I find it disturbing that the ones who made the exploit public are only revealing the details under NDA. It's not like this is a secret to those who would use it for malicious purposes. Sigh...
Microsoft survives because security just isn't that important in the markets where they dominate. The challenges present themselves in the markets Microsoft would like to be in.
Not sure if you've tried this, but try upgrading your mobo chipset drivers - this helped me quite a bit with a nearly itentical configuration (ASUS a7V mobo) when everything else failed.
Let's just hope it doesn't amalgamate into the worst of both worlds. "We must leverage our infrastructure, biatches, into wiggidy wack core technologies, muthafucka!"
I lose my Athlon 1.2GHz at least once every 3 days - catastrophic system lockup with no recovery possible. I've heard it might be the ASUS motherboard, but firmware updates haven't done any good.
For those who prefer cmd.exe, rather than command.com which implies Win9x, and assuming character completion is turned on via that regkey you mentioned:
rd/s/q \prog[tab]\real[tab]
command.com and deltree both went away with 2K.
Hear, hear! RealPlayer is the most diseased, bloated, sick-cow of an application to ever come slouching out of WA, and it gets worse every revision. Sneaky always-on behavior that rewrites the autoload reg key even if deleted by the user unless explicitly disabled through a nest of buried dialogs and a very official-sounding warning and a lengthy installation process that includes the app phoning home (checked on by default), mounds of ad-driven "content" (checked on by default), and mandatory registration.
When it's all said and done, the thing sucks up resources, harasses you constantly to "upgrade" to the for-cost application, and spews out horrible video and audio.
Commercial enterprises choose to put up websites, built from HTML piped over HTTP on TCP/IP, and then complain about the results when users do with the distasteful bits what users are prone to do with distasteful bits - throw them out.
The battle can escalate to the full ends of the imagination of the advertisers, but as long as they continue to elect the make use of the plain-text design of the display protocol and open architecture of the transport, they get what they deserve. The system was not designed for them, and they are welcome in it only to the point that they provide something useful. Beyond that, I have every right to exploit to my full potential an open protocol that favors me more than it favors them.
The logical extreme is a closed network, governed by clients authored by advertisers and streamed in a proprietary, all binary, encrypted format. This method will cease to allow the common user the chance to escape the advertising, and it's what the advertisers should have done to begin with. The Internet is not a safe haven for them - I will not miss them.
.eml is a MIME-encoded plain text file understood by Outlook Express. The purpose of this one is to cause IE to execute an.exe file attachment. If I read this thread correctly, the binary is base-64 encoded and attached to this.eml file.
The pancake has a point, sir. It works swell in Windows, for about as many different bits of modern hardware, and most of the old ones, as you can possibly imagine. Plug and Pray went out the door years ago, at lesat for Windows users. Maybe you should give it a shot...
Not to mention that restricting first post to a registered poster would just mean that it would be a registered poster, rather than an anonymous user, to come out with those immortal words every topic.
Actually, it's kind of like if the people who grow potatoes for McDonalds elect to use a genetically modified strain, which then gets McDonalds into trouble with their customers, who also dispprove of the tile in the bathroom and the beef flavoring in the fries. Well, except that while this is going on, your children are playing on the kid's slide in the greenhouse room and you just found this sweet article on hypnotism in last month's Scientific American, so you're not paying attention when your 4-year-old comes back from the greenhouse and pulls the wrapper out from under your Big Mac, spilling it on the ground.
No, wait. The Microsoft situation is different. But you could imagine if they were the same, right?
This is a feature, not a hack. People have been able to rebrand IE as well as customize other parts of Windows for years. X10 just got their hands on an OEM Adaptation Kit and went nuts.
Hear hear! OEM clutter is like Microsoft clutter * 10. My girlfriend's laptop shipped with 15 apps from Compaq being started in the background. 15 processes?! Disabling all but 5 provided all the features she was ever likely to use and shortened the boot time by 90 seconds.
Um, no it's not. Not to take away from your rant, but ActiveX security settings are broken out separately. It's called Active Scripting because VBScript and Javascript are both supported by the browser.
This isn't insightful, it's crap. Win2K's multilanguage UI rocks. The same build supports dozens of languages and locales, and the APIs are Unicode-aware. As a Swedish-speaking person who wants to do their Japanese homework online, you just install the Japanese and Swedish locales, and swap them on the fly. Couldn't be cleaner.
What Slashdot is running is Perl, which deals only half-ass with UTF-8 and not at all with UTF-16 or any other form of Unicode encoding. Perl is 8-bit clean, but is completely unprepared to deal with 16 bit text. Also, what the heck is "running Unicode"? It's not an application or a daemon, it's a character encoding scheme.
Slashdot Mirror
80% of the web.
I find it disturbing that the ones who made the exploit public are only revealing the details under NDA. It's not like this is a secret to those who would use it for malicious purposes. Sigh...
