...ooh..and only use it for security updates as opposed to massive piles of other crud including exploits (for MS's crackers to take control of your PC)...
...ooh and less security exploits please...MSW users have to download massive files full of fixes daily.
Even when I give it authorisation and enable JS, I cannot get the exploit to work.
Anyhow quoting the article:
Update (08.05.2005) - The Mozilla Foundation patched (partially) this
issue on the server side by adding random letters and numbers to the
install function, which will prevent this exploit from working.
Anyway, I don't have JS enabled (which is required).
Even if I did, the build I'm using has no one on the trusted sites list by default and I haven't added anyone.
Therefore my chance of getting hit by this is 0.000000000000000000000000000000000000000%.
Ooo..that looks like a big number...I best move to MSIE immediately. Also, you know it is much better because it has this kooooooll feature were it runs arbitrary code from a normal HTML page from any site without even pestering you for permission..it's had this feature for years...now that is what I call ease of use and long before this new-fangled Foxfire thing ever existed.
The security advisory doesn't explain it too well, but it it seems to imply that this only happens with sites that you've added to your list of sites trusted to install software (in which case it isn't really much of a problem).
I'm saying the HTTP itself (the web's protocol that all web designers worth their salt have read a few times) clearly states that responsibility always lies with the web designer for any result of a GET request other than mere retrieval and they cannot blame anyone else but themselves.
I for one would strongly congratulate MS on finding the MSIE source code and getting round to actually updating their stone-age browser and adding a feature.
I would also strongly congratulate them on complying with WWW standards for a change--and indeed I have done in the past on those few occasions when MS has chosen the path of standards.
And just after that it goes on to say that, as it is expected that GET requests are sent without the explicit permission of a user, the server side (web developers) accepts all responsibility for any breach of the previous "SHOULD NOT" and have no right to blame the user side (users, Google) if they decide to make GETs do more than just retrieval of a document.
FFS, how can these stupid web designers be threatening to sue Google when the HTTP itself (protocol of the WWW which they should all have read) says that it is there frigging fault and they should blame themselves if they use GET requests in that way.
In this case, the "law" (the HTTP standard) states that if web designers choose to allow normal GET requests to result in an action other than mere retrieval (i.e.: cross the railway track), they assume full responsibilty for the consequences and cannot blame the user's end (the train driver and his company), and, therefore, by extension, Google (i.e.: the train manufacturer).
This is the reason why I think the designers should assume responsibilty. Because the standard says so, and anyone who calls themselves a WWW designer should have read HTTP (it *is* the WWW's protocol FFS).
Anyway, I've had major sleep deprivation (mainly with UK general election--I was an election agent) hence atrocious syntax.
Here's what the laws/standards of the Internet say (verbatim) in the section on safety with section number 9.1.1 (irony?) which all those whiney web designers really should have actually bothered to read (my emphasis):
9.1.1 Safe Methods
Implementors should be aware that the software represents the user in
their interactions over the Internet, and should be careful to allow
the user to be aware of any actions they might take which may have an
unexpected significance to themselves or others.
In particular, the convention has been established that the GET and
HEAD methods SHOULD NOT have the significance of taking an action
other than retrieval. These methods ought to be considered "safe".
This allows user agents to represent other methods, such as POST, PUT
and DELETE, in a special way, so that the user is made aware of the
fact that a possibly unsafe action is being requested.
Naturally, it is not possible to ensure that the server does not
generate side-effects as a result of performing a GET request; in
fact, some dynamic resources consider that a feature. The important
distinction here is that the user did not request the side-effects,
so therefore cannot be held accountable for them.
In other words, that last bit says that, if web designers do choose to break the "SHOULD NOT" and allow GET requests to result in some (preferably minor--definitely NOT DELETION) action, it is improtant for those web designers to remember that they have no right to blame the user (including the user agent--that's what that rfc means by user) for any side-effects of those GET requests--they should instead hold themselves responsible.
It goes on...
9.1.2 Idempotent Methods
Methods can also have the property of "idempotence" in that (aside
from error or expiration issues) the side-effects of N > 0 identical
requests is the same as for a single request. The methods GET, HEAD,
PUT and DELETE share this property. Also, the methods OPTIONS and
TRACE SHOULD NOT have side effects, and so are inherently idempotent.
However, it is possible that a sequence of several requests is non-
idempotent, even if all of the methods executed in that sequence are
idempotent. (A sequence is idempotent if a single execution of the
entire sequence always yields a result that is not changed by a
reexecution of all, or part, of that sequence.) For example, a
sequence is non-idempotent if its result depends on a value that is
later modified in the same sequence.
A sequence that never has side effects is idempotent, by definition
(provided that no concurrent operations are being executed on the
same set of resources).
...which further backs up my point of view..these web `application' system are not idemptoent.
