Because I frequently visit websites (such as www.cvs.com) that expressly disallow Opera users to access the website for no apparent reason.
Leaving on "ID as IE" saves me hassle... plus I'm not a super hardcore must evangelize [X] browser person, Opera is the best I've found, so it is what I use. I could care less waht other people use.
I'm not sure if Opera lets you customize the UA string to whatever you like, but I find it best to add whatever string the page is looking for into my Firefox UA. For example, Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.12;.NET CLR 2.0.50727; not MSIE 6.0) Gecko/20080201 Firefox/2.0.0.12. The idea is that it gets you in without much trouble, while still letting the site know that you prefer a different browser and they should fix their site (or browser detection). Wouldn't it be great if every poorly coded site out there realized they were blocking browsers that worked just fine and fixed their code to allow them? Maybe the CVS site is done by a parent company which also does the sites for their other companies - pointing out the mistake on one site might lead to several sites getting fixed. The end result is simply more sites that "just work" which results in less time spent making 15 different versions of a website so that it works in all browsers, and more time spent making the website functional.
No the use Comcast Commercial rather than Residential!
I'm not sure what most banks actually use, I'm sure that the local 500 member Credit Unions doesn't get an OC-3 laid into their broom Closet I mean Data Center. Remember SQLslammer, it took out a lot of ATM machines by clogging the internet with jibberish, I think a lot of "banking security" is smoke and mirrors with a good dose of VPN for good measure.
We were discussing plans to roll out an optiman to one of our bigger offices, where Marketing may be relocating. When the monthly cost came up, a Marketing VP said, "Can't we use Comcast? They advertise the same speed and are a lot cheaper."
P.S. We have point to point T1s from our branches to our data center, with one central internet connection (not counting our backup stuff). Our branches and ATMs are all on our private network, not the general internet.
If it likes 12 volts then this will be perfect because any old deep cycle battery can then power the thing which means I can use it off grid. My Hawker battery cost over $400 bux. This drives a UPS which puts out 120 volts AC which goes into a switching power supply which puts out 5 & 12 volts DC. I think there are some optimizations which can take place here.
I read through those tips recently. They are generally good ways to improve security, but most are beyond the average user. Simply having people use non-admin accounts (with something like SudoWin for easy access to admin stuff) or even using DropMyRights on IE would probably be 90%+ as effective, and it should be a lot easier than going through all those pages of tips.
My biggest issue with those tips is that most things are way beyond the common user's understanding, and likely to cause issues. When someone does run into an issue, they don't have the first clue how to fix it. For example, AdBlock is a much better solution than a hosts file for general browsing. It's a lot easier to understand that */ads/* or *badstuff.com* is being blocked as opposed to figuring out why some random site is blocked due to getting an IP that's listed in some Windows LAN config file somewhere.
My parents and brothers are behind a NAT router using Firefox and Thunderbird with McAfee OAS and have no problems, despite running XP with admin accounts. My PC (also XP with admin account and Fx/Tb and McAfee) scored in the mid 50's on the CIS test linked from the tips, yet I've had no incidents (other than ones I manually triggered). Replacing a few obviously-busted programs with better alternatives and giving a little education will stop the vast majority of these problems.
I wasn't there, but I've always understood 'Mozilla' to be a funky portmanteau of 'Mosaic Killer', stemming from Marc Anderson's dream of Netscape reigning supreme over Mosaic, the ground-breaking NCSA-developed graphical browser. Anyone out there who was close to the action?
As a result, I never shed a tear for Netscape when IE wiped the floor with them, as it seemed to me that Netscape got exactly what they had set out to do to Mosaic.
It's a bit more complicated than that, as Netscape really was Mosaic in a way.
Marc Andreessen and Eric Bina originally designed and programmed NCSA Mosaic for Unix's X Window System at NCSA.
...
Marc Andreessen, the leader of the team that developed Mosaic, left NCSA and, with Jim Clark, one of the founders of Silicon Graphics, Inc. (SGI), and four other former students and staff of the University of Illinois, started Mosaic Communications Corporation. Mosaic Communications eventually became Netscape Communications Corporation, producing Netscape Navigator.
After his graduation from Illinois in 1993, Andreessen moved to California to work at Enterprise Integration Technologies. Andreessen then met with Jim Clark, the recently-departed founder of Silicon Graphics. Clark believed that the Mosaic browser had great commercial possibilities and provided the seed money. Soon Mosaic Communications Corporation was in business in Mountain View, California, with Andreessen appointed as a vice-president. The University of Illinois was unhappy with the company's use of the Mosaic name, so "Mosaic Communications Corporation" changed its name to Netscape Communications (thought up by sales representative Greg Sands) and its flagship web browser was the Netscape Navigator.
