Re:Yes, but who's fault is it? Not MS'!
on
Shattering Windows
·
· Score: 2
But you can't blame MS when the shitty admins are really at fault for not installing the patch. Oh, but I can and do blame Microsoft. It took three days after the outbread for a search for CODE RED to return any results from microsoft.com. If Microsoft were minimally concerned about security, results would have shown up much more quickly. I can, from my Microsoft Windows NT workstation, download the current RedHat fixes. From priority.redhat.com if I'm interested enough to login, or from redhat, or from the mirrors. These all tend to be rather informative as to just what is in the fixes, so I can make informed decisions as to what to download and what to install. I haven't tried the other way round, but I'd be rather surprised if it would work. Personal Web Server is hardly advertised as requiring skilled administrators to install, set-up and maintain.
Re:Yes, but who's fault is it? Not MS'!
on
Shattering Windows
·
· Score: 2
So if someone figures out a major Linux exploit (which is about as likely as a MS exploit Actually minor Linux exploits seem to be less likely than major Microsoft Windows exploits. Or maybe the Linux exploits seem to fizzle out and accomplish little or nothing. Party line on/. "He don't know us do he?" In this case, the guy is specifically taking advantage of sloppily coded third party apps. Remove the sloppily coded third pary apps, and what is left?
If you want people to believe you are authoritative, you must speak like an authority. That works if the audience is non-authoritative. They don't understand what you're saying and depend on your authoritativeness to assess your credibility. If your audience is authoritative, the same authoritativeness is more likely to stir up hostility. Assuming the problem is real, it's surly not the only, and probably not the worst, unfixable flaw in Microsoft Windows.
'thanks, but I won't respond to anyone not in my district' US congressman whose salary is paid by the US government. US congressman whose efforts affect not only directly affect other districts in his state, but the entire fifty states plus assorted territories, etc.
Now if he would only accept campaign contributions from people in his district,... Smiles.
Re:copy a string from buffer
on
Hacker Survey
·
· Score: 2
To add to the confusion. If the buffers overlap, what is the result? If the source buffer is changing, what can you say about the target? If the target buffer is being read during the copy, what are the possible results? "It works or it doesn't" is a bit simplistic.
Re:The stats are most interesting
on
Hacker Survey
·
· Score: 2
I personally have paid over $500.00USD for Open source software this year and my company has paid well over $100,000.00 for it. That would be MySQL, Apache, Squid.. I can name more... REAL apps that have REAL value get paid for. The critical parameter is VALUE - COST. Saying they're paying for support is rather simplistic. Much better if someone else, the freeloaders, are the ones needing support. How to play at the cutting edge without bleeding.
Dangerous grounds. Yeah. Kinda, sorta. This is a case where size does make a difference. It's a small ISP, probably with a fairly good feel for its clientelle. Workable assuming he keeps an eye out for potential problems. It is a minimum hassle way to control the damage from nimda. Probably does *not* scale to a large ISP.
IIRC, it (NTFS write) can be done with some GOTCHAs. Read The Fine Manual. There's something you need to do, with the shutdown sequence I think, or you WILL wreck things.
Sorry, but Hormel does not control my vocabulary. Hormel controls the use of "SPAM" as a trademark. If AOL decides to say "You've got SPAM", Hormel maybe has a complaint. Usage in the vernacular, in any capitalization, is outside of Hormel's jurisdiction. Hormel has cast themselves in as good a light as possible, considering the circumstances, but outside of official company correspondence, they just don't have any real say in the matter.
Like, if I were a Trojan cracker I would make sure to make the md5sum on the web page match the new tar ball. Problem is all those lazy bastards who download the web page one day, the tarball another day, and cross-reference the cache of some other lazy bastard, and get inquisitive about anything that moves. You can fool some of the people all of the time. You can fool all of the people some of the time. It's very hard to fool all of the people all of the time. It's the lazy bastards who notice something not quite right that cross you up.
That's why you'll gladly pay real money for software that hackers have been downloading for free. Let *them* run into any remaining land-mines and booby-traps. Symbiosis can be thought of as mutual parasitism.
That's assuming you can only have *one* place with all the checksums. Better to have the checksums on different systems. Very different systems.
Re:How to take care of the situation you describe
on
Copyright as Cudgel
·
· Score: 2
I think proper, effective government IS possible (even if it's never happened before), and I think with it we can all accomplish great things. Watch CSPAN and CSPAN2 sometime. Be prepared to do a *lot* of watching. They *do* quite often try to do a good job. I think you are very right about "Almost anything with very low scarcity, but a high fixed cost should be publicly funded, because it's the most efficient system."
I'm not sure open sourcing Java would be quite that good. Sun has top notch engineers and they don't take shortcuts.... Sun didn't cut those corners. That's why I'd bet on Java rather than.NET. I think that over time, Sun will open Java more and more. It's not (yet) ready to be thrown into a free for all. In any event, there's IBM to keep Sun honest.
The group tends to be a collection of relatives, not of unrelated strangers. It does no good to be the best of a group that quickly becomes extinct. It does no good to become effectively extint within the group. You have a balancing act with various local optima where species will thrive. Difficult qualitatively. Extremely difficult quantitatively to measure which side slightly dominates the other.
Slashdot Mirror
But you can't blame MS when the shitty admins are really at fault for not installing the patch.
Oh, but I can and do blame Microsoft.
It took three days after the outbread for a search for CODE RED to return any results from microsoft.com. If Microsoft were minimally concerned about security, results would have shown up much more quickly.
