I think the real giveaway here is that Windows creates a new thread when presented with this magic length. That's like rolling out the red carpet for the attacking Huns. I don't think the average buffer overflow type exploit gets it's own thread or process.
I don't find this (or the originial article) convincing. He makes a wildly unsubstantiated claim about the WMF vulnerability being intentional.
The whole Escape/SetAbortProc vulnerability is built around some (admittedly stupid) functionality in WMF files. WMF files have the ability to set an application callback function for an abort condition.
If the code which prcoesses this WMF file is going to call a user-supplied abort procedure, it's very reasonable for it to create a separate thread for that to happen in, rather than blocking. After all, it has no way of knowing what the application's response will be, or how long it will take.
The point I'm making is that in your college 3D class, you write a bunch of generic OpenGL code, and eventually a spinning teapot comes up on the screen. Good job, A+.
If you actually want to write a 3D engine along the lines of Doom or Unreal, this won't work. Differences in pipeline architechture mean writing a whole lot of redundant code. Otherwise, get ready for some ugly benchmark numbers. In the academic world, 50 fps or 20 fps makes no difference. Commercial game developers don't have that luxury.
Now imagine what that code would look like if instead of just compensating for minor differences in the OpenGL pathway, you were running on a whole different CPU. By the way, some of the important parts of a 3D engine are still hand-coded in assembly. Will x86 assembly work on PPC?
Bottom line, the idea that game companies should write for OpenGL and then just recompile for MacOS is completely ludicrous.
The issue is dumbasses writing games in direct3d instead of opengl.
Direct3D offered a lot of features which OpenGL didn't. And still does.
When chipmakers started putting programmable vertex and pixel shaders into silicon, Microsoft extended Direct3D to support them. OpenGL hemmed and hawed for another four years, and OpenGL 2.0 with programmable pipelines is still not widely deployed. Four years is an eternity in gaming software unless you're working on Duke Nukem 3D.
You don't have to rewrite your game to take advantage of PPC, that's why we have compilers.
Ok, you're obviously someone who's never done any serious commercial 3D game programming.
In reality, most OpenGL code written even for Windows games is filled with stuff like this:
if (ATI_3_SERIES) //...OpenGL code else if (ATI_5_SERIES) //...OpenGL code else if (NVIDIA_20) //...OpenGL code
That's for the same OpenGL 3D engine running on x86 under Windows. If you think you're going to move Doom 2 to MacOS PPC by "recompiling", you're crazy.
Not everyone buying a Mac Pro to run Windows will be "migrating". I plan to buy one of these laptops once the next version comes out and the price on these models drops.
Not to run MacOS, but to use as a Windows box. I've always admired Apple's hardware engineering. I think their computers are well-built, and would definitely pay a few hundred dollars premium over a Dell or IBM laptop.
I just don't have any need for MacOS. I've got boatloads of Windows software I don't feel like buying all over again, which is why I've never bought Apple up till now.. Dual core laptop with ATI 256MB video? Sign me up! Once these guys drop below the $1500 mark (a year or so), my new laptop will be on the way.
Here come a thousand theories regarding which external factors are driving women away from careers in computer science, physics, biochemistry, and similar "slide-rule jobs".
Allow me to submit one explanation which is based on economics rather than blind emotion:
Women are less likely to pursue a career in Computer Science because of rational self-interest, and not due to external factors.
That being the case, there is no "fix" needed, because nothing is "broken". To the extent that we are already encouraging women to enter the "hard" sciences through preferences and affirmative action, we are doing those women a disservice.
The elephant standing in the corner which no on wants to mention is childbirth. Women are far more likely than men to desire an extended leave of absence from their field -- think five or ten years.
Let's try to list some careers which you can set aside for the better part of a decade, then re-enter without too much trouble and without taking a huge hit in earnings. Here are a few off the top of my head: teacher, nurse, receptionist, administrative assistant.
How about some careers where the techonology moves so fast that taking five or ten years off means you basically have to start over at square one: computer programmer, electrical engineer, CEO, neurosurgeon.
Anyone noticing a pattern here? Feminists talk a lot about giving women "choices", but wow do they ever get upset when those women make choices they don't like! In that whole four-page article, not once was it suggested that perhaps Computer Science is not actually a college major which fits with many womens' long-term goals. Goals which include childrearing and taking an extended leave of absence from their career.
If your card is issued by MBNA, you can do this as well. Their name for it is "ShopSafe".
Go to their website and you can sign up online in a few minutes. They also have a downloadable app you can run on your PDA to generate single-use CC numbers.
