as many people have pointed out in response to you, opening word documents in different versions of word will cause the document to be displayed differently.
This is true. However, that has nothing to do with the big picture. Open documents are documents, not documents and clients/readers/editors. Take any of the open formats in the original story and the same is true: opening in different clients will cause changes in the way the document is displayed. That is not the point, the point is that the document can be opened. An html document will look different in Netscape 4.7 than in Firefox 1.0 than in IE 5.0 than in Netscape 7. What matters is that the document can be opened, can be parsed, and, in needed, a client/reader/editor can be written for it at any time in the future.
Using open documents doesn't mean "we're going to stick with one version of documents forever", it means "we're going to stick to documents that we can open forever."
Bottom line: MS AntiSpyware did almost nothing to protect me and using it to "clean" the spyware left me in a much worse position than when I started. After using MS AntiSpyware to clean my PC, I still had a new IE toolbar, a popup ad whenever I opened IE, and a big search bar over my taskbar and, thanks to MS AntiSpyware, I couldn't get rid of them. I had to reinstall the spyware and uninstall using add/remove programs.
You have pretty much full context functionality via the right-click context menu in Copernic as well as a few added features like "open containing folder" and other things we're used to from Windows search.
As the grandparent post said, banks can and do share with pretty much whomever they want. And when you agree to their privacy policy, you gave them the express consent. My bank's privacy policy (which was mailed to me recently and is sitting on my desk) says "We do not sell information about our current or former customers and do not disclose such information to third parties, except as permitted by law." That's right, if they can legally get away with it, they will do it, according to their policy.
What were you doing whining from the sidelines? You should have been drinking in front of the stage.
If I was going to go back into the music industry, Austin would be a good place to do it. I prefer my sex, drugs, and rock 'n roll to be separate from my work, though. Otherwise, the fun starts looking like work and work is no fun.
I agree with the general idea of what he said, too. I think think that market regulation is bad when it hinders me and is good when it helps me. I won't make up percentages or claim to be more nuanced than that. I'll just say "Market regulation is bad for the market. Market regulation is good for the market."
I never disagreed with that. However, he claimed he wasn't getting proper credit for having a more nuanced position than that, (and that anti-trust regulation isn't market regulation) so I suggested he demonstrate the nuance for those of us that already understood his position and were able to simplify it a little more than he wanted.
"you" is a pronoun I used (as is common) to refer to the person I was replying to. I don't know what part of "you" is causing you [uh, oh, there I go again] trouble, if you explained a little further I might be able to help.
so, in other words, you are for regulation when it benefits you (anti-trust laws that prevent supply-and-demand pricing by a company that runs 99% of a market, for example) but against it in when it hinders you (the default case: starting a company). In other words, market regulations are bad. Market regulations are good.
Music is subjective to an extent. Just like fine cigar, a good car, a great photoshop document, a good photograph, etc. Those things are subjective in some ways but to claim that there is not such a thing as cheap, poorly-made, mass-produced [cars, CDs, cigars, movies] of inferior quality that mainly exist simply because they are cheap to produce and just good enough to appeal to the lowest common denominator is just wrong.
And whenever the designers I work with tell me that I can't call music "bad" because it is art, I show them my last design work (I am a programmer) and tell them they can't say it is bad because it is art. They disagree, of course, and tell me that my art sucks.
maybe you should explain it if you want credit for it. How do you see regulation of an entity in a marketplace as different than market regulation? Market regulation, to me, means regulation of the entities in a market. I am not a "free market" person at all, I am one of those damned vauge "fair market" people, but I have to agree with the summary of your post as "Translation: Market regulation is bad for the market. Market regulation is good for the market." as well as the comment that everyone is for regulation when it benefits them but not when it hinders them. Seems like your post (and my personal theories) supports that view.
The custom handler may save you in this case. If you were not using a customer handler and were using forms authentication with the roles allowed for each folder defined in the web.config, you would be vulnerable to this because the ASP.NET engine would check for "/Admin/" in the URL (if that is a folder you defined in the config) and if it saw "/Admin\" it would not recognize it as being the same directory as "/Admin/" and thus would not apply the role check. If your custom handler parses the URL (and does a better job than IIS5/ASP.NET is doing) and recognizes "/Admin/" as "/Admin\" and "/Admin%5c" and "/Admin " etc, etc, etc, then you may be safe.
HOWEVER, I highly recommend you put the security in the object you're securing. You should also check the user's role in Admin/EditMenu.aspx instead of just at the folder level. When you are doing those checks at the page/control/object/function level, the "/" vs. "\" problem isn't really a problem at all.
IIS6 is not vulnerable to this. IIS5 is vulnerable but there are security tools that should be running on IIS5 servers (URLScan and IISLockdown) that will block this attack.
Unfortunately, it appears that many (most? all?) shared hosting providers are not running IISLockdown nor URLScan because all of the hosted sites of mine that I tested were vulnerable (except for the ones hosted on Win2k3). So, for those of us doing the shared hosted thing, we needed a fix.
