... this update is actually just a configuration change that disables the ADODB.Stream object from within Internet Explorer.
The stream object contains several methods for reading and writing binary files and text files.
When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone.
No security vulnerabilities have actually been fixed here; all that's happened is that some functionality (which exacerbated existing security holes and was probably a bad idea to begin with) has been disabled.
The whole point is to get people writing.NET (i.e. WinForms) based applications. MFC is dead and burried as far as MS is concerned.
Funny but true. I don't have the.NET framework installed on my PC, and frankly, I've never missed it. The only programs that I've ever seen that actually use it are on hobby sites like CodeGuru. Now it seems Microsoft is so desparate to lock people into its new platform that it's giving away (for the time being, at least) a WinForms compiler.
We were going to use WinForms for our newest application, but it just couldn't integrate with our existing C/C++ code, so we stuck with MFC.
Which makes me wonder--can this Visual C++ 2005 Express actually compile real C++ code? Or just Microsoft's bastardized "Managed C++" abomination? In conjunction with a cross-platform widget set such as wxWindows, it might be a useful tool.
2. Go to Control Panel | Internet Options | Advanced | Multimedia, and uncheck "Show pictures". (FDA warning: I have not verified that this setting prevents this image exploit from infecting your system, since I don't know of any infected servers. But it will at least force you to use the alternate browser we installed in Step 1.)
3. Switch to the Security tab, and move Internet into "high". This will disable most forms of scripting. However, It also disables the Windows Update site. You can add windowsupdate.microsoft.com to a list of trusted sites (it will give you the instructions when you try to visit it in this mode), but I'd be very careful with that, since I do not doubt that the Windows Update site is very high on the crackers' lists of sites to infect. (Wouldn't that be ironic?)
FWIW, I don't know whether setting Internet zone security to "High" disables the automatic Windows update feature or not. I'll tell you as soon as there's a critical update to be notified of.
Isn't this enough to invoke the submarine patent protection? By admitting that they did not enforce the patent when they knew there were infinging users, maybe their patent is not enforceable.
Is there such a thing as submarine patent protection? There certainly should be, but I was under the impression that patents, unlike trademarks, do not have to be rigorously enforced to be enforceable.
Take a few minutes today and Google 'Gemini Series'. This is what Burt Rutans craft is compareable to. The early Gemini rockets did not achieve orbit. The went up, and came back down again.
All manned Gemini missions achieved orbit. I think you're thinking of Project Mercury. The first two manned Mercury flights (Freedom 7 and Liberty Bell 7) were 15-minute suborbital flights. Later Mercury missions were launched on more powerful booster rockets, and they achieved orbit.
Project Gemini, on the other hand, was far more advanced than Mercury. It was the proving ground for technologies and procedures that would be used in the Apollo moon landings (rendezvous, space suits, long duration flights, etc.). Gemini XI reached an altitude of 1368 km, which is several times higher than even the Space Shuttle can reach.
You forgot the fact that Linux boxes usually don't run off of self-contained fusion reactors, so you have to pay for the electricity too. And if you have a hardware failure, Linux won't bail you out of that either.
Of course no one expects that administering a server will be free as in beer, regardless of the OS. But Linux is still Free as in speech, meaning the source is there, so you can examine and/or modify it to your heart's content. You don't have to worry about Licensing 7.0, or pay $thousands more for additional client access licenses when your network grows, or be stuck with unusable orphaned software if the vendor decides they're not making enough money off of it.
... Visual Basic is significantly more productive. Often I've written the same code, once in C++ calling the Windows API and once in Visual Basic, and C++ always took three or four times as much work. Why? Memory management.
I have experience writing for both platforms, and I prefer C++, despite VB's garbage collection. VB certainly makes it easier to do some things, but that's mainly because it offers an abstraction for all the Win32/COM red tape (dig through the MSDN to find which of the eleven or so Close...(), Delete...(), Free...() functions you need for this thing, and Release() all those COM pointers in every conceivable exit point).
