No, because all that app would need to do is the same thing an app that compromises a single user Linux box needs to do -- grab the password the next time the user uses su (or an OS X admin password box), then use that password to do whatever it likes.
Ironically enough, it's actually harder to attack the system of someone who uses a single-user Windows system as non-admin, because most Windows folks log out and then in again as admin, and in the process create a trusted path to the kernel (via Ctrl-Alt-Del).
I can think of very few applications that request a password (IIS's setup for run-as user and and Microsoft's Visual Studio install program is the only ones that I personally have used).
It's not inconsistent at all. Slashdot is pro-technology, but anti-closed source. Diebold is closed source, and from that stem the insecurities and gripes of the majority of/.ers.
Amiga? BeOS? Not that simple.
For example, imagine MS announcing the next big, amazing technology (it's a stretch, but it can be done). Now imagine/.'s response.
Well, it depends on whether that technology is really a technology (God, I hate the term "a technology") or primarily a business/political move, a la Passport. Microsoft announces surprisingly few new technologies. They tend to acquire companies with ideas rather than produce new ones themselves, so much of the time they just push some new technology. ClearType was recieved decidedly well. Tablet PCs are *still* raved about on Slashdot (I can't figure it out, damned if I know why people drool over them). The Longhorn database-structured filesystem has at least got a lot of optimists talking about it. Those are the last three "technologies" that I can think of that Microsoft pushed.
The historical event that brought back Jobs was the Apple's choice of NeXT instead of Be...Jobs didn't make this choice, because that decision was made before he was back on board.
Jobs contacted Apple before he was at Apple as "unofficial leader", getting Apple to choose NeXT over Be (granted, understandable given his financial interests at the time).
And as far as his buddies from NeXT, those were some damned competent people and they deserve the leadership roles they were given.
Fine -- I really don't know enough about them to say much. I still think that a lot of people were unpleasantly surprised by the power coup that happened there, though.
Sure. Slashdot is nothing more than the collective ideas of its users. Do you have respect for the knowledge and opinions of Bruce Perens, Alan Cox, and John Carmack, and those of their ilk? How about Monty, of cdrecord and Ogg Vorbis fame? I've seen all these post (especially Perens, who sometimes starts posting like a fiend). There are cryptographers, computer scientists, physicists, mathematicians, soldiers, police officers, sysadmins, artists, geeks, Libertarians, Republicans, Christians, typographers, musicians and Cowboy Neal that post to Slashdot. Sure, you aren't going to buy into all their opinions. Some of them are clearly wrong (like folks that disagree with me:-) ). But that doesn't mean that there isn't a lot of material of serious value to be found on Slashdot. Some of the stuff you find people posting on Slashdot you can't really *get* anywhere else, unless you happen to work with and rub noses with some pretty important people.
It's en vogue to bash Slashdot, just because, well, there's a lot of BS on Slashdot. But there's a lot of BS on the Internet as a whole. Heck, there's an awful lot of BS in real life. You just have to sift and filter in any medium you're using.
I just skimmed the story you linked to, and while there are some pro-e-voting folks, there was already a lot of objecting to it as a good idea.
Also, keep in mind that people weren't raising security and reliability issues as heavily then -- there had been no actual testing of e-voting. I, personally, had some vague notion that I might be able to vote from home via my web browser (which would provide *significant* real world benefits in convincing people to vote). I still think that such a system, where people are mailed, say, smartcards, would be a lot more acceptable (and if every American had a smartcard reader on their computer, a lot of e-commerce security problems, like databases of credit card numbers being swiped, would go away).
I think that it's a terribly damning sign that Slashdot generally condemns e-voting.
Most Slashdotters are geeks, many hard-core computer geeks. They use computers far more than the typical person, to handle many, many aspects of their lives. Most of them were using email and IMing systems well before the general populace. Slashdot is almost universally enthusiastic about new technological advances (humanoid robots, organic computing, OLEDs, new storage technologies, mp3/ogg players, new operating systems, etc). And yet, standing WAY out among all this is e-voting, which Slashdot is overwhelmingly negative on.
This is no more than one data point, but it's a very strong, influential, and *negative* data point against e-voting. A lot of people with interests in computer security read Slashdot -- if they feel that it isn't worth trying to trust e-voting, isn't it worth listening to them?
Oh, and Jobs is the reason for making themeability, which was a big thing that Apple was going to put into its new OS, a pain in the ass, and not particularly Apple-sanctioned. Again, he's a foe of user customization.
