Not a programmer? Submit a feature request. Create a bugreport about your claimed security flaws.
I used slashdot for these issues (MathML maybe loading when it shouldn't, possible attack using multiple plugins) because I don't know what mozilla currently does. I figured someone around here would know what mozilla's current behavior is, and either tell me about it or submit a bug report themselves.
BTW, I am a programmer. I just don't want to spend weeks trying to figure out how the mozilla code works in order to submit patches for a small number of bugs, especially since I doubt many of my patches would be applied to the tree.
IF YOU DON'T LIKE IT, GET OFF YOUR ASS AND HELP.
I've already submitted 93 bugs, but thanks for your suggestion. I also help a little to maintain bugzilla, which theoretically helps the netscape enginerrs and other code contributors to concentrate on fixing bugs and not duplicate each others' work.
I think that most of the memory hogging features in Mozilla are pretty relevant and needed. For example, enabling MathML. I wish all the current webbrowsers were MathML enabled, but we have a long way to go.
I don't know much about MathML, but I hope it isn't loading every time I start mozilla, because I want my browser to load quickly.
Side note: is mozilla safe against an attack where a malicious page asks the browser to 15 plugins at once? This is one of many possible attacks that might make mozilla and perhaps the rest of a Windows system unresponsive without crashing the browser.
Why dont you complete the support for CSS 2.0 in Mozilla for us?
Some people aren't intamately familiar with the CSS 2.0 specs. Some people have the time and starting knowledge to find bugs, but not to become familiar with the mozilla source code. Asking them why they don't program it themselves is counter-productive because it discourages them from contributing to the project.
Mozilla is still vulnerable to a lot of the same old security holes that Netscape and Internet Explorer are (see my sig). Instead of adding memory-hogging features, guys, why don't you make mozilla the one browser that is secure from all types of attacks?
I guess you could call it one, but it's not an intervention in the same way that opening an executable e-mail attachment is. The malicious code that I think the original person was referring to actually exploited a security hole, allowing it to run arbitrary code including "forward this message to everyone in your address book".
Outlook express happens to show an e-mail in a panel as soon as you click on it, but that's not really important here; even if the user had to double-click the message to trigger the malicious code, he/she probably would (expecting that simply reading an e-mail should be safe, and most likely knowing the person who sent the message).
April 1, 2000 Microsoft Withdraws Bid for World Domination
Microsoft (www.microsoft.com) withdrew its undiclosed-size bid for world domination this Saturday morning. Bob Young declined to comment on the status of his competing bid.
Shortly afterward, the United States Department of Justice announced that it had reached an agreement with the software giant five days ahead of time. Judge Jackson declined to outline the agreement, but stated that it was a "fairly simple" agreement and that the United States was "satisfied" with the outcome. A Microsoft spokesperson said that she was not able to comment about the ruling.
In related news, Microsoft is also considering withdrawing its sponsorship of the space shuttle program. When asked what corporation might replace Microsoft, NASA head Daniel Goldin said he hadn't started accepting new bids yet, but added that he definately didn't want Microsoft's motto to be replaced by a penguin. "Then we would get tens of e-mails a day asking why we didn't open-source this or OPL t hat. On peak days we would be sure to get tens of thousands of e-mails."
--
iridium suicides may help solve light/sound puzzle
on
A Eulogy for Iridium
·
· Score: 2
Fireballs sometimes can be heard before they can be seen, and theories about why that happens may be tested as the Iridium satellites burn up.
Compaq computers come with keyboards with a bunch of extra keys, and there's a program that always sits in your system tray that lets you configure the keyboard. The program isn't in the windows start menu, so you have to go through a convoluted series of steps to stop it from coming up each time you start your computer:
1. Run msconfig.exe from start, run (alternatively, accessories | system tools | system information, tools | system configuration)
2. Under the "startup" tab, look for the program and uncheck it. It should be called "CPQEASYACC".
3. Create a shortcut to the program in case you want to use it later.
4. Uncheck the box next to "CPQEASYACC" in msconfig.
Similar methods might be necessary for computers sold with AOL keyboards or computers sold by other manufacturers; I've only tried Compaq.
of course that you can assure me that it truly is prime
Isn't there an algorithm that you can run on large numbers to determine with pretty good probability whether a supposed prime number is actually prime?
And as much as we all hate Microsoft, at least Internet Explorer works and is compliant with all but the latest W3C standards.
Keep in mind that making a browser "standards-compliant" is not a trivial task. There are many standards in existance, and they're each so complicated that it's quite difficult to comply with any one specifically. Now consider that many websites don't supply a "doctype" (especially ones made before doctype was strongly suggested!) telling the browser exactly which specification of HTML to use, and you have a big problem.
Check out the nice flamewar I had with Ian Hickson over whether it was useful to comply with a standard present in HTML 4.00 but not in 4.01, even if it broke a large number of webpages. He wanted to display the text "clear" when "clear.gif" didn't exist, no matter how big the height and width specified for the image was; I wanted sites like napster and babelfish to continue displaying nicely, but didn't mind if the browser would alert the user that an image on the page didn't exist.
