The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC,
Just for curiosity, can be Firefox compiled with the compiler parameter which adds code to detect a wide variety of such bugs? It's what Microsoft did at IE in the XP SP2; does it have "sense" to do the same for firefox?
You have a flawed assumption in that the file is read only. Exchange/Outlook will let you modify the attachment in place and keep it in your mailbox.
....and then, Exchange WILL have to write a new copy of the data, because you just modified it and the data is not the same than before - you can't use the same copy. If the 1000 users keep the same file it's fine, if they modify it you need 1000 copies about it
Sharing something with people (which for some reason database people call "single instance store" I've learned today) can be done in both a filesystem and in a data base. Databases are "one-size-fits-all" kind of tools, not always the "best" solution, but one that you've lot of chances of making it work even if it's not the best solution. Linus said something similar when he was suggested to develop GIT in top of MYSQL...if you really know what you're going to do with the data, and you KNOW that a filesystem is enought, why use it? It's buying a 900HP car to your mother - STUPID. The "let's do it just because we can" is a good step if what you want is to write overengineered, bloated software.
Because a filesystem IS a database. Except that instead of having a SQL-ish interface, you've a "read(), write(), readdir()" kind of interface. Which happens to be really fast (filesystems are implemented inside the kernel, they're reliable, they're much simpler, easy to manage, etc).
When you use a database like mysql, you're just using a database in top of, uh, another database (the filesystem). Which has not sense. It WILL work, but that doesn't means is the "best possible solution"
Despite of all this, BTW, hardlinks are NOT the solution for the "share a file between 1000 users" problem. It can be, but remember that you can't make hardlinks between different filesystems. I have no idea if you can use LVM to solve this, if ACLs + symbolic links can be used to implement this in a delivery agent. And if you cant (I don't really know), someone really should think about adding something to filesystems to allow it like plan9 did, because it has sense
...one of the problems of debian according to some people: The fact that unstable is never "unstable".
Ubuntu "unstable" may be broken, but that is what unstable is about. Ubuntu did break things because some things can't be done without breaking other things. X.org's modularization is a new thing for everyone so it did break things because it was full of bugs (I've tried compiling it myself) and they had to work hard to fix them
When you switch back to Debian unstable and modularized X.org goes in, remember this: All the hard work and all the breaking was done first in ubuntu, because they actually developed its integration in a debian-like distro and debian will just use Ubuntu's work (they're more or less the same developers after all). If Debian sid had done that job instead of Ubuntu, it'd had been sid who would have been broken.
So, please think again the next time you tal about "Debian doing a decent job of providing late-model software that isn't broken.". Is not that Ubuntu is crap or Sid developers are much smarter than anyone at ubuntu.
The number of potential security holes is hard to immagine.
Oh, well, stop the FUD. That's what people said when the WHOLE SOURCE CODE of windows 2000 was leaked. And how many holes where found? One. For internet explorer. Which only worked for old versions. Even if you consider that all the holes found affecting windows 2k after that leak are due to the leak, that's a pretty low number for the WHOLE SOURCE CODE. If it's so buggy, where are all those obscure and hidden potential kernel holes, etc etc?
Microsoft CAN write secure code. Just compare IIS 6.0 against apache 2.0 - yes, IIS looks great. They have the money so they can hire the best security people to review the code before going public if they needed it, period.
You know, this is what opensource is for - you can help and fix it yourself, the mozilla foundation may not have enought programmers to solve those bugs...
Well, not just videos and audio. They allow them to put "binary data" inside the document.
And that binary data can have whatever data format they want, including a closed and obscure and undocummented format (say, a "new feature" in future office versions which happens to embbed binary data with a closed format). Which is against the whole point of having an open format.
Every day I see training courses for office announced everywhere, IMO the main reason for those courses is that the interface is so horrid that you have to learn how to do things. I don't call that a "intuitive" interface. I wonder what the people like apple would be able to do if the wrote a office suite from scratch...
Microsoft also states they will not support the OpenDocument format.
Well, I don't understand why they don't want to support it. The Office 2003 XML format is also open (perhaps a bit less "open", but open anyway), OpenDocument is open, what is the point of supporting a open format and not supporting another?
I mean, why not support OpenDocument and sell office to work with it? Massachusetts seems to be searching a good document format, they don't seem to say clearly "we want openoffice", they could sell more office copies if they supported the Opendocument format
Well founded assertion there, and so rigorously argued
It is indeed.
