If you had any idea what OP was talking about, you're realize that this isn't "sandboxing and virtualization". Thus, the attacker won't be taking control of the browser in a non-priv account or in a virtual space. This is DEP, data execution prevention. You may also know it as the NX bit. It's disallowing the execution of code from non-code areas such as the stack/heap. Thus it LITERALLY disallows the code from being run. So while the vulnerability is academically "there" the reality is, it does not run code, at all. Not in some restricted domain, not as some no-priv user. It simply doesn't run. Thus it cannot be used for malicious purposes.
Your entire post is anti-IE hate, and you have no idea what you're talking about. Then you go on to drag in some ActiveX bashing. Of course you've been modded up as "informative" even though your entire post is factually incorrect. I mean this is Slashdot right?
Core product ends? Why would their core product end though? Because someone bundled Linux with a browser? Haven't we watched the Year of the Linux Desktop repeatedly fail to appear, and now Google is going to come in an magically make it happen? Look at Chrome's current market share for hints as to their ability to market software. How the hell are you going to get people to install an entire OS (or buy a PC with that OS) if you can't get them to install a browser?! Google is search. Everything else avoids looking like complete failure by being propped up with Google search funds.
You're absolutely right. If this guy didn't inform anyone except Mozilla, he's bringing browsers wars to a new low, by being willing to expose a majority of web users involved in e-commerce and other "secure" online access to his vulnerability for whatever the lead time of patching is, but exempting users of his favorite browser. IF that's what he did, that's ridiculous, childish, and petty.
What about all the other vendors of SSL dependent software? SSL based VPNs like OpenVPN for example. No love for them either? Just Mozilla?
It shows how people like Dan K are smart enough to recognize major vulnerabilities that can potentially affect massive amounts of service/traffic/commerce need to be handled differently. It doesn't reduce the respect you gain as a security researcher for finding such a major flaw to give vendors notification in a reasonable time period before publication. I'm all for full disclosure as a means of punishing companies that don't respond, but for larger vulnerabilities I think notification and a deadline are the way to go.
Funny thing is, the Firefox 3.5 exploit doesn't work on Vista either according to our testing. Only works on Windows 2000 and XP. Good thing everyone's bashing Vista like it has no features of value and as if it's still broken like pre-SP1 when SP2 is out.
So your average Microsoft-hating fanboi who is running Firefox 3.5 because IE8 isn't cool enough, and who is running Vista because XP is "way better", is the one who is vulnerable to this Firefox exploit.
Yes! Lets compare the software company's OS pricing to the hardware company's OS pricing. It's not as though Apple makes a huge margin marking up hardware and uses that to subsidize its OS development. Oh wait...
All I can say is, anyone who calls Microsoft Johnny-Come-Lately on parallelism is severely ignorant of the subject. Especially wheen your link for the phrase goes to PLINQ, implying that this was their first effort in the world of concurrency and parallelism.
Compare Microsoft's I/O Completion Ports mechanism (involving both the scheduler and the event driven I/O architecture) and the fact that epoll() itself was the Johnny-Come-Lately technology, or the C10K problem was solved on IIS thanks to I/O Completion Ports before epoll() plus Apache 2 were ready for prime time, or that the NT kernel has had real threads since its inception and the Linux kernel was running "LinuxThreads" with vfork() until not more than a couple of years ago. This was all at the same time that Windows developers were enjoying a system managed thread pool that handled all the math for best scalability on an N cpu setup. Perhaps we shouldn't even bring up the weak aio API versus the mature async API under the NT kernel. Or you could point out that MySQL and Postgress are ages behind the level of auto-parallelism available with unmodified queries in Microsoft SQL 2005 and 2008.
Or that when you look at technologies like PLINQ and parallel generic ForEach in.NET, it brings easily learned and used parallelism not just to high end developers but to mainstream developers allowing a wider array of software to take advantage of the manycore era.
And finally, look at the fact that Johnny-Come-Lately may in fact be Johnny-Came-Right-On-Time. Putting heavy efforts into their concurrency efforts back when 90% of the multi-core computers had 2 or 4 cpus wasn't the best allocation of resources at the time. In about 2006 when PLINQ was getting started, that was when the multi-core era was really kicking off. Now Visual Studio 2010 is about to release with.NET 4.0 and technologies like PLINQ and parallel ForEach are mature and ready to go, it certainly seems like they timed it just right.