In other Mosaic/IE news...
Spyglass licensed the technology and trademarks from NCSA for producing their own web browser but never used any of the NCSA Mosaic source code. Microsoft licensed Spyglass Mosaic in 1995 for US$2 million, modified it, and renamed it Internet Explorer.
In other words, you're happy that Mosaic killed Mosaic because they wanted to kill Mosaic.
18. Ritz was not an authoritative name server, a DNS server, nor any kind of computer at the time he accessed Sierra's computer. I'm pretty sure that one wins some sort of award reserved for the highest level of intellectuals.
21. The information which Ritz published was not public. Moreover, much of the information was not publicly accessible. In all seriousness, I think this is where the major issue lies. The judge ruled that because most people don't know about host -l, that the information was private, even though it was publicly available with a standard command.
If Ritz had previously been ordered to leave Sierra alone, and hadn't, then that's a basis for the ruling right there, completely ignoring any aspect of DNS. From the court documents, the guy sounds like quite a piehole.
WRT54G (Arguably the most prolific consumer grade router in existence) does support static IP assignments via DHCP.
Certain versions, at least, do not. That was the main reason I switched to DD-WRT. The compact version also did not support it last I knew (a friend has this router).
But yes, even the D-Link DI-704 that I purchased in 2000 for $20 (i.e. it was really cheap a really long time ago) did support reserved DHCP, and I'll never again use a router without it. I personally find it unforgivable that Linksys' instructions for port forwarding essentially tell you to completely disable DHCP and just manually configure every device on your network.
It's really apples and oranges. In the IE test, the malicious file was running inside IE via the plugin. In the Firefox test, it was not running inside Firefox via a plugin. Since it wasn't running in a Firefox plugin, the test really doesn't say anything at all about Firefox or its plugin system.
When you use QT in Firefox, it appears in the FF window itself, it in a very real way seems to be part of FF. We aren't talking about opening a file that ten spawns another app, we are talking about opening something embedded in a page itself. As such FF is the one that is going to get blamed. Also, one can argue, they should share some of the blame. If you are loading a plugin in your app, perhaps you should load it in such a way that your app can keep control over it. Seems that the other browsers do this.
So while it isn't FF's responsibility to fix the specific bug, it could be an indication of how things should be done better.
Apples and oranges here. The plugin inside IE is protected via IE's features. The standalone app outside Firefox, as expected, is not protected by any features of Firefox.
I don't know why it's run as a standalone app rather than as a plugin inside Firefox. Perhaps they didn't install the Netscape plugin or it's misconfigured. Perhaps Apple did a poor job of coding the Netscape plugin and it can only support some features, and has to pass other stuff out to the external program. But as it stands, Symantec's results on Firefox have nothing to do with Firefox's plugin system.
How do so many people have a problem understanding this? It's simple:
Non-Firefox browser: exploit fails to execute, instead protected by bounds checking
Firefox: exploit executes unchecked
How is that NOT a Firefox problem? If you don't use Firefox, you're immune. If you do, you're vulnerable. Even if the final cause is currently QuickTime, it's only a matter of time until some other plugin is found vulnerable and exploitable under Firefox but nowhere else.
Besides, Firefox and IE use different plugin models. Apparently the flaw is with Firefox's plugin model - clearly a Firefox problem.
The headline should read "Vulnerability in QuickTime. IE mitigates attacks via its QT plugin. Firefox doesn't fix problem in QT."
Per the Symantec article, the issue as related to Firefox is not with a plugin. The article states that QuickTime is run as a plugin inside IE and Safari. The vulnerable software is run inside the browser, and thus falls under the browser's control. http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/Image_IE.html shows this. However, in the case of Firefox, QuickTime is run as a standalone app outside the browser. See http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/Image_FF.html. In this case, Firefox gets Item A and sees that the system is configured to handle that type of item with Program B. Therefore, Firefox hands Item A to Program B. It works exactly the same as launching the malicious file from the Run box.
Once again, it is not a problem with Firefox's plugin system because this is not running as a Firefox plugin. Let me correct your quote. See how that makes it a little less cut and dried?
Non-Firefox browser: exploit fails to execute inside browser plugin, instead protected by bounds checking
Firefox: exploit executes unchecked completely outside of Firefox
If there were a vulnerability in your email or FTP program, would you blame Firefox because it hands off mailto: and ftp: links to those external programs? Should Firefox be held responsible for malicious files (of any type - Word, MP3,.exe, etc.) that you download and then run externally? The Symantec article also mentions emailing attachments as an attack vector. Uh oh, Outlook and Thunderbird are also flawed, because they hand the file off to QuickTime to open too!