OK. I think this is still the fundamentally the same analogy you've, just altered it the scale of it (quantatively), so it is would still mainly be the kids fault--not the railway company--and the law would probably agree.
To extend my analogy, the way I see this is that your so-called practical view would say that trains don't pass that point on the railway track 99.9999% of the time and it is much quicker going across the track tha all the way round, so obviously there's no reason at all why I shouldn't cross the track.
The architects of HTTP (as people who know how the {WWW/railway} works) clearly envisiged that people should not {cross the track/design their sites with GET requests that change stuff} because a {train/web accelerator} might come along.
I wouldn't be quite so harsh. Isn't the point of early beta tests like this to find out how their UA works out there in the Real World? Apparently they've already issued a fix to solve the problem (or go some way to...I don't know the details).
This is just a way for WWW designers to not admit responsibilty, and the argument you and many others are putting forward (esp. when some say "Sue Google") is dangerously attempting to extend responsibility to everyone for one person's stupidity, it's-not-my-fault-I-killed-my classmates-with-a-BFG,-it-was-Quake,-my-parents,-t he-education-system style.
The rules of society (inc. Internet) are there for a reason. If you break the laws/rules, and I do something that wouldn't normally hurt you (if you weren't doing something unlawful), it isn't my fault.
Analogy: If I'm driving a train and you lie in the middle of the railway track, you can't blame me because you should have had the common sense to understand that there might have been a reason why people made a law against going on railway tracks, and, whatever you may think, there is actually nothing l33t about breaking rules that you don't understand.
To all you l33t script-kiddie-style WWW designers and programmers out there, your actions have consequences...news@11.
This was fixed on the Gecko trunk a whole year ago now. Can't/. users just finally shut up about it?
No one cares...especailly now it is fixed...not that anyone cared before as it only affected a few users with fast connections every so often, refresh fixed it, it was a minor layout bug, there was a patch to fix it immediately when the problem appeared...
Alternatively, maybe Mandelson and Allen (and, therefore, the €C and M$) are working as allies to milk the most out of the European people for their own ends.
This is, of course, a totally crazy conspiracy theory and would in no way be representative of the normal behavour of European commisioners (especially the stain-free* Mandelson) or founders and shareholders of Microsoft.
* talking of stains, how much do you bet they weren't just talking on this yacht on new year's eve. Mandelson is defintely gay (and known for his homosexual affairs with others in power). No idea about Allen--but maybe it was a you-give-me-a-blowjob-and-we'll-drop-charges-again st-Microsoft sort of deal.
No more insane than the fact that the financial industry is more profitable than any other, despite not actually doing anything except moving an intangible abstract concept (i.e.: money) around.
Precisely. The parent makes the point in a more concise way than my grandparent post.
His example is not an exaggeration. If one picks a random collection of say 50 patents off the USPTO WWW site, one will find that (at least) the majority of the patents one peruses are (when one removes the waffle) both as undetailed and as non-inventive as "an engine or engine-like system that can propel or pull objects to other planets quickly".
English grammar--here to make Perl look consistent..
Mod parent up for being funny (by having a very very sad life;-) ).
Sorry to dissapoint you, but the longer history of the English language along with the fact that Larry Wall was trained as a (natural) linguist before writing Perl suggests that you may have got the cause and effect the wrong way round there.
Needless to say, this is yet another patent that does not cover an invention (which is supposed to be the point of patents), but (arguably) a discovery--although it is more like common knowledge than something only Microsoft have discovered.
Once again like most U.S. patents:
there is no physical object
it did not take time, money or effort to hone and eventually produce this pathetic `plan' of an `invention'--it is just an idea
this actually impedes the "progress of science and the arts" [U.S. constitution] (and, in this case, the emergency services) and in no way gives anything back (e.g.: by actually including useful plans to help someone make such a system after the patent has expired)
it would be trivial for someone to come up with this independently (without realising they were breaking the law)
...and U.S. politicians wonder why people think their patent system is so insane...
The reason why patents were invented was to stop people keeping the workings of their inventions trade secrets which would never be released to the public (whereas--the then new-fangled--patents actually run out) thereby impeding the "progress of the science and the arts", therefore patents are only supposed to cover something that a company might be able to keep a secret. In this case, the idea (which is what they are trying to patent; as opposed to the specific invention that Microsoft has or has not yet--as the case may be--produced) would not be coverable by a trade secret as once they produced such a product it would be common knowledge (and thefore no longer a secret) that such a product could be produced. Whereas, if Microsoft were patenting the specific workings of their invention, these would be harder for someone with one of their products to hand to work out--thereby potentially patentable as they are potentionally able to be kept secret (while Microsoft sell the product).
