No, it doesn't... And that bug-finding-strategy is terrible too... If your honey pot machine (finally) finds some new expoit it's already too late... The vulnerability is already being exploited!... Besides, it will only help you detect exploits... not vulnerabilities... Finding vulnerabilities is a whole different ballgame... The best way to do that is probably to let as much people as possible look for bugs in your code... Like, for example, with open source software!... We'll probably never know how many vulnerabilities would suddenly show if that could happen with Vista...
This report means nothing. We all know there are security holes in Vista that are yest to be found. How many? We don't know! It could be more or less then Linux and OS X. These results could also be an indication that Microsoft is worse at finding security holes. It could also mean Microsoft is better at hiding them. It doesn't say much about Vista.
"there's some possibility we're responsible but no hard links yet."
This is a great example of human nature. We can't help looking at things through our own perspective and because of this, we're often blinded. This counts for global warming as well. It isn't in our interest to pay more to save the earth so we close our eyes to the tons of *hard scientific evidence* that just keeps on piling up every day. Worse then that. We'll even keep on searching for reasons why we should believe otherwise even though the truth is staring us in our eyes.
I can completely understand why the person you spoke to, became so emotional. I mean. It's so frustrating!;)
Re:Advances/Alternative to the server
on
PHP 5.1.0 Released
·
· Score: 1
Not just you... Me too!...:)...
Re:Is any work being done to improve security?
on
PHP 5.1.0 Released
·
· Score: 1
You can disable certain functionality in PHP like backticks or exec or other functions. And, like you said, you can also run Apache as a user with restricted rights.
Furthermore. The security issues that can be solved at PHP-level aren't all the fault of PHP. A lot of it is, in fact, the fault of Apache! Security would be much better if Apache would be able to run different instances with different user rights like, for example, IIS does. Luckely PHP is so cool that it runs on IIS as well.;)
You should blame that on the PHP developer and not on PHP.
Re:Great, now what about hosting companies
on
PHP 5.1.0 Released
·
· Score: 1
T think it all depends on the server administration tools like Plesk. They're the ones that need to support it in their products.
Re:Is any work being done to improve security?
on
PHP 5.1.0 Released
·
· Score: 1
That example would only compromise a single web app and database. If everything is configured correctly it won't compromise the server. That's what I meant with "server-safe".
The cool thing about PHP is that you can host it to some n00b developer, that does things like the example you gave, without getting your server hacked.
Re:Great, now what about hosting companies
on
PHP 5.1.0 Released
·
· Score: 1
Agreed. I've been waiting years for PHP5 to hit the hosting market. A great part of my code is stuck because it won't run on current webservers.
But maybe there's some good news. I've heard that hosting companies wait untill a x.1 release before adopting it. So, maybe now that PHP 5.1 is out, we'll finally see it popping up on webservers.:)
I have no idea what you're talking about. I wrote my app for PHP4 3 years ago. It's pretty big and complex (and ugly;) ) and it's currently running on PHP 5 without the need for any modifications! I don't have much experience with other programming languages. But, as a PHP developer, I feel they pay good attention to backwards compatibility. Good enough for me at least.:) I have never experiences serious issues with this.
I'm not sure if this solves the problem. The problem is that there are a lot of not-so-professional people out there that just install anything they lay their hands on. It's like: "Hey! It's a PC! *Must* install stuff on this!" If the PC asks OK or Cancel? they click OK. And then to remove programs they're suddenly "smart" enough to find C:\Program Files\ and delete anything they don't understand. In the end all they need is a browser, an email client, an IM client, a Wordprocessor and perhaps something to mash up some Photo's. Installing anything more will just result in making it worse.
The problem isn't the software. It's the people using the software! As long as they don't know what they're doing there will always be others abusing this.
That's an excelent example! Although I've got a feeling you're looking at it the wrong way.
The question is: Has *the US* got something to hide? If not, then you won't mind being full body searched, right? Or in this case: Handover control to some international organisation.
If there wouldn't be any reasons for wanting to have control, the US wouldn't mind giving away control to some international organisation. The fact that some people in the US want to keep control, is the fear of the rest of the world.