Oh, and Woz is much of the reason that the Apple II was such a great gaming machine. Jobs wanted to make a business machine for managers (much $$$ available). Woz wanted to make something that you could make kick-butt games for.
You are correct. What kind of superpowers does your superhero have?
Tux? He can slide on his belly really fast. You think it's easy, you try it -- you'll get terrible burn.
I could never figure out why Jobs gets Mac users cheering him for the "Reality Distortion Field". It just confuses the *dickens* out of me. What you're saying is that he has personal marketing talent makes people forget reality and make poor decisions. That doesn't seem to be a *good* thing for one's platform -- honestly, it seems to be a rather *bad* thing. Wouldn't you rather, you know, say that people are buying and choosing the Mac for reality-connected reasons?
And the even weirder thing is that people are fans of Jobs *because* of this, and are *aware* of it. It's like saying "that Nike guy sure is good at suckering people into paying top dollar for Nikes" while flashing your new white Nikes at someone. It just doesn't make *sense* to me at all.
Personally, I don't like Jobs at all. If I had to choose someone at Apple to name a personal hero, it'd be Steve Wozniak. Woz is far more technically talented than Jobs -- Jobs did marketing, Woz was the engineering guy for the Apple I and much of the Apple II. Woz was a fan of expansion (and the reason there were a ton of expansion slots in the Apple II and why it was so hackable). Woz is friendly (not anal), a good engineer (not a good marketer), and left to help teach children how to user computers (Jobs ran out and played power politics in the tech industry.) Jobs was a die-hard opponent of expandability and user customization of systems -- he wanted to sell a single, packaged, product. The PDS slot (the only reason one can upgrade the processor on a large number of Macs instead of having to buy a new one) went into Macs after Jobs explicitly opposed it, and had to be slipped in under bogus pretenses. One of the biggest complaints from current non-Mac users about considering switching to the Mac is the lack of multiple buttons (especially irritating on laptops, where the only workaround is lugging around an external mouse). Jobs is the primary reason Apple refuses to move away from a single button mouse (even in a world where people are regularly exposed to at least two-button mice and where even Apple ships an OS with contextual menu support as standard). When Jobs came back from Pixar, he got most of the credit for brining Apple back to profitability, much of which he really didn't deserve (like the employment cuts). Jobs has always placed a low value on keeping his systems affordable, and was the reason that Apple's first Mac-like system, the Lisa, was so hideously overpriced. Jobs refused to put himself in a position for being responsible for what happened at Apple immediately after he came back, but still promoted himself heavily after ever gain Apple made (he wouldn't be regular CEO, but placed himself right up in the pole position for Apple visibility). He pushed his buddies from failing NeXT into power positions at Apple when he came back, and killed the Be deal (which would have given Apple a stable and powerful *IX-based OS years earlier, and a big head start over Microsoft on stability). Jobs doesn't, IMHO, really deserve the adoration that he gets -- he represents many of the bad things about Apple, and not the really good ones.
My only guess is that Mac folks want a hero, and Jobs is the most visible person (mostly due to his own efforts). The thing is that there are much more brilliant people involved with the design of Apple's systems that really have done amazing work -- look at, say Bill Atkinson, who did much of what made the Mac amazing -- the Mac's GUI design, QuickDraw, HyperCard, MacPaint, etc, or the Woz, who's just a brilliant engineer and all-around good guy.
I have a hard time seeing why the parent is flamebait, especially when given a smile.
He *is* right in that what you have here is an honest-to-God architectural security problem with the Mac OS. It isn't a coding bug or a stupid user -- Apple clearly defines how to determine file type in their specs, which will now need to be revised.
And I think he's pretty accurate in claiming that this *does* embarass a lot of people that were making semi-bogus security claims about the Mac OS.
Had he said "Yes, now we can all tell that Mac OS X security sucks", then sure, he'd be flamebait. But he was spot-on accurate in his statement. Modding him down because you don't like the truth of something he's saying is just silly -- a religion, a text editor, or a computing platform that cannot stand up for itself on its own merits should not have you trying to suppress valid criticisms of it. If it can, it doesn't *need* you trying to suppress valid criticisms, because those are minor compared to the benefits of the platform.
I prefer to not have to run file on something to determine it's type, although in the end, whatever application I'm using usually recognizes files by their magic numbers anyway.