The fact is, linux sucks on desktops (and I'm a linux desktop user so stop remembering my why I chose it despite of its suckage) and this article proved that Mac OS X sucks on servers.
It's so difficult to understand? There's nothing strange about it
you know, people uses programs in their computers.
People using servers are probably very interested in seeing how server-oriented programs perform in a given hardware
Those are called "real-life benchmarks". They're much better than lmbench and tiny C programs running whatever microbenchmark in a tight loop because they measure what you actually are going going to do with your system.
It doesn't matter if your lmbench numbers are great, if the apps you're going to run don't run well what's the point? I can't see why mysql is a bad choice for a benchmark...
Slashdot Mirror
Actually...I wonder: Could someone develop a extension which stops a (this) exploit?
The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC,
Just for curiosity, can be Firefox compiled with the compiler parameter which adds code to detect a wide variety of such bugs? It's what Microsoft did at IE in the XP SP2; does it have "sense" to do the same for firefox?
You have a flawed assumption in that the file is read only. Exchange/Outlook will let you modify the attachment in place and keep it in your mailbox.
....and then, Exchange WILL have to write a new copy of the data, because you just modified it and the data is not the same than before - you can't use the same copy. If the 1000 users keep the same file it's fine, if they modify it you need 1000 copies about it
Sharing something with people (which for some reason database people call "single instance store" I've learned today) can be done in both a filesystem and in a data base. Databases are "one-size-fits-all" kind of tools, not always the "best" solution, but one that you've lot of chances of making it work even if it's not the best solution. Linus said something similar when he was suggested to develop GIT in top of MYSQL...if you really know what you're going to do with the data, and you KNOW that a filesystem is enought, why use it? It's buying a 900HP car to your mother - STUPID. The "let's do it just because we can" is a good step if what you want is to write overengineered, bloated software.
Because a filesystem IS a database. Except that instead of having a SQL-ish interface, you've a "read(), write(), readdir()" kind of interface. Which happens to be really fast (filesystems are implemented inside the kernel, they're reliable, they're much simpler, easy to manage, etc).
When you use a database like mysql, you're just using a database in top of, uh, another database (the filesystem). Which has not sense. It WILL work, but that doesn't means is the "best possible solution"
Despite of all this, BTW, hardlinks are NOT the solution for the "share a file between 1000 users" problem. It can be, but remember that you can't make hardlinks between different filesystems. I have no idea if you can use LVM to solve this, if ACLs + symbolic links can be used to implement this in a delivery agent. And if you cant (I don't really know), someone really should think about adding something to filesystems to allow it like plan9 did, because it has sense
Surplus of money? sure
Shortage of ideas? Not so sure. I don't see why Cerf , being the father of the medium in which google is based, wouldn't be a uself hire.
We are talkiong about MODULARIZED X.org, not X.org. Ubuntu already used x.org in the last stable version, if not sooner.
Call me stupid, but it seems pretty much useless IMO
I mean, how many people is going to travel to the space? No, really....
Sure they have. If smart people are hired by google, they can't be hired by anyone else, for one.
(soon to be merged in mainline)
s /linux-2.6.git;a=blob;h=f3ea492ab44dfcfc05e2fad402 7e303f9b69d9dd;hb=caf39e87cc1182f7dae84eefc43ca14d 54c78ef9;f=kernel/kprobes.c
Oh well, it's already there and it seems to have been there for ages: http://kernel.org/git/?p=linux/kernel/git/torvald
Linux does have a "comparable" feature (soon to be merged in mainline) called "kprobes", or "systemtap" (systemtap uses kprobes)
r y/l-kprobes.html
You can see a fairly detailed analisis in the 2005 Proceedings, Volume 2, page 57 of the linux symposium
Also some doc from IBM: http://www-128.ibm.com/developerworks/linux/libra
also there's a "linux trace toolkit". A post about LTT vs dtrace...whatever, too much flamewar for my taste.
Notice that the latest QT version released has a "painting engine" similar to cairo. KDE does not use it today, but will use it for future versions...
...one of the problems of debian according to some people: The fact that unstable is never "unstable".