C++ itself provides the means to relieve the programmer of much of this menial work, though. Microsoft doesn't take advantage of C++'s capabilities, but that's probably because C++ hadn't evolved enough when much of the Win32 code base was written.
In my recent work, which has all been C++ on Win32, I almost never have to manually delete anything. The
Boost Smart Pointer Library has been tremendously useful, both for internal program logic and for taming the Win32 memory management nightmare. The reference-counting boost::shared_ptr template class and its relatives can be used to automatically free memory allocated with new when the last pointer is destroyed. What's more, you can specify a templatized deleter, so that a shared_ptr can manage COM objects, GDI objects, file handles, memory allocated in any of the dozen or so Windows APIs (GlobalAlloc(), VirtualAlloc(), HeapAlloc(), ThrashDiskAndThenCrashAlloc(), etc.)
It's possible to augment the API in such a way as to boost productivity without breaking backward compatibility. The.NET framework is a huge misstep, in my opinion, because it needlessly throws away a decade's worth of existing code. We were going to use it in a recent product, but we decided to go with MFC instead, because it couldn't link with our existing C++ code (well, it could, but huge marshalling bugs that have gone unfixed for years made it completely unusable).
It's still guilty until proven innocent. The only thing that's changed is that DirecTV says they'll supposedly listen to claims of innocence rather than plugging their ears and humming "la, la, I can't hear you, pirate".
... DirecTV will, however, continue to investigate purchasers of devices that are often primarily designed for satellite signal interception, nicknamed "bootloaders" and "unloopers."
DirecTV also agreed to change its pre-lawsuit demand letters to explain in detail how innocent recipients can get DirecTV to drop their cases. The company also promised that it will investigate every substantive claim of innocence it receives. If purchasers provide sufficient evidence demonstrating that they did not use their devices for signal theft, DirecTV will dismiss their cases.
Some progress has been made, but not nearly enough. DirecTV will still threaten people for mere possession of devices, and you're at their mercy as to what constitutes "sufficient evidence" that you didn't steal their signal.
On 2002-10-29, another third party, who had access to a Windows NT XP system with the first service pack applied, reported to me confirming that on that system it was now impossible to reproduce this bug.
So, it's been fixed in XP SP1. Months after the flaw was reported, and with a woefully incorrect knowledge base article too.
Also, it hasn't been fixed in NT4, and it hasn't officially been fixed in 2000 either, although it seemed to go away after Win2K SP3.
I had an interesting experience regarding a bug in Visual C++ 6.0. I was working with this GPL'd TI 99/4A emulator, trying to figure out why it acted strangely when compiled with optimizations turned on. The author figured out which function was returning the wrong answer, so I had VC++ dump out an assembly listing and I looked it over.
This particular function compared two numbers and set the flags in the ALU; one flag would be if the first is less than the second using an unsigned comparison, and another if the first is less than the second using a signed comparison. I found that VC++ incorrectly optimized away the second comparison. I came up with an ugly hack that would force the compiler to re-compare, but without knowledge of assembly language, I would have been stuck.
The experience was a wake-up call for me; ever since then, I've been a little too quick to blame the compiler when something doesn't work. But this is only one of several Visual C++ bugs I've discovered--none of which have been fixed, by the way, even though they've been known about for years.
Qwest's DSL subscription wizard gives the user three options regarding a DSL modem:
Purchase an Actiontec wireless DSL modem/router from Qwest for $59
Rent an Actiontec wireless DSL modem/router for $3/month
I already have an Actiontec wireless DSL modem/router
I went with option (1), and it's a nifty little device (it runs Linux BTW). But its default wireless setup is wide open. It can be configured to cloak the SSID, restrict MAC addresses, and use WEP encryption, but a user who can't figure out how to type a set of four random sixteen-digit hex keys isn't going to be able to set it up securely.