Also, judging by the IE pic, it appears that their "buffer overrun protection" is "crashing the browser". In this case, the QT vuln is also a DoS against IE, while Firefox does not have that vulnerability.
I agree that every program should do what it can to limit damage. However, Firefox can't do much about completely external programs. In this case, Firefox has no understanding of the data being downloaded, just that the system is configured to handle the data with a certain program. The only way to fix this is with filename/URL blacklisting so it doesn't open the bad URL (gee, that's practical) or by coding Firefox to understand every type of data it encounters. Essentially, code every other program into Firefox itself so that it can determine if the data is good or bad before handing it off (gee, that's practical). If this were a problem with a Firefox plugin, I would agree with you fully. However, it's a completely external program which Firefox has no control over, so I can't disagree more.
I know SHA0 and SHA1 are broken but SHA2? I thought they're still secure to use, especially the SHA2-512. What I am missing? From TFS:
because SHA-1 and the SHA-2 family share a similar design
Cedega isn't open-source, but they contribute back to wine, which is.
CCP paid for significant work on Cedega (and so wine) for EVE to run.
They changed their own code to improve compatibility.
As a result, you can now run EVE on wine, if you don't want to use the Cedega packaged client.
Here's the facts you need to know about Wine & Cedega:
Cedega's core is based off the original Wine tree and was forked in 2002. There are several core components that no longer share a similarity with Wine as it exists today.
TransGaming has not actively contributed to Wine in about 5 years with the exception of a few patches (less than 5 a year.)
VANCOUVER, Dec. 13/PRNewswire-FirstCall/ -- Absolute(R) Software ("Absolute") (TSX: ABT), the leading provider of computer theft protection and secure asset tracking solutions, today announced a milestone in the company's efforts to drive the standard for PC theft recovery and Secure Asset Tracking(TM) - the availability of Computrace support in the BIOS across all four of the top tier PC manufacturers' commercial notebook lines.
Absolute first announced BIOS support for its theft protection technology with IBM/Lenovo on February 1, 2005; followed by announcements with Gateway on August 9th and HP on October 4th. Today, Dell announced a set of customer solutions that leverages Dell's embedded BIOS support for Computrace allowing customers to address issues of regulatory compliance, data protection and PC theft recovery.
We don't use it here, but I believe once you enable it in the BIOS, it can't be disabled. Obviously, there's always a way to disable everything, but it's not a matter of formatting a drive or changing a BIOS setting. It comes down to hex-editing the BIOS data or replacing the BIOS chip or something.
I like Open Source software and Mozilla as much as the next guy, but doesn't it make sense to have your embedded controls be tightly integrated with the Operating System?
Why would you want your embedded controls to be tightly integrated with your OS? There's no reason for an HTML window to need tight OS integration. It's another web browser that's susceptible to all the issues that the core HTML engine is. It wouldn't necessarily be subject to the full browser's interface bugs, but it's got the same core so it would share those vulns. Ideally, you wouldn't want any integration with the OS.
I'd rather not need to have both IE and Gecko loaded into memory whenever I run Winamp.
This acts as a full replacement for the IE control. If you have some apps calling one and some apps calling the other, yes, both will be loaded into memory. However, if all apps call only Gecko, then only Gecko will be loaded into memory. Excluding behind-the-scenes OS-IE integration that causes (parts of) IE to be loaded, of course; the apps themselves will only load one or the other.
Re:You don't need Outlook for either of those
on
Free IMAP On Gmail
·
· Score: 2, Informative
You'll need Outlook. Any version will do I think, other email clients might work though in my experience Outlook Express doesn't work and neither does the Windows Live Mail client. Thunderbird should work though, but of course if you have a hotmail account or you use exchange, your only option will be to use Outlook. Basically with Outlook simply copy/move your folders (right click or drag) that you need from an existing imap/pop/mapi account whatever and put them into the google imap account. It should be that simple, of course it'll mean uploading the email you copy, so if you have a lot of it or are on a slow connection it will take time.
Thunderbird can access Hotmail and other webmail accounts with the Webmail extension. I'm using it to access my Hotmail and Yahoo accounts. Likewise, Exchange is usually configured to support POP and/or IMAP, meaning any decent mail client can pull emails from it. See http://www.msexchange.org/tutorials/Connecting_POP_And_IMAP_Clients_To_MS_Exchange_Server.html for details. That won't give you access to all the other features, but it will let you get to your mailbox.
Closed ports block incoming connections, but outgoing connections are unaffected. Technically we are both correct on this point. You are merely specifying the mechanism, while I was specifying the result.
