If the "magic key" length was something completely random like 6385492, then I would be more suspicious.
I disagree. Theoretically, 6385492 could be a valid length entry. '1' can never be in this context. The fact that one and only one invalid entry is the key to get this to spawn it's own thread and execute the code embedded thereafter is what is suspicious to me.
I'm not a security expert either. But if I came up with this evidence, how would that change the reality of the situation. The evidence stands on its own merit. His reputation has nothing to do with it. This is easily verifiable by anyone with at least his level of knowledge. It will be interesting to see what happens when other "real" experts start looking at this.
Isn't this the same Steve Gibson that was freaking out about how Raw Sockets in XP were going to destroy the world a couple of years ago?
Didn't that get quietly fixed in a subsequent update and therefore NOT become an issue? He may be an alarmist, but he's normally a Pro-MS guy. In this case, I think he's on to something.
That's why they're bugs. Seriously, I don't think the fact that it behaves differently from how it does in a printer is any indication it was deliberately written that way. More likely this was an attempt to disable the code that went wrong.
You're talking out of your ass. RTFA.
This is (IMNSHO) not a bug. How would you accidentally introduce a bug that for one specific, non-valid, value the program would start executing code that has no place being there in the first place. This has nothing to do with printing. This has nothing to do with a callback to a function in the originating program to tell it the print job has been aborted. This is about executing code within the WMF file directly. It servers no purpose, especially since it only works if you give specific, non-random, invalid input to the WMF parser.
I could see someone deliberatly doing this, maybe a contractor or a disgruntled employee.
The problem with that argument is that in order to exploit this backdoor you'd have to get the target computer to load a WMF file. The main practical way to do this would be to embed it in a web page and have the target visit that page. The only sites that all windows machines access on a regular basis are Microsoft's. The employee would also have to have access to Microsoft's web site to exploit this reliably.
This seems to be only useful if MS itself wanted to use it. Use your imagination as to what they'd do with it. I can think of all kinds of things.
An email registry of kid's email addresses? You mean there will be one-stop shopping for addresses of the people MOST LIKELY to be interested in my porn-site?
After all, as a foreign porn spammer, I'm VERY concerned about abiding by US law.
The people are idiots! The only thing saving the kids is that they often don't have easy access to daddy's credit card so there is less incentive to market to them.
Actually, there will be no flights. It says: "...including safety advice precluding the flights". If the safety advice precludes all flights, no one will be going anywhere.
pre-cludeverb [trans] prevent from happening; make impossible
One factor is what TYPE of vulnerability it is. Is it a local exploit that requires physical access and a local user account? Is it a remote access vulnerability? Is it a potential DOS?
Here are a few graphs from secunia for the periods 2003-2006 that I think speak volumes:
We'd REALLY like to ditch MS Office on our Win2K3 Terminal servers, but the last time we tried to use OOo, it failed miserably - only one person at a time could use it, unless each user had their own entire copy of the App in their own home directory - which is really stupid.
Has anyone been successful in getting OOo to run well in a Windows terminal server environment?
After a little research I realize I had it backwards:
The American system is: 10^06 = million 10^09 = billion 10^12 = trillion ...
The European system (formerly used in Britain, still used in Germany) is: 10^06 = million 10^09 = thousand million 10^12 = billion 10^15 = thousand billion 10^18 = trillion 10^21 = thousand trillion ...
I always turn the video settings down to just below pathetic, and even then I'm fortunate to get tolerably smooth video. It's just something you sort of learn to accept when you have a Mac.
Hmmm. I'll admit that the selection of games is not stellar for Macs (and I'm not a hard-core gamer), but when I DO play games on my Mac I crank all my video settings to the max and have no performance problems. I don't "sort of learn to accept [it] when [I] have a Mac". I expect that I have to play a decent game on a decent compuer. My wife's gaming performance (mostly Command & Conquer) on her PowerBook isn't great and she has her settings cranked down, but then, she paid $1,200 for it and did not get it for gaming. I do my gaming on my Dual G5 1.8 with a Radion 9600 XT on a 23" Cinema Display - and my games play fine - and I spent less than $3,400.00 on the whole rig (got the monitor used).
