Although any auditing is welcome and they may be a problem here, the fact is that it's hardly news and not exploitable. The reports says itself that you have to be root to exploit it. It's already game-over. Yes, look for these sorts of things and find them but it's hardly worth the shock-factor of "Massive Hole Found In Linux" panic headlines.
As much as I'd like to see the RIAA and it's international equivalents get a kick up the backside, 'see the light' and implement a decent, legal alternative that includes all artists at a reasonable price, this is just a silly claim.
First, it's reactionary - counterclaims seem to be a bit childish "You said I did this, but YOU did this, ner ner ner-ner ner" and most of them never even see the light of day.
LimeWire is a content distribution system, not a competitor to the record industry, and the content that they distribute is actually owned by the record *industry*. Were this a single record company that was dictating how and when it's music could be sold, and they were a record shop who had been denied the right to buy/sell their products, they may have a case.
Additionally, quite a lot of the content that flies over LimeWire is actually not legal at all, vastly outweighing that which may be legal. This is like a video shop that sells mostly pirate videos suing the movie industry for "monopolising" the video industry and not letting them distribute their videos as they see fit.
It won't go anywhere. It won't even make it past the court's most basic ruling stages.
Content: nil Useful information: nil Reviews of implemented features: nil Screenshots: nil What it "will" be: 8 paragraphs spread over two pages for no other reason than to increase advertising revenue. How they're going to do it: nil Useful links: nil
A quick look is somewhat understating the review - not a single screenshot and 8 paragraphs of next-to-nothing except what "will" or "should" be in Plasma.
Useful content: 1%
Like the "Buy a Link Now" on the article itself... I think someone just bought themselves a link from Slashdot.
I think the main focus of the article should really be the poor driver design and the huge security problems.
Two services, both of which are running as privileged users, which directly map memory and IO space to a user-space process without any significant checks being done on what is asking for access or what it's asking for access to in a common driver running under a networked OS.
You might say why have a glide card in a server but just how many drivers for other hardware use this same sort of rubbish to interface to their hardware without us knowing? How many still do it under XP, 2003, Vista etc.?
Every time you install a device driver you are really granting complete machine access to the driver, without audit, without checks. Even in XP x64, he's shown that the ability to create such a driver (one that has privileged access and will grant it to any software that asks for it) requires only a trivial re-compile of a badly-designed driver, using publically available source code, and an install.
Have people known about this particular driver issue for a long time? Although deliberately introducing malware onto a system via this method would of course require the administrators co-operation, how many third-party device drivers, services, etc. can be subverted to provide that level of access to any software that asks for it?
That's the scary bit - the fact that the author must be a bit mental to want to run a VooDoo on an XP x64 machine is re-assuring in comparison.
Yeah, but the question of whether it would be legally binding or not also depends on a lot of other things, such as the jurisdiction and whether it's a reasonable venue... an Illinois court is no more a reasonable venue for a UK-only company than the planet Jupiter. You could not be reasonably expected to absorb the costs of defending yourself in a foreign country like that, without even mentioning travel costs, legal costs, unfamiliarity with the law etc. the fact that what you did is not illegal in your country etc.
Judgement or not, it's null and void on more than one account - improperly served, incorrect jurisdiction, unreasonable venue, etc. the list goes on. The error, unfortunately, lies with the judge here for failing to account for jurisdiction.
Not a chance. Failing to reply to an incorrectly served, non-jurisdictional court order for a country that you don't operate in, by a Judge with no savvy at all and on a law that not only doesn't exist in the UK but which operates under the OPPOSITE principle (i.e. if you spam, that's illegal in itself)? They wouldn't even give it a second thought.
They'd probably use it AGAINST the people who were trying to sue Spamhaus - poor lawyering, scaremongering, trying to impose laws across international jurisdictions, playing judges off against one another etc.
I hereby sue you for stupidity which is illegal on my planet of Jupiter and hereby order that if you don't attend the case on my planet, you will be liable by default for seven squillion Jupitan dollars.
Of course you should pack up all your gear, drive immediately to NASA and catch the first shuttle, shouldn't you?
But maybe the next time someone in a foreign country tries to sue you for something that's a) not illegal in your country (in fact, SPAMMING is illegal in the UK, so they are not only obeying UK law but preventing the people in question from violating UK law themselves) b) nothing to do with you and c) without consulting you, serving you correct legal papers (reason enough to ignore any legal document) or bothering to contact any form of legal contact in your country, then maybe you can use your powers of sarcasm to get you out.
Seriously, this case is a joke... serving legal papers by EMAIL? WTF? Of course, email is a guaranteed delivery system that ensures that person on the other end recieves it, is the correct person and cannot deny ever having recieved it (that's how to do real sarcasm, by the way)
I'm not a privacy freak (I don't care about my cookies and I'm not bothered enough to encrypt anything other than passwords and monetary transactions) but I can think of more than a few legitimate reasons why a resident of a "free" country would want to do this without even taxing my brain (for what it's worth, I live in the UK and am applying the below to that country). Bear in mind that I too doubt that these are the primary uses of the system but you can't just say that anonymity means you're doing evil, no more than you can say that saying "No comment" means you did it.
- Whistleblowing on your government, politicians, large organisations etc. - not something that you want them to be able to easily trace back to you. We've had MI5 agents who needed to whistleblow on their own governments, we've had soldiers whistleblow on things like prisoner treatment, weapons failures, etc. These sorts of things are in the news regularly and without a guaranteed anonymous channel, they could not occur and we would not know they were going on.
- Posting about your employer - I have lovely employers and still I come across situations which I consider to be inappropriate or hazardous. If I want to publicly display these concerns, anonymity is there for me to do so freely without risking my job. I want to be able to tell a funny story of someone's stupidity without getting sacked just because it was traced back to me. I have made comments on Slashdot when logged in as Anonymous Coward. Not all sites are as careful about who sees the poster's information.
- Posting ABOUT censorship. How would we know that China censored webpages if it wasn't for people IN China or who have visited China being able to tell us without fear of persecution? This is how human rights violations come to the news, not by the perpetrators, but by the victims.
- Anonymously reporting crimes, such as the mentioned child pornography. Many people are in sensitive careers but feel strongly enough to report sites/incidents/people when they accidentally stumble across them, and they should be able to. Although the police will almost certainly guarantee your anonymity (there are things like the Internet Watch Foundation etc. for just this purpose), so much the better if you can guarantee your own anonymity FIRST.
