This is Windows, not Unix. There is no standardized way to parse command lines, and no standardized way to escape them. Every program parses its commandline by itself - it gets no argc and argv parameters from any shell.
This means that you can not know how to escape a command line for another app properly! Therefore, if you register a command-line URL handler, it is up to you to parse the string that the browsers passes in verbatim correctly!
This is risky, which is why you can use DDE instead of command-line options, which is safer. Firefox chose not to do this, and also does not correctly take into account that the string passed through the command line is by design and convention entirely unescaped.
What do you mean 'the handler'? The string in the registry or the program refered to in that string? If you think it's the string, then what's wrong with it, and what should be changed to fix it? (clue - nothing, anything you suggest I can provide an exploit for) Which makes you in the wrong.
The program, of course. It should know it will be called with unsafe parameters.
It makes no attempt to escape undesirable characters in the string. It lets the OS break that string into multiple strings.
From reading up on the issue, this is incorrect. The string is not passed through the shell, so no special characters are processed, and no strings are broken up. The problem is that the program that receives the string has other options, not intended to be called through the URL handling mechanism.
Actually reading the announcement, this seems very much like a Firefox bug, namely in the URL handler it installs. It's IE that's just doing what you tell it, to open an URL that happens to use an external URL handler.
No, their only defence has been that what they are doing is not illegal under Swedish law. It has nothing to do with "not censoring" their users. Which they do. They remove torrents which are mislabelled already.
No, my definition of borderline child porn is material produced for pedophiles, by means of deceiving children. If you had actually read my other posts, you would have known that, because I've mentioned this a number of times.
They still have darknets and chatrooms. Do you think every pedophile on the planet knows how to get onto those? The less connected ones will use more public means.
And this is more a quesstion of morality than legality. I don't think a lot of the material in question is illegal, but they are helping people spread it, and they are doing so knowingly.
Their choice to set up a torrent site is what brought this on.
No, their choice to leave up borderline child porn material even when people complain about it is what brought this on.
You're just scoring points against TPB who I can only assume you have a long-standng feud against.
You know what happens when you assume, &c &c. I always found them amusing before this. I liked their irreverent attitude. In this case, though, I think they are definitely in the wrong, and I would like it if they were to realize this and changed their stance on child porn.
And STILL, you have refused to describe these pictures?
Does it matter? My point was that The Pirate Bay did nothing to remove it after it was uploaded, and only pulled the plug after the media attention. The trap would have been entirely ineffectual if they had just pulled the torrents in the first place. They still walked right into this one.
They didn't look very hard, then. Others have looked and downloaded and found (at the very least borderline) child porn.
They've also been making a whole lot of contradictory statements about the whole issue. I would not take anything they say at face value at this point.
Once again, Google does work actively to block child porn in their index. It's just that their task is a handful of orders of magnitude bigger. And TPB certainly wouldn't be incapable of policing and removing suspicious torrents - many other torrent sites already do.
Also, they don't do much the same thing. The Pirate Bay is not a torrent indexer, it's a BitTorrent tracker. They run all their own torrents, they don't find them elsewhere, so they certainly have a much larger responsibility towards what they let onto the site.
I understand the feeling, but it's exactly this feeling which is being exploited by parties who want to attack TPB.
The point is that TPB brought this on themselves with their own choices, and trying to whitewash it all as nothing but a police conspiracy helps nobody. I'm sure the police didn't waste much time taking advantage of the situation after the humiliation they've suffered from TPB's actions, but in the end, they were justified in doing so, at least to some extent. Had TPB behaved morally in the first place, this situation would have never arisen.
Considering the comments you made today and on the prvious story, the idea of you writing a "balanced third party article" is ludicrous.
I wasn't referring to what I wrote. I was referring to the article I linked, which was written by a third party, and was not a Pirate Bay blog entry. I thought the summary was quite fair, though: http://slashdot.org/firehose.pl?op=view&id=216345
Or do you disagree?
And since you've used Google to find these torrents
I didn't, and Google actively works to filter out child porn. It's not perfect, but they are making an effort. The Pirate Bay, meanwhile, has not been. Other torrent sites remove this kind of torrent when they find it, but Pirate Bay has been making a point out of not doing it.