I do this for all online purchases now. Even if a website isn't an outright scam, who's to say if they'll get hacked and my credit card number stolen? Using ShopSafe you can set charge limits, and close out a number after the expected charge has cleared.
In some areas of public safety the law requires the standard to be used.
Yes, this approach gave us the wonderful OSI networking model. You remember OSI? That standard which was supported by governments across Europe, Asia, and even (in its less enlightened moments) the United States? That standard which was completely unworkable despite 15 years of bickering and pissing away money?
Meanwhile the Internet Engineering Task Force changed the world forever. How? By publishing standards which worked and which companies actually wanted to implement. Not by of begging Momma Government to require compliance.
TFA says WiMedia hope the IEEE will back off UWB standard setting
Not surprising. That doesn't mean the IEEE will abandon their efforts, but I'm sure WiMedia hopes they will.
Instead of crying to the IEEE, Freescale should get their standard published by ECMA, ISO, or whomever is willing.. Then get to work convincing manufacturers that their UWB is better, faster, and/or cheaper than Intel's offering.
ECMA has rubberstamped one company's technology, to the possible exclusion of other worthy efforts
Let the marketplace decide whose efforts are "worthy".
Standards bodies should "rubberstamp" any standard which is unambiguously defined.
The goal of a standards body should be interoperation between products which implement their standard. Instead, the IEEE tries to play kingmaker by deciding which proposal is the best, and rejecting all others. Manufacturers have been wanting a UWB technology for years, and they got sick of waiting for it. Go ECMA!
ECMA's fast track to ISO means international standards may mandate technology protected by US patent law
Standards don't "mandate" anything, because consumers are free to pick products which deliver the features they want at a price they can accept.
The ECMA approach is the right one: make sure a standard is consistant and unambigous, then publish it. If people don't like the standard, they can ignore it.
Thus laying bare the ridiculous nature of campaign finance laws in the first place. Consider:
> If a reporter or editor wants to endorse Bill Gates for president, they can do it. They can write a 2,000 word puff piece about how great he is and publish it in the New York Times.
> Unless of course, they quit their job and want to pay the New York Times to run the exact same article, word for word. This would now be a violation of campaign finance laws, because only reporters and editors are allowed to have opinions. If a private citizen has an opinion, he's trying to destroy the democratic process.
> Unless the non-reporter's name happens to be Bill Gates, in which case it becomes legal again. The Supreme Court has said that you can always spend money campaigning for yourself.
End result: Rich people can finance their own campaigns without any limits (see Ross Perot), but middle-class types are breaking the law if they buy ads endorsing a candidate they would like to see elected. That, and the First Amendment is flushed down the toilet.
Look out: here come hordes of Slashbots to explain why Apple can integrate IM and video into MacOS and it's good for consumers, but if Microsoft does the same thing, somehow it's bad for consumers.
Antitrust laws: if you can't get Socialism, they're the next-best thing.
The Hydrogen car Engineuity is working on will use metals such as Magnesium or Aluminum which will come in the form of a long coil.
Is there any posibility we could send the entire slashdot editorial board to a class called "Thermodynamics 101"?
Actually, a lot of Hydrogen Economy True Believers need to enroll in that same class. Nothing against hydrogen per se, but half the nation seems to think of it as an energy source, which of course it isn't..
If you're speaking of sites like allofmp3.com, please specify your sources or at least link to some evidence that the operation is anything but legal. It is my understanding that monetary compensation is given to the respective author for each download under the copyright laws currently in effect in that country.
Don't be ridiculous.
AllofMP3.com has songs which have never been authorized for internet distribution by any site -- for example, The Beatles have never signed on with iTunes, Napster, or any other online service. The copyright holders are still waiting to see how things play out. But their entire song catalog is available at allofmp3.com.
The Russian site claimed it had licenses to do so from a local clearing house, but record labels have maintained that the licenses weren't valid. After long-standing complaints, the Moscow City Police Computer Crimes division completed an investigation earlier this month and recommended that prosecutors charge the site's operators with criminal copyright infringement.
Yes. And if I were to commission you to make a film, you would quite rightly expect money in return. But if I buy a film from you and then make a copy and give it to my friend, what service are you providing in the second instance?
The service of discounting your original purchase price of the film. If buying a film automatically granted you the right to copy and distribute it worldwide without paying any additional fee, how much do you think a DVD of Shrek 2 would cost? $10 million? $50 million? More, probably. Of course in reality, most movies would never get made. Those that were made would be shown only in theatres, after a careful body search of every single patron (to make absolutely sure they weren't smuggling in a video camera).
