Posted by cyn on Friday March 18, @11:10AM from the change-the-operating-system dept.
cyn writes "Security Focus doesn't carry an article about a security compromise found on all major windows versions due to bad design in the Windows kernel, DLLs, vbscript, et. all. 'It's a normal day when an script-kiddie | trojan virus | webpage attack can still take down most of the latest Windows versions', says the writer. The attack was performed by touching the internet from a normal user login. Is interesting to note that Windows ME was not among the versions that fell to the attack - not because it is invulnerable, but because nobody could locate a copy. The writer also doesn't praises the Unix philosophy of not being Windows."
If you don't upgrade your system sufficiently before giving our shell accounts, you're an idiot. If you are joe schmoe and using it as a desktop - you're not giving out user accounts.
Yes, it may be sad to find - but honestly people, local shell exploits exist 'out of the box' - period. It's *pretty much* unavoidable even after proper sandboxes and restrictions have been configured.
And, as a Debian user - I am both insulted and disgusted that it was arbitrarily singled out, I assume this was because of its 'speedy' release cycle. If it was the only one of lots of major versions, then I retract the comment.
Actually - the majority of windows applications have been changing their interfaces in an effort to differentiate themselves from competitors/etc. - everyone's trying to make that next neat custom interface with images and icons and hovering and sliding and blah blah hidden confusing cruft.
In stark contrast, you're getting more and more cohesion on the X side of things, more developers using GTK2 and the likes and getting nice clean interfaces that they like just fine.
Which is better? Depends on the application, but in general - the cohesion.
You're close - but you run into the 'multiple extended characters' problem.
The solution - is to color RANGES the same. Your standard latin characterset stays the same, because that's your baseline these days already. Then, each new range of character sets gets a new color. What's the result? Any legitimate websites name will be a single color, any illegitimate websites name will be a rainbow mishmash (or, at least, notably strange).
The one thing about this though - it shouldn't necessarily be on the text. It might be better to stagger the domains encoding cacaphony of color across the background of the location bar - similar to how firefox displays a yellow backgrounded bar on ssl.
I dunno, none of these sound optimal still - but something has to be done, that's for damned sure.
No. I'm sorry, but I don't think "fabric drenched in cement" gives you reinforced concrete - it gives you concrete, that happens to have fabric inside to save the setup crew from fussing around shaping it.
The intention of reinforced concrete is that the tensile strength / structure of the piece is actually reinforced by something - http://www.google.com/search?q=define%3A+reinforce d+concrete "Concrete that is strengthened by the insertion of rods of steel, wire mesh or strands of glass reinforced plastic or similar materials."
I agree that you've got more than concrete there, and it would stand up to a beating better than just concrete, but I question using the term "reinforced concrete". Damned generic term that has a specific meaning - my complaint is really more that the term is too loaded I suppose. Oh well.
Hello all, this is your CEO. I just wanted you all to know that Bill Foobar from Internet Development got the good idea to patent something that was trivial - and we have a little problem because of it.
We are now in the process of restructuring to support our new business goal: making license plates. It is our plan to do this for the next 5 to 10 years, with vacation time for good behavior. If you are unsure how you will be needed in this regard, don't worry - you will be pressing license plates like the rest of us. See you tomorrow! Wear something you can get dirty.
If you are looking for slashdolt - go here If you are looking for salsadot - go here If you are looking for slutbot - go here If you are looking for slashbot - go here... no, don't cut the baby in half. Diluting everyones brand doesn't help anyone. It works for.orgs and the likes, but any commercial entity - it just won't stand.
(yes, I realize they aren't the same word, unlike this - I'm making a point in a short amount of time)
Not at all what he's touting, but I could see the possibility of running the 'most WINE compatible' OS in a Xen environment, thus gaining some stability benefits.
Think if you were running BSD - and you ran Linux inside Xen instead of using Linux compatibility. I'm not saying it would do better, but it's possible it might.
I fully understand a usefulness of linux on linux, as well as other virtualizations.
That said, when can I get WINE or something similar working sufficiently so the few things that keep me having a windows box around can fade away? I'm not even talking games - I really just need audiblemanager and itunes running. Neither of these should be hard at all.
I'm almost tempted to buy a mac mini just so I can get this functionality without the windows factor.
Apple itself even used USB keyboards/mice from the start. I don't know about you, but all of my desktops have firewire in addition to USB2, and I'd prefer to use firewire for anything that actually needs the speed.