My desktop Mac is primarily used for video editing and graphics work, but I just find Taco's statement unfortunate, because it just perpetuates the "Macs suck at Gaming" myth. My God, Taco's "laptop" is freakin' $3,400. It sounds like the only thing it has going for it is that it's easy to pack up to a LAN party. You aren't going to pull this out on an Airline tray. The batterly life must suck. It's hot, heavy, not particularly good looking (IMHO). In short, it has almost no features that I would look for in a laptop.
I don't know, I suppose this kind of bohemoth will probably appeal to the kind of guy who thinks he'll look L33T to everyone around him because he's got the biggest, noisiest, hottest laptop in the room. When in reality the guys with the sleak Vaio's and PowerBooks are just laughing at him.
The other day I was sitting in a hotel cafe and this guy's struggling to fit his gigantic laptop on his "table-built-for-two" and still have room for his breakfast. He was pounding proudly away on it. I just felt sorry for him because he kept getting dirty looks from the waitress who had to keep stepping over the powercord he'd strung about 10 feet to the wall. I thought about pulling my TiBook out, but that would have just been low.
Most people on this forum "believe" the system is broken because that's what they hear continiously.
Uhmm... This article was talking about trying to get data out of a database. I hate to break it to you but 7,000,000 records in a database is nothing. And not being able to sucessfully search and sort a database like this for a key element such as "inventor" or "owner" is either incredible incompetence or extremely poor database design (or both)
- It's celebrating the anniversary of Davy Crockett arriving in Texas, just in time for the Alamo (1836)
- It's celebrating the anniversary of NASA announcing its plans for a new space vehicle, the shuttle (1972)
- It's celebrating the birthday of Robert Duvall (1931)
- It's celebrating the birthday of Dianne Keaton (1946)
Well Let's see. Of the 70 - 80 Dell Servers I've purchased lately, about 3/4 of them were purchased with Win2K3 Server on them. They were promptly formated and a copy of Whitebox Linux (RHEL4) was installed.
So, Yeah. In my case, the facts are borne out - I've purchased A LOT more Windows Server Licenses than Linux Licenses. But my Linux boxes far outnumber my Windows server boxes.
Any numbers Microsoft throws out there are going to be meaningless, because this type of thing happens all the time, AND THEY KNOW IT. I have to pay for and then register every copy of Windows I use - easy to track. I download Linux for free and install it wherever I need it - difficult to track. But will the PHB's understand? No. Even MY PHB's don't know what OS is servicing most of their needs. To them, Windows IS the computer (and the internet).
You know, for a long time Opera had the lion's share of the browser market - they still do, I think. They outsold even IE by a HUGE margin! I wonder how MS likes them apples?
If the content I want is in a proprietary format then I will get the tool I need to access it.
Hmmm.. Like the Latest Windows Media Codecs? Looks like the "tool I need" is Windows. What about the Addison-Welsey Elementary Math eBook that needs their proprietary reader (that's not available for Linux)? What about Auto-Cad files? There is only a Windows version of their software. Guess Windows is the "tool" again, right?
I know what you are saying, but my point is that proprietary document formats serve one purpose: to keep you using their product. If they can make sure that the content you need is safely held hostage, they've got you by the short hairs. Another product can come along that works better for you, but if you can't get your old data converted, or your customers, suppliers, etc. use a competing product, you're screwed.
I recently purchased Lost from iTMS. I don't own a video iPod (yet). I wanted to burn it to VCD so that I could watch it with my family. I bought it. I own the copy. But, I can't burn it to a VCD because I can't get anything else, but iTunes to read it. Now, I know this is DRM and that the actual format of the video is open, but it demonstrates my point. If there was another program out there that could read it, I could make use of it in the way that fits my situation the best. Forgetting DRM for a minute, and just applying this concept to document formats, if a document format is open, others can write translators which will allow that data to be used in whatever manner is best for the user. The software companies don't have to write a Linux version of their software. They can just say, "Get a converter and run XYZ. We don't do Linux".
The problem with all this, is that in most cases, the platform developed for is Windows. That, combined with proprietary formats means that sooner or later you are FORCED to use Windows to access some piece of data. If the data were portable, then it would make it a lot easier for other companies to "specialize" on Linux for the niche markets that aren't supported by the other vendors. They can charge whatever the market will bear for their products, but the DATA can still be used between platforms and between applications.
