I think Nick's missed the real meaning of the
(over-used) phrase.
"...wants to be free" doesn't mean that
everyone has a right to copy any information.
We still, now, mostly respect the idea of
old-school copyrights with all their in-built
fair-use provisions.
What it means is that it's very difficult to
stop people copying information. To do it
would require not only complicated and
annoying copy-protection and licensing schemes
that kill the traditional copyright-based
rights we have, but also an insanely harsh
set of laws against circumventing them. To
effectively stop copying, you have to build
what is more or less a fascist state. Most
people consider this sort of effort to counter
information being free far too much hard work,
if not simply unnatural.
Of course this is exactly the action the MPAA,
RIAA, and other DMCA proponents are working on
right now. They'd happily screw up the world
to protect their right to make a buck from
someone else's work. Because the world owes them a living, you see.
Why not have the server host misc. content, with the instuctions embedded in the HTML?
Bzzt bzzt!
I still can't get to the HNN article, but I can tell you that such a virus is indeed possible, because I've written one.
As well as trapping filing system calls to stealth the virus, it is possible to take the opportunity (while a file is being accessed, so the user wouldn't notice a slowdown) to scan through the file for magic words that cause embedded code to execute locally. You need a CRC to avoid executing random code of course, and a text encoding scheme (I used a 64-bit code starting at '?').
Thus you can turn any non-executable piece of content (mail, web page, news posting) into a harbour for native executable code, something that up to now Microsoft have at least only been doing by accident.;-) The advantage is that the client itself accesses the code; unless BO and co., the virus supplier doesn't need to make a connection to the victim machine to execute things on it.
Obviously I no intention of letting this see the light of day, but it's also unlikely to take over the 'net since it doesn't run on Windows. I guess it'd be possible, but I don't have enough knowledge of Windows internals (shurely m4d sk1llz? -Ed.) to write it.
Anyway, it'd have to be rewritten into a mail worm, since actual viruses are terribly out-of-fashion these days. <g>
No, they've been just as bad for ages, and it warns you so if you manage to get through to the application form. I've still not managed to get the form to submit, and I guess now/. have posted it I don't stand an individual's chance in court against Mattel.
They've probably slowed the server down to avoid too many members joining up. After all they'd soon burn through that grant money if they had to air-mail a few hundred thousand PINs...
Well done, you got First Lame pr0n Post. You get a yoghurt prize!
Now I can play all my MPAA approved pr0n in true to life size.
What, on a 6cm screen? What are you, a nanobot fetishist or something?
Not to mention the endless possibilities for cereal boxes...
It's only a screen, printed onto silicon; it still needs a ton of electronics to drive it. It's not going to kill paper. Or even put give us free pr0n on the side of our Rice Krispies. One day, something related to this might be able to replace some kinds of displays. But then we've had stories like this on Slashdot approximately once a month for the last few years, and there's no sign yet.
It would be nice if they got the 1000 hours thing sorted out. Because my monitor's going wonky and I'll be damned if I'm ever going to buy a crappy CRT again.
Time for another/. round of "spot the holes in the crap copy protection system".
The type-speed thing works on a specific pass-phrase rather than a computer-generated one-time "type this please" string, so typing speed should be easily duplicatable. Or one could set the input keypresses to a constant rate, to make it easy to fake.
And I presume this system is just as vulnerable to the likes of unfuck as anything else. Not much use being resistant to distribution schemes "like Napster and Gnutella" if you can turn them into MP3s or OGGs at the flick on an audio capture.
This is a particularly worrying part of musicrypt's 'technology' spiel (black text on a black background in my browser - nice):
When a connection to the Net does become available, the Client software transparently issues a 56-bit secure "back-channel" communication to our central Server module in order to give and receive updates on new and existing licenses.
Read: the publisher can at any time revoke your right to listen to the music you have purchased. And knows about every bit of music you listen to, but that's kind of obvious and expected these days, isn't it.
Once again, musicrypt, you lose. Once again, legitimate customers, you lose. Pirates? Well you're kind of unaffected. Hey ho.
They're pushing the work of maintaining a consistent database out of the engine and into programming and administration - this is bad practice.
