I have found that the optimal monitor experience for programming is 3 computers on 2 20inch Dell LCD monitors.
I have my Dell 9100 hooked up to both monitors, my dell 9100 hooked to my left monitor (single monitor mode) and my Mac Mini hooked up to my left monitor for testing. A KVM would be nice - but this gives me more flexibility. I can just switch the monitor buttons and via the USB on the monitor, keyboard and mouse switches over automagically. (one set per monitor)
I think the only think that will beat my current setup is 2 30 inchers!:):)
I have no doubt that more than one programmer made the call that this basically can be used to execute an arbitrary code (since it was built for that purpose!) This was NOT a code error - the code did EXACTLY what management told the programmers to do. The error was in the call from management to push this feature. The patch from MS did not FIX this code, it REMOVED the ability to run this feature all together. Sure, it's easy to "blame the programmers" but at one point management needs to make the call to think about Security early on - not during coding and technical development.
Alan Paller at SANS keeps calling this a "programming error" which I think is a load of BS. This WINE article only proves it - this is poor design from management folks. The trick is, security needs to be a core part of system design from the initial phases of the software lifecycle, and then at every step of the software lifecycle. This is not something only for Programmers and pure-tech folks. Now your Project Managers, Analysts, and even your upper management needs to understand the COSTS AND ADDITIONAL TIME ASSOCIATED WITH HIGH-SECURITY PROGRAMMING.
Long ago, IT tried to restrict most users... unfortunately enough complained about not being able to do what they wanted (not always what they needed to do), and the policy was reversed.
So what? Each and every version of MS Office has codefied escalation to admin privledges at some points - even when running with a restricted user account. MS has acknowledged this problem. Running as a restricted user is only a small part of defense-in-depth.
Deserves bashing? If they waiting for patch Tuesday, I would agree with you. But they released a major Operating System Security Patch 8 days after the vulnerability was uncovered, and gave us accurate advice. Unregister a DLL and keep anti-virus update-2-date was enough to keep most people secure. And this was not poor programming, but poor design - a feature that was critical in the "old days" was a open hole today. I'm not thrilled with MS overall, but over WMF - I give em at B+ and an A for effort. More than on MS engineer spent their new years regression testing security patches.
So 8 days after this specific vulnerability was discovered, MS send out a patch after a complete regression-test in 23 languages (or so). I say, a decent response. Not great, but not terrible, not totally irresponsible. Will be interesting to listen to the techcast from MS tomorrow. But in general, this is just yet another example as to why my favorite MS patch is what Johannes Ullrich calls "the Fedora Patch".
This is rather disgusting. McAffe is chosen (from consumers, to enterprise services) based on the key notion of *trust* - we have to *trust* that McAffee will secure our machines and networks and we pay a lot of money for the pleasure. So upper-brass at McAffee were liars and frankly felony-level criminals these past few years? Burn them at THE STAKE!
Under-ocean electric generation methods are doomed to be radically costly to maintain. Damn, ever see what salt water does to most machines over time? Not pretty.
What a bunch of fools. They can't even get the URL to hexblog correct. Hexblog just changed URL's - and how can I, one schmuck, be more up-2-date that Gartner, the most expensive and most big-time analysis company in the world? These guys are full of crap and woill eat crow it a major event happens next week before MS actually DEPLOYS the patch that say is "already complete" ?!?! ARGH!
So he needs to store 10 or so terabytes, at most, of image and animation files? Big freEEEeeaking deal - Apple, Dell, Off the shelf RAID attached myself - RAID is not a big deal and any number of vendors could have pulled it off at a variety of budgets, from a few thousand to tens of thousands of more if you wanna get crazy and have stuff like secure remove nsa security like access from any net machine in the world. anyways.
It's all good - they had money to throw at the problem, and almost any RAID direction would have served their needs. No pun intended.
Well heck, I was wrong. I got this from news.com today:
At least one user has reported difficulties after installing the fix. The update can cause network printing problems, according to an e-mail sent to the Full Disclosure security mailing list.
It's removes a function call that allows old-school printing to be haulted mid-print. This feature is not in use anymore. OS level functionlity is not lost with Ilfak's patch.
Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.
How and why is it that Microsoft is days behind a third party in releasing a security patch?
Because Microsoft is busy regression-testing all their apps in like a zillion different languages, including several African dialects. Illfak released on patch, no multi-language regression testing, and no big team to review (other than the security community). In the meantime, install the patch, at the very least. My personal defense-in-depth plan that I tell clients and friends includes the following: http://www.manico.net/wmf_alert.html
Again, we are talking defense-in-depth, trying to use a multi-layered defense plan to mitigate every possible attack vector. I'm maintaining a list just for you, Sedennial - don't just do one, do them all. Yes, you are right, wmf perimiter defense is not enough, but is valid as part of a comprehensive strategy. Here you go! http://www.manico.net/wmf_alert.html
Did you miss the fact that I am talking about defense-in-depth and am trying to close every attack vector possible? Blocking WMF at the perimiter is a very wise way to stop a large number of potential attacks, since you really almost never need to download wmf files anyways. And I'm talking network perimiter - that means a lot to most slashdotters.
Slashdot Mirror
I have found that the optimal monitor experience for programming is 3 computers on 2 20inch Dell LCD monitors.
:) :)
I have my Dell 9100 hooked up to both monitors, my dell 9100 hooked to my left monitor (single monitor mode) and my Mac Mini hooked up to my left monitor for testing. A KVM would be nice - but this gives me more flexibility. I can just switch the monitor buttons and via the USB on the monitor, keyboard and mouse switches over automagically. (one set per monitor)
I think the only think that will beat my current setup is 2 30 inchers!