As I tried to point out in my original post, I hope that a large influx of Linux into the market will force people to realize the issue of data portability and that in turn will force Software Developers to adopt a data format that is open and therefore portable. In essence, I'm hoping that those products that do store data in open formats will put pressure on the others and basically get them to say "Fuck it. We can't port our software to all these platforms and hope to support it. Lets be the best on this platform and save our data in the same format as XYZ, which is the leader on that platform, since it's an open format."
Will it happen? I have no idea. But as an "alternative OS" user, I can definitely say that data portability has been brought to MY attention. I hope it will be to others too.
What crack have you been smoking? All the children of the world are NOT going to get a linux laptop. To misquote Darth Vader: I find your faith in government... disturbing.
That's why I put "all the children of the world" in quotes. My point was that if this does get into the hands of a sizable chunk (I won't pick a number here - you'll just nit pick it!) it will mean that potentially tens of millions more Linux computers will be out there and there will be a lot of media attention paid to it. The first year pilot project includes six countries with a minimum buy-in of one million units each (adjusted for final price and currency fluctuations). If this only goes minimally and the participating countries don't continue participation, and the project is completely cancelled the first year, there are still about 6,000,000+ new Linux computers in play!
BTW, I work in government. I know first-hand how hard they will try to screw this up. I also grew up in a "3rd world country" and have experienced first-hand how absolute corruption in government works! The solution to this is education. And don't give me any crap about how corrupt the American government is. Compared to most of the rest, it's not bad, and we have the means to change it. The more education the entire population of a country is, the more difficult it is for the government to suppress it's people. Whether laptops for the children is the right avenue for educating "the masses" is another argument altogether, but it can't hurt.
My hope is that with proper attention the light of public scrutiny will keep the government cockroaches in their holes long enough to meet at least part of the goals of this project.
Think about it. If there are hundreds of millions of linux-based laptops out there with ebook content (for education, etc.), kids games (this won't be a gaming machine, but still) and word processing, it is going to be very important that the "rest of the world" is accessible to it. That means document formats and other content will need to meet open standards. This may just be the push the world needs to make Linux-on-the-desktop acceptable.
Proprietary formats will have to be marginalized. I know this laptop is "just for kids" but if all the content is in.doc ,.wma, quicktime, etc. then a lot of people will be left out in the dark. I think there will be a groundswell of resentment and awareness of the ridiculousness of proprietary formats. Once most content is available in standard formats, one of the largest hurdles to adopting Linux elsewhere will disappear.
I'd love to roll Linux out district-wide in our school district. The problem is that there is so much content our there that our teachers and students wouldn't have access to. Sure, the older formats have been reverse engineered or cracked, but the modern, up-to-date content would probably be unusable. What about eBooks? Most of the text book vendors can't agree on a standard and when they do it DRM'ed to hell and require a proprietary [Windows] app to play it. If "all the children of the world" get a linux laptop, that will have to change.
I'd be interested to see how the content and target audience affects the browser distribution at various websites.
I'd be interested to see the distribution for Slashdot. I have a feeling a lot of the posers here talk the talk but don't walk the walk of Open Source, alternative OS's, etc. D'ya think IE is less than 50% here?
...how many NON-NERDS are going to jump on the linux bandwagon just to circumvent some DRM...
:-)
You have a point there. When I heard about this the first time, I fired off a note to Sony (and the band) telling them that I would NOT buy their CD. I said that I organize and play all my music through iTunes (streamed to my Stereo with my Airport Express) and that if they were going to pull stunts like this I'd make sure I never bought a Sony CD again. I also said that I'd buy the tracks I liked off ITMS instead.
I use OS X at home and Linux at work so their rootkit doesn't affect me, but I would never support a company that uses tactics like this. I know that buying the music off ITMS still supports Sony indirectly, but the fact that they chose this method of DRM specifically to keep me from using their music in iTunes, made me mad, so I thought I'd buy the tracks, just to tweak them (rather than P2P'ing them which would not support the band).
You do realize that this only affects people who use Windows. The CDs work find in OS X and Linux.
Maybe if more people used alternative OS's, DRM couldn't get as much of a footing as it is. If you know that your efforts are only going to affect (infect?) half the people out there (instead of 90%), it raises the bar for this kind of crap.