- Downloading from "foreign" IP's for test purposes. Many's the time I've had features work on my own servers but only from particular netblocks (either deliberately or accidentally) and the only way to test that is to access it via a remote proxy. Similarly for blocking cookies etc. if you want to "pretend" to be a real visitor without the baggage that your development machines will no doubt have on them.
- Use of "foreign" IP's to bypass Spam blacklists (which, no matter what you say, cannot be accurate - my ISP has been blocked temporarily before because of a mistake and I fortunately had other email providers to use, if not Tor could have helped), geo-location restrictions etc.
I imagine that most of the traffic on Tor (by number of bytes) is probably filesharing, spamming, hacking etc. But I should think that the majority of the CONNECTIONS are people who just browse through Tor constantly because then they "feel safe", and don't bother to turn it off when they are browing non-sensitive material.
So apparently, whoever thought this up doesn't ever, ever, ever use their laptop/computer in:
1) Schools, Colleges, Universities 2) Offices 3) Libraries 4) Home use at night 5) Conferences 6) Broadcast applications 7) Confined areas (trains, planes, wifi hotspots, cafes) 8) With an amplifier
Apart from the obvious waste of MY money that I gave MS with my purchases, which they have spent to hire someone to make a sound that I don't want and will never want to hear (no matter what MS say), this is a mind-trick.
Soon, the execs will "realise" that their customers have concerns and provide an off switch, thus putting into people's minds that they "listen to their customers". They were thinking that all along, it's just another way for people to continue talking about Vista that they will "remedy" by the time it comes out. It stops people thinking "But is it secure, is it easy to use, is it cheap, is it compatible?" and instead make them think "Well, they solved the worst problem, that stupid startup sound can be turned off". I don't want an "experience" with an OS. I would want to get some work done. I don't want it all to be integrated and matching - I would want it to boot fast, get on the Internet securely and not get in my way.
I turn off ALL sounds, no matter what the OS. And I usually have my speakers off except when I'm anticipating an IM and have turned its notification sound on, or when I choose to have sound (DVD's, MP3's etc.).
This is what used to wind me up about Windows - I have little to no control over the OS without bundling it full of freeware to do the job. I don't WANT Adobe Acrobat pre-loading at startup - I use it on less than 5% of my boots. In order to GET ASKED whether I want it to happen or not I have to install things like Startup Monitor from www.mlin.net. And still Adobe insists on re-trying every time I update it. I don't WANT it to, ever, at all, in any way, but there's no option for that.
I don't WANT program X to access the Internet - at all, ever, under any circumstances. It might be a game that has absolutely no need to, or that I only use on the LAN, or it might be trying to act as a server all the time, thus giving me an instant security hole. But it's going to take until Vista for me to get a choice of whether or not I will allow it unless I install ZoneAlarm or something similar (which I've been using for this purpose for many years now).
I don't WANT program X to install itself under some silly subdirectory - I really don't. Program Files is possibly the worst organised folder on any Windows drive because everything that ends up there chooses it's own structure - by company name, by product name, by some weird abbreviation - I don't WANT that. I CAN and WILL choose where this stuff goes, given half a chance. I have systems that differ from the software authors idea for a good place... I have categories - Audio/Video, Internet, Games, Graphics, Hardware, Utilities, all of which I have a perfectly clear idea of what should be where - I can organise my start menu in this way but rarely do you get a choice of where a game sticks its icons. Even rarer is the program that lets you CHOOSE where you install on the hard drive.
I also WANT to be able to move any folder without breaking anything and having to regedit to fix it (if its possible to move it at all). I don't WANT My Documents or My Music or My Pictures or anything My, I have a perfectly well organised file structure myself and don't want every program creating a "My" directory and putting its stuff in there.
I don't WANT to have to use five-thousand user-land applications that all put an icon in my system tray that I cannot remove without breaking stuff, cannot hide without a load of freeware and do not ever WANT just to use a poxy mouse or a hotkey or a wifi card. I don't WANT stuff to Auto-Update without my say-so, no matter how important someone else deems it is - I will choose WHEN and WHAT updates I install after carefully readi
F11 F12 - fair enough but then, why get rid of two keys that don't get in the way of anything and can reprogrammed to do lots of "generic" commands just like the other 10. Windows keys - arguably more useful, especially for Windows OS, but reprogrammable on Linux to do similar jobs "Extra" keys - ARGH... scrap them, Pause - Erm... used as Pause in a lot of games/emulators although that's not it's original usage and is WELL NAMED and out of the way. Leave it alone. Print Screen - Although badly named nowadays it does work on both KDE and Windows without needing Ctrl (ctrl limits it to just a single window IIRC) and everybody knows that it's really a "screenshot" key - rename it if you must but it's actually, again, out of the way, and has a clearly defined use (albeit not it's original intention).
Re:What's the proper way to upgrade Slack distros?
on
Slackware 11.0 Almost Done
·
· Score: 2, Informative
I've done upgrades over at least three version of Slackware that I can remember (and a lot more clean installs) but all went smoothly.
- Follow UPGRADE.TXT to the letter (in the root of the CD for the new version) not forgetting to move any.new files over to their proper names but with your configuration details entered (use the.new because sometimes the format changes a lot) - Boot in single user mode and upgrade to latest kernel version (kernels go out of date too fast to rely on the default one being worthwhile for more than a few weeks or so). Don't forget lilo/grub etc. - Make sure that any graphics drivers/kernel modules/etc. that you compiled in are recompiled with a version suitable for your new kernel - Reboot and X should work just fine, then you may need to recompile or upgrade some of your software (e.g. if it's compiled against an earlier glibc or kernel).
It's a pain in the bum, especially if you have a lot of software or driver modules that are fussy about what they compile against, but it's usually a damn sight easier than trying to transfer all your software, config, etc. over to a new clean install.
Unfortunately, that is completely legally meaningless. This is why you get lawyers to write licenses, not make them up yourself.
Say I, as a non-military person were to download this piece of software. Then I have accepted it under the terms of the GPL WITH NO RESTRICTIONS (as it explicitly states in that "choice of licenses". Which means that I can then futher distribute it, also under the terms of the GPL... one of which is that I can distribute it to ANYONE.
I *never* accepted the other definition, I ONLY accepted the GPL WITH NO RESTRICTIONS clause which means I was not bound by anything else and I certainly never accepted any clause that suggested that whoever I then went on to further distribute it to would also be bound by any license other than the GPL.
