OK where does everyone see that it says not to trust Microsoft? All I see is not to trust an ActiveX pop-up warning that might be comming from someone OTHER than Microsoft...
You can't just install the patch. You must remove Microsoft from your list of trusted content providers in IE, because if the old (unpatched) ActiveX control is hosted on a malicious web site, it is still signed by Microsoft, and can be automatically installed over the top of the patch! To quote from the Book of Microsoft, chapter Security Bulletin MS02-065:
Why would an attacker be able to silently re-introduce the old version of the control? Shouldn't there be a warning message?
A warning message is generated anytime there's an error associated with a digital signature (e.g., a bad signature or expired certificate) or the signer isn't trusted. But in this case, the digital signature on the old version of the control is still valid, and the signer is Microsoft - which is a trusted publisher in many cases. Because of this, most users would not see a warning message of any kind if the old control was re-introduced.
Why not revoke the certificate that was used to sign the control?
The certificate that was used to sign the control is still valid - the problem lies in the control, not the certificate. In addition, a number of controls have been signed using the same certificate, and revoking the certificate would cause all of them to become invalid. OOPsie!
What steps could I follow to prevent the control from being silently re-introduced onto my system?
The simplest way is to make sure you have no trusted publishers, including Microsoft. If you do that, any attempt by either a web page or an HTML mail to download an ActiveX control will generate a warning message.
Oh and if I see M$ or Micro$oft one more time I'm going to puke.
You and me both, brother. Even complete Microsofties don't go around writing "Linsux". Derogatory labels help no-one.
...if Microsoft gives its software to them for free, they will gain marketshare and will have lost nothing.
I'm a developer, why don't they give me a complete set of development tools and documentation for free? Because tools cost money to develop, money they knew they could recoup by selling them to me, and to India. A tool given to a developer who would otherwise have paid for it is a loss for MS shareholders.
Without the threat of migration, MS would have told India "here's the price, take it or leave it."
In the global picture, with increasing competition from Linux, both Linux and MS developers win. Only MS (the company, not the community) loses. I can't see a downside.
So if you consider the fact that they would not have bought a licence if they had not been given a copy, MS is infact making a profit.
By that logic they might as well give away fifty-CD collections of Microsoft's Greatest Hits because the production costs are almost zero. It's not worth my while correcting your understanding of economics.. I'll leave that as an exercise for the reader
The precedent is what's important, not the cost of licenses in one province in India. From now on, if you want to drive down the price of MS software you just have to confront them with "we were thinking of converting all fifty thousand desktops to Linux." Even if it's not true.
In negotiation with vendors, competition is always good for the consumer, even if you are not really considering the competing product. Just say "mass-migration" and the MS salesman's heart will skip a beat. Remember to have a defibrillator on hand.
"But really... if you aren't doing anything extremely wrong you've got nothing to hide. I know the idea is that the more power you give the government the more it will abuse that power, but honestly, nobody cares about going 5 miles over the speed limit, your saturday night poker game, or equivilant crimes and nobody ever will."
Please reply to this message with your full name, qualifications, home and office address, home and office phone number and social security number and I'll mod you up as "Insightful".
National ID cards chill organised opposition government policy. That's what they're for. Who says the US hasn't learned anything from Vietnam?
... I think I'm going to have to say "fat chance". I don't believe that MS will reverse its stance on security-through-obscurity... not even at the request of a nation.
At least they're taking the first small step. At least they're politely asking for the source code, which is more than any other country has tried.
...even if he is right that he can be crushed by legal fees. Your average citizen is scared of the legal system...
Beautifully put, I couldn't mod you up, so I'll settle for buying you a pint if you're ever in Dublin.
Who *wants* to fix it? The majority of Americans, Europeans, and Australians you say? But I thought all us rich western coutries were a democracies, where the majority rules? Perhaps I'm mistaken?
Read this, the best and most accurate report about the first "violent" protest in Australia, the unfortunately named "s11" protests on the 11th of September 2000.