So instead of using this as an excuse to go out and violate copyrights, use it as another reason to switch to an alternative OS that still allows you to exercise your fair use rights. There are an awful lot of people on Slashdot who claim to be pro-open source, pro-Linux, anti-monopoly, etc., who obviously still have their lips firmly grafted to Bill's ass.
Slashdot Mirror
This is (IMNSHO) not a bug. How would you accidentally introduce a bug that for one specific, non-valid, value the program would start executing code that has no place being there in the first place. This has nothing to do with printing. This has nothing to do with a callback to a function in the originating program to tell it the print job has been aborted. This is about executing code within the WMF file directly. It servers no purpose, especially since it only works if you give specific, non-random, invalid input to the WMF parser.
This seems to be only useful if MS itself wanted to use it. Use your imagination as to what they'd do with it. I can think of all kinds of things.
An email registry of kid's email addresses? You mean there will be one-stop shopping for addresses of the people MOST LIKELY to be interested in my porn-site?
After all, as a foreign porn spammer, I'm VERY concerned about abiding by US law.
The people are idiots! The only thing saving the kids is that they often don't have easy access to daddy's credit card so there is less incentive to market to them.
pre-clude verb [trans] prevent from happening; make impossible
Maybe they meant preceding the flights?
Here are a few graphs from secunia for the periods 2003-2006 that I think speak volumes:
Windows XP Pro
Mac OS X
Has anyone been successful in getting OOo to run well in a Windows terminal server environment?
Hear my mightly WOOT!
After a little research I realize I had it backwards:
Huh, I learned something new today.Can't remember where, and I can't, for the life of me, think what they'd call 1,000,000,000.
Well, there you have it...
I'd have put this under YRO.
My desktop Mac is primarily used for video editing and graphics work, but I just find Taco's statement unfortunate, because it just perpetuates the "Macs suck at Gaming" myth. My God, Taco's "laptop" is freakin' $3,400. It sounds like the only thing it has going for it is that it's easy to pack up to a LAN party. You aren't going to pull this out on an Airline tray. The batterly life must suck. It's hot, heavy, not particularly good looking (IMHO). In short, it has almost no features that I would look for in a laptop.
I don't know, I suppose this kind of bohemoth will probably appeal to the kind of guy who thinks he'll look L33T to everyone around him because he's got the biggest, noisiest, hottest laptop in the room. When in reality the guys with the sleak Vaio's and PowerBooks are just laughing at him.
The other day I was sitting in a hotel cafe and this guy's struggling to fit his gigantic laptop on his "table-built-for-two" and still have room for his breakfast. He was pounding proudly away on it. I just felt sorry for him because he kept getting dirty looks from the waitress who had to keep stepping over the powercord he'd strung about 10 feet to the wall. I thought about pulling my TiBook out, but that would have just been low.
Damn! If only I could look up the Lyrics!
- It's celebrating the anniversary of Davy Crockett arriving in Texas, just in time for the Alamo (1836)
- It's celebrating the anniversary of NASA announcing its plans for a new space vehicle, the shuttle (1972)
- It's celebrating the birthday of Robert Duvall (1931)
- It's celebrating the birthday of Dianne Keaton (1946)
So, Yeah. In my case, the facts are borne out - I've purchased A LOT more Windows Server Licenses than Linux Licenses. But my Linux boxes far outnumber my Windows server boxes.
Any numbers Microsoft throws out there are going to be meaningless, because this type of thing happens all the time, AND THEY KNOW IT. I have to pay for and then register every copy of Windows I use - easy to track. I download Linux for free and install it wherever I need it - difficult to track. But will the PHB's understand? No. Even MY PHB's don't know what OS is servicing most of their needs. To them, Windows IS the computer (and the internet).
You know, for a long time Opera had the lion's share of the browser market - they still do, I think. They outsold even IE by a HUGE margin! I wonder how MS likes them apples?
I know what you are saying, but my point is that proprietary document formats serve one purpose: to keep you using their product. If they can make sure that the content you need is safely held hostage, they've got you by the short hairs. Another product can come along that works better for you, but if you can't get your old data converted, or your customers, suppliers, etc. use a competing product, you're screwed.