The beauty of the GPL is not the idea, it is the execution - the GPL, almost by definition, means that you cannot "break" it - you can't change the GPL (because then it wouldn't be the GPL), you cannot add provisos or conditions or anything that's not in the GPL itself - and the GPL allows anyone who recieves it the right to further redistribute it or modified versions only under the GPL (without provisos, conditions etc.). All you can do is CLARIFY a particular term of definition within the GPL itself (e.g. by saying that kernel modules are or are not "derived works") and even that's doubtful as to whether YOUR interpretation is the definitive legal one.
If you want to play with licenses (which are viewed exactly the same as contracts in most countries and are legally binding in virtually all), then hire lawyers. Similarly, don't "run up" your own rent agreements, wills/testaments or contracts - you WILL lose out as soon as it gets in the hands of a lawyer who will run rings around your definitions in court.
For instance, how many people know that, under UK law at least, you cannot leave money in your will if it is based on conditions (e.g. give John £10,000 if he marries before he's 30?). In the UK, John can contest that will and demand £10,000 even if he NEVER gets married.
Not you mate, I was thinking more the posters before you.
It's a slashdot phenomenon - anything about people getting shot, anything about home gun use, anything about corrupt judicial systems convicting "home defenders" and it's brought up.
Fleeing from ARMED police who asked him to stop. Why why why would you not stop, if ANYONE pointed a gun at you who has a clear shot at you and who told you to stop? Especially if they are police.
Next it'll be the Tony Martin case that you bring up.
What sort of user? (Child, adult, experienced, novice?)
What sort of setup? (RAM, CPU, peripheral hardware?)
"The desktop" is not a magical world filled with exact specifications, it's a variable. My "desktop" would be unusable by most novices because of the way I choose to set it up. My girlfriend's "desktop" really annoys me because of it's simplicity (I have to keep installing things to get the facilities I want).
I use "desktop" Linux as my main workhorse... because it's a damn sight better than the other OS's available to me for that machine (I have enough Windows 98SE and XP Pro licenses to cover it several times over BTW, but have never even inserted the XP disk and I moved from 98 to Linux in the first place). It does all my email, web browsing, printing, file management, wordprocessing, desktop publishing, video capture/editing/conversion, photo manipulation, and a lot more besides without any sort of problem. It took about a week to get it working how I'd want my desktop to work and a month of two of very occasional tinkering to get it perfect and I haven't changed the desktop setup in at least six months (though I have added software etc.).
It does everything I expect from a desktop PC and a lot more that I don't (it runs two security cameras, the printers for the network, firewalls for the network, as a wireless AP and sniffer, the list goes on and on and the CPU is NEVER idle). It all runs flawlessly and smoothly (on a 1Ghz/512Mb), I can word-process without hassle and print without problems. I can browse, I can manage thousands of documents, tens of thousands of emails, I can create websites for paying clients, I can even plug in my camera and email Aunt Joan that photo I took last week. My girlfriend uses it when she can't be bothered to walk to her computer, it took her ten minutes to learn how to VNC into her machine but she only actually does that when she needs her particular setup (e.g. email accounts etc.). For EVERYTHING else, she is quite happy to sit, click and work on the Linux desktop. Considering that up until 3 years ago she had never used any form of personal computer in her life until her uni forced her to learn Windows, she's adapted remarkably well and with nearly ZERO instruction (clicking and learning). She's wrote thousand-page essays on it, she's browsed all her favourite sites from it, she's picked up her email from it, she's even played games on it, all without any problems at all (tell a lie... she didn't like that the version of Opera that I was using was one version number ahead of her own!)
The only problem with "desktop linux" is initial configuration (but, hey, I work with Slackware so it was never going to be a single-click to get it all working how I wanted... as it was it only took the install time + 5 minutes to get X with KDE up and then it was user management... a week of casual use later it had all the software I needed) but I don't use the GUI-oriented distros so that's probably a non-issue anyway for most people who would. Hardware support is almost perfect now, even if it means ugly binary drivers. Most people I know can't install a printer on XP so they don't stand any more chance of doing the same on Linux. If it doesn't come pre-installed, they get someone "who knows" in to do it. All that "desktop linux" means is that the "who-knows" person has to be familiar with Linux instead of Windows.
But, to come back on the topic a bit, Windows 98 users will probably stay were they are until their machines explode. After that, then they may choose something but, considering that those same people are the ones who can't install printers, what they use will be determined by who sets up their next PC for them, not whether Windows 98 has extended support or not.
The best stuff usually came from PC's that had been "supported" by the local Borough. Two such examples:
1) I go to a school for a interview to see if they need my support help, I'm not supposed to be doing anything just yet, I'm just given a tour to see if I can help them with their systems. I notice four computers with "out of order" stickers in the corner of a classroom and ask about them. They have been for repair six times, taking months each time and always coming back broken. They won't boot into Windows. To the apparent annoyance of the person giving me a tour of the school, I turn them on. All four show "CMOS Checksum Error". I send out a member of staff for four CR2032 batteries (they are impressed that I can remember the code for the battery). They come back ten minutes later when I've opened the cases, I swap the CMOS batteries, all four come up and boot Windows first time (still working four years later). These PC's had ALL been sent off for expensive repair half a dozen times each and always come back "faulty"... Needless to say, the school hired me there and then and are still one of my best clients today.
2) Same school, same borough support team, six months later. In the office, they print directly onto cheques for paying suppliers, staff wages etc. For the first time ever I get to see it happening, watching the user put through a blank sheet of paper between each pre-printed cheque page as they insert them into the paper tray. I assume it's to do with record keeping of what cheques have been issued etc. No. Whenever they print cheques (which is the only use of this machine) they have to insert a blank piece of paper between each or only every other cheque gets printed, which screws up the receipts etc. and wastes lots of blank, pre-printed cheques. They tell me that they've had the support team in so many times and it's to do with the archaic software they use (actually a DOS telnet program logging into a remote server using a primitive Windows interface). I take a quick look, notice that the HP Laserjet's menu is set to "Copies:2" and change the setting. Surprisingly, everything starts working properly, no unnecessary blank pages, etc. and STILL does to this day with the same printer and software. The office staff COULD NOT believe that it was so simple and their support team missed it. I get a lovely card with a hand-written funny verse on it (I still have it somewhere) and their eternal gratitude, they no longer have to spend HOURS each day inserting blank pages into a stack of cheques and the Borough Support Team gets another telling off.
