type your document and not worry about formatting.
How can anyone be productive in an environment where C-a doesn't take you to the start of the line and C-t doesn't transpose characters? Screw word... long live emacs and LaTeX:)
Which is why I don't have a driver's license or a state ID.
Interesting story about that, though. I was at the Apple Store in Chicago picking up a pair of headphones that cost $39. They noticed I was a student and offered to give me a $4 discount. Fine with me. They then needed to see TWO forms of ID to give me $4 off. I told them I wouldn't give them my state ID (only my school ID). The guy looked at me like I just ran over his entire family and said "I can't give you the discount." I said "OK". He seemed shocked that I would turn down a $4 discount:) What I think is especially funny is that I got hundreds of dollars off my iPod and Powerbook (educational 10% + $250 Cram 'n' Jam), and few bucks off my AE and Bluetooth Keyboard, completely sight-unseen. They didn't even have my real name for that, and they were happy to give me money off. But not for $39 headphones. lol.
Next time I buy something from the Apple Store I am going to pay with cash and refuse to give them ID. You do not need to know who I am.
KDE != Linux. It runs on BSD, Solaris, etc, etc, etc. Also, KDE not running isn't Linux's fault, it's just a big program with way too many features.
Try XFCE4. Runs great on a 233MHz iMac.
As for the MP3 vs. Vorbis issue, I urge you to try this. Get your favorite song (on CD) and encode it as a 256Kbps MP3. Then encode it as a 128Kbps Ogg/Vorbis file. Listen to them both, and tell us which one sounds better. (Actually you probably won't be able to tell unless you have great speakers or headphones; they're both pretty good.)
Slashdot Mirror
The 7-Zip message is an error from the decompressor that the blogger is using. The blank dialog is a program that the blogger is running in the background that detects buffer overruns. There wasn't a buffer overrun, so the dialog was blank. This dialog would only show up for the blogger; it's not a Moz thing. Same with the 7-Zip.
Basically the M$ security expert's b0x has already been 0wned, so it's acting up. And he's blaming it on Mozilla. God I love M$ (for a laugh...)
> perhaps allowing a mirror site to tell the browser where to download the official md5 sums to compare against?
Never allow client software to trust the server! That server was already compromised, any good cracker is going to change the md5sums too!
What is Bejing going to do with my social security number?
And why would Taiwan plant a trojan in IE that sends SSNs to bejing? That would be like North Korea putting a trojan in IE that sends the US super secret data. Why?
I have an overclocked 2500+ running almost silent. I got a big Thermalright heatsink and a Thermaltake speed controlled fan for it... even at 1.8V it runs silent (at about 60C).
Even a little fan can do a lot more cooling than convection (no fan), and you probably can't hear it... so I think if you put a tiny (slow 80mm) fan in your box you'll be able run at standard speed.
XFCE4 and Debian. I have a gig of RAM, so it doesn't really matter which WM you use. I used GNOME for a time, and everything was fine.
:)
(Even with my "shitty" MX440, UT1/2003/2004 were fine. I am not a gamer though, just a UT fan
I run full screen X on mine when I'm doing development stuff. Black background with two xterms and emacs... and twm! (My friend claims that I am the only person on Earth that would buy a Powerbook just to run xterm.)
Sometimes my brain needs a break from all the eye candy (and the clock and CPU meter... just the emacs, thanks).
Nice sig, but to get the modem to hang up you have to get the modem to SEND +++ath0. Me replying to this comment would hang my modem up, but me reading it wouldn't.
Ping a modem user with "+++ath0" in the payload, though, and he'll be disconnected. In-band signaling. Ain't it wonderful.
No, they don't.
Trackers are doing nothing illegal. They are not hosting any copyrighted content (well their own content... but that's legal).
It's like me posting a link to something illegal. Not illegal.
http://www.ai.eecs.uic.edu/GCM/chicagoland.html
Thanks to UIC, Chicago has this too.
As an IT support d00d, I PREY for the day when the typical end user will require a license to use a computer!
Well, professionals wrote the programs, and I found the holes, so...
Prerequisite is a knowledge of C. I learned to read from a BASIC programming book when I was 5. CS101 is not something that I needed to take :)
I am not a CS major. I only took the course for "fun".
