Slashdot Mirror


User: Phroggy

Phroggy's activity in the archive.

Stories
0
Comments
6,452
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,452

  1. Re:10.3 Only Problem on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    I'm not smart enough. :-P

  2. Re:10.3 Only Problem on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    And you're an asshole for name-calling but I'll concede that you're right and I was wrong.

    Sorry about that, I was just annoyed that so many people were repeating the same wrong info.

    But if you are so inclined, I would enjoy hearing about how you are using your Spam Honeypot.

    It's a sort of experiment to make an automated DNSRBL. I don't really expect it to be useful. Interestingly, it did start receiving spam within only a couple days of putting the address in my sig, so obviously the spambots are quite active!

    Feel free to include the address on your own web pages, but try to do so in such a way that real people will never use it, and do not use it to subscribe to anything.

  3. Re:Not True... on Apple Forcing Panther Upgrade for Security Patch · · Score: 2, Insightful

    That should be adequate for virtually all users of 10.1. The rare 10.1 users who actually need SSH enabled are probably sophisticated enough to apply the open source patch.

    Oh I see - so any user who knows how to SSH into a remote machine and run a few commands automatically knows how to download, compile and install a piece of software from source, with the correct options to get all the paths in the right places, overwriting the Apple-supplied binaries (which of course you've backed up first).

    And, of course they all know the problem exists in the first place.

    Right.

  4. Re:Not True... on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    Honestly, what reason is there for running 10.1?

    Because upgrading costs $129?

  5. MOD PARENT DOWN on Apple Forcing Panther Upgrade for Security Patch · · Score: 2, Informative

    Let me repeat. OS X 10.1 and 10.2 are not vulnerable, so no patch is required.

    Does ANYONE read the articles? Apple recently released a security patch for a completely unrelated security issue in 10.3 that does not apply to 10.2, and everyone assumes that's what this is about, even though this article is about three COMPLETELY DIFFERENT security issues that @Stake found in 10.2 that do NOT exist in 10.3 that Apple HAS NOT YET released patches for.

  6. Re:This does not effect 10.2.x on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    You've got a lot of company; if it was just you I might not have said anything.

  7. Re:OS X is now a subscription in all but name on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    I'm still running 10.2 on this machine, and my old iMac runs OS9 quite nicely. Sure, a lot of new software won't run on OS9 - just like a lot of new software won't run on Windows 98 (the most recent examples I noticed were iTunes and Napster 2.0; I don't run Windows so I'm not sure what other apps require 2k or XP).

    Why don't Apple just be done with it and call it OS X subscription? After all, I bet most of their customers are paying $120 every 12-18 months anyway just to keep their machines current. So why not be honest about it?

    Didn't I recently read something about Microsoft's subscription plan for Windows, where they charge you a flat rate every year and you get upgrades to new versions of Windows for free? Except that the next version of Windows won't be released until about 2006, so all those subscription customers aren't getting anything for their money. Meanwhile, nobody's forcing me to upgrade my Mac (this article is FUD).

  8. Re:10.3 Only Problem on Apple Forcing Panther Upgrade for Security Patch · · Score: 3, Informative

    This is a 10.3 only problem and the writeup on this topic needs to be fixed. Jesus, look at the people who came out looking for an excuse to bash.

    You're a moron.

    The 10.3-only security issue Apple just patched has nothing whatsoever to do with what we're talking about, which is three security issues identified by @Stake that do not exist in 10.3. Sure, the summary is stupid, but that's because the article is stupid. They're saying Apple is only making the fixes available in 10.3; the truth is, the problems don't exist in 10.3 and Apple hasn't released a patch for 10.2 yet because @Stake only announced them two days ago.

  9. Re:FUD on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    the latest flaw is apparently only a 10.3 problem, hence the 10.3 only update.

    Couldn't be bothered to read the article, could you? The Java thing Apple just patched in 10.3 has nothing to do with these three issues @Stake has identified, which only affect 10.2 and do NOT affect 10.3 at all.