So what's left after all this stuff has been removed? Taking account of stuff that's not available for download for other OS's (such as IE 7) and not already in XP by default in some other form (e.g. Outlook Express/Windows Mail):
- Higher system requirements - "updated" GUI - Windows DVD maker and some other small utilities - Lowered privileges (welcome to the new millenium, Microsoft) - Parental controls - Speech recognition - That flash/disk thing - Drive encryption
To me, that looks like stuff that most people have available to them in one form or another and which, if they don't, they wouldn't ever use. GUI changes are ten-a-penny for Windows, DVD software is bundled with every PC that's capable of doing it or available free, parental controls are widely available for free or quite cheaply (and hardly EVER used anyway because they are just NOT reliable... I speak as a primary school technician who's had to explain that if you google for "Little Red Riding Hood", it's quite possible to find unpleasant stuff that will bypass a filter), speech recognition? Hell, my browser's done it for at least two versions, the libraries are installed with no-end of utilities and it still doesn't work very well at all - most people don't even HAVE a microphone on their computer because there's no practical use for it. There are also dozens of decent voice-recognition programs out there that tie into Windows just fine. Drive encryption is, again, easily available. However, it's not something I'd recommend a newbie to turn on until they were sure they had ten backups of their key or some kind of recovery disk.
It really bugs me that Windows, in every previous incarnation, has missed out "obvious" features, tweaks and utilities and instead bundled stuff that nobody wants/uses. Now they seem to be finally taking that cue and putting stuff that's easily available as freeware into Windows and releasing it as a new OS. A previous example would be Windows Firewall (which came along just after software firewalls had established themselves as a necessity). Unfortunately, they are still missing the obvious things that both ordinary people and the average tech NEEDS in an OS, mainly concerning control over what programs can and can't do.
A fully-installed Windows system has always needed some freeware to prop it up. Let start with "choosing which programs can run at startup". I install Startup Control Panel and StartupMonitor because I WANT to know when a program deigns itself so important that it should want to run at startup without asking me first. I get a pop-up dialog and a choice of whether to allow it to do so, EVERY time it tries. That's useful. That's simple. Complete IT-incompetents realise what it's asking and say no unless they think they need it - it instantly stops computers slowing because of accumlated startup/taskbar icons like RealPlayer, QuickTime, Adobe Acrobat etc. that DO NOT NEED to be loaded at all until I decide to load a RM, MOV or PDF (ARRGHH! What a stupid idea to "preload" these sorts of apps! Anyway...). Where was the OS facility to do that? You could regedit. You could go into some obscure menu in later versions of MS System Information (if you even KNEW how to find it, which most people don't). But nowhere did you EVER get a choice of "do you want to allow this program to run at startup?" or not.
Now, hopefully, someone who's run the Beta will tell me if that's in Vista or not. I would hope yes but I haven't heard of it yet. Also, I always install a Print-To-PDF driver of some sort (depending on the client, either freeware or something from Adobe). It turns ANY file (even Publisher) into a usable, transferrable file format that will print out on any machine (so you can transfer the PDF to a computer with any printer that uses the same paper size and it will pretty much work... that is invaluable in my line of work). Now it looks like MS finally caught up and then Adobe said no? I can't say I blame Adobe and I'm actually wondering why
Same here. Unfortunately the message doesn't get through and a lot of people don't even know that you can have anything non-Windows (a select few are aware of Apple Macs but only on the scale of "you can't play games on them or anything"). Computers=Windows where I work, so you tell them that you don't run Windows at home and you just get blank looks like you've said "my car doesn't have an engine or tyres". When you show them on a LiveCD, they ooh and aah but then just walk away to go click on more popups.
I use three browsers (Opera/Firefox on Linux and IE/Firefox on Windows)
Why not Opera on Windows?:-) Actually, I use Opera on all platforms (primary desktop is Linux) and have IE on "standby" for stuff that demands it (erm... Windows Update basically). IE, in itself, doesn't have to be dangerous, no, but other browsers are a damn sight better at stopping anyone (casual user or expert) from doing something silly.
There were a lot of security problems that read "visit this link in IE". Think about that again... "visit a link". Not many other browsers will do more than crash or hang on the best coded page but in IE it can infect and run executable code as the user. And I'm not talking about expertly-tailored, perfectly formed buffer overruns that by a series of ever-more-complex crashes, faults and errors eventually run something but about visiting a link that then can directly execute code in the browser. I've seen several proof-of-concepts from a year or two ago that literally had a line similar to exec("c:\windows\notepad.exe") in them that perform the main damage.
Yes, I can turn EVERYTHING off on my IE and then every other site will demand I turn it back on to work, the Windows Update website will stop working etc. and I'm still not guaranteed that it'll work (most IE flaws are some sort of Zone bypass somewhere along the way). Opera, for me, has a better reputation. It doesn't do stupid things in the first place and, believe it or not, I can actually safely browse any website with the default settings so long as I keep it up-to-date (a disclaimer which, on my own personal systems, is a given anyway). It's a browser and it should not be executing code in any way - ActiveX was a damn silly concept. Opera understand this and haven't even TRIED to implement or replicate ActiveX or anything like it. It processes HTML and puts it on my screen and that's all I want a browser to do.
Most of the problems with IE come from ActiveX or the abilities that were put into the browser scripting language. Don't have those abilities present and, surprise, nobody can take advantage of them by tricking you into thinking that it's running in a different zone etc. Other things like buffer overflows in HTML parsers are rare yet Opera fixes them as soon as they appear on Secunia or similar websites. With IE, you have to wait until "mega-patch-Tuesday", if they even BOTHER to fix it.
"Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical"
"The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x. This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details. Currently, 0 out of 13 Secunia advisories, are marked as "Unpatched" in the Secunia database."
That's the difference right there and it's been that way for an awful long time. And that's why I won't use IE or recommend it's use to even the most expert of people.
Although any auditing is welcome and they may be a problem here, the fact is that it's hardly news and not exploitable. The reports says itself that you have to be root to exploit it. It's already game-over. Yes, look for these sorts of things and find them but it's hardly worth the shock-factor of "Massive Hole Found In Linux" panic headlines.
As much as I'd like to see the RIAA and it's international equivalents get a kick up the backside, 'see the light' and implement a decent, legal alternative that includes all artists at a reasonable price, this is just a silly claim.
