"Most of these vulnerabilites come down to checking user input."
While many programming languages have "tainting" mode, are there any IDEs which use syntax-highlighting to display tainted variables in red, up until the line where they're sanitized (for various configurable definitions of sane)?
(p.s. don't bother patenting it, this comment is prior art)
"They should do like the Gnome splash screen, and make it dissapear as soon as you click on it. Occasionally it hangs around until you click on it though, maybe skip that "feature".;)"
Or gnu-cash, which displays so many screens when you first run it that it takes a minute to figure out which is the tip-of-the-day, which is the application, which is the splash-screen, and which are the first-time setup wizards....
"Welcome to Konsole. Did you know that you can type text to run commands? [X] Show tips on startup"
"It's a vulnerability, but it's the correct behaviour. Browsers should open the window in the target pop-up window, even if the page opening the page does not own that window, as I recall. As they say, that's no bug..."
So the security risk would be using popups and named windows in your website? Just a webdesign issue.
A P2P-ish RSS system that: * Attempts to make each client capable (but not always used) of functioning as a caching server for the feed * Has a top-level owner of a feed who has sole rights to update the feed. Perhaps passing public/private keys with the feed to ensure no tampering. Anyone who wanted to subscribe to the feed would need to connect to the top-level one time to get the keys before using RSS-P2P caches.
"I got outlook quote fix, which makes makes it easier to quote in accepted "net" style. A few days later I was called in by our VP and told that I needed to start top posting like everyone else"
Because it disrupts the normal flow of conversation. Why is top-posting bad?
"And I think gave a good argument why it isn't likely:"
Basically "low price: is incompatible with Apple"
Re:Somone get these ppl some free software!
on
Given Up to Spyware?
·
· Score: 1
"The problem is communication and perhaps marketing. How is Joe User supposed to know Bearshare is spyware but eMule isn't?"
Honest, this isn't a troll, but:
Emule # Development Status: 4 - Beta, 5 - Production/Stable # Intended Audience: End Users/Desktop # License: GNU General Public License (GPL) # Operating System: 32-bit MS Windows (95/98), 32-bit MS Windows (NT/2000/XP), All 32-bit MS Windows (95/98/NT/2000/XP), Win2K, WinXP # Programming Language: C++ # Topic: File Sharing
Bearshare The license granted under this Agreement prohibits you from doing any of the following...
The message seems to be quite clear - you can trust GPL software. As you say, it's a marketing problem. I didn't know anything about those two fileshare programs until a moment ago, but a quick look at the license for each strongly suggests which one is trustworthy.
BearShare has an EULA with restrictions on use, eMule has an optional distribution license, with no restrictions on use. If anyone is teaching relatives how to recognise trustworthy software, this is one good test to let people know about.
"I was at CRYPTO this year (a top-flight crypto conference, held every year at UCSB in california). A student's visa to come into the country to present her own paper was held up so long she couldn't even make it to the conference"
Wasn't CRYPTO supposed to be moved outside of the US, for exactly this reason? I know that some conferences have been moved, and crypto would be the obvious candidate.
(also to encourage peoplewho are worried about the US' reaction to their research)
"While you're thanking the USPTO, why not rub a few brain cells together and thank the people responsible for the problem?"
The UK is pushing bad patent laws at the moment, and as far as I can tell, it's the Patent Office which is the main proponent.
For example, there's a meeting (think "lecture" rather than "consultation") on 14th December, and it's the Patent Office which is telling people why they must accept these new laws, it's the Patent office which has "created" (best word for it) all the supporting evidence and faked opinions of people who think that software patents are somehow not harmful.
Thunderbird reaches version 0.9, and still you can't specify the "From" address of an email message.
Presumably it still creates a whole new folder structure for each and every email account you have?
And of course, there's the fascination with switching to HTML mode at every opportunity. In fact, all new email clients seem to be like this. Where's the button for "see no HTML, speak no HTML, think no HTML"?
"There was a guy in Glasgow, who lived not far from where I am now, that worked alongside one of my friends on a North Sea oilrig. He took a positioning beacon home with him (why? Who knows? It's four feet long, bright orange, and very heavy. How did he even get it about the helicopter?). He then placed his purloined "toy" in a cupboard. One of his children knocked it over, a couple of weeks later, activating it. Within 10 minutes, there was a Coastguard helicopter hovering over this house in the middle of Maryhill..."