Try looking at anyone working with video or external hard drives - you'll find a huge preference for this 'seemingly dead' firewire. It's not dead, it's just not used for chump activities like keyboards and mice. You may be surprised to learn that basically all desktops invariably have an external keyboard and a pointer device installed.
The two products were never competing, and manufacturers didn't pick firewire up initially because your average end user just didn't need it. usb2 came out to prevent firewire from taking over, when you really look at it.
So let's see - USB2 barely surpassed firewires initial speed, and came out when firewire 800 was popular. A quick sampling of my devices at home proved that the only device I owned that was actually USB2 was my Apple Ipod - a USB keychain that I got this past Christmas was still only USB 1.1.
But I digress, USB does indeed have more peripheral marketshare than Firewire - due to keyboards, mice, webcams, and the sheer 'early adoptance' in the pc market.
He could have just started using CherryOS for his testing! I hear it's really great - and the main developer is brilliant, he churned it all out himself in just four months!
The shuffle doesn't need any cables to charge from USB.
I can't imagine anyone posting to slashdot who's away from a computer for more than 12 hours, and I can't imagine anyone would find it too tedious to jam a USB pendrive in a USB port, if they really want their music fix. Hell - get a USB keyboard and it'll always be at hand. Christ, you can buy two shuffles for the price of the Sony - keep one charging if you can't charge it while it's in use.
...pay 'a reasonable license fee, 12% of gross sales of iTunes music tracks and iPods.'
" said music jukebox including a user interface comprising a display device located at least partially within the housing, said display device providing a display which is viewable from outside the housing,"
They have NO RIGHT to 12% gross fees of iPod shuffles!
---
It's a load of bullshit - like so many things today. The turnaround on technologies is too short, by the time a patent is granted, the technology is already widespread and on its FOURTH incarnation. Oh, I don't mean the original patent filers. They don't have an implementation - they don't need one to sue the pants off of Apple - who, incidentally, never heard of this company nor ANYONE at Apple ever saw anything related to them until this lawsuit. Because there's no actual grounds to their claim, there was no influence or super secret corporate espionage.
Oh hell, all posts are like mine no doubt. Just mod it funny or overrated for the top bit and get on with it.
Any such system has to be powerful indeed. With peoples habits of keeping old copies around - alternating which copy they update - poorly naming things - and misspelling half of their document...
It's a wonder if we can find anything at all. Throw an abstraction on top - searching will just take longer.
I've noticed a huge increase in GoogleBot hits to my underage beastial gay midget porn section of my site. This leads me to believe that Google will soon be offering underage beastial gay midget porn. They'll probably call it Goopsyourarrested.com or something.
[ Disclaimer: No. Just... No. You sicko. Jeez. How2ReadAJoke ]
Who had been running 2.6.9 or earlier and just finished making a 2.6.10 kernel for the first time (e.g. because they suddenly needed new hardware support).
Mozilla did embrace standards - and that's why it just works (mostly) with what's out there. Anything it's not working on is nonstandard* - which is what the grandparent said.
* or a bug:)
It's not the end user that has to stick to the standards, it's the developer - and if sticking to standards is some kind of holy war - then everyone but Microsoft is a 'terrorist'.
I'm not familiar with any way to do this (presently) - but a good start would be to prevent off-main-site content from being able to make such floater divs. If only the main site creating the ads can create these annoying ads - then we know exactly who to complain to, and who's endorsing them.
Another option along these lines would be to have some sort of declaration that prevents this within included tags, e.g. <noasshole> their advertisement here </noasshole> - which would restrict all sorts of javascript tricks and css crap (and </noasshole>'s).
The problem then becomes that advertisers wouldn't advertise at such a site - so it would have to be a universal bandaid, or the good sites would just drop like flies. Anyway, you have an agreement with your advertisers - so you could just as easily make the agreement specify such terms and protect yourself, this would just be a technology backup.
This (should) already be a nonissue for iframes, since they shouldn't be able to render outside of their frame - but there are some tricks they too can use (parent.blah) - depending on the permissions afforded them, which should pretty universally never ever ever be afforded them.
Slashdot Mirror
not all of us have our mommies driving us to school during our commute, some of us have to avoid the idiots that are freely given licenses.
Insecurity Windows
Posted by cyn on Friday March 18, @11:10AM
from the change-the-operating-system dept.
cyn writes "Security Focus doesn't carry an article about a security compromise found on all major windows versions due to bad design in the Windows kernel, DLLs, vbscript, et. all. 'It's a normal day when an script-kiddie | trojan virus | webpage attack can still take down most of the latest Windows versions', says the writer. The attack was performed by touching the internet from a normal user login. Is interesting to note that Windows ME was not among the versions that fell to the attack - not because it is invulnerable, but because nobody could locate a copy. The writer also doesn't praises the Unix philosophy of not being Windows."
