I have a Pentium III 500 notebook with PC100 256M memory, a piss-ass slow disk, and an unaccelerated Xserver, and the GNOME terminal (Dropline GNOME 2.4, Slackware 9.1) is *still* way faster than I can type.
"10 years from now when Apple gets the iVMS (Internet Video & Music Store) going over everyone's new FTTH 100MB and you can have tens of thousands of films on yer desktop for 99 cents ( or whatever )on top of the music you have now, thank Apple. They made it possible."
No. They didn't.
Yesterday I downloaded a movie from Movielink (they gave me a free $5 gift credit). It was a recent, popular movie (The Transporter). I got 225 kbytes/sec out of my cable modem. It took less than two minutes to buffer enough for the movie to be watchable. Quality was on par with DIVX movie, perhaps a bit better than most. It wasn't DVD, but for a 19" CRT it was perfectly fine.
Yes, they use evil DRM. Yes, the movie expires after a day. And, yes, you must have Windows. But damn, it was cool.
You can't really do better than $3-$5 a movie. If they can get the bitrate up a bit (e.g. 3000kbps instead of 700), it might even compete with blockbuster from a quality standpoint.
"SLAMMER managed to get into the network and literally turned those boxen unfortunate enough to be running unpatched MS-SQL servers into immediate nightmares"
You should have known better. The patch was out * SIX MONTHS * before the exploit hit. Anyone who had not updated by then got what they deserved.
Because you don't know that the road is empty. Someone could pull out in front of you. Someone could run onto the road. You wouldn't have time to react at 140mph. Someone could get killed.
Speed limits aren't repressive tools of a repressive government. Speed limits are usually in line with the maximum safe speed of the road. And don't give me this bullshit of "it's not speed but speed difference". Yeah. Right. At higher speeds, you cover more distance in the time it takes you to react. Your brakes take longer to stop the vehicle. Basically, when the shit hits the fan, the faster you are going, the more likely you are to hit something. Moreover, when something does happen, you are decelerating faster, which means more force and more destruction.
Excessive speed is always dangerous. Are there situations where high speeds can be reasonably safe? Absolutely. Can we trust drivers to make that determination. Absolutely not.
With DirecTV, you use a multiswitch. It turns a dual-LNB dish (or a dual-LNB multisat dish) into 4, 8, or more outputs.,
With cable, a splitter is fine. You may want signal amplification for more than a few outlets. Also check for compatibility with cable modem/digital cable boxes.
Kernel mode means just that - kernel mode. It means that the code has direct access to the underlying hardware.
Kernel modules can compropise stability. They can compromise security. An open source module can do just as much harm as a closed source module.
What if you want to develop a module for a GPU whose interfaces are a trade secret? What do you do then?
Linux developers somehow think that the world should change to accomodate their belief in open source. The viral nature of the GPL (note: it's not the GPL at fault, it is the Linux hackers insisting that any code that touches their OS immediately becomes GPL) is damaging to the free software movement.
"So now we have microsoft with patenting a new way of creating macicious popups with windows. "
Bzzzt... wrong answer.
This patent covers Microsoft HTML Applications. An HTML Application is a file with the extention of.hta; you download it like any other executable and run it like any other executable. This does not cover browser windows, nor does it allow a website to open such an application.
An HTML Application is just like a normal executable except for the fact that it is written in HTML.
Operon 240 is at 1.4Ghz - this is at 2.0Ghz. Remember, 2x1.4Ghz doesn't equal 2.8Ghz.
Opteron 244 is at 1.8Ghz - and as I recall, in many cases the 2.0Ghz Athlon 64 can be very close to the 2.2Ghz Athlon FX (Rebranded Opteron 248) - mostly due to lower latency unregistered DDR.
People like you are the reason that the GPL has been called "viral". If code that communicates with code which dynamically links into the kernel needs to be GPL, than, quite frankly, what doesn't?
The whole idea that a kernel module needs to be GPL is absolutely absurd. That would be like saying that a driver in Windows needs to be released under Microsoft's terms. Linux will *never* be seriously considered as an enterprise operating system if companies cannot release binary-only drivers.
