Couldn't you make the assumption that after a certain point, everything that's then created would be already indexed? Like how more and more is automatically created for an online world and is automatically indexed (by something). So you'd really only have to index the past up until that point...
(ignoring that this is probably an off-the-cuff joke, anyhow).
Anyone know what that is attached to the side of the lid/screen that's sticking out? I just bought an IBM laptop and I don't see anything like that on mine. Is that maybe an antenna for 802.11?:/
UWB uses a large range of frequencies, frequencies that companies have paid a large amount of money for. UWB claims that it's such a low power that it won't interfere with these frequencies or it'll use other ones, though. If you're Sprint and you shell out a ton of cash for a freq range, you don't want other system using it (even if you're not, at the moment).
So it's probably a big politics game right now, although I think UWB has a lot of potential.
Doing that still means the object is being serialized and saved in a file when the script ends, the object class is included and parsed again the next time the script runs and the object is unserialized and "recreated". That's not "sticking around between page loads"...
The also are trying to get the patent on the device configured to access web services:
A computing device configured to provide to Web service consumers access to Web services from third-party Web service providers
Isn't that a computer? Or any device that accesses any service over the web? Been done before??
---John Holmes...
I read the vulnerability which links to the sourceforge.net page that has the source code of this "library". It's a PHP script that you include() into other PHP scripts to use the functions/methods defined. The developer of this PHP script used eval() in an incorrect manner.
Unless you have another article that shows the PHP XML-RPC Functions to be vulnerabile, this is not a PHP vulnerability.
Normally I'd agree, but in this case, it's a PHP script written by someone else that's vulnerable. Any application using the xml-rpc server script (a plain old PHP script) is vulnerable becaus the developer didn't check user input.
there are a lot more careless coders out there coding in PHP.
That's exactly the issue. This isn't a PHP vulnerability. It's a poorly written script that doesn't check input properly.
It annoys me to see PHP blamed for stuff like this when it's poor programmers that should be blamed. PHP is just easy to learn, so there are a lot of bad programmers out there creating scripts like this.
I can't honestly say the xml-rpc scripts are bad because of this one issue, though, as I've never used it and only looked at the source after this story was posted.
Makes me sad that it's in PHP...since I love PHP
This isn't a PHP vulnerability. It's another poorly written, widely used application that's vulernable because the developer fails to check external input. The vulnerability is in a PHP script that someone has written. It could have been written in any langauge; the fault is on the developer, not PHP.
I also have runas shortcuts to cmd.exe and a text editor (Scite, in this case). I use those when needed and almost never actually log into the full Admin account.
The only programs I've found that have issues running as a regular user are games. OpenOffice, Firefox, Thunderbird, etc all work wonderfully with different users (wife and son also have limited user accounts that they use regularily).
That actually happened here. There was a train wreck with a chlorine gas leak. The train company offered local residents checks to pay for things, but the check had a clause on it that cashing it would wave any rights you have to sue the company. Once the news station got a hold of what they were doing, though, it was stopped.
How about one that installs a BHO automatically and sets the homepage to the FF page? Have it periodically pop up boxes about how they should try FF, too...:)
Doom 3, what a good example. I actually only have the demo to see how it would run on my system, but it certainly requires you to be admin. I can't even use "run-as" which I normally do for most games because then the mouse won't work. Maybe it's just my setup, I dunno, but it actually requires me to log in as an admin user in order to run it. I doubt the full game would be any different.
Drown them in noise. Everytime you get one of these emails, visit the site and enter bogus information.
I've always wanted to find a way to automate that. Have a site where you could submit a phishing site, have it analyzed and then feed it a bunch of noise.
If it's all done from the same computer, smart people could weed out the noise by IP address, so you'd have to account for that somehow, too.
Once you make enough noise in the system, scams like this do not remain economical, I would think.
Slashdot Mirror
Couldn't you make the assumption that after a certain point, everything that's then created would be already indexed? Like how more and more is automatically created for an online world and is automatically indexed (by something). So you'd really only have to index the past up until that point...
(ignoring that this is probably an off-the-cuff joke, anyhow).
---John Holmes...
Anyone know what that is attached to the side of the lid/screen that's sticking out? I just bought an IBM laptop and I don't see anything like that on mine. Is that maybe an antenna for 802.11? :/
---John Holmes...
UWB uses a large range of frequencies, frequencies that companies have paid a large amount of money for. UWB claims that it's such a low power that it won't interfere with these frequencies or it'll use other ones, though. If you're Sprint and you shell out a ton of cash for a freq range, you don't want other system using it (even if you're not, at the moment).
