The fact is that 99.9999% of home users only use windowsupdate to secure their boxes. A great majority of those, don't update regularly enough to make this exploit a non-issue.
Yeah, stupid red button, yeah stupid user didn't secure his box. End result is no different than if the exploit were a true blue win buster... It's still a borkable box.
Worked on all of our boxes. SP'd to the tits. Representative of a good portion of Winboxen out there I imagine.
If your boxes aren't vulnerable, then you've done something 'nonstandard' to make them that way, or you're using the program incorrectly. So either, you're a competent admin, or an incometent hacker.;)
He never said there was a EULA. He only stated that the first thing he though about was that he didn't want to agree to one. You're putting words in his mouth.
Wha? Like AT&T would think to themselves: "Well, it's just one website, and I'm sure the RIAA would stop there... " That's absurd. They're doing this to go to court and win. They wouldn't do it otherwise.
This happened in the days of the single deck. This actually caused the use of the six deck shoot (or shoe or whatever).
I read the article in Wired, thought "Hey, I could do this" then realized that it can't be done anymore... Oh well... Anyone else know of any get rich quick schemes that work?;)
I see that the latest version of HSQL does indeed support inner queries. My initial point, however is still up for debate. HSQL is not comparable to Postgres/Oracle/SAP DB for a variety of reasons.
From the forums I see: Since the HSQL code uses integer values to perform its seeks into the data file, theoretically you should be able to store a gig or more of data. In practice, however, it seems that all the data you load remains in memory, even when using cached tables.
Which speaks to my 'real big joins' argument. I can't be more specific, because I never bothered to find out why it didn't work, I just moved on to postgres, which did. It appears that the problem lies with the team's usage of ints to represent positional data with regard to the table data. This puts a hard limit of 2GB on the data size (for some, 2GB isn't enough I guess).
Backup support would also be nice (dump/copy/replication/etc). So would trigger support. It would also be nice if user passwords and structural information were NOT exposed by the cleartext.script files (I've begged for this, but have given up on ever seeing any type of encryption implemented). Other things HSQL needs: Row level locking (with regard to SELECT... FOR UPDATE queries), left outer joins, serialization isolation level, CHECK constraint support, fixing of the general ADD COLUMN weirdness...
HSQL is great for a specific set of requirements, but it does not meet the same broad set that postgres and oracle do. This is why I don't feel that it is in the same league.
I'm sorry. This will sound rude, but that's never stopped me before...
Nobody can prove *anything*.
That's your argument? Since you can't dispute my argument logically, you're throwing all argument out the window by saying that nothing can be proven? That's silly. But, I guess it doesn't matter, as that can't be proven.
Wait, what if you can't prove that nothing can be proven, does that mean that it's possible that something can be proven? I hope not, as that would negate your argument entirely. So, hurry up, prove that nothing can be proven (and prove me right), or prove that something, anything, can be proven (and you've proven me right).
Have you ever considered the possibility that I (and nearly 2 billion other people on this planet) might be right?
Sure, and once you prove it empirically, repeatably and reliably I'll be the first to sign the petition to have all blasphemous material burned (including me).
Even if you do not accept the Church, surely you can agree that this web site was distasteful from a secular standpoint.
What does taste have to do with this? Distasteful things shouldn't be allowed on the internet? WHY ARE YOU READING SLASHDOT?!
And if you were a company 100% on Linux or some other Unix flavor, you think switching to MS would not be "terribly painful and difficult".
Well, uhm... No. At least, not AS difficult. You see, Linux uses well defined standards and file formats instead of proprietary, constantly changing ones.
If it works, and does what they want it to do, why switch?
The business case for switching isn't JUST saving money. It's weening yourself off of said proprietary formats. Being locked in to a certain format might not be expensive RIGHT NOW, but using open formats means that it will never be any more expensive.
Soy is good, unfortunately it lowers your testosterone levels. This is undesirable if you are trying to gain muscle mass (which is a necessary precursor to a better base metabolism).
Nothing is wrong with supplamental vitamins. Those studies (if we're talking about the same ones) were on "hard" pills (centrum, etc). Pre-natal vitamins (pregnant momma vitamins) are absorbed and utilized much more efficiently. Chewable childrens vitamins have similar properties, though to a lesser extent.
If you're looking for a beneficial diet, consider wheat grass and nuts. Good for you, but damn near inedible.
Or, if you want to pay the LOWEST price (and don't care which souless corporation you're giving money too), go to bestbookbuys.com. It's a meta-search comparative shopping site that checks 10 or so sites for the book you're looking for by ISBN.