(Fortunately, the manual gives some "example" keys; I can't wait to wardrive with those...)
The normal recomendation is to backup everything. That even holds if you are not going to install a new OS.
Point taken.
Fortunately, I did have backups... I just didn't expect to have to use them after installing Linux to an already existing partition (I mean, I didn't even resize or create any partitions during the Linux install; FC1 b0rked the MBR anyway).
Windows XP can handle this trivial process with ease....why not FC2?
XP's CD burning leaves a lot to be desired. First, it makes a temporary copy of everything you want to burn, and then, it makes an image file out of that, and finally burns the image to the disc, making the operation an exercise in pointless data shifting worthy of InstallShield.
Oh yeah, and even though it makes an image of everything you burn before burning it, it can't burn an existing ISO image.
And sometimes you have to eject and re-insert the CD blank before XP will realize it's there. And it won't burn DVDs either.
I guess my point is, Windows really isn't much better... most Linux distros include much more flexibility when it comes to burning CDs, even if it is a little harder to learn.
FC1 (with a 2.4 kernel) did this to my work system. It retrieved drive geometry differently from Windows, and rewrote the CHS start and end entries for each partition on the drive, rendering Windows unbootable.
The problem was most likely compounded by the fact that the system has a 160GB drive, of which only the first 128GB were recognized when Windows was first installed, the rest becoming visible after installing XP SP1.
Unable to align partition properly. This probably means that another partitioning tool generated an incorrect partition table, because it didn't have the correct BIOS geometry. It is safe to ignore, but ignoring may cause (fixable) problems with some boot loaders.
Can't blame the end-user for thinking it's safe to ignore...
I ignored the warning, and ended up having to nuke my drive and start all over. (This happened very early on, before a solution had been published; I'm near the top of that Bugzilla entry.)
Having been bitten by that bug on my work system, I can say it is certainly "bad" any way you look at it. I won't argue that Microsoft isn't at fault for creating a short-sighted partition table scheme that has required all sorts of wonky drive geometry translation to take place over the years, but Red Hat is most definitely at fault for needlessly messing with the CHS settings of non-Linux partitions on the drive.
It shouldn't be necessary to back up your MBR before installing a new OS... but Fedora has gotten me into the habit of doing so.
I've often thought about the same thing. SMTP lets you forge headers with impunity; it should be possible to at least verify that the sender exists.
On top of that, I had another half-baked idea. Maintain a whitelist of acceptable senders, and bounce all received mail from anyone not in the list unless they can answer a question that would be hard for a spammer to automate, such as "type the letters you see in this funny looking graphic", or "which of these items doesn't belong" with thumbnail photos of a duck, a goose, and a pig, where the sender has to type "pig", or something like that.
Then the recipient can decide whether to whitelist the sender, or the mail client could have an option to do so automatically when the message is replied to, etc.
Just curious--why do you need an 85Hz refresh rate on an LCD?
It's not like a CRT, where the picture starts to fade immediately after it's drawn, causing visible flicker at lower refresh rates. On an LCD, there would be no flicker at all even if the refresh rate were 10 Hz.
In space, you drop something, and it doesn't fall. No gravity there.
Hmm. I wonder what keeps the earth in orbit around the sun.
Of course there's gravity in space.
Astronauts in orbit don't feel any gravity because they're constantly in free-fall. Their tangential velocity is just high enough that they fall "around" the earth.
This NASA probe isn't designed to tell us whether there's gravity or not; it's designed to test an application of Einstein's general theory of relativity which states that gravity can bend space-time. See this for more info.
Recently we got new development machines at work, but we didn't have enough MS Office licenses to go around. So I downloaded OpenOffice.org and showed my boss how it worked--since most of the developers at my company only need Office to update our Excel timesheets and read bug report screenshots emailed from users who can't figure out how to send pictures except in Word documents, OOo suits our needs just fine.