So one says they have never seen child porn, the other one says they have. Let's just say their statements in general are not quite matching up in this matter. They have been taking a very laissez-faire approach to child porn, and now that it's coming back to haunt them they are covering up. They're hardly unbiased in this matter, and they aren't being very honest, so I would recommend against taking what they say at face value.
Several different user accounts have mysteriously disappeared, within hours of this story hitting the net. No, I don't think that's a coincidence. The Pirate Bay admins themselves have complained that they had to guess at which files to remove because they got no communication from the police.
(The Police and The Pirate Bay both claim they were unable to contact the other.)
Actually, they have specifically not removed these torrents in the past, when they have been reported. They only removed them now due to massive media attention.
Furthermore, it does not take much effort to search on obvious child porn keywords and check, or just plain remove them without checking. Many other torrent sites remove all torrents like this.
The police thought it was, TBP didn't, but deleted things anyway at the request of some users.
Actually, no, they specfically didn't delete these things when users requested it before this big upset. It's only after they got all this unwanted attention that they suddenly started nuking entire user accounts.
However, it's also true. The Pirate Bay has been running (and, I hear, still runs) torrents for very borderline if not outright illegal child porn material. They have refused to remove them (like many other trackers do) until now when it suddenly got worldwide attention, when they started nuking torrents left and right.
This is Windows, not Unix. There is no standardized way to parse command lines, and no standardized way to escape them. Every program parses its commandline by itself - it gets no argc and argv parameters from any shell.
This means that you can not know how to escape a command line for another app properly! Therefore, if you register a command-line URL handler, it is up to you to parse the string that the browsers passes in verbatim correctly!
This is risky, which is why you can use DDE instead of command-line options, which is safer. Firefox chose not to do this, and also does not correctly take into account that the string passed through the command line is by design and convention entirely unescaped.
What do you mean 'the handler'? The string in the registry or the program refered to in that string?
If you think it's the string, then what's wrong with it, and what should be changed to fix it? (clue - nothing, anything you suggest I can provide an exploit for) Which makes you in the wrong.
The program, of course. It should know it will be called with unsafe parameters.
It makes no attempt to escape undesirable characters in the string. It lets the OS break that string into multiple strings.
From reading up on the issue, this is incorrect. The string is not passed through the shell, so no special characters are processed, and no strings are broken up. The problem is that the program that receives the string has other options, not intended to be called through the URL handling mechanism.
Yes, yes, we know you're still stuck in 1995 when it was cool to hate JavaScript.
The rest of us realize it's actually one of the better languages in use today.
Actually reading the announcement, this seems very much like a Firefox bug, namely in the URL handler it installs. It's IE that's just doing what you tell it, to open an URL that happens to use an external URL handler.
No, their only defence has been that what they are doing is not illegal under Swedish law. It has nothing to do with "not censoring" their users. Which they do. They remove torrents which are mislabelled already.
So now the PirateBay has accept editorial responsiblity and remove offending material?
Yes, they do. Why is this surprising?
No, my definition of borderline child porn is material produced for pedophiles, by means of deceiving children. If you had actually read my other posts, you would have known that, because I've mentioned this a number of times.
5 346.
Stuff like http://www.wired.com/techbiz/media/news/2001/07/4
I definitely don't oppose stuff like sexual drawings of children, because those hurt nobody.
They still have darknets and chatrooms. Do you think every pedophile on the planet knows how to get onto those? The less connected ones will use more public means.
And this is more a quesstion of morality than legality. I don't think a lot of the material in question is illegal, but they are helping people spread it, and they are doing so knowingly.
Their choice to set up a torrent site is what brought this on.
5 346.
No, their choice to leave up borderline child porn material even when people complain about it is what brought this on.
You're just scoring points against TPB who I can only assume you have a long-standng feud against.
You know what happens when you assume, &c &c. I always found them amusing before this. I liked their irreverent attitude. In this case, though, I think they are definitely in the wrong, and I would like it if they were to realize this and changed their stance on child porn.
And STILL, you have refused to describe these pictures?
You can easily go find out for yourself. Or just read something like http://www.wired.com/techbiz/media/news/2001/07/4
Does it matter? My point was that The Pirate Bay did nothing to remove it after it was uploaded, and only pulled the plug after the media attention. The trap would have been entirely ineffectual if they had just pulled the torrents in the first place. They still walked right into this one.
They didn't look very hard, then. Others have looked and downloaded and found (at the very least borderline) child porn.