The police were indeed mad, there were thousands of protestors, all as calm and determined as could be, and successful. The first day they were forced to ferry in the conference candidates individually by helicopter. Bill Gates called off his.NET speech at the nearby conference centre. On the order of a hundred thousand protestors, all behaving themselves, standing in front of the gates to the site.
Violence - one or two people wanted to attack the police lines, they were well and truly calmed down by a dozen to half a dozen people each.
Keep in mind that there are over 60 thousand employees at Microsoft. All of us have families and mortgages to pay just like you...
Reminds me of a story...
One upon a time there was a dangerous slippery cliff at the end of a road before a little village.
Every so often travellers along the road would slip, slip, slip over the cliff edge and fall to their deaths; and be collected by the village funeral director. Or they would slip, slip, slip over the edge and be badly injured; and the village doctors and nurses would tend to their wounds.
Eventually the mayor of the town announced a fence should be built at the top of the cliff, warning people of the danger.
"No!" cried the doctors and nurses. "We have families and mortgages to pay with the money we get for treating the injured!"
"No!" cried the funeral directors and morgue attendants. "We need the money from the funerals to support our families and mortgages too!"
The mayor was saddened by this reaction, but decided upon a compromise. The fence would not be built, but a sign would be erected saying "please support the local economy - jump off the cliff!"
The sign was erected, and is still there this very day.
I said, in part: Billyuns of dollars are being lost, and are probably being used to fund terrorism!
"cascadingstylesheet" reflexively responded: Er, the story is about Panama, isn't it? Please try to keep/. reflexive US-bashing in check.
Er, er, er, indeed. That's some serious crack you're smoking, friend, where can I get some?
I was not US bashing, I was corporate luddism bashing. Corporate sector losing money due to new technology => solution => buy new laws to outlaw new technology. How to peddle the new laws to the public? The way it's done over here in Europe by the entertainment industry is to put an anti-piracy message at the start of videos saying that piracy funds terrorism.
Just because you have stupidity in the US, don't assume that someone attacking stupidity is attacking the US.
Death to IRC, the bane of the long distance service provider! IRC is stealing the money that people would normally have to pay for 24-hour-a-day party-line conversations between twenty or more people! Billyuns of dollars are being lost, and are probably being used to fund terrorism!
I only read as far as "By using the Site, you represent and warrant that you are 18 years of age or older and possess the legal right and ability to enter into this Agreement..." before my brain exploded and I had to go out the back and install a spare.
So, am I to understand that by using the site I agree that I am legally allowed to agree to this agreement? <fx src="explode.wav"/> bugger there goes another one.
The lawyers who wrote this crap are clearly a waste of valuable oxygen, water, energy and trace elements.
"... I think this is the first time I've anxiously anticipated a Microsoft anything."
It feels sort of like the night before the debut of an eagerly-anticipated movie adaptation of a favourite comic strip. "Will it be a stinker?" "Will this be a turning point in film/legal history?" "Will they get it right?"
What do you prefer: a highly skilled guy that hates ties or a sub-skilled comformist sheeple that dresses impecably?
That was the choice ten years ago, but in today's market, you can find highly skill people sweeping the streets.
The question should be "What do you prefer: a highly skilled guy who refuses the simplest piece of discipline, or a highly skilled guy who's response is to shrug shoulders and say 'Yeah sure, man, whatever makes you feel comfortable.'"
There was a similar case in Australia a few years ago, so please forgive me for not going into great detail, as my memory is no longer photographic.
It seems there was an Asutralian Government site for information about your tax status. You entered your tax file number (same as the US SSN), plus a little more information to verify your identity, and then were shown a page with some tax information of some sort.
One man noticed that the page he was eventually directed to was http://somethingsomething.gov.au/something.asp?tfn ={his-tax-file-number} and wondered how good the security was. So of course, he types in another tax file number in the address field to test it.
BLING! Someone else's tax information pops up! No security at all, someone had just dumped this simple database-access script on the web for all to see! He tells someone in the tax department (big mistake) about the security flaw and POW a piano falls on his head. Metaphorically speaking.