Detection by magic numbers is slower than by extension, so a number of programs seem to like avoiding it.
First, a number of file-management programs do so -- Rox Filer, for example, does not check magic numbers, and determines the action-to-take upon click by extension alone (if it didn't, it'd have some fun handling it if the file was empty).
xmms has the option of using magic number or extension.
Oh, and for all the PC assholes who are currently saying "In your face, mac zealots" or whatnot--nobody claims that OS X is bulletproof--no computer system is.
That's "Windows assholes", unless you're concerned about the hordes of, say, BeOS advocates jumping up.
And what would someone say? "Your system has malware problems...just like ours! Nyah nyah nyah!"
It's not highly unlikely. There was a story about a similar exploit in.XM just this week on Slashdot, and a major MP3 exploit in WinAMP before. It's a major problem with software -- most of the time, developers do not validate stuff coming from data files to the degree that they do stuff coming in from the network, so it's a lot easier to manage to pull off a buffer overflow or similar. It used to be that a major malware transmission vector was disks. Next was worms, over the network (but that's pretty easy to secure). But in a day and age where P2P networks exist all over, a good attack is against any programs reading data files downloaded from someone else. Audio files, video files, compressed files, games...you name it.
All of the Linux and Windows people are going to say, "I told you so," about this little episode in security breaches.
Why? The Mac has had viruses, trojans, and worms before.
I don't believe there are any viruses for Linux, but there have been a few worms -- there was one that targetted Apache, IIRC. The infamous Internet Worm targetted *IX boxes. There are a number of rootkits to cover a hacker's tracks once he gets into your box -- a semi-equivalent to Back Orifice. There are no standard and widespread trojans that I know of, but many people custom-write malicious scripts -- I wouldn't try accepting and running random perl scripts you get from people on IRC, for instance.
Windows has had viruses, worms, and trojans aplenty.
Really, only some of these can be blamed on Microsoft. Most of the worms are at least indirectly attributable to them, but it's terribly difficult to block a trojan. It is true that Apple and Microsoft do not cryptographically sign all of their software, as major Linux distros do (I'm pretty sure every RPM-based distro, at least, signs their packages). Microsoft *does* sign drivers (though I'm a little dubious as to the practical benefit of their program to users), and *does*, IIRC, check signatures on stuff downloaded via Windows Update as it is downloaded. However, they ultimately distribute software as an executable, instead of a data file (like an RPM) and as long as they do that and the installation procedure consists of "running the application", it's going to be pretty hard to secure the process.
There's autoplay, which does what you are describing with music CDs and autostart (of which there is a standard for both Mac OS and Windows) to automatically run an application on a CD when the CD is inserted.
The problem with the AutoStart worm is that a number of media that weren't actually CDs were being treated as such by the Mac OS. At the time (and among the community that used Macs -- graphic artists) Zip disks were handed around a lot...
Am I correct in assuming all modern OS have some file validation routine to check these autostart/autolaunch applications?
You are incorrect. (Aside from Linux, though you could probably set it up using WINE to support autorun.) Windows and Mac OS both still have the ability to automatically run applications on a CD when it is inserted. It really isn't all that big of a security hole, really. I mean, you stick the CD in...and what are you going to do? Sure enough, run the application/installer sitting on the CD.
Today, most computers are networked, and removable writeable media doesn't have the same allure that it used to (though keychain drives are still popular enough for many folks to have one lying around just in case).
ICANN handles standards -- Internet names and numbers. There's *always* a single ultimate organization in place to do this sort of thing. Is *ANSI* a monopoly? ISO?
Furthermore, ICANN hasn't been trying to leverage their position to make money, *as Verisign has*. Heck, ICANN's had numerous funding problems over the past few years, whereas Verisign has been funneling vast amounts of money into itself over that same period of time.
There is *exactly* one organization involved that has been abusing its unique, monopoly position (root name servers) in the past year, and that is very specifically Verisign (bleeding sitefinder). There was mass outcry, and ICANN responded, telling Verisign that Verisign was running amok and risking cancellation of its special, unique privileges.
It boggles the mind that ICANN (which isn't perfect, and *is* admittedly influenced by businesses) is being accused by *Verisign* (the most awful collection of monopolistic business scum you could get your hands on) of abuse of a monopoly position.
I just can't imagine a person siding *with* Verisign and against ICANN on something like this. Christ. It's insane.