As always, it depends.
If you're building an application around a specific database, and you want it to deal with as much as possible, sure, you want stored procedures, triggers, transactions, and as many integrity checks as possible.
If, however, you're building a database-backed web site, you want a commodity DBMS: one that's not going to take over every aspect of your system. Because chances are your project is going to have to run under a different DBMS on a different OS at some point in the future, or you'll need to rebuild the database from scratch. If you've sold your soul to Oracle once, your applications are decommoditised, and you're stuck with them.
Regarding transactions: well, HTTP is stateless, innit. The only way you're going to lose integrity with a half-done transaction is (a) through faulty programming and (b) through hard disc crash, kernel panic or some munchkin turning the server off at the mains. In both cases you may end up with more to worry about than whether the transaction finished or not. If you're that worried about data integrity you'll not only need a transaction-capable DBMS, but also backup databases and/or RAID.
Most websites don't need this. The MySQL folks deliberately tell you MySQL shouldn't be used for applications where this stuff is important. But everyone still has a rant about it whenever MySQL is mentioned on slashdot.
...or when Perl is mentioned, come to think of it.:-) Now, I'm as much a Python bigot as anyone, but isn't the Python DBI spec a bit of a mess in comparison? Well, it would be nice if more things conformed to it, anyways...
Bahh, yer wuss. Here's a summary for the legally-challenged amongst us:
The service consists of a human interface component comprising starter utility object consisting of the utility server resulting in the database service consisting of a utility network connection whereas said utility server consisting of a remote host apparatus connected by desired database object consisting of a database computer consisting of the utility server consisting of a database functionality connected by desired remote host object resulting in said utility service resulting in starter database object comprising desired utility object connected by a utility client comprising starter database object providing access to starter human interface computer comprising desired database computer whereas a remote host component resulting in a remote host computer providing access to starter utility component providing access to the human interface server consisting of a remote host apparatus comprising said remote host server connected by the human interface server whereas the database server consisting of the remote host object providing access to a database functionality.
The Duron will use Socket A. AMD have also anounced Socket A version of the Athlon too, iirc.
You mean the Thunderbird, right? Which'll probably be called an Athlon but will be of the same family as the Duron. Or something.
But either way, you'll need a motherboard. By the way, Socket 7? What where you thinking man?!
I really hope Socket A lasts as long as Socket 7 did. I'm fed up of all the processor packaging changes that have made upgrading the processor needs a new montherboard over the last few years. Screw Slot1|2|A/Socket8|370 or whatever - with this much change you might as well solder the bloody CPU onto the mainboard and be done with it. Enough of the cache-related cycles of reincarnation.
If Socket A can hang around a bit, a Duron system looks pretty attractive for what I want... but when are the DDR mobos likely to come out?
Our main project for the semester was to build a behavioral and structural model of a pipelined ARM7 processor.
That does sound kind of harsh, but then I'd hate even more to have to do it for any other kind of modern chip architecture.
The ARM instruction set is pretty clean, and dead dead easy to program even large projects in. Mind you, some of the newer ARMv4, Thumb instructions must be pretty hairy from an implementation POV, especially keeping backwards-compatibility with 26-bit addressing.
Hang on, what's this story doing on/., anyways? The Amulet project has been going a long, long time and achieved ARM9-level performance some time ago, IIRC. Asynchronous chips are interesting but the power of mainstream (particularly x86) processors has kept increasing at such a rate no-one has yet needed to make the huge change of design strategy. I don't expect to see async chips in the mainstream until Moore's law is well and truly broken.
There shouldn't be any;.nato was a TLD formed on the whim of one Mark Pullen at DARPA, before nato.int was sorted out. No subdomains were allocated and it should have died out by now.
Here's hoping the.eu registers enforce some kind of rule to stop all the domains being instantly sold to the foul parasitic domain brokers that have so royally fucked up the existing namespace, charging stupid prices for what was once a public good.
A Web browser is a Web browser. A file manager is a file manager. A media player is a media player. Trying to combine these into one massive app is just a bad idea.