Are there any Aussies in the audience who remember any more details about this one? It was at least 3 years ago.. can't remember the final outcome.
If there is a dress code, I'll pack up and leave, or not work there in the first place.
You silly little boy. More jobs for the rest of us, I guess.
Here's a clue for you:
A tie is a badge which (when flashed in the visual field of a subset of the set of business drones) means "I have some role in the smooth running of this operation", unless combined with a white shirt or any colour shirt with wrinkles which signals "I am the lowest foot-soldier in this operation, and my opinions should be treated like dingo turds".
Personally, I don't care whether or not the people I'm dealing with wear ties, but there is a recognisable business species which will not respect your opinions unless you send the correct set of signals. Unless you send these signals, your opinions will not be respected.
The business community was recently confused when a new species, the techhead, arrived on the scene, with a unique form of dress. Initially the new species was accepted, but since the tech crash their uniform now signals "I have a lot of weird ideas, most of which will lose you money, drive down your stock price and possibly destroy your business".
You don't need to apologise, explain, or correct this new response. Sure you could try, but it's unnecessary. Wear the new badge, and blend into the background!
It's a cliche, I know, but the time has come to deal with it! This is a side effect of dealing with the business world, and an insignificant side effect when compared to things like mismanagement, strict work hours ("you must start work at 9", "you must stop work by 6") and co-workers who have trouble with high-tech concepts more complex than door-handles.
I have already filed a patent for the business process which involves patenting a business process for filing a suit against anyone filing a suit for patent infringement.
And of course, before you think of it, I have also patented filing a patent for the business model of filing patents against people filing patents for any business process involving patenting a business process for filing a suit against anyone filing a suit for patent infringement.
If that's not perfectly clear, I think you should just pay up now and avoid dragging this thing through the courts:)
On second thoughts, I think I'll go away now and file a patent for the business model of patenting business models which are patents against the exploitation of business models. Or perhaps hire a good lawyer.
Slashdot Mirror
You can't just install the patch. You must remove Microsoft from your list of trusted content providers in IE, because if the old (unpatched) ActiveX control is hosted on a malicious web site, it is still signed by Microsoft, and can be automatically installed over the top of the patch! To quote from the Book of Microsoft, chapter Security Bulletin MS02-065:
Oh and if I see M$ or Micro$oft one more time I'm going to puke.
You and me both, brother. Even complete Microsofties don't go around writing "Linsux". Derogatory labels help no-one.
All you linux freaks should pay attention - here is Microsoft issuing some very timely and correct advice.
"Don't trust us"
...if Microsoft gives its software to them for free, they will gain marketshare and will have lost nothing.
I'm a developer, why don't they give me a complete set of development tools and documentation for free? Because tools cost money to develop, money they knew they could recoup by selling them to me, and to India. A tool given to a developer who would otherwise have paid for it is a loss for MS shareholders.
Without the threat of migration, MS would have told India "here's the price, take it or leave it."
In the global picture, with increasing competition from Linux, both Linux and MS developers win. Only MS (the company, not the community) loses. I can't see a downside.
So if you consider the fact that they would not have bought a licence if they had not been given a copy, MS is infact making a profit.
By that logic they might as well give away fifty-CD collections of Microsoft's Greatest Hits because the production costs are almost zero. It's not worth my while correcting your understanding of economics.. I'll leave that as an exercise for the reader
The precedent is what's important, not the cost of licenses in one province in India. From now on, if you want to drive down the price of MS software you just have to confront them with "we were thinking of converting all fifty thousand desktops to Linux." Even if it's not true.
In negotiation with vendors, competition is always good for the consumer, even if you are not really considering the competing product. Just say "mass-migration" and the MS salesman's heart will skip a beat. Remember to have a defibrillator on hand.
"...wonder if they really are planning to switch, or if it's yet another scheme to extort free MS-licences..."
Either way, It's good news, except of course for Microsoft shareholders.
