Re:Microsoft has had 7 years of warning.
on
Shattering Windows
·
· Score: 2
Read the article. I'll quote from the response included in the article.
It is the implementer of a program that decides what messages to handle and how to handle them. This also means that an attacker needs to figure out a way to use windows messages to actually get the application to do anything useful to the attacker. Given this, I would recommend that you contact the program's owner and let them know of your report. There may or may not be a vulnerability for them to address, but the program's owner should determine that.
It's a matter of design how an application reacts to messages.
In fact the response from the MS guy in his article read:
It is the implementer of a program that decides what messages to handle and how to handle them. This also means that an attacker needs to figure out a way to use windows messages to actually get the application to do anything useful to the attacker. Given this, I would recommend that you contact the program's owner and let them know of your report. There may or may not be a vulnerability for them to address, but the program's owner should determine that.
But somehow, the author managed to read the paragraph before and after that while ignoring this. The bottomline is that it is up to the app author to react to messages and whether or not they do is a matter of design.
Every time I see a story about how "Linux is Dead on the (desktop, webserver, database server)" I wonder why I should listen to the opinions of people who helped to build the last stock bubble with companies that did nothing (but they did it fast!). Nobody knows how long it will take to 'correct' Microsoft's nasty effect on the the market
That is one of the stupidest statements I've ever read. Microsoft was and is one of the few companies who actually made money. I don't know if you're old enough to be able to do math but when you are you should look at some of the more recent financial statements. This is a company that is making BILLIONS of dollars in real money.
The stock market hype and inflation was because of the startup.com's and linux-based companies who paid off analysts to rave about their prospects while not having any sort of business model. They were attempting to imitate MS's success without having any of the fundamentals.
Look up the stock values of some of those companies compared to their highs. Microsoft, on the other hand is still valued highly because it is not just hype but real dollars.
You really ought to get your facts from somewhere other than Slashdot editors and their blind raving.
I can purchase a CD set of RedHat 7.x with whatever level of support I want. I can purchase one copy of it and install it on ALL of my PC's and servers.
Hate to nitpick but you won't get support for all your PCs and servers for the price of the one CD set. If you want support, you have to pay for it for every machine you're running it on.
It's seen as a tactic to influence Judge Kollar-Kotelly's deliberation
Rather, one of the terms of the settlement with the DoJ was that the terms of the consent decree would be implemented immediately (in the next release) without waiting for the settlement to be approved.
IIRC, Microsoft would have been in violation of the settlement if it hadn't done this by now.
Not really sure what the purpose of region coding was, beyond forcing people to buy multiple DVD players or to use them illegally.
The purpose of region encoding was to allow them to sell the same movie at different prices in different markets and also to control their "marketing strategy". They'd want to do this for a number of reasons: 1. Different economies: The ideal price of a DVD (that at which the makers make the most money i.e. where price x #sold is maximized) is very different in France than in Japan. In order to maximize their revenues, the producers want to price them differently. Now, they don't want people buying the DVDs at the cheaper markets and selling them at the other markets because that negates the whole thing. 2. Distribution rights: Typically distribution rights to a movie are sold to a local distributor who then makes all the money off of it. If people are able to buy the same movie in Region A and import it in to Region B (they'd want to do this because of cost and availability), the distributor for Region A loses to the benefit of the distributor in Region B. They wanted to prevent that happening. 3. Marketing: Movies are (used to be more in the past) released at different times in different markets for various reasons (translations, legal, lazy asses, etc.). This is accompanied with advertising campaigns, star appearances, etc. They didn't want to undercut that by making DVDs from other regions available via import and mainly because they liked being in full control of distribution.
For all those reasons, region encoding seemed like a great idea to them.
Personally, I think it was a dumb idea and they should just have relied on the fact that in most situations it would just not be practical or cost-effective to import DVDs en masse just like book distributors do when they sell books at different prices in different parts of the world.
By the way, I don't really believe a word of what I'm saying -- but if you don't mind that I'm playing devil's advocate, please do reply!
Ok, that's a fun challenge;-)
Honestly, I don't consider anyone "good" or "bad" based on their acts of charity. I don't commit any, myself. People who commit "good" deeds, typically do them because it makes them feel good about themselves. It's how humans are programmed - that's what altruism is about. There's no altruism that doesn't depend on the "high" from helping others.
I honestly don't believe Bill and Melinda are doing it for any reason other than to feel good about themselves. They could have had much more publicity for their work.
This thread started with someone calling them greedy. However, if they were greedy, they wouldn't have a reason to plan to give away almost all their wealth before they die. That's just not the definition of greed.