For a long time, I couldn't figure out why the RIAA was so upset about P2P. It really, honestly didn't seem to be hurting their sales numbers significantly. Maybe they kept worrying about future losses, but as time wound on, that seemed less and less likely.
Based on your actions, P2P does have a good reason for worrying the RIAA:
(a) makes it easier for indie artists to get exposure
(b) thus makes marketing (the primary incentive the RIAA has to offer artists) less valuable
(c) because pop artists are the most common, they are the easiest to pirate, and thus probably suffer the greatest sales reduction -- some of this money may be spent on hard-to-find albums for lesser-known artists.
So, while an equivalent amount of money might be spent on music, it drastically decreases the effect and influence of music publishers, and damages the marketing-driven idea of the "pop star".
That doesn't mean that I think that P2P is necessarily *good* for artists as a whole, just that it finally manages to explain something that's been nagging at me for a while.
Yeah...but...if I'm *right*, I just *lose* by virtue of having demonstrated that a useful piece of software isn't legal. I can't "win" such an argument.
Ouch. Yeah, my regard for the man's directing ability has just taken a steep nosedive.
I still remember that movie as The Movie Where Everything Blew Up. Yes, it is possible to blow things up and not be exciting or interesting. At some point, you just begin to get numb as you watch another hundred thousand going into the pockets of some special effects studio. If you saw a helicopter in that movie, it was going to blow up (and didn't take a lot of provocation to do so). If there was a a vehicle, it was going to blow up. Really, if it *moved* (think train) it was going to blow up. Then, apparently their focus groups got really burnt out on the steady stream of explosions, so they blew up a nuclear bomb, just to be *sure* that they could have someone diving away from a *bigger* explosion.
Slashdot Mirror
No, because all that app would need to do is the same thing an app that compromises a single user Linux box needs to do -- grab the password the next time the user uses su (or an OS X admin password box), then use that password to do whatever it likes.
Ironically enough, it's actually harder to attack the system of someone who uses a single-user Windows system as non-admin, because most Windows folks log out and then in again as admin, and in the process create a trusted path to the kernel (via Ctrl-Alt-Del).
I can think of very few applications that request a password (IIS's setup for run-as user and and Microsoft's Visual Studio install program is the only ones that I personally have used).
No, but you do have to walk down to your local voting station and wait in line.
People that can't e-file their taxes with the IRS aren't SOL.
It's not inconsistent at all. Slashdot is pro-technology, but anti-closed source. Diebold is closed source, and from that stem the insecurities and gripes of the majority of /.ers.
/.'s response.
Amiga? BeOS? Not that simple.
For example, imagine MS announcing the next big, amazing technology (it's a stretch, but it can be done). Now imagine
Well, it depends on whether that technology is really a technology (God, I hate the term "a technology") or primarily a business/political move, a la Passport. Microsoft announces surprisingly few new technologies. They tend to acquire companies with ideas rather than produce new ones themselves, so much of the time they just push some new technology. ClearType was recieved decidedly well. Tablet PCs are *still* raved about on Slashdot (I can't figure it out, damned if I know why people drool over them). The Longhorn database-structured filesystem has at least got a lot of optimists talking about it. Those are the last three "technologies" that I can think of that Microsoft pushed.
The historical event that brought back Jobs was the Apple's choice of NeXT instead of Be...Jobs didn't make this choice, because that decision was made before he was back on board.
Jobs contacted Apple before he was at Apple as "unofficial leader", getting Apple to choose NeXT over Be (granted, understandable given his financial interests at the time).
And as far as his buddies from NeXT, those were some damned competent people and they deserve the leadership roles they were given.
Fine -- I really don't know enough about them to say much. I still think that a lot of people were unpleasantly surprised by the power coup that happened there, though.
Sure. Slashdot is nothing more than the collective ideas of its users. Do you have respect for the knowledge and opinions of Bruce Perens, Alan Cox, and John Carmack, and those of their ilk? How about Monty, of cdrecord and Ogg Vorbis fame? I've seen all these post (especially Perens, who sometimes starts posting like a fiend). There are cryptographers, computer scientists, physicists, mathematicians, soldiers, police officers, sysadmins, artists, geeks, Libertarians, Republicans, Christians, typographers, musicians and Cowboy Neal that post to Slashdot. Sure, you aren't going to buy into all their opinions. Some of them are clearly wrong (like folks that disagree with me :-) ). But that doesn't mean that there isn't a lot of material of serious value to be found on Slashdot. Some of the stuff you find people posting on Slashdot you can't really *get* anywhere else, unless you happen to work with and rub noses with some pretty important people.