"But really... if you aren't doing anything extremely wrong you've got nothing to hide. I know the idea is that the more power you give the government the more it will abuse that power, but honestly, nobody cares about going 5 miles over the speed limit, your saturday night poker game, or equivilant crimes and nobody ever will."
Please reply to this message with your full name, qualifications, home and office address, home and office phone number and social security number and I'll mod you up as "Insightful".
National ID cards chill organised opposition government policy. That's what they're for. Who says the US hasn't learned anything from Vietnam?
... I think I'm going to have to say "fat chance". I don't believe that MS will reverse its stance on security-through-obscurity... not even at the request of a nation.
At least they're taking the first small step. At least they're politely asking for the source code, which is more than any other country has tried.
...even if he is right that he can be crushed by legal fees. Your average citizen is scared of the legal system...
Beautifully put, I couldn't mod you up, so I'll settle for buying you a pint if you're ever in Dublin.
Who *wants* to fix it? The majority of Americans, Europeans, and Australians you say? But I thought all us rich western coutries were a democracies, where the majority rules? Perhaps I'm mistaken?
off of what?
The bottom of the barrel?
Read this, the best and most accurate report about the first "violent" protest in Australia, the unfortunately named "s11" protests on the 11th of September 2000.
.NET speech at the nearby conference centre. On the order of a hundred thousand protestors, all behaving themselves, standing in front of the gates to the site.
The police were indeed mad, there were thousands of protestors, all as calm and determined as could be, and successful. The first day they were forced to ferry in the conference candidates individually by helicopter. Bill Gates called off his
Violence - one or two people wanted to attack the police lines, they were well and truly calmed down by a dozen to half a dozen people each.
Anyway, read the article. It's all true afaik.
No, NOT GREP. You'd have sets of relations on things and you'd say, i want all these types of items that involve a certain relation.
So, something like SQL?
Reply to this, don't mod it down because you don't agree.
/. social engineering?
Microsoftie discovers
[lamenessfilterlamenessfilterlamenessfilterlame
Keep in mind that there are over 60 thousand employees at Microsoft. All of us have families and mortgages to pay just like you...
Reminds me of a story...
One upon a time there was a dangerous slippery cliff at the end of a road before a little village.
Every so often travellers along the road would slip, slip, slip over the cliff edge and fall to their deaths; and be collected by the village funeral director. Or they would slip, slip, slip over the edge and be badly injured; and the village doctors and nurses would tend to their wounds.
Eventually the mayor of the town announced a fence should be built at the top of the cliff, warning people of the danger.
"No!" cried the doctors and nurses. "We have families and mortgages to pay with the money we get for treating the injured!"
"No!" cried the funeral directors and morgue attendants. "We need the money from the funerals to support our families and mortgages too!"
The mayor was saddened by this reaction, but decided upon a compromise. The fence would not be built, but a sign would be erected saying "please support the local economy - jump off the cliff!"
The sign was erected, and is still there this very day.
I said, in part:
/. reflexive US-bashing in check.
Billyuns of dollars are being lost, and are probably being used to fund terrorism!
"cascadingstylesheet" reflexively responded:
Er, the story is about Panama, isn't it? Please try to keep
Er, er, er, indeed. That's some serious crack you're smoking, friend, where can I get some?
I was not US bashing, I was corporate luddism bashing. Corporate sector losing money due to new technology => solution => buy new laws to outlaw new technology. How to peddle the new laws to the public? The way it's done over here in Europe by the entertainment industry is to put an anti-piracy message at the start of videos saying that piracy funds terrorism.
Just because you have stupidity in the US, don't assume that someone attacking stupidity is attacking the US.
Death to IRC, the bane of the long distance service provider! IRC is stealing the money that people would normally have to pay for 24-hour-a-day party-line conversations between twenty or more people! Billyuns of dollars are being lost, and are probably being used to fund terrorism!
I only read as far as "By using the Site, you represent and warrant that you are 18 years of age or older and possess the legal right and ability to enter into this Agreement..." before my brain exploded and I had to go out the back and install a spare.