Dude, I encourage you to look up the Bill & Melinda Gates foundation as well as their record and plans. Then ask yourself how much you know about what the foundation has done so far. The very fact that I've never heard a single ad on the radio or anywhere about how much they are doing for charity leads me to believe that they are doing it because they want to, not because they are trying to "buy" public appeal.
I think it's a disgrace that they should be accused of doing so by people who have done little or nothing of any note in their entire lives.
It's very easy to cast aspersions on someone elses good deeds. It's very hard to emulate them, though.
Who gives a rats ass about %? A billion dollars is always better than and does more to help real causes than $38.74 - regardless of how much percent of the givers salary it is.
Since he's cooking the books to avoid paying income taxes on over $15,000,000,000.00 a year, have you contra'ed those taxes against even those commercial exchanges?
Funny how you're the only one accusing him of cooking the books. The accounting is all legal.
Ignoring all of the above considerations, it has been truly said thay Trey Gates gives less, pro rata, to charity than the average single mother.
Again, don't know what you're smoking but that is just plain untrue. He's already given away about $15 BILLION to charity in cash - that's about 30% of his net worth today. You show me a single mother who's given away 30% of their net worth to charity and I'll show you someone who's lying.
WHG3 is greedy, and AFAICT has always been greedy. The above items are just the tip of the iceberg of greed.
You are a bloody idiot and have always been a bloody idiot. Your clueless comments are but proof of it. He made some great decisions, had some lucky breaks and made a walloping of money. He's now proceeding to give it away by the truckload. Doesn't sound like the definition of greed to me.
I've seen a number of replies talking about how a dreamcast is cheaper, has a lower footprint, etc.
$1000 is really not that much money for someone seeking to gain from cracking into a companys network. You've gotto believe that the data they're trying to steal from you is worth more than the cost of a measly laptop.
What it does do, however, is lower the barrier of entry, if you may, to potential attackers. It might also make sense if you're using a "carpet-bombing" technique where you put several of these on the network hoping that one or two of them may go undetected - although I assume after the first one is detected and security knows what to look for the others won't be so hard to find and in fact having multiple ones of these around might actually increase the chances of someone getting supicious.
The ISPs don't represent "India" any more than Nike or Microsoft represent the USA.
India, the country might or might not want to throw its weight around internationally but the ISPs doing something has nothing to do with that. The whole country is not a borg collective where every piece knows what the other is doing.
What bullshit. There are thousands of people on Slashdot who claim not to ever use Microsoft software. Are you calling them all liars?
There is no penalty to not using Office or Windows. It's a product. If you want to use it, you have to pay for it. Just because everyone else has it doesn't mean you should expect to have it for free. Why is that so hard to understand?
It's really simple. You can choose not to use it or you can choose to use it and pay for it. You, on the other hand want to use it (as I surmise from your statements about the penalty of not using it) but don't want to pay for it.
Why don't you start bitching about the car tax then? I can't start calling the amount of money I pay for fuel and maintenance on my car (which is several orders of magnitude more than what I pay for my software, btw) a tax just because I don't know how to live my life without a car.
Blame the laptop manufacturers who don't think it's worth their time or effort to customize a laptop without Windows on it.
It's still not a tax, though.
As a result, I and many others have paid a tax since
If it were indeed you and many others, then you wouldn't have to make that choice. There would be a manufacturer who would make laptops without an OS on them. However, that is not the case because it's you and a few others.
You are a fucking moron, Chris. The parent post specifically said "free market". Free market + antitrust != free market. Feel free to call it whatever you want to, but it's not a free market and don't pretend that it is.
When you learn to read sentences and grow a brain then please come back. Until then you are unable to contribute to an intelligent conversation.
When you look at layoff stats and see that H-1Bs are much lower in their layoff percentages than US workers
What the fuck is this FUD about? People are hired and laid off based on merit. It is NOT cheaper to hire an H1-B and in fact is often much more expensive and difficult because of legal fees incurred. I know H1-Bs who have been laid off just like I know US citizens who have been laid off. The smart and qualified ones are keeping their jobs and the clueless idiots who got rapid certification because of the ".com boom" are the ones who're being laid off. It's called survival of the fittest - get used to it.
As was pointed out in the article, Microsoft doesn't respect free trade or market forces.
Oh, they said so in the article so it must be true. What aspects of free trade or market forces has Microsoft violated, pray tell me? Antitrust law by itself is against the basic tenets of free trade. It forces different rules on sellers based on how much their competitors suck.
What's this "tax" you talk about? Please look up the definition of the word tax in a dictionary. I am free to buy a computer without any Microsoft software on it and thus pay no "tax". It's a usage fee placed on people who want to use software produced by that company. Doesn't sound unfair to me and it's certainly not a tax.