Could we perhaps give these coastguards a map, marked with areas such as "ocean" (likely place for ships to sink), and "land" (unlikely place for ships to sink)?
"You could write a startup script on the machine to reset the home and search pages to a default you specify. Better yet, use group policy. Go to User Configuration\Administrative Templates\Windows Components\Internet Explorer and enable these policies: Disable changing homepage settings Search: disable search customization"
Based on 2 observations: 1) Everyone with their own computer uses google as the homepage (for them to use) 2) Every corporate admin sets their company website as the homepage (for other people to use)
There might be a communication problem to solve at many places, before anyone comes in with the "Disable changing homepage settings" final solution..
Slashdot Mirror
"Most of these vulnerabilites come down to checking user input."
While many programming languages have "tainting" mode, are there any IDEs which use syntax-highlighting to display tainted variables in red, up until the line where they're sanitized (for various configurable definitions of sane)?
(p.s. don't bother patenting it, this comment is prior art)
"They should do like the Gnome splash screen, and make it dissapear as soon as you click on it. Occasionally it hangs around until you click on it though, maybe skip that "feature". ;)"
Or gnu-cash, which displays so many screens when you first run it that it takes a minute to figure out which is the tip-of-the-day, which is the application, which is the splash-screen, and which are the first-time setup wizards....
"Welcome to Konsole. Did you know that you can type text to run commands? [X] Show tips on startup"
"It's a vulnerability, but it's the correct behaviour. Browsers should open the window in the target pop-up window, even if the page opening the page does not own that window, as I recall. As they say, that's no bug..."
So the security risk would be using popups and named windows in your website? Just a webdesign issue.
"Now I can add all of my typos and misspellings to the dictionary and the slashdot spelling weenies won't be able to say anything."
Blackadder offers his most enthusiastic contrafibularatories to this project...
A P2P-ish RSS system that:
* Attempts to make each client capable (but not always used) of functioning as a caching server for the feed
* Has a top-level owner of a feed who has sole rights to update the feed. Perhaps passing public/private keys with the feed to ensure no tampering. Anyone who wanted to subscribe to the feed would need to connect to the top-level one time to get the keys before using RSS-P2P caches.
Like this one?
"Damn, my cat only has an MCSE... Well, almost. He did fail TCP/IP."
Didn't play well with cat 5?
"I got outlook quote fix, which makes makes it easier to quote in accepted "net" style. A few days later I was called in by our VP and told that I needed to start top posting like everyone else"
Because it disrupts the normal flow of conversation.
Why is top-posting bad?
"And I think gave a good argument why it isn't likely:"
Basically "low price: is incompatible with Apple"
"The problem is communication and perhaps marketing. How is Joe User supposed to know Bearshare is spyware but eMule isn't?"
Honest, this isn't a troll, but:
Emule
# Development Status: 4 - Beta, 5 - Production/Stable
# Intended Audience: End Users/Desktop
# License: GNU General Public License (GPL)
# Operating System: 32-bit MS Windows (95/98), 32-bit MS Windows (NT/2000/XP), All 32-bit MS Windows (95/98/NT/2000/XP), Win2K, WinXP
# Programming Language: C++
# Topic: File Sharing
Bearshare
The license granted under this Agreement prohibits you from doing any of the following...
The message seems to be quite clear - you can trust GPL software. As you say, it's a marketing problem. I didn't know anything about those two fileshare programs until a moment ago, but a quick look at the license for each strongly suggests which one is trustworthy.
BearShare has an EULA with restrictions on use, eMule has an optional distribution license, with no restrictions on use. If anyone is teaching relatives how to recognise trustworthy software, this is one good test to let people know about.
"I was at CRYPTO this year (a top-flight crypto conference, held every year at UCSB in california). A student's visa to come into the country to present her own paper was held up so long she couldn't even make it to the conference"
Wasn't CRYPTO supposed to be moved outside of the US, for exactly this reason? I know that some conferences have been moved, and crypto would be the obvious candidate.