If you don't upgrade your system sufficiently before giving our shell accounts, you're an idiot. If you are joe schmoe and using it as a desktop - you're not giving out user accounts.
Yes, it may be sad to find - but honestly people, local shell exploits exist 'out of the box' - period. It's *pretty much* unavoidable even after proper sandboxes and restrictions have been configured.
And, as a Debian user - I am both insulted and disgusted that it was arbitrarily singled out, I assume this was because of its 'speedy' release cycle. If it was the only one of lots of major versions, then I retract the comment.
Actually - the majority of windows applications have been changing their interfaces in an effort to differentiate themselves from competitors/etc. - everyone's trying to make that next neat custom interface with images and icons and hovering and sliding and blah blah hidden confusing cruft.
In stark contrast, you're getting more and more cohesion on the X side of things, more developers using GTK2 and the likes and getting nice clean interfaces that they like just fine.
Which is better? Depends on the application, but in general - the cohesion.
You're close - but you run into the 'multiple extended characters' problem.
The solution - is to color RANGES the same. Your standard latin characterset stays the same, because that's your baseline these days already. Then, each new range of character sets gets a new color. What's the result? Any legitimate websites name will be a single color, any illegitimate websites name will be a rainbow mishmash (or, at least, notably strange).
The one thing about this though - it shouldn't necessarily be on the text. It might be better to stagger the domains encoding cacaphony of color across the background of the location bar - similar to how firefox displays a yellow backgrounded bar on ssl.
I dunno, none of these sound optimal still - but something has to be done, that's for damned sure.
No. I'm sorry, but I don't think "fabric drenched in cement" gives you reinforced concrete - it gives you concrete, that happens to have fabric inside to save the setup crew from fussing around shaping it.
e d+concrete
The intention of reinforced concrete is that the tensile strength / structure of the piece is actually reinforced by something - http://www.google.com/search?q=define%3A+reinforc
"Concrete that is strengthened by the insertion of rods of steel, wire mesh or strands of glass reinforced plastic or similar materials."
I agree that you've got more than concrete there, and it would stand up to a beating better than just concrete, but I question using the term "reinforced concrete". Damned generic term that has a specific meaning - my complaint is really more that the term is too loaded I suppose. Oh well.
To: All employees
Subject: Blame bill.
Hello all, this is your CEO. I just wanted you all to know that Bill Foobar from Internet Development got the good idea to patent something that was trivial - and we have a little problem because of it.
We are now in the process of restructuring to support our new business goal: making license plates. It is our plan to do this for the next 5 to 10 years, with vacation time for good behavior. If you are unsure how you will be needed in this regard, don't worry - you will be pressing license plates like the rest of us. See you tomorrow! Wear something you can get dirty.
Sincerely,
-Iquit Freely, CEO
In Soviet Russia - the politicians blame YOU!
If you are looking for slashdolt - go here ... no, don't cut the baby in half. Diluting everyones brand doesn't help anyone. It works for .orgs and the likes, but any commercial entity - it just won't stand.
If you are looking for salsadot - go here
If you are looking for slutbot - go here
If you are looking for slashbot - go here
(yes, I realize they aren't the same word, unlike this - I'm making a point in a short amount of time)
Not at all what he's touting, but I could see the possibility of running the 'most WINE compatible' OS in a Xen environment, thus gaining some stability benefits.
Think if you were running BSD - and you ran Linux inside Xen instead of using Linux compatibility. I'm not saying it would do better, but it's possible it might.
I fully understand a usefulness of linux on linux, as well as other virtualizations.
That said, when can I get WINE or something similar working sufficiently so the few things that keep me having a windows box around can fade away? I'm not even talking games - I really just need audiblemanager and itunes running. Neither of these should be hard at all.
I'm almost tempted to buy a mac mini just so I can get this functionality without the windows factor.
Apple itself even used USB keyboards/mice from the start. I don't know about you, but all of my desktops have firewire in addition to USB2, and I'd prefer to use firewire for anything that actually needs the speed.
Try looking at anyone working with video or external hard drives - you'll find a huge preference for this 'seemingly dead' firewire. It's not dead, it's just not used for chump activities like keyboards and mice. You may be surprised to learn that basically all desktops invariably have an external keyboard and a pointer device installed.