Local exploit = a user with an account on the machine does something unauthorized
Remote exploit = a user without an account on the machine takes over the machine (or some part of it)
I don't have an account on the TA's NASM machine, but I created a file on it. That's a major problem!!
Until you look for security holes and actively exploit them, you won't understand the situation. Learn about it, try your hand at it, then come back and talk to me.
And to be clear, the compiled file doesn't have to be malicious. Example:
mov $eax,0xcafebabe
$error "XXXXXXXXXXXXXXXXXexploit"
There's the file that you run thru nasm. It creates an executable that moves eax to memory. Whatever, that's nothing. But WHILE COMPILING IT, it exploits your system. Hence the exploit. When you type gcc file.c -o file you don't expect gcc to wipe your disks, right? In this case, nasm can do just that.
We all already failed the course :-)
:)
We're not blaming DJB for our failure. He told us we would fail if we didn't find 10 unique holes. We didn't find 10 holes, so we failed. It's not hard to understand. DJB is not the guy that goes back on his word. He tells you what he means and sticks with it. That's something to respect. (Same with all the DJB-isms. Nothing wrong with saying what you mean and being confident in those statements.)
We're upset about failing, but that's life. It's the hardest CS course at the University (and this is my first semester in college), so it's expected. I know more about C, computer internals, and security than most professionals now, so I'm not too sad
Not allowed. All software must be deployed and have real users. Hence the difficulty.
Were you in the class?
:)
The exams and the homework were completely different. DJB should post the exams; there's lots of theoretical holes that we had to find for exams. It was very comprehensive, educational, and practical. It was a great course. (I too failed it, but grades and learning are not necessarily related. For the record I only missed points on exams because my exploit code wasn't C99-compliant
Here's the scenario: You are the TA for a CS course. You have 700 NASM programs to grade. What do you do? Compile them and see if they run and return the expected results. Well by doing that, I just compromised your entire account. From the comfort of my own home.
So yes, it's a remote exploit. And not the only one in NASM (There are a few other exploitable buffers, but I couldn't shove a return address over the saved EIP.)
I went to high school and currently attend college in Illinois, and MSN and Yahoo are pretty much unheard of here. I use Jabber to talk to my übernerd friends and AIM for everyone else.
> whole "Identity Commons idea
:)
UNTERMINATED STRING CONSTANT. My head hurts now
No, they use LaTeX because all you do is type your document and not worry about formatting.
:)
How can anyone be productive in an environment where C-a doesn't take you to the start of the line and C-t doesn't transpose characters? Screw word... long live emacs and LaTeX
Which is why I don't have a driver's license or a state ID.
:) What I think is especially funny is that I got hundreds of dollars off my iPod and Powerbook (educational 10% + $250 Cram 'n' Jam), and few bucks off my AE and Bluetooth Keyboard, completely sight-unseen. They didn't even have my real name for that, and they were happy to give me money off. But not for $39 headphones. lol.
Interesting story about that, though. I was at the Apple Store in Chicago picking up a pair of headphones that cost $39. They noticed I was a student and offered to give me a $4 discount. Fine with me. They then needed to see TWO forms of ID to give me $4 off. I told them I wouldn't give them my state ID (only my school ID). The guy looked at me like I just ran over his entire family and said "I can't give you the discount." I said "OK". He seemed shocked that I would turn down a $4 discount
Next time I buy something from the Apple Store I am going to pay with cash and refuse to give them ID. You do not need to know who I am.
> If I do not understand source code not much happens.
Your computer is probably 0wned because of a buffer overflow in your media player, I bet.
KDE != Linux. It runs on BSD, Solaris, etc, etc, etc. Also, KDE not running isn't Linux's fault, it's just a big program with way too many features.
Try XFCE4. Runs great on a 233MHz iMac.
As for the MP3 vs. Vorbis issue, I urge you to try this. Get your favorite song (on CD) and encode it as a 256Kbps MP3. Then encode it as a 128Kbps Ogg/Vorbis file. Listen to them both, and tell us which one sounds better. (Actually you probably won't be able to tell unless you have great speakers or headphones; they're both pretty good.)
OTOH, if spam goes away because of this are you going to complain?