And my boss had no idea that there was an open source office suite for Windows! He was impressed enough with it that we switched most of the department to OOo.
I'm sure there are many other PHB's out there who had no idea there was an alternative. Thanks, Microsoft, for cluing them in.
Remember Von Braun, whose V2 killed thousands of British during WW2 and were the start of the exploration of space?
Maybe what I've read about von Braun is too apologetic, but I understood that manned space exploration was von Braun's inspiration from the beginning. However, once Hitler took notice of the military potential of his work, von Braun grudgingly worked for the German military.
But his loyalties did not remain with the Third Reich. Once it was clear Germany was going to fall, von Braun disobeyed orders to destroy V2 technology and surrendered himself and other engineers working with him, along with a trainload of rocket parts and plans, to US forces. While in the US, he oversaw the design of both the Redstone which lifted the first American into space, and the massive Saturn V, which took men to the moon.
I don't think it's fair to paint von Braun in the same brush as the senseless killers that bombed Madrid yesterday.
Slashdot Mirror
No security vulnerabilities have actually been fixed here; all that's happened is that some functionality (which exacerbated existing security holes and was probably a bad idea to begin with) has been disabled.
Funny but true. I don't have the .NET framework installed on my PC, and frankly, I've never missed it. The only programs that I've ever seen that actually use it are on hobby sites like CodeGuru. Now it seems Microsoft is so desparate to lock people into its new platform that it's giving away (for the time being, at least) a WinForms compiler.
We were going to use WinForms for our newest application, but it just couldn't integrate with our existing C/C++ code, so we stuck with MFC.
Which makes me wonder--can this Visual C++ 2005 Express actually compile real C++ code? Or just Microsoft's bastardized "Managed C++" abomination? In conjunction with a cross-platform widget set such as wxWindows, it might be a useful tool.
For 3dfx, SLI meant "scan line interleave".
For nVidia, it means "scalable link interface", according to this article.
It's not trying to be the same thing, but it is exploiting the brand/trademark nVidia acquired from 3dfx.
2. Go to Control Panel | Internet Options | Advanced | Multimedia, and uncheck "Show pictures". (FDA warning: I have not verified that this setting prevents this image exploit from infecting your system, since I don't know of any infected servers. But it will at least force you to use the alternate browser we installed in Step 1.)
3. Switch to the Security tab, and move Internet into "high". This will disable most forms of scripting. However, It also disables the Windows Update site. You can add windowsupdate.microsoft.com to a list of trusted sites (it will give you the instructions when you try to visit it in this mode), but I'd be very careful with that, since I do not doubt that the Windows Update site is very high on the crackers' lists of sites to infect. (Wouldn't that be ironic?)
FWIW, I don't know whether setting Internet zone security to "High" disables the automatic Windows update feature or not. I'll tell you as soon as there's a critical update to be notified of.
All manned Gemini missions achieved orbit. I think you're thinking of Project Mercury. The first two manned Mercury flights (Freedom 7 and Liberty Bell 7) were 15-minute suborbital flights. Later Mercury missions were launched on more powerful booster rockets, and they achieved orbit.
Project Gemini, on the other hand, was far more advanced than Mercury. It was the proving ground for technologies and procedures that would be used in the Apollo moon landings (rendezvous, space suits, long duration flights, etc.). Gemini XI reached an altitude of 1368 km, which is several times higher than even the Space Shuttle can reach.
Sounds great! Eat junk food, play Quake, and lose weight all at the same time! Crank up the resolution and effects to burn the most calories.
Heck, I should apply for a patent on this.
You forgot the fact that Linux boxes usually don't run off of self-contained fusion reactors, so you have to pay for the electricity too. And if you have a hardware failure, Linux won't bail you out of that either.
