Ballmer and co just don't seem to *get* media, in my opinion.
Now I'd like a fair deal for musicians and consumers, and right now iTunes is the market leader. Why? I think Apple seems to "get it" a lot more than other companies do.
From what I've seen of Windows Media and DRM, it's not clever, and worse yet, it's clumsy.
Does Microsoft have to own everything? Why don't they just play nice for once and use something vaguely standard, like MPEG 4 and AAC, or FLAC.
Theora promises to be really nice, but until then can anyone point me in the direction of a decent, free software, video codec (ideally with some nice Creative Commons tie in and even better, something I can give to my Mac using video encoders)
In fact, I'd like to see a list of options that will allow me to set exactly what JS can and can't do.
In:-
* Ability to open up a new window when I request it (onclick)
* Ability to do useful DOM stuff
Out:-
* Scrolling text in status bar
* Anti-Right Click
* onload/onexit
* resize window
* tell me that i can't have a URL box or status bar on a popup
* stupid 'effects'
There must be others too. I wonder how easy it would be to write a plugin for IE/Moz/Opera/etc (and cross platform) that could override the JavaScript handling in a browser, and offer users a centralised place to control their own browser security/stupidity.
Perhaps now they can start taking some of the changes Apple have given them. Lots of very simple JavaScript events just don't work in Konq that work in Safari/WebCore.
Description: Secunia Research has discovered a vulnerability in Safari, which can be exploited by malicious web sites to spoof dialog boxes.
Inactive windows can launch dialog boxes so they appear to be displayed by a web site in another window. This can be exploited by a malicious web site to show a dialog box, which seems to originate from a trusted web site.
Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new window.
A test is available here: http://secunia.com/multiple_browsers_dialog _box_sp oofing_test/
The vulnerability has been confirmed in Safari 1.2.3 (v125.9). Other versions may also be affected.
Solution: Don't visit trusted web sites while visiting untrusted web sites or disable JavaScript.
And for IE
Description: http-equiv has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to compromise a user's system, link to local resources, and bypass a security feature in Microsoft Windows XP SP2.
1) Insufficient validation of drag and drop events from the "Internet" zone to local resources for valid images or media files with embedded HTML code. This can be exploited by e.g. a malicious web site to plant arbitrary HTML documents on a user's system, which may allow execution of arbitrary script code in the "Local Computer" zone.
This vulnerability is related to: SA12321
NOTE: Microsoft Windows XP SP2 does not allow Active Scripting in the "Local Computer" zone.
2) A security zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents.
NOTE: This will also bypass the "Local Computer" zone lockdown security feature in SP2.
The two vulnerabilities in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files can be exploited to compromise a user's system. This has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.
Solution: Disable Active Scripting or use another product.
So, a fairly common problem in all browsers bar IE (does it affect those browsers that embed IE to give tabs?)
Possibly solutions that I've just thought up (for discussion)
Make the website launching any JavaScript event appear in the foreground
Make every dialog box give security information about the website it's from, if the website it's from is not the currently displayed tab.
Suspend various types of JavaScript until the tab is foremost again, but display a 'requires your attention' icon (I call shotgun on a panda for this)
While they're fixing this, if all browser makers could make sure there's an option to stop websites resizing my browser, that'd be lovely. I know Moz has this, so it can't be hard for everyone to have it.
Who actually monitors the 'daddypants' account anyway? I know the number of times I've bothered to report errors has been greater than the number of replies I've got or number of errors fixed (ie. none)
Anyway, um, lovely that Microsoft aren't charging for multicore licenses. I'm still amazed they even charge for SMP licenses.
Slashdot Mirror
All the sampling licenses allow for sampling.
Some don't allow commercial sampling.
What DRM will they use for the DVDs?
They won't want another DeCSS.
Ballmer and co just don't seem to *get* media, in my opinion.
Now I'd like a fair deal for musicians and consumers, and right now iTunes is the market leader. Why? I think Apple seems to "get it" a lot more than other companies do.
From what I've seen of Windows Media and DRM, it's not clever, and worse yet, it's clumsy.
Does Microsoft have to own everything? Why don't they just play nice for once and use something vaguely standard, like MPEG 4 and AAC, or FLAC.
Theora promises to be really nice, but until then can anyone point me in the direction of a decent, free software, video codec (ideally with some nice Creative Commons tie in and even better, something I can give to my Mac using video encoders)
native resolution is the correct resolution of an LCD, isn't it?
like a lcd than can do up to 1280x968 or whatever, is at native resolution when it's doing 1280x968.
What's not native about the Linux kernel running on a PowerPC Chip?
