Yeah it's pretty straightforward: if the executable bit is not set then the file is merely *displayed* as a plain text file. If the executable bit is set then it is *run*.
That means you cannot simply save an attachment from a message and run it. You can however display it, which is fine.
Everything works like this except for.desktop files, which because of an oversight, default to *running* on double-click even if not marked executable. Hence the attack vector. It is made nastier by the fact that.desktop files can disguise themselves with a name and icon of their choosing.
The best you can do is be aware, vigilant, and choose software that has less vulnerabilities and whose writers work hardest to correct the problems fastest.
Which in this case is unlikely to be GNOME or KDE, since this attack has been known for several years and absolutely nothing has been done about it (it's "expected behaviour").
This has very little to do with user stupidity. Indeed, users should not execute things willy-nilly, but it's surely okay to open a file and look at its contents? If you think that is inherently unsafe then users must be prohibited from receiving email attachments (or downloading from web pages) altogether.
In this case there are no warning dialogues to click through, no unusual steps. All that happens is you save a file and then double-click to open it. There is no way to see in advance that the file is unsafe, and it can adopt any icon and name it wishes, so in the user interface it is *indistinguishable* from a legitimate desktop icon such as the trash can.
It gets a laugh on Slashdot to castigate 'stupid' users, but if the system does not provide users with the information needed to make an informed choice, then the system is at fault.
It depends on the user clicking to 'save attachment'. The attachment is not in fact a shell script but a.desktop file. If it goes to the desktop background (as is often the default when saving files) then it can choose any icon it wishes, disguising itself as a plain text file or a JPEG image or even another copy of the 'Computer' icon that launches the file browser.
Interestingly if we wish to reinforce the 'chmod +x' scheme, desktop files should need a +x (or some other non-MIME property) to be treated specially by GNOME and KDE. Might be an idea.
That would solve this issue at a stroke (even though many of the other ideas people have suggested are also worthwhile) and it's amazing it hasn't been done years ago.
1. Copyright infringement by itself is a civil wrong, not a crime. (Many jurisdictions have criminalized things like distributing pirated DVDs or bypassing access controls, but still it is not usually a crime to put a file on a server.) So you cannot be an accessory to a crime here.
2. The content of pages at a given address can change.
3. What is legal in one jurisdiction may be infringing copyright in another.
4. The site is not linking to content they 'know' is illegal. The process is fully automatic and the computer does not know what is illegal and what isn't. The people who 'know' are those who upload the links in the first place.
5. If a page linking to illegal material is itself illegal, then so is a page linking to that page, and so on. Almost the whole Web would be illegal.
6. Surely the RIAA and others send emails and make internal web pages with links to sites that infringe copyright. By your measure, this would also be illegal since it's linking.
7. Linking to a page is simply mentioning its address. If that were illegal, it would effectively be illegal to disclose the existence of certain web pages.
8. It would be an unmanageable burden for search engines, site operators and just about everybody if they had to check every link (or satisfy themselves that they do not 'know' it contains illegal material) before adding it. Better that the legal responsibility for content on a particular server is held by the owner of that server alone.
you may make your own translation and keep it for your own use.
Do you have a citation for that? It does seem odd that copyright law prohibits making translations, even if you don't distribute them, but that's always what I've read. Perhaps this was an oversimplification.
It's worth noting that the Windows x86 binary runs fine under Wine, and that's how I first played the game before buying it and running it on a Mac. A native Linux release is great news though.
A large university can install a mini printing press (or in other words, a big printer that does bookbinding) in the library. Publishers (or authors) can distribute their books electronically, and for those students who want to pay for it, a print-on-demand copy will be fairly cheap. Other students might prefer to buy an ebook reader like the Kindle (or just use their mobile phone, in a couple of years' time when screens are good enough) or just spend as little money as possible by reading the book on a college PC.
I would suggest the Openstreetmap Silverlight renderer, but it exposes some bugs in Moonlight and the developer is still working with the Moonlight developers to get it running.