Am inclined to agree. They've done it because it's 'cool' and shows off the elegance of the underlying componentised design, I guess, but the very screenshots they use to show this off clearly demonstrate why this is a usability nightmare:
Here you've got several unrelated applications munged together in panes of one window, with one menu bar and tool bar for all of them, but one status bar for each of them, which seems unrelated to the content pane. It's unclear how the panes relate to each other and how changes in one might affect the others and the rest of the system.
The advantage of this over having separate windows which the user can manage themselves? None AFAICT.
Konq's a great web browser though. I easily prefer even v1 to Netscape 4.
sexxybabes.com.org.net.or.anything is not taken yet.
Not yet, no. But resorting to mis-spelling words in order to get a domain name is surely a sign that things have gone too far?
It's the fencing of common land all over again. What was previously held to be a public realm becomes property, to the benefit of almost nobody.
The law doth punish the website author, Who builds a site at a domain with a name a bit like another, But leaves the greater felon loose, Who buys up all the domains and puts nothing there just to earn a quick buck off authors who want to build something at a domain they would previously have got for a reasonable price.
Hmm... scanning's not quite there yet. Needs work.
Sure, it's interesting, but it's yet more bizarre syntax that is going to be hell to debug.
I agree. It's a feature that places more emphasis on the confusion between mutable objects and value types that seems to exist in most popular programming languages.
The problem is variables: sometimes when you write them, they get evaluated immediately (print a), and sometimes they only represent a reference. Perl is extending the range of situations where the latter occurs by allowing these lvalues to be returned from subroutines. I'm also not greatly happy with the way you specify that a routine returns an lvalue in the header of the routine rather than in the return statement it actually affects; I see this causing many bugs.
The solution in MOPL (My Own Pet Language) would be to make all variables objects, so that when you write their names it always means a reference to the object. And use constants instead of variables for holding immutable values to minimise use of variables.
Some functional languages already solve the value/object problem quite elegantly....by not having mutables at all. Hmm.
Anyway. I doubt this one'll tempt me to Perl; it's already got so many language features I haven't managed to learn yet, I don't need any more! Guess that's why I liked Python: I had picked it up, learned the language features, and starting writing production code in less than half an hour. But hey, I wouldn't want to start a Perl/Python flame war or anything.;-) (After all, Python causes as much object-value confusion as any other language, when lists are mutables but tuples are not.)
then they'd lose their ability to make money from the pics...
Not at all. They could (and should) provide a high resolution to buy for download (as well as selling photos/posters), and a smaller version for standard web browsing.
I'm afraid they've already lost the ability to make money from the pics, if you contend that unprotected content cannot be charged for. I haven't tried their plugin thing yet because the site is still down, but regardless of what nasty hacks it may do to try to stop screen grabbers working, any image that makes its way to the screen can be intercepted at some point. I shall be glad to have a go, should the site come up at some point, and if the plug-in works at all through my firewall.
Plus of course, after paying to download an image, I don't see any reason you couldn't simply e-mail it to someone else.
I really don't think they're onto a winner here. Their copy protection will lose them customers, like rwade. If a plugin has to be installed, then whoops they've just lost the great majority of office workers, who don't have admin privs. You know, for some reason, consumers don't actually like being inconvenienced for no other reason than a company's lack of trust.
I have stopped using both terraservers because microsoft terraserver doesn't have any good images, and the regular terra server uses a deathly slow plugin
Gagh. How long until companies get the message? Copy protection always inconveniences the legitimate customer (like you), and does nothing to stop anyone dedicated to making a copy. In this case, with a screen capture application. For example.
Sorry to be off-topic, but this kind of crap really annoys me, and it's difficult to discuss the pics themselves when none of us can see them. Maybe if they just used a normal web server with JPEG files on it, it would be able to stand up better. Bah.
terraserver.microsoft.com seems to be creaking now as well. Mind you, having a 140K animated GIF at the top of each page probably wasn't a massively great design strategy...
We've got three reports from newspapers, two of which are re-runs of the original one
Update: here's another re-run, this time from The Register.
They include an attribution of identification to.rain.forest.puppy, who has, as they state, successfully indentified other NT hacks (most recently problems with RDS). So it seems this problem is probably real.