Bang goes most of the potential geeks, I'd reckon.
Shame, really. Seems rather cool, I'd buy one if it didn't mean giving up my freedom, just to use it.
GNU/Linux is free software. Perhaps you only want to run ONLY free software on a very fast, well engineered computer?
That's a reason why.
Actually, I found out about the update via the presence of an 'Update available' icon next to the throbber. VMMV.
Not all JavaScript, just JavaScript alerts, dialogs, etc.
Refreshes, etc should be allowed as they have uses.
In fact, I'd like to see a list of options that will allow me to set exactly what JS can and can't do.
In:-
* Ability to open up a new window when I request it (onclick)
* Ability to do useful DOM stuff
Out:-
* Scrolling text in status bar
* Anti-Right Click
* onload/onexit
* resize window
* tell me that i can't have a URL box or status bar on a popup
* stupid 'effects'
There must be others too. I wonder how easy it would be to write a plugin for IE/Moz/Opera/etc (and cross platform) that could override the JavaScript handling in a browser, and offer users a centralised place to control their own browser security/stupidity.
Nice.
Perhaps now they can start taking some of the changes Apple have given them. Lots of very simple JavaScript events just don't work in Konq that work in Safari/WebCore.
D'oh. Modem is smoking, better get offline... can someone please fax me the web? QUICK! BEFOR...
+++ATH
NO CARRIER
Bug seems to be fixed in Firefox already.
Gentlemen (and Ladies), start your check for updates! (Tools, Options, Advanced, Check Now button)
For Apple's Safari browser
g _box_sp oofing_test/
Description:
Secunia Research has discovered a vulnerability in Safari, which can be exploited by malicious web sites to spoof dialog boxes.
Inactive windows can launch dialog boxes so they appear to be displayed by a web site in another window. This can be exploited by a malicious web site to show a dialog box, which seems to originate from a trusted web site.
Successful exploitation would normally require that a user is tricked into opening a link from a malicious web site to a trusted web site in a new window.
A test is available here:
http://secunia.com/multiple_browsers_dialo
The vulnerability has been confirmed in Safari 1.2.3 (v125.9). Other versions may also be affected.
Solution:
Don't visit trusted web sites while visiting untrusted web sites or disable JavaScript.
And for IE
Description:
http-equiv has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to compromise a user's system, link to local resources, and bypass a security feature in Microsoft Windows XP SP2.
1) Insufficient validation of drag and drop events from the "Internet" zone to local resources for valid images or media files with embedded HTML code. This can be exploited by e.g. a malicious web site to plant arbitrary HTML documents on a user's system, which may allow execution of arbitrary script code in the "Local Computer" zone.
This vulnerability is related to:
SA12321
NOTE: Microsoft Windows XP SP2 does not allow Active Scripting in the "Local Computer" zone.
2) A security zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents.
NOTE: This will also bypass the "Local Computer" zone lockdown security feature in SP2.
The two vulnerabilities in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files can be exploited to compromise a user's system. This has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.
Solution:
Disable Active Scripting or use another product.
I use Lynx, you insensitive clod!
;)
Must you post in HTML? I use telnet to fetch/post my web traffic you insensitive clod! It's people like you who clog up the web!
The advisories list the IE problems as much highly critical, whereas the others are only medium critical.
As I understand it, problem with IE vulns are that its SO tied to the OS, that even the most trivial of problems can cause much greater problems.
Possibly solutions that I've just thought up (for discussion)
While they're fixing this, if all browser makers could make sure there's an option to stop websites resizing my browser, that'd be lovely. I know Moz has this, so it can't be hard for everyone to have it.
Who actually monitors the 'daddypants' account anyway? I know the number of times I've bothered to report errors has been greater than the number of replies I've got or number of errors fixed (ie. none)
Anyway, um, lovely that Microsoft aren't charging for multicore licenses. I'm still amazed they even charge for SMP licenses.
Emacs is on 21!
Time to send in Jeff K.
Now there will be emacs vs vim flame wars on instant messenger!
When will animated_emoticons.el be released?
All I can find is an FAQ...
Clearly it's Web2 for OS/2 Warp.
I hear it's what Al Gore and Tim Berners-Lee made the Internet on before they made AOL[1]
[1] Joke, there.
I don't have a word processor installed you insensitive clod!
Nothing for you to see here. Move along
Oh. Okay.
Anyway... does this mean they're making the source to Counter Strike available? I had a quick look at the site, but it's not clear to a non-gamer.
I'm assuming it's a product called Source... I wouldn't mind a Half-Life 2 hat though.