The people who were heavy into parallelism prior to Microsoft's efforts were mostly composed of specialization and academia. The OSS crowd has been playing catch-up for the past 5 years and they still aren't there yet. If there's one company that is going to bring concurrency and parallelism to a critical mass of developers, and to a critical mass of applications to benefit a majority of the users in this world, it's going to be Microsoft.
It appears that the European efforts have triggered a new trend whereby EVERY country a multinational corporation operates in that isn't its native country can start engaging in the MoneyGrab(tm) technique. I mean why let all those euros or rubles leave the country? Why not have companies come in, sell products, and then since you can't tax the hell out of them due to the WTO and the ensuing trade wars, instead just trump up some charges over being too succcessful and "tax" them that way.
Can someone explain to me why this isn't a WTO issue and why these kinds of taxes... I mean fines aren't regulated under the trade agreements?
And don't tell me how they're just trying to stop the evil monopolies. I'm fine with them fining the shit out of Microsoft for bad behavior as long as they're willing to donate 100% of the proceeds to charity. It's not about the behavior, it's about the money.
Next question asked is WHY has Microsoft have to invent one when there are others available already?
Yes, clearly the concurrent programming language problem is all wrapped up and doesn't need any further innovations or development.
It's ridiculous how hostile people are to what happen to be really cool Microsoft research projects. I know it doesn't mesh well with the idea that Microsoft steals everything and invents nothing but if you're more interested in Computer Science rather than pushing an anti-Microsoft agenda, you'd see that some of their ideas are really cool and tend to spawn related ideas that help advance the industry as a whole.
Microsoft has put *significant* efforts into developing *multiple* concurrent programming languages and libraries because it is an area that definitely needs new development and new innovations to meet the challenge of development in the manycore era.
Funny I didn't see all this negativity when Apple started talking about "Grand Central". As if that system is going to be useful on any platform other than OSX.
It's pretty clear from a Google search and from the comments in bugs where this guy has treated people who are either trying to help or trying to report what they consider reasonable bugs like shit, that this guy is just a complete asshole.
What's great is now Slashdot has helped the world understand what an asshole he is.
I hope Redhat enjoys the great PR that comes from someone like this who acts like a total cunt and then signs "@redhat.com" to everything.
Yeah, this is just another European Union money grab from a major multi-billion dollar American company. First Microsoft, then Intel. What's next? Maybe they can try to fine Caterpillar or Boeing.
There's no legal justification for Europe issuing BILLIONS of dollars woth of fines. It is just the new way to evade the WTO and tax/tariff the American companies. These kinds of anti-trust claims should be moved under the umbrella of the WTO if they're going to reach the level of BILLION dollar fines.
Just because the internet exists, doesn't give you the right to be a sick fuck. It also doesn't make being a sick fuck consequence free.
You're right, the internet doesn't give people the right to be sick fucks, and it doesn't make being a sick fuck consequence free. It's our freedom, our free society that gives people the right to be a sick fuck and that makes being a sick fuck consequence free. And that's a natural part of society, the fact that the "undesirables" will roam freely and do things, many of which aren't things that you can regulate or punish them for. Things which most people find distasteful or vulgar.
Once you start setting standards for what is appropriate and what is not, outside of the realm of the rights of others (and there's no right to not be offended, since only you have the power to control what offends you), you will find that your free society isn't a free society any longer. It may sound like a free society, and to you, it may appear to be a free society because people are certainly free... to behave in the way that YOU feel is appropriate. For those who don't agree with the perspective you would have codified, they wouldn't be free at all. They would be subject to the tyranny of your standards. And perhaps those sick fucks are enough of a minority that they could never do anything about it. But the reality that many of yester-year's socially conservative types are discovering is, that kind of pseudo-freedom is a *bitch* when the people making those kinds of societal value judgements aren't the people who agree with you anymore.