And yes, BitTorrent is designed to favor those who share more over people who are leeching, so those who don't upload are inherently throttled down. This is not correct.
The bittorrent protocol includes information that allows the clients to attempt to throttle people who don't upload, but nothing about the protocol requires throttling, or inherently favors people who upload over those who don't. Blizzard almost certainly isn't using this capability in their bittorrent based patch downloader. It wouldn't be in their best interests.
Regardless, the closed ports prevent the sending of data, not the receiving. Unless they are using throttling on users who aren't uploading the downloads should proceed just as quickly with the ports closed as open.
Closed ports block incoming connections, but outgoing connections are unaffected. It doesn't have any direct effect on data, either sending or receiving, just who you can and can't connect to (which in turn affects data transfer). And yes, BitTorrent is designed to favor those who share more over people who are leeching, so those who don't upload are inherently throttled down.
Ports aren't really the problem. If you don't forward ports, other people can't initiate connections with you - you can only initiate connections to others. That's just the way NAT and port forwarding work. If you and another guy both have port forwarding disabled, neither of you can connect to the other. If either of you have port forwarding configured, the other one can initiate the connection and sharing can commence. If you only have 10 people in the swarm, cutting out half the people due to a lack of port forwarding will severely impact your download rates. However, cutting out half of the millions of WoW players still leaves over a million other users to connect to, which should be plenty to max out your download. See http://bt.degreez.net/firewalled.html and http://userpages.umbc.edu/~hamilton/btclientconfig.html for more info.
...Blizzard's download client doesn't seem to pay much regard to your upstream speed, and therefore frequently saturates your connection to the point where the patch download actually slows down.
This is the real problem. Blizzard's BT client has very poor or no upload control. While downloading a file, a connection occasionally reports its status back to the sender, letting it know to keep sending data (in greatly simplified terms). If you're saturating your upload channel, your download can't report back that it's good for more data - the upload chokes off the download. It's very common with improperly configured BT clients, but can show up anytime you're uploading something (for example, unchecked uploading via FTP).
I can verify the other poster's claim. I watched as the Blizzard patcher saturated my upload and downloaded at <2K. Using an external app, I limited the patcher's upload to about 3K less than what it had been using. With no other changes, the patcher took off and maxed out my download speed.
Http:BL is a system that allows website administrators to take advantage of the data generated by Project Honey Pot in order to keep suspicious and malicious web robots off their sites. Project Honey Pot tracks harvesters, comment spammers, and other suspicious visitors to websites. Http:BL makes this data available to any member of Project Honey Pot in an easy and efficient way.
There are plugins for WordPress, phpBB, and many others. Use http://www.projecthoneypot.org?rf=32167 if you want to give me some credit when you register. Or not, whatever.
The thing you need to remember is that by default, you have no rights to the source code of said GPL software. It's covered by the same copyright laws that make it illegal to pirate Windows and such. However, there is the added option of gaining access to the source, if you choose to agree to certain terms.
Your whole idea of whether or not there is a transaction taking place is a technical nitpick that can be left up to the courts. It's along the same lines as the debate over the validity of click-through EULAs. What if I view the source and see where the "Agree" button links, but never actually click the button? Is that the same as clicking the button? As for being able to download it without clicking on some sort of license agreement, does that mean if I find a copy of Windows on some site that allows open downloading, I suddenly can use it without any regard for its licensing? Can I just take something from a sidewalk vendor stand, since it's out in the open and not a "real" store? Whether or not downloading software packaged with license details constitutes a legally binding agreement is completely separate from the validity of the license itself.
GPL is most definitely a "free with strings attached" license. You get it for free, and the attached string is that you have to pass it on to others freely (just as you received it freely). If you don't like that idea, don't use/support the GPL. The rest of your comments about transactions are legal details which don't apply to the GPL any more than to any other license, except that it's easier to find GPL software which you could use in violation of copyright law (as opposed to the hidden-away closed source of other programs).
Next time you are at the supermarket and they have those little hotdogs with toothpicks and a sign that says "take one, free", imagine how goofy it would be if there was a piece of paper next to them that had terms and conditions of taking it for free. Next time you're at the supermarket and they have one of those "buy one, get one free" sales, take the free one and tell them how goofy it is that they're forcing you to do something else to get the free one.
http://wiki.winehq.org/Parallels
NOTE: On July 2nd, Parallels sent the modified sources to me(Stefan Dösinger). I am currently looking at them and trying to find a place where I can upload them.
# July 2, 2007: Parallels opened up the modified WineD3D sources. (At least they sent out a package of modified Wine DLLs, I am currently looking at them).
