Comments on that story are closed by now, unfortunately. But interestingly enough, today's "Talk of the Day" is again food-related: Have you ever truly gone hungry?.
Sure you you answer: "Never, as there is always some tasty pussy around me" or something similar. Or "Never, as there is always some tasty banana nearby" if that's the way you swing.
I think if you do some research you will find that the overwhelming consensus of historians (and even that is a bit of an understatement) agree that it was the longbow that made plate armor obsolete.
Along with the greater ability of gunfire to penetrate plate armour, it was the amount of time needed to train longbowmen which eventually led to their being replaced by musketmen.
...
Even very heavy draw longbows have trouble penetrating well made, tough steel plate armour, which was used increasingly after 1350. Armour of the Medieval eras was not proof against arrows until the specialized armour of the Italian city state mercenary companies.[24] Archery was ineffective against plate armour in the Battle of Neville's Cross (1346), the siege of Bergerac (1345), and the Battle of Poitiers (1356); such armour became available to European knights of fairly modest means by the late 1300s, though never to all soldiers in any army.
So, it was gunfire which made plate armor obsolete, not longbows.
Wow, is that bug report yours? Because if it is, you're a fucking asshole.
What is this? Running out of arguments and feeling the need to make this up with a foul mouth or what?
Anyway, there were two fairly sizable bugfix releases to 3.5 in the six months directly after 4.0 came out. But if you're expecting the KDE development team to continue support two entirely different and non-compatible desktop environments, each based on different toolkits (Qt 3 and 4), indefinitely, well... Tough shit, I guess.
Maybe not indefinately, but at least long enough until KDE 4 was mature enough for production. But maybe, if I'm already going to switch to a different and non-compatible desktop, it should rather be Gnome...
I don't really know what to tell you. Everybody knew what the fuck was going on.
Many probably knew what was going on. But for some weird reason many others seemed to believe that the KDE development team would not continue to support two entirely different and non-compatible desktop environments, each based on different toolkits (Qt 3 and 4). If somehow distributions got the idea that the Qt3 based KDE 3.x is no longer supported by upstream, they would understandably drop their own support.
Lots of distributions handled it very well indeed.
I'm sure Yellow Dog Linux or Blue Kitten and many other distributions handled this extremely well. However, the problem is, that the two most popular distributions didn't...
As far as (k)ubuntu goes, I personally think they were on the right track for a minute there with 8.04, having the two versions in two separate trees, but they jumped way too soon
Indeed, as you say, 8.04 was still fine: you had a choice. But they really should have waited until 9.04 (or even better: 9.10) until they dropped KDE 3. Forcring KDE 4 in 8.10 was way too premature (and I skipped this release for exactly that reasion, and was still disappointed by KDE 4's state in 9.04)
but they jumped way too soon, when not only was KDE 4.1 not ready for public consumption, but the Kubuntu team didn't have any sort of graceful upgrade path in place. I mean, for fuck's sake, whose fault is that?
Kubuntu's fault, surely. Too bad Fedora did exactly the same mistake.
Shouldn't KDE 4's alpha status have been communicated much more clearly to the distributors?
I have no idea how it could have been
Maybe start by acknowledging the problems, rather than label any reports about problems as being made by "fucking assholes".
I sincerely hope that everybody involved here learned the lesson, and won't repeat the same mistake for KDE 5.0...
Except the distributions. Who somehow got the impression that KDE 3.x was no longer supported, that they had to upgrade to KDE 4, and that any bitching about KDE4's premature inclusion was just a "pet peeve".
How come that distributors were so much out of phase with the KDE developpers? Shouldn't KDE 4's alpha status have been communicated much more clearly to the distributors? Especially since more than one distribution (at least Fedora and Kubuntu) made the same "mistake"?
Not entirely true. I don't know how the KDE team managed it, but at some point in time, long before KDE 4 was actually something I'd call stable, most distributions (Fedora, Kubuntu,...) dropped KDE 3 support.
So, if you wanted to upgrade your distribution (in order to get new version of other programs, not related to KDE), you were pretty much stuck with KDE4.
Wow... how long has it been since someone was modded UP for goatse?
Amazing! Doubly amazing since it's not even the correct address any longer (the legitimate site has been shut down, and is now occupied by a squatter who is into robot fetish...).
An address that still serves the original content is http://goatse.fr
Of course they're saying there is no cause for concern, it's their job that's on the line. Risks to humanity, the planet etc. be damned, we want our LHC!