The point is, it's better to live in as truly free of a society as you can pragmatically have, even if it means some feelings are hurt and some people are offended. The/b/tards and their assholia are the natural result of free and open lines of mass communication and a fairly free society in which to use those lines of communication. You can either give up the technology that gives you mass communication, or you can accept that it can be employed by assholes in a free society. What you can't do is have your mass communication medium, have your free societies, and make sure that none of the assholes offend anyone with it.
This is the dream of so many people: to have a "nice" Internet. It's sad because it simply isn't physically possible. Ever.
PS. Regarding your desire for civil suits, perhaps they should also sue Porche for making awesome cars, or sue the paramedics for not being able to put her back together, or sue the drug dealers who sold her the cocaine, or sue the camera company for making cameras to take the pictures, or maybe they could just appeal to the Supreme Court for a writ of mandamus ordering everyone in the United States to be nicer people. We don't need any more stupid lawsuits. Trying to sue 4chan retards for spreading pictures that they got ahold of lawfully and for being dicks is just about the biggest waste of our court's business hours I can think of. Their suit against the CHP is already costing a significant number of my tax dollars, when the remedy to that suit should simply be to terminate both of the idiots who leaked the photos, not to have a rich Orange County family seize a bunch of tax payer dollars to make themselves feel better.
How do you know I was intending to be offensive? Perhaps I was literally asking him if he had some kind of learning disability, which would make sense considering his completely incorrect reading of the post and/or article.:)
So, why doesn't Microsoft produce these tools for Windows, so the mass populace can help identify, log steps to reproduce, and report the exploits? Why are they using their resources to create tools for testing open source software for exploits? It is so they can give windows fanbois tools to create yet more anti-Linux and anti-F/OSS FUD, pure and simple.
Are you retarded? This tool isn't a "find exploits in open source software tool." It's an open source "find exploits in software tool". So Microsoft has an internal tool that they've developed to search for exploits in their software like Windows and Office, but they decided to open source that tool and share it with everyone else. It has nothing to do with Windows versus Linux.
As far as your ridiculous rant regarding Windows and programs running as Administrator, if you actually looked at the most recent versions of Windows, the number of system services that run under NETWORK SERVICE and other less privileged accounts has been increased, and with UAC, running users as non-admin is actually feasible. I don't know if you'd ever tried running as non-admin under XP, but the idea of logging out and logging back in to make a change, or hoping to hell that runas will actually work, just makes no sense. In addition, their work on Protected Mode where IE runs in a sandbox is another example of MS working to implement the least privilege principle.
Microsoft has made *considerable* progress on the non-admin front, and continues to work on that.
Oh, and whoever modded you up for this nonsensical misinterpretation of the tool needs a meta-mod down.
Get over yourself. Web development is important, but the situation isn't as dire as you make it out to be. Somehow over the years that Internet Explorer has been dominating the market share and completely ignoring web standards, the world wide web grew by leaps and bounds, millions of businesses grew online, millions of people used the web to communicate and spread ideas, and a very large majority of it took place in a proprietary browser with proprietary extensions and poor web standards compliance.
Not only that, but one of those proprietary extensions turned out to be the foundation of today's web standards. Microsoft invented a little COM object we used to call XMLHTTP. That in turn was copied by Mozilla and became what we now know as XMLHttpRequest, the foundation of AJAX and the basis of all Web 2.0 development.
You anti-Microsoft zealots take advantage of Microsoft a innovation to implement your Web 2.0 applications, the whole while talking about how Microsoft has been such a huge setback to the web. It's pure hypocrisy.
There's a place for proprietary technology and innovation, and there's a place for open source and standards based development and innovation.
Can you explain why that page indicates all green for CSS 2.1 on WebKit based browsers, except for the "static" classifications, yet WebKit claims that their CSS 2.1 support is not yet complete?
Perhaps using the W3C standard test suites would be a better measure than some guy putting green boxes next to features?
If WebKit claims their CSS 2.1 support isn't done yet, I'm going to take their word for it.
Acid2 isn't a standard. It also isn't a part of the test suite of W3C. Acid3 isn't a standard. It also isn't part of the test suite of W3C. It's a marketing gimmick of Opera and people lap it up like it is more important than real standards work from the W3C. Plus, Acid3 is more about DOM than CSS, and Acid3 tests for features that have not yet been standardized.