Kernel modules are clearly not derivitives of the kernel. Remember, the only thing that holds up the GPL is copyright - and unless binary modules are violating the copyrights on the kernel (which they aren't, unless of course they contain code from the kernel), than the GPL does not apply.
Microsoft's updates are cryptographicaly signed. Nothing will install without the proper signature.
The real threat would be if Microsoft's private key were compromised. Hopefully, Microsoft is not stupid enough to keep the private key on a system accessable to the internet. And, if they aren't, they deserve what will eventually happen.
Hewlett-Packard is a company with 90 billion dollars in revenue a year. They made more income last quarter than they have ever made. They are #1 in worldwide marketshare of computers (desktop, notebook, workstation, and server), imaging devices (printers and scanners), and PDAs. Their main competition, Dell, may lead in the US in desktop computers, but Dell lags far behind in both the US and worldwide in notebooks - a much faster growing market.
HP is doing what any good corporation does. Compete, expand, engineer - and they have been hugely successful at it since the merger.
It's also possible that the US Government will invade your house tomorrow and take away all of your rights.
Microsoft is not stupid. They have maintained backwards-compatibility with older operating systems through years of changes - and they won't abandon that now.
"Well it may be a lot more difficult to get your computer to do what you want, because certain software components carrying the right keys will easily slide into operating system hooks, while un-"trusted" software (the stuff you want to run) is more difficult to install and run freely."
Oh my god.
Is Slashdot really this stupid?
Trusted computing - Will not make viruses "slide in" to the OS. - Will not attempt to stop you from running untrusted code
Let me tell you exactly what "Trusted Computing" is:
- Trusted computing is a combination of a hardware standard (TCPA) and a software system based on.NET
- Trusted computing allows the BIOS to verify that the operating system matches a specific signature.
- Trusted computing allows an application to determine whether the operating system matches a specific signature, and whether the drivers match a specific signature.
- Trusted computing allows an application to ensure that it has not been modified.
- Trusted computing allows the OS to check the signature on an application before it is run
That's it. That's all that Microsoft's "trusted computing" does.
Trusted computing will not: - Prevent you from running Linux on your system - Prevent you from running an older version of Windows on your system - Prevent you from running unsigned code on your Longhorn based system - Prevent you from using unsigned drivers - Prevent you from using unapproved hardware - Prevent you from deleting files or folders - Prevent you from accessing your HDD on another system - Prevent you from modifying the software applications on your system (except those programmed to refuese execution without a proper signature - note that many programs do this already by hashing themselves on startup)
Trusted Computing may prevent you from: - Viewing DRM'd content without signed drivers and approved hardware - Viewing DRM'd content without a signed, unmodified operating system - Viewing DRM'd content without a TCPA-compliant BIOS - Viewing DRM'd content without a signed, unmodified media player/viewer
"Their spyware, "trusted" software, may be automatically installed and automatically re-installed beyond your control."
This is FUD. Plain and simple. Spyware will not be "trusted" unless you accept the signature of the author (similar to the way ActiveX controls work now). Spyware will not autoinstall any more than it does today. Spyware will be uninstallable. 3rd-party spyware removal software will still run. The BIOS will not prevent you from executing spyware-removal software.
In other words, the parent is blatantly lying in everything that was said.
(Disclamer: This is derived from Microsoft's statements. Windows Longhorn has not been released. Trusted Computing is as-of-yet unimplemented. Microsoft may choose to tighten or loosen aspects of the system before the release of Windows Longhorn. Facts based on my knowledge of Microsoft and independent claims. Facts may not be 100% correct.)
Problem: Changed monitor, now get out-of-range sync Solution (Linux): Boot up in single user mode, use vi to hack XF86config file, restart server Solution (Windows): Not needed. When given a monitor with unknown sync, Windows automatically reverts to 800x600x60hz
Problem: Sound card not supported Solution (Linux): Download, configure, and build ALSA. Modify rc scripts to load proper module. Solution (Windows): Install driver from NVIDIA website.
See a patern here? Need I go on.
"Windows XP" is not responsible for Outlook Express losing your password. OE may very well be crap. But OE isn't an underlying part of the OS.