It's en vogue to bash Slashdot, just because, well, there's a lot of BS on Slashdot. But there's a lot of BS on the Internet as a whole. Heck, there's an awful lot of BS in real life. You just have to sift and filter in any medium you're using.
I just skimmed the story you linked to, and while there are some pro-e-voting folks, there was already a lot of objecting to it as a good idea.
Also, keep in mind that people weren't raising security and reliability issues as heavily then -- there had been no actual testing of e-voting. I, personally, had some vague notion that I might be able to vote from home via my web browser (which would provide *significant* real world benefits in convincing people to vote). I still think that such a system, where people are mailed, say, smartcards, would be a lot more acceptable (and if every American had a smartcard reader on their computer, a lot of e-commerce security problems, like databases of credit card numbers being swiped, would go away).
Read the last paragraph on that article you linked to. I ask you, Slashdotters, is there *not* a great election conspiracy afoot? :-)
has ties to the republican party as one of it's largest donators. this whole thing stinks of day old feces.
Technically, that could just be political corruption to ensure that they got the (extremely lucrative) e-voting machine contracts.
I think that it's a terribly damning sign that Slashdot generally condemns e-voting.
Most Slashdotters are geeks, many hard-core computer geeks. They use computers far more than the typical person, to handle many, many aspects of their lives. Most of them were using email and IMing systems well before the general populace. Slashdot is almost universally enthusiastic about new technological advances (humanoid robots, organic computing, OLEDs, new storage technologies, mp3/ogg players, new operating systems, etc). And yet, standing WAY out among all this is e-voting, which Slashdot is overwhelmingly negative on.
This is no more than one data point, but it's a very strong, influential, and *negative* data point against e-voting. A lot of people with interests in computer security read Slashdot -- if they feel that it isn't worth trying to trust e-voting, isn't it worth listening to them?
Oh, and Jobs is the reason for making themeability, which was a big thing that Apple was going to put into its new OS, a pain in the ass, and not particularly Apple-sanctioned. Again, he's a foe of user customization.
Oh, and Woz is much of the reason that the Apple II was such a great gaming machine. Jobs wanted to make a business machine for managers (much $$$ available). Woz wanted to make something that you could make kick-butt games for.
You are correct. What kind of superpowers does your superhero have?
Tux? He can slide on his belly really fast. You think it's easy, you try it -- you'll get terrible burn.
I could never figure out why Jobs gets Mac users cheering him for the "Reality Distortion Field". It just confuses the *dickens* out of me. What you're saying is that he has personal marketing talent makes people forget reality and make poor decisions. That doesn't seem to be a *good* thing for one's platform -- honestly, it seems to be a rather *bad* thing. Wouldn't you rather, you know, say that people are buying and choosing the Mac for reality-connected reasons?
And the even weirder thing is that people are fans of Jobs *because* of this, and are *aware* of it. It's like saying "that Nike guy sure is good at suckering people into paying top dollar for Nikes" while flashing your new white Nikes at someone. It just doesn't make *sense* to me at all.
Personally, I don't like Jobs at all. If I had to choose someone at Apple to name a personal hero, it'd be Steve Wozniak. Woz is far more technically talented than Jobs -- Jobs did marketing, Woz was the engineering guy for the Apple I and much of the Apple II. Woz was a fan of expansion (and the reason there were a ton of expansion slots in the Apple II and why it was so hackable). Woz is friendly (not anal), a good engineer (not a good marketer), and left to help teach children how to user computers (Jobs ran out and played power politics in the tech industry.) Jobs was a die-hard opponent of expandability and user customization of systems -- he wanted to sell a single, packaged, product. The PDS slot (the only reason one can upgrade the processor on a large number of Macs instead of having to buy a new one) went into Macs after Jobs explicitly opposed it, and had to be slipped in under bogus pretenses. One of the biggest complaints from current non-Mac users about considering switching to the Mac is the lack of multiple buttons (especially irritating on laptops, where the only workaround is lugging around an external mouse). Jobs is the primary reason Apple refuses to move away from a single button mouse (even in a world where people are regularly exposed to at least two-button mice and where even Apple ships an OS with contextual menu support as standard). When Jobs came back from Pixar, he got most of the credit for brining Apple back to profitability, much of which he really didn't deserve (like the employment cuts). Jobs has always placed a low value on keeping his systems affordable, and was the reason that Apple's first Mac-like system, the Lisa, was so hideously overpriced. Jobs refused to put himself in a position for being responsible for what happened at Apple immediately after he came back, but still promoted himself heavily after ever gain Apple made (he wouldn't be regular CEO, but placed himself right up in the pole position for Apple visibility). He pushed his buddies from failing NeXT into power positions at Apple when he came back, and killed the Be deal (which would have given Apple a stable and powerful *IX-based OS years earlier, and a big head start over Microsoft on stability). Jobs doesn't, IMHO, really deserve the adoration that he gets -- he represents many of the bad things about Apple, and not the really good ones.