  10. Re:This just in from Apple: on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    That has nothing to do with what we're talking about; RTFA.

  11. Re:If true, leaves Beige-G3 users out in the cold on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    I expect that we'll hear from Apple shortly, and they will clarify their position -- that the patches for 10.2 will be out Real Soon Now.

    I completely agree. I wouldn't worry about it.

  12. Re:This does not effect 10.2.x on Apple Forcing Panther Upgrade for Security Patch · · Score: 1

    That has nothing to do with what we're talking about; RTFA. :-)

  13. Wait a minute... on Apple Forcing Panther Upgrade for Security Patch · · Score: 4, Insightful

    The same security company who recently fired an employee for publishing a paper saying Windows is insecure because it could damage the company's relationship with Microsoft has now identified three security issues in Mac OS X 10.2, which do not exist in 10.3. They made this announcement two days ago, and people are screaming that Apple is screwing their customers because they haven't released a patch within two days. Because 10.3 is not affected by these issues, upgrading to 10.3 would be one solution. Another solution would be to wait until Apple develops and tests a security patch for 10.2, which will probably take them about a week.

    Remember that when security issues are found in Microsoft products, Microsoft is usually notified in secret months before the issue is made public, so that they have time to develop a patch.

    Summary of the first issue: a user could:
    a) turn on core files, so when a process crashes it will dump core to a world-writable directory
    b) mount a disk image (or presumably any other writable filesystem such as an SMB mount)
    c) make a symlink in the cores directory with a particular PID in the filename, pointing to an empty file on the mounted filesystem
    d) cause that particular process, which could be owned by root, to crash, overwriting the file that was linked to
    e) read the resulting core file

    Or skip steps b and e, and just use it as a DoS to overwrite something important, but unless you've hacked OpenFirmware to prevent booting into single-user mode or booting from CD, anyone with physical access to the machine can do this anyway.

  14. Internet radio on Who Needs Radio? · · Score: 2, Insightful

    At home I listen to the BBC's Radio Five Live for news and current events with an international perspective, NPR's program stream for interesting domestic programming that my local public radio station isn't playing at the time I choose to listen, and for music, an awesome jazz stream from Korea (they play some crap, but a lot of really great stuff too, and no the music isn't Korean).

  15. Re:Amazing on Napster Pre-Paid Cards · · Score: 2, Insightful

    Shouldn't they just make the default be to buy in "Shopping Cart" mode instead of one song at a time?

    Instant gratification. With a shopping cart, you can change your mind before checking out, particularly when you see the total amount of money you're about to spend. $0.99 at a time doesn't seem like as much money, so you're more likely to buy more. At least that's what Apple is hoping.

  16. Re:Apple Zealots on Napster Pre-Paid Cards · · Score: 1

    What exactly did Apple pioneer in the online music area? Besides 0.99 that is?

    No subscriptions, lenient DRM, a customized client integrated with an mp3 player (a more pleasant experience than using a web browser)...

  17. Re:Amazing on Napster Pre-Paid Cards · · Score: 1

    70cents goes dirrect to the record company after a sale, the reset is split between the artist, and apple

    Not quite - 70 cents (or whatever the amount is) goes to the record company, and the record company pays the artist out of that. Apple doesn't pay artists directly (nor should they; that would be silly).

    And speaking of credit card transactions, you forgot to mention that another piece of Apple's 30-cent share goes to Visa/Mastercard. Apple arranged a special deal with the credit card companies to make iTMS possible; they didn't make it free.

  18. Re:Panther build? on Panther Released into the Wild · · Score: 1

    You'll note that a partition on the Retail CD is called 'Apple_Patches'.

    This is a legacy Mac OS thing. I'm not entirely sure what it's for, but it's related to those Mac OS 9 Drivers you mentioned; it has nothing to do with Mac OS X.

