Let's hope that all these bugs are taken care of in the other browsers quickly before the black hats find ways to make use of them.
I'm not sure about mozilla_crash2.html (and nobody seems to be crashing on mozilla_crash3.html) but at least mozilla_crash1.html is not exploitable. The problem was simply the effect of writing:
T* elt = 0; elt->func();
which crashes, but isn't a write to random memory of any sort, so it isn't really exploitable beyond crashing the browser.
Why should a marketing person have to know what thier "desktop" is called?
Their computer breaks down and they call the IT department. The man on the other end of the phone says: "Now click on program xxx on the desktop..." Basic knowledge. Also, many terms for things are good to know when talking to people. It isn't necessary for someone to actually know *how* the desktop is displayed or how to change it, but they should know how to get there, what it does, and how to use it.
Also, why do I have to spend 1hr. trying to explain how to save a file to a floppy disk to someone? Is this something else that is unnecessary to learn? People need to learn some basic things, no matter what you do. How do you start a car? How do you operate the clutch? All of these questions assume that you know basic terminology for the car. They are all basic concepts, and they all are questions that one must learn the answer to.
Probably not: if the purpose to make more money, then they would probably try to keep the income from the ads and then add it to the new inflow of cash.
"If instead of calling GM I phoned the local TV stations and demonstrated the problems - do you think that would speed up a GM recall? I sure do.
Does this hurt the corporation? Yes. But then it was the corporation that created the exploit, or failed to close it. You reap what you sow."
Yes, but how do you explain to all of the innocent drivers whose cars were stolen because you just told the world how to do so. It isn't quite so easy to patch a car as it is to patch a program.
Alternatively (and this has been done by another company to MS I believe, although both the exploit and the company I can't recall at the moment), one could go to the company and tell them about their product. If the company fails to act on it, and instead delays, you could release it to the world (media/etc.) Which would tell the world as you suggested. (you still have the problem of all of those people who lose their cars because you happened to tell some jerk how to break into their car).
BTW, if you happen to work for GM and you tell the media, you'd also probably lose your job.
In this specific scenerio, however, I don't believe your answer quite works. Although the vast majority of/. readers know and understand what a security hole is, I doubt that as many AIM users know. I also believe that a vast majority of them wouldn't even know to visit the site and find out how to protect themselves. And even assuming that they DID go to that site (by chance, misclicking on a link etc.) there is a large chance that they won't understand how to use a patch. Just because they aren't using the AOL client doesn't necessarily mean they understand what they do. I know plenty of people who don't use AOL, but instead use the regular internet like it was AOL (visiting only 2 sites, and retreating if they leave them). Asking them to download another program and install a patch would be light years beyond their comprehension.
OTOH, the people who are "hackers," and will use exploits like this are extremely likely to visit the site. They probaby have already started to use this information to hit unsuspecting users.
I do agree that it might be easy for a lot of us to download a patch and protect ourselves against such things, however, in certain cases, such as this, it is the "enemy" (hacker) who is helped more.
I think I'm going to need a new job, sell my house, sell my stereo... Once anybody in the commercial world gets a hold of this, you know no-one will be able to afford it.
I went to see Kiss of the Dragon and got exactly what I expected from a Jet Li martial arts film: a lot of blood, not a lot of plot, and a girl who 'loves' him in the end. The only two things that made that movie bearable for me was the fact that he had some humorus lines, and the fact that it was funny laughing at the girls next to me that would scream when he took off his shirt. If these movies are anything like Kiss then I've seen them already. Most of these movies seem to have the same plot twists anyway. And...let me guess...the final fight: it seems the good Jet Li will lose, before he comes back with some other-worldly strength and starts kicking ass again. I knew it. I've 'seen' it.
For the first 90 days you can: "the United States, call (425) 635-7222, 6:00 A.M. to 6:00 P.M. Pacific time, Monday through Friday, excluding holidays. In Canada, call (905) 568-4494, 8:00 A.M. to 8:00 P.M. eastern time, Monday through Friday, excluding holidays. Toll charges may apply.
" - Microsoft Help file on 'technical support' they also have other options such as 'pay-per-incident' which allows you support after 90 days. Its US$35 per incident (perhaps a bit steep for a home user) but not TERRIBLE for a large corperation.
Probably because MS would probably put some MS twist into its own personal VM. And besides, you have to download the Quicktime plugin from Apple. Same idea.
People could continue to use windows albeit without a guaranteed upgrade cycle.
What is keeping Microsoft amongst the web servers out there? Unbreakable software? Far from. However, it is continually being upgraded for each bug. People can call up Microsoft, and expect someone on the other end of the line to be able to help them with their problem. For many Linux releases, this is hard to find. IF someone does pick up the upgrade train, Windows will still be around, but I can't see Windows functioning properly as a major power for large corperations without the Microsoft backing.