"Windows XP" is also likely not responsible for "Exact Globe 2000" not printing.
Remember, buggy software can refuse to work on *any* OS. Even a theoretically perfect OS is not immune to programmer stupidity.
"First of all by "file system," I had meant the organizational file heiarchy in Windows, the portion that the OS sees. You can still break all of the links to a program by, for example, re-naming a folder. Many programs fail to work if installed on something other than the C: drive... Many of these are Microsoft's programs. "
I can tell you that most programs respond fine to having "Program Files" on my RAID partition. Those which don't (a rarity) are caught by the symlink.
With NTFS, shortcuts automatically update themselves when you move a file. Try it sometime.
"(though the fact that Windows XP doesn't support 160 GB drives out of the box is pretty shameful)"
It does. More likely is that your ATA controller doesn't have supported LBA-48 drivers.
"Actually, some programs treat registry settings like they were a preferences dialog. Zone Alarm, for example, like thousands of other pieces of software has an annoying splash screen that appears every time your computer boots, and the only place the preference exists is in the registry."
Programs are *supposed* to use the registry. HKEY_LOCAL_USER\Software\Microsoft\Windows\Current Version\Run is the key, if I remember correctly.
"It's just a bad idea to keep your copy restriction authentication and your preferences in the same structure, but that's exactly what Microsoft designed."
That is bullshit. By the same measure, Linux is worse off because it also keeps files in its directory structure. The registry is just a virtual filesystem.
"As a game developer, and an out-of-work one at that, Windows does need to be reinstalled every 6 months or so... If the constant flow of test games doesn't get you, the constant flow of uninstallers will."
So, you run a constant stream of uninstallers and installers on your system, many of them beta quality, which may damage your system. It's no surprise that you think that Windows needs to be reinstalled every 6 months. Most users will *never* reinstall Windows. They probably don't even have their original media.
"As an addition to your suggestions, the user needs to check what icons are in the bottom-right hand corner of their screen, and shut off what isn't needed."
Windows XP has msconfig. I recommend that *all* users use this tool to turn off user-mode startup programs. Also, you can set the key to deny write permissions with regedit - this keeps programs from putting themselves there.
- I also have a 3 foot square VHF antenna (the Channel Master one with 8 bow antennas)
- I can recieve KDVR-DT Denver (32 UHF) from 66 miles away in Fort Collins, from the ground floor, reliably, even though KDVR-DT is only at 1/2 power.
- VSB was *not* the wrong choice. 8VSB provides superior range with less power than CODFM. CODFM does better with multipath. The reason that your analog broadcasts are coming in better is because they are being boradcast at 1/2 power or less.
- ATSC is miles above NTSC in picture quality. With equal power levels, ATSC is superior in nearly every situation. Yes, there are situations in which the ATSC signal drops out altogether, but in those situations a similar NTSC broadcast would be barely viewable.
- If you live in Colorado, which I suspect you do, then you must know the following:
- FOX 31 (KDVR-DT Denver) is currently at 1/2 power. *All Other* DTV stations are at very minimal power to date.
- Lookout Mountain, the proprosed site for DTV broadcasts, currently hosts nearly all analog TV broadcasts in the state
- The residents of Lookout Mountain formed an association known as CARE in an attempt to stop the proposed consolidation of towers on Lookout Mountain, presumably because of increased power output. CARE delayed the project for several years but was overruled earlier this year.
This isn't DRM. This is a system that only accepts signed code. Of course there can be holes in the signed code, but that's why the software update mechanism exists - so you can patch them.
"Invalid ContentType may disclose cache directory" My Classification: Minor This isn't all that serious. The major threat is that a hacker could get your cache directory. The downloaded web page runs as part of the "internet" zone, meaning that there is no privelage elevation (IE has a zone system to give different pages different privelages).
"LocalZoneInCache" Moderate/Severe This is more serious. It allows an attacker to modify files on the system or worse. Note that this *is not* the same as a root exploit, but it could be as damaging as running an executable. Note that the user *does* have to choose "open" in the download dialog, but they are not warned about the security risks and may not consider them as the file extention is ".htm".