Movie studios are willing to sell you one copy of a film which cost them $100 million to make for just $10 or $15 -- provided you agree not to make more copies, because the studio needs to sell a lot of copies to recoup their production costs.
When you buy a Hollywood movie for $10, you make a legally binding promise not to copy and distribute that movie. You can't claim ignorance of that fact -- there's an obtrusive copyright notice printed on the outside of the package, not to mention the annoying 15-second FBI copyright warning within the movie itself. If you don't like that restriciton, you're under no obligation to purchase the film in the first place. Having purchased the film, you cannot simply turn around and say "ok, I don't like the restrictions it came with, I think I'll ignore them."
If it were ok for you to make copies of the Dimension Films movie Scream, then what's to stop Dimension's competitor, Paramount Pictures, from buying one copy and selling (or even giving) away millions of duplicates?
Please no responses about how Titanic or Star Wars: Episode III wouldn't be missed. If you don't like big budget movies, then you certainly won't be put out by not being able to download them.
If I spend a month digging holes in the ground and then filling them in again, do I deserve to get paid?
If you did it because someone promised to pay you for it, then yes, you deserve to get paid. If I tell you I'll pay $50 for each hole you dig and fill in, then after you do all the work I decide that a filled-in hole is worthless and refuse to pay you, I am in breach of our agreement. I can't just walk away from my obligations after you've met your obligations.
Similarly, if you buy a copy of The Matrix for $13.99 at Wal-Mart and agree not to make copies of it, you can't simply walk away from the agreement and fire up the DVD burner or BitTorrent.
I'm not saying I agree with the information-wants-to-be-free position, but it is consistent and defensible.
It's consistent. It would lead to a world where only the super-rich had easy access to high quality entertainment, but it's consistent.
What's not consistent is downloading your movies and songs for free (screw licenses, dammit!!), then turning around and complaining about DrDOS violating the GPL (obey licenses, dammit!!).
Presuming that by "russian piracy sites" you mean sites that offer downloads legal in Russia, then there is nothing illegal about that.
There's nothing legal about the current crop of Russian movie and song download sites. They're only "legal" in the sense that they have bribed government officials to ignore them.
Russia is a signatory to both the Berne and Geneva Copyright Convetions, and will soon join the WTO (which will mandate life+70 copyright protections).
Getting the Russian authorities to actually do something about illegal download sites, however... Well, that's a different matter. In any case, if you're in the United States whilst downloading your movies and songs from Russia, then you are subject to US law.
complying with the GPL only involves them distributing things they already have and can reproduce at no cost to their customers.
Yes, and complying with Sony Pictures' license only involves forking over ten bucks.
There are some things which are acceptable to demand and some which aren't.
Well unless you're a pretty hard-code Socialist, demanding money in exchange for goods and services is "acceptable".
If I want someone to fix my roof or give me a new car, chances are they will demand money in return. Is that "acceptable"?
The songs and movies this guy is downloading from Russian piracy sites didn't just appear from thin air. Real people had to go to work every day to produce them. These people put a lot of work into making music and video products which the original poster desires; why shouldn't they get payed for their work?
I admire him a lot, so feel free to ignore this post if you want to continue your bigoted, uninformed opinions instead of learning something.
Ok I think this post officially moves us from the realm of "some computer hippy railing against copyright" into the realm of "cult leader and his snotty followers trying to browbeat you into drinking the kool-aid".
Actually, if you read the FreeDOS page, the FreeDOS author only requests that Dr. DOS Inc. do something about complying with the GPL. i.e. He's asking them to...
Yes, and the movie and record companies are only asking that you comply with their licenses. Ie, they're asking you to pay for the content you're consuming so they can pay their workers to produce more of said content.
Perhaps it's only ok to demand compliance when the license is GPL?
Good job, AMD. You have edged out Intel in a market segment which has no future.
More and more people buy PC's direct, rather than retail. Temporary solution: when you're tallying sales numbers, just pretend Dell doesn't exist!
In any case, notebook sales have topped desktops. AMD really dropped the ball on that one -- they have absolutely nothing which remotely compares to the Pentium M, and even Steve Jobs was forced to admit it.
Oh well, if AMD suffers due to its poor business decisions, they can always cry to the government about Intel the Big Bad Monopoly. Lord knows they shouldn't have to lose any money just because of lousy management.
Slashdot Mirror
Killing them seems awfully harsh -- I would think a wealthy company like Sony could just get them deported, or maybe beat up?
