Slashdot Mirror


User: Bert64

Bert64's activity in the archive.

Stories
0
Comments
12,200
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,200

  1. Re:The file extension is not critical on Exploit Released for Unpatched Windows Flaw · · Score: 1

    Windows uses the file extension, not type (never confuse the two) to determine what to use to open a program, so yes your correct in that if you configured it to load such files with gimp you'd not be exploitable via that avenue..
    The trouble is things windows does behind your back, like generating thumbnails..

  2. Re:The file extension is not critical on Exploit Released for Unpatched Windows Flaw · · Score: 1

    Well it sees .wmf and passes it to the image library, then the image library tries to determine what the file really is.. So if you rename an image file so it has the extension of a different type of image file, it still works.

  3. Re:It's about time on Looking Back at Open Source in 2005 · · Score: 4, Insightful

    Training costs are a one-off, and exist because people are trained by repetition, and can't deal with something slightly different..
    Training costs will exist wether you convert to opensource or not, when you upgrade your proprietary software there will also be retraining costs associated.

    Support costs may increase temporarily whenever anything new is introduced, and will settle down once people get used to it. This goes for proprietary software and even hardware too.

    External support costs are likely to decrease, since companies will have to compete with each other to provide OSS support, whereas a proprietary vendor pretty much has a monopoly on support of their own products..

    Conversion costs will also occur in any case under oss or proprietary software, when the upgrade cycle occurs every few years..

    Future conversion/upgrade costs are likely to be much lower, since opensource software typically adheres to standards and is easy to replace with other standards compliant software.

    Open source doesn't force you to upgrade, if you have an external support-provider who is willing to continue supporting a 10 year old version of linux you've no reason to replace it unless you WANT to. On the other hand, support vendors for proprietary software can't provide you any fixes without the original vendor's help.

    To give some insight, i provided a few NAT/Email boxes to a few local businesses in 1997.. These boxes run redhat 4.x and typically sat on a pstn dialup when first installed.. These companies pay every month, and i patch the systems against any security flaws if necessary, and update them to handle new types of network connection (dsl etc).. I also add/remove users etc, if requested..
    These boxes just provide a nat gateway, and email services so users behind the gateway can read their mail.. Aside from a couple of hardware failures (no real issue since everything is backed up) nothing has gone wrong with these machines, and they're still patched up and secure.

  4. Re:Open Source Innovation on Looking Back at Open Source in 2005 · · Score: 1

    I've not seen anything in the closed source world which can match Xdmx lately.. I believe SGI used to do something similar, but only with certain apps..

  5. Re:The file extension is not critical on Exploit Released for Unpatched Windows Flaw · · Score: 1

    The problem stems from windows users assuming that the file extension has anything to do with the actual content of the file.
    IT DOES NOT.
    If you rename the exploit code and call it "blah.jpg" it doesn't become a jpeg image, it's still a windows metafile containing exploit code.. Some incredibly stupid apps (and users) may be fooled into believing it's a jpeg, but windows itself will load the first few bytes of the file and determine what it really is.
    The "file" command on unix is very usefull to find out what a file really is, it ignores the filename and reads the file contents.

  6. Re:Nasty! on Exploit Released for Unpatched Windows Flaw · · Score: 1

    Aparrently windows is too much trouble to use as an unprivileged user.. I have had this exact same argument with MANY people, even supposed "security professionals".. They argue that windows is far too inconvenient to use as an unprivileged user, and yet they stick to using this "flawed design" in an unsafe manner..
    If it cannot be used in a safe and secure manner then it's UNFIT FOR USE, and should therefore not be used.

  7. Re:Microsoft has released a security note on Exploit Released for Unpatched Windows Flaw · · Score: 1

    Or cross site scripting, you could exploit a bug in a trusted site to get it to redirect or load an image from a malicious site..
    Or how about ebay, when you place an auction you can specify a url to an external website containing a picture..

  8. Re:Dude, Mac IE rocked on Give Mac Explorer to the People? · · Score: 1

    IE was always meant to rot and die..
    The windows version also hasn't been updated since 2001, and most likely would have also been canned by now if they hadn't tried to build a dependency on it to prevent the DOJ from forcing it to be stripped out..
    The purpose of IE was to kill Netscape, then it was going to be ignored and left to rot.. Do you really think microsoft would invest millions into developing a product and then giving it away for free?