"MHTML Redirection Leads to Downloading EXE and Executing - Remote Compromise(requiring MYCOMPUTER zone)" Moderate This is somewhat less severe. It allows an attacker to download and execute an executable, but only if the user has already downloaded the page, saved it to disk, and executed it. The user might assume (incorrectly) that the file is safe.
"MHTML Redirection leads to local file parsing in INTERNET zone" Severe (If an issue) I was not able to reproduce results with this veulnerability (IE6 SP1). Please comment if you can reproduce it. If it is indeed true, it would allow an attacker to parse the contents of a local file. They would need the absolute path. This could be used to discover potentially private information.
"HijackClickV2 - Adding a Link to Favoriate List(requiring clicking a link)" Minor This would allow an attacker to add their site to favorites. The user would have to click a link and would have to release their mouse button over the favorites list (which is placed under their cursor after clicking the link).
"execdror6" Severe (if issue) I was not able to reproduce results with this veulnerability (IE6 SP1). Please comment if you can reproduce it. If it is indeed true, it would allow an attacker to run an executable on the user's system. The user would have to click "open" on an HTML file download. Security warnings would not be displayed.
"BackToFramedJpu - Cross-zone scripting(requiring a subframe in victim page)" Moderate This could allow an attacker to execute code in another security zone. It could potentially be used to execute code in the "my computer" zone if the attacker knows the location of a local page with frames.
Slashdot Mirror
That's funny.
I have a Pentium III 500 notebook with PC100 256M memory, a piss-ass slow disk, and an unaccelerated Xserver, and the GNOME terminal (Dropline GNOME 2.4, Slackware 9.1) is *still* way faster than I can type.
Satellite.
Yeah, latency is lame, but the speed is good.
Alternately, find a friend who can get broadband and set up a WIFI link.
"10 years from now when Apple gets the iVMS (Internet Video & Music Store) going over everyone's new FTTH 100MB and you can have tens of thousands of films on yer desktop for 99 cents ( or whatever )on top of the music you have now, thank Apple. They made it possible."
No. They didn't.
Yesterday I downloaded a movie from Movielink (they gave me a free $5 gift credit). It was a recent, popular movie (The Transporter). I got 225 kbytes/sec out of my cable modem. It took less than two minutes to buffer enough for the movie to be watchable. Quality was on par with DIVX movie, perhaps a bit better than most. It wasn't DVD, but for a 19" CRT it was perfectly fine.
Yes, they use evil DRM. Yes, the movie expires after a day. And, yes, you must have Windows. But damn, it was cool.
You can't really do better than $3-$5 a movie. If they can get the bitrate up a bit (e.g. 3000kbps instead of 700), it might even compete with blockbuster from a quality standpoint.
"SLAMMER managed to get into the network and literally turned those boxen unfortunate enough to be running unpatched MS-SQL servers into immediate nightmares"
You should have known better. The patch was out * SIX MONTHS * before the exploit hit. Anyone who had not updated by then got what they deserved.
"Pay cash"
What if they put RFID in the cash?
"Mac and the other Unix variants will probably be free from any major known flaws"
Right. It's not like there has been a major root exploit in the Linux kernel this year. It's not like OpenSSH has had a remote root exploit this year.
Let's see, we've had one kernel-level local root exploit and one remote root exploit based on a service enabled on almost every Linux system.
Windows XP SP2 turns on the firewall by default, blocking all ports. This should greatly help to minimize the risk of security flaws.
"why is this a crime?"
Because you don't know that the road is empty. Someone could pull out in front of you. Someone could run onto the road. You wouldn't have time to react at 140mph. Someone could get killed.
Speed limits aren't repressive tools of a repressive government. Speed limits are usually in line with the maximum safe speed of the road. And don't give me this bullshit of "it's not speed but speed difference". Yeah. Right. At higher speeds, you cover more distance in the time it takes you to react. Your brakes take longer to stop the vehicle. Basically, when the shit hits the fan, the faster you are going, the more likely you are to hit something. Moreover, when something does happen, you are decelerating faster, which means more force and more destruction.