My only guess is that Mac folks want a hero, and Jobs is the most visible person (mostly due to his own efforts). The thing is that there are much more brilliant people involved with the design of Apple's systems that really have done amazing work -- look at, say Bill Atkinson, who did much of what made the Mac amazing -- the Mac's GUI design, QuickDraw, HyperCard, MacPaint, etc, or the Woz, who's just a brilliant engineer and all-around good guy.
I have a hard time seeing why the parent is flamebait, especially when given a smile.
He *is* right in that what you have here is an honest-to-God architectural security problem with the Mac OS. It isn't a coding bug or a stupid user -- Apple clearly defines how to determine file type in their specs, which will now need to be revised.
And I think he's pretty accurate in claiming that this *does* embarass a lot of people that were making semi-bogus security claims about the Mac OS.
Had he said "Yes, now we can all tell that Mac OS X security sucks", then sure, he'd be flamebait. But he was spot-on accurate in his statement. Modding him down because you don't like the truth of something he's saying is just silly -- a religion, a text editor, or a computing platform that cannot stand up for itself on its own merits should not have you trying to suppress valid criticisms of it. If it can, it doesn't *need* you trying to suppress valid criticisms, because those are minor compared to the benefits of the platform.
I prefer to not have to run file on something to determine it's type, although in the end, whatever application I'm using usually recognizes files by their magic numbers anyway.
Detection by magic numbers is slower than by extension, so a number of programs seem to like avoiding it.
First, a number of file-management programs do so -- Rox Filer, for example, does not check magic numbers, and determines the action-to-take upon click by extension alone (if it didn't, it'd have some fun handling it if the file was empty).
xmms has the option of using magic number or extension.
IIRC, gqview uses file extensions to detect type.
Oh, and for all the PC assholes who are currently saying "In your face, mac zealots" or whatnot--nobody claims that OS X is bulletproof--no computer system is.
That's "Windows assholes", unless you're concerned about the hordes of, say, BeOS advocates jumping up.
And what would someone say? "Your system has malware problems...just like ours! Nyah nyah nyah!"
It's not highly unlikely. There was a story about a similar exploit in .XM just this week on Slashdot, and a major MP3 exploit in WinAMP before. It's a major problem with software -- most of the time, developers do not validate stuff coming from data files to the degree that they do stuff coming in from the network, so it's a lot easier to manage to pull off a buffer overflow or similar. It used to be that a major malware transmission vector was disks. Next was worms, over the network (but that's pretty easy to secure). But in a day and age where P2P networks exist all over, a good attack is against any programs reading data files downloaded from someone else. Audio files, video files, compressed files, games...you name it.
All of the Linux and Windows people are going to say, "I told you so," about this little episode in security breaches.
Why? The Mac has had viruses, trojans, and worms before.
I don't believe there are any viruses for Linux, but there have been a few worms -- there was one that targetted Apache, IIRC. The infamous Internet Worm targetted *IX boxes. There are a number of rootkits to cover a hacker's tracks once he gets into your box -- a semi-equivalent to Back Orifice. There are no standard and widespread trojans that I know of, but many people custom-write malicious scripts -- I wouldn't try accepting and running random perl scripts you get from people on IRC, for instance.
Windows has had viruses, worms, and trojans aplenty.
Really, only some of these can be blamed on Microsoft. Most of the worms are at least indirectly attributable to them, but it's terribly difficult to block a trojan. It is true that Apple and Microsoft do not cryptographically sign all of their software, as major Linux distros do (I'm pretty sure every RPM-based distro, at least, signs their packages). Microsoft *does* sign drivers (though I'm a little dubious as to the practical benefit of their program to users), and *does*, IIRC, check signatures on stuff downloaded via Windows Update as it is downloaded. However, they ultimately distribute software as an executable, instead of a data file (like an RPM) and as long as they do that and the installation procedure consists of "running the application", it's going to be pretty hard to secure the process.