(also to encourage peoplewho are worried about the US' reaction to their research)
"I'd think anyone planning crimes on IRC would be a complete moron"
Aren't DDOS attacks controlled via public IRC servers?
"You mean the "Start" button that is, among other things, used for shutting down Windows?"
Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the start of the shutdown.
"Do you really think that serious counterfeiters use consumer printers?"
Do you really think that this is an anti-counterfeiting measure?
"While you're thanking the USPTO, why not rub a few brain cells together and thank the people responsible for the problem?"
The UK is pushing bad patent laws at the moment, and as far as I can tell, it's the Patent Office which is the main proponent.
For example, there's a meeting (think "lecture" rather than "consultation") on 14th December, and it's the Patent Office which is telling people why they must accept these new laws, it's the Patent office which has "created" (best word for it) all the supporting evidence and faked opinions of people who think that software patents are somehow not harmful.
"There is so much prior art for this that its not even funny"
Even if there wasn't, would it be okay to give a patent to the first person to use such a system?
Patent: a method for preventing society from improving.
Thunderbird reaches version 0.9, and still you can't specify the "From" address of an email message.
Presumably it still creates a whole new folder structure for each and every email account you have?
And of course, there's the fascination with switching to HTML mode at every opportunity. In fact, all new email clients seem to be like this.
Where's the button for "see no HTML, speak no HTML, think no HTML"?
"So why would anyone be silly enough to keep the only copies of their music on their iPod, forcing them to then use this tool?"
Just to check: you spent hundreds of dollars on a 60 "GB" external hard-disk device, and you don't think it's reasonable to use it as a backup device?
Hard disks fail. Both the ones in your PC, and the ones on your iPod. And 60GB doesn't fit on a CDR
Detailed reporting
"Why did you choose Debian and not Gentoo as the base of the Ubuntu distribution? What do you think of Gentoo in general?"
foreach ("Mandrakelinux ", "Fedora", "Knoppix", "SUSE", "Slackware", "Gentoo", "MEPIS", "PCLinuxOS", "Damn Small", "FreeBSD", "Xandros", "Vine", "Yoper", "Red Hat", "SLAX", "Linspire", "Gnoppix", "Feather", "Turbolinux", "Vector", "Aurox", "Lycoris", "KANOTIX", "Arch", "Onebase", "Buffalo", "Sun JDS", "Lorma", "Libranet", "Vidalinux", "Conectiva", "GeeXboX", "Puppy", "Mandows", "Devil", "Ark", "CRUX", "SAM", "White Box", "Yellow Dog")
{
print "Why did you choose Debian and not $_ as the base of the Ubuntu distribution? What do you think of $_ in general?";
}
Even better, try commenting something out and wondering why some perfectly reasonable logic is screwed:
Gentoo: "Only 17 days left until we can leave hon, I'm just compiling starter.so"
Windows: "You have 27 days to register before your car is deactivated"
Linux: F*!*ing XFree86-config... (sorry, installing debian at the moment)
BSD: Only one careful driver in the last 10 years.
"There was a guy in Glasgow, who lived not far from where I am now, that worked alongside one of my friends on a North Sea oilrig. He took a positioning beacon home with him (why? Who knows? It's four feet long, bright orange, and very heavy. How did he even get it about the helicopter?). He then placed his purloined "toy" in a cupboard. One of his children knocked it over, a couple of weeks later, activating it. Within 10 minutes, there was a Coastguard helicopter hovering over this house in the middle of Maryhill..."
Could we perhaps give these coastguards a map, marked with areas such as "ocean" (likely place for ships to sink), and "land" (unlikely place for ships to sink)?
"You could write a startup script on the machine to reset the home and search pages to a default you specify.
Better yet, use group policy. Go to User Configuration\Administrative Templates\Windows Components\Internet Explorer and enable these policies:
Disable changing homepage settings
Search: disable search customization"
Based on 2 observations:
1) Everyone with their own computer uses google as the homepage (for them to use)
2) Every corporate admin sets their company website as the homepage (for other people to use)
There might be a communication problem to solve at many places, before anyone comes in with the "Disable changing homepage settings" final solution..
"Actually, just as interesting would be emails from great people BEFORE they became great. "
Echelon explained at last...