If they release too early, that could further damage the reputation of open source.
Just in case someone tries to toss "release early, release often" into the fray: remember that mozilla puts up "nightly builds" several times a day, and that many people grab the builds (and code) every day, and report both transient bugs and bugs that have been around for a while (usually not without checking to make sure they're not submitting a duplicate bug). At this point, there are plenty of people using mozilla and finding bugs (perhaps too many -- people spend time maintaining the bug-tracking system bugzilla, and a lot of that time is marking duplicate bugs). The bugathon is evidence that they're trying to get other people on the Internet to help find duplicates and, more importantly, simplify bugs into test cases that allow a programmer to be certain when a problem happens and when it doesn't.
It's not going to help mozilla much to have lots of people using the browser, although I wouldn't expect permanent damage as long as Netscape makes it clear that this is a particularly buggy (and not feature complete) beta.
I'm sure we could find more than enough volunteers to goto Mars on a one-way trip. I would almost consider it myself.
There are major political problems with that. Remember, so far, no human has yet died beyond Earth's atmosphere. I think Wernher von Braun said it pretty well shortly after the launch of Sputnik II:
"With existing IRBM hardware we could put a man into orbit in a year. But don't ask me how we'd get him back. If a man would be ready to sacrifice his life by being fired into orbit it would answer some of the questions about space flight, but even if one volunteered we probably couldn't find anybody willing to shoot him up there." (source)
The ITU = International Telecommunication Union (with a *.int domain name, ooh, aah) has a broken search engine on its site so I can't do an internal search for "Iridium". I'm sure there's something good on there, though.
Some FCC (United States, Federal Communications Commission) stuff on Iridium authorization.
The Netherlands Foundation for Research in Astronomy had some stuff in an old newsletter about Iridium and radio interference.
Ok, I think it's safe to limit this discussion to machines with one or two users who don't normally log in as root.
[Disclaimer: I'm not a linux user.]
It's possible for a virus to modify the programs that each user has installed so that the file formats are changed, perhaps to include encryption with a unique key for each instance of the virus. That makes any normal form of backup bad. Your "delta" idea would work a lot better, although any changes made after the virus started encrypting data would still be lost unless a method could be devised to get the virus to give up its encryption key. (And this would be worse than having your data wiped out at first, because you could recover everything in that case using the diffs.)
It also seemed a little weird that they are still selling the service online on the Iridium web site.
Actually, if you go in beyond the front page of the Iridium site, there's a link to an "urgent customer message" at the top. It doesn't exactly stand out in terms of color, but it's there.
However, in the event that no qualified buyer comes forward and provides additional funding by Wednesday, March 15, 2000, Iridium expects to terminate its service at 11:59 pm (EST) on March 17, 2000.
Slashdot Mirror
I used slashdot for these issues (MathML maybe loading when it shouldn't, possible attack using multiple plugins) because I don't know what mozilla currently does. I figured someone around here would know what mozilla's current behavior is, and either tell me about it or submit a bug report themselves.
BTW, I am a programmer. I just don't want to spend weeks trying to figure out how the mozilla code works in order to submit patches for a small number of bugs, especially since I doubt many of my patches would be applied to the tree.
IF YOU DON'T LIKE IT, GET OFF YOUR ASS AND HELP.
I've already submitted 93 bugs, but thanks for your suggestion. I also help a little to maintain bugzilla, which theoretically helps the netscape enginerrs and other code contributors to concentrate on fixing bugs and not duplicate each others' work.
--
I don't know much about MathML, but I hope it isn't loading every time I start mozilla, because I want my browser to load quickly.
Side note: is mozilla safe against an attack where a malicious page asks the browser to 15 plugins at once? This is one of many possible attacks that might make mozilla and perhaps the rest of a Windows system unresponsive without crashing the browser.
--
Some people aren't intamately familiar with the CSS 2.0 specs. Some people have the time and starting knowledge to find bugs, but not to become familiar with the mozilla source code. Asking them why they don't program it themselves is counter-productive because it discourages them from contributing to the project.
--
--
I submitted it a few days before the 29th but it wasn't posted, but I won't whine because the joke really does fit better with April Fool's Day.
--
I guess you could call it one, but it's not an intervention in the same way that opening an executable e-mail attachment is. The malicious code that I think the original person was referring to actually exploited a security hole, allowing it to run arbitrary code including "forward this message to everyone in your address book".
Outlook express happens to show an e-mail in a panel as soon as you click on it, but that's not really important here; even if the user had to double-click the message to trigger the malicious code, he/she probably would (expecting that simply reading an e-mail should be safe, and most likely knowing the person who sent the message).
--
HEREISSOMEIMPORTANTINFORMATION.BEWAREOFAFILECAL
so i doubt it's that old
--
Isn't it called a "worm" when it exploits software holes without intervention from the victim?