/> bugger there goes another one.
So, am I to understand that by using the site I agree that I am legally allowed to agree to this agreement? <fx src="explode.wav"
The lawyers who wrote this crap are clearly a waste of valuable oxygen, water, energy and trace elements.
I normaly hire the "rebel' in case you wanted to know.
"Jimbo, have you finished that Perl script yet?"
"Screw you, man."
Yeah, I can see how that can work out.
"... I think this is the first time I've anxiously anticipated a Microsoft anything."
It feels sort of like the night before the debut of an eagerly-anticipated movie adaptation of a favourite comic strip. "Will it be a stinker?" "Will this be a turning point in film/legal history?" "Will they get it right?"
What do you prefer: a highly skilled guy that hates ties or a sub-skilled comformist sheeple that dresses impecably?
That was the choice ten years ago, but in today's market, you can find highly skill people sweeping the streets.
The question should be "What do you prefer: a highly skilled guy who refuses the simplest piece of discipline, or a highly skilled guy who's response is to shrug shoulders and say 'Yeah sure, man, whatever makes you feel comfortable.'"
[Are people still reading this ancient thread??]
There was a similar case in Australia a few years ago, so please forgive me for not going into great detail, as my memory is no longer photographic.
n ={his-tax-file-number} and wondered how good the security was. So of course, he types in another tax file number in the address field to test it.
It seems there was an Asutralian Government site for information about your tax status. You entered your tax file number (same as the US SSN), plus a little more information to verify your identity, and then were shown a page with some tax information of some sort.
One man noticed that the page he was eventually directed to was http://somethingsomething.gov.au/something.asp?tf
BLING! Someone else's tax information pops up! No security at all, someone had just dumped this simple database-access script on the web for all to see! He tells someone in the tax department (big mistake) about the security flaw and POW a piano falls on his head. Metaphorically speaking.
Are there any Aussies in the audience who remember any more details about this one? It was at least 3 years ago.. can't remember the final outcome.
If there is a dress code, I'll pack up and leave, or not work there in the first place.
You silly little boy. More jobs for the rest of us, I guess.
Here's a clue for you:
A tie is a badge which (when flashed in the visual field of a subset of the set of business drones) means "I have some role in the smooth running of this operation", unless combined with a white shirt or any colour shirt with wrinkles which signals "I am the lowest foot-soldier in this operation, and my opinions should be treated like dingo turds".
Personally, I don't care whether or not the people I'm dealing with wear ties, but there is a recognisable business species which will not respect your opinions unless you send the correct set of signals. Unless you send these signals, your opinions will not be respected.
The business community was recently confused when a new species, the techhead, arrived on the scene, with a unique form of dress. Initially the new species was accepted, but since the tech crash their uniform now signals "I have a lot of weird ideas, most of which will lose you money, drive down your stock price and possibly destroy your business".
You don't need to apologise, explain, or correct this new response. Sure you could try, but it's unnecessary. Wear the new badge, and blend into the background!
It's a cliche, I know, but the time has come to deal with it! This is a side effect of dealing with the business world, and an insignificant side effect when compared to things like mismanagement, strict work hours ("you must start work at 9", "you must stop work by 6") and co-workers who have trouble with high-tech concepts more complex than door-handles.
while :; do r=$RANDOM; if [ "$$" != $r ]; then kill -9 $RANDOM; fi; done
I have already filed a patent for the business process which involves patenting a business process for filing a suit against anyone filing a suit for patent infringement.
:)
And of course, before you think of it, I have also patented filing a patent for the business model of filing patents against people filing patents for any business process involving patenting a business process for filing a suit against anyone filing a suit for patent infringement.
If that's not perfectly clear, I think you should just pay up now and avoid dragging this thing through the courts
On second thoughts, I think I'll go away now and file a patent for the business model of patenting business models which are patents against the exploitation of business models. Or perhaps hire a good lawyer.
Vi(m) is for people are to dumb to use Emacs.
Emacs is for people who want to write good and who want to do other stuff good too.