I can't imagine that you'll ever see this reply, but it's worth a shot. The premise to my argument was that the CC companies had no choice but to accept the charges (I was in effect arguing your point) when in reality, they are not helpless and the parent poster was providing a dangerous spin on un-cited information.
"It's generally accepted that in internet transactions involving credit card numbers, a customer can at any time deny having made the transaction. Without a signature, there's no way to PROVE that the customer made the transaction: they can't take that customer to court."
So, what's to stop me (besides my conscience) from exploiting this for a free laptop?
Palladium doesn't give a rip about the ed market or the consumer market. They're after the big fish, and they've got some good bait. Imagine never having to question what's running on the box... It is certified after all... And with the microsoft insta-magic-updater, all your software will remain bug-free and impenetrable. Want to write code to run on a Palladium box? No problem, just submit your source to Microsoft for an audit with a check for 20 mil and we'll see what we can do...
How is this essentially correct? He's wrong! Un-Right! Incorrect! You're basically saying that "well, it wasn't first, but it was the first one 'of consequence' and the 'best one' (even though it wasn't first)." Well hell then! "Microsoft had the first gui!" (of consequence, of that quality, etc..etc..)
Well... They don't want to allow someone to link directly to their content because this basically gives away for free the very thing that they're selling. Granted, you don't pay any money to view their content, but that's only because you view their ads on the intermdiate pages (the pages that get skipped when someone deep links to an article). The transaction may not involve any money, but it's still a transaction and one that deep linkers invalidate by making it worthless to the seller (npr).
The details aren't that gory. Say for instance you have a program that's running. Will it halt? The answer is unkown until it halts. If it doesn't halt, that doesn't mean that it will run to completion, it just means that it may not have halted... yet...
"Maybe because since you agree with it, it must be true?"
No, but I can see how you would draw this conclusion. Not citing evidence in any argument is a pet peeve of mine. I don't know how much oil or plutonium is left and I don't terribly care. I find both arguments are equally invalid, though the latter just seemed more worthy of my reply.
Slashdot Mirror
Yup, that's nonstandard for most users... Sad but true.
The fact is that 99.9999% of home users only use windowsupdate to secure their boxes. A great majority of those, don't update regularly enough to make this exploit a non-issue.
Yeah, stupid red button, yeah stupid user didn't secure his box. End result is no different than if the exploit were a true blue win buster... It's still a borkable box.
Worked on all of our boxes. SP'd to the tits. Representative of a good portion of Winboxen out there I imagine.
;)
If your boxes aren't vulnerable, then you've done something 'nonstandard' to make them that way, or you're using the program incorrectly. So either, you're a competent admin, or an incometent hacker.
Depends... When's the next election?
He never said there was a EULA. He only stated that the first thing he though about was that he didn't want to agree to one. You're putting words in his mouth.
Wha? Like AT&T would think to themselves: "Well, it's just one website, and I'm sure the RIAA would stop there... " That's absurd. They're doing this to go to court and win. They wouldn't do it otherwise.
Really old news:
;)
This happened in the days of the single deck. This actually caused the use of the six deck shoot (or shoe or whatever).
I read the article in Wired, thought "Hey, I could do this" then realized that it can't be done anymore... Oh well... Anyone else know of any get rich quick schemes that work?
Not just Davezilla.com... Check out the list of other offending sites.
I see that the latest version of HSQL does indeed support inner queries. My initial point, however is still up for debate. HSQL is not comparable to Postgres/Oracle/SAP DB for a variety of reasons.
.script files (I've begged for this, but have given up on ever seeing any type of encryption implemented). Other things HSQL needs: Row level locking (with regard to SELECT ... FOR UPDATE queries), left outer joins, serialization isolation level, CHECK constraint support, fixing of the general ADD COLUMN weirdness...
From the forums I see:
Since the HSQL code uses integer values to perform its seeks into the data file, theoretically you should be able to store a gig or more of data. In practice, however, it seems that all the data you load remains in memory, even when using cached tables.
Which speaks to my 'real big joins' argument. I can't be more specific, because I never bothered to find out why it didn't work, I just moved on to postgres, which did. It appears that the problem lies with the team's usage of ints to represent positional data with regard to the table data. This puts a hard limit of 2GB on the data size (for some, 2GB isn't enough I guess).
Backup support would also be nice (dump/copy/replication/etc). So would trigger support. It would also be nice if user passwords and structural information were NOT exposed by the cleartext
HSQL is great for a specific set of requirements, but it does not meet the same broad set that postgres and oracle do. This is why I don't feel that it is in the same league.
Because it doesn't support views/inner queries/real big joins ... ? That's more of an embedded db...
