Presumably they don't mention any details because A) they don't want people destroying 1% of the world's computers (and, as one of the 1%, I thank them) or B) because a site named "techtarget" doesn't understand technology.
The only concrete detail I could find in the article: "If you think about the fact that.NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're.NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."
So... they're taking advantage of the fact that Internet Explorer loades.NET DLLs into memory? Doesn't sound like there's "nothing they could do" - naive solution is to just break web-based.NET applications. A better solution might be to put some finer grain security controls on what a.NET program running within a browser is allowed to do.
Quite true... But it sounds like the "we can't cut everyone's pay" is just a lame excuse to do nothing, rather than a million instances of $3.65 or whatever throughout the code. Why actually work (as the Californian budget languishes) when you can just do the easy thing and let things grind to a halt, just like every year?
Not that I RTFA, but it doesn't sound like it "requires a client app installed on any user's machine" either - it's payroll, which means it's probably running on a nearly-forgotten VAX in a basement somewhere, with a janitor who occaisionally winds it up again.
The solution is to A) fire the person who thinks it's impossible to cut somebody's pay (I mean, they manage to raise it often enough) and B) contract out to a COBOL developer. Worst case scenario is C) have a clerk manually write each employee a paycheck three times a year until they find somebody who can figure out Quicken (a bit of sarcasm there.)
COBOL is a dead language, but that's not to say we don't have an undead infestation. And in our case, those zombies do payroll. And occaisionally bite us. And sometimes moonlight in the tortured metaphor or two. But, it's not like payroll is a terribly complicated - people used to do it on 8 bit processors or even, curse Xenu, by hand.
I'll even help them out and provide the algorithm: hours * $*(hr**-1).
What would happen to all the weapons the military has laying around, would someone invade us or would peace break out all over when the worlds biggest and most aggressive country stopped being big and aggressive?
Thing is, most conservatives believe a national defense is a legitimate purpose of government. But you weren't talking about Ron Paul's utopia, you were asking "what the world would be like if all the state and federal workers were fired."
So... it'd be some kind of reverse "Left Behind?" Sweet. Presumably they wouldn't leave the nuclear launch codes lying around, though.
I'm pretty sure you could hammer out a fitting analogy out of a movie theater where someone's skipping or ignoring the "boring" parts could actually affect the others, but that's up to you to figure out.:)
I'm thinking "Movie Theater TiVo thinks I'm gay?!" but I'm running out of ideas.
Exercise to the reader? Maybe "WoW Glider = MLB Steroids" is better, and then Sammy Sosa goes out and ganks lowbies.
Please, tell us all how you think the oil companies are blameless in this and their record profits are nothing more than what they have fairly earned. I'll even bookmark it so I can refer back to it whenever you feel like posting more idiotic garbage and I want to show people what a damn fool you are.
You can do division, can't you? Take $11.6 billion in profit and divide it into $138 billion of revenue. Exxon Mobil's making eight cents on the dollar.
What I'd like to know is why performance enhansing drugs are illegal, but performance enhansing surgery (like LASIK, which can give a person with normal eyesight better than 20/20 vision, albeit with the risk of blindness) is perfectly acceptable?
If it were a sharp-shooting contest, there might be some consternation. But, having better-than-average eyesight doesn't give you the same advantage in sports as, say, being able to rip down Yankee Stadium with your teeth during the half-time show.
Not that I have any first-hand experience with a muscular physique or a working set of eyes. I'm working with second-hand information here 8.8
It's a bit like skipping ads in your favorite TV show. Do you not watch your show because it has ads? No, you tape it and skip the ads.
Counter-metaphor?!
No, it's more like taping over the boring parts of a rented VHS tape. The way most people go about skipping the boring parts (and farming, and griefing) affects other players too.
Thing is, steroids aren't exactly without side effects. Forcing every MLB player to take steroids isn't a good solution. (But, you still haven't solved your problem - how are you going to force every player to take the same AMOUNT of the required steroids?)
That said, Bruce Banner did this, like, a million years ago. Changes user color to green. Incompatible with mood stabilizers. Lame.