Excessive speed is always dangerous. Are there situations where high speeds can be reasonably safe? Absolutely. Can we trust drivers to make that determination. Absolutely not.
With DirecTV, you use a multiswitch. It turns a dual-LNB dish (or a dual-LNB multisat dish) into 4, 8, or more outputs.,
With cable, a splitter is fine. You may want signal amplification for more than a few outlets. Also check for compatibility with cable modem/digital cable boxes.
Come on.
Kernel mode means just that - kernel mode. It means that the code has direct access to the underlying hardware.
Kernel modules can compropise stability. They can compromise security. An open source module can do just as much harm as a closed source module.
What if you want to develop a module for a GPU whose interfaces are a trade secret? What do you do then?
Linux developers somehow think that the world should change to accomodate their belief in open source. The viral nature of the GPL (note: it's not the GPL at fault, it is the Linux hackers insisting that any code that touches their OS immediately becomes GPL) is damaging to the free software movement.
"So now we have microsoft with patenting a new way of creating macicious popups with windows. "
.hta; you download it like any other executable and run it like any other executable. This does not cover browser windows, nor does it allow a website to open such an application.
Bzzzt... wrong answer.
This patent covers Microsoft HTML Applications. An HTML Application is a file with the extention of
An HTML Application is just like a normal executable except for the fact that it is written in HTML.
Operon 240 is at 1.4Ghz - this is at 2.0Ghz. Remember, 2x1.4Ghz doesn't equal 2.8Ghz.
Opteron 244 is at 1.8Ghz - and as I recall, in many cases the 2.0Ghz Athlon 64 can be very close to the 2.2Ghz Athlon FX (Rebranded Opteron 248) - mostly due to lower latency unregistered DDR.
People like you are the reason that the GPL has been called "viral". If code that communicates with code which dynamically links into the kernel needs to be GPL, than, quite frankly, what doesn't?
The whole idea that a kernel module needs to be GPL is absolutely absurd. That would be like saying that a driver in Windows needs to be released under Microsoft's terms. Linux will *never* be seriously considered as an enterprise operating system if companies cannot release binary-only drivers.
Kernel modules are clearly not derivitives of the kernel. Remember, the only thing that holds up the GPL is copyright - and unless binary modules are violating the copyrights on the kernel (which they aren't, unless of course they contain code from the kernel), than the GPL does not apply.
You see, there is profit. More than either company *ever* posted.
It would do nothing.
Microsoft's updates are cryptographicaly signed. Nothing will install without the proper signature.
The real threat would be if Microsoft's private key were compromised. Hopefully, Microsoft is not stupid enough to keep the private key on a system accessable to the internet. And, if they aren't, they deserve what will eventually happen.
Hewlett-Packard is a company with 90 billion dollars in revenue a year. They made more income last quarter than they have ever made. They are #1 in worldwide marketshare of computers (desktop, notebook, workstation, and server), imaging devices (printers and scanners), and PDAs. Their main competition, Dell, may lead in the US in desktop computers, but Dell lags far behind in both the US and worldwide in notebooks - a much faster growing market.
HP is doing what any good corporation does. Compete, expand, engineer - and they have been hugely successful at it since the merger.
It's also possible that the US Government will invade your house tomorrow and take away all of your rights.
Microsoft is not stupid. They have maintained backwards-compatibility with older operating systems through years of changes - and they won't abandon that now.
True. No technology in ironclad. I have no doubts that NGSCB will be cracked.
But my point stands. It's not the horrific terror that the grandparent would have you believe.
"Well it may be a lot more difficult to get your computer to do what you want, because certain software components carrying the right keys will easily slide into operating system hooks, while un-"trusted" software (the stuff you want to run) is more difficult to install and run freely."
.NET
Oh my god.
Is Slashdot really this stupid?
Trusted computing
- Will not make viruses "slide in" to the OS.
- Will not attempt to stop you from running untrusted code
Let me tell you exactly what "Trusted Computing" is:
- Trusted computing is a combination of a hardware standard (TCPA) and a software system based on
- Trusted computing allows the BIOS to verify that the operating system matches a specific signature.