Shit.
However the code got there... if this didn't get spotted my QA, I am flabbergasted at the incompetence. If this did get spotted and was let through, I am flabbergasted at the unprofessionalism. Either way, MS are going to receive a whole bowlful of flabbergast.
I'd just like to make this point again: what I want from a web server is the ability to read HTTP requests and either read a file or call a CGI script. It should support SSL, and chunked transfer-encoding, and be fast. That is all I need.
I do not want a web server to:
have extensions to let me upload pages through HTTP; FTP is perfectly good for that thank you very much.
do authentication; my scripts can handle that perfectly well thanks, and I don't appreciate servers fiddling with my headers and messing it up by trying to take control. IIS and Apache both think their own authentication methods are sufficient, but for any web application involving dynamic users, it's not. IIS is particularly amusing in this regard, using the NT userbase.
listen to any kind of protocol that isn't HTTP or HTTPS.
include by default all kinds of esoteric features, like IIS's selection of ASP, HTR, IDC filters, which have proved to harbour exploitable bugs.
include by default examples, documentation and administration tools as live, publically accessible web sites. (IIS putting its documentation in a format that needs IIS to be actively running and in full working order to be able to read is particularly good.)
have custom error pages set up by default that prevent authentication and redirection from working.
think it can handle cache control better than me.
non-optionally install a bunch of system utilities without giving any idea what they do.
Bloat begets bugs. I just want a simple web server.
Nah, it just looks like a revision attribution header to me. Hang on.... Jkatzman???
Jon Katz works for MS shock!!!
Seriously, I'm really craving some fact about now. We've got three reports from newspapers, two of which are re-runs of the original one, and all of which are from mainstream sources not historically always 100% accurate with technical matters.
Judging my Microsoft's description of dvwssr.dll, it's there to allow authorised users to download the ASP source of a page; therefore, the break-in potential is on a par with the::$DATA exploit that some webmasters have not yet fixed. Wise script authors try to avoid putting sensitive data (eg. database login details) in scripts, but there is still potential for break-ins.
But we still don't know if this is exploitable. I haven't got a FrontPage client or server here to try it on, but someone must be able to have a go. Why is there still no word from Microsoft? We'll all look rather silly if we've been ranting here about a simple hidden message. Hell, I hide daft quotes and stuff like that in my binaries all the time, specifically for hackers to find.
And, you can always use fixed-point arithmetic (an often overlooked technique
Indeed. I believe some versions of Quake for ARM processors have indeed been optimised this way. In a 3D game you're probably always going to need a bit of FP though.
My own personal experience - nothing to do with Quake and quite OT - is that floating point is very often overused. Some programmers seem to use it for any numeric variable, even if that variable will always have an integer value. The performance impact is lessened by newer processors with extremely good floating-point performance, but integer-only CPUs like the SA-110 are then screwed when the software is ported.
I prefer using integer and fixed-point arithmetic whenever possible because it's more deterministic; you don't have to worry about loss of precision on some platforms, or compares that aren't, or infinities and NaNs. But then that may just be a personal fetish based on spending years programming assembler on processors without FP. The StrongARM included.
we don't know yet exactly which software is affected: IIS, FrontPage, or both.
The CBS article makes this clearer: it is the IIS FrontPage extensions.
I'm really, really having trouble believeing this.
That Microsoft's developers could be so recklessly dumb as to add a backdoor that will surely be discovered eventually (unencoded plaintext in a DLL, FFS!!), thus playing right into the hands of the open-source-is-good-for-security argument, and no-one at MS noticed it... the mind boggles.
There's nothing up on microsoft.com about it yet either, which also strikes me as strange. Is this really true? If so, it must be the security howler of the year.
I personally can't check if it works as a backdoor, since on the NT web server here I deliberately de-installed all the crap IIS wants you to have (unnecessary script mappings, example sites, web admin, FrontPage extensions...). Contrary to what some sysadmins seem to think, security does not lie in keeping all the Microsoft default settings.
Jesus wept. Prepare for a lot of defaced web sites.
Slashdot Mirror
Since the Pentium !!! 1.13GHz has been withdrawn, its price seems pretty irrelevant.