First, it's reactionary - counterclaims seem to be a bit childish "You said I did this, but YOU did this, ner ner ner-ner ner" and most of them never even see the light of day.
LimeWire is a content distribution system, not a competitor to the record industry, and the content that they distribute is actually owned by the record *industry*. Were this a single record company that was dictating how and when it's music could be sold, and they were a record shop who had been denied the right to buy/sell their products, they may have a case.
Additionally, quite a lot of the content that flies over LimeWire is actually not legal at all, vastly outweighing that which may be legal. This is like a video shop that sells mostly pirate videos suing the movie industry for "monopolising" the video industry and not letting them distribute their videos as they see fit.
It won't go anywhere. It won't even make it past the court's most basic ruling stages.
Ah, pseudo-science posing as "the hidden truth". One of the best entertainments around.
Content: nil
Useful information: nil
Reviews of implemented features: nil
Screenshots: nil
What it "will" be: 8 paragraphs spread over two pages for no other reason than to increase advertising revenue.
How they're going to do it: nil
Useful links: nil
A quick look is somewhat understating the review - not a single screenshot and 8 paragraphs of next-to-nothing except what "will" or "should" be in Plasma.
Useful content: 1%
Like the "Buy a Link Now" on the article itself... I think someone just bought themselves a link from Slashdot.
I think the main focus of the article should really be the poor driver design and the huge security problems.
Two services, both of which are running as privileged users, which directly map memory and IO space to a user-space process without any significant checks being done on what is asking for access or what it's asking for access to in a common driver running under a networked OS.
You might say why have a glide card in a server but just how many drivers for other hardware use this same sort of rubbish to interface to their hardware without us knowing? How many still do it under XP, 2003, Vista etc.?
Every time you install a device driver you are really granting complete machine access to the driver, without audit, without checks. Even in XP x64, he's shown that the ability to create such a driver (one that has privileged access and will grant it to any software that asks for it) requires only a trivial re-compile of a badly-designed driver, using publically available source code, and an install.
Have people known about this particular driver issue for a long time? Although deliberately introducing malware onto a system via this method would of course require the administrators co-operation, how many third-party device drivers, services, etc. can be subverted to provide that level of access to any software that asks for it?
That's the scary bit - the fact that the author must be a bit mental to want to run a VooDoo on an XP x64 machine is re-assuring in comparison.
Yeah, but the question of whether it would be legally binding or not also depends on a lot of other things, such as the jurisdiction and whether it's a reasonable venue... an Illinois court is no more a reasonable venue for a UK-only company than the planet Jupiter. You could not be reasonably expected to absorb the costs of defending yourself in a foreign country like that, without even mentioning travel costs, legal costs, unfamiliarity with the law etc. the fact that what you did is not illegal in your country etc.
Judgement or not, it's null and void on more than one account - improperly served, incorrect jurisdiction, unreasonable venue, etc. the list goes on. The error, unfortunately, lies with the judge here for failing to account for jurisdiction.
Not a chance. Failing to reply to an incorrectly served, non-jurisdictional court order for a country that you don't operate in, by a Judge with no savvy at all and on a law that not only doesn't exist in the UK but which operates under the OPPOSITE principle (i.e. if you spam, that's illegal in itself)? They wouldn't even give it a second thought.
They'd probably use it AGAINST the people who were trying to sue Spamhaus - poor lawyering, scaremongering, trying to impose laws across international jurisdictions, playing judges off against one another etc.
I hereby sue you for stupidity which is illegal on my planet of Jupiter and hereby order that if you don't attend the case on my planet, you will be liable by default for seven squillion Jupitan dollars.
Of course you should pack up all your gear, drive immediately to NASA and catch the first shuttle, shouldn't you?
Troll and obviously supposed to be sarcasm.
But maybe the next time someone in a foreign country tries to sue you for something that's a) not illegal in your country (in fact, SPAMMING is illegal in the UK, so they are not only obeying UK law but preventing the people in question from violating UK law themselves) b) nothing to do with you and c) without consulting you, serving you correct legal papers (reason enough to ignore any legal document) or bothering to contact any form of legal contact in your country, then maybe you can use your powers of sarcasm to get you out.
Seriously, this case is a joke... serving legal papers by EMAIL? WTF? Of course, email is a guaranteed delivery system that ensures that person on the other end recieves it, is the correct person and cannot deny ever having recieved it (that's how to do real sarcasm, by the way)
I'm not a privacy freak (I don't care about my cookies and I'm not bothered enough to encrypt anything other than passwords and monetary transactions) but I can think of more than a few legitimate reasons why a resident of a "free" country would want to do this without even taxing my brain (for what it's worth, I live in the UK and am applying the below to that country). Bear in mind that I too doubt that these are the primary uses of the system but you can't just say that anonymity means you're doing evil, no more than you can say that saying "No comment" means you did it.
- Whistleblowing on your government, politicians, large organisations etc. - not something that you want them to be able to easily trace back to you. We've had MI5 agents who needed to whistleblow on their own governments, we've had soldiers whistleblow on things like prisoner treatment, weapons failures, etc. These sorts of things are in the news regularly and without a guaranteed anonymous channel, they could not occur and we would not know they were going on.
- Posting about your employer - I have lovely employers and still I come across situations which I consider to be inappropriate or hazardous. If I want to publicly display these concerns, anonymity is there for me to do so freely without risking my job. I want to be able to tell a funny story of someone's stupidity without getting sacked just because it was traced back to me. I have made comments on Slashdot when logged in as Anonymous Coward. Not all sites are as careful about who sees the poster's information.
- Posting ABOUT censorship. How would we know that China censored webpages if it wasn't for people IN China or who have visited China being able to tell us without fear of persecution? This is how human rights violations come to the news, not by the perpetrators, but by the victims.
- Anonymously reporting crimes, such as the mentioned child pornography. Many people are in sensitive careers but feel strongly enough to report sites/incidents/people when they accidentally stumble across them, and they should be able to. Although the police will almost certainly guarantee your anonymity (there are things like the Internet Watch Foundation etc. for just this purpose), so much the better if you can guarantee your own anonymity FIRST.
- Downloading from "foreign" IP's for test purposes. Many's the time I've had features work on my own servers but only from particular netblocks (either deliberately or accidentally) and the only way to test that is to access it via a remote proxy. Similarly for blocking cookies etc. if you want to "pretend" to be a real visitor without the baggage that your development machines will no doubt have on them.