  9. Re:Or not? on Give Mac Explorer to the People? · · Score: 1

    Firefox is more than useable for me (450mhz g4, 2gig ram), i don't notice any performance issues unless i have loads of tabs open.. Infact, netscape 4.x used to irritate me greatly because 1 browser window could make the rest freeze for a couple of minutes if it was trying to render a complex page.

  10. Re:I've never used it, but.. on Give Mac Explorer to the People? · · Score: 1

    Yes, Mac IE has much better CSS support than the windows version, but it is also more standards compliant and therefore often doesn't work well with the broken CSS often created for windows-ie.. Browsers like mozilla and safari are designed to be more compatible with the broken css out of necessity..
    However IE-mac's css support while good when it was last updated 2 years ago (windows ie hasn't really been updated since 2001) it is now way behind modern browsers.. It's most comparable to something like mozilla 0.7

  11. Re:...if CURLING is an OLYMPIC SPORT.... on Is Microsoft Still a Monopoly? · · Score: 1

    The most important point is that they abuse their position in the desktop os market to muscle their way into other markets.. Do you really think microsoft's current products would have any share of the server market whatsoever if they didn't have the desktop market to push from?

  12. Re:This is nuts.. on Dell Pre-Installing Firefox in UK · · Score: 1

    And on every OS except windows you can remove the default browser and replace it with another one.. Most people have issue with the fact that IE can't easily be removed, otherwise OEM's like Dell would remove it and install firefox instead...
    Infact, back in the days when you could remove IE that's what OEMs did, they removed it and installed Netscape instead, which is why microsoft made it difficult to remove.

  13. Re:Great First Step on Dell Pre-Installing Firefox in UK · · Score: 1

    Well there's not just the problem you described, old hardware not working in a few years time with current versions..
    It's also a case of current hardware running with new platforms, consider IA64 and AMD64.. Both are well supported by linux, but until recently anything that came binary-only for x86 was useless on either without backwards compatibility options.. And if it was kernel based then your completely out of luck... And (in the case of IA64) if the vendor doesn't decide to make a driver, then theres nothing you can do at all.

  14. Re:Except the license might make MySQL cost $$$... on MySQL Beats Commercial Databases in Labs Test · · Score: 1

    Many of the free commercial apps include more restrictions..
    MySQL is available under the GPL _OR_ a commercial license..
    If you include the GPL version for free, you must comply with the GPL same as any other piece of GPL code, that is give away the source code too.. So if your using MySQL unmodified, you just give a copy of the source tarball, easy.
    If you need to modify MySQL, and merge it with code you'd rather not release under the GPL, then you *can* buy a commercial license and distribute the whole package as a proprietary closed source app.

    The free commercial databases may let you distribute the binaries for free (or they may not, not sure of the licensing terms) but you certainly can't modify them, so you don't gain anything you wouldn't already be able to do with MySQL. After all, if your distributing an unmodified copy of MySQL why would distributing the sourcecode hurt you? people can just download it from mysql.org anyway.

    On the other hand the commercial free versions may place restrictions on redistribution, and that may cost you more too.

  15. Re:I like MySQL, but... on MySQL Beats Commercial Databases in Labs Test · · Score: 1

    Well that is the most fair comparison.. A free (but crippled) version of a commercial database compares financially with an opensource database.. Both are obtainable for free, both can have support purchased for extra cost. The fact that one vendor chooses to release a crippled product is their choice.. MySQL makes money by selling support and giving the product away free, that could work for other vendors too.. MySQL also don't need to worry about piracy.

  16. Re:Longest to compile from source? on Update to OpenOffice 2 Released · · Score: 1

    Well, multithreaded builds can often break..
    But i imagine they expect the majority of their users to run precompiled versions...
    OOo's build process is actually quite modular however, so you can rebuild small parts of it manually if you need to.

  17. Re:Does it work with Terminal Services Yet? on Update to OpenOffice 2 Released · · Score: 1

    I know exactly what it is, a kludge to enable multiuser use of what was always designed to be a single-user os. Sure they can kludge in support for multiple users, but it was never designed that way and you can still see areas where such design shines through..

