That's just a clarification of the stuff about Java, it's not indicative of a change between releases.
As you might expect, the only changes between RC2 and RC3 were a bunch of bug fixes, and those don't get mentioned in the release notes - they're release notes, not a changelog.
For the sake of the database, I won't post bugzilla links, but the list of fixes since RC2 is as follows:
88393 (Mac) Check in a high-resolution application and document icon... 140357 (All) Backspace deletes text formatting,TypeInState should be s... 189429 (All) strict javascript warning in mail3PaneWindowCommands.js 197379 (Mac) file:// URLs from CFM mozilla don't work with Mach-O mozilla 199443 (PC) leaking GDIs when table cell contains an image, and text... 205360 (Sun) libxpcom.so depends on non-existent libiconv.so 206271 (PC) News Messages being marked as read automatically 206668 (Mac) [Mac OS X classic theme] context menu only work on frontm... 208560 (PC) P3P summary only works once 209033 (Mac) FIXE (Shockwave, Flash, ?) all typed letters (from kbd) appear... 209354 (All) typeaheadfind causes major memory leaks
It was dropped within the last couple of weeks. It will probably stay in 1.4 builds and 1.4 final, but it's gone from pre-1.5alpha builds and Firebird nightlies.
Reporting bugs through the Bugzilla Helper should also be made mandatory. It already has been made mandatory, except for those with accounts with privileges set...
ok, I'm a potential user - your crappy dapple emulator is written for MS-DOS. what kind of moron develops anything for MS-DOS??? why doesn't it work on Linux? post back when you've done it. </sarcasm>
this document is mostly about comments on bugs. so someone has filed a report, and then posts back a week later saying "why is this not done yet? when are you going to have this finished?"
that's trivially not true - I'm on mailing lists which discuss spam and messages from those lists often contain quotes from spam, but those mailing list messages are solicited and wanted.
if I was to pass what you've just posted on to a friend, that would contain all of those phrases, but wouldn't be spam.
if slashdot sent confirmation messages when someone posted something as some forums do, then the acknowledgement for the post you just made would get caught by such a filter.
not to say that filtering on those phrases is useless, but by the definition of "spam", it's not possible to get a content filter which is 100% guaranteed not cause false positives...
the basic fee for paypal is 2.9% + $0.30, so if you pay $1, they will get $0.67. if you're not in the same country as them, it'll cost another cent in the dollar. (on the other hand, "merchants" receiving at least $1000/month with paypal get a somewhat better rate)
in case you're not aware, this happens with credit cards too. the way the card companies make their money is by taking a cut of all the transactions. most places don't publicise the fact, but some places do pass the charges on by charging extra for credit card payments
John Gilmore's problem is not censorship. John Gilmore's problem is that he's breaking the agreement with his ISP. If he doesn't want to abide by their policies, then he should sign up for internet access elsewhere. The internet is not publicly owned and the providers are not "common carriers".
As for not sending spam - that's just wrong. Plenty of people received plenty of spam through the open relay at toad.com - examples have been posted.
Free speech is one thing, forcing others to pay for your speech is something else...
your small javascript is fine for personal sites or sites with a limited audience, but using it will mean excluding anyone who can't or won't use javascript (a significant proportion of web users - i've seen figures of between 5% and 25%).
you can use an image and have people retype the address - excludes those who can't display or see the images. you could use HTML entities or %-encoded URLs, those will work in most cases, but then it doesn't present too much of a challenge for the harvesters.
anything you do to make it harder for the spammers will also make it harder for others. trying to hide from spam is not the solution
Nowhere on the link [incidents.org] you provided does it specify which versions of IE are affected. Indeed, I'm fairly certain that IE6 is *not* affected (or at least requires the user to respond to a dialog box before it will run.eml or.exe files). Moreover, I'm fairly sure that MS has patches for these vulnerabilities in IE5.
You are correct about IE6 being unaffected. The vulnerability is not present in IE 5.01 SP2 or IE 5.5 SP2. If you've got a lesser version, you should install the service pack, although alternatively there is a patch, which has been available since March when the problem was found.
Not accepting email from dynamic IP pools may break the "spirit of Internet cooperation", but I think that spirit got broken by the spammers.
Fact is that nearly all spam comes either through open relays or direct from dialups with dynamic IPs. You can't block a spammer who is using a dynamic IP. If you block their IP, they can just change it and start hitting your server again moments later. A solution to that is to block all the dynamic IPs.
If you want to run a mail server, get a static IP so people know where you are.
not necessarily the answer, but Kurt posted this previously:
The servers all came with Red Hat and we installed Debian on them, expect the 3500, and I think that was because VA installed extra drivers and stuff we wanted to leave it as is.
Complain about random pages that don't actually mention you. The ISPs will presumably at least check the pages before yanking them, which will start absorbing significant amounts of time. I'm sure there are things wrong with this idea, what have I missed ?
I think the problem is your presumption. I guess it depends on the amount of revenue the ISP makes from each customer, but if the checking of pages uses too much of an ISP's resources, they'll just remove the material without a check a la Yahoo/Geocities.
Slashdot Mirror
That's just a clarification of the stuff about Java, it's not indicative of a change between releases.
...
As you might expect, the only changes between RC2 and RC3 were a bunch of bug fixes, and those don't get mentioned in the release notes - they're release notes, not a changelog.
For the sake of the database, I won't post bugzilla links, but the list of fixes since RC2 is as follows:
88393 (Mac) Check in a high-resolution application and document icon
140357 (All) Backspace deletes text formatting,TypeInState should be s...