Making a (possibly poor) analogy with the field of consumer law, this is a bit like Microsoft trying to trademark the generic term for the class of their product as opposed to a name for a particular brand (e.g.: hypothetically, if Microsoft were in the automobile maunfacturing industry, trademarking the word, "car"; or, again hypothetically, if Microsoft were in the operating-system engineering industry trademarking the word "windows" for a windows system...o, nevermind...).
The patent is entitled "a method and system of providing emergency data"; however reading it one realises that (in common with most patents using those magic `method' and `system' words in their titles) it is not actually a patent on "a [particular] method and system of providing emergency data" but actually a patent that stops anyone else from producing any "method and system of providing emergency data".
This is backed up by the way that, throughout the patent, it says that "this invention [sic.] covers [foo], [bar] and [baz]" or similar language (where foo, bar and baz are sorts of inventions that might be made in the future by others) instead of describing the actual invention that Microsoft have produced (or, I suspect, have not actually produced) so that others can gain from this knowledge after the patent expires.
There are many other ways in which this, once again, goes against the basic principles of the patent system. However, as I suspect (hopefully) everyone will laugh at any (unlikely) attempts by Microsoft to enforce this patent, I will not spend more time analysing this drivel (that Microsoft and other large corporations produced by the dead-tree load on a daily basis).
You obviously missed the thought crime section of the DMCA. (I hope you're not a U.S. citizen then.)
Just thinking about creating a rot13 decryptor (i.e.: DMCA circumvention device) will get your arse in jail now.
By reading the following characters or thinking about them in any way you are breaking the DMCA and will now go to jail in the US of A for an indefinite time (even if you are not in the US of A--in fact, especially if you are not) without trial (esp. if you are Russian):
Yes, like getting the US FBI (police) to put someone in jail (without trial) for violating the DMCA by breaking Adobe's rot13 encryption (while not even in the USA).
And now they're worried that someone will use the U.S.'s draconian anti-human-rights laws against them--in fact the exact same part of the exact same law which stops which people from doing cryptoanalysis (even for 5-year-olds) on US soil (or apparently anywhere as US laws are universal except the constitution which only applies to citzens as was found in the Skylarov case that Adobe initiated).
Slashdot Mirror
...ooh..and only use it for security updates as opposed to massive piles of other crud including exploits (for MS's crackers to take control of your PC)...
...ooh and less security exploits please...MSW users have to download massive files full of fixes daily.
Anyhow quoting the article:
Even if I did, the build I'm using has no one on the trusted sites list by default and I haven't added anyone.
Therefore my chance of getting hit by this is 0.000000000000000000000000000000000000000%.
Ooo..that looks like a big number...I best move to MSIE immediately. Also, you know it is much better because it has this kooooooll feature were it runs arbitrary code from a normal HTML page from any site without even pestering you for permission..it's had this feature for years...now that is what I call ease of use and long before this new-fangled Foxfire thing ever existed.
The security advisory doesn't explain it too well, but it it seems to imply that this only happens with sites that you've added to your list of sites trusted to install software (in which case it isn't really much of a problem).
I'm saying the HTTP itself (the web's protocol that all web designers worth their salt have read a few times) clearly states that responsibility always lies with the web designer for any result of a GET request other than mere retrieval and they cannot blame anyone else but themselves.
I would also strongly congratulate them on complying with WWW standards for a change--and indeed I have done in the past on those few occasions when MS has chosen the path of standards.
FFS, how can these stupid web designers be threatening to sue Google when the HTTP itself (protocol of the WWW which they should all have read) says that it is there frigging fault and they should blame themselves if they use GET requests in that way.
This is the reason why I think the designers should assume responsibilty. Because the standard says so, and anyone who calls themselves a WWW designer should have read HTTP (it *is* the WWW's protocol FFS).
Anyway, I've had major sleep deprivation (mainly with UK general election--I was an election agent) hence atrocious syntax.
Here's what the laws/standards of the Internet say (verbatim) in the section on safety with section number 9.1.1 (irony?) which all those whiney web designers really should have actually bothered to read (my emphasis):
In other words, that last bit says that, if web designers do choose to break the "SHOULD NOT" and allow GET requests to result in some (preferably minor--definitely NOT DELETION) action, it is improtant for those web designers to remember that they have no right to blame the user (including the user agent--that's what that rfc means by user) for any side-effects of those GET requests--they should instead hold themselves responsible.It goes on...
OK. I think this is still the fundamentally the same analogy you've, just altered it the scale of it (quantatively), so it is would still mainly be the kids fault--not the railway company--and the law would probably agree.
The architects of HTTP (as people who know how the {WWW/railway} works) clearly envisiged that people should not {cross the track/design their sites with GET requests that change stuff} because a {train/web accelerator} might come along.
I wouldn't be quite so harsh. Isn't the point of early beta tests like this to find out how their UA works out there in the Real World? Apparently they've already issued a fix to solve the problem (or go some way to...I don't know the details).