They might be smoother yet not softer. That is essentially the art of making suspension: anyone can make a car which gives a smooth ride but wallows round corners, or one which handles well but rattles your bones. Hydraulic shock absorbers are often thought to give a smoother ride than springs but with just as good handling: look at the hydropneumatic suspension traditionally used by Citroen (and licensed by some other manufacturers).
You know, there is no '+1 correct' moderation, nor '-1 disagree'. Nor is there a moderation flag for common sense, although '-1 redundant' is fairly close.
Yeah but that doesn't mean you have to register first. A simple 'your email address here' field would do fine. (Registration and more advanced notification can still be there for developers and advanced users.)
Microsoft Windows support for ARM is almost meaningless. What counts is all the crappy binary-only apps that people want to run - you know, the reason they're stuck on Windows in the first place. NT used to run on Alpha, MIPS and SPARC, but without support from application vendors the ports were stillborn. (OK, I have a copy of Microsoft Word 6.0 for Alpha somewhere, and you can still get some random free software like Info-ZIP and Putty built for it, but essentially it's a toy.)
Compare with Apple, which made it pretty easy for vendors to ship 'fat binaries' and did emulation of the older chip to give a pretty smooth transition from m68k to PowerPC and from PowerPC to i386. That's not really an option here, because emulating a Pentium in software on an ARM chip isn't going to do much good for performance or power consumption.
If this law to track citizens' movement were passed in America, we would exercise our second amendment rights.
Yeah, just like that time when the gun owners rose up to end segregation in the South and enforce civil rights for black people. Good old NRA, always there to defend liberty! It's a good job you guys are all armed, otherwise who knows what kind of abuses the US government and states might be able to get away with.
You certainly will be able to use the money argument. Set up a pilot programme or a lab equipped with free software, and use it as a bargaining chip in negotiations with Microsoft. If the members of the university like the software (and they should, right, because it's better?) then you can expect it to catch on.
Also set a couple of more concrete goals, like migrating to Firefox from IE for security reasons.
Qt is a great platform. That doesn't however cover the thousands of applications currently being developed for.NET or the thousands of programmers (some skilled, some certainly idiots, but certainly a big pool of talent) who are familiar with the platform. If Mono did nothing else but provide an easy way for Windows applications to be ported to Linux, as a kind of cousin to Wine, it would still be worth having.
BTW - there are C# bindings to Qt, and they're likely to become more popular at least among Windows developers.
A large number of patents that cover the.NET runtime will also apply to the Java runtime, so if Mono carries a risk of being sued for patent infringement, the JVM carries pretty much the same risk. (Heck, even the Linux kernel itself necessarily infringes hundreds of software patents, and I'm not just talking about those held by Microsoft. Welcome to the US patent system.)
Obviously you wouldn't carry around your sensitive data on the phone. That's just daft. It would be stored on a central server somewhere where it's backed up.
Given that, it does indeed seem a bit pointless to rely on plugging in a physical device. More likely you'll just navigate to some web site and have all your applications, data and settings available. This is pretty much already the case for many users.
A popular way of distributing software - especially for people to try it out - is as a complete Linux distribution disk image that you can run with the VMWare Player. Is that program also going to become free? (If not, I guess it should be replaced with VirtualBox, but VirtualBox doesn't seem quite as polished.)
As far as I can tell this is just a client application connecting to the VMWare View server, which is some kind of Citrix-like remote desktop server and remains proprietary. So no big deal, it appears.
The numbers cited are at 'purchasing power parity' - that is, they are adjusted for the fact that many things are just more expensive in rich countries. They aren't just raw dollar numbers, which I agree would give a misleading impression. In dollar terms, the difference between the US and China is much greater.
So they're going to help improve the 'quality' of software patents so that patent trolls, rather than getting weak patents which can be easily challenged in court, will be able to get stronger, less contestable patents. They're going to publish prior art so that patent applications can be carefully worded to work around it. This may not be such a great idea.