- Trusted computing allows an application to determine whether the operating system matches a specific signature, and whether the drivers match a specific signature.
- Trusted computing allows an application to ensure that it has not been modified.
- Trusted computing allows the OS to check the signature on an application before it is run
That's it. That's all that Microsoft's "trusted computing" does.
Trusted computing will not:
- Prevent you from running Linux on your system
- Prevent you from running an older version of Windows on your system
- Prevent you from running unsigned code on your Longhorn based system
- Prevent you from using unsigned drivers
- Prevent you from using unapproved hardware
- Prevent you from deleting files or folders
- Prevent you from accessing your HDD on another system
- Prevent you from modifying the software applications on your system (except those programmed to refuese execution without a proper signature - note that many programs do this already by hashing themselves on startup)
Trusted Computing may prevent you from:
- Viewing DRM'd content without signed drivers and approved hardware
- Viewing DRM'd content without a signed, unmodified operating system
- Viewing DRM'd content without a TCPA-compliant BIOS
- Viewing DRM'd content without a signed, unmodified media player/viewer
"Their spyware, "trusted" software, may be automatically installed and automatically re-installed beyond your control."
This is FUD. Plain and simple. Spyware will not be "trusted" unless you accept the signature of the author (similar to the way ActiveX controls work now). Spyware will not autoinstall any more than it does today. Spyware will be uninstallable. 3rd-party spyware removal software will still run. The BIOS will not prevent you from executing spyware-removal software.
In other words, the parent is blatantly lying in everything that was said.
(Disclamer: This is derived from Microsoft's statements. Windows Longhorn has not been released. Trusted Computing is as-of-yet unimplemented. Microsoft may choose to tighten or loosen aspects of the system before the release of Windows Longhorn. Facts based on my knowledge of Microsoft and independent claims. Facts may not be 100% correct.)
Problem: Changed monitor, now get out-of-range sync
Solution (Linux): Boot up in single user mode, use vi to hack XF86config file, restart server
Solution (Windows): Not needed. When given a monitor with unknown sync, Windows automatically reverts to 800x600x60hz
Problem: Sound card not supported
Solution (Linux): Download, configure, and build ALSA. Modify rc scripts to load proper module.
Solution (Windows): Install driver from NVIDIA website.
See a patern here? Need I go on.
"Windows XP" is not responsible for Outlook Express losing your password. OE may very well be crap. But OE isn't an underlying part of the OS.
"Windows XP" is also likely not responsible for "Exact Globe 2000" not printing.
Remember, buggy software can refuse to work on *any* OS. Even a theoretically perfect OS is not immune to programmer stupidity.
"First of all by "file system," I had meant the organizational file heiarchy in Windows, the portion that the OS sees. You can still break all of the links to a program by, for example, re-naming a folder. Many programs fail to work if installed on something other than the C: drive... Many of these are Microsoft's programs. "
t Version\Run is the key, if I remember correctly.
I can tell you that most programs respond fine to having "Program Files" on my RAID partition. Those which don't (a rarity) are caught by the symlink.
With NTFS, shortcuts automatically update themselves when you move a file. Try it sometime.
"(though the fact that Windows XP doesn't support 160 GB drives out of the box is pretty shameful)"
It does. More likely is that your ATA controller doesn't have supported LBA-48 drivers.
"Actually, some programs treat registry settings like they were a preferences dialog. Zone Alarm, for example, like thousands of other pieces of software has an annoying splash screen that appears every time your computer boots, and the only place the preference exists is in the registry."
Programs are *supposed* to use the registry. HKEY_LOCAL_USER\Software\Microsoft\Windows\Curren
"It's just a bad idea to keep your copy restriction authentication and your preferences in the same structure, but that's exactly what Microsoft designed."
That is bullshit. By the same measure, Linux is worse off because it also keeps files in its directory structure. The registry is just a virtual filesystem.
"As a game developer, and an out-of-work one at that, Windows does need to be reinstalled every 6 months or so... If the constant flow of test games doesn't get you, the constant flow of uninstallers will."