Challenge-Response systems won't work if both parties use them and haven't previously emailed each other. Not extremely likely, but the possibility increases as more and more people use these systems. The best example is a mutual friend, who passes the email address of one person on to another (e.g. a job opportunity). The two people have never corresponded via email, so neither one has the other "approved" in their system. Person A's email gets quarantined by Person B's C-R system. Person B's C-R validation email gets quarantined by Person A's C-R system. Both systems just sit there waiting on the other. With a manual check, you could override this (but you can generally override any type of spam filtering if it's halfway decent software).
Any system built-in to detect other C-R systems and try to allow their verification emails through would get exploited by spammers (just like today's NDR-imitating spams). As more and more people started using these systems, spammers would devote more resources at developing automated ways around them. I'm sure it wouldn't be too hard for some program to recognize a C-R email and just click the link in it or send another email or whatever. And that's not even considering the issues of JoeJobs and dumping your spam-filtering labor back onto others, as mentioned above.
This is currently a way to reduce spam, but it isn't the solution.
Yes, this is basically just a slightly modded version of Firefox. They have a link from http://browser.netscape.com/ to https://addons.mozilla.org/en-US/firefox/user/5683 6 if you want to add their stuff to your Firefox. I'm not sure on the details, but this should give you at least some of the benefits of Netscape without having to use their full product.
From TFS:
Soloway is accused of using botnets to disguise where e-mail originated and of forging return addresses of real people or businesses for his mass mailings.
Slashdot Mirror
I'm not sure if Opera lets you customize the UA string to whatever you like, but I find it best to add whatever string the page is looking for into my Firefox UA. For example, Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.12; .NET CLR 2.0.50727; not MSIE 6.0) Gecko/20080201 Firefox/2.0.0.12. The idea is that it gets you in without much trouble, while still letting the site know that you prefer a different browser and they should fix their site (or browser detection). Wouldn't it be great if every poorly coded site out there realized they were blocking browsers that worked just fine and fixed their code to allow them? Maybe the CVS site is done by a parent company which also does the sites for their other companies - pointing out the mistake on one site might lead to several sites getting fixed. The end result is simply more sites that "just work" which results in less time spent making 15 different versions of a website so that it works in all browsers, and more time spent making the website functional.
I'm not sure what most banks actually use, I'm sure that the local 500 member Credit Unions doesn't get an OC-3 laid into their broom Closet I mean Data Center. Remember SQLslammer, it took out a lot of ATM machines by clogging the internet with jibberish, I think a lot of "banking security" is smoke and mirrors with a good dose of VPN for good measure.
We were discussing plans to roll out an optiman to one of our bigger offices, where Marketing may be relocating. When the monthly cost came up, a Marketing VP said, "Can't we use Comcast? They advertise the same speed and are a lot cheaper."
P.S. We have point to point T1s from our branches to our data center, with one central internet connection (not counting our backup stuff). Our branches and ATMs are all on our private network, not the general internet.
FYI, http://www.truecrypt.org/downloads.php links to http://truecrypt.sourceforge.net/downloads/TrueCrypt%20Setup%205.0.exe.
Check out Opus. They're big in the auto-PC crowd. http://www.opussolutions.com/index.php?p=products&id=4
I read through those tips recently. They are generally good ways to improve security, but most are beyond the average user. Simply having people use non-admin accounts (with something like SudoWin for easy access to admin stuff) or even using DropMyRights on IE would probably be 90%+ as effective, and it should be a lot easier than going through all those pages of tips.
My biggest issue with those tips is that most things are way beyond the common user's understanding, and likely to cause issues. When someone does run into an issue, they don't have the first clue how to fix it. For example, AdBlock is a much better solution than a hosts file for general browsing. It's a lot easier to understand that */ads/* or *badstuff.com* is being blocked as opposed to figuring out why some random site is blocked due to getting an IP that's listed in some Windows LAN config file somewhere.
My parents and brothers are behind a NAT router using Firefox and Thunderbird with McAfee OAS and have no problems, despite running XP with admin accounts. My PC (also XP with admin account and Fx/Tb and McAfee) scored in the mid 50's on the CIS test linked from the tips, yet I've had no incidents (other than ones I manually triggered). Replacing a few obviously-busted programs with better alternatives and giving a little education will stop the vast majority of these problems.
I wasn't there, but I've always understood 'Mozilla' to be a funky portmanteau of 'Mosaic Killer', stemming from Marc Anderson's dream of Netscape reigning supreme over Mosaic, the ground-breaking NCSA-developed graphical browser. Anyone out there who was close to the action?
As a result, I never shed a tear for Netscape when IE wiped the floor with them, as it seemed to me that Netscape got exactly what they had set out to do to Mosaic.