So, that's kinda like saying people don't want to actually go all the way around the board in Monopoly to get their $200 - so they should just take an interest-free loan from the bank instead? And blame Parker Brothers for making a boring game? And then grief other Monopoly players on their realm, and break my extended metaphor...?
If the game is tedious, the Right Answer (tm) is to not play it. The Wrong Answer (R) is to buy multiple accounts, run hack programs, grief other players, etc. Whether you care about the in-game economy or anything else is one thing, but one of the most annoying thing WoW Glider does is let you programatically PvP or camp other players.
That rant done, I haven't played WoW in a long time, and I haven't played Monopoly in even longer. But, the WoW Glider author needs to lose a game of rochambeau (capitalization?) with pneumatic press.
but that example is of course true if, and only if you use either of those two OSs in a real time environment, which neither of them is exactly famous for excelling at.
In America, most people drive as if they're in a cooperative multitasking environment, not a real-time environment. My lame joke sounds like the perfect simulation.
Crysis ran "well" for me at Medium settings on an 8800 GTX and a 2.6GHz dual core at my monitor's native resolution of 1680x1050. (Using DirectX 10 on Vista!)
But, it ran everything on "zomg high amazing ponies!" when I connected it to my lower-resolution 720p television.
(I love doing that to Xbox fanboys - "You think Team Fortress 2 looks "amazing" on your little toy? Come over here and see it played at 60fps with more antialiasing than you could fit in the 12 dimensions of a X-hypercube, let alone an X-box, and cry a little bit. Here, you can even play on a controller if you want... PC wins!)
That's the way unix is supposed to work. Many isolated processes communicating over pipes. That's why it's so stable compared to windows.
An adapatation of something I read on/. long, long ago:
Say that Mac (UNIX) and PC from the commercials went off and started their own family. (Say PC got lucky with one of those cheerleaders in the background.)
If PC were to teach his child how to drive, he would have the child launch multiple threaders and store the HANDLEs, assigning hRightFoot to the gas, hRightHand && hLeftHand to the stearing wheel, and hEyes to the road, with hBrain launching the message queue. One child doing all the driving with threads!
Mac would have septuplets. He'd fork one child process for controlling the gas, one child for controlling the stearing, one child for controlling the iRadio, and have them all communicate with pipes!
That way, if one of them crashes, they can just be restarted! Wait...
Interesting. And who knows how the failed bit got toggled anyway? Perhaps the checksum would have been built around the bad information anyway, and all the other machines would have picked it up as valid.
Or they could checksum their UDP packets. The entire packet, not just the customer payload. Duh.
Not a network engineer, but I believe that UDP packets contain the source MAC address. When a router receives that packet, it will blow away that MAC address, replace it with it's own, and forward it out the right interface. (This is assuming they're using UDP, TCP/IP, or something else entirely to transmit whatever state fields were corrupted.)
If they did checksum the entire packet, they would have to rebuild the sum at every node to account for the changing MAC address, and who knows what else is modified in the packet header between nodes. This smacks of a lot of wasted processing time, times, like, a metric internet or two.
If it did get corrupted in transmission (not due to faulty memory, as some speculated, or due to evil gremlins or something else) then maybe adding a checksum just to the state bits would be worthwhile.
If you're an organization designed to affect change and shake-up the status quo, and nobody hates you, you're not doing your job.
Very true - but "hate" is a very poor metric of job performance. Being hated for productively accomplishing your organization's goals is one thing; trying to be hated to "raise awareness" is another.
That's what I meant - I'm looking forward to Haruhi in October! But, in the context of the parent I was replying to, that translation couldn't be anything but a travesty to the original, no?
Watchmen was a great comic. A fantastic graphic novel. No one "Should make a movie of this". Or a game. Or a TV show.
Why not? It's how Japan does it. An author writes a paperback ("raito noberu"), and if it's successful, maybe he'll pursue a manga adaptation. Or get a studio for an anime production.
Granted, it's a somewhat different situation, and I will never be able to "appreciate" the originals until I learn