The pricing of the Pentium 4 is much more interesting...
--
This comment was brought to you by And Clover.
I think Nick's missed the real meaning of the (over-used) phrase.
"...wants to be free" doesn't mean that everyone has a right to copy any information. We still, now, mostly respect the idea of old-school copyrights with all their in-built fair-use provisions.
What it means is that it's very difficult to stop people copying information. To do it would require not only complicated and annoying copy-protection and licensing schemes that kill the traditional copyright-based rights we have, but also an insanely harsh set of laws against circumventing them. To effectively stop copying, you have to build what is more or less a fascist state. Most people consider this sort of effort to counter information being free far too much hard work, if not simply unnatural.
Of course this is exactly the action the MPAA, RIAA, and other DMCA proponents are working on right now. They'd happily screw up the world to protect their right to make a buck from someone else's work. Because the world owes them a living, you see.
--
This comment was brought to you by And Clover.
Bzzt bzzt!
I still can't get to the HNN article, but I can tell you that such a virus is indeed possible, because I've written one.
As well as trapping filing system calls to stealth the virus, it is possible to take the opportunity (while a file is being accessed, so the user wouldn't notice a slowdown) to scan through the file for magic words that cause embedded code to execute locally. You need a CRC to avoid executing random code of course, and a text encoding scheme (I used a 64-bit code starting at '?').
Thus you can turn any non-executable piece of content (mail, web page, news posting) into a harbour for native executable code, something that up to now Microsoft have at least only been doing by accident. ;-) The advantage is that the client itself accesses the code; unless BO and co., the virus supplier doesn't need to make a connection to the victim machine to execute things on it.
Obviously I no intention of letting this see the light of day, but it's also unlikely to take over the 'net since it doesn't run on Windows. I guess it'd be possible, but I don't have enough knowledge of Windows internals (shurely m4d sk1llz? -Ed.) to write it.
Anyway, it'd have to be rewritten into a mail worm, since actual viruses are terribly out-of-fashion these days. <g>
--
This comment was brought to you by And Clover.
No, they've been just as bad for ages, and it warns you so if you manage to get through to the application form. I've still not managed to get the form to submit, and I guess now /. have posted it I don't stand an individual's chance in court against Mattel.
They've probably slowed the server down to avoid too many members joining up. After all they'd soon burn through that grant money if they had to air-mail a few hundred thousand PINs...
--
This comment was brought to you by And Clover.
Well done, you got First Lame pr0n Post. You get a yoghurt prize!
What, on a 6cm screen? What are you, a nanobot fetishist or something?
It's only a screen, printed onto silicon; it still needs a ton of electronics to drive it. It's not going to kill paper. Or even put give us free pr0n on the side of our Rice Krispies. One day, something related to this might be able to replace some kinds of displays. But then we've had stories like this on Slashdot approximately once a month for the last few years, and there's no sign yet.
It would be nice if they got the 1000 hours thing sorted out. Because my monitor's going wonky and I'll be damned if I'm ever going to buy a crappy CRT again.
--
This comment was brought to you by And Clover.
Sigh.
Time for another /. round of "spot the holes in the crap copy protection system".
The type-speed thing works on a specific pass-phrase rather than a computer-generated one-time "type this please" string, so typing speed should be easily duplicatable. Or one could set the input keypresses to a constant rate, to make it easy to fake.
And I presume this system is just as vulnerable to the likes of unfuck as anything else. Not much use being resistant to distribution schemes "like Napster and Gnutella" if you can turn them into MP3s or OGGs at the flick on an audio capture.
This is a particularly worrying part of musicrypt's 'technology' spiel (black text on a black background in my browser - nice):
Read: the publisher can at any time revoke your right to listen to the music you have purchased. And knows about every bit of music you listen to, but that's kind of obvious and expected these days, isn't it.
Once again, musicrypt, you lose. Once again, legitimate customers, you lose. Pirates? Well you're kind of unaffected. Hey ho.
--
This comment was brought to you by And Clover.
As always, it depends.
If you're building an application around a specific database, and you want it to deal with as much as possible, sure, you want stored procedures, triggers, transactions, and as many integrity checks as possible.