It's a bit more complicated than that, as Netscape really was Mosaic in a way.
http://en.wikipedia.org/wiki/Mosaic_(web_browser)Marc Andreessen and Eric Bina originally designed and programmed NCSA Mosaic for Unix's X Window System at NCSA.
...
Marc Andreessen, the leader of the team that developed Mosaic, left NCSA and, with Jim Clark, one of the founders of Silicon Graphics, Inc. (SGI), and four other former students and staff of the University of Illinois, started Mosaic Communications Corporation. Mosaic Communications eventually became Netscape Communications Corporation, producing Netscape Navigator.
http://en.wikipedia.org/wiki/Netscape_NavigatorAfter his graduation from Illinois in 1993, Andreessen moved to California to work at Enterprise Integration Technologies. Andreessen then met with Jim Clark, the recently-departed founder of Silicon Graphics. Clark believed that the Mosaic browser had great commercial possibilities and provided the seed money. Soon Mosaic Communications Corporation was in business in Mountain View, California, with Andreessen appointed as a vice-president. The University of Illinois was unhappy with the company's use of the Mosaic name, so "Mosaic Communications Corporation" changed its name to Netscape Communications (thought up by sales representative Greg Sands) and its flagship web browser was the Netscape Navigator.
In other Mosaic/IE news...
Spyglass licensed the technology and trademarks from NCSA for producing their own web browser but never used any of the NCSA Mosaic source code. Microsoft licensed Spyglass Mosaic in 1995 for US$2 million, modified it, and renamed it Internet Explorer.In other words, you're happy that Mosaic killed Mosaic because they wanted to kill Mosaic.
If Ritz had previously been ordered to leave Sierra alone, and hadn't, then that's a basis for the ruling right there, completely ignoring any aspect of DNS. From the court documents, the guy sounds like quite a piehole.
Certain versions, at least, do not. That was the main reason I switched to DD-WRT. The compact version also did not support it last I knew (a friend has this router).
But yes, even the D-Link DI-704 that I purchased in 2000 for $20 (i.e. it was really cheap a really long time ago) did support reserved DHCP, and I'll never again use a router without it. I personally find it unforgivable that Linksys' instructions for port forwarding essentially tell you to completely disable DHCP and just manually configure every device on your network.
Explain to me why the term "firefox" doesn't belong in the vulnerability writeup when only firefox users are exposed?
If you look at the Symantec article, the malicious file ran in the standalone QT app, not in a Firefox plugin. http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/Image_FF.html
It's really apples and oranges. In the IE test, the malicious file was running inside IE via the plugin. In the Firefox test, it was not running inside Firefox via a plugin. Since it wasn't running in a Firefox plugin, the test really doesn't say anything at all about Firefox or its plugin system.
So while it isn't FF's responsibility to fix the specific bug, it could be an indication of how things should be done better.
No, the testing done in the article was not embedded inside the Firefox window. It did indeed spawn a completely separate app. http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/Image_FF.html
Apples and oranges here. The plugin inside IE is protected via IE's features. The standalone app outside Firefox, as expected, is not protected by any features of Firefox.
I don't know why it's run as a standalone app rather than as a plugin inside Firefox. Perhaps they didn't install the Netscape plugin or it's misconfigured. Perhaps Apple did a poor job of coding the Netscape plugin and it can only support some features, and has to pass other stuff out to the external program. But as it stands, Symantec's results on Firefox have nothing to do with Firefox's plugin system.
Non-Firefox browser: exploit fails to execute, instead protected by bounds checking
Firefox: exploit executes unchecked
How is that NOT a Firefox problem? If you don't use Firefox, you're immune. If you do, you're vulnerable. Even if the final cause is currently QuickTime, it's only a matter of time until some other plugin is found vulnerable and exploitable under Firefox but nowhere else.
Besides, Firefox and IE use different plugin models. Apparently the flaw is with Firefox's plugin model - clearly a Firefox problem.
The headline should read "Vulnerability in QuickTime. IE mitigates attacks via its QT plugin. Firefox doesn't fix problem in QT."
Per the Symantec article, the issue as related to Firefox is not with a plugin. The article states that QuickTime is run as a plugin inside IE and Safari. The vulnerable software is run inside the browser, and thus falls under the browser's control. http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/Image_IE.html shows this. However, in the case of Firefox, QuickTime is run as a standalone app outside the browser. See http://www.symantec.com/enterprise/security_response/weblog/upload/2007/11/Image_FF.html. In this case, Firefox gets Item A and sees that the system is configured to handle that type of item with Program B. Therefore, Firefox hands Item A to Program B. It works exactly the same as launching the malicious file from the Run box.