Vaya con dios, my Bolivian friends! There are no wastepaper baskets to empty in Heaven!! *sniff*
That's actually good, because the domain is already taken.
The whole Escape/SetAbortProc vulnerability is built around some (admittedly stupid) functionality in WMF files. WMF files have the ability to set an application callback function for an abort condition.
If the code which prcoesses this WMF file is going to call a user-supplied abort procedure, it's very reasonable for it to create a separate thread for that to happen in, rather than blocking. After all, it has no way of knowing what the application's response will be, or how long it will take.
If you actually want to write a 3D engine along the lines of Doom or Unreal, this won't work. Differences in pipeline architechture mean writing a whole lot of redundant code. Otherwise, get ready for some ugly benchmark numbers. In the academic world, 50 fps or 20 fps makes no difference. Commercial game developers don't have that luxury.
Now imagine what that code would look like if instead of just compensating for minor differences in the OpenGL pathway, you were running on a whole different CPU. By the way, some of the important parts of a 3D engine are still hand-coded in assembly. Will x86 assembly work on PPC?
Bottom line, the idea that game companies should write for OpenGL and then just recompile for MacOS is completely ludicrous.
When chipmakers started putting programmable vertex and pixel shaders into silicon, Microsoft extended Direct3D to support them. OpenGL hemmed and hawed for another four years, and OpenGL 2.0 with programmable pipelines is still not widely deployed. Four years is an eternity in gaming software unless you're working on Duke Nukem 3D.
Ok, you're obviously someone who's never done any serious commercial 3D game programming.In reality, most OpenGL code written even for Windows games is filled with stuff like this:
That's for the same OpenGL 3D engine running on x86 under Windows. If you think you're going to move Doom 2 to MacOS PPC by "recompiling", you're crazy.Not to run MacOS, but to use as a Windows box. I've always admired Apple's hardware engineering. I think their computers are well-built, and would definitely pay a few hundred dollars premium over a Dell or IBM laptop.
I just don't have any need for MacOS. I've got boatloads of Windows software I don't feel like buying all over again, which is why I've never bought Apple up till now.. Dual core laptop with ATI 256MB video? Sign me up! Once these guys drop below the $1500 mark (a year or so), my new laptop will be on the way.
Research goes a lot smoother when you decide ahead of time what the results will be.
SWING and a miss!
Nice to know that even government agencies are subject to stupid, pointless government regulation.
Allow me to submit one explanation which is based on economics rather than blind emotion:
Women are less likely to pursue a career in Computer Science because of rational self-interest, and not due to external factors.
That being the case, there is no "fix" needed, because nothing is "broken". To the extent that we are already encouraging women to enter the "hard" sciences through preferences and affirmative action, we are doing those women a disservice.
The elephant standing in the corner which no on wants to mention is childbirth. Women are far more likely than men to desire an extended leave of absence from their field -- think five or ten years.
Let's try to list some careers which you can set aside for the better part of a decade, then re-enter without too much trouble and without taking a huge hit in earnings. Here are a few off the top of my head: teacher, nurse, receptionist, administrative assistant.
How about some careers where the techonology moves so fast that taking five or ten years off means you basically have to start over at square one: computer programmer, electrical engineer, CEO, neurosurgeon.
Anyone noticing a pattern here? Feminists talk a lot about giving women "choices", but wow do they ever get upset when those women make choices they don't like! In that whole four-page article, not once was it suggested that perhaps Computer Science is not actually a college major which fits with many womens' long-term goals. Goals which include childrearing and taking an extended leave of absence from their career.
Go to their website and you can sign up online in a few minutes. They also have a downloadable app you can run on your PDA to generate single-use CC numbers.
I do this for all online purchases now. Even if a website isn't an outright scam, who's to say if they'll get hacked and my credit card number stolen? Using ShopSafe you can set charge limits, and close out a number after the expected charge has cleared.
Meanwhile the Internet Engineering Task Force changed the world forever. How? By publishing standards which worked and which companies actually wanted to implement. Not by of begging Momma Government to require compliance.
Yeah, that free market thing is a terrible idea.
Instead of crying to the IEEE, Freescale should get their standard published by ECMA, ISO, or whomever is willing.. Then get to work convincing manufacturers that their UWB is better, faster, and/or cheaper than Intel's offering.
Let the marketplace decide whose efforts are "worthy".Standards bodies should "rubberstamp" any standard which is unambiguously defined. The goal of a standards body should be interoperation between products which implement their standard. Instead, the IEEE tries to play kingmaker by deciding which proposal is the best, and rejecting all others. Manufacturers have been wanting a UWB technology for years, and they got sick of waiting for it. Go ECMA!