If, however, you're building a database-backed web site, you want a commodity DBMS: one that's not going to take over every aspect of your system. Because chances are your project is going to have to run under a different DBMS on a different OS at some point in the future, or you'll need to rebuild the database from scratch. If you've sold your soul to Oracle once, your applications are decommoditised, and you're stuck with them.
Regarding transactions: well, HTTP is stateless, innit. The only way you're going to lose integrity with a half-done transaction is (a) through faulty programming and (b) through hard disc crash, kernel panic or some munchkin turning the server off at the mains. In both cases you may end up with more to worry about than whether the transaction finished or not. If you're that worried about data integrity you'll not only need a transaction-capable DBMS, but also backup databases and/or RAID.
Most websites don't need this. The MySQL folks deliberately tell you MySQL shouldn't be used for applications where this stuff is important. But everyone still has a rant about it whenever MySQL is mentioned on slashdot.
--
This comment was brought to you by And Clover.
It's just a one-minute Python hack, but I can drag it out of the waste bin if you're really interested. You loony. :-)
#!/usr/local/bin/python
import whrandom
r= whrandom.whrandom()
art= ['a', 'said', 'the', 'a', 'desired', 'a', 'starter']
adj= ['human interface', 'database', 'utility', 'remote host']
nou= ['functionality', 'client', 'server', 'network connection', 'computer', 'component', 'object', 'service', 'apparatus']
ver= ['connected by', 'consisting of', 'comprising', 'resulting in', 'whereas', 'providing access to']
print 'The service consists of '
for i in range(30):
print r.choice(art)+' '+r.choice(adj)+' '+r.choice(nou)+' '+r.choice(ver)+' '
Quite so. (3, Interesting?!)
This just in... police are warning of a dangerous impure batch of $3 crack going around Moderatorsville...
--
This comment was brought to you by And Clover.
Bahh, yer wuss. Here's a summary for the legally-challenged amongst us:
The service consists of a human interface component comprising starter utility object consisting of the utility server resulting in the database service consisting of a utility network connection whereas said utility server consisting of a remote host apparatus connected by desired database object consisting of a database computer consisting of the utility server consisting of a database functionality connected by desired remote host object resulting in said utility service resulting in starter database object comprising desired utility object connected by a utility client comprising starter database object providing access to starter human interface computer comprising desired database computer whereas a remote host component resulting in a remote host computer providing access to starter utility component providing access to the human interface server consisting of a remote host apparatus comprising said remote host server connected by the human interface server whereas the database server consisting of the remote host object providing access to a database functionality.
I Am A Lawyer.
--
This comment was brought to you by And Clover.
You mean the Thunderbird, right? Which'll probably be called an Athlon but will be of the same family as the Duron. Or something.
I really hope Socket A lasts as long as Socket 7 did. I'm fed up of all the processor packaging changes that have made upgrading the processor needs a new montherboard over the last few years. Screw Slot1|2|A/Socket8|370 or whatever - with this much change you might as well solder the bloody CPU onto the mainboard and be done with it. Enough of the cache-related cycles of reincarnation.
If Socket A can hang around a bit, a Duron system looks pretty attractive for what I want... but when are the DDR mobos likely to come out?
--
This comment was brought to you by And Clover.
Arthur Lives!
--
This comment was brought to you by And Clover.
That does sound kind of harsh, but then I'd hate even more to have to do it for any other kind of modern chip architecture.
The ARM instruction set is pretty clean, and dead dead easy to program even large projects in. Mind you, some of the newer ARMv4, Thumb instructions must be pretty hairy from an implementation POV, especially keeping backwards-compatibility with 26-bit addressing.
Hang on, what's this story doing on /., anyways? The Amulet project has been going a long, long time and achieved ARM9-level performance some time ago, IIRC. Asynchronous chips are interesting but the power of mainstream (particularly x86) processors has kept increasing at such a rate no-one has yet needed to make the huge change of design strategy. I don't expect to see async chips in the mainstream until Moore's law is well and truly broken.
--
This comment was brought to you by And Clover.