Once again, it is not a problem with Firefox's plugin system because this is not running as a Firefox plugin. Let me correct your quote. See how that makes it a little less cut and dried?
If there were a vulnerability in your email or FTP program, would you blame Firefox because it hands off mailto: and ftp: links to those external programs? Should Firefox be held responsible for malicious files (of any type - Word, MP3, .exe, etc.) that you download and then run externally? The Symantec article also mentions emailing attachments as an attack vector. Uh oh, Outlook and Thunderbird are also flawed, because they hand the file off to QuickTime to open too!
Also, judging by the IE pic, it appears that their "buffer overrun protection" is "crashing the browser". In this case, the QT vuln is also a DoS against IE, while Firefox does not have that vulnerability.
I agree that every program should do what it can to limit damage. However, Firefox can't do much about completely external programs. In this case, Firefox has no understanding of the data being downloaded, just that the system is configured to handle the data with a certain program. The only way to fix this is with filename/URL blacklisting so it doesn't open the bad URL (gee, that's practical) or by coding Firefox to understand every type of data it encounters. Essentially, code every other program into Firefox itself so that it can determine if the data is good or bad before handing it off (gee, that's practical). If this were a problem with a Firefox plugin, I would agree with you fully. However, it's a completely external program which Firefox has no control over, so I can't disagree more.
CCP paid for significant work on Cedega (and so wine) for EVE to run.
They changed their own code to improve compatibility.
As a result, you can now run EVE on wine, if you don't want to use the Cedega packaged client.
No, Cedega doesn't generally contribute back to Wine. The two are basically completely separate projects now. http://www.winehq.org/?issue=329#Cedega%206.0%20&%20Wine%20Benchmarks
Here's the facts you need to know about Wine & Cedega:VANCOUVER, Dec. 13 /PRNewswire-FirstCall/ -- Absolute(R) Software ("Absolute") (TSX: ABT), the leading provider of computer theft protection and secure asset tracking solutions, today announced a milestone in the company's efforts to drive the standard for PC theft recovery and Secure Asset Tracking(TM) - the availability of Computrace support in the BIOS across all four of the top tier PC manufacturers' commercial notebook lines.
Absolute first announced BIOS support for its theft protection technology with IBM/Lenovo on February 1, 2005; followed by announcements with Gateway on August 9th and HP on October 4th. Today, Dell announced a set of customer solutions that leverages Dell's embedded BIOS support for Computrace allowing customers to address issues of regulatory compliance, data protection and PC theft recovery.
We don't use it here, but I believe once you enable it in the BIOS, it can't be disabled. Obviously, there's always a way to disable everything, but it's not a matter of formatting a drive or changing a BIOS setting. It comes down to hex-editing the BIOS data or replacing the BIOS chip or something.
I like Open Source software and Mozilla as much as the next guy, but doesn't it make sense to have your embedded controls be tightly integrated with the Operating System?
Why would you want your embedded controls to be tightly integrated with your OS? There's no reason for an HTML window to need tight OS integration. It's another web browser that's susceptible to all the issues that the core HTML engine is. It wouldn't necessarily be subject to the full browser's interface bugs, but it's got the same core so it would share those vulns. Ideally, you wouldn't want any integration with the OS.
I'd rather not need to have both IE and Gecko loaded into memory whenever I run Winamp.This acts as a full replacement for the IE control. If you have some apps calling one and some apps calling the other, yes, both will be loaded into memory. However, if all apps call only Gecko, then only Gecko will be loaded into memory. Excluding behind-the-scenes OS-IE integration that causes (parts of) IE to be loaded, of course; the apps themselves will only load one or the other.
Thunderbird can access Hotmail and other webmail accounts with the Webmail extension. I'm using it to access my Hotmail and Yahoo accounts. Likewise, Exchange is usually configured to support POP and/or IMAP, meaning any decent mail client can pull emails from it. See http://www.msexchange.org/tutorials/Connecting_POP_And_IMAP_Clients_To_MS_Exchange_Server.html for details. That won't give you access to all the other features, but it will let you get to your mailbox.
Closed ports block incoming connections, but outgoing connections are unaffected. It doesn't have any direct effect on data, either sending or receiving, just who you can and can't connect to (which in turn affects data transfer). And yes, BitTorrent is designed to favor those who share more over people who are leeching, so those who don't upload are inherently throttled down.