You can push for implementation of standards, but to knock someone's products because they haven't implemented DRAFT standard recommendations is just stupid.
And your claims that Microsoft isn't really implementing the CSS 2.1 standard correctly and that they're just "checking a checkbox" don't actually stand up to the test of reality:
Your arguments are a subjective standard, you want to appeal to the W3C for "standards" authority, but then set the bar for judgement to be whatever "people are using" or whatever marketing gimmick "standards" test IE fails and others ALSO fail, just fail less.
Stick to the W3C standard test suites for an actual measure of standards compliance and leave the Acid tests to the fanbois who are out to prove a point. And don't talk about "standards" that are not yet standards.
Oh you mean like web standards that are published far faster than any of the browsers can implement? Like IE8 passes Acid2 perfectly and is CSS 2.1 compliant, but now everyone humps on Acid3 and CSS 3?
What do you want to bet that when IE 8.5 or IE9 releases, they'll have Acid4 out? And Firefox/Oprah will have 90% compliance, and IE will have 50% compliance, and everyone will go nuts about how IE doesn't have the newest web standards.
And if you actually look at Microsoft's efforts on Silverlight, they released it for Mac OSX with plugins for Firefox and Safari, and they are working directly with the Moonlight team to provide technical assistance with the implementation. They have done the right thing all the way through on Silverlight.
I don't find it difficult to deal with the use of the word 'discrimination' outside a strict legal definition (and IAAL). Moreover, the text did say "verge on discrimination.
Well, IANAL, but I do find it difficult to deal with the use of the word discrimination, because the way it is used typically implies that it is illegal discrimination, or at the very least, evil discrimination.
As far as "on the verge of discrimination", if the author wasn't trying to imply illegal discrimination, then this statement makes no sense, because it is quite literally discrimination to choose between two things based on one or more factors.
People overuse the term discrimination anymore to imply that any factor or source of information you use to choose between one or more people is evil, when that's exactly what hiring is. So I believe it boils down to this:
Are the factors being used to choose between one or more people illegal, immoral, or unethical?
You can't just imply they are using illegal factors or that they might be, simply because you can't control the sources of information.
Are the sources of information legal, moral, and ethical means to acquire said information?
They're not hiring goons to break into your house and look at what books you have on your shelves, what kind of food you eat, and whether or not you have a dildo in your underwear drawer. They're using public domain information that you have chosen to put on the internet with your name attached to it. That's far less invasive than say running a criminal background check.
In any case, if you are going to be so stubborn about infringing on our privacy, we are just going to have to pass legislation criminalising your behaviour, aren't we?
Your statement that "we" are going to have to pass legislation protecting peoples' privacy in regards to information they have willingly posted in the public domain does not give me a great deal of confidence in your abilities as a lawyer.
Slashdot Mirror
If you had any idea what OP was talking about, you're realize that this isn't "sandboxing and virtualization". Thus, the attacker won't be taking control of the browser in a non-priv account or in a virtual space. This is DEP, data execution prevention. You may also know it as the NX bit. It's disallowing the execution of code from non-code areas such as the stack/heap. Thus it LITERALLY disallows the code from being run. So while the vulnerability is academically "there" the reality is, it does not run code, at all. Not in some restricted domain, not as some no-priv user. It simply doesn't run. Thus it cannot be used for malicious purposes.
Your entire post is anti-IE hate, and you have no idea what you're talking about. Then you go on to drag in some ActiveX bashing. Of course you've been modded up as "informative" even though your entire post is factually incorrect. I mean this is Slashdot right?
13th base is when you get a Z-job.
Core product ends? Why would their core product end though? Because someone bundled Linux with a browser? Haven't we watched the Year of the Linux Desktop repeatedly fail to appear, and now Google is going to come in an magically make it happen? Look at Chrome's current market share for hints as to their ability to market software. How the hell are you going to get people to install an entire OS (or buy a PC with that OS) if you can't get them to install a browser?! Google is search. Everything else avoids looking like complete failure by being propped up with Google search funds.
