I would like to know If the so-called shatter attack still works in Vista. If it does, no amount of privilege limitation can help you.
Since you didn't provide any useful context to your question, allow me. From here:
Chris Paget says there is an irreparable hole in Win32. Any application can send
a message to any window on the same desktop regardless of whether or not the window
is owned by the application, and there is no authentication mechanism to prevent
this from happening. Paget has published a white paper describing a "shatter attack"
which allows an attacker to gain control of a system by elevating his or her
privileges. Microsoft says this does not fit their criteria/definition of a security
vulnerability.
So they're saying that beta software still has bugs in it?
I don't think its particuarly fair to be making these public accusations at this time. I'm sure the developers appreciate the testing, but an article to CNET seems a little too much
I didn't say I don't like drinking, in fact quite the opposite. The point I was trying to make is that if doesn't like going out and getting drunk or feeling like he is pressured into doing so, he might want to consider making new friends.
I meant native as in I don't have to run an X11 server behind it. I have an GTK2 app that I would like users to be able to install and go without worrying whether X11 is started.
File names aside, is there a good way to "tag" files (generic metadata) on Windows or Linux? I know some linux filesystems support extended attributes, but not all of them and even those that do may not have it enabled.
Show of hands, those of you that run a Linux machine, do you have extended attributes enabled on your filesystem
Disregarding the actual content of the story, I the think submitter is being a bit deceptive. He is affiliated with the LuLu site (as seen by his link and comments)
He should at least have the good nature and objectivity to note that he is affiliated with story he is publicising
I'll freely admit that I'm lazy (and given the fact that a lot of others here are developers, I'd say they are too) and being so, its nice to have the entire discussion summarized. In some of the larger discussions, its easy to get lost
IE's rendering engine is suckier than Monica Lewinsky holding a Dyson at the event horizon of a black hole
Mod -1: Trying too hard.
Seriously though, you say GWT tries to take Java code and translate it into a mish-mash of XHTML, CSS, and JavaScript - and the results are as mangled as one would expect. and then go on to say Until someone comes along with a framework that creates clean, semantic code with full separation of behavior, presentation, and content.... Isn't that kind of contradictory? If its spitting out xhtml, css and javascript, that seems like content, presentation, and behavior are all clearly defined.
Why the scare quotes around convenience fees? Is the submitter implying that the cell phone company should graciously provide this service for free? Or perhaps the fee isn't really a fee?
Either way, editorializing in the summary is silly.
The article doesn't really mention the behavior of the worm and is actually slightly misleading. It doesn't "infect" your computer per se, it harvests your address book contacts and then spams them. From a different article:
Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour.
I had no idea what the Canadian Heritage was, so I looked it up. Apparenty, its an official goverment branch that is responsible for national policies and programs that promote Canadian content, foster cultural participation, active citizenship and participation in Canada's civic life, and strengthen connections among Canadians.
I wouldn't piss on a person if they were rolling around on the ground on fire, and I'd not bother getting out of my car to help them if they were bleeding out in a ditch after a car accident. Seriously.
Nice strawman. In your two examples, I could help the person put his/her fire out or drive the injured person to the hospital.
Nobody cares about what happens to the workers who get fired. You're talking to (mostly) Americans here... Unless its thier job being cut, they just dont care...:-(
And honestly, why should we care? What do you expect us to do about it? They're doing what they feel is right to put the company back on track.
There would seem to be an implicit contract between myself and Goggle that they do their best to find the information I am looking for and not that they are trying to manipulate me
And whats your end of this contract? Oh yeah, not a damn thing. You could be nice and click on ads, but no one is forcing you to. Google News is supposed to return valid news sites, not opinions or blogs which is what these sites seem to be.
Sorry, I didn't mean to imply that people should be FIXING bugs on their own.
I meant that if developer X says Bug Y was fixed in CVS, the user should grab build X and actually test that the feature is actually resolved.
On another note, there is no excuse for serious projects to NOT use Jira for bug reporting.
What would you prefer?
on
The CVS Cop-Out
·
· Score: 4, Insightful
Do you want hastily written software or do you want software that works?
Any non-trivial software complication is extremely complex. Fixing bugs can create new bugs. Fixing those bugs can introduce even newer bugs, ad infinitum.
By placing code in CVS, it gives the developers a way to measure their progress but also allow users to test the code.
Want bugs fixed faster? Quit bitching and start testing.
Slashdot Mirror
Of all the guides and intros I've read, I don't think I recall getting a good intro on how to do MVC in PHP.
Since you didn't provide any useful context to your question, allow me. From here:
So they're saying that beta software still has bugs in it?