- Use of "foreign" IP's to bypass Spam blacklists (which, no matter what you say, cannot be accurate - my ISP has been blocked temporarily before because of a mistake and I fortunately had other email providers to use, if not Tor could have helped), geo-location restrictions etc.
I imagine that most of the traffic on Tor (by number of bytes) is probably filesharing, spamming, hacking etc. But I should think that the majority of the CONNECTIONS are people who just browse through Tor constantly because then they "feel safe", and don't bother to turn it off when they are browing non-sensitive material.
So apparently, whoever thought this up doesn't ever, ever, ever use their laptop/computer in:
1) Schools, Colleges, Universities
2) Offices
3) Libraries
4) Home use at night
5) Conferences
6) Broadcast applications
7) Confined areas (trains, planes, wifi hotspots, cafes)
8) With an amplifier
Apart from the obvious waste of MY money that I gave MS with my purchases, which they have spent to hire someone to make a sound that I don't want and will never want to hear (no matter what MS say), this is a mind-trick.
Soon, the execs will "realise" that their customers have concerns and provide an off switch, thus putting into people's minds that they "listen to their customers". They were thinking that all along, it's just another way for people to continue talking about Vista that they will "remedy" by the time it comes out. It stops people thinking "But is it secure, is it easy to use, is it cheap, is it compatible?" and instead make them think "Well, they solved the worst problem, that stupid startup sound can be turned off". I don't want an "experience" with an OS. I would want to get some work done. I don't want it all to be integrated and matching - I would want it to boot fast, get on the Internet securely and not get in my way.
I turn off ALL sounds, no matter what the OS. And I usually have my speakers off except when I'm anticipating an IM and have turned its notification sound on, or when I choose to have sound (DVD's, MP3's etc.).
This is what used to wind me up about Windows - I have little to no control over the OS without bundling it full of freeware to do the job. I don't WANT Adobe Acrobat pre-loading at startup - I use it on less than 5% of my boots. In order to GET ASKED whether I want it to happen or not I have to install things like Startup Monitor from www.mlin.net. And still Adobe insists on re-trying every time I update it. I don't WANT it to, ever, at all, in any way, but there's no option for that.
I don't WANT program X to access the Internet - at all, ever, under any circumstances. It might be a game that has absolutely no need to, or that I only use on the LAN, or it might be trying to act as a server all the time, thus giving me an instant security hole. But it's going to take until Vista for me to get a choice of whether or not I will allow it unless I install ZoneAlarm or something similar (which I've been using for this purpose for many years now).
I don't WANT program X to install itself under some silly subdirectory - I really don't. Program Files is possibly the worst organised folder on any Windows drive because everything that ends up there chooses it's own structure - by company name, by product name, by some weird abbreviation - I don't WANT that. I CAN and WILL choose where this stuff goes, given half a chance. I have systems that differ from the software authors idea for a good place... I have categories - Audio/Video, Internet, Games, Graphics, Hardware, Utilities, all of which I have a perfectly clear idea of what should be where - I can organise my start menu in this way but rarely do you get a choice of where a game sticks its icons. Even rarer is the program that lets you CHOOSE where you install on the hard drive.
I also WANT to be able to move any folder without breaking anything and having to regedit to fix it (if its possible to move it at all). I don't WANT My Documents or My Music or My Pictures or anything My, I have a perfectly well organised file structure myself and don't want every program creating a "My" directory and putting its stuff in there.
I don't WANT to have to use five-thousand user-land applications that all put an icon in my system tray that I cannot remove without breaking stuff, cannot hide without a load of freeware and do not ever WANT just to use a poxy mouse or a hotkey or a wifi card. I don't WANT stuff to Auto-Update without my say-so, no matter how important someone else deems it is - I will choose WHEN and WHAT updates I install after carefully readi
Possibly. I just wish that they wouldn't do everything possible to make their primary piece of software (at least by downloads) so obnoxious.
1) Try to instruct a novice user to find and download the free version on their website. Not an easy task but doable.
2) Try to install it without it inserting stuff into Windows startup - I use Startup Control Panel but not everyone is so lucky.
3) Try to remove the messages/popups etc. from a standard installation - again, not for the novice.
I applaud any attempt at open-sourcing software but I would worry about the quality of the code if their primary app is in this much of a mess.
F11 F12 - fair enough but then, why get rid of two keys that don't get in the way of anything and can reprogrammed to do lots of "generic" commands just like the other 10.
Windows keys - arguably more useful, especially for Windows OS, but reprogrammable on Linux to do similar jobs
"Extra" keys - ARGH... scrap them,
Pause - Erm... used as Pause in a lot of games/emulators although that's not it's original usage and is WELL NAMED and out of the way. Leave it alone.
Print Screen - Although badly named nowadays it does work on both KDE and Windows without needing Ctrl (ctrl limits it to just a single window IIRC) and everybody knows that it's really a "screenshot" key - rename it if you must but it's actually, again, out of the way, and has a clearly defined use (albeit not it's original intention).
I've done upgrades over at least three version of Slackware that I can remember (and a lot more clean installs) but all went smoothly.
.new files over to their proper names but with your configuration details entered (use the .new because sometimes the format changes a lot)
- Follow UPGRADE.TXT to the letter (in the root of the CD for the new version) not forgetting to move any
- Boot in single user mode and upgrade to latest kernel version (kernels go out of date too fast to rely on the default one being worthwhile for more than a few weeks or so). Don't forget lilo/grub etc.
- Make sure that any graphics drivers/kernel modules/etc. that you compiled in are recompiled with a version suitable for your new kernel
- Reboot and X should work just fine, then you may need to recompile or upgrade some of your software (e.g. if it's compiled against an earlier glibc or kernel).
It's a pain in the bum, especially if you have a lot of software or driver modules that are fussy about what they compile against, but it's usually a damn sight easier than trying to transfer all your software, config, etc. over to a new clean install.
Unfortunately, that is completely legally meaningless. This is why you get lawyers to write licenses, not make them up yourself.
Say I, as a non-military person were to download this piece of software. Then I have accepted it under the terms of the GPL WITH NO RESTRICTIONS (as it explicitly states in that "choice of licenses". Which means that I can then futher distribute it, also under the terms of the GPL... one of which is that I can distribute it to ANYONE.
I *never* accepted the other definition, I ONLY accepted the GPL WITH NO RESTRICTIONS clause which means I was not bound by anything else and I certainly never accepted any clause that suggested that whoever I then went on to further distribute it to would also be bound by any license other than the GPL.