Calling it a tax is FUD on the same level as the RIAA trying to call people who listen to copyrighted music without paying for it "pirates".
More likely, HP will settle out of court. I don't care what a bunch of people who don't understand law think, the DMCA is very likely constitutional and even if it wasn't, HP won't care to fight that battle - it has nothing to gain and everything to lose.
They are talking about the enterprise space, not the consumer space. They are two completely different markets and anyone with half a brain would be expected to see that.
Did you even try reading the article? In future, please read articles before posting crap here. Oh wait, are you one of the Slashdot editors?
-=Sigh=- Call me communistic, but I would love a world where everyone can have everything they need and what they want, within reason. Peer reviews let people have the things that are beyond reason. The world has more than enough of everything. Get rid of greed, set up proper distribution systems, and allow everyone to have all that they want.
No, I won't call you a communist. I'll call you stupid. I want to be able to fly and live forever. I want everyone to be able to do that. I can also sit at home and bitch about the evil forces of gravity and about how I want all this to happen but the evil physics professors in colleges are stopping me.
But that's just plain bullshit. The Russians tried communism. It just doesn't work - that's human nature. You need to learn to deal with it. They had peer reviews and proper distribution systems but unless you're going to genetically engineer people to not be greedy, none of that is going to work.
I hopped on the 405?? and headed towards Thousand Oaks. I put the pedal to the medal and I felt like I was the millenium falcon going into hyperdrive! It went from 0 to 110 in no time flat.
110. On the 405???? I can tell you've never been in LA before. It's not for nothing that we call it the worlds biggest parking lot.
All code under the GPL is copyrighted (owned) by the person (or group, or organisation) that wrote the code.
Bzzzt. Wrong. And repeating it multiple times is not going to make it true. Once code is released under the GPL it is public domain and can't be revoked. It is NOT owned by the author anymore. The ONLY thing that the author can do with that code that no one else can is sell it to someone for profit - and guess what, if GPLed code was included in his code then he can't even do that.
IIRC the DMCA explicitly allows reverse-engineering for the purpose of interoperability. It only does not allow reverse-engineering when it is used to circumvent a security mechanism.
Slashdot Mirror
Read the article. I'll quote from the response included in the article.
It is the implementer of a program that decides what messages to handle
and how to handle them. This also means that an attacker needs to
figure out a way to use windows messages to actually get the application
to do anything useful to the attacker. Given this, I would recommend
that you contact the program's owner and let them know of your report.
There may or may not be a vulnerability for them to address, but the
program's owner should determine that.
It's a matter of design how an application reacts to messages.
In fact the response from the MS guy in his article read:
It is the implementer of a program that decides what messages to handle
and how to handle them. This also means that an attacker needs to
figure out a way to use windows messages to actually get the application
to do anything useful to the attacker. Given this, I would recommend
that you contact the program's owner and let them know of your report.
There may or may not be a vulnerability for them to address, but the
program's owner should determine that.
But somehow, the author managed to read the paragraph before and after that while ignoring this. The bottomline is that it is up to the app author to react to messages and whether or not they do is a matter of design.
Every time I see a story about how "Linux is Dead on the (desktop, webserver, database server)" I wonder why I should listen to the opinions of people who helped to build the last stock bubble with companies that did nothing (but they did it fast!). Nobody knows how long it will take to 'correct' Microsoft's nasty effect on the the market
.com's and linux-based companies who paid off analysts to rave about their prospects while not having any sort of business model. They were attempting to imitate MS's success without having any of the fundamentals.
That is one of the stupidest statements I've ever read. Microsoft was and is one of the few companies who actually made money. I don't know if you're old enough to be able to do math but when you are you should look at some of the more recent financial statements. This is a company that is making BILLIONS of dollars in real money.
The stock market hype and inflation was because of the startup
Look up the stock values of some of those companies compared to their highs. Microsoft, on the other hand is still valued highly because it is not just hype but real dollars.
You really ought to get your facts from somewhere other than Slashdot editors and their blind raving.
I can purchase a CD set of RedHat 7.x with whatever level of support I want. I can purchase one copy of it and install it on ALL of my PC's and servers.
Hate to nitpick but you won't get support for all your PCs and servers for the price of the one CD set. If you want support, you have to pay for it for every machine you're running it on.
It's seen as a tactic to influence Judge Kollar-Kotelly's deliberation
Rather, one of the terms of the settlement with the DoJ was that the terms of the consent decree would be implemented immediately (in the next release) without waiting for the settlement to be approved.