--
Microsoft Withdraws Bid for World Domination
Microsoft (www.microsoft.com) withdrew its undiclosed-size bid for world domination this Saturday morning. Bob Young declined to comment on the status of his competing bid.
Shortly afterward, the United States Department of Justice announced that it had reached an agreement with the software giant five days ahead of time. Judge Jackson declined to outline the agreement, but stated that it was a "fairly simple" agreement and that the United States was "satisfied" with the outcome. A Microsoft spokesperson said that she was not able to comment about the ruling.
In related news, Microsoft is also considering withdrawing its sponsorship of the space shuttle program. When asked what corporation might replace Microsoft, NASA head Daniel Goldin said he hadn't started accepting new bids yet, but added that he definately didn't want Microsoft's motto to be replaced by a penguin. "Then we would get tens of e-mails a day asking why we didn't open-source this or OPL t hat. On peak days we would be sure to get tens of thousands of e-mails."
--
http://www.space.com/science
--
There are some bugs that are closed to the public. At least four SSL bugs (all dependencies of 13785) are: 28335, 28418, 28430, and 28333.
--
--
1. Run msconfig.exe from start, run (alternatively, accessories | system tools | system information, tools | system configuration)
2. Under the "startup" tab, look for the program and uncheck it. It should be called "CPQEASYACC".
3. Create a shortcut to the program in case you want to use it later.
4. Uncheck the box next to "CPQEASYACC" in msconfig.
Similar methods might be necessary for computers sold with AOL keyboards or computers sold by other manufacturers; I've only tried Compaq.
--
Huh? I thought if you "solved" one problem in NP-Complete, you automatically solved them all.
("Solving" meaning creating an algorithm that runs in polynomial time instead of exponential time)
--
Isn't there an algorithm that you can run on large numbers to determine with pretty good probability whether a supposed prime number is actually prime?
--
Keep in mind that making a browser "standards-compliant" is not a trivial task. There are many standards in existance, and they're each so complicated that it's quite difficult to comply with any one specifically. Now consider that many websites don't supply a "doctype" (especially ones made before doctype was strongly suggested!) telling the browser exactly which specification of HTML to use, and you have a big problem.
Check out the nice flamewar I had with Ian Hickson over whether it was useful to comply with a standard present in HTML 4.00 but not in 4.01, even if it broke a large number of webpages. He wanted to display the text "clear" when "clear.gif" didn't exist, no matter how big the height and width specified for the image was; I wanted sites like napster and babelfish to continue displaying nicely, but didn't mind if the browser would alert the user that an image on the page didn't exist.
--
--
Just in case someone tries to toss "release early, release often" into the fray: remember that mozilla puts up "nightly builds" several times a day, and that many people grab the builds (and code) every day, and report both transient bugs and bugs that have been around for a while (usually not without checking to make sure they're not submitting a duplicate bug). At this point, there are plenty of people using mozilla and finding bugs (perhaps too many -- people spend time maintaining the bug-tracking system bugzilla, and a lot of that time is marking duplicate bugs). The bugathon is evidence that they're trying to get other people on the Internet to help find duplicates and, more importantly, simplify bugs into test cases that allow a programmer to be certain when a problem happens and when it doesn't.
It's not going to help mozilla much to have lots of people using the browser, although I wouldn't expect permanent damage as long as Netscape makes it clear that this is a particularly buggy (and not feature complete) beta.
--
Yep. Do a bugzilla search for is.only.xul in the description field.
--
There are major political problems with that. Remember, so far, no human has yet died beyond Earth's atmosphere. I think Wernher von Braun said it pretty well shortly after the launch of Sputnik II:
"With existing IRBM hardware we could put a man into orbit in a year. But don't ask me how we'd get him back. If a man would be ready to sacrifice his life by being fired into orbit it would answer some of the questions about space flight, but even if one volunteered we probably couldn't find anybody willing to shoot him up there." (source)
--
The ITU = International Telecommunication Union (with a *.int domain name, ooh, aah) has a broken search engine on its site so I can't do an internal search for "Iridium". I'm sure there's something good on there, though.
Some FCC (United States, Federal Communications Commission) stuff on Iridium authorization.
The Netherlands Foundation for Research in Astronomy had some stuff in an old newsletter about Iridium and radio interference.
Thanks to "astrophysics" for mentioning the ITU again.
--
[Disclaimer: I'm not a linux user.]
It's possible for a virus to modify the programs that each user has installed so that the file formats are changed, perhaps to include encryption with a unique key for each instance of the virus. That makes any normal form of backup bad. Your "delta" idea would work a lot better, although any changes made after the virus started encrypting data would still be lost unless a method could be devised to get the virus to give up its encryption key. (And this would be worse than having your data wiped out at first, because you could recover everything in that case using the diffs.)
--
--
Actually, if you go in beyond the front page of the Iridium site, there's a link to an "urgent customer message" at the top. It doesn't exactly stand out in terms of color, but it's there.
The "urgent message" saysbut it's Thursday evening (US) now...
--
<plug>The Mars Society</plug>
--