It's all a matter of who has the power. Has the US got plans with their current power? If not, then there's no problem in giving it away. If so, then that's a good reason for the rest of the world to want to take that power away from the US.
I started with Quake IV. To see dark tunnels and creatures attacking me from nowhere was an instant disappointment. No progress here. The graphics are nice but nothing extraordinary either. At one point I tried to be smart. I tried to lure one of the creatures back to where my squad was hoping that they could take some of the heat. The creature totally ignored the squad firing uppon him and still only went after me. After this I stopped playing, sensing a waste of time.
It seems to me that Id-software has really lost it's innovative thrive. This company used to be the cutting edge in gaming. Yet another company thinking too much about making money while they should be thinking about making games!
The problem is that there are two kinds of movies. The ones that suck and feel more like a waste of time then some proper entertainment. And then there are the occasional good movies which are worth some money.
For me, there are only a few great movies that I'd like to keep and be able to view more then once. (My girlfriend wouldn't mind watching some movies 50 times;) )
For those great movies that I'd like to keep, I'm willing to pay a bit more. $8 would be too much for me though. If the quality is exceptional I'd say around $5.
For the movies that I only want to see once. No more then $2.
I think OO.org should be built on Gecko and XUL. Gecko is superfast, crossplatform and the UI architecture would be competing directly with Microsoft's future UI: XAML+Avalon. Gecko even has a vector graphics engine that works with SVG. OO.org Draw could use something like that. Wouldn't it be cool if OO.org becomes the standard studio for creating SVG graphics? This would also mean that XUL gets a bigger community, more developers and more support. This way XUL will become the standard for building user interfaces, paving the way for abstraction between the OS and the UI. Then finally "our UI" will be truly platform independent, proprieatary-free and we won't be needing M$ OS anymore.:P
So, what is pattented exactly?
Is it the SEH syntax - or - the way the compiler works with the syntax?
I'm not a C++ developer, so this is probably extremely stupid. But could there be a way that the SEH syntax is interpreted differently by the compiler so that the behaviour doesn't (exactly) match the behaviour defined in the patent?
This way, people can leave the SEH syntax unchanged in their code.
Slashdot Mirror
No, it doesn't... And that bug-finding-strategy is terrible too... If your honey pot machine (finally) finds some new expoit it's already too late... The vulnerability is already being exploited!... Besides, it will only help you detect exploits... not vulnerabilities... Finding vulnerabilities is a whole different ballgame... The best way to do that is probably to let as much people as possible look for bugs in your code... Like, for example, with open source software!... We'll probably never know how many vulnerabilities would suddenly show if that could happen with Vista...
This report means nothing. We all know there are security holes in Vista that are yest to be found. How many? We don't know! It could be more or less then Linux and OS X. These results could also be an indication that Microsoft is worse at finding security holes. It could also mean Microsoft is better at hiding them. It doesn't say much about Vista.
"there's some possibility we're responsible but no hard links yet."
;)
This is a great example of human nature. We can't help looking at things through our own perspective and because of this, we're often blinded. This counts for global warming as well. It isn't in our interest to pay more to save the earth so we close our eyes to the tons of *hard scientific evidence* that just keeps on piling up every day. Worse then that. We'll even keep on searching for reasons why we should believe otherwise even though the truth is staring us in our eyes.
I can completely understand why the person you spoke to, became so emotional. I mean. It's so frustrating!
Troll...
Not just you... Me too!... :)...
You can disable certain functionality in PHP like backticks or exec or other functions. And, like you said, you can also run Apache as a user with restricted rights.
;)
Furthermore. The security issues that can be solved at PHP-level aren't all the fault of PHP. A lot of it is, in fact, the fault of Apache! Security would be much better if Apache would be able to run different instances with different user rights like, for example, IIS does. Luckely PHP is so cool that it runs on IIS as well.
You should blame that on the PHP developer and not on PHP.
T think it all depends on the server administration tools like Plesk. They're the ones that need to support it in their products.
That example would only compromise a single web app and database. If everything is configured correctly it won't compromise the server. That's what I meant with "server-safe".