You're absolutely right. If this guy didn't inform anyone except Mozilla, he's bringing browsers wars to a new low, by being willing to expose a majority of web users involved in e-commerce and other "secure" online access to his vulnerability for whatever the lead time of patching is, but exempting users of his favorite browser. IF that's what he did, that's ridiculous, childish, and petty.
What about all the other vendors of SSL dependent software? SSL based VPNs like OpenVPN for example. No love for them either? Just Mozilla?
It shows how people like Dan K are smart enough to recognize major vulnerabilities that can potentially affect massive amounts of service/traffic/commerce need to be handled differently. It doesn't reduce the respect you gain as a security researcher for finding such a major flaw to give vendors notification in a reasonable time period before publication. I'm all for full disclosure as a means of punishing companies that don't respond, but for larger vulnerabilities I think notification and a deadline are the way to go.
Funny thing is, the Firefox 3.5 exploit doesn't work on Vista either according to our testing. Only works on Windows 2000 and XP. Good thing everyone's bashing Vista like it has no features of value and as if it's still broken like pre-SP1 when SP2 is out.
So your average Microsoft-hating fanboi who is running Firefox 3.5 because IE8 isn't cool enough, and who is running Vista because XP is "way better", is the one who is vulnerable to this Firefox exploit.
Yes! Lets compare the software company's OS pricing to the hardware company's OS pricing. It's not as though Apple makes a huge margin marking up hardware and uses that to subsidize its OS development. Oh wait...
All I can say is, anyone who calls Microsoft Johnny-Come-Lately on parallelism is severely ignorant of the subject. Especially wheen your link for the phrase goes to PLINQ, implying that this was their first effort in the world of concurrency and parallelism.
Compare Microsoft's I/O Completion Ports mechanism (involving both the scheduler and the event driven I/O architecture) and the fact that epoll() itself was the Johnny-Come-Lately technology, or the C10K problem was solved on IIS thanks to I/O Completion Ports before epoll() plus Apache 2 were ready for prime time, or that the NT kernel has had real threads since its inception and the Linux kernel was running "LinuxThreads" with vfork() until not more than a couple of years ago. This was all at the same time that Windows developers were enjoying a system managed thread pool that handled all the math for best scalability on an N cpu setup. Perhaps we shouldn't even bring up the weak aio API versus the mature async API under the NT kernel. Or you could point out that MySQL and Postgress are ages behind the level of auto-parallelism available with unmodified queries in Microsoft SQL 2005 and 2008.
Or that when you look at technologies like PLINQ and parallel generic ForEach in .NET, it brings easily learned and used parallelism not just to high end developers but to mainstream developers allowing a wider array of software to take advantage of the manycore era.
And finally, look at the fact that Johnny-Come-Lately may in fact be Johnny-Came-Right-On-Time. Putting heavy efforts into their concurrency efforts back when 90% of the multi-core computers had 2 or 4 cpus wasn't the best allocation of resources at the time. In about 2006 when PLINQ was getting started, that was when the multi-core era was really kicking off. Now Visual Studio 2010 is about to release with .NET 4.0 and technologies like PLINQ and parallel ForEach are mature and ready to go, it certainly seems like they timed it just right.
The people who were heavy into parallelism prior to Microsoft's efforts were mostly composed of specialization and academia. The OSS crowd has been playing catch-up for the past 5 years and they still aren't there yet. If there's one company that is going to bring concurrency and parallelism to a critical mass of developers, and to a critical mass of applications to benefit a majority of the users in this world, it's going to be Microsoft.
It appears that the European efforts have triggered a new trend whereby EVERY country a multinational corporation operates in that isn't its native country can start engaging in the MoneyGrab(tm) technique. I mean why let all those euros or rubles leave the country? Why not have companies come in, sell products, and then since you can't tax the hell out of them due to the WTO and the ensuing trade wars, instead just trump up some charges over being too succcessful and "tax" them that way.
Can someone explain to me why this isn't a WTO issue and why these kinds of taxes... I mean fines aren't regulated under the trade agreements?
And don't tell me how they're just trying to stop the evil monopolies. I'm fine with them fining the shit out of Microsoft for bad behavior as long as they're willing to donate 100% of the proceeds to charity. It's not about the behavior, it's about the money.