Defense in depth is always a good practice but ASP.NET's directory security was just so dang easy that many of us used it and didn't do security checks on the individual pages and functions like we should have. I admit I am/was guilty of that about 50% of the time (estimated Frida based on the work I did to correct every ASP.NET site I've ever done). I have code in each page now that checks authentication instead of relying on.NET's built-in security checks since those are apparently based on the string path and there is always another way to fake a string (server phishing?). I posted a little piece of code here that shows how I check authentication/authorization at the page/function/control level.
Microsoft's suggested workaround is easier because you put the 3 lines of code in 1 place, but after this security scare, I don't think I will ever rely on ASP.NET directory security (nor should I have ever relied on it).
Most cool bars and restaurants around here have a "Shot in the Dark" (aka "Irish Speedballs")which is a doubleshot of espresso poured onto a pint of Guinness. DAMN good. The bitter in each seems to disappear and the result is a sweet dark chocolate flavor.
No, this is incorrect. MS is not checking 3rd party software and warning the user. MS is only checking MS software, but not all MS software on the computer, and then giving a message that, for instance, MS Office 2003 may be vulnerable and that you should update via this link (insert link to office update). However, after getting there, you may scan for updates and see that there are none. Running the GDI scan will give you the same message.
MS' GDI vulnerability scan tool does not mention 3rd party software.
I read via an RSS reader. Clicking the linky linky in the RSS summary to open the actual slashdot web page always opens the normal green page instead of the funky colored ones.
I've finally learned that I have to use the "keep setup files" option and keep that huge pile of Office Setup Files around. Disk Clean-up always tries to get rid of them for me but have to keep them. I have the Office disks, but I keep everything packed away and it's a pain to dig them out. The reason they are needed, usually, is because of certain files that aren't needed any other time than during setup. Keeping the setup files on my PC keeps me from digging out the CDs for every service pack.
It's taken me how many years to figure this out? I wish someone would have explained this to me earlier.
Slashdot Mirror
definitely should have previewed that one first. Sorry for the bold.
as many people have pointed out in response to you, opening word documents in different versions of word will cause the document to be displayed differently.
This is true. However, that has nothing to do with the big picture. Open documents are documents, not documents and clients/readers/editors. Take any of the open formats in the original story and the same is true: opening in different clients will cause changes in the way the document is displayed. That is not the point, the point is that the document can be opened. An html document will look different in Netscape 4.7 than in Firefox 1.0 than in IE 5.0 than in Netscape 7. What matters is that the document can be opened, can be parsed, and, in needed, a client/reader/editor can be written for it at any time in the future.
Using open documents doesn't mean "we're going to stick with one version of documents forever", it means "we're going to stick to documents that we can open forever."
I recreated the only spyware infection I've ever had in order to test MS AntiSpyware.
Bottom line: MS AntiSpyware did almost nothing to protect me and using it to "clean" the spyware left me in a much worse position than when I started. After using MS AntiSpyware to clean my PC, I still had a new IE toolbar, a popup ad whenever I opened IE, and a big search bar over my taskbar and, thanks to MS AntiSpyware, I couldn't get rid of them. I had to reinstall the spyware and uninstall using add/remove programs.
I guess it was modded "troll" because there isn't an answer to the question I asked. I asked hoping to get an answer.
So I ask again... What am I missing by using Firefox instead of Mozilla?
I haven't touched Mozilla in over a year now. Everything I want in a browser is in Firefox, I don't see any reason to use Mozilla.
What am I missing?
You have pretty much full context functionality via the right-click context menu in Copernic as well as a few added features like "open containing folder" and other things we're used to from Windows search.
As the grandparent post said, banks can and do share with pretty much whomever they want. And when you agree to their privacy policy, you gave them the express consent. My bank's privacy policy (which was mailed to me recently and is sitting on my desk) says "We do not sell information about our current or former customers and do not disclose such information to third parties, except as permitted by law." That's right, if they can legally get away with it, they will do it, according to their policy.
Michael Powell called them "the inventors of Kazaa" and, instead of correcting that, they quoted him here on their site. And then, on their own "founders" page, the first sentence is "Skype was created by Niklas Zennström and Janus Friis, founders of KaZaA -- the world's most popular Internet software".
There are more examples, of course, but since this was incorrectly deemed 'informative', I felt the need to point out that it is 'misinformative'.
Hundredth Monkey, anyone?
What were you doing whining from the sidelines? You should have been drinking in front of the stage.
If I was going to go back into the music industry, Austin would be a good place to do it. I prefer my sex, drugs, and rock 'n roll to be separate from my work, though. Otherwise, the fun starts looking like work and work is no fun.
my 2 favorite essays on the subject of Labels vs. Bands (a situation that is over half a century old but that only now has a chance of being changed, thanks to the internet) are Courtney Love's speech to the Digital Hollywood online entertainment conference and Steve Albini's "the problem with music". Very few people outside the music industry know (or care) about this and most artists don't find out until it is too late.
I agree with the general idea of what he said, too. I think think that market regulation is bad when it hinders me and is good when it helps me. I won't make up percentages or claim to be more nuanced than that. I'll just say "Market regulation is bad for the market. Market regulation is good for the market."