Fortunately, we can rely on our trusty baguette dropping birds to save humanity from its certain fate by annihilation. Vive la France!
even if simply displays user submitted data like *comments*, a malicious user may upload content that contains a policy XML snippet
Unless the comments are served as text/plain and included in an iframe (unlikelyly complex...), any xml tag included would be html escaped, and thus rendered ineffective. <policy> would become <policy> and lose any special power it had.
If on the other hand, comments were not html-escaped, while still being served as text/html, the web site would have bigger issues than this flash vulnerability, as anybody could just include javascript instead.
(the resulting file doesn't have to start with the snippet as well due to some specific of how the content is parsed)
Hmm, if a prefix to the XML snippet was ignored, and the suffix too, then image uploads might become vulnerable (most sites don't re-encode uploaded images, and probably none scan the binaries for byte-sequences that happen to look like valid xml...).
The banana fruit grow in hanging clusters, with up to 20 fruit to a tier (called a hand), and 3–20 tiers to a bunch. The total of the hanging clusters is known as a bunch, or commercially as a "banana stem", and can weigh from 30–50 kg. The fruit averages 125 g, of which approximately 75% is water and 25% dry matter content. Each individual fruit (known as a banana or 'finger') has a protective outer layer (a peel or skin) with a fleshy edible inner portion.
But don't worry: due to the financial crisis, more and more people will realize that in this day and age, there are more important things to spend money on, and the system will be canceled. You may view the financial crisis as the ultimate "freak accident triggered from the future in order to prevent Higgs discovery".
... and it was not an entire baguette, just a small slice of it. An entire baguette would never have been able to tunnel through the roof (tunnel effect is inversely proportional to the mass of the "particle").
Slashdot Mirror
or maybe just doesn't like pussy, to deal with it.
Probably. Indeed, 20 minutes ago, I posted a banana comment to today's food story, and it is still up...
Sure you you answer: "Never, as there is always some tasty pussy around me" or something similar. Or "Never, as there is always some tasty banana nearby" if that's the way you swing.
Is it silly he got in trouble for this? Yes. If he weren't swearing and were more polite in post would it have happened? Unlikely.
Well, in this particular case, the whole point was to shock. If he had said, "I have performed cunilingus on my girlfriend", it would
... battery-powered vibrators?
I think if you do some research you will find that the overwhelming consensus of historians (and even that is a bit of an understatement) agree that it was the longbow that made plate armor obsolete.
I'm just sayin'... you can look it up yourself.
I did:
So, it was gunfire which made plate armor obsolete, not longbows.
It's bomb-proof, not rocket-proof...
Wow, is that bug report yours? Because if it is, you're a fucking asshole.
What is this? Running out of arguments and feeling the need to make this up with a foul mouth or what?
Anyway, there were two fairly sizable bugfix releases to 3.5 in the six months directly after 4.0 came out. But if you're expecting the KDE development team to continue support two entirely different and non-compatible desktop environments, each based on different toolkits (Qt 3 and 4), indefinitely, well... Tough shit, I guess.
Maybe not indefinately, but at least long enough until KDE 4 was mature enough for production. But maybe, if I'm already going to switch to a different and non-compatible desktop, it should rather be Gnome...
I don't really know what to tell you. Everybody knew what the fuck was going on.
Many probably knew what was going on. But for some weird reason many others seemed to believe that the KDE development team would not continue to support two entirely different and non-compatible desktop environments, each based on different toolkits (Qt 3 and 4). If somehow distributions got the idea that the Qt3 based KDE 3.x is no longer supported by upstream, they would understandably drop their own support.
Lots of distributions handled it very well indeed.
I'm sure Yellow Dog Linux or Blue Kitten and many other distributions handled this extremely well. However, the problem is, that the two most popular distributions didn't...
As far as (k)ubuntu goes, I personally think they were on the right track for a minute there with 8.04, having the two versions in two separate trees, but they jumped way too soon
Indeed, as you say, 8.04 was still fine: you had a choice. But they really should have waited until 9.04 (or even better: 9.10) until they dropped KDE 3. Forcring KDE 4 in 8.10 was way too premature (and I skipped this release for exactly that reasion, and was still disappointed by KDE 4's state in 9.04)
but they jumped way too soon, when not only was KDE 4.1 not ready for public consumption, but the Kubuntu team didn't have any sort of graceful upgrade path in place. I mean, for fuck's sake, whose fault is that?
