Slashdot puts 20 ads to a page now? Ew? (Should note that although I do block ads, I also give Slashdot money. After all, it IS hours of entertainment! Wait... it's a news site? Since when?!?)
I know exactly what we're missing - nothing. Middle clicking is an integral part of tabbed browsing, and it was added to stay consistent with Opera and Firefox.
Nope. OpenOffice.org really needs it. The front UI is pretty OK, easily recognisable (and after the initial sloooooooow loading, quite responsive) but just open a dialog... I dare you... the Options dialog is so difficult to navigate for one used to any other word processor, some features are near impossible to find (such as Default Font), and the failure to utilise common dialogs in places where they should be used detracts also.
It'd be premier support. I can assure you, if you have premier support you'll wish Microsoft Tech Support would stop contacting you! Seriously, I don't want to do your survey!
That's OK. When you log in, Slashdot inserts random 10 centimetre gaps between random comments. On the plus side, they've managed to make comments work as well in IE7 as in Firefox now - they achieved this by making them work crappier in Firefox.
Re:BEA to being investigated by the SEC
on
Oracle Buys BEA
·
· Score: 1
Preview of TinyURL.com/2zbtbs This TinyURL redirects to:
Game companies compile things other than dedicated servers all the time (or at the very least, farm out the modifications to another company) like iD does all the time, with their quintessential Linux ports, which because they use GL, are probably just recompiles.
The reason I'm making this argument is because I think that the current hysteria about Microsoft's supposed monopoly is actually bad for users. I don't want Microsoft or anyone else forced to not bundle something as basic as a web browser with the OS. If for nothing else, I need IE to download Firefox. I suppose I could remember the URL and FTP it with that shitty ftp client they include with Windows, but having a default browser helps. Who cares if they bundle IE or Windows Media Player with Windows? The only problem I have with bundled software in Windows is that I don't like the particular versions they ship. Fortunately, I am free to use a Mac 99% of the time and I don't have to buy/download a bunch of third party software just to have a usable base system. At least until CuteSoft files an anti-trust complaint that Microsoft is being anti-competitive by including the shitty FTP client they include with Windows. Then we'll have no FTP client to get a browser, and no browser to get an FTP client. Effectively, we end up with a "single player OS".
ASP.NET, you're right. The "problem" here is the client side.NET framework, a large beast of a JIT compiler with a base framework of classes - much like Java. Someone probably thinks it's killing Java market share (it's not, but if you ask me anything that kills Java market share has to be good) and therefore is illegal. It's a load of bullshit, really. Just the EU looking for a way to get some more free money. Office 2007 I disagree with too - it's not bundled. What exactly are they going to fine them for there? Making an Office suite at all? Wow. Watch out OpenOffice.org, you're next to be fined for making an office suite!
Don't bother. The person you're arguing with is obviously only interested in rationalising why he should be able to get for free what it cost someone from thousands to millions of dollars, and/or years to make.
In our country, your bank's routing number is prepended to your account number, and you can't do anything without it (as the bank can't identify which branch your account is held at without it).
Of course, over here it's perfectly safe to print your account number on flyers and distribute that, as the bank refuses to do anything without your ATM card and PIN, or your drivers license.
That's nothing. Where I come from, the banks accept photocopies of Direct Debit Authorities, and they can be reinstated by the party with the original by re-faxing it if you cancel it. It's the reason why after changing banks I outright refuse to use any form of direct debit payment, especially since our banks will not reverse a payment, even if it's unauthorised.
Happy to use credit card though - WHAM chargeback!
Oh, and since you probably wont believe that, go to a Google search for the script code (src=http://c.uc8010) and go to the result pages. Tack an apostrophe onto the end of a random querystring parameter - the vast majority bomb out with either a 500 (custom error page, good. But it still indicates that the query bombed because it was malformed), an "operation not allowed while object is closed" (means that they used connection.execute rather than recordset.open), or "unclosed quotation" (very bad! indicates that the server passed on the query as is, and it bombed).
Some of them have closed the actual vulnerability, which is very good.
Either way, folks, it doesn't look like a common app, just badly written custom apps.
It's a vulnerability in MS-SQL you asshats It's not a vulnerability in MSSQL you moron. It's a vulnerability in stupidly designed applications (maybe not even a specific one, the worm could easily have just posted its attempt at every form it found) which let apostrophes through in their input. MySQL is immune because it doesn't have the sysobjects table. Oracle is immune for the same reason. They'd all be screwed if the worm used the ANSI compliant schema view.
Not in this case, no. MSSQL Server doesn't escape apostrophes with slashes, it escapes them with a second apostrophe. A hackish approach on the SQL Server platform is to replace("'", "''"). Parameterised is of course waaaaaaaaaaaay better.
I just tried this, as SA on my own SQL server (using out of the box config):
Msg 15281, Level 16, State 1, Procedure xp_cmdshell, Line 1 SQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell' because this component is turned off as part of the security configuration for this server. A system administrator can enable the use of 'xp_cmdshell' by using sp_configure. For more information about enabling 'xp_cmdshell', see "Surface Area Configuration" in SQL Server Books Online
Except that you didn't even read the article! The vulnerability in MDAC is the client side javascript exploit which was injected into the text fields - we still don't know what was exploited in order to inject it into the database.
That function needs to be explicitly enabled by changing configuration options while logged in as a user who is a member of the sysadmin role. And if you're enough of a dumb fuck to do that, you deserve to get hacked.
I use it. For the most part, NOD32 blows AVG out of the water. Mostly to me it's the unobtrusiveness. Even scheduled scans just hide away from you while they run, and updating the virus definitions doesn't cause a big honking "updater" window to pop up on the desktop and steal focus, just a little balloon by the clock telling you what version of the defs it just fetched. Almost like it doesn't feel the need to remind you it's there! It's generally fast and light too, and it's internet monitor is really good - it's like Norton's without the Norton (i.e. it's actually fast, and the window doesn't eat all your RAM to tell you it found a virus in your HTTP traffic) - I've had it intercept viruses in HTTP streams destined for a virtual machine running on the PC as a host. It'd probably work on a proxy server just as well.
Slashdot puts 20 ads to a page now? Ew? (Should note that although I do block ads, I also give Slashdot money. After all, it IS hours of entertainment! Wait... it's a news site? Since when?!?)
I know exactly what we're missing - nothing. Middle clicking is an integral part of tabbed browsing, and it was added to stay consistent with Opera and Firefox.
Nope. OpenOffice.org really needs it. The front UI is pretty OK, easily recognisable (and after the initial sloooooooow loading, quite responsive) but just open a dialog... I dare you... the Options dialog is so difficult to navigate for one used to any other word processor, some features are near impossible to find (such as Default Font), and the failure to utilise common dialogs in places where they should be used detracts also.
It'd be premier support. I can assure you, if you have premier support you'll wish Microsoft Tech Support would stop contacting you! Seriously, I don't want to do your survey!
That's OK. When you log in, Slashdot inserts random 10 centimetre gaps between random comments. On the plus side, they've managed to make comments work as well in IE7 as in Firefox now - they achieved this by making them work crappier in Firefox.
Nice try, cocksucker.
The person who modded this troll has clearly never used Oracle. Believe me, if there's a source of evil it's Oracle.
Game companies compile things other than dedicated servers all the time (or at the very least, farm out the modifications to another company) like iD does all the time, with their quintessential Linux ports, which because they use GL, are probably just recompiles.
In Windows, if you're running as a limited user (or are using Vista with Protected Mode on) then your system data is protected too.
No such agreements exist. You can pick up PCs with all kinds of neato software, like Firefox, or OpenOffice, or even LINUX!
ASP.NET, you're right. The "problem" here is the client side .NET framework, a large beast of a JIT compiler with a base framework of classes - much like Java. Someone probably thinks it's killing Java market share (it's not, but if you ask me anything that kills Java market share has to be good) and therefore is illegal. It's a load of bullshit, really. Just the EU looking for a way to get some more free money. Office 2007 I disagree with too - it's not bundled. What exactly are they going to fine them for there? Making an Office suite at all? Wow. Watch out OpenOffice.org, you're next to be fined for making an office suite!
Don't bother. The person you're arguing with is obviously only interested in rationalising why he should be able to get for free what it cost someone from thousands to millions of dollars, and/or years to make.
That's OK, here in New Zealand we have Aussie's constitution. I mean, read it... we're on the list of states!
In our country, your bank's routing number is prepended to your account number, and you can't do anything without it (as the bank can't identify which branch your account is held at without it).
Of course, over here it's perfectly safe to print your account number on flyers and distribute that, as the bank refuses to do anything without your ATM card and PIN, or your drivers license.
That's nothing. Where I come from, the banks accept photocopies of Direct Debit Authorities, and they can be reinstated by the party with the original by re-faxing it if you cancel it. It's the reason why after changing banks I outright refuse to use any form of direct debit payment, especially since our banks will not reverse a payment, even if it's unauthorised.
Happy to use credit card though - WHAM chargeback!
Who said he asked for the money back? If not, then he generated no overhead whatsoever (but likely gets a nice tax refund at end of year)
Oh, and since you probably wont believe that, go to a Google search for the script code (src=http://c.uc8010) and go to the result pages. Tack an apostrophe onto the end of a random querystring parameter - the vast majority bomb out with either a 500 (custom error page, good. But it still indicates that the query bombed because it was malformed), an "operation not allowed while object is closed" (means that they used connection.execute rather than recordset.open), or "unclosed quotation" (very bad! indicates that the server passed on the query as is, and it bombed).
Some of them have closed the actual vulnerability, which is very good.
Either way, folks, it doesn't look like a common app, just badly written custom apps.
Not in this case, no. MSSQL Server doesn't escape apostrophes with slashes, it escapes them with a second apostrophe. A hackish approach on the SQL Server platform is to replace("'", "''"). Parameterised is of course waaaaaaaaaaaay better.
I don't see how your scenario is possible at all.
Except that you didn't even read the article! The vulnerability in MDAC is the client side javascript exploit which was injected into the text fields - we still don't know what was exploited in order to inject it into the database.
That function needs to be explicitly enabled by changing configuration options while logged in as a user who is a member of the sysadmin role. And if you're enough of a dumb fuck to do that, you deserve to get hacked.
I use it. For the most part, NOD32 blows AVG out of the water. Mostly to me it's the unobtrusiveness. Even scheduled scans just hide away from you while they run, and updating the virus definitions doesn't cause a big honking "updater" window to pop up on the desktop and steal focus, just a little balloon by the clock telling you what version of the defs it just fetched. Almost like it doesn't feel the need to remind you it's there! It's generally fast and light too, and it's internet monitor is really good - it's like Norton's without the Norton (i.e. it's actually fast, and the window doesn't eat all your RAM to tell you it found a virus in your HTTP traffic) - I've had it intercept viruses in HTTP streams destined for a virtual machine running on the PC as a host. It'd probably work on a proxy server just as well.
But, uh, what about the other issue:
YOU HAVE NOT ENOUGH MINERALS.