Ports aren't really the problem. If you don't forward ports, other people can't initiate connections with you - you can only initiate connections to others. That's just the way NAT and port forwarding work. If you and another guy both have port forwarding disabled, neither of you can connect to the other. If either of you have port forwarding configured, the other one can initiate the connection and sharing can commence. If you only have 10 people in the swarm, cutting out half the people due to a lack of port forwarding will severely impact your download rates. However, cutting out half of the millions of WoW players still leaves over a million other users to connect to, which should be plenty to max out your download. See http://bt.degreez.net/firewalled.html and http://userpages.umbc.edu/~hamilton/btclientconfig.html for more info.
...Blizzard's download client doesn't seem to pay much regard to your upstream speed, and therefore frequently saturates your connection to the point where the patch download actually slows down.This is the real problem. Blizzard's BT client has very poor or no upload control. While downloading a file, a connection occasionally reports its status back to the sender, letting it know to keep sending data (in greatly simplified terms). If you're saturating your upload channel, your download can't report back that it's good for more data - the upload chokes off the download. It's very common with improperly configured BT clients, but can show up anytime you're uploading something (for example, unchecked uploading via FTP).
I can verify the other poster's claim. I watched as the Blizzard patcher saturated my upload and downloaded at <2K. Using an external app, I limited the patcher's upload to about 3K less than what it had been using. With no other changes, the patcher took off and maxed out my download speed.
Solution? Extract the .torrent file from the patcher and download it with your regular BT client. CapnBry's WoW Torrent Extract will easily extract it for you, and I post them as soon as I can at http://gaming.invisibill.net.nyud.net/wow/torrents/.
Http:BL is a system that allows website administrators to take advantage of the data generated by Project Honey Pot in order to keep suspicious and malicious web robots off their sites. Project Honey Pot tracks harvesters, comment spammers, and other suspicious visitors to websites. Http:BL makes this data available to any member of Project Honey Pot in an easy and efficient way.
There are plugins for WordPress, phpBB, and many others. Use http://www.projecthoneypot.org?rf=32167 if you want to give me some credit when you register. Or not, whatever.
The thing you need to remember is that by default, you have no rights to the source code of said GPL software. It's covered by the same copyright laws that make it illegal to pirate Windows and such. However, there is the added option of gaining access to the source, if you choose to agree to certain terms.
Your whole idea of whether or not there is a transaction taking place is a technical nitpick that can be left up to the courts. It's along the same lines as the debate over the validity of click-through EULAs. What if I view the source and see where the "Agree" button links, but never actually click the button? Is that the same as clicking the button? As for being able to download it without clicking on some sort of license agreement, does that mean if I find a copy of Windows on some site that allows open downloading, I suddenly can use it without any regard for its licensing? Can I just take something from a sidewalk vendor stand, since it's out in the open and not a "real" store? Whether or not downloading software packaged with license details constitutes a legally binding agreement is completely separate from the validity of the license itself.
GPL is most definitely a "free with strings attached" license. You get it for free, and the attached string is that you have to pass it on to others freely (just as you received it freely). If you don't like that idea, don't use/support the GPL. The rest of your comments about transactions are legal details which don't apply to the GPL any more than to any other license, except that it's easier to find GPL software which you could use in violation of copyright law (as opposed to the hidden-away closed source of other programs).
Next time you are at the supermarket and they have those little hotdogs with toothpicks and a sign that says "take one, free", imagine how goofy it would be if there was a piece of paper next to them that had terms and conditions of taking it for free. Next time you're at the supermarket and they have one of those "buy one, get one free" sales, take the free one and tell them how goofy it is that they're forcing you to do something else to get the free one.Challenge-Response systems won't work if both parties use them and haven't previously emailed each other. Not extremely likely, but the possibility increases as more and more people use these systems. The best example is a mutual friend, who passes the email address of one person on to another (e.g. a job opportunity). The two people have never corresponded via email, so neither one has the other "approved" in their system. Person A's email gets quarantined by Person B's C-R system. Person B's C-R validation email gets quarantined by Person A's C-R system. Both systems just sit there waiting on the other. With a manual check, you could override this (but you can generally override any type of spam filtering if it's halfway decent software).
Any system built-in to detect other C-R systems and try to allow their verification emails through would get exploited by spammers (just like today's NDR-imitating spams). As more and more people started using these systems, spammers would devote more resources at developing automated ways around them. I'm sure it wouldn't be too hard for some program to recognize a C-R email and just click the link in it or send another email or whatever. And that's not even considering the issues of JoeJobs and dumping your spam-filtering labor back onto others, as mentioned above.
This is currently a way to reduce spam, but it isn't the solution.
Yes, this is basically just a slightly modded version of Firefox. They have a link from http://browser.netscape.com/ to https://addons.mozilla.org/en-US/firefox/user/5683 6 if you want to add their stuff to your Firefox. I'm not sure on the details, but this should give you at least some of the benefits of Netscape without having to use their full product.