I have no doubt that more than one programmer made the call that this basically can be used to execute an arbitrary code (since it was built for that purpose!) This was NOT a code error - the code did EXACTLY what management told the programmers to do. The error was in the call from management to push this feature. The patch from MS did not FIX this code, it REMOVED the ability to run this feature all together. Sure, it's easy to "blame the programmers" but at one point management needs to make the call to think about Security early on - not during coding and technical development.
She was wacked with the ugly stick a few times to many herself!
Alan Paller at SANS keeps calling this a "programming error" which I think is a load of BS. This WINE article only proves it - this is poor design from management folks. The trick is, security needs to be a core part of system design from the initial phases of the software lifecycle, and then at every step of the software lifecycle. This is not something only for Programmers and pure-tech folks. Now your Project Managers, Analysts, and even your upper management needs to understand the COSTS AND ADDITIONAL TIME ASSOCIATED WITH HIGH-SECURITY PROGRAMMING.
Well, it's slow but working - that joe marticcue has a face only a mother could love! :) heheheh
Long ago, IT tried to restrict most users... unfortunately enough complained about not being able to do what they wanted (not always what they needed to do), and the policy was reversed.
So what? Each and every version of MS Office has codefied escalation to admin privledges at some points - even when running with a restricted user account. MS has acknowledged this problem. Running as a restricted user is only a small part of defense-in-depth.
Deserves bashing? If they waiting for patch Tuesday, I would agree with you. But they released a major Operating System Security Patch 8 days after the vulnerability was uncovered, and gave us accurate advice. Unregister a DLL and keep anti-virus update-2-date was enough to keep most people secure. And this was not poor programming, but poor design - a feature that was critical in the "old days" was a open hole today. I'm not thrilled with MS overall, but over WMF - I give em at B+ and an A for effort. More than on MS engineer spent their new years regression testing security patches.
So 8 days after this specific vulnerability was discovered, MS send out a patch after a complete regression-test in 23 languages (or so). I say, a decent response. Not great, but not terrible, not totally irresponsible. Will be interesting to listen to the techcast from MS tomorrow. But in general, this is just yet another example as to why my favorite MS patch is what Johannes Ullrich calls "the Fedora Patch".
:)
This is rather disgusting. McAffe is chosen (from consumers, to enterprise services) based on the key notion of *trust* - we have to *trust* that McAffee will secure our machines and networks and we pay a lot of money for the pleasure. So upper-brass at McAffee were liars and frankly felony-level criminals these past few years? Burn them at THE STAKE!
Under-ocean electric generation methods are doomed to be radically costly to maintain. Damn, ever see what salt water does to most machines over time? Not pretty.
Excellent question! That would be ZERO. The second rule of Slashdot is to keep your pr0nish ideas to yourself!
Talking about your genetalia or your need to get laid on Slashdot DECREASES your chance of actully getting any by over 50%.
What a bunch of fools. They can't even get the URL to hexblog correct. Hexblog just changed URL's - and how can I, one schmuck, be more up-2-date that Gartner, the most expensive and most big-time analysis company in the world? These guys are full of crap and woill eat crow it a major event happens next week before MS actually DEPLOYS the patch that say is "already complete" ?!?! ARGH!
So he needs to store 10 or so terabytes, at most, of image and animation files? Big freEEEeeaking deal - Apple, Dell, Off the shelf RAID attached myself - RAID is not a big deal and any number of vendors could have pulled it off at a variety of budgets, from a few thousand to tens of thousands of more if you wanna get crazy and have stuff like secure remove nsa security like access from any net machine in the world. anyways.
It's all good - they had money to throw at the problem, and almost any RAID direction would have served their needs. No pun intended.
Well heck, I was wrong. I got this from news.com today:
At least one user has reported difficulties after installing the fix. The update can cause network printing problems, according to an e-mail sent to the Full Disclosure security mailing list.
It's removes a function call that allows old-school printing to be haulted mid-print. This feature is not in use anymore. OS level functionlity is not lost with Ilfak's patch.
Well, the original did not have the detailed and free instructions like the previous, so I think this is a very cool and useful post.
So why has a third-party lone programmer beat a multi-billion software company to patch their own software?
y /912840.mspx
from http://www.microsoft.com/technet/security/advisor
Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.
I think I'm going to be sick.
How and why is it that Microsoft is days behind a third party in releasing a security patch?
Because Microsoft is busy regression-testing all their apps in like a zillion different languages, including several African dialects. Illfak released on patch, no multi-language regression testing, and no big team to review (other than the security community). In the meantime, install the patch, at the very least. My personal defense-in-depth plan that I tell clients and friends includes the following: http://www.manico.net/wmf_alert.html
Knoppix or the Fedora patch is most preferred. But it sounds to be that your wife has MAC USER written all over!
There is just no use for that much data on a phone.
Right. Just like PC's never need more than 64k of RAM. Dude, you have GOT to be kidding me!
Try this on your wifes machine: Disable image-loading in IE. http://support.microsoft.com/kb/153790
Is the machine fully patch up with all software and security updates? Try the Fedora patch? :)
Again, we are talking defense-in-depth, trying to use a multi-layered defense plan to mitigate every possible attack vector. I'm maintaining a list just for you, Sedennial - don't just do one, do them all. Yes, you are right, wmf perimiter defense is not enough, but is valid as part of a comprehensive strategy. Here you go! http://www.manico.net/wmf_alert.html
Did you miss the fact that I am talking about defense-in-depth and am trying to close every attack vector possible? Blocking WMF at the perimiter is a very wise way to stop a large number of potential attacks, since you really almost never need to download wmf files anyways. And I'm talking network perimiter - that means a lot to most slashdotters.