Exchange:
"I have a file I would like to share with you"
IIS:
"Please rape my server... please"
MSVC:
"We think we support the standards, wait, we don't... does that compile yet?"
"Oh, you want that kind of template support. That'll be another 1000$ for our next version"
Office:
"Bug fixes? Have paperclip instead."
BSOD:
"IRQL LESS THAN OR EQUAL..... Reinstall computer"
XP:
"You can use your computer how and when we say you can."
"Our new fancy QOS service now helpfully reserves 20% of network bandwith for itself. Have fun trying to find the right tool to change that"
"What do you mean you don't like our sexy new menu delays?"
I bought three of Loki's titles and NEVER did I need to do any tweaking.
Alpha Centauri and Kohan being my favorites out of the three.
And another thing, gaming companies drop like flies all the time. Dynamix, Looking Glass and other big names were no exception. Loki lasted pretty long all considering and did some very good work.
- what proccessor rev its fixed in. I'm wanting to buy a new machine, it's still gonna be AMD, but I don't want a processor with that bug, as I am a big gamer.
- how to tell if my processor is affected. (I'd rather not have to wait for my system to crash to find out)
CGI is a tool that allows you to make scenes impossible to do with conventional models.
People like interesting epic stories that stimulate their imagination... go figure...
This was probably said already, but I wanted to repeat it.. we've been spoiled with good CGI lately.. I really hope we're not in line for a truck load of crap.
MSN messenger is barely a functional tool providing only the absolute bare bones of communication functionality.
As for video? Try talking hooks with Microsoft Net Meeting. MNM doesn't work well behind many corporate firewalls (it's useless behind my company's simple little NAT network for talking outside).
Finally, the idea that bundling the tool with the OS is an innovation could only come from a reporter who has had ear plugs over their ears and a paperbag over their head for the last five years. Puhhleeez.
Microsoft needs to be forced, for each bundled application that comes with Windows, to allow competitors to bundle their own products.
I wasn't too impressed with the first part.. stopped reading the article when I read this ditty.
This game is criminally responsible for the diversions of many many man hours that could have been spent learning useful aspects of Linux and directing them at gaming.
Yes, I agree. Bug counts alone are meaningless. Rather what I had wondered would be possible was whether it is possible to bring some manner of quantitative analysis forward that would demonstrate that public disclosure of security bugs lead to faster response and more attention from vendors.
Microsoft of course claims that public disclosure makes no difference whilst many good articles have demonstrated to me disclosure makes a huge difference.
I have a lot of arguments with professionals who claim open source code is badly written/buggy/un-maintainable and most often the argument boils down to a "where are the stats?"....
Anyways, I had imagined a public site where people would submit known bugs for products (in a fashion akin to the way slashdot works) and keep track of how long the makers of the software take to fix the bugs.
Anyways, just an idea....
I think it would be interesting to keep a running
on
WinXP Security Flaw
·
· Score: 3, Insightful
tally of said security issues as they pop up and then document how long it takes Microsoft to fix them-- before and after the bug is publically exposed.
I would be interested to see captured on a yearly basis the bug count of Microsoft products versus some open source products including how long each bug took to get fixed and the severity of each bug.
Microsoft is good a spreading FUD-- but facts are hard to beat and gobbled up by the media.. I'd be willing to volunteer my time to anybody with a server and some bandwidth for a project like this: just tell me what you need me to do.
Many GNU tools have been ported to many other OSes including MS Windows.
There are a host of free software applications available for many OSes including MS Windows.
This, not to mention that, Linux distributions have achieved the point where most previously 'complexe' administration tasks are now done inside friendly GUI applications.
GNU's Not Unix is an acronym with a meaning that seems sadly forgotten in some of these discussions.
I personally think that teaching teenagers why they should be concerned about their intellectual heritage and about free software an important proposition regardless of what OS they are running.
The concern, from what I understand, is that a user might be lead to believe that "readme.txt" will be opened and viewed as a text file by IE. This, when in fact the website has placed executable binary/script data in the file and changed the appropriate response headers so that IE is fooled in to executing it as a program if it is 'opened'.
All the user sees as a prompt is "Open" or "Save Target As" using the menu options OR again "Open, Save, Cancel" by clicking on the link.
For an inexperienced user, the appropriate option will probably not be obvious. This is because many users have a lot of trouble navigating the file system to find files that have been saved by applications and enjoy the shortcut of having the windows decide how the file should be 'opened'.
I agree that an experienced user would never choose open because they know this is very risky. But, in my mother's case, she has trouble deciding when to click and doubleclick.
In Microsoft's defence, however, the "Open" option is never the default. Thus, it's probably safe to say that an ignorant user will almost always be safe from this attack as they will be picking the default and saving the file to the disk. At that point, "readme.txt" will cannot be executed and only openable from a text editor.
Anyways.. no matter how you look at it, this is a problem that fundamentally involves the act of downloading a file. Something even my mother knows not do by herself. This is not a security issue in the same magnitude as the worm viruses that plagued IIS.
how much is Microsoft's monopoly costing the economy?
How many billion dollar software businesses do you know out there that market their main products solely for the Microsoft platform.
Answer: I can't think of one that Microsoft hasn't bought, buried, or screwed with some manner of breakware.
I'd pay for front row seats the day our protectors in the FBI raid Microsoft HQ because their "activites are costing the economy billions of dollars".
Stories like this make me mad not because I think piracy is harmless, but because its pretty clear to me that FBI and DOJ have their priorities dead wrong.
"insert angry epithetes and swearing here" yes yes.. I know this has been said but I want to vent.
People have long decried the increasing trend in university scientific research whereby private corporations seem to be dictating more and more what should be the subject of academic interest.
Now we have a private entity blazanly attempting to suppress research they didn't even finance because it shows critical weaknesses in their technology (even if they make the weak claim they have a disinterested motivation for their action). Not withstanding the incredible poor taste of telling a professor he can't present his work, after having asked for said research to happen in the first place, because the conclusions the work comes to aren't the ones desired. I am left with the bitter cold feeling that we are slowly slipping into a new era of corporate meddling where all manner of 'unpopular' academic research will find itself the subjects of lawsuits because some crafty lawyer has found a new way to extropolate the clauses of the DMCA in such a way that it protects his clients product in some fashion.
What are your thoughts on this and how do you assess the willingness of america's academia to resist this trend?
it's own software is so patently ridiculous... even more amazing is the limitless gall Microsoft has in presenting this "remedy".
I'd be walking around with a paper bag over my face even if I was only remotely affiliated the the legal team persuing the settlement in this deal.
I wonder if I could convince my bank to accept in-lieu of hard cash this handy little program:
void main()
{
while(1)
printf("Look mom! A program!\n");
}
Yes yes.. I know this doesn't do much, but you will concede the loop closely models the average behavior of some MS software that comes to mind... like MS Outlook; in particular: it doesn't do anything particularly useful and uses up insane processor resources... also, I will counter argue that since you have the source, you can take some time to make it useful.
Nobody in the Communist party wanted the students slapped around, tortured and their leaders sent to jail for a few decades.... yeah right... it was all an accident.. it was the army's fault.. yeah.. thats it.. it's not our fault.. those damn radicals left us no choice.... we didn't mean it.. honest!
As for other countries tolerating a paralysis of important country infrastructures, you only need look as far as Europe. Anybody remember the farmer and trucker protests in France recently?
Trying to claim the Chinese government was an accidental party to the human rights atrocities of Tianamen Square is scandalous and a revision of history.
yes.. and if you do a bit of investigation you'll notice all browsers support them, including IE. In fact, you'll also notice that hordes of websites also use PNGs.
There is practically no decent reason for any website to still be using GIF files as the conversion of both the html and files is pretty easy...
One consultant changes jobs and decides DSL isn't worth it-- fine, she can go back to the stone age if she wants. I sorta wonder what she does with her pc anyways....
Let me just say that they'll get my broadband over my cold dead body.
Is this directed to me or to the MS rep? In the case that it is, I'll simply point out that I was merely addressing the job of patching software on a server. Which, taken just by itself, is practically a fulltime job. Of course a sysadmin's job involves that and much more and this is why I didn't compare the task to a sysadmin's job.
"With Linux, customers "end up being in the operating systems business," managing software updates and security patches while making sure the multitude of software packages don't conflict with each other," Miller said. "That's the job of a software vendor like Microsoft.""
Seems to me like there's a good reply from Redhat in the makings here-- Redhat network comes to mind. Of course the rep's response is incredibly funny if you consider the multitude of poorly conceived and well hidden OS patches Windows has had over the years... (ever try to figure out what the latest patches for an NT server with a sideline sql server 2000 should be? Its practically a freaking fulltime job!).... The only bloody thing Microsoft manages for you is the promotional letters informing you its time to dish out another 10k for the next bloated version of MS Office. Security patches??? Since when has Microsoft managed that???!!! But I digress.. one need only look at how well all the IIS worms spread to evaluate how well Microsoft managed the security patch distribution business.
I'm trying to find a grain of honesty in the quote... but I can only come to the conclusion that either he was missquoted or he is a bald faced liar.
I always liked Mandrake for their attention to the applications. A Mandrake ditro truly comes as a fully feaured desktop without having to search for anything else.
That said, 8.1 is proving flaky to me. The initscript patch helps a bit... but X still starts acting like it has multiple personalities after a couple of hours or so. The broken supermount is also very annoying-- although I'm not sure if redhat has an equivalent. A modern OS should be able to safely auto-mount/unmount removable media imho.
Anyways..what I really wanted from a distro was a solid install of kde2.2.1... I love kde.. and thats why I tried M8.1... this time tho, I'm buying redhat cds because I think Mandrake really screwed up their 8.1 distro release. Note: bero-rh explained that the KDE2.2 R7.2 ships with is in fact 2.2.1.
devfs is reporting errors on bootup, my primary cdrom (which I booted and installed from) isn't being mounted despite the fstab entries...
Something is unstable in my system and I'm not sure what it is: after a few minutes of running X the video occasionally starts to get corrupted... these things never happened to me in 8.0
I'm going to regress back to 8.0 which was quite simply: solid. I'm simply not knowledgable enough with their distro to be able to troubleshoot the problem. All I can say is that 8.0 was great.
p.s. installed 8.1 fresh from CDs (not an upgrade)... anyways.. for those interested, my system is an Athlon 850 Asus A7V and Matrox G400/SB Live/3COM3c905b/AcerCDRW
Installation CDs burned after doing MD5 checksums on ISOs, and then afterwards on RPMs on CDs.
Slashdot Mirror
Exchange:
"I have a file I would like to share with you"
IIS:
"Please rape my server... please"
MSVC:
"We think we support the standards, wait, we don't... does that compile yet?"
"Oh, you want that kind of template support. That'll be another 1000$ for our next version"
Office:
"Bug fixes? Have paperclip instead."
BSOD:
"IRQL LESS THAN OR EQUAL..... Reinstall computer"
XP:
"You can use your computer how and when we say you can."
"Our new fancy QOS service now helpfully reserves 20% of network bandwith for itself. Have fun trying to find the right tool to change that"
"What do you mean you don't like our sexy new menu delays?"
I bought three of Loki's titles and NEVER did I need to do any tweaking.
Alpha Centauri and Kohan being my favorites out of the three.
And another thing, gaming companies drop like flies all the time. Dynamix, Looking Glass and other big names were no exception. Loki lasted pretty long all considering and did some very good work.
- what proccessor rev its fixed in. I'm wanting to buy a new machine, it's still gonna be AMD, but I don't want a processor with that bug, as I am a big gamer.
- how to tell if my processor is affected. (I'd rather not have to wait for my system to crash to find out)
Tom Bombadil adds considerably to the mystical nature and history of the world of Middle Earth.
I personally found that the travels of the hobbits between the Shire and Bree accomplished much character building for me.
CGI is a tool that allows you to make scenes impossible to do with conventional models.
People like interesting epic stories that stimulate their imagination... go figure...
This was probably said already, but I wanted to repeat it.. we've been spoiled with good CGI lately.. I really hope we're not in line for a truck load of crap.
MSN messenger is barely a functional tool providing only the absolute bare bones of communication functionality.
As for video? Try talking hooks with Microsoft Net Meeting. MNM doesn't work well behind many corporate firewalls (it's useless behind my company's simple little NAT network for talking outside).
Finally, the idea that bundling the tool with the OS is an innovation could only come from a reporter who has had ear plugs over their ears and a paperbag over their head for the last five years. Puhhleeez.
Microsoft needs to be forced, for each bundled application that comes with Windows, to allow competitors to bundle their own products.
I wasn't too impressed with the first part.. stopped reading the article when I read this ditty.
Ok, lets have a little game, whats the name of the web server that has seen more worms than my garden's compost heap in the last year??
*notices all the geeks waving hands saying oh oh I know*
Heres a clue: it's not Apache.
This game is criminally responsible for the diversions of many many man hours that could have been spent learning useful aspects of Linux and directing them at gaming.
Yes, I agree. Bug counts alone are meaningless. Rather what I had wondered would be possible was whether it is possible to bring some manner of quantitative analysis forward that would demonstrate that public disclosure of security bugs lead to faster response and more attention from vendors.
....
Microsoft of course claims that public disclosure makes no difference whilst many good articles have demonstrated to me disclosure makes a huge difference.
I have a lot of arguments with professionals who claim open source code is badly written/buggy/un-maintainable and most often the argument boils down to a "where are the stats?"
Anyways, I had imagined a public site where people would submit known bugs for products (in a fashion akin to the way slashdot works) and keep track of how long the makers of the software take to fix the bugs.
Anyways, just an idea....
tally of said security issues as they pop up and then document how long it takes Microsoft to fix them-- before and after the bug is publically exposed.
I would be interested to see captured on a yearly basis the bug count of Microsoft products versus some open source products including how long each bug took to get fixed and the severity of each bug.
Microsoft is good a spreading FUD-- but facts are hard to beat and gobbled up by the media.. I'd be willing to volunteer my time to anybody with a server and some bandwidth for a project like this: just tell me what you need me to do.
Many GNU tools have been ported to many other OSes including MS Windows.
There are a host of free software applications available for many OSes including MS Windows.
This, not to mention that, Linux distributions have achieved the point where most previously 'complexe' administration tasks are now done inside friendly GUI applications.
GNU's Not Unix is an acronym with a meaning that seems sadly forgotten in some of these discussions.
I personally think that teaching teenagers why they should be concerned about their intellectual heritage and about free software an important proposition regardless of what OS they are running.
that market their main products solely for the Microsoft platform
The concern, from what I understand, is that a user might be lead to believe that "readme.txt" will be opened and viewed as a text file by IE. This, when in fact the website has placed executable binary/script data in the file and changed the appropriate response headers so that IE is fooled in to executing it as a program if it is 'opened'.
All the user sees as a prompt is "Open" or "Save Target As" using the menu options OR again "Open, Save, Cancel" by clicking on the link.
For an inexperienced user, the appropriate option will probably not be obvious. This is because many users have a lot of trouble navigating the file system to find files that have been saved by applications and enjoy the shortcut of having the windows decide how the file should be 'opened'.
I agree that an experienced user would never choose open because they know this is very risky. But, in my mother's case, she has trouble deciding when to click and doubleclick.
In Microsoft's defence, however, the "Open" option is never the default. Thus, it's probably safe to say that an ignorant user will almost always be safe from this attack as they will be picking the default and saving the file to the disk. At that point, "readme.txt" will cannot be executed and only openable from a text editor.
Anyways.. no matter how you look at it, this is a problem that fundamentally involves the act of downloading a file. Something even my mother knows not do by herself. This is not a security issue in the same magnitude as the worm viruses that plagued IIS.
how much is Microsoft's monopoly costing the economy?
How many billion dollar software businesses do you know out there that market their main products solely for the Microsoft platform.
Answer: I can't think of one that Microsoft hasn't bought, buried, or screwed with some manner of breakware.
I'd pay for front row seats the day our protectors in the FBI raid Microsoft HQ because their "activites are costing the economy billions of dollars".
Stories like this make me mad not because I think piracy is harmless, but because its pretty clear to me that FBI and DOJ have their priorities dead wrong.
"insert angry epithetes and swearing here" yes yes.. I know this has been said but I want to vent.
People have long decried the increasing trend in university scientific research whereby private corporations seem to be dictating more and more what should be the subject of academic interest.
Now we have a private entity blazanly attempting to suppress research they didn't even finance because it shows critical weaknesses in their technology (even if they make the weak claim they have a disinterested motivation for their action). Not withstanding the incredible poor taste of telling a professor he can't present his work, after having asked for said research to happen in the first place, because the conclusions the work comes to aren't the ones desired. I am left with the bitter cold feeling that we are slowly slipping into a new era of corporate meddling where all manner of 'unpopular' academic research will find itself the subjects of lawsuits because some crafty lawyer has found a new way to extropolate the clauses of the DMCA in such a way that it protects his clients product in some fashion.
What are your thoughts on this and how do you assess the willingness of america's academia to resist this trend?
it's own software is so patently ridiculous... even more amazing is the limitless gall Microsoft has in presenting this "remedy".
I'd be walking around with a paper bag over my face even if I was only remotely affiliated the the legal team persuing the settlement in this deal.
I wonder if I could convince my bank to accept in-lieu of hard cash this handy little program:
void main()
{
while(1)
printf("Look mom! A program!\n");
}
Yes yes.. I know this doesn't do much, but you will concede the loop closely models the average behavior of some MS software that comes to mind... like MS Outlook; in particular: it doesn't do anything particularly useful and uses up insane processor resources... also, I will counter argue that since you have the source, you can take some time to make it useful.
Nobody in the Communist party wanted the students slapped around, tortured and their leaders sent to jail for a few decades.... yeah right... it was all an accident.. it was the army's fault.. yeah.. thats it.. it's not our fault.. those damn radicals left us no choice.... we didn't mean it.. honest!
As for other countries tolerating a paralysis of important country infrastructures, you only need look as far as Europe. Anybody remember the farmer and trucker protests in France recently?
Trying to claim the Chinese government was an accidental party to the human rights atrocities of Tianamen Square is scandalous and a revision of history.
yes.. and if you do a bit of investigation you'll notice all browsers support them, including IE. In fact, you'll also notice that hordes of websites also use PNGs.
There is practically no decent reason for any website to still be using GIF files as the conversion of both the html and files is pretty easy...
PNGs are also way technically better.
I like to use sneakemail for hiding my true email address from the multitude of lists and webpages I sometimes use.
One consultant changes jobs and decides DSL isn't worth it-- fine, she can go back to the stone age if she wants. I sorta wonder what she does with her pc anyways....
Let me just say that they'll get my broadband over my cold dead body.
"yes, you asshole, it's a fulltime job"
Is this directed to me or to the MS rep? In the case that it is, I'll simply point out that I was merely addressing the job of patching software on a server. Which, taken just by itself, is practically a fulltime job. Of course a sysadmin's job involves that and much more and this is why I didn't compare the task to a sysadmin's job.
"With Linux, customers "end up being in the operating systems business," managing software updates and security patches while making sure the multitude of software packages don't conflict with each other," Miller said. "That's the job of a software vendor like Microsoft.""
Seems to me like there's a good reply from Redhat in the makings here-- Redhat network comes to mind. Of course the rep's response is incredibly funny if you consider the multitude of poorly conceived and well hidden OS patches Windows has had over the years... (ever try to figure out what the latest patches for an NT server with a sideline sql server 2000 should be? Its practically a freaking fulltime job!).... The only bloody thing Microsoft manages for you is the promotional letters informing you its time to dish out another 10k for the next bloated version of MS Office. Security patches??? Since when has Microsoft managed that???!!! But I digress.. one need only look at how well all the IIS worms spread to evaluate how well Microsoft managed the security patch distribution business.
I'm trying to find a grain of honesty in the quote... but I can only come to the conclusion that either he was missquoted or he is a bald faced liar.
I always liked Mandrake for their attention to the applications. A Mandrake ditro truly comes as a fully feaured desktop without having to search for anything else.
... I love kde.. and thats why I tried M8.1 ... this time tho, I'm buying redhat cds because I think Mandrake really screwed up their 8.1 distro release. Note: bero-rh explained that the KDE2.2 R7.2 ships with is in fact 2.2.1.
That said, 8.1 is proving flaky to me. The initscript patch helps a bit... but X still starts acting like it has multiple personalities after a couple of hours or so. The broken supermount is also very annoying-- although I'm not sure if redhat has an equivalent. A modern OS should be able to safely auto-mount/unmount removable media imho.
Anyways..what I really wanted from a distro was a solid install of kde2.2.1
devfs is reporting errors on bootup, my primary cdrom (which I booted and installed from) isn't being mounted despite the fstab entries...
Something is unstable in my system and I'm not sure what it is: after a few minutes of running X the video occasionally starts to get corrupted... these things never happened to me in 8.0
I'm going to regress back to 8.0 which was quite simply: solid. I'm simply not knowledgable enough with their distro to be able to troubleshoot the problem. All I can say is that 8.0 was great.
p.s. installed 8.1 fresh from CDs (not an upgrade)... anyways.. for those interested, my system is an Athlon 850 Asus A7V and Matrox G400/SB Live/3COM3c905b/AcerCDRW
Installation CDs burned after doing MD5 checksums on ISOs, and then afterwards on RPMs on CDs.
Mabye when all these products are a miserable failure they'll leave it be.
"The Microsoft 'ebook', controlling when, how long, and where you can read books.... no thanks, I'll take the tree version please."