Okay...
"Opera 10 continues to follow the web standards by getting 100/100 and pixel-perfect scores on the Acid3 test."
Once again Opera pushes the misconception that Acid3 is the test of web standards compliance.
"it now includes a Turbo mode which unclogs your connection to get faster browsing"
Marketing people can DIAF.
Next question asked is WHY has Microsoft have to invent one when there are others available already?
Yes, clearly the concurrent programming language problem is all wrapped up and doesn't need any further innovations or development.
It's ridiculous how hostile people are to what happen to be really cool Microsoft research projects. I know it doesn't mesh well with the idea that Microsoft steals everything and invents nothing but if you're more interested in Computer Science rather than pushing an anti-Microsoft agenda, you'd see that some of their ideas are really cool and tend to spawn related ideas that help advance the industry as a whole.
Microsoft has put *significant* efforts into developing *multiple* concurrent programming languages and libraries because it is an area that definitely needs new development and new innovations to meet the challenge of development in the manycore era.
Funny I didn't see all this negativity when Apple started talking about "Grand Central". As if that system is going to be useful on any platform other than OSX.
It's pretty clear from a Google search and from the comments in bugs where this guy has treated people who are either trying to help or trying to report what they consider reasonable bugs like shit, that this guy is just a complete asshole.
What's great is now Slashdot has helped the world understand what an asshole he is.
I hope Redhat enjoys the great PR that comes from someone like this who acts like a total cunt and then signs "@redhat.com" to everything.
Yeah, this is just another European Union money grab from a major multi-billion dollar American company. First Microsoft, then Intel. What's next? Maybe they can try to fine Caterpillar or Boeing.
There's no legal justification for Europe issuing BILLIONS of dollars woth of fines. It is just the new way to evade the WTO and tax/tariff the American companies. These kinds of anti-trust claims should be moved under the umbrella of the WTO if they're going to reach the level of BILLION dollar fines.
IT'S THEFT.
Just because the internet exists, doesn't give you the right to be a sick fuck. It also doesn't make being a sick fuck consequence free.
You're right, the internet doesn't give people the right to be sick fucks, and it doesn't make being a sick fuck consequence free. It's our freedom, our free society that gives people the right to be a sick fuck and that makes being a sick fuck consequence free. And that's a natural part of society, the fact that the "undesirables" will roam freely and do things, many of which aren't things that you can regulate or punish them for. Things which most people find distasteful or vulgar.
Once you start setting standards for what is appropriate and what is not, outside of the realm of the rights of others (and there's no right to not be offended, since only you have the power to control what offends you), you will find that your free society isn't a free society any longer. It may sound like a free society, and to you, it may appear to be a free society because people are certainly free... to behave in the way that YOU feel is appropriate. For those who don't agree with the perspective you would have codified, they wouldn't be free at all. They would be subject to the tyranny of your standards. And perhaps those sick fucks are enough of a minority that they could never do anything about it. But the reality that many of yester-year's socially conservative types are discovering is, that kind of pseudo-freedom is a *bitch* when the people making those kinds of societal value judgements aren't the people who agree with you anymore.
The point is, it's better to live in as truly free of a society as you can pragmatically have, even if it means some feelings are hurt and some people are offended. The /b/tards and their assholia are the natural result of free and open lines of mass communication and a fairly free society in which to use those lines of communication. You can either give up the technology that gives you mass communication, or you can accept that it can be employed by assholes in a free society. What you can't do is have your mass communication medium, have your free societies, and make sure that none of the assholes offend anyone with it.
This is the dream of so many people: to have a "nice" Internet. It's sad because it simply isn't physically possible. Ever.
PS. Regarding your desire for civil suits, perhaps they should also sue Porche for making awesome cars, or sue the paramedics for not being able to put her back together, or sue the drug dealers who sold her the cocaine, or sue the camera company for making cameras to take the pictures, or maybe they could just appeal to the Supreme Court for a writ of mandamus ordering everyone in the United States to be nicer people. We don't need any more stupid lawsuits. Trying to sue 4chan retards for spreading pictures that they got ahold of lawfully and for being dicks is just about the biggest waste of our court's business hours I can think of. Their suit against the CHP is already costing a significant number of my tax dollars, when the remedy to that suit should simply be to terminate both of the idiots who leaked the photos, not to have a rich Orange County family seize a bunch of tax payer dollars to make themselves feel better.