I can, from my Microsoft Windows NT workstation, download the current RedHat fixes. From priority.redhat.com if I'm interested enough to login, or from redhat, or from the mirrors. These all tend to be rather informative as to just what is in the fixes, so I can make informed decisions as to what to download and what to install. I haven't tried the other way round, but I'd be rather surprised if it would work.
Personal Web Server is hardly advertised as requiring skilled administrators to install, set-up and maintain.
So if someone figures out a major Linux exploit (which is about as likely as a MS exploit /. "He don't know us do he?"
Actually minor Linux exploits seem to be less likely than major Microsoft Windows exploits. Or maybe the Linux exploits seem to fizzle out and accomplish little or nothing.
Party line on
In this case, the guy is specifically taking advantage of sloppily coded third party apps.
Remove the sloppily coded third pary apps, and what is left?
If you want people to believe you are authoritative, you must speak like an authority.
That works if the audience is non-authoritative. They don't understand what you're saying and depend on your authoritativeness to assess your credibility.
If your audience is authoritative, the same authoritativeness is more likely to stir up hostility. Assuming the problem is real, it's surly not the only, and probably not the worst, unfixable flaw in Microsoft Windows.
'thanks, but I won't respond to anyone not in my district'
... Smiles.
US congressman whose salary is paid by the US government.
US congressman whose efforts affect not only directly affect other districts in his state, but the entire fifty states plus assorted territories, etc.
Now if he would only accept campaign contributions from people in his district,
To add to the confusion.
If the buffers overlap, what is the result?
If the source buffer is changing, what can you say about the target?
If the target buffer is being read during the copy, what are the possible results?
"It works or it doesn't" is a bit simplistic.
I personally have paid over $500.00USD for Open source software this year and my company has paid well over $100,000.00 for it.
That would be MySQL, Apache, Squid.. I can name more...
REAL apps that have REAL value get paid for.
The critical parameter is VALUE - COST. Saying they're paying for support is rather simplistic. Much better if someone else, the freeloaders, are the ones needing support. How to play at the cutting edge without bleeding.
Dangerous grounds. Yeah. Kinda, sorta.
This is a case where size does make a difference. It's a small ISP, probably with a fairly good feel for its clientelle. Workable assuming he keeps an eye out for potential problems. It is a minimum hassle way to control the damage from nimda. Probably does *not* scale to a large ISP.
IIRC, it (NTFS write) can be done with some GOTCHAs.
Read The Fine Manual.
There's something you need to do, with the shutdown sequence I think, or you WILL wreck things.
Trying to recover stuff from a disk with a bad sector at the start of \WINNT, I've had Microsoft Windows NT "helpfully" destroy the directory.
Who still uses FAT?
Some of us old farts that don't like losing everything on our systems when Microsoft Windows goes bump in the night.
Sorry, but Hormel does not control my vocabulary. Hormel controls the use of "SPAM" as a trademark. If AOL decides to say "You've got SPAM", Hormel maybe has a complaint. Usage in the vernacular, in any capitalization, is outside of Hormel's jurisdiction. Hormel has cast themselves in as good a light as possible, considering the circumstances, but outside of official company correspondence, they just don't have any real say in the matter.
Like, if I were a Trojan cracker I would make sure to make the md5sum on the web page match the new tar ball. Problem is all those lazy bastards who download the web page one day, the tarball another day, and cross-reference the cache of some other lazy bastard, and get inquisitive about anything that moves.
You can fool some of the people all of the time. You can fool all of the people some of the time. It's very hard to fool all of the people all of the time. It's the lazy bastards who notice something not quite right that cross you up.
"You are provided with source code and can perform due diligence on your own". :(
Common Sense. But maybe it's not that common.
That's why you'll gladly pay real money for software that hackers have been downloading for free. Let *them* run into any remaining land-mines and booby-traps. Symbiosis can be thought of as mutual parasitism.
Right.
And it also answers the question of who's watching the watchers.
That's assuming you can only have *one* place with all the checksums.
Better to have the checksums on different systems. Very different systems.
I think proper, effective government IS possible (even if it's never happened before), and I think with it we can all accomplish great things.
Watch CSPAN and CSPAN2 sometime. Be prepared to do a *lot* of watching. They *do* quite often try to do a good job.
I think you are very right about "Almost anything with very low scarcity, but a high fixed cost should be publicly funded, because it's the most efficient system."
I damn sure hope he wasn't elected.
He wasn't.
Campaign slogan: In your heart you know he's right.
Riposte: In your guts you know he's nuts.
I'm all but a fan of x86, but ia64 beats it at sucking
Is that possible?
But in a .net, those holes are small enough to stop a dot from slipping through.
But not small enough to stop the worms and the viruses.
The same thing that makes you fly with Microsoft Windows XP. .NET.
The same thing that makes you think you won't get caught in the
Without being circular.
Enterprise software is that which can view SAP as smallish.
I'm not sure open sourcing Java would be quite that good. Sun has top notch engineers and they don't take shortcuts. ... Sun didn't cut those corners. .NET.
That's why I'd bet on Java rather than
I think that over time, Sun will open Java more and more. It's not (yet) ready to be thrown into a free for all. In any event, there's IBM to keep Sun honest.
Which is what I am doing to this poor schmuck.
Trying to make some preparations for recovery from catastrophe.
Right.
The group tends to be a collection of relatives, not of unrelated strangers.
It does no good to be the best of a group that quickly becomes extinct. It does no good to become effectively extint within the group. You have a balancing act with various local optima where species will thrive. Difficult qualitatively. Extremely difficult quantitatively to measure which side slightly dominates the other.