That isn't quite the way it works.
There's autoplay, which does what you are describing with music CDs and autostart (of which there is a standard for both Mac OS and Windows) to automatically run an application on a CD when the CD is inserted.
The problem with the AutoStart worm is that a number of media that weren't actually CDs were being treated as such by the Mac OS. At the time (and among the community that used Macs -- graphic artists) Zip disks were handed around a lot...
Am I correct in assuming all modern OS have some file validation routine to check these autostart/autolaunch applications?
You are incorrect. (Aside from Linux, though you could probably set it up using WINE to support autorun.) Windows and Mac OS both still have the ability to automatically run applications on a CD
when it is inserted. It really isn't all that big of a security hole, really. I mean, you stick the CD in...and what are you going to do? Sure enough, run the application/installer sitting on the CD.
Today, most computers are networked, and removable writeable media doesn't have the same allure that it used to (though keychain drives are still popular enough for many folks to have one lying around just in case).
I think that all this can be explained with the following file (you'll have to remove the space Slashcode introduces) :-) :
3 f1 f6ee967b560e8115|/
ed2k://|file|answer.avi|368971776|f63e02ede2f27
What are you *talking* about?
ICANN handles standards -- Internet names and numbers. There's *always* a single ultimate organization in place to do this sort of thing. Is *ANSI* a monopoly? ISO?
Furthermore, ICANN hasn't been trying to leverage their position to make money, *as Verisign has*. Heck, ICANN's had numerous funding problems over the past few years, whereas Verisign has been funneling vast amounts of money into itself over that same period of time.
There is *exactly* one organization involved that has been abusing its unique, monopoly position (root name servers) in the past year, and that is very specifically Verisign (bleeding sitefinder). There was mass outcry, and ICANN responded, telling Verisign that Verisign was running amok and risking cancellation of its special, unique privileges.
It boggles the mind that ICANN (which isn't perfect, and *is* admittedly influenced by businesses) is being accused by *Verisign* (the most awful collection of monopolistic business scum you could get your hands on) of abuse of a monopoly position.
I just can't imagine a person siding *with* Verisign and against ICANN on something like this. Christ. It's insane.
For a long time, I couldn't figure out why the RIAA was so upset about P2P. It really, honestly didn't seem to be hurting their sales numbers significantly. Maybe they kept worrying about future losses, but as time wound on, that seemed less and less likely.
Based on your actions, P2P does have a good reason for worrying the RIAA:
(a) makes it easier for indie artists to get exposure
(b) thus makes marketing (the primary incentive the RIAA has to offer artists) less valuable
(c) because pop artists are the most common, they are the easiest to pirate, and thus probably suffer the greatest sales reduction -- some of this money may be spent on hard-to-find albums for lesser-known artists.
So, while an equivalent amount of money might be spent on music, it drastically decreases the effect and influence of music publishers, and damages the marketing-driven idea of the "pop star".
That doesn't mean that I think that P2P is necessarily *good* for artists as a whole, just that it finally manages to explain something that's been nagging at me for a while.
That should be "case insensitivity".
Yeah...but...if I'm *right*, I just *lose* by virtue of having demonstrated that a useful piece of software isn't legal. I can't "win" such an argument.
I dunno...the whole "growing awareness of what's going on" worked nicely with Planet of the Apes...
He made Broken Arrow?
Ouch. Yeah, my regard for the man's directing ability has just taken a steep nosedive.
I still remember that movie as The Movie Where Everything Blew Up. Yes, it is possible to blow things up and not be exciting or interesting. At some point, you just begin to get numb as you watch another hundred thousand going into the pockets of some special effects studio. If you saw a helicopter in that movie, it was going to blow up (and didn't take a lot of provocation to do so). If there was a a vehicle, it was going to blow up. Really, if it *moved* (think train) it was going to blow up. Then, apparently their focus groups got really burnt out on the steady stream of explosions, so they blew up a nuclear bomb, just to be *sure* that they could have someone diving away from a *bigger* explosion.
Awful movie, complete waste of time to watch.
All the new Castlevanias (look at the GBA ones) are pretty similar in play to Metroid.
OTOH, I really like the Super Metroid music more than the Castlevania stuff, though I guess it's a matter of taste.