How do you know I was intending to be offensive? Perhaps I was literally asking him if he had some kind of learning disability, which would make sense considering his completely incorrect reading of the post and/or article. :)
Hey, if Obama can get away with it...
So, why doesn't Microsoft produce these tools for Windows, so the mass populace can help identify, log steps to reproduce, and report the exploits? Why are they using their resources to create tools for testing open source software for exploits? It is so they can give windows fanbois tools to create yet more anti-Linux and anti-F/OSS FUD, pure and simple.
Are you retarded? This tool isn't a "find exploits in open source software tool." It's an open source "find exploits in software tool". So Microsoft has an internal tool that they've developed to search for exploits in their software like Windows and Office, but they decided to open source that tool and share it with everyone else. It has nothing to do with Windows versus Linux.
As far as your ridiculous rant regarding Windows and programs running as Administrator, if you actually looked at the most recent versions of Windows, the number of system services that run under NETWORK SERVICE and other less privileged accounts has been increased, and with UAC, running users as non-admin is actually feasible. I don't know if you'd ever tried running as non-admin under XP, but the idea of logging out and logging back in to make a change, or hoping to hell that runas will actually work, just makes no sense. In addition, their work on Protected Mode where IE runs in a sandbox is another example of MS working to implement the least privilege principle.
Microsoft has made *considerable* progress on the non-admin front, and continues to work on that.
Oh, and whoever modded you up for this nonsensical misinterpretation of the tool needs a meta-mod down.
Wow, you two are a couple of douchenozzles.
Which is for all intents and purposes, an Opera marketing effort, if you actually look a little deeper. Look at the people involved.
CAPSLOCK IS CRUISE CONTROL FOR THE SUPER SERIOUS!
Get over yourself. Web development is important, but the situation isn't as dire as you make it out to be. Somehow over the years that Internet Explorer has been dominating the market share and completely ignoring web standards, the world wide web grew by leaps and bounds, millions of businesses grew online, millions of people used the web to communicate and spread ideas, and a very large majority of it took place in a proprietary browser with proprietary extensions and poor web standards compliance.
Not only that, but one of those proprietary extensions turned out to be the foundation of today's web standards. Microsoft invented a little COM object we used to call XMLHTTP. That in turn was copied by Mozilla and became what we now know as XMLHttpRequest, the foundation of AJAX and the basis of all Web 2.0 development.
You anti-Microsoft zealots take advantage of Microsoft a innovation to implement your Web 2.0 applications, the whole while talking about how Microsoft has been such a huge setback to the web. It's pure hypocrisy.
There's a place for proprietary technology and innovation, and there's a place for open source and standards based development and innovation.
It's okay, Microsoft is helping with the CSS 2.1 testing.
http://samples.msdn.microsoft.com/ietestcenter/
http://blogs.msdn.com/ie/archive/2009/01/27/microsoft-submits-thousands-more-css-2-1-tests-to-the-w3c.aspx
Either you're standards compliant or you're not. WebKit claims they're not. I believe them.
Can you explain why that page indicates all green for CSS 2.1 on WebKit based browsers, except for the "static" classifications, yet WebKit claims that their CSS 2.1 support is not yet complete?
Perhaps using the W3C standard test suites would be a better measure than some guy putting green boxes next to features?
If WebKit claims their CSS 2.1 support isn't done yet, I'm going to take their word for it.
Acid2 isn't a standard. It also isn't a part of the test suite of W3C. Acid3 isn't a standard. It also isn't part of the test suite of W3C. It's a marketing gimmick of Opera and people lap it up like it is more important than real standards work from the W3C. Plus, Acid3 is more about DOM than CSS, and Acid3 tests for features that have not yet been standardized.
You can push for implementation of standards, but to knock someone's products because they haven't implemented DRAFT standard recommendations is just stupid.
And your claims that Microsoft isn't really implementing the CSS 2.1 standard correctly and that they're just "checking a checkbox" don't actually stand up to the test of reality:
http://blogs.msdn.com/ie/archive/2009/01/27/microsoft-submits-thousands-more-css-2-1-tests-to-the-w3c.aspx
Your arguments are a subjective standard, you want to appeal to the W3C for "standards" authority, but then set the bar for judgement to be whatever "people are using" or whatever marketing gimmick "standards" test IE fails and others ALSO fail, just fail less.
Stick to the W3C standard test suites for an actual measure of standards compliance and leave the Acid tests to the fanbois who are out to prove a point. And don't talk about "standards" that are not yet standards.
http://webkit.org/projects/css/index.html
So let me understand this...
WebKit isn't yet CSS 1 compliant.
WebKit isn't yet CSS 2.1 compliant, and does not currently pass the CSS 2.1 suite.
WebKit isn't yet CSS 3 compliant, but CSS 3 isn't a finished standard yet anyway. ( http://www.w3.org/Style/CSS/current-work )
IE 8 is coming out with full CSS 2.1 compliance that passes the CSS 2.1 test suite entirely.
CSS 2.1 is the newest *completed* CSS standard level.
But according to the Intarnets, Microsoft should replace their IE Trident engine with WebKit.
Which would reduce their CSS standards support...
I'm confused.
http://webkit.org/projects/css/index.html
So let me understand this...
WebKit isn't yet CSS 1 compliant.
WebKit isn't yet CSS 2.1 compliant, and does not currently pass the CSS 2.1 suite.
WebKit isn't yet CSS 3 compliant, but CSS 3 isn't a finished standard yet anyway. ( http://www.w3.org/Style/CSS/current-work )
IE 8 is coming out with full CSS 2.1 compliance that passes the CSS 2.1 test suite entirely.
CSS 2.1 is the newest *completed* CSS standard level.
But according to the Intarnets, Microsoft should replace their IE Trident engine with WebKit.
Which would reduce their CSS standards support...
I'm confused.
Oh you mean like web standards that are published far faster than any of the browsers can implement? Like IE8 passes Acid2 perfectly and is CSS 2.1 compliant, but now everyone humps on Acid3 and CSS 3?
What do you want to bet that when IE 8.5 or IE9 releases, they'll have Acid4 out? And Firefox/Oprah will have 90% compliance, and IE will have 50% compliance, and everyone will go nuts about how IE doesn't have the newest web standards.
And if you actually look at Microsoft's efforts on Silverlight, they released it for Mac OSX with plugins for Firefox and Safari, and they are working directly with the Moonlight team to provide technical assistance with the implementation. They have done the right thing all the way through on Silverlight.
http://tirania.org/blog/archive/2007/Sep-05.html
I don't find it difficult to deal with the use of the word 'discrimination' outside a strict legal definition (and IAAL). Moreover, the text did say "verge on discrimination.
Well, IANAL, but I do find it difficult to deal with the use of the word discrimination, because the way it is used typically implies that it is illegal discrimination, or at the very least, evil discrimination.
As far as "on the verge of discrimination", if the author wasn't trying to imply illegal discrimination, then this statement makes no sense, because it is quite literally discrimination to choose between two things based on one or more factors.
People overuse the term discrimination anymore to imply that any factor or source of information you use to choose between one or more people is evil, when that's exactly what hiring is. So I believe it boils down to this:
Are the factors being used to choose between one or more people illegal, immoral, or unethical?
You can't just imply they are using illegal factors or that they might be, simply because you can't control the sources of information.
Are the sources of information legal, moral, and ethical means to acquire said information?
They're not hiring goons to break into your house and look at what books you have on your shelves, what kind of food you eat, and whether or not you have a dildo in your underwear drawer. They're using public domain information that you have chosen to put on the internet with your name attached to it. That's far less invasive than say running a criminal background check.
In any case, if you are going to be so stubborn about infringing on our privacy, we are just going to have to pass legislation criminalising your behaviour, aren't we?
Your statement that "we" are going to have to pass legislation protecting peoples' privacy in regards to information they have willingly posted in the public domain does not give me a great deal of confidence in your abilities as a lawyer.