Sorry, I was unclear. I was pointing out the lack of other operating systems (based on non-Apple) machines that could take Windows' place if Microsoft is punished so badly it (or whatever fragment) is unable to support it. It would leave a rather large void. My point was quite the opposite. Your grandma can't program scripts. However, Linux is mainly (as far as I understand it) for the crowd that can. Most programs require compiling before installing! How many 'average' Windows can do THAT?
Perhaps I'm mistaken, but it seems to me that the breakup of Microsoft (or another dehabilitating blow to the company) might be the worse thing that could happen for the economy. Ironically (IMHO) the breakup of Microsoft would lead a void that at the moment, no other company can fill. Microsoft/Apple made things so user friendly, that if an 'average user' picked up a Linux box, they might have difficulty learning all of the commands (or installing for that matter). OS/2 Hasn't been in strong competition, and many other operating systems don't have the single-user user-friendlyness that Microsoft had achieved.
There isn't really there to take Microsoft's place.
According to the article, the web sites themselves fill out the rating forms. I have to wonder what happens if a site lies (quite possible) on its form. What is stopping slashdot.org giving itself the rating of a Disney site? From what I read in the article, it would seem the answer is nothing. Perhaps I missed something here?
They are STILL afraid of breaking things, which is unfortunately still a valid fear.
I believe that Windows does everything in its power to prevent the "average Joe" from "breaking" the computer. In normal use, (aka accessing files/programs via the Start Menu and desktop icons and browsing the web using Internet Explorer (accessed again from the desktop or start menu)) the user does not ever risk corrupting data (I'm excluding program crashes here) by misclicking a button. And if they do misclick somewhere and manage to open a window they don't know (another program perhaps) they can always look for the 'big X' to exit it. OR if things get really hairy, you can always do a Start>Shutdown>reboot and start from scratch.
Perhaps there are other situations I haven't seen that might cause the user just doing these things to "break" the machine to unusability, but I think they are rare and far between. Therefore, I think this fear is based on inexperience, and is not as valid as you suggest.
Perhaps you might mention the lack of critisism of open source software. It seems to me that mostly the people who know enough about it to give an opinion love it. However, the other 'average joe' that MS etc. write programs for might have a different opinion. I don't doubt that this isn't true 100% of the time, but it does hold true for at least a moderate percentage. It's written for its target audience.
Generally, any online trasaction is risky. Heck, every transaction you make is a chance for someone to steal your credit card number. Unfortunately, in RL(TM) it is possible to follow up on the person/entity. On eBay, it is just as possible, if not more to do so, and because the person doesn't know who the seller is, the seller can dissappear without a trace. *bad* people are attracted to this, and I'll bet hundreds of people are scammed each day, however only the ones that lose big get posted. It would be interesting to see if eBay acutally responds to this.
I've only bought one thing on eBay, and after checking up on the sellers history; they had sold about 75 items, all with good remarks from the buyers. Generally, however, I use amazon.com or another site whom I've bought from.
This controller, although it looks completely insane, is completely sane for the reason that it was built: to help someone play Phantasy Star Online better. In fact, I could see many uses for it if a lot of games start going online. Can you imagine attempting to DM some goulish monster and try to type out a message for help on a standard 4-5 button gamepad? It would be almost to completely impossible. Perhaps it looks strange now, but I can definately see multiple uses for such a controller sometime close in the future.
Just my $0.02 worth
The article doesn't mention an extremely important fact: what the judge actually found wrong with the lottery. It is also extremely interesting that the person who filed the suit to stop the lottery was attempting to get a.biz domain. Personally I feel that he was just trying to get a free/cheap domain, and skirt the lottery. Of course it is possible that I'm wrong, but without more information, I cannot tell.
Unfortunately, you are indeed correct, and in fact, most of this mess was caused by US interference in the Middle East, and to make matters worse (and yes we did do this in 'Latin America') we just left when we saw fit. Now, we're having to face up to it. I think that Pres. Bush is doing his best to solve one problem at a time. It simply isn't his fault that almost 2 decades before a CIA director decided to be an idiot and meddle in things he shouldn't have. Now he is cleaning up for that person's act. Perhaps once he has finished cleaning up things, he can turn his attention inward, however, I highly doubt that will happen.
I'll pass on the extradition thing, as you asked:-)
President Bush said today in a speech that he was also looking for Ladin's network in other nations; in other words, he wasn't stopping at Bin Ladin. I believe that he knows just as well as many people that Bin Ladin's trial/death wouldn't stop terrorism. Although he is declaring war on the Taliban specifically to hand over Bin Ladin, he also says that he is willing to attack any other nation that harbors terrorists (not a quote). It seems to me, that basically what he is saying is that he will get Bin Ladin, then he will get his organization (not necessarily in that order), which is a large difference from just one man.