The cool thing about PHP is that you can host it to some n00b developer, that does things like the example you gave, without getting your server hacked.
Agreed. I've been waiting years for PHP5 to hit the hosting market. A great part of my code is stuck because it won't run on current webservers. But maybe there's some good news. I've heard that hosting companies wait untill a x.1 release before adopting it. So, maybe now that PHP 5.1 is out, we'll finally see it popping up on webservers. :)
I have no idea what you're talking about. I wrote my app for PHP4 3 years ago. It's pretty big and complex (and ugly ;) ) and it's currently running on PHP 5 without the need for any modifications! I don't have much experience with other programming languages. But, as a PHP developer, I feel they pay good attention to backwards compatibility. Good enough for me at least. :) I have never experiences serious issues with this.
Or maybe PHP 5.1 also has some new features??
PHP is a very "server-safe" web-scripting languages as long as you install and configure everything properly.
When I look at our current IT landscape. The only thing I see is that there is still a *lot* to be done.
I'm not sure if this solves the problem. The problem is that there are a lot of not-so-professional people out there that just install anything they lay their hands on. It's like: "Hey! It's a PC! *Must* install stuff on this!" If the PC asks OK or Cancel? they click OK. And then to remove programs they're suddenly "smart" enough to find C:\Program Files\ and delete anything they don't understand. In the end all they need is a browser, an email client, an IM client, a Wordprocessor and perhaps something to mash up some Photo's. Installing anything more will just result in making it worse.
The problem isn't the software. It's the people using the software! As long as they don't know what they're doing there will always be others abusing this.
That's an excelent example! Although I've got a feeling you're looking at it the wrong way.
The question is: Has *the US* got something to hide? If not, then you won't mind being full body searched, right? Or in this case: Handover control to some international organisation.
If there wouldn't be any reasons for wanting to have control, the US wouldn't mind giving away control to some international organisation. The fact that some people in the US want to keep control, is the fear of the rest of the world.
It's all a matter of who has the power. Has the US got plans with their current power? If not, then there's no problem in giving it away. If so, then that's a good reason for the rest of the world to want to take that power away from the US.
I started with Quake IV. To see dark tunnels and creatures attacking me from nowhere was an instant disappointment. No progress here. The graphics are nice but nothing extraordinary either. At one point I tried to be smart. I tried to lure one of the creatures back to where my squad was hoping that they could take some of the heat. The creature totally ignored the squad firing uppon him and still only went after me. After this I stopped playing, sensing a waste of time.
It seems to me that Id-software has really lost it's innovative thrive. This company used to be the cutting edge in gaming. Yet another company thinking too much about making money while they should be thinking about making games!
The problem is that there are two kinds of movies. The ones that suck and feel more like a waste of time then some proper entertainment. And then there are the occasional good movies which are worth some money. For me, there are only a few great movies that I'd like to keep and be able to view more then once. (My girlfriend wouldn't mind watching some movies 50 times ;) )
For those great movies that I'd like to keep, I'm willing to pay a bit more. $8 would be too much for me though. If the quality is exceptional I'd say around $5.
For the movies that I only want to see once. No more then $2.
I think OO.org should be built on Gecko and XUL. Gecko is superfast, crossplatform and the UI architecture would be competing directly with Microsoft's future UI: XAML+Avalon. Gecko even has a vector graphics engine that works with SVG. OO.org Draw could use something like that. Wouldn't it be cool if OO.org becomes the standard studio for creating SVG graphics? This would also mean that XUL gets a bigger community, more developers and more support. This way XUL will become the standard for building user interfaces, paving the way for abstraction between the OS and the UI. Then finally "our UI" will be truly platform independent, proprieatary-free and we won't be needing M$ OS anymore. :P
Thanx for that clarification... :)
So, what is pattented exactly? Is it the SEH syntax - or - the way the compiler works with the syntax? I'm not a C++ developer, so this is probably extremely stupid. But could there be a way that the SEH syntax is interpreted differently by the compiler so that the behaviour doesn't (exactly) match the behaviour defined in the patent? This way, people can leave the SEH syntax unchanged in their code.