Quite so. Kinda like the ARM-based NewsPAD of old, innit. Hope it's rather more successful.
Yes.
--
This comment was brought to you by And Clover.
There shouldn't be any; .nato was a TLD formed on the whim of one Mark Pullen at DARPA, before nato.int was sorted out. No subdomains were allocated and it should have died out by now.
http://www.netplanet.org/i-files/file 001.html (German)
Here's hoping the .eu registers enforce some kind of rule to stop all the domains being instantly sold to the foul parasitic domain brokers that have so royally fucked up the existing namespace, charging stupid prices for what was once a public good.
--
This comment was brought to you by And Clover.
Am inclined to agree. They've done it because it's 'cool' and shows off the elegance of the underlying componentised design, I guess, but the very screenshots they use to show this off clearly demonstrate why this is a usability nightmare:
Here you've got several unrelated applications munged together in panes of one window, with one menu bar and tool bar for all of them, but one status bar for each of them, which seems unrelated to the content pane. It's unclear how the panes relate to each other and how changes in one might affect the others and the rest of the system.
The advantage of this over having separate windows which the user can manage themselves? None AFAICT.
Konq's a great web browser though. I easily prefer even v1 to Netscape 4.
--
This comment was brought to you by And Clover.
Not yet, no. But resorting to mis-spelling words in order to get a domain name is surely a sign that things have gone too far?
It's the fencing of common land all over again. What was previously held to be a public realm becomes property, to the benefit of almost nobody.
The law doth punish the website author,
Who builds a site at a domain with a name a bit like another,
But leaves the greater felon loose,
Who buys up all the domains and puts nothing there just to earn a quick buck off authors who want to build something at a domain they would previously have got for a reasonable price.
Hmm... scanning's not quite there yet. Needs work.
--
This comment was brought to you by And Clover.
Mind you, .banc seems bizarre enough to me...
--
This comment was brought to you by And Clover.
I agree. It's a feature that places more emphasis on the confusion between mutable objects and value types that seems to exist in most popular programming languages.
The problem is variables: sometimes when you write them, they get evaluated immediately (print a), and sometimes they only represent a reference. Perl is extending the range of situations where the latter occurs by allowing these lvalues to be returned from subroutines. I'm also not greatly happy with the way you specify that a routine returns an lvalue in the header of the routine rather than in the return statement it actually affects; I see this causing many bugs.
The solution in MOPL (My Own Pet Language) would be to make all variables objects, so that when you write their names it always means a reference to the object. And use constants instead of variables for holding immutable values to minimise use of variables.
Some functional languages already solve the value/object problem quite elegantly. ...by not having mutables at all. Hmm.
Anyway. I doubt this one'll tempt me to Perl; it's already got so many language features I haven't managed to learn yet, I don't need any more! Guess that's why I liked Python: I had picked it up, learned the language features, and starting writing production code in less than half an hour. But hey, I wouldn't want to start a Perl/Python flame war or anything. ;-) (After all, Python causes as much object-value confusion as any other language, when lists are mutables but tuples are not.)
--
This comment was brought to you by And Clover.
Transylvanian Tower by Richard Shepherd software. I think. It has been a while. :-) Frame rate was about 1fpm as far as I remember.
Don't know if Acornsoft Maze (for the BBC) was before or after this.
--
This comment was brought to you by And Clover.
A good plan. :-)
Not at all. They could (and should) provide a high resolution to buy for download (as well as selling photos/posters), and a smaller version for standard web browsing.
I'm afraid they've already lost the ability to make money from the pics, if you contend that unprotected content cannot be charged for. I haven't tried their plugin thing yet because the site is still down, but regardless of what nasty hacks it may do to try to stop screen grabbers working, any image that makes its way to the screen can be intercepted at some point. I shall be glad to have a go, should the site come up at some point, and if the plug-in works at all through my firewall.
Plus of course, after paying to download an image, I don't see any reason you couldn't simply e-mail it to someone else.I really don't think they're onto a winner here. Their copy protection will lose them customers, like rwade. If a plugin has to be installed, then whoops they've just lost the great majority of office workers, who don't have admin privs. You know, for some reason, consumers don't actually like being inconvenienced for no other reason than a company's lack of trust.