  19. Re:Can someone enlighten me on Copyright Extension In Australia · · Score: 2, Insightful

    I was listening to the fourth movement of Beethoven's 9th symphony recently, and I wanted to see how the choir parts are put together. Because it's in the public domain, I was able to find a PDF of the score online, and print it out (88 pages for the fourth movement, so far I've only printed part of it). It's absolutely a work of genius, and far more complicated than I would have been able to transcribe while listening to the CD. In the 16-bar passage I've been looking at, the tenor part goes above the alto part periodically, and the soprano part just has rests for the first four bars (with the melody in the alto part; the melody shifts to the soprano part in the 7th bar).

    Of course it's difficult for me to read; in addition to everything being in Italian (the international language of music) - except the vocal lyrics, which are of course in German - several of the parts are written with bizarre clefs (I figured out that the pointy thing in the middle of the clef points to middle C, but why the soprano part is written with a clef that puts middle C on the space below the bottom line of the staff, instead of a perfectly normal treble clef which puts middle C on the ledger line just below it, I have no idea). Also, not being a conductor, I'm not accustomed to reading full scores, so it's sometimes rather confusing to figure out which parts are on which lines when there's a different number of lines than there were the last time the parts were labeled.

    There are also parts for A clarinets (instead of the usual B-flat), and for D trumpets (in addition to the usual B-flat). Of course one must remember the German convention of writing what we call B-flat as B and what we call B-natural as H, so the B-flat trumpet part actually says "Corni in B."

    Now tell me - to whom would you have me pay money for the privalege of exploring the music of Beethoven? He himself certainly doesn't need it, and I don't even know who his descendants are. Those who may be living obviously had nothing whatsoever to do with the creation of the work.

    Public domain is a GOOD THING.

  20. Re:You're right on Brill's Contentious ID Card · · Score: 1

    The problems were :
    1) No way for the pilots to protect themselves
    2) No locked cockpit doors


    3) Airline staff were trained to expect hijackers not to be suicidal
    4) Other passengers naturally expect hijackers not to be suicidal

    Airline staff have now been trained otherwise, and the general public is also aware of what happened 9/11/01. The same incident could NOT be repeated today - if everyone on the plane knows that the hijackers intend to kill everyone anyway, then nobody has anything to lose by attempting to overtake the hijackers.

  21. Re:Fear.. on Brill's Contentious ID Card · · Score: 1

    For $30 I'll sell you a way to read this article without going through the registration page. :-)

  22. Re:Ummm on X10 Pays $4.3 million In Damages For Pop-Unders · · Score: 4, Informative

    But the browser doesn't specifically have a "pop under" feature. It's just a matter of running some JavaScript to send it to the back.

    Precisely. The browser lets you run JavaScript code when a page loads. It lets you open a new window. It lets you move a window behind other windows. Using these features together to create pop-under advertisements isn't entirely obvious - although once you've seen the idea, reproducing it is completely blatently obvious (which is exactly the sort of thing patents are for - protecting the person who originally came up with the idea, because once the idea is out there, anyone can reproduce it).

    But yeah, this is really pretty trivial.

  23. Re:Magic words on AT&T Moves Toward Mail-Server Whitelist · · Score: 1

    What do you do, call the FCC and complain? Yeah, I had someone call and I don't know who it is, tell them not to call again please?

    That might not be as crazy as it sounds; the phone call may be traceable.

  24. Magic words on AT&T Moves Toward Mail-Server Whitelist · · Score: 1

    "Please add this number to your do-not-call list."

    Document all the info you can (date, time, name of person you spoke to if possible, etc.), and the next time you get a call from them, complain.

  25. Re:Is this another violation? --- on Microsoft Antitrust Compliance Questioned · · Score: 1

    Any Jabber client is multi protocall on the server end
    Jabber is great that way
    See Jabber.org


    Hadn't thought of that. Looks like TVJab and the discontinued Jabbernaut are available for Mac OS 9. I don't use Jabber myself, so if the server needs to be set up as a gateway to other protocols, I don't know what's involved in that (can you just connect to jabber.org servers and have everything work?).