Standards don't "mandate" anything, because consumers are free to pick products which deliver the features they want at a price they can accept. The ECMA approach is the right one: make sure a standard is consistant and unambigous, then publish it. If people don't like the standard, they can ignore it.> If a reporter or editor wants to endorse Bill Gates for president, they can do it. They can write a 2,000 word puff piece about how great he is and publish it in the New York Times.
> Unless of course, they quit their job and want to pay the New York Times to run the exact same article, word for word. This would now be a violation of campaign finance laws, because only reporters and editors are allowed to have opinions. If a private citizen has an opinion, he's trying to destroy the democratic process.
> Unless the non-reporter's name happens to be Bill Gates, in which case it becomes legal again. The Supreme Court has said that you can always spend money campaigning for yourself.
End result: Rich people can finance their own campaigns without any limits (see Ross Perot), but middle-class types are breaking the law if they buy ads endorsing a candidate they would like to see elected. That, and the First Amendment is flushed down the toilet.
Antitrust laws: if you can't get Socialism, they're the next-best thing.
Actually, a lot of Hydrogen Economy True Believers need to enroll in that same class. Nothing against hydrogen per se, but half the nation seems to think of it as an energy source, which of course it isn't..
AllofMP3.com has songs which have never been authorized for internet distribution by any site -- for example, The Beatles have never signed on with iTunes, Napster, or any other online service. The copyright holders are still waiting to see how things play out. But their entire song catalog is available at allofmp3.com.
Even the Russian cops admit this place is illegal.
Movie studios are willing to sell you one copy of a film which cost them $100 million to make for just $10 or $15 -- provided you agree not to make more copies, because the studio needs to sell a lot of copies to recoup their production costs.
When you buy a Hollywood movie for $10, you make a legally binding promise not to copy and distribute that movie. You can't claim ignorance of that fact -- there's an obtrusive copyright notice printed on the outside of the package, not to mention the annoying 15-second FBI copyright warning within the movie itself. If you don't like that restriciton, you're under no obligation to purchase the film in the first place. Having purchased the film, you cannot simply turn around and say "ok, I don't like the restrictions it came with, I think I'll ignore them."
If it were ok for you to make copies of the Dimension Films movie Scream, then what's to stop Dimension's competitor, Paramount Pictures, from buying one copy and selling (or even giving) away millions of duplicates?
Please no responses about how Titanic or Star Wars: Episode III wouldn't be missed. If you don't like big budget movies, then you certainly won't be put out by not being able to download them.
If you did it because someone promised to pay you for it, then yes, you deserve to get paid. If I tell you I'll pay $50 for each hole you dig and fill in, then after you do all the work I decide that a filled-in hole is worthless and refuse to pay you, I am in breach of our agreement. I can't just walk away from my obligations after you've met your obligations.Similarly, if you buy a copy of The Matrix for $13.99 at Wal-Mart and agree not to make copies of it, you can't simply walk away from the agreement and fire up the DVD burner or BitTorrent.
It's consistent. It would lead to a world where only the super-rich had easy access to high quality entertainment, but it's consistent.What's not consistent is downloading your movies and songs for free (screw licenses, dammit!!), then turning around and complaining about DrDOS violating the GPL (obey licenses, dammit!!).
Russia is a signatory to both the Berne and Geneva Copyright Convetions, and will soon join the WTO (which will mandate life+70 copyright protections).
Getting the Russian authorities to actually do something about illegal download sites, however... Well, that's a different matter. In any case, if you're in the United States whilst downloading your movies and songs from Russia, then you are subject to US law.
If I want someone to fix my roof or give me a new car, chances are they will demand money in return. Is that "acceptable"?
The songs and movies this guy is downloading from Russian piracy sites didn't just appear from thin air. Real people had to go to work every day to produce them. These people put a lot of work into making music and video products which the original poster desires; why shouldn't they get payed for their work?
Perhaps it's only ok to demand compliance when the license is GPL?
More and more people buy PC's direct, rather than retail. Temporary solution: when you're tallying sales numbers, just pretend Dell doesn't exist!
In any case, notebook sales have topped desktops. AMD really dropped the ball on that one -- they have absolutely nothing which remotely compares to the Pentium M, and even Steve Jobs was forced to admit it.
Oh well, if AMD suffers due to its poor business decisions, they can always cry to the government about Intel the Big Bad Monopoly. Lord knows they shouldn't have to lose any money just because of lousy management.