Slashdot Mirror
Yeah it's pretty straightforward: if the executable bit is not set then the file is merely *displayed* as a plain text file. If the executable bit is set then it is *run*.
That means you cannot simply save an attachment from a message and run it. You can however display it, which is fine.
Everything works like this except for .desktop files, which because of an oversight, default to *running* on double-click even if not marked executable. Hence the attack vector. It is made nastier by the fact that .desktop files can disguise themselves with a name and icon of their choosing.
Which in this case is unlikely to be GNOME or KDE, since this attack has been known for several years and absolutely nothing has been done about it (it's "expected behaviour").
This has very little to do with user stupidity. Indeed, users should not execute things willy-nilly, but it's surely okay to open a file and look at its contents? If you think that is inherently unsafe then users must be prohibited from receiving email attachments (or downloading from web pages) altogether.
In this case there are no warning dialogues to click through, no unusual steps. All that happens is you save a file and then double-click to open it. There is no way to see in advance that the file is unsafe, and it can adopt any icon and name it wishes, so in the user interface it is *indistinguishable* from a legitimate desktop icon such as the trash can.
It gets a laugh on Slashdot to castigate 'stupid' users, but if the system does not provide users with the information needed to make an informed choice, then the system is at fault.
It depends on the user clicking to 'save attachment'. The attachment is not in fact a shell script but a .desktop file. If it goes to the desktop background (as is often the default when saving files) then it can choose any icon it wishes, disguising itself as a plain text file or a JPEG image or even another copy of the 'Computer' icon that launches the file browser.
That would solve this issue at a stroke (even though many of the other ideas people have suggested are also worthwhile) and it's amazing it hasn't been done years ago.
1. Copyright infringement by itself is a civil wrong, not a crime. (Many jurisdictions have criminalized things like distributing pirated DVDs or bypassing access controls, but still it is not usually a crime to put a file on a server.) So you cannot be an accessory to a crime here.
2. The content of pages at a given address can change.
3. What is legal in one jurisdiction may be infringing copyright in another.
4. The site is not linking to content they 'know' is illegal. The process is fully automatic and the computer does not know what is illegal and what isn't. The people who 'know' are those who upload the links in the first place.
5. If a page linking to illegal material is itself illegal, then so is a page linking to that page, and so on. Almost the whole Web would be illegal.
6. Surely the RIAA and others send emails and make internal web pages with links to sites that infringe copyright. By your measure, this would also be illegal since it's linking.
7. Linking to a page is simply mentioning its address. If that were illegal, it would effectively be illegal to disclose the existence of certain web pages.
8. It would be an unmanageable burden for search engines, site operators and just about everybody if they had to check every link (or satisfy themselves that they do not 'know' it contains illegal material) before adding it. Better that the legal responsibility for content on a particular server is held by the owner of that server alone.
Do you have a citation for that? It does seem odd that copyright law prohibits making translations, even if you don't distribute them, but that's always what I've read. Perhaps this was an oversimplification.
Apparently you can change the resolution: Program Files -> World of Goo -> properties -> config.txt.
(IMHO it is Windows's behaviour of rearranging the whole desktop just because you played a game fullscreen which is retarded.)
It's worth noting that the Windows x86 binary runs fine under Wine, and that's how I first played the game before buying it and running it on a Mac. A native Linux release is great news though.
The experienced reader, according to Brian Kernighan, will usually know what's wrong.
A large university can install a mini printing press (or in other words, a big printer that does bookbinding) in the library. Publishers (or authors) can distribute their books electronically, and for those students who want to pay for it, a print-on-demand copy will be fairly cheap. Other students might prefer to buy an ebook reader like the Kindle (or just use their mobile phone, in a couple of years' time when screens are good enough) or just spend as little money as possible by reading the book on a college PC.
I would suggest the Openstreetmap Silverlight renderer, but it exposes some bugs in Moonlight and the developer is still working with the Moonlight developers to get it running.