Of course no one expects that administering a server will be free as in beer, regardless of the OS. But Linux is still Free as in speech, meaning the source is there, so you can examine and/or modify it to your heart's content. You don't have to worry about Licensing 7.0, or pay $thousands more for additional client access licenses when your network grows, or be stuck with unusable orphaned software if the vendor decides they're not making enough money off of it.
I have experience writing for both platforms, and I prefer C++, despite VB's garbage collection. VB certainly makes it easier to do some things, but that's mainly because it offers an abstraction for all the Win32/COM red tape (dig through the MSDN to find which of the eleven or so Close...(), Delete...(), Free...() functions you need for this thing, and Release() all those COM pointers in every conceivable exit point).
C++ itself provides the means to relieve the programmer of much of this menial work, though. Microsoft doesn't take advantage of C++'s capabilities, but that's probably because C++ hadn't evolved enough when much of the Win32 code base was written.
In my recent work, which has all been C++ on Win32, I almost never have to manually delete anything. The Boost Smart Pointer Library has been tremendously useful, both for internal program logic and for taming the Win32 memory management nightmare. The reference-counting boost::shared_ptr template class and its relatives can be used to automatically free memory allocated with new when the last pointer is destroyed. What's more, you can specify a templatized deleter, so that a shared_ptr can manage COM objects, GDI objects, file handles, memory allocated in any of the dozen or so Windows APIs (GlobalAlloc(), VirtualAlloc(), HeapAlloc(), ThrashDiskAndThenCrashAlloc(), etc.)
It's possible to augment the API in such a way as to boost productivity without breaking backward compatibility. The .NET framework is a huge misstep, in my opinion, because it needlessly throws away a decade's worth of existing code. We were going to use it in a recent product, but we decided to go with MFC instead, because it couldn't link with our existing C++ code (well, it could, but huge marshalling bugs that have gone unfixed for years made it completely unusable).
Some progress has been made, but not nearly enough. DirecTV will still threaten people for mere possession of devices, and you're at their mercy as to what constitutes "sufficient evidence" that you didn't steal their signal.
So, it's been fixed in XP SP1. Months after the flaw was reported, and with a woefully incorrect knowledge base article too.
Also, it hasn't been fixed in NT4, and it hasn't officially been fixed in 2000 either, although it seemed to go away after Win2K SP3.
This particular function compared two numbers and set the flags in the ALU; one flag would be if the first is less than the second using an unsigned comparison, and another if the first is less than the second using a signed comparison. I found that VC++ incorrectly optimized away the second comparison. I came up with an ugly hack that would force the compiler to re-compare, but without knowledge of assembly language, I would have been stuck.
The experience was a wake-up call for me; ever since then, I've been a little too quick to blame the compiler when something doesn't work. But this is only one of several Visual C++ bugs I've discovered--none of which have been fixed, by the way, even though they've been known about for years.
I went with option (1), and it's a nifty little device (it runs Linux BTW). But its default wireless setup is wide open. It can be configured to cloak the SSID, restrict MAC addresses, and use WEP encryption, but a user who can't figure out how to type a set of four random sixteen-digit hex keys isn't going to be able to set it up securely. (Fortunately, the manual gives some "example" keys; I can't wait to wardrive with those...)
The normal recomendation is to backup everything. That even holds if you are not going to install a new OS.
Point taken.
Fortunately, I did have backups... I just didn't expect to have to use them after installing Linux to an already existing partition (I mean, I didn't even resize or create any partitions during the Linux install; FC1 b0rked the MBR anyway).
Windows XP can handle this trivial process with ease....why not FC2? XP's CD burning leaves a lot to be desired. First, it makes a temporary copy of everything you want to burn, and then, it makes an image file out of that, and finally burns the image to the disc, making the operation an exercise in pointless data shifting worthy of InstallShield. Oh yeah, and even though it makes an image of everything you burn before burning it, it can't burn an existing ISO image. And sometimes you have to eject and re-insert the CD blank before XP will realize it's there. And it won't burn DVDs either. I guess my point is, Windows really isn't much better... most Linux distros include much more flexibility when it comes to burning CDs, even if it is a little harder to learn.