Ubuntu "unstable" may be broken, but that is what unstable is about. Ubuntu did break things because some things can't be done without breaking other things. X.org's modularization is a new thing for everyone so it did break things because it was full of bugs (I've tried compiling it myself) and they had to work hard to fix them
When you switch back to Debian unstable and modularized X.org goes in, remember this: All the hard work and all the breaking was done first in ubuntu, because they actually developed its integration in a debian-like distro and debian will just use Ubuntu's work (they're more or less the same developers after all). If Debian sid had done that job instead of Ubuntu, it'd had been sid who would have been broken.
So, please think again the next time you tal about "Debian doing a decent job of providing late-model software that isn't broken.". Is not that Ubuntu is crap or Sid developers are much smarter than anyone at ubuntu.
Oh well, slashdot breaks the links. Whatever. http://secunia.com/product/73/ and http://secunia.com/product/1438/
"IIS 6.0 against Apache 2.0
The number of potential security holes is hard to immagine.
Oh, well, stop the FUD. That's what people said when the WHOLE SOURCE CODE of windows 2000 was leaked. And how many holes where found? One. For internet explorer. Which only worked for old versions. Even if you consider that all the holes found affecting windows 2k after that leak are due to the leak, that's a pretty low number for the WHOLE SOURCE CODE. If it's so buggy, where are all those obscure and hidden potential kernel holes, etc etc?
Microsoft CAN write secure code. Just compare IIS 6.0 against apache 2.0 - yes, IIS looks great. They have the money so they can hire the best security people to review the code before going public if they needed it, period.
Microsoft's interoperability plans are: "We want to support as much stuff from other as we can, but we DON'T want anyone to support our own stuff"
They REALLY don't want to open those protocols.
------- Additional Comment #127 From Christian Biesinger (:bi) 2005-04-05 16:53 PDT [reply] -------
checked in. firefox and seamonkey should work.
bug 288585 is for camino
bug 289214 for embedding/browser/cocoa
bug 289216 for photon
bug 289218 for powerplant
Bug 289219 for not QIing mInner in nsDownloadProxy (toolkit)
Bug 289220 for not QIing mInner in nsDownloadProxy (xpfe)
Bug 289221 for making exthandler an nsIProgressEventSink.
Marking FIXED!
I checked with Bugzilla (no link from /. allowed)
6 8
That doesn't means you can't put it here so other people can contribute: https://bugzilla.mozilla.org/show_bug.cgi?id=2289
You know, this is what opensource is for - you can help and fix it yourself, the mozilla foundation may not have enought programmers to solve those bugs...
I have this neat trick to avoid cities being flooded: rebuild the city in another place where it can't be flooded
Except that google takes a long time to reindex recent changes and you can't "personalize" your search ie: for a given section of the web
Well, not just videos and audio. They allow them to put "binary data" inside the document.
And that binary data can have whatever data format they want, including a closed and obscure and undocummented format (say, a "new feature" in future office versions which happens to embbed binary data with a closed format). Which is against the whole point of having an open format.
Every day I see training courses for office announced everywhere, IMO the main reason for those courses is that the interface is so horrid that you have to learn how to do things. I don't call that a "intuitive" interface. I wonder what the people like apple would be able to do if the wrote a office suite from scratch...
Microsoft also states they will not support the OpenDocument format.
Well, I don't understand why they don't want to support it. The Office 2003 XML format is also open (perhaps a bit less "open", but open anyway), OpenDocument is open, what is the point of supporting a open format and not supporting another?
I mean, why not support OpenDocument and sell office to work with it? Massachusetts seems to be searching a good document format, they don't seem to say clearly "we want openoffice", they could sell more office copies if they supported the Opendocument format
Well founded assertion there, and so rigorously argued
It is indeed.
The fact is, linux sucks on desktops (and I'm a linux desktop user so stop remembering my why I chose it despite of its suckage) and this article proved that Mac OS X sucks on servers.
It's so difficult to understand? There's nothing strange about it
They also run apache and lmbench; I don't think you can say they "insist" on mysql...
you know, people uses programs in their computers.
People using servers are probably very interested in seeing how server-oriented programs perform in a given hardware
Those are called "real-life benchmarks". They're much better than lmbench and tiny C programs running whatever microbenchmark in a tight loop because they measure what you actually are going going to do with your system.
It doesn't matter if your lmbench numbers are great, if the apps you're going to run don't run well what's the point? I can't see why mysql is a bad choice for a benchmark...