I'm sorry. This will sound rude, but that's never stopped me before...
Nobody can prove *anything*.
That's your argument? Since you can't dispute my argument logically, you're throwing all argument out the window by saying that nothing can be proven? That's silly. But, I guess it doesn't matter, as that can't be proven.
Wait, what if you can't prove that nothing can be proven, does that mean that it's possible that something can be proven? I hope not, as that would negate your argument entirely. So, hurry up, prove that nothing can be proven (and prove me right), or prove that something, anything, can be proven (and you've proven me right).
Have you ever considered the possibility that I (and nearly 2 billion other people on this planet) might be right?
Sure, and once you prove it empirically, repeatably and reliably I'll be the first to sign the petition to have all blasphemous material burned (including me).
Even if you do not accept the Church, surely you can agree that this web site was distasteful from a secular standpoint.
What does taste have to do with this? Distasteful things shouldn't be allowed on the internet? WHY ARE YOU READING SLASHDOT?!
And if you were a company 100% on Linux or some other Unix flavor, you think switching to MS would not be "terribly painful and difficult".
Well, uhm... No. At least, not AS difficult. You see, Linux uses well defined standards and file formats instead of proprietary, constantly changing ones.
If it works, and does what they want it to do, why switch?
The business case for switching isn't JUST saving money. It's weening yourself off of said proprietary formats. Being locked in to a certain format might not be expensive RIGHT NOW, but using open formats means that it will never be any more expensive.
Soy is good, unfortunately it lowers your testosterone levels. This is undesirable if you are trying to gain muscle mass (which is a necessary precursor to a better base metabolism).
Nothing is wrong with supplamental vitamins. Those studies (if we're talking about the same ones) were on "hard" pills (centrum, etc). Pre-natal vitamins (pregnant momma vitamins) are absorbed and utilized much more efficiently. Chewable childrens vitamins have similar properties, though to a lesser extent.
If you're looking for a beneficial diet, consider wheat grass and nuts. Good for you, but damn near inedible.
Or, if you want to pay the LOWEST price (and don't care which souless corporation you're giving money too), go to bestbookbuys.com. It's a meta-search comparative shopping site that checks 10 or so sites for the book you're looking for by ISBN.
I can't imagine that you'll ever see this reply, but it's worth a shot. The premise to my argument was that the CC companies had no choice but to accept the charges (I was in effect arguing your point) when in reality, they are not helpless and the parent poster was providing a dangerous spin on un-cited information.
"It's generally accepted that in internet transactions involving credit card numbers, a customer can at any time deny having made the transaction. Without a signature, there's no way to PROVE that the customer made the transaction: they can't take that customer to court."
So, what's to stop me (besides my conscience) from exploiting this for a free laptop?
Palladium doesn't give a rip about the ed market or the consumer market. They're after the big fish, and they've got some good bait. Imagine never having to question what's running on the box... It is certified after all... And with the microsoft insta-magic-updater, all your software will remain bug-free and impenetrable. Want to write code to run on a Palladium box? No problem, just submit your source to Microsoft for an audit with a check for 20 mil and we'll see what we can do...
OT: Neutral Milk Hotel... simply amazing... Thanks for reminding me that they even exist. ;)
Andrew Einer
How is this essentially correct? He's wrong! Un-Right! Incorrect! You're basically saying that "well, it wasn't first, but it was the first one 'of consequence' and the 'best one' (even though it wasn't first)." Well hell then! "Microsoft had the first gui!" (of consequence, of that quality, etc..etc..)
You're not even splitting hairs here!
Well... They don't want to allow someone to link directly to their content because this basically gives away for free the very thing that they're selling. Granted, you don't pay any money to view their content, but that's only because you view their ads on the intermdiate pages (the pages that get skipped when someone deep links to an article). The transaction may not involve any money, but it's still a transaction and one that deep linkers invalidate by making it worthless to the seller (npr).
The Scarecrow: All I need is someting to remind me of things, quickly and easily.
The Wiz: Have I got something here for you!
I did build a program that did what it was supposed to do.
Well, you're one up on Redmond.
Andrew
The details aren't that gory. Say for instance you have a program that's running. Will it halt? The answer is unkown until it halts. If it doesn't halt, that doesn't mean that it will run to completion, it just means that it may not have halted... yet...
"Maybe because since you agree with it, it must be true?"
No, but I can see how you would draw this conclusion. Not citing evidence in any argument is a pet peeve of mine. I don't know how much oil or plutonium is left and I don't terribly care. I find both arguments are equally invalid, though the latter just seemed more worthy of my reply.