They've also been making a whole lot of contradictory statements about the whole issue. I would not take anything they say at face value at this point.
Once again, Google does work actively to block child porn in their index. It's just that their task is a handful of orders of magnitude bigger. And TPB certainly wouldn't be incapable of policing and removing suspicious torrents - many other torrent sites already do.
Also, they don't do much the same thing. The Pirate Bay is not a torrent indexer, it's a BitTorrent tracker. They run all their own torrents, they don't find them elsewhere, so they certainly have a much larger responsibility towards what they let onto the site.
I understand the feeling, but it's exactly this feeling which is being exploited by parties who want to attack TPB.
The point is that TPB brought this on themselves with their own choices, and trying to whitewash it all as nothing but a police conspiracy helps nobody. I'm sure the police didn't waste much time taking advantage of the situation after the humiliation they've suffered from TPB's actions, but in the end, they were justified in doing so, at least to some extent. Had TPB behaved morally in the first place, this situation would have never arisen.
You were the one who was accusing me of writing biased articles, as I recall.
Considering the comments you made today and on the prvious story, the idea of you writing a "balanced third party article" is ludicrous.
I wasn't referring to what I wrote. I was referring to the article I linked, which was written by a third party, and was not a Pirate Bay blog entry. I thought the summary was quite fair, though: http://slashdot.org/firehose.pl?op=view&id=216345
Or do you disagree?
And since you've used Google to find these torrents
I didn't, and Google actively works to filter out child porn. It's not perfect, but they are making an effort. The Pirate Bay, meanwhile, has not been. Other torrent sites remove this kind of torrent when they find it, but Pirate Bay has been making a point out of not doing it.
That's nothing but semantic games and weasel words. It's the kind of thing Slashdotters will scream and shout about when politicians do it.
To make things perfectly clear - we don't host any content. And I have never seen child porn on the bay.
p ostcount=264
Quoting another admin, anakata:
"We have a police to not remove torrents. We have however reported the ten or so suspected child porn torrents to the police..."
http://www.flashback.info/showpost.php?p=7647263&
So one says they have never seen child porn, the other one says they have. Let's just say their statements in general are not quite matching up in this matter. They have been taking a very laissez-faire approach to child porn, and now that it's coming back to haunt them they are covering up. They're hardly unbiased in this matter, and they aren't being very honest, so I would recommend against taking what they say at face value.
Try reading that again. I was saying the exact opposite. They did NOT remove those torrents in the past.
And?
Several different user accounts have mysteriously disappeared, within hours of this story hitting the net. No, I don't think that's a coincidence. The Pirate Bay admins themselves have complained that they had to guess at which files to remove because they got no communication from the police.
(The Police and The Pirate Bay both claim they were unable to contact the other.)
Actually, they have specifically not removed these torrents in the past, when they have been reported. They only removed them now due to massive media attention.
Furthermore, it does not take much effort to search on obvious child porn keywords and check, or just plain remove them without checking. Many other torrent sites remove all torrents like this.
Another example is http://thepiratebay.org/user/achim106/.
: thepiratebay.org/user/achim106/+http://thepirateba y.org/user/achim106/&hl=en&ct=clnk&cd=1
That one is still in the Google cache: http://209.85.129.104/search?q=cache:B5kqltngQjcJ
The police thought it was, TBP didn't, but deleted things anyway at the request of some users.
Actually, no, they specfically didn't delete these things when users requested it before this big upset. It's only after they got all this unwanted attention that they suddenly started nuking entire user accounts.
Well, The Pirate Bay did remove a bunch of borderline child porn torrents before this announcements.
Less broken links: http://209.85.129.104/search?q=cache:B5kqltngQjcJ: thepiratebay.org/user/achim106/+http://thepirateba y.org/user/achim106/&hl=en&ct=clnk&cd=1 and http://thepiratebay.org/user/achim106/
That may very well be the case.
: thepiratebay.org/user/achim106/+http://thepirateba y.org/user/achim106/&hl=en&ct=clnk&cd=1 and http://thepirateba/ y.org/user/achim106/ for instance.
However, it's also true. The Pirate Bay has been running (and, I hear, still runs) torrents for very borderline if not outright illegal child porn material. They have refused to remove them (like many other trackers do) until now when it suddenly got worldwide attention, when they started nuking torrents left and right.
Compare http://209.85.129.104/search?q=cache:B5kqltngQjcJ