The rules of society (inc. Internet) are there for a reason. If you break the laws/rules, and I do something that wouldn't normally hurt you (if you weren't doing something unlawful), it isn't my fault.
Analogy: If I'm driving a train and you lie in the middle of the railway track, you can't blame me because you should have had the common sense to understand that there might have been a reason why people made a law against going on railway tracks, and, whatever you may think, there is actually nothing l33t about breaking rules that you don't understand.
To all you l33t script-kiddie-style WWW designers and programmers out there, your actions have consequences...news@11.
No one cares...especailly now it is fixed...not that anyone cared before as it only affected a few users with fast connections every so often, refresh fixed it, it was a minor layout bug, there was a patch to fix it immediately when the problem appeared...
This is, of course, a totally crazy conspiracy theory and would in no way be representative of the normal behavour of European commisioners (especially the stain-free* Mandelson) or founders and shareholders of Microsoft.
* talking of stains, how much do you bet they weren't just talking on this yacht on new year's eve. Mandelson is defintely gay (and known for his homosexual affairs with others in power). No idea about Allen--but maybe it was a you-give-me-a-blowjob-and-we'll-drop-charges-again st-Microsoft sort of deal.
How was that funny?
Can it drop abysmally when it is already at the very bottom of the great abyss? 'Tis the question.
- First they ignore you
- then they laugh at you
- then they fight you
- then you win
- My corollary: then they say they were with you all along
I thought we were at GhandiCon 3 with Microsoft but this has shades of GhandiCon 5 (my corollary).This is as far as I can see exactly the same.
His example is not an exaggeration. If one picks a random collection of say 50 patents off the USPTO WWW site, one will find that (at least) the majority of the patents one peruses are (when one removes the waffle) both as undetailed and as non-inventive as "an engine or engine-like system that can propel or pull objects to other planets quickly".
Sorry to dissapoint you, but the longer history of the English language along with the fact that Larry Wall was trained as a (natural) linguist before writing Perl suggests that you may have got the cause and effect the wrong way round there.
Needless to say, this is yet another patent that does not cover an invention (which is supposed to be the point of patents), but (arguably) a discovery--although it is more like common knowledge than something only Microsoft have discovered.
Once again like most U.S. patents:
The reason why patents were invented was to stop people keeping the workings of their inventions trade secrets which would never be released to the public (whereas--the then new-fangled--patents actually run out) thereby impeding the "progress of the science and the arts", therefore patents are only supposed to cover something that a company might be able to keep a secret. In this case, the idea (which is what they are trying to patent; as opposed to the specific invention that Microsoft has or has not yet--as the case may be--produced) would not be coverable by a trade secret as once they produced such a product it would be common knowledge (and thefore no longer a secret) that such a product could be produced. Whereas, if Microsoft were patenting the specific workings of their invention, these would be harder for someone with one of their products to hand to work out--thereby potentially patentable as they are potentionally able to be kept secret (while Microsoft sell the product).
Making a (possibly poor) analogy with the field of consumer law, this is a bit like Microsoft trying to trademark the generic term for the class of their product as opposed to a name for a particular brand (e.g.: hypothetically, if Microsoft were in the automobile maunfacturing industry, trademarking the word, "car"; or, again hypothetically, if Microsoft were in the operating-system engineering industry trademarking the word "windows" for a windows system...o, nevermind...).
The patent is entitled "a method and system of providing emergency data"; however reading it one realises that (in common with most patents using those magic `method' and `system' words in their titles) it is not actually a patent on "a [particular] method and system of providing emergency data" but actually a patent that stops anyone else from producing any "method and system of providing emergency data".
This is backed up by the way that, throughout the patent, it says that "this invention [sic.] covers [foo], [bar] and [baz]" or similar language (where foo, bar and baz are sorts of inventions that might be made in the future by others) instead of describing the actual invention that Microsoft have produced (or, I suspect, have not actually produced) so that others can gain from this knowledge after the patent expires.
There are many other ways in which this, once again, goes against the basic principles of the patent system. However, as I suspect (hopefully) everyone will laugh at any (unlikely) attempts by Microsoft to enforce this patent, I will not spend more time analysing this drivel (that Microsoft and other large corporations produced by the dead-tree load on a daily basis).
Just thinking about creating a rot13 decryptor (i.e.: DMCA circumvention device) will get your arse in jail now.
By reading the following characters or thinking about them in any way you are breaking the DMCA and will now go to jail in the US of A for an indefinite time (even if you are not in the US of A--in fact, especially if you are not) without trial (esp. if you are Russian):
And now they're worried that someone will use the U.S.'s draconian anti-human-rights laws against them--in fact the exact same part of the exact same law which stops which people from doing cryptoanalysis (even for 5-year-olds) on US soil (or apparently anywhere as US laws are universal except the constitution which only applies to citzens as was found in the Skylarov case that Adobe initiated).