I'd better explain myself because I've contradicted myself here:\. He is attacking the Taliban/Afganistan for [not handing over] Bin Ladin. He is willing to attack any other country that harbors Bin Ladin's group. To me, this is a significant difference. It signifies that his war is on more than just one person, as you suggest.
This has been touched in a couple of other posts (in a more humorous light), but the User's Guide never specifies how the phone attempts to keep you from being tracked. I think that a little more information from somewhere might be in order before I go to use this phone. Perhaps even a mention of if they encrypted it, or even just a reassurence that they have made it difficult (as just about any type of hacking is possible) for hackers to find out my whereabouts would be enough for me.
It occurs to me that purist Star Wars fans might object to other humans calling themselves Jedi Knights. A Jedi Knight implies that the person has mastery of The Force, an as-of-yet non-existant force-field around (and through) everything and everybody. Nobody has been able to even sense this on Earth, much less control it. Therefore, by Star Wars standards, nobody can be one.
On the other hand, it is also an interesting concept in the fact that a Jedi is also completely calm, and in tune with his/her environment. By this definition, it might do some people good to attempt to be calm and in tune; they might be able to think their way more clearly, and act on less rash thoughts. If they define themselves this way, then it might not offend as many people. I believe that some people will still be irked by someone calling themself a Jedi Knight.
I currently give lessons at my local library to people who have never even seen a computer before, much less anything as complicated as an 'Open With' dialog box. They still have trouble coming up with the idea that right clicking brings up a little menu, and left clicking selects. I can see where this article is coming from, but even giving users (such as the ones I teach) the option for, say 20 file types, even in in plaintext is stretching things too far. They don't care what they use so much as that they can use it.
Just my $0.02 worth, but I don't think that the users who can't get the open with dialog box in the first place would even bother.
Slashdot Mirror
You missed a step:
5. Profit!
Their computer breaks down and they call the IT department. The man on the other end of the phone says: "Now click on program xxx on the desktop..." Basic knowledge. Also, many terms for things are good to know when talking to people. It isn't necessary for someone to actually know *how* the desktop is displayed or how to change it, but they should know how to get there, what it does, and how to use it.
Also, why do I have to spend 1hr. trying to explain how to save a file to a floppy disk to someone? Is this something else that is unnecessary to learn? People need to learn some basic things, no matter what you do. How do you start a car? How do you operate the clutch? All of these questions assume that you know basic terminology for the car. They are all basic concepts, and they all are questions that one must learn the answer to.
Probably not: if the purpose to make more money, then they would probably try to keep the income from the ads and then add it to the new inflow of cash.
Yes, but how do you explain to all of the innocent drivers whose cars were stolen because you just told the world how to do so. It isn't quite so easy to patch a car as it is to patch a program.
Alternatively (and this has been done by another company to MS I believe, although both the exploit and the company I can't recall at the moment), one could go to the company and tell them about their product. If the company fails to act on it, and instead delays, you could release it to the world (media/etc.) Which would tell the world as you suggested. (you still have the problem of all of those people who lose their cars because you happened to tell some jerk how to break into their car).
BTW, if you happen to work for GM and you tell the media, you'd also probably lose your job.
OTOH, the people who are "hackers," and will use exploits like this are extremely likely to visit the site. They probaby have already started to use this information to hit unsuspecting users.
I do agree that it might be easy for a lot of us to download a patch and protect ourselves against such things, however, in certain cases, such as this, it is the "enemy" (hacker) who is helped more.
Just my $0.02 worth.
I think I'm going to need a new job, sell my house, sell my stereo... Once anybody in the commercial world gets a hold of this, you know no-one will be able to afford it.
I went to see Kiss of the Dragon and got exactly what I expected from a Jet Li martial arts film: a lot of blood, not a lot of plot, and a girl who 'loves' him in the end. The only two things that made that movie bearable for me was the fact that he had some humorus lines, and the fact that it was funny laughing at the girls next to me that would scream when he took off his shirt. If these movies are anything like Kiss then I've seen them already. Most of these movies seem to have the same plot twists anyway. And...let me guess...the final fight: it seems the good Jet Li will lose, before he comes back with some other-worldly strength and starts kicking ass again. I knew it. I've 'seen' it.
Perhaps they'll release the buggy parts, and people will fix it? *breaks out of dream* nah, too good to be true (non-buggy MS product).
For the first 90 days you can: "the United States, call (425) 635-7222, 6:00 A.M. to 6:00 P.M. Pacific time, Monday through Friday, excluding holidays. In Canada, call (905) 568-4494, 8:00 A.M. to 8:00 P.M. eastern time, Monday through Friday, excluding holidays. Toll charges may apply. " - Microsoft Help file on 'technical support' they also have other options such as 'pay-per-incident' which allows you support after 90 days. Its US$35 per incident (perhaps a bit steep for a home user) but not TERRIBLE for a large corperation.