I never disagreed with that. However, he claimed he wasn't getting proper credit for having a more nuanced position than that, (and that anti-trust regulation isn't market regulation) so I suggested he demonstrate the nuance for those of us that already understood his position and were able to simplify it a little more than he wanted.
"you" is a pronoun I used (as is common) to refer to the person I was replying to. I don't know what part of "you" is causing you [uh, oh, there I go again] trouble, if you explained a little further I might be able to help.
so, in other words, you are for regulation when it benefits you (anti-trust laws that prevent supply-and-demand pricing by a company that runs 99% of a market, for example) but against it in when it hinders you (the default case: starting a company). In other words, market regulations are bad. Market regulations are good.
Music is subjective to an extent. Just like fine cigar, a good car, a great photoshop document, a good photograph, etc. Those things are subjective in some ways but to claim that there is not such a thing as cheap, poorly-made, mass-produced [cars, CDs, cigars, movies] of inferior quality that mainly exist simply because they are cheap to produce and just good enough to appeal to the lowest common denominator is just wrong.
And whenever the designers I work with tell me that I can't call music "bad" because it is art, I show them my last design work (I am a programmer) and tell them they can't say it is bad because it is art. They disagree, of course, and tell me that my art sucks.
maybe you should explain it if you want credit for it. How do you see regulation of an entity in a marketplace as different than market regulation? Market regulation, to me, means regulation of the entities in a market. I am not a "free market" person at all, I am one of those damned vauge "fair market" people, but I have to agree with the summary of your post as "Translation: Market regulation is bad for the market. Market regulation is good for the market." as well as the comment that everyone is for regulation when it benefits them but not when it hinders them. Seems like your post (and my personal theories) supports that view.
The custom handler may save you in this case. If you were not using a customer handler and were using forms authentication with the roles allowed for each folder defined in the web.config, you would be vulnerable to this because the ASP.NET engine would check for "/Admin/" in the URL (if that is a folder you defined in the config) and if it saw "/Admin\" it would not recognize it as being the same directory as "/Admin/" and thus would not apply the role check. If your custom handler parses the URL (and does a better job than IIS5/ASP.NET is doing) and recognizes "/Admin/" as "/Admin\" and "/Admin%5c" and "/Admin " etc, etc, etc, then you may be safe. HOWEVER, I highly recommend you put the security in the object you're securing. You should also check the user's role in Admin/EditMenu.aspx instead of just at the folder level. When you are doing those checks at the page/control/object/function level, the "/" vs. "\" problem isn't really a problem at all.
Do you mean URLScan? If you mean IISLockdown, can you post a link to more information about this?
I saw that the MS article states that Win2k3 is vulnerable but I haven't seen/heard/read of anyone who can verify that.
IIS6 is not vulnerable to this. IIS5 is vulnerable but there are security tools that should be running on IIS5 servers (URLScan and IISLockdown) that will block this attack.
.NET's built-in security checks since those are apparently based on the string path and there is always another way to fake a string (server phishing?). I posted a little piece of code here that shows how I check authentication/authorization at the page/function/control level.
Unfortunately, it appears that many (most? all?) shared hosting providers are not running IISLockdown nor URLScan because all of the hosted sites of mine that I tested were vulnerable (except for the ones hosted on Win2k3). So, for those of us doing the shared hosted thing, we needed a fix.
Defense in depth is always a good practice but ASP.NET's directory security was just so dang easy that many of us used it and didn't do security checks on the individual pages and functions like we should have. I admit I am/was guilty of that about 50% of the time (estimated Frida based on the work I did to correct every ASP.NET site I've ever done). I have code in each page now that checks authentication instead of relying on
Microsoft's suggested workaround is easier because you put the 3 lines of code in 1 place, but after this security scare, I don't think I will ever rely on ASP.NET directory security (nor should I have ever relied on it).
Most cool bars and restaurants around here have a "Shot in the Dark" (aka "Irish Speedballs")which is a doubleshot of espresso poured onto a pint of Guinness. DAMN good. The bitter in each seems to disappear and the result is a sweet dark chocolate flavor.
No, this is incorrect. MS is not checking 3rd party software and warning the user. MS is only checking MS software, but not all MS software on the computer, and then giving a message that, for instance, MS Office 2003 may be vulnerable and that you should update via this link (insert link to office update). However, after getting there, you may scan for updates and see that there are none. Running the GDI scan will give you the same message.
MS' GDI vulnerability scan tool does not mention 3rd party software.
I get solid speeds of 20 Kb/s to 2400Kb/s (Kb, not KB) using Sharaza to download Bittorrent. Not sure why you're having problems.
I read via an RSS reader. Clicking the linky linky in the RSS summary to open the actual slashdot web page always opens the normal green page instead of the funky colored ones.
I've finally learned that I have to use the "keep setup files" option and keep that huge pile of Office Setup Files around. Disk Clean-up always tries to get rid of them for me but have to keep them. I have the Office disks, but I keep everything packed away and it's a pain to dig them out. The reason they are needed, usually, is because of certain files that aren't needed any other time than during setup. Keeping the setup files on my PC keeps me from digging out the CDs for every service pack.
It's taken me how many years to figure this out? I wish someone would have explained this to me earlier.