FC1 (with a 2.4 kernel) did this to my work system. It retrieved drive geometry differently from Windows, and rewrote the CHS start and end entries for each partition on the drive, rendering Windows unbootable. The problem was most likely compounded by the fact that the system has a 160GB drive, of which only the first 128GB were recognized when Windows was first installed, the rest becoming visible after installing XP SP1.
Here's the text of that warning (emphasis added):
Unable to align partition properly. This probably means that another partitioning tool generated an incorrect partition table, because it didn't have the correct BIOS geometry. It is safe to ignore, but ignoring may cause (fixable) problems with some boot loaders.
Can't blame the end-user for thinking it's safe to ignore...
I ignored the warning, and ended up having to nuke my drive and start all over. (This happened very early on, before a solution had been published; I'm near the top of that Bugzilla entry.)
Having been bitten by that bug on my work system, I can say it is certainly "bad" any way you look at it. I won't argue that Microsoft isn't at fault for creating a short-sighted partition table scheme that has required all sorts of wonky drive geometry translation to take place over the years, but Red Hat is most definitely at fault for needlessly messing with the CHS settings of non-Linux partitions on the drive.
It shouldn't be necessary to back up your MBR before installing a new OS... but Fedora has gotten me into the habit of doing so.
I've often thought about the same thing. SMTP lets you forge headers with impunity; it should be possible to at least verify that the sender exists.
On top of that, I had another half-baked idea. Maintain a whitelist of acceptable senders, and bounce all received mail from anyone not in the list unless they can answer a question that would be hard for a spammer to automate, such as "type the letters you see in this funny looking graphic", or "which of these items doesn't belong" with thumbnail photos of a duck, a goose, and a pig, where the sender has to type "pig", or something like that.
Then the recipient can decide whether to whitelist the sender, or the mail client could have an option to do so automatically when the message is replied to, etc.
---
Does the "S" in "SMTP" stand for "spam"?
Just curious--why do you need an 85Hz refresh rate on an LCD?
It's not like a CRT, where the picture starts to fade immediately after it's drawn, causing visible flicker at lower refresh rates. On an LCD, there would be no flicker at all even if the refresh rate were 10 Hz.
When I tried "Don Emilio Fulci", I got one result, in French, which is a review for the video game.
Also, Googling for "Don Fulci" gives several results related to Headhunter.
Hmm. I wonder what keeps the earth in orbit around the sun.
Of course there's gravity in space. Astronauts in orbit don't feel any gravity because they're constantly in free-fall. Their tangential velocity is just high enough that they fall "around" the earth.
This NASA probe isn't designed to tell us whether there's gravity or not; it's designed to test an application of Einstein's general theory of relativity which states that gravity can bend space-time. See this for more info.
Recently we got new development machines at work, but we didn't have enough MS Office licenses to go around. So I downloaded OpenOffice.org and showed my boss how it worked--since most of the developers at my company only need Office to update our Excel timesheets and read bug report screenshots emailed from users who can't figure out how to send pictures except in Word documents, OOo suits our needs just fine.
And my boss had no idea that there was an open source office suite for Windows! He was impressed enough with it that we switched most of the department to OOo.
I'm sure there are many other PHB's out there who had no idea there was an alternative. Thanks, Microsoft, for cluing them in.
But his loyalties did not remain with the Third Reich. Once it was clear Germany was going to fall, von Braun disobeyed orders to destroy V2 technology and surrendered himself and other engineers working with him, along with a trainload of rocket parts and plans, to US forces. While in the US, he oversaw the design of both the Redstone which lifted the first American into space, and the massive Saturn V, which took men to the moon.
I don't think it's fair to paint von Braun in the same brush as the senseless killers that bombed Madrid yesterday.