The beauty of the GPL is not the idea, it is the execution - the GPL, almost by definition, means that you cannot "break" it - you can't change the GPL (because then it wouldn't be the GPL), you cannot add provisos or conditions or anything that's not in the GPL itself - and the GPL allows anyone who recieves it the right to further redistribute it or modified versions only under the GPL (without provisos, conditions etc.). All you can do is CLARIFY a particular term of definition within the GPL itself (e.g. by saying that kernel modules are or are not "derived works") and even that's doubtful as to whether YOUR interpretation is the definitive legal one.
If you want to play with licenses (which are viewed exactly the same as contracts in most countries and are legally binding in virtually all), then hire lawyers. Similarly, don't "run up" your own rent agreements, wills/testaments or contracts - you WILL lose out as soon as it gets in the hands of a lawyer who will run rings around your definitions in court.
For instance, how many people know that, under UK law at least, you cannot leave money in your will if it is based on conditions (e.g. give John £10,000 if he marries before he's 30?). In the UK, John can contest that will and demand £10,000 even if he NEVER gets married.
Not you mate, I was thinking more the posters before you.
It's a slashdot phenomenon - anything about people getting shot, anything about home gun use, anything about corrupt judicial systems convicting "home defenders" and it's brought up.
Fleeing from ARMED police who asked him to stop. Why why why would you not stop, if ANYONE pointed a gun at you who has a clear shot at you and who told you to stop? Especially if they are police.
Next it'll be the Tony Martin case that you bring up.
Would you care to elaborate on what a Brontosaurus is, considering that it's not a recognised species?
s .html
http://www.angelfire.com/mi/dinosaurs/brontosauru
Why not?
What sort of desktop? (Work, home?)
What sort of user? (Child, adult, experienced, novice?)
What sort of setup? (RAM, CPU, peripheral hardware?)
"The desktop" is not a magical world filled with exact specifications, it's a variable. My "desktop" would be unusable by most novices because of the way I choose to set it up. My girlfriend's "desktop" really annoys me because of it's simplicity (I have to keep installing things to get the facilities I want).
I use "desktop" Linux as my main workhorse... because it's a damn sight better than the other OS's available to me for that machine (I have enough Windows 98SE and XP Pro licenses to cover it several times over BTW, but have never even inserted the XP disk and I moved from 98 to Linux in the first place). It does all my email, web browsing, printing, file management, wordprocessing, desktop publishing, video capture/editing/conversion, photo manipulation, and a lot more besides without any sort of problem. It took about a week to get it working how I'd want my desktop to work and a month of two of very occasional tinkering to get it perfect and I haven't changed the desktop setup in at least six months (though I have added software etc.).
It does everything I expect from a desktop PC and a lot more that I don't (it runs two security cameras, the printers for the network, firewalls for the network, as a wireless AP and sniffer, the list goes on and on and the CPU is NEVER idle). It all runs flawlessly and smoothly (on a 1Ghz/512Mb), I can word-process without hassle and print without problems. I can browse, I can manage thousands of documents, tens of thousands of emails, I can create websites for paying clients, I can even plug in my camera and email Aunt Joan that photo I took last week. My girlfriend uses it when she can't be bothered to walk to her computer, it took her ten minutes to learn how to VNC into her machine but she only actually does that when she needs her particular setup (e.g. email accounts etc.). For EVERYTHING else, she is quite happy to sit, click and work on the Linux desktop. Considering that up until 3 years ago she had never used any form of personal computer in her life until her uni forced her to learn Windows, she's adapted remarkably well and with nearly ZERO instruction (clicking and learning). She's wrote thousand-page essays on it, she's browsed all her favourite sites from it, she's picked up her email from it, she's even played games on it, all without any problems at all (tell a lie... she didn't like that the version of Opera that I was using was one version number ahead of her own!)
The only problem with "desktop linux" is initial configuration (but, hey, I work with Slackware so it was never going to be a single-click to get it all working how I wanted... as it was it only took the install time + 5 minutes to get X with KDE up and then it was user management... a week of casual use later it had all the software I needed) but I don't use the GUI-oriented distros so that's probably a non-issue anyway for most people who would. Hardware support is almost perfect now, even if it means ugly binary drivers. Most people I know can't install a printer on XP so they don't stand any more chance of doing the same on Linux. If it doesn't come pre-installed, they get someone "who knows" in to do it. All that "desktop linux" means is that the "who-knows" person has to be familiar with Linux instead of Windows.
But, to come back on the topic a bit, Windows 98 users will probably stay were they are until their machines explode. After that, then they may choose something but, considering that those same people are the ones who can't install printers, what they use will be determined by who sets up their next PC for them, not whether Windows 98 has extended support or not.
I work in schools so I get this stuff every day.
The best stuff usually came from PC's that had been "supported" by the local Borough. Two such examples:
1) I go to a school for a interview to see if they need my support help, I'm not supposed to be doing anything just yet, I'm just given a tour to see if I can help them with their systems. I notice four computers with "out of order" stickers in the corner of a classroom and ask about them. They have been for repair six times, taking months each time and always coming back broken. They won't boot into Windows. To the apparent annoyance of the person giving me a tour of the school, I turn them on. All four show "CMOS Checksum Error". I send out a member of staff for four CR2032 batteries (they are impressed that I can remember the code for the battery). They come back ten minutes later when I've opened the cases, I swap the CMOS batteries, all four come up and boot Windows first time (still working four years later). These PC's had ALL been sent off for expensive repair half a dozen times each and always come back "faulty"... Needless to say, the school hired me there and then and are still one of my best clients today.
2) Same school, same borough support team, six months later. In the office, they print directly onto cheques for paying suppliers, staff wages etc. For the first time ever I get to see it happening, watching the user put through a blank sheet of paper between each pre-printed cheque page as they insert them into the paper tray. I assume it's to do with record keeping of what cheques have been issued etc. No. Whenever they print cheques (which is the only use of this machine) they have to insert a blank piece of paper between each or only every other cheque gets printed, which screws up the receipts etc. and wastes lots of blank, pre-printed cheques. They tell me that they've had the support team in so many times and it's to do with the archaic software they use (actually a DOS telnet program logging into a remote server using a primitive Windows interface). I take a quick look, notice that the HP Laserjet's menu is set to "Copies:2" and change the setting. Surprisingly, everything starts working properly, no unnecessary blank pages, etc. and STILL does to this day with the same printer and software. The office staff COULD NOT believe that it was so simple and their support team missed it. I get a lovely card with a hand-written funny verse on it (I still have it somewhere) and their eternal gratitude, they no longer have to spend HOURS each day inserting blank pages into a stack of cheques and the Borough Support Team gets another telling off.