Microsoft survives because security just isn't that important in the markets where they dominate. The challenges present themselves in the markets Microsoft would like to be in.
MMMMMM. My my, that was a delicious closing !
#!usr/bin/perl -w use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request;
my $req = HTTP::Request->new('POST', "http://$host/post.asp");
$req->header('Accept' => 'text/html');
$req->header('Referer' => $url);
$req->header('Accept-Language'=> 'en-us');
$req->header('Content-Type' => 'application/x-www-form-urlencoded');
$req->header('Host' => $host);
$req->header('Content-Length' => 207);
$req->header('Pragma' => 'no-cache');
$req->header('Cookie' => $cookie);
$req->content("name=value\&name2=value2");
my $ua = new LWP::UserAgent;
$ua->agent("Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)");
print $ua->request($req)->as_string;
Not sure if you've tried this, but try upgrading your mobo chipset drivers - this helped me quite a bit with a nearly itentical configuration (ASUS a7V mobo) when everything else failed.
Let's just hope it doesn't amalgamate into the worst of both worlds. "We must leverage our infrastructure, biatches, into wiggidy wack core technologies, muthafucka!"
I lose my Athlon 1.2GHz at least once every 3 days - catastrophic system lockup with no recovery possible. I've heard it might be the ASUS motherboard, but firmware updates haven't done any good.
For those who prefer cmd.exe, rather than command.com which implies Win9x, and assuming character completion is turned on via that regkey you mentioned: rd /s /q \prog[tab]\real[tab]
command.com and deltree both went away with 2K.
2K has it, it's nice.
Hear, hear! RealPlayer is the most diseased, bloated, sick-cow of an application to ever come slouching out of WA, and it gets worse every revision. Sneaky always-on behavior that rewrites the autoload reg key even if deleted by the user unless explicitly disabled through a nest of buried dialogs and a very official-sounding warning and a lengthy installation process that includes the app phoning home (checked on by default), mounds of ad-driven "content" (checked on by default), and mandatory registration.
When it's all said and done, the thing sucks up resources, harasses you constantly to "upgrade" to the for-cost application, and spews out horrible video and audio.
Commercial enterprises choose to put up websites, built from HTML piped over HTTP on TCP/IP, and then complain about the results when users do with the distasteful bits what users are prone to do with distasteful bits - throw them out.
The battle can escalate to the full ends of the imagination of the advertisers, but as long as they continue to elect the make use of the plain-text design of the display protocol and open architecture of the transport, they get what they deserve. The system was not designed for them, and they are welcome in it only to the point that they provide something useful. Beyond that, I have every right to exploit to my full potential an open protocol that favors me more than it favors them.
The logical extreme is a closed network, governed by clients authored by advertisers and streamed in a proprietary, all binary, encrypted format. This method will cease to allow the common user the chance to escape the advertising, and it's what the advertisers should have done to begin with. The Internet is not a safe haven for them - I will not miss them.
.eml is a MIME-encoded plain text file understood by Outlook Express. The purpose of this one is to cause IE to execute an .exe file attachment. If I read this thread correctly, the binary is base-64 encoded and attached to this .eml file.
Ah yes, well, there you go. Nothing from the 9x line is worth a damn, except maybe DirectX. I highly recommend 2000 and up.
Damn that was funny.
The pancake has a point, sir. It works swell in Windows, for about as many different bits of modern hardware, and most of the old ones, as you can possibly imagine. Plug and Pray went out the door years ago, at lesat for Windows users. Maybe you should give it a shot...
Not to mention that restricting first post to a registered poster would just mean that it would be a registered poster, rather than an anonymous user, to come out with those immortal words every topic.
He could if he were sober...
No, wait. The Microsoft situation is different. But you could imagine if they were the same, right?
This is a feature, not a hack. People have been able to rebrand IE as well as customize other parts of Windows for years. X10 just got their hands on an OEM Adaptation Kit and went nuts.
Hear hear! OEM clutter is like Microsoft clutter * 10. My girlfriend's laptop shipped with 15 apps from Compaq being started in the background. 15 processes?! Disabling all but 5 provided all the features she was ever likely to use and shortened the boot time by 90 seconds.
On the other hand, /. does allow
the teletype tag. Just call them old-school.
Um, no it's not. Not to take away from your rant, but ActiveX security settings are broken out separately. It's called Active Scripting because VBScript and Javascript are both supported by the browser.
This isn't insightful, it's crap. Win2K's multilanguage UI rocks. The same build supports dozens of languages and locales, and the APIs are Unicode-aware. As a Swedish-speaking person who wants to do their Japanese homework online, you just install the Japanese and Swedish locales, and swap them on the fly. Couldn't be cleaner.
What Slashdot is running is Perl, which deals only half-ass with UTF-8 and not at all with UTF-16 or any other form of Unicode encoding. Perl is 8-bit clean, but is completely unprepared to deal with 16 bit text. Also, what the heck is "running Unicode"? It's not an application or a daemon, it's a character encoding scheme.