Kubuntu's fault, surely. Too bad Fedora did exactly the same mistake.
Shouldn't KDE 4's alpha status have been communicated much more clearly to the distributors?
I have no idea how it could have been
Maybe start by acknowledging the problems, rather than label any reports about problems as being made by "fucking assholes".
I sincerely hope that everybody involved here learned the lesson, and won't repeat the same mistake for KDE 5.0...
No one was ignorant.
Except the distributions. Who somehow got the impression that KDE 3.x was no longer supported, that they had to upgrade to KDE 4, and that any bitching about KDE4's premature inclusion was just a "pet peeve".
How come that distributors were so much out of phase with the KDE developpers? Shouldn't KDE 4's alpha status have been communicated much more clearly to the distributors? Especially since more than one distribution (at least Fedora and Kubuntu) made the same "mistake"?
Or maybe not just state-run companies even...
See, nobody forces you to update.
Not entirely true. I don't know how the KDE team managed it, but at some point in time, long before KDE 4 was actually something I'd call stable, most distributions (Fedora, Kubuntu, ...) dropped KDE 3 support.
So, if you wanted to upgrade your distribution (in order to get new version of other programs, not related to KDE), you were pretty much stuck with KDE4.
Wow... how long has it been since someone was modded UP for goatse?
Amazing! Doubly amazing since it's not even the correct address any longer (the legitimate site has been shut down, and is now occupied by a squatter who is into robot fetish...).
An address that still serves the original content is http://goatse.fr
Enjoy, and let the mod points roll in!
Of course they're saying there is no cause for concern, it's their job that's on the line. Risks to humanity, the planet etc. be damned, we want our LHC!
Fortunately, we can rely on our trusty baguette dropping birds to save humanity from its certain fate by annihilation. Vive la France!
You seem intrigued in micro black holes. Now that you are interested in girls, try the front.
Well, the "more suck" theory would probably work for men too...
After a little bit of looking further, I found it:
~/.macromedia/Flash_Player/#SharedObjects/
I get the gist of the article - user flash content shouldn't be served from the same domain as your app.
Just let's hope that flash doesn't share the same vulnerability as java, where a malicious app can just fool the VM using conn.setRequestProperty("Host", "appdomain.target.com"); .
Where they are exactly depends on your browser and OS, but they're still just regular files.
You still need to know the file name. And it doesn't seem to be anything obvious stored under .mozilla and containing flash in its name...
even if simply displays user submitted data like *comments*, a malicious user may upload content that contains a policy XML snippet
Unless the comments are served as text/plain and included in an iframe (unlikelyly complex...), any xml tag included would be html escaped, and thus rendered ineffective. <policy> would become <policy> and lose any special power it had.
If on the other hand, comments were not html-escaped, while still being served as text/html, the web site would have bigger issues than this flash vulnerability, as anybody could just include javascript instead.
(the resulting file doesn't have to start with the snippet as well due to some specific of how the content is parsed)
Hmm, if a prefix to the XML snippet was ignored, and the suffix too, then image uploads might become vulnerable (most sites don't re-encode uploaded images, and probably none scan the binaries for byte-sequences that happen to look like valid xml...).
Hands/fingers of bananas? That's a new one to me.
Here is what Wikipedia says about it:
only if you eat the spot.
So what's the advantage over labels again, if you need to throw away the etched spot?
Who's paying for this piece of junk again?
All of us are... via the taxes that we pay.
But don't worry: due to the financial crisis, more and more people will realize that in this day and age, there are more important things to spend money on, and the system will be canceled. You may view the financial crisis as the ultimate "freak accident triggered from the future in order to prevent Higgs discovery".
Should have guessed the Buguette would be made of Electrons.
... and protons and neutrons, all of which are perfectly capable of the tunnel effect!
Oh, and it started out as a Baguette. It only became a Buguette after it fell into the machinery...
Yeah, something called "Rain" comes to mind...
The LHC is on the Swiss/French border, not in the UK...
But birds could have dropped something funnier than a slice of bread...
... and it was not an entire baguette, just a small slice of it. An entire baguette would never have been able to tunnel through the roof (tunnel effect is inversely proportional to the mass of the "particle").
put some kind of roofing over the most vulnerable exterior equipment.
There was a roof over it... but unfortunately they forgot about the tunnel effect...
If all your bananas are 1/4 covered with messages, what are you going to do about it? Not buy any?
I dunno... maybe trade your banana for the one you want to have? Why pay for something that you can have for free?