--
This comment was brought to you by And Clover.
Gagh. How long until companies get the message? Copy protection always inconveniences the legitimate customer (like you), and does nothing to stop anyone dedicated to making a copy. In this case, with a screen capture application. For example.
Sorry to be off-topic, but this kind of crap really annoys me, and it's difficult to discuss the pics themselves when none of us can see them. Maybe if they just used a normal web server with JPEG files on it, it would be able to stand up better. Bah.
terraserver.microsoft.com seems to be creaking now as well. Mind you, having a 140K animated GIF at the top of each page probably wasn't a massively great design strategy...
--
This comment was brought to you by And Clover.
Update: here's another re-run, this time from The Register.
They include an attribution of identification to .rain.forest.puppy, who has, as they state, successfully indentified other NT hacks (most recently problems with RDS). So it seems this problem is probably real.
Shit.
However the code got there... if this didn't get spotted my QA, I am flabbergasted at the incompetence. If this did get spotted and was let through, I am flabbergasted at the unprofessionalism. Either way, MS are going to receive a whole bowlful of flabbergast.
I'd just like to make this point again: what I want from a web server is the ability to read HTTP requests and either read a file or call a CGI script. It should support SSL, and chunked transfer-encoding, and be fast. That is all I need.
I do not want a web server to:
Bloat begets bugs. I just want a simple web server.
--
This comment was brought to you by And Clover.
Nah, it just looks like a revision attribution header to me. Hang on.... Jkatzman???
Jon Katz works for MS shock!!!
Seriously, I'm really craving some fact about now. We've got three reports from newspapers, two of which are re-runs of the original one, and all of which are from mainstream sources not historically always 100% accurate with technical matters.
Judging my Microsoft's description of dvwssr.dll, it's there to allow authorised users to download the ASP source of a page; therefore, the break-in potential is on a par with the ::$DATA exploit that some webmasters have not yet fixed. Wise script authors try to avoid putting sensitive data (eg. database login details) in scripts, but there is still potential for break-ins.
But we still don't know if this is exploitable. I haven't got a FrontPage client or server here to try it on, but someone must be able to have a go. Why is there still no word from Microsoft? We'll all look rather silly if we've been ranting here about a simple hidden message. Hell, I hide daft quotes and stuff like that in my binaries all the time, specifically for hackers to find.
--
This comment was brought to you by And Clover.
Indeed. I believe some versions of Quake for ARM processors have indeed been optimised this way. In a 3D game you're probably always going to need a bit of FP though.
My own personal experience - nothing to do with Quake and quite OT - is that floating point is very often overused. Some programmers seem to use it for any numeric variable, even if that variable will always have an integer value. The performance impact is lessened by newer processors with extremely good floating-point performance, but integer-only CPUs like the SA-110 are then screwed when the software is ported.
I prefer using integer and fixed-point arithmetic whenever possible because it's more deterministic; you don't have to worry about loss of precision on some platforms, or compares that aren't, or infinities and NaNs. But then that may just be a personal fetish based on spending years programming assembler on processors without FP. The StrongARM included.
Anyway. I'm rambling now, so I'll stop.
--
This comment was brought to you by And Clover.
The CBS article makes this clearer: it is the IIS FrontPage extensions.
I'm really, really having trouble believeing this.
That Microsoft's developers could be so recklessly dumb as to add a backdoor that will surely be discovered eventually (unencoded plaintext in a DLL, FFS!!), thus playing right into the hands of the open-source-is-good-for-security argument, and no-one at MS noticed it... the mind boggles.
There's nothing up on microsoft.com about it yet either, which also strikes me as strange. Is this really true? If so, it must be the security howler of the year.
I personally can't check if it works as a backdoor, since on the NT web server here I deliberately de-installed all the crap IIS wants you to have (unnecessary script mappings, example sites, web admin, FrontPage extensions...). Contrary to what some sysadmins seem to think, security does not lie in keeping all the Microsoft default settings.
Jesus wept. Prepare for a lot of defaced web sites.
--
This comment was brought to you by And Clover.