So, you run a constant stream of uninstallers and installers on your system, many of them beta quality, which may damage your system. It's no surprise that you think that Windows needs to be reinstalled every 6 months. Most users will *never* reinstall Windows. They probably don't even have their original media.
"As an addition to your suggestions, the user needs to check what icons are in the bottom-right hand corner of their screen, and shut off what isn't needed."
Windows XP has msconfig. I recommend that *all* users use this tool to turn off user-mode startup programs. Also, you can set the key to deny write permissions with regedit - this keeps programs from putting themselves there.
You live in Colorado, don't you?
- I also have a 3 foot square VHF antenna (the Channel Master one with 8 bow antennas)
- I can recieve KDVR-DT Denver (32 UHF) from 66 miles away in Fort Collins, from the ground floor, reliably, even though KDVR-DT is only at 1/2 power.
- VSB was *not* the wrong choice. 8VSB provides superior range with less power than CODFM. CODFM does better with multipath. The reason that your analog broadcasts are coming in better is because they are being boradcast at 1/2 power or less.
- ATSC is miles above NTSC in picture quality. With equal power levels, ATSC is superior in nearly every situation. Yes, there are situations in which the ATSC signal drops out altogether, but in those situations a similar NTSC broadcast would be barely viewable.
- If you live in Colorado, which I suspect you do, then you must know the following:
- FOX 31 (KDVR-DT Denver) is currently at 1/2 power. *All Other* DTV stations are at very minimal power to date.
- Lookout Mountain, the proprosed site for DTV broadcasts, currently hosts nearly all analog TV broadcasts in the state
- The residents of Lookout Mountain formed an association known as CARE in an attempt to stop the proposed consolidation of towers on Lookout Mountain, presumably because of increased power output. CARE delayed the project for several years but was overruled earlier this year.
Is it really too hard for Slashcode to hook into aspell and offer spelling correction?
Really, all of the webmail systems have it, as do an increasing number of forum systems.
Tablet PC.
(Not a troll - the Tablet PC was designed for people like you)
This isn't DRM. This is a system that only accepts signed code. Of course there can be holes in the signed code, but that's why the software update mechanism exists - so you can patch them.
"Invalid ContentType may disclose cache directory"
My Classification: Minor
This isn't all that serious. The major threat is that a hacker could get your cache directory. The downloaded web page runs as part of the "internet" zone, meaning that there is no privelage elevation (IE has a zone system to give different pages different privelages).
"LocalZoneInCache"
Moderate/Severe
This is more serious. It allows an attacker to modify files on the system or worse. Note that this *is not* the same as a root exploit, but it could be as damaging as running an executable. Note that the user *does* have to choose "open" in the download dialog, but they are not warned about the security risks and may not consider them as the file extention is ".htm".
"MHTML Redirection Leads to Downloading EXE and Executing - Remote Compromise(requiring MYCOMPUTER zone)"
Moderate
This is somewhat less severe. It allows an attacker to download and execute an executable, but only if the user has already downloaded the page, saved it to disk, and executed it. The user might assume (incorrectly) that the file is safe.
"MHTML Redirection leads to local file parsing in INTERNET zone"
Severe (If an issue)
I was not able to reproduce results with this veulnerability (IE6 SP1). Please comment if you can reproduce it. If it is indeed true, it would allow an attacker to parse the contents of a local file. They would need the absolute path. This could be used to discover potentially private information.
"HijackClickV2 - Adding a Link to Favoriate List(requiring clicking a link)"
Minor
This would allow an attacker to add their site to favorites. The user would have to click a link and would have to release their mouse button over the favorites list (which is placed under their cursor after clicking the link).
"execdror6"
Severe (if issue)
I was not able to reproduce results with this veulnerability (IE6 SP1). Please comment if you can reproduce it. If it is indeed true, it would allow an attacker to run an executable on the user's system. The user would have to click "open" on an HTML file download. Security warnings would not be displayed.
"BackToFramedJpu - Cross-zone scripting(requiring a subframe in victim page)"
Moderate
This could allow an attacker to execute code in another security zone. It could potentially be used to execute code in the "my computer" zone if the attacker knows the location of a local page with frames.
I'll comment on the rest later.