So what's left after all this stuff has been removed? Taking account of stuff that's not available for download for other OS's (such as IE 7) and not already in XP by default in some other form (e.g. Outlook Express/Windows Mail):
- Higher system requirements
- "updated" GUI
- Windows DVD maker and some other small utilities
- Lowered privileges (welcome to the new millenium, Microsoft)
- Parental controls
- Speech recognition
- That flash/disk thing
- Drive encryption
To me, that looks like stuff that most people have available to them in one form or another and which, if they don't, they wouldn't ever use. GUI changes are ten-a-penny for Windows, DVD software is bundled with every PC that's capable of doing it or available free, parental controls are widely available for free or quite cheaply (and hardly EVER used anyway because they are just NOT reliable... I speak as a primary school technician who's had to explain that if you google for "Little Red Riding Hood", it's quite possible to find unpleasant stuff that will bypass a filter), speech recognition? Hell, my browser's done it for at least two versions, the libraries are installed with no-end of utilities and it still doesn't work very well at all - most people don't even HAVE a microphone on their computer because there's no practical use for it. There are also dozens of decent voice-recognition programs out there that tie into Windows just fine. Drive encryption is, again, easily available. However, it's not something I'd recommend a newbie to turn on until they were sure they had ten backups of their key or some kind of recovery disk.
It really bugs me that Windows, in every previous incarnation, has missed out "obvious" features, tweaks and utilities and instead bundled stuff that nobody wants/uses. Now they seem to be finally taking that cue and putting stuff that's easily available as freeware into Windows and releasing it as a new OS. A previous example would be Windows Firewall (which came along just after software firewalls had established themselves as a necessity). Unfortunately, they are still missing the obvious things that both ordinary people and the average tech NEEDS in an OS, mainly concerning control over what programs can and can't do.
A fully-installed Windows system has always needed some freeware to prop it up. Let start with "choosing which programs can run at startup". I install Startup Control Panel and StartupMonitor because I WANT to know when a program deigns itself so important that it should want to run at startup without asking me first. I get a pop-up dialog and a choice of whether to allow it to do so, EVERY time it tries. That's useful. That's simple. Complete IT-incompetents realise what it's asking and say no unless they think they need it - it instantly stops computers slowing because of accumlated startup/taskbar icons like RealPlayer, QuickTime, Adobe Acrobat etc. that DO NOT NEED to be loaded at all until I decide to load a RM, MOV or PDF (ARRGHH! What a stupid idea to "preload" these sorts of apps! Anyway...). Where was the OS facility to do that? You could regedit. You could go into some obscure menu in later versions of MS System Information (if you even KNEW how to find it, which most people don't). But nowhere did you EVER get a choice of "do you want to allow this program to run at startup?" or not.
Now, hopefully, someone who's run the Beta will tell me if that's in Vista or not. I would hope yes but I haven't heard of it yet. Also, I always install a Print-To-PDF driver of some sort (depending on the client, either freeware or something from Adobe). It turns ANY file (even Publisher) into a usable, transferrable file format that will print out on any machine (so you can transfer the PDF to a computer with any printer that uses the same paper size and it will pretty much work... that is invaluable in my line of work). Now it looks like MS finally caught up and then Adobe said no? I can't say I blame Adobe and I'm actually wondering why
Dunno about 1 and 2 (they don't affect me in any way) but 3 is easily solved:
opera -notrayicon
Same here. Unfortunately the message doesn't get through and a lot of people don't even know that you can have anything non-Windows (a select few are aware of Apple Macs but only on the scale of "you can't play games on them or anything"). Computers=Windows where I work, so you tell them that you don't run Windows at home and you just get blank looks like you've said "my car doesn't have an engine or tyres". When you show them on a LiveCD, they ooh and aah but then just walk away to go click on more popups.
I use three browsers (Opera/Firefox on Linux and IE/Firefox on Windows)
:-) Actually, I use Opera on all platforms (primary desktop is Linux) and have IE on "standby" for stuff that demands it (erm... Windows Update basically). IE, in itself, doesn't have to be dangerous, no, but other browsers are a damn sight better at stopping anyone (casual user or expert) from doing something silly.
Why not Opera on Windows?
There were a lot of security problems that read "visit this link in IE". Think about that again... "visit a link". Not many other browsers will do more than crash or hang on the best coded page but in IE it can infect and run executable code as the user. And I'm not talking about expertly-tailored, perfectly formed buffer overruns that by a series of ever-more-complex crashes, faults and errors eventually run something but about visiting a link that then can directly execute code in the browser. I've seen several proof-of-concepts from a year or two ago that literally had a line similar to exec("c:\windows\notepad.exe") in them that perform the main damage.
Yes, I can turn EVERYTHING off on my IE and then every other site will demand I turn it back on to work, the Windows Update website will stop working etc. and I'm still not guaranteed that it'll work (most IE flaws are some sort of Zone bypass somewhere along the way). Opera, for me, has a better reputation. It doesn't do stupid things in the first place and, believe it or not, I can actually safely browse any website with the default settings so long as I keep it up-to-date (a disclaimer which, on my own personal systems, is a given anyway). It's a browser and it should not be executing code in any way - ActiveX was a damn silly concept. Opera understand this and haven't even TRIED to implement or replicate ActiveX or anything like it. It processes HTML and puts it on my screen and that's all I want a browser to do.
Most of the problems with IE come from ActiveX or the abilities that were put into the browser scripting language. Don't have those abilities present and, surprise, nobody can take advantage of them by tricking you into thinking that it's running in a different zone etc. Other things like buffer overflows in HTML parsers are rare yet Opera fixes them as soon as they appear on Secunia or similar websites. With IE, you have to wait until "mega-patch-Tuesday", if they even BOTHER to fix it.
"Microsoft Internet Explorer 6.x with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical"
"The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Opera 8.x. This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details. Currently, 0 out of 13 Secunia advisories, are marked as "Unpatched" in the Secunia database."
That's the difference right there and it's been that way for an awful long time. And that's why I won't use IE or recommend it's use to even the most expert of people.