They might be smoother yet not softer. That is essentially the art of making suspension: anyone can make a car which gives a smooth ride but wallows round corners, or one which handles well but rattles your bones. Hydraulic shock absorbers are often thought to give a smoother ride than springs but with just as good handling: look at the hydropneumatic suspension traditionally used by Citroen (and licensed by some other manufacturers).
You know, there is no '+1 correct' moderation, nor '-1 disagree'. Nor is there a moderation flag for common sense, although '-1 redundant' is fairly close.
Yeah but that doesn't mean you have to register first. A simple 'your email address here' field would do fine. (Registration and more advanced notification can still be there for developers and advanced users.)
Microsoft Windows support for ARM is almost meaningless. What counts is all the crappy binary-only apps that people want to run - you know, the reason they're stuck on Windows in the first place. NT used to run on Alpha, MIPS and SPARC, but without support from application vendors the ports were stillborn. (OK, I have a copy of Microsoft Word 6.0 for Alpha somewhere, and you can still get some random free software like Info-ZIP and Putty built for it, but essentially it's a toy.)
Compare with Apple, which made it pretty easy for vendors to ship 'fat binaries' and did emulation of the older chip to give a pretty smooth transition from m68k to PowerPC and from PowerPC to i386. That's not really an option here, because emulating a Pentium in software on an ARM chip isn't going to do much good for performance or power consumption.
Yeah, just like that time when the gun owners rose up to end segregation in the South and enforce civil rights for black people. Good old NRA, always there to defend liberty! It's a good job you guys are all armed, otherwise who knows what kind of abuses the US government and states might be able to get away with.
You certainly will be able to use the money argument. Set up a pilot programme or a lab equipped with free software, and use it as a bargaining chip in negotiations with Microsoft. If the members of the university like the software (and they should, right, because it's better?) then you can expect it to catch on.
Also set a couple of more concrete goals, like migrating to Firefox from IE for security reasons.
Qt is a great platform. That doesn't however cover the thousands of applications currently being developed for .NET or the thousands of programmers (some skilled, some certainly idiots, but certainly a big pool of talent) who are familiar with the platform. If Mono did nothing else but provide an easy way for Windows applications to be ported to Linux, as a kind of cousin to Wine, it would still be worth having.
BTW - there are C# bindings to Qt, and they're likely to become more popular at least among Windows developers.
A large number of patents that cover the .NET runtime will also apply to the Java runtime, so if Mono carries a risk of being sued for patent infringement, the JVM carries pretty much the same risk. (Heck, even the Linux kernel itself necessarily infringes hundreds of software patents, and I'm not just talking about those held by Microsoft. Welcome to the US patent system.)
Frontmotion Firefox is a specially crippled version of Firefox that enforces Group Policies.
Obviously you wouldn't carry around your sensitive data on the phone. That's just daft. It would be stored on a central server somewhere where it's backed up.
Given that, it does indeed seem a bit pointless to rely on plugging in a physical device. More likely you'll just navigate to some web site and have all your applications, data and settings available. This is pretty much already the case for many users.
I don't think coax is used at all - phone lines are usually twisted pairs, or even just plain untwisted wires.
A popular way of distributing software - especially for people to try it out - is as a complete Linux distribution disk image that you can run with the VMWare Player. Is that program also going to become free? (If not, I guess it should be replaced with VirtualBox, but VirtualBox doesn't seem quite as polished.)
As far as I can tell this is just a client application connecting to the VMWare View server, which is some kind of Citrix-like remote desktop server and remains proprietary. So no big deal, it appears.
The numbers cited are at 'purchasing power parity' - that is, they are adjusted for the fact that many things are just more expensive in rich countries. They aren't just raw dollar numbers, which I agree would give a misleading impression. In dollar terms, the difference between the US and China is much greater.
So they're going to help improve the 'quality' of software patents so that patent trolls, rather than getting weak patents which can be easily challenged in court, will be able to get stronger, less contestable patents. They're going to publish prior art so that patent applications can be carefully worded to work around it. This may not be such a great idea.