So it's probably a big politics game right now, although I think UWB has a lot of potential.
---John Holmes...
Doing that still means the object is being serialized and saved in a file when the script ends, the object class is included and parsed again the next time the script runs and the object is unserialized and "recreated". That's not "sticking around between page loads"...
---John Holmes...
The also are trying to get the patent on the device configured to access web services: A computing device configured to provide to Web service consumers access to Web services from third-party Web service providers
Isn't that a computer? Or any device that accesses any service over the web? Been done before??
---John Holmes...
I read the vulnerability which links to the sourceforge.net page that has the source code of this "library". It's a PHP script that you include() into other PHP scripts to use the functions/methods defined. The developer of this PHP script used eval() in an incorrect manner.
Unless you have another article that shows the PHP XML-RPC Functions to be vulnerabile, this is not a PHP vulnerability.
---John Holmes...
Normally I'd agree, but in this case, it's a PHP script written by someone else that's vulnerable. Any application using the xml-rpc server script (a plain old PHP script) is vulnerable becaus the developer didn't check user input.
---John Holmes...
there are a lot more careless coders out there coding in PHP.
That's exactly the issue. This isn't a PHP vulnerability. It's a poorly written script that doesn't check input properly.
It annoys me to see PHP blamed for stuff like this when it's poor programmers that should be blamed. PHP is just easy to learn, so there are a lot of bad programmers out there creating scripts like this.
I can't honestly say the xml-rpc scripts are bad because of this one issue, though, as I've never used it and only looked at the source after this story was posted.
---John Holmes...
Makes me sad that it's in PHP...since I love PHP
This isn't a PHP vulnerability. It's another poorly written, widely used application that's vulernable because the developer fails to check external input. The vulnerability is in a PHP script that someone has written. It could have been written in any langauge; the fault is on the developer, not PHP.
---John Holmes...
Right... because it's _so typical_ for an average user to have XP... SP2... firewall/router... and anti-virus...
If that were the case, there wouldn't be an issue in the first place.
---John Holmes...
You can use iexplore.exe, however. I use it to get into the Control Panel, Services, etc from my regular user account all the time.
/user:computer_name\administrator "c:\program files\internet explorer\iexplore.exe"
%windir%\System32\runas.exe
I also have runas shortcuts to cmd.exe and a text editor (Scite, in this case). I use those when needed and almost never actually log into the full Admin account.
The only programs I've found that have issues running as a regular user are games. OpenOffice, Firefox, Thunderbird, etc all work wonderfully with different users (wife and son also have limited user accounts that they use regularily).
---John Holmes...
Wouldn't the Whitespace programming language be prior art? ;)
---John Holmes...
Don't log in at work. Or have a work account and a home account. How hard is that?
---John Holmes...
If you go far enough southwest, it looks like you get a view of all four seasons in one shot. See here.
---John Holmes...
What state is Canada in, again?
Requiring "strong" passwords just means users will write them down and put 'em under the keyboard.
---John Holmes...
Man... sounds like your parties were a blast! What'd you do for fun late at night? Watch the racoons eat out of the garbage can? ;)
---John Holmes...
That actually happened here. There was a train wreck with a chlorine gas leak. The train company offered local residents checks to pay for things, but the check had a clause on it that cashing it would wave any rights you have to sue the company. Once the news station got a hold of what they were doing, though, it was stopped.
---John Holmes...
I wonder how many people actually have Small-Form Factor cases
Everyone who bought the Mac Mini...
How about one that installs a BHO automatically and sets the homepage to the FF page? Have it periodically pop up boxes about how they should try FF, too... :)
---John Holmes...
Doom 3, what a good example. I actually only have the demo to see how it would run on my system, but it certainly requires you to be admin. I can't even use "run-as" which I normally do for most games because then the mouse won't work. Maybe it's just my setup, I dunno, but it actually requires me to log in as an admin user in order to run it. I doubt the full game would be any different.
---John Holmes...
Make sure "Check for new messages at startup" is checked under Server Settings for the other accounts.
---John Holmes...
Thanks for pointing this out. I set my Adblock back to Hide now.
---John Holmes...
I've seen adverts for plastic and magnetic sets. Same idea for building stuff, but no screws/bolts. I doubt you'll ever see the classic sets anymore.
---John Holmes...
If it's all done from the same computer, smart people could weed out the noise by IP address, so you'd have to account for that somehow, too.
Once you make enough noise in the system, scams like this do not remain economical, I would think.
---John Holmes...