I recently purchased Lost from iTMS. I don't own a video iPod (yet). I wanted to burn it to VCD so that I could watch it with my family. I bought it. I own the copy. But, I can't burn it to a VCD because I can't get anything else, but iTunes to read it. Now, I know this is DRM and that the actual format of the video is open, but it demonstrates my point. If there was another program out there that could read it, I could make use of it in the way that fits my situation the best. Forgetting DRM for a minute, and just applying this concept to document formats, if a document format is open, others can write translators which will allow that data to be used in whatever manner is best for the user. The software companies don't have to write a Linux version of their software. They can just say, "Get a converter and run XYZ. We don't do Linux".
The problem with all this, is that in most cases, the platform developed for is Windows. That, combined with proprietary formats means that sooner or later you are FORCED to use Windows to access some piece of data. If the data were portable, then it would make it a lot easier for other companies to "specialize" on Linux for the niche markets that aren't supported by the other vendors. They can charge whatever the market will bear for their products, but the DATA can still be used between platforms and between applications.
As I tried to point out in my original post, I hope that a large influx of Linux into the market will force people to realize the issue of data portability and that in turn will force Software Developers to adopt a data format that is open and therefore portable. In essence, I'm hoping that those products that do store data in open formats will put pressure on the others and basically get them to say "Fuck it. We can't port our software to all these platforms and hope to support it. Lets be the best on this platform and save our data in the same format as XYZ, which is the leader on that platform, since it's an open format."
Will it happen? I have no idea. But as an "alternative OS" user, I can definitely say that data portability has been brought to MY attention. I hope it will be to others too.
BTW, I work in government. I know first-hand how hard they will try to screw this up. I also grew up in a "3rd world country" and have experienced first-hand how absolute corruption in government works! The solution to this is education. And don't give me any crap about how corrupt the American government is. Compared to most of the rest, it's not bad, and we have the means to change it. The more education the entire population of a country is, the more difficult it is for the government to suppress it's people. Whether laptops for the children is the right avenue for educating "the masses" is another argument altogether, but it can't hurt.
My hope is that with proper attention the light of public scrutiny will keep the government cockroaches in their holes long enough to meet at least part of the goals of this project.
Proprietary formats will have to be marginalized. I know this laptop is "just for kids" but if all the content is in .doc , .wma, quicktime, etc. then a lot of people will be left out in the dark. I think there will be a groundswell of resentment and awareness of the ridiculousness of proprietary formats. Once most content is available in standard formats, one of the largest hurdles to adopting Linux elsewhere will disappear.
I'd love to roll Linux out district-wide in our school district. The problem is that there is so much content our there that our teachers and students wouldn't have access to. Sure, the older formats have been reverse engineered or cracked, but the modern, up-to-date content would probably be unusable. What about eBooks? Most of the text book vendors can't agree on a standard and when they do it DRM'ed to hell and require a proprietary [Windows] app to play it. If "all the children of the world" get a linux laptop, that will have to change.
Here's hoping!
You have a point there. When I heard about this the first time, I fired off a note to Sony (and the band) telling them that I would NOT buy their CD. I said that I organize and play all my music through iTunes (streamed to my Stereo with my Airport Express) and that if they were going to pull stunts like this I'd make sure I never bought a Sony CD again. I also said that I'd buy the tracks I liked off ITMS instead.
I use OS X at home and Linux at work so their rootkit doesn't affect me, but I would never support a company that uses tactics like this. I know that buying the music off ITMS still supports Sony indirectly, but the fact that they chose this method of DRM specifically to keep me from using their music in iTunes, made me mad, so I thought I'd buy the tracks, just to tweak them (rather than P2P'ing them which would not support the band).
Maybe if more people used alternative OS's, DRM couldn't get as much of a footing as it is. If you know that your efforts are only going to affect (infect?) half the people out there (instead of 90%), it raises the bar for this kind of crap.
So instead of using this as an excuse to go out and violate copyrights, use it as another reason to switch to an alternative OS that still allows you to exercise your fair use rights. There are an awful lot of people on Slashdot who claim to be pro-open source, pro-Linux, anti-monopoly, etc., who obviously still have their lips firmly grafted to Bill's ass.