189429 (All) strict javascript warning in mail3PaneWindowCommands.js
197379 (Mac) file:// URLs from CFM mozilla don't work with Mach-O mozilla
199443 (PC) leaking GDIs when table cell contains an image, and text...
205360 (Sun) libxpcom.so depends on non-existent libiconv.so
206271 (PC) News Messages being marked as read automatically
206668 (Mac) [Mac OS X classic theme] context menu only work on frontm...
208560 (PC) P3P summary only works once
209033 (Mac) FIXE (Shockwave, Flash, ?) all typed letters (from kbd) appear...
209354 (All) typeaheadfind causes major memory leaks
that's not the case for 1.4. MNG/JNG has been removed from the trunk (pre-1.5alpha builds), but it is still in 1.4RC2 and will appear in Mozilla 1.4.
It was dropped within the last couple of weeks. It will probably stay in 1.4 builds and 1.4 final, but it's gone from pre-1.5alpha builds and Firebird nightlies.
Reporting bugs through the Bugzilla Helper should also be made mandatory.
It already has been made mandatory, except for those with accounts with privileges set...
ok, I'm a potential user - your crappy dapple emulator is written for MS-DOS. what kind of moron develops anything for MS-DOS??? why doesn't it work on Linux? post back when you've done it.
</sarcasm>
this document is mostly about comments on bugs. so someone has filed a report, and then posts back a week later saying "why is this not done yet? when are you going to have this finished?"
that's trivially not true - I'm on mailing lists which discuss spam and messages from those lists often contain quotes from spam, but those mailing list messages are solicited and wanted.
if I was to pass what you've just posted on to a friend, that would contain all of those phrases, but wouldn't be spam.
if slashdot sent confirmation messages when someone posted something as some forums do, then the acknowledgement for the post you just made would get caught by such a filter.
not to say that filtering on those phrases is useless, but by the definition of "spam", it's not possible to get a content filter which is 100% guaranteed not cause false positives...
the paypal fees info is on their site
the basic fee for paypal is 2.9% + $0.30, so if you pay $1, they will get $0.67. if you're not in the same country as them, it'll cost another cent in the dollar. (on the other hand, "merchants" receiving at least $1000/month with paypal get a somewhat better rate)
in case you're not aware, this happens with credit cards too. the way the card companies make their money is by taking a cut of all the transactions. most places don't publicise the fact, but some places do pass the charges on by charging extra for credit card payments
Modifying DreamWeaver 4.0 to Produce Valid XHTML might be useful. I understood that stuff had been fixed up in MX, but if not I guess the same techniques will still work.
John Gilmore's problem is not censorship. John Gilmore's problem is that he's breaking the agreement with his ISP. If he doesn't want to abide by their policies, then he should sign up for internet access elsewhere. The internet is not publicly owned and the providers are not "common carriers".
As for not sending spam - that's just wrong. Plenty of people received plenty of spam through the open relay at toad.com - examples have been posted.
Free speech is one thing, forcing others to pay for your speech is something else...
your small javascript is fine for personal sites or sites with a limited audience, but using it will mean excluding anyone who can't or won't use javascript (a significant proportion of web users - i've seen figures of between 5% and 25%).
you can use an image and have people retype the address - excludes those who can't display or see the images. you could use HTML entities or %-encoded URLs, those will work in most cases, but then it doesn't present too much of a challenge for the harvesters.
anything you do to make it harder for the spammers will also make it harder for others. trying to hide from spam is not the solution
Nowhere on the link [incidents.org] you provided does it specify which versions of IE are affected. Indeed, I'm fairly certain that IE6 is *not* affected (or at least requires the user to respond to a dialog box before it will run .eml or .exe files). Moreover, I'm fairly sure that MS has patches for these vulnerabilities in IE5.
You are correct about IE6 being unaffected. The vulnerability is not present in IE 5.01 SP2 or IE 5.5 SP2. If you've got a lesser version, you should install the service pack, although alternatively there is a patch, which has been available since March when the problem was found.
Not accepting email from dynamic IP pools may break the "spirit of Internet cooperation", but I think that spirit got broken by the spammers.
Fact is that nearly all spam comes either through open relays or direct from dialups with dynamic IPs. You can't block a spammer who is using a dynamic IP. If you block their IP, they can just change it and start hitting your server again moments later. A solution to that is to block all the dynamic IPs.
If you want to run a mail server, get a static IP so people know where you are.
Michael
Discussion of this idea has been taking place on the news.grc.com forums
The similarity to SYN cookies has been pointed out to Steve Gibson.
michael
I wonder why there is a red hat box in the mix?
not necessarily the answer, but Kurt posted this previously:
The servers all came with Red Hat and we installed Debian on them, expect the 3500, and I think that was because VA installed extra drivers and stuff we wanted to leave it as is.
michael
Complain about random pages that don't actually mention you. The ISPs will presumably at least check the pages before yanking them, which will start absorbing significant amounts of time. I'm sure there are things wrong with this idea, what have I missed ?
I think the problem is your presumption. I guess it depends on the amount of revenue the ISP makes from each customer, but if the checking of pages uses too much of an ISP's resources, they'll just remove the material without a check a la Yahoo/Geocities.
is at http://www.cs.columbia.edu/~ezk/research/software/ cryptfs/
no need to download the whole thing for that file...
it's at:2 .4/changes24.html
http://cyberbuzz.gatech.edu/kaboom/linux/Changes-
well that was a clueless attempt at a post... my apologies...
what www.uptimes.net says is:
Site down
This page is temporarily out of order. Please try again later.
www.uptimes.net appears to have been slashdotted.
at the time of writing, the home page reads:
>