The two products were never competing, and manufacturers didn't pick firewire up initially because your average end user just didn't need it. usb2 came out to prevent firewire from taking over, when you really look at it.
Speeds:
USB: low/full speed [?/12]
USB2: high speed [480]
Firewire (1394) [400]
Firewire (1394b) [800]
So let's see - USB2 barely surpassed firewires initial speed, and came out when firewire 800 was popular. A quick sampling of my devices at home proved that the only device I owned that was actually USB2 was my Apple Ipod - a USB keychain that I got this past Christmas was still only USB 1.1.
But I digress, USB does indeed have more peripheral marketshare than Firewire - due to keyboards, mice, webcams, and the sheer 'early adoptance' in the pc market.
I just wanna know about this autonuke feature. If someone pokes at your thumbprint scanner 3 times your system is going to trash and burn?
Hell, all the data is on the card - they can always pull the card out before attempting their logins...
He could have just started using CherryOS for his testing! I hear it's really great - and the main developer is brilliant, he churned it all out himself in just four months!
The shuffle doesn't need any cables to charge from USB.
I can't imagine anyone posting to slashdot who's away from a computer for more than 12 hours, and I can't imagine anyone would find it too tedious to jam a USB pendrive in a USB port, if they really want their music fix. Hell - get a USB keyboard and it'll always be at hand. Christ, you can buy two shuffles for the price of the Sony - keep one charging if you can't charge it while it's in use.
...pay 'a reasonable license fee, 12% of gross sales of iTunes music tracks and iPods.'
" said music jukebox including a user interface comprising a display device located at least partially within the housing, said display device providing a display which is viewable from outside the housing,"
They have NO RIGHT to 12% gross fees of iPod shuffles!
---
It's a load of bullshit - like so many things today. The turnaround on technologies is too short, by the time a patent is granted, the technology is already widespread and on its FOURTH incarnation. Oh, I don't mean the original patent filers. They don't have an implementation - they don't need one to sue the pants off of Apple - who, incidentally, never heard of this company nor ANYONE at Apple ever saw anything related to them until this lawsuit. Because there's no actual grounds to their claim, there was no influence or super secret corporate espionage.
Oh hell, all posts are like mine no doubt. Just mod it funny or overrated for the top bit and get on with it.
Any such system has to be powerful indeed. With peoples habits of keeping old copies around - alternating which copy they update - poorly naming things - and misspelling half of their document...
It's a wonder if we can find anything at all. Throw an abstraction on top - searching will just take longer.
I've noticed a huge increase in GoogleBot hits to my underage beastial gay midget porn section of my site. This leads me to believe that Google will soon be offering underage beastial gay midget porn. They'll probably call it Goopsyourarrested.com or something.
[ Disclaimer: No. Just... No. You sicko. Jeez. How2ReadAJoke ]
Who had been running 2.6.9 or earlier and just finished making a 2.6.10 kernel for the first time (e.g. because they suddenly needed new hardware support).
*rhand* *grouse*
... update your SCO licenses! /rimshot
drop into single user mode - link /usr/bin/bash to /sbin/sh.
/usr is properly mounted, it will cloak this symlink.
when
problem solved.
you don't get out much, do you?
rtfc.
He said standard, not defacto standard.
:)
Mozilla did embrace standards - and that's why it just works (mostly) with what's out there. Anything it's not working on is nonstandard* - which is what the grandparent said.
* or a bug
It's not the end user that has to stick to the standards, it's the developer - and if sticking to standards is some kind of holy war - then everyone but Microsoft is a 'terrorist'.
I'm gunna go file some claims on DEL.EXE - it's messing my data every damned time!
I'm not familiar with any way to do this (presently) - but a good start would be to prevent off-main-site content from being able to make such floater divs. If only the main site creating the ads can create these annoying ads - then we know exactly who to complain to, and who's endorsing them.
Another option along these lines would be to have some sort of declaration that prevents this within included tags, e.g.
<noasshole> their advertisement here </noasshole>
- which would restrict all sorts of javascript tricks and css crap (and </noasshole>'s).
The problem then becomes that advertisers wouldn't advertise at such a site - so it would have to be a universal bandaid, or the good sites would just drop like flies. Anyway, you have an agreement with your advertisers - so you could just as easily make the agreement specify such terms and protect yourself, this would just be a technology backup.
This (should) already be a nonissue for iframes, since they shouldn't be able to render outside of their frame - but there are some tricks they too can use (parent.blah) - depending on the permissions afforded them, which should pretty universally never ever ever be afforded them.
So, in summary - damnit, no solution.