Probably because MS would probably put some MS twist into its own personal VM. And besides, you have to download the Quicktime plugin from Apple. Same idea.
What is keeping Microsoft amongst the web servers out there? Unbreakable software? Far from. However, it is continually being upgraded for each bug. People can call up Microsoft, and expect someone on the other end of the line to be able to help them with their problem. For many Linux releases, this is hard to find. IF someone does pick up the upgrade train, Windows will still be around, but I can't see Windows functioning properly as a major power for large corperations without the Microsoft backing.
Sorry, I was unclear. I was pointing out the lack of other operating systems (based on non-Apple) machines that could take Windows' place if Microsoft is punished so badly it (or whatever fragment) is unable to support it. It would leave a rather large void. My point was quite the opposite. Your grandma can't program scripts. However, Linux is mainly (as far as I understand it) for the crowd that can. Most programs require compiling before installing! How many 'average' Windows can do THAT?
There isn't really there to take Microsoft's place.
Just my $0.02 worth
Just my $0.02 worth
I believe that Windows does everything in its power to prevent the "average Joe" from "breaking" the computer. In normal use, (aka accessing files/programs via the Start Menu and desktop icons and browsing the web using Internet Explorer (accessed again from the desktop or start menu)) the user does not ever risk corrupting data (I'm excluding program crashes here) by misclicking a button. And if they do misclick somewhere and manage to open a window they don't know (another program perhaps) they can always look for the 'big X' to exit it. OR if things get really hairy, you can always do a Start>Shutdown>reboot and start from scratch.
Perhaps there are other situations I haven't seen that might cause the user just doing these things to "break" the machine to unusability, but I think they are rare and far between. Therefore, I think this fear is based on inexperience, and is not as valid as you suggest.
Just my $0.02 worth
Just my $0.02 worth
I've only bought one thing on eBay, and after checking up on the sellers history; they had sold about 75 items, all with good remarks from the buyers. Generally, however, I use amazon.com or another site whom I've bought from.
This controller, although it looks completely insane, is completely sane for the reason that it was built: to help someone play Phantasy Star Online better. In fact, I could see many uses for it if a lot of games start going online. Can you imagine attempting to DM some goulish monster and try to type out a message for help on a standard 4-5 button gamepad? It would be almost to completely impossible. Perhaps it looks strange now, but I can definately see multiple uses for such a controller sometime close in the future. Just my $0.02 worth
The article doesn't mention an extremely important fact: what the judge actually found wrong with the lottery. It is also extremely interesting that the person who filed the suit to stop the lottery was attempting to get a .biz domain. Personally I feel that he was just trying to get a free/cheap domain, and skirt the lottery. Of course it is possible that I'm wrong, but without more information, I cannot tell.
Unfortunately, you are indeed correct, and in fact, most of this mess was caused by US interference in the Middle East, and to make matters worse (and yes we did do this in 'Latin America') we just left when we saw fit. Now, we're having to face up to it. I think that Pres. Bush is doing his best to solve one problem at a time. It simply isn't his fault that almost 2 decades before a CIA director decided to be an idiot and meddle in things he shouldn't have. Now he is cleaning up for that person's act. Perhaps once he has finished cleaning up things, he can turn his attention inward, however, I highly doubt that will happen.
I'll pass on the extradition thing, as you asked :-)
President Bush said today in a speech that he was also looking for Ladin's network in other nations; in other words, he wasn't stopping at Bin Ladin. I believe that he knows just as well as many people that Bin Ladin's trial/death wouldn't stop terrorism. Although he is declaring war on the Taliban specifically to hand over Bin Ladin, he also says that he is willing to attack any other nation that harbors terrorists (not a quote). It seems to me, that basically what he is saying is that he will get Bin Ladin, then he will get his organization (not necessarily in that order), which is a large difference from just one man.
I'd better explain myself because I've contradicted myself here :\. He is attacking the Taliban/Afganistan for [not handing over] Bin Ladin. He is willing to attack any other country that harbors Bin Ladin's group. To me, this is a significant difference. It signifies that his war is on more than just one person, as you suggest.
Just my $0.02 worth
On the other hand, it is also an interesting concept in the fact that a Jedi is also completely calm, and in tune with his/her environment. By this definition, it might do some people good to attempt to be calm and in tune; they might be able to think their way more clearly, and act on less rash thoughts. If they define themselves this way, then it might not offend as many people. I believe that some people will still be irked by someone calling themself a Jedi Knight.
Just my $0.02 worth
Just my $0.02 worth, but I don't think that the users who can't get the open with dialog box in the first place would even bother.