    For example, shared memory only works with DLL's and not with executeables, so when you load an app several times through terminal services, the dll's are loaded once but the binary is loaded once for each user.. Unix systems will share the code segments of the initial binary too, and only have a per-user copy of any workspace memory..
    The windows approach makes sense in a single user environment, where you're unlikely to run the same program more than once, but several different programs are likely to make use of the same libraries. Had windows been designed for multiuser use, they would not have designed it this way..

    Another example, c:\ being writeable by any user by default, and the way windows resolves paths.. Try creating "c:\program.exe" on windows, and when some programs (including default windows apps) search for "c:\program files\something\something.exe" the way windows tries to resolve the path (a nasty kludge to handle filenames with spaces and not needing escape chars) it will end up executing c:\program.exe, there are plenty of references to this on google..

    Also, search for "windows shatter attacks", an example being: http://security.tombom.co.uk/shatter.html
    look at how the windowing system is designed, do you really think anyone designing a multiuser environment would design it this way?

  18. Re:Does it work with Terminal Services Yet? on Update to OpenOffice 2 Released · · Score: 1

    That's very strange, but most likely has to do with windows primarily being a single user OS..
    I've successfully used a single installation of openoffice on linux, solaris and macosx machines with multiple simultaneous users and no issues whatsoever.. It even shares a large chunk of the app's memory space so it's more efficient..

    But another thought, if your not going to be using msoffice, is there any other reason to keep win2k3 and not switch to a unix os? I've participated in and watched penetration tests on windows terminal servers (including citrix) and NONE of them have failed to gain full administrator privileges. Unix fares much better because it's actually designed to be a multiuser os.

  19. Re:Longest to compile from source? on Update to OpenOffice 2 Released · · Score: 2, Insightful

    OOo takes a good few hours on a dual opteron 250 box aswell..
    If you use the official build process you'l only use 1 cpu, but using the build scripts from go-ooo.org you can get a multithreaded build going, which is much faster..

  20. Re:How is OOo doing in the IT world? on Update to OpenOffice 2 Released · · Score: 1

    Unfortunately you can still have problems whatever you use..
    If the people your corresponding with use a slightly different version of office to you, then you will have compatibility problems, especially with complex files.. These problems can often be worse than the problems you'd have with openoffice.

  21. Re:How is OOo doing in the IT world? on Update to OpenOffice 2 Released · · Score: 1

    OO can already output pdf's natively..
    As for bigger more advanced files, you won't have compatibility problems if others in your company are also using OO.. And any correspondence outside of your company should be going as pdf, html etc.. Less risk of metadata or other crap too

  22. Re:New features ? Why ? on Update to OpenOffice 2 Released · · Score: 1

    Msoffice is also full of ridiculous bugs..
    You`l notice bugs in both apps if you use them extensively.. The problem is, microsoft often simply refuse to fix bugs.. or don't say anything at all, especially if the bug is in a rarely used feature..

    As an example, if your counting lines in a macro, lines with bullet points are counted differently, this is unintuitive and has existed since 97, and still isn't fixed.

  23. Re:That explains it... on FTC Declares Can-Spam a Success · · Score: 1

    That's because the spammers DoS'd you offline!

  24. Re:A success? on FTC Declares Can-Spam a Success · · Score: 1

    My mailserver (hosts about 5 domains, including my primary 3-character domain, which is also 1 character different from a major isp and a porn site, and was owned by someone else before i registered it) recieves between 60,000 and 80,000 spams a day that the spamfilter deals with (and some more that get through)..
    Most of these spams are destined for nonexistant accounts (accounts the previous owners of the domain used, dictionary brute-forced names, places where people mistyped the domain slightly etc) and get canned immediately.. I imagine one or two legitimately misaddressed mails would get lumped in here too, but not many..

  25. Re:It has already started: on ISPs Race to Create Two-Tiered Internet · · Score: 1

    Tiscali (in the UK) do the same thing..
    I was unable to open www.btinternet.com or www.ntl.com (large rival isps).. what made this worse, was that btinternet's customer pages are on the same server, and i couldn't access those either