I don't think its particuarly fair to be making these public accusations at this time. I'm sure the developers appreciate the testing, but an article to CNET seems a little too much
And why shouldn't they? After all, you are renting the video. I don't see any particular problem in this specific scenario
I didn't say I don't like drinking, in fact quite the opposite. The point I was trying to make is that if doesn't like going out and getting drunk or feeling like he is pressured into doing so, he might want to consider making new friends.
Or perhaps you just need new friends. My friends and I go out plenty of times without resorting to getting plastered.
Its called being comfortable with yourself so you don't have to get drunk and act like you're not yourself
Why would users even need more than 640k of ram?
I meant native as in I don't have to run an X11 server behind it. I have an GTK2 app that I would like users to be able to install and go without worrying whether X11 is started.
Does anyone know any info on a usable, native GTK2 port for OSX?
File names aside, is there a good way to "tag" files (generic metadata) on Windows or Linux? I know some linux filesystems support extended attributes, but not all of them and even those that do may not have it enabled.
Show of hands, those of you that run a Linux machine, do you have extended attributes enabled on your filesystem
Disregarding the actual content of the story, I the think submitter is being a bit deceptive. He is affiliated with the LuLu site (as seen by his link and comments)
He should at least have the good nature and objectivity to note that he is affiliated with story he is publicising
So don't read it.
I'll freely admit that I'm lazy (and given the fact that a lot of others here are developers, I'd say they are too) and being so, its nice to have the entire discussion summarized. In some of the larger discussions, its easy to get lost
Sheesh, it was a joke (and some shameless promoting, whats wrong with that?)
It is a thread about independent games after all!
Now go play :)
Someone posted this clip on YouTube of a Futurama promo for Al Gores new movie. Great stuff
I didn't know this but Al Gores daughter, Kristin Gore is a writer for Futurama. Fun trivia for the day!
What kind of list is this? It mistakenly left PyScrabble (an awesome multi-player Scrabble game written in Python) off the list. How dare they!
Mod -1: Trying too hard.
Seriously though, you say GWT tries to take Java code and translate it into a mish-mash of XHTML, CSS, and JavaScript - and the results are as mangled as one would expect. and then go on to say Until someone comes along with a framework that creates clean, semantic code with full separation of behavior, presentation, and content.... Isn't that kind of contradictory? If its spitting out xhtml, css and javascript, that seems like content, presentation, and behavior are all clearly defined.
Why the scare quotes around convenience fees? Is the submitter implying that the cell phone company should graciously provide this service for free? Or perhaps the fee isn't really a fee?
Either way, editorializing in the summary is silly.
The article doesn't really mention the behavior of the worm and is actually slightly misleading. It doesn't "infect" your computer per se, it harvests your address book contacts and then spams them. From a different article:
Once executed, the worm forwards itself to an infected users' contacts on Yahoo! Mail. It also harvests these address and sends them to a remote internet server. Only contacts with an email address of either @yahoo.com or @yahoogroups.com are hit by this behaviour.
I had no idea what the Canadian Heritage was, so I looked it up. Apparenty, its an official goverment branch that is responsible for national policies and programs that promote Canadian content, foster cultural participation, active citizenship and participation in Canada's civic life, and strengthen connections among Canadians.
I wouldn't piss on a person if they were rolling around on the ground on fire, and I'd not bother getting out of my car to help them if they were bleeding out in a ditch after a car accident. Seriously. Nice strawman. In your two examples, I could help the person put his/her fire out or drive the injured person to the hospital.
What am I supposed to about 5000 employees jobs?
Nobody cares about what happens to the workers who get fired. You're talking to (mostly) Americans here... Unless its thier job being cut, they just dont care... :-(
And honestly, why should we care? What do you expect us to do about it? They're doing what they feel is right to put the company back on track.
Maybe if he had bought a Lenovo instead of a Levono from that guy on the street in the trenchcoat with shifty eyes, he wouldn't be having problems?
There would seem to be an implicit contract between myself and Goggle that they do their best to find the information I am looking for and not that they are trying to manipulate me
And whats your end of this contract? Oh yeah, not a damn thing. You could be nice and click on ads, but no one is forcing you to. Google News is supposed to return valid news sites, not opinions or blogs which is what these sites seem to be.
Sorry, I didn't mean to imply that people should be FIXING bugs on their own.
I meant that if developer X says Bug Y was fixed in CVS, the user should grab build X and actually test that the feature is actually resolved.
On another note, there is no excuse for serious projects to NOT use Jira for bug reporting.
Do you want hastily written software or do you want software that works?
Any non-trivial software complication is extremely complex. Fixing bugs can create new bugs. Fixing those bugs can introduce even newer bugs, ad infinitum.
By placing code in CVS, it gives the developers a way to measure their progress but also allow users to test the code.
Want bugs fixed faster? Quit bitching and start testing.