This is an issue where the user is telling the Java Runtime Environment that they want to run the applet with escalated permissions outside of the normal sandbox. This makes the applet nearly or just as dangerous as downloading and executing an untrusted executable written in C or C++. I think the JRE is being completely stupid to ask the question. It should IMO NEVER run applets off an inherently untrustworthy network like that.
The fact that it even asks that stupid question when running in a web browser is ridiculous. Even asking the questions makes it just as bad as ActiveX. It should be refusing to run outside of the sandbox without forcing the (knowledgable) user to jump through some hoops other than clicking a button.
wtf are you talking about? This is a problem with users saying "Yes, I want to let you hose my system with whatever you want." by clicking Yes/OK at any prompt. It's the same way a lot of malware gets onto PCs when using IE. The "exploit" is probably intended for IE users anyway, it just so happens that the JRE will let it do things to IE from inside alternative browers too. I imagine it could just as easily hose the OS, Firefox, MS Office, OpenOffice.org, Opera, WordPerfect or any other programs on the target system. This isn't a black eye for MS, Firefox, Opera, and probably not even Sun. It's the stupid user phenomena.
When you sell something back to the original owner at a loss, you've essentially gave them free money and their property back. TBH, I think if they seized his property and then wanted to sell it back to him, they should be REQUIRED to sell it at a loss for forcing him to sell his property to begin with.
Apple never calls it the "Shuffle". They call it the "iPod shuffle" (no cap on shuffle). If they owned the word, don't you think they'd use it on their website?
The term shuffle has been use for far too long in relation to music players for Apple to take the use of the word shuffle for itself. They can have "iPod Shuffle" if they want. Otherwise would they go after everyone whose hardware has a shuffle feature and calls it "shuffle"?
OpenOffice and GIMP? Hah. I'll admit to Firefox as I'm typing in it right now, but the other two? My other machine has the GIMP on it because I don't need a the features of the commercial packages, but I know that it's a pain to use. OpenOffice is horrible. I have no idea how they managed to make it slower on one of my new machines than MS Office on a Pentium 233...
Considered real alternatives to Windows? What? Are you on crack? I think only the most zealous frothing-at-the-mouth geeks refuse to admit that GNU/Linux isn't quite ready to take on Windows on anything but servers and workstations. It's getting there. The kernel is probably ready, but the stuff sitting atop needs some work still.
They have to make it available upon request, but I don't see anyone getting upset and taking them to court when they tell them the exact source for the underlying OS is available at kernel.org. If it becomes unavailable at kernel.org, then they'd have to either start mailing it on physical media to people who request it or link them to their own FTP (possibly even with a one time username/password) for it or something similar. It would be incredibly stupid for the OSS community to force anyone distributing binaries made from vanilla sources to become a mirror for the source.
Is it possible that you wouldn't have gotten the patch any earlier? Maybe testing it against known government configurations, getting it to the government and continuing on business as usual testing for the moving target that is the typical Windows desktop?
I think a nuclear power plant would be using a real light weight realtime operating system for the mission critical systems anyway. The plant manager's secretary's Windows desktop will not blow up the reactor either:O
Ever notice that a lot of the exploits come out after the exploit writers got hold of the patch? Could it be they're using the patch to find the exploit it patches? Assuming the government doesn't let the patch out, the rest of us aren't any worse off. The government with all its sensitive operations has a month to make sure there are no vulnerable systems on their networks before the kiddies start reverse engineering the patch off Windows Update.
They only have to test against known government configurations. The next month is testing against as many of the near infinite number of possible configurations as they can.
I think the shield of "OSS doesn't owe you a damn thing" is probably the reason patches are released 12 hours after they're written and confirmed to compile and *MAYBE* fix the problem. Whether it's tested beyond that is up to the distros or the users.;p
If they claim the user comes first and are ignoring the users, they need to STFU and stop making false claims about users coming first. I'm quite sick of hearing stupid claims about OSS developers wanting to bring OSS software to the desktop when they obviously don't give a shit about making it usable for anyone but themselves.
1024x768 is pretty optimal on 17" CRTs and 15" LCDs.
1600x1200 is the realm of 21" CRTs and slightly smaller LCDs. How could you see things so small on a 17"?
Slashdot Mirror
This is an issue where the user is telling the Java Runtime Environment that they want to run the applet with escalated permissions outside of the normal sandbox. This makes the applet nearly or just as dangerous as downloading and executing an untrusted executable written in C or C++. I think the JRE is being completely stupid to ask the question. It should IMO NEVER run applets off an inherently untrustworthy network like that.
So Java is no better than ActiveX and Firefox will let Java run? So Firefox is no more secure than IE in that regard? Thanks for the heads up.
The fact that it even asks that stupid question when running in a web browser is ridiculous. Even asking the questions makes it just as bad as ActiveX. It should be refusing to run outside of the sandbox without forcing the (knowledgable) user to jump through some hoops other than clicking a button.
wtf are you talking about? This is a problem with users saying "Yes, I want to let you hose my system with whatever you want." by clicking Yes/OK at any prompt. It's the same way a lot of malware gets onto PCs when using IE. The "exploit" is probably intended for IE users anyway, it just so happens that the JRE will let it do things to IE from inside alternative browers too. I imagine it could just as easily hose the OS, Firefox, MS Office, OpenOffice.org, Opera, WordPerfect or any other programs on the target system. This isn't a black eye for MS, Firefox, Opera, and probably not even Sun. It's the stupid user phenomena.
When you sell something back to the original owner at a loss, you've essentially gave them free money and their property back. TBH, I think if they seized his property and then wanted to sell it back to him, they should be REQUIRED to sell it at a loss for forcing him to sell his property to begin with.
Apple never calls it the "Shuffle". They call it the "iPod shuffle" (no cap on shuffle). If they owned the word, don't you think they'd use it on their website?
The term shuffle has been use for far too long in relation to music players for Apple to take the use of the word shuffle for itself. They can have "iPod Shuffle" if they want. Otherwise would they go after everyone whose hardware has a shuffle feature and calls it "shuffle"?
Apple's design is a god damned white USB flash drive with controls on it...
OpenOffice and GIMP? Hah. I'll admit to Firefox as I'm typing in it right now, but the other two? My other machine has the GIMP on it because I don't need a the features of the commercial packages, but I know that it's a pain to use. OpenOffice is horrible. I have no idea how they managed to make it slower on one of my new machines than MS Office on a Pentium 233...
Considered real alternatives to Windows? What? Are you on crack? I think only the most zealous frothing-at-the-mouth geeks refuse to admit that GNU/Linux isn't quite ready to take on Windows on anything but servers and workstations. It's getting there. The kernel is probably ready, but the stuff sitting atop needs some work still.
Other than the fact that you don't have to type cryptic commands?
They have to make it available upon request, but I don't see anyone getting upset and taking them to court when they tell them the exact source for the underlying OS is available at kernel.org. If it becomes unavailable at kernel.org, then they'd have to either start mailing it on physical media to people who request it or link them to their own FTP (possibly even with a one time username/password) for it or something similar. It would be incredibly stupid for the OSS community to force anyone distributing binaries made from vanilla sources to become a mirror for the source.
or Media Access Control?
Is it possible that you wouldn't have gotten the patch any earlier? Maybe testing it against known government configurations, getting it to the government and continuing on business as usual testing for the moving target that is the typical Windows desktop?
I think the US government has access to the source. As does China and a bunch of others.
I think a nuclear power plant would be using a real light weight realtime operating system for the mission critical systems anyway. The plant manager's secretary's Windows desktop will not blow up the reactor either :O
Ever notice that a lot of the exploits come out after the exploit writers got hold of the patch? Could it be they're using the patch to find the exploit it patches? Assuming the government doesn't let the patch out, the rest of us aren't any worse off. The government with all its sensitive operations has a month to make sure there are no vulnerable systems on their networks before the kiddies start reverse engineering the patch off Windows Update.
They only have to test against known government configurations. The next month is testing against as many of the near infinite number of possible configurations as they can.
I think the shield of "OSS doesn't owe you a damn thing" is probably the reason patches are released 12 hours after they're written and confirmed to compile and *MAYBE* fix the problem. Whether it's tested beyond that is up to the distros or the users. ;p
Why bother anyway, it's always going to suck.
It's always a few years away. The "fuck the users" attitude is exactly why.
This is also why relying on open source or using open source software exclusively is a stupid thing to do.
If they claim the user comes first and are ignoring the users, they need to STFU and stop making false claims about users coming first. I'm quite sick of hearing stupid claims about OSS developers wanting to bring OSS software to the desktop when they obviously don't give a shit about making it usable for anyone but themselves.
1024x768 is pretty optimal on 17" CRTs and 15" LCDs. 1600x1200 is the realm of 21" CRTs and slightly smaller LCDs. How could you see things so small on a 17"?
Please, developer roots does not always mean programming roots.