IIRC, Microsoft would have been in violation of the settlement if it hadn't done this by now.
Not really sure what the purpose of region coding was, beyond forcing people to buy multiple DVD players or to use them illegally.
The purpose of region encoding was to allow them to sell the same movie at different prices in different markets and also to control their "marketing strategy". They'd want to do this for a number of reasons:
1. Different economies: The ideal price of a DVD (that at which the makers make the most money i.e. where price x #sold is maximized) is very different in France than in Japan. In order to maximize their revenues, the producers want to price them differently. Now, they don't want people buying the DVDs at the cheaper markets and selling them at the other markets because that negates the whole thing.
2. Distribution rights: Typically distribution rights to a movie are sold to a local distributor who then makes all the money off of it. If people are able to buy the same movie in Region A and import it in to Region B (they'd want to do this because of cost and availability), the distributor for Region A loses to the benefit of the distributor in Region B. They wanted to prevent that happening.
3. Marketing: Movies are (used to be more in the past) released at different times in different markets for various reasons (translations, legal, lazy asses, etc.). This is accompanied with advertising campaigns, star appearances, etc. They didn't want to undercut that by making DVDs from other regions available via import and mainly because they liked being in full control of distribution.
For all those reasons, region encoding seemed like a great idea to them.
Personally, I think it was a dumb idea and they should just have relied on the fact that in most situations it would just not be practical or cost-effective to import DVDs en masse just like book distributors do when they sell books at different prices in different parts of the world.
By the way, I don't really believe a word of what I'm saying -- but if you don't mind that I'm playing devil's advocate, please do reply!
;-)
Ok, that's a fun challenge
Honestly, I don't consider anyone "good" or "bad" based on their acts of charity. I don't commit any, myself. People who commit "good" deeds, typically do them because it makes them feel good about themselves. It's how humans are programmed - that's what altruism is about. There's no altruism that doesn't depend on the "high" from helping others.
I honestly don't believe Bill and Melinda are doing it for any reason other than to feel good about themselves. They could have had much more publicity for their work.
This thread started with someone calling them greedy. However, if they were greedy, they wouldn't have a reason to plan to give away almost all their wealth before they die. That's just not the definition of greed.
Dude, I encourage you to look up the Bill & Melinda Gates foundation as well as their record and plans. Then ask yourself how much you know about what the foundation has done so far. The very fact that I've never heard a single ad on the radio or anywhere about how much they are doing for charity leads me to believe that they are doing it because they want to, not because they are trying to "buy" public appeal.
I think it's a disgrace that they should be accused of doing so by people who have done little or nothing of any note in their entire lives.
It's very easy to cast aspersions on someone elses good deeds. It's very hard to emulate them, though.
In static dollars -- not by percent.
Who gives a rats ass about %? A billion dollars is always better than and does more to help real causes than $38.74 - regardless of how much percent of the givers salary it is.
Dude, you're an idiot.
Since he's cooking the books to avoid paying income taxes on over $15,000,000,000.00 a year, have you contra'ed those taxes against even those commercial exchanges?
Funny how you're the only one accusing him of cooking the books. The accounting is all legal.
Ignoring all of the above considerations, it has been truly said thay Trey Gates gives less, pro rata, to charity than the average single mother.
Again, don't know what you're smoking but that is just plain untrue. He's already given away about $15 BILLION to charity in cash - that's about 30% of his net worth today. You show me a single mother who's given away 30% of their net worth to charity and I'll show you someone who's lying.
WHG3 is greedy, and AFAICT has always been greedy. The above items are just the tip of the iceberg of greed.
You are a bloody idiot and have always been a bloody idiot. Your clueless comments are but proof of it. He made some great decisions, had some lucky breaks and made a walloping of money. He's now proceeding to give it away by the truckload. Doesn't sound like the definition of greed to me.
I've seen a number of replies talking about how a dreamcast is cheaper, has a lower footprint, etc.
$1000 is really not that much money for someone seeking to gain from cracking into a companys network. You've gotto believe that the data they're trying to steal from you is worth more than the cost of a measly laptop.
What it does do, however, is lower the barrier of entry, if you may, to potential attackers. It might also make sense if you're using a "carpet-bombing" technique where you put several of these on the network hoping that one or two of them may go undetected - although I assume after the first one is detected and security knows what to look for the others won't be so hard to find and in fact having multiple ones of these around might actually increase the chances of someone getting supicious.
The ISPs don't represent "India" any more than Nike or Microsoft represent the USA.
India, the country might or might not want to throw its weight around internationally but the ISPs doing something has nothing to do with that. The whole country is not a borg collective where every piece knows what the other is doing.
any /. story where the bulk of the information is on a NYT-hosted page is useless to me
Why can't you just post without reading the articles - like everyone else?
What bullshit. There are thousands of people on Slashdot who claim not to ever use Microsoft software. Are you calling them all liars?
There is no penalty to not using Office or Windows. It's a product. If you want to use it, you have to pay for it. Just because everyone else has it doesn't mean you should expect to have it for free. Why is that so hard to understand?
It's really simple. You can choose not to use it or you can choose to use it and pay for it. You, on the other hand want to use it (as I surmise from your statements about the penalty of not using it) but don't want to pay for it.
Why don't you start bitching about the car tax then? I can't start calling the amount of money I pay for fuel and maintenance on my car (which is several orders of magnitude more than what I pay for my software, btw) a tax just because I don't know how to live my life without a car.
Blame the laptop manufacturers who don't think it's worth their time or effort to customize a laptop without Windows on it.
It's still not a tax, though.
As a result, I and many others have paid a tax since
If it were indeed you and many others, then you wouldn't have to make that choice. There would be a manufacturer who would make laptops without an OS on them. However, that is not the case because it's you and a few others.
You are a fucking moron, Chris. The parent post specifically said "free market". Free market + antitrust != free market. Feel free to call it whatever you want to, but it's not a free market and don't pretend that it is.
When you learn to read sentences and grow a brain then please come back. Until then you are unable to contribute to an intelligent conversation.
When you look at layoff stats and see that H-1Bs are much lower in their layoff percentages than US workers
What the fuck is this FUD about? People are hired and laid off based on merit. It is NOT cheaper to hire an H1-B and in fact is often much more expensive and difficult because of legal fees incurred. I know H1-Bs who have been laid off just like I know US citizens who have been laid off. The smart and qualified ones are keeping their jobs and the clueless idiots who got rapid certification because of the ".com boom" are the ones who're being laid off. It's called survival of the fittest - get used to it.
As was pointed out in the article, Microsoft doesn't respect free trade or market forces.
Oh, they said so in the article so it must be true. What aspects of free trade or market forces has Microsoft violated, pray tell me? Antitrust law by itself is against the basic tenets of free trade. It forces different rules on sellers based on how much their competitors suck.
What's this "tax" you talk about? Please look up the definition of the word tax in a dictionary. I am free to buy a computer without any Microsoft software on it and thus pay no "tax". It's a usage fee placed on people who want to use software produced by that company. Doesn't sound unfair to me and it's certainly not a tax.
Calling it a tax is FUD on the same level as the RIAA trying to call people who listen to copyrighted music without paying for it "pirates".
More likely, HP will settle out of court. I don't care what a bunch of people who don't understand law think, the DMCA is very likely constitutional and even if it wasn't, HP won't care to fight that battle - it has nothing to gain and everything to lose.
They are talking about the enterprise space, not the consumer space. They are two completely different markets and anyone with half a brain would be expected to see that.
Did you even try reading the article? In future, please read articles before posting crap here. Oh wait, are you one of the Slashdot editors?
-=Sigh=- Call me communistic, but I would love a world where everyone can have everything they need and what they want, within reason. Peer reviews let people have the things that are beyond reason. The world has more than enough of everything. Get rid of greed, set up proper distribution systems, and allow everyone to have all that they want.
No, I won't call you a communist. I'll call you stupid. I want to be able to fly and live forever. I want everyone to be able to do that. I can also sit at home and bitch about the evil forces of gravity and about how I want all this to happen but the evil physics professors in colleges are stopping me.
But that's just plain bullshit. The Russians tried communism. It just doesn't work - that's human nature. You need to learn to deal with it. They had peer reviews and proper distribution systems but unless you're going to genetically engineer people to not be greedy, none of that is going to work.
I hopped on the 405?? and headed towards Thousand Oaks. I put the pedal to the medal and I felt like I was the millenium falcon going into hyperdrive! It went from 0 to 110 in no time flat.
110. On the 405???? I can tell you've never been in LA before. It's not for nothing that we call it the worlds biggest parking lot.
All code under the GPL is copyrighted (owned) by the person (or group, or organisation) that wrote the code.
Bzzzt. Wrong. And repeating it multiple times is not going to make it true. Once code is released under the GPL it is public domain and can't be revoked. It is NOT owned by the author anymore. The ONLY thing that the author can do with that code that no one else can is sell it to someone for profit - and guess what, if GPLed code was included in his code then he can't even do that.
On planet Earth, that is not ownership.
IIRC the DMCA explicitly allows reverse-engineering for the purpose of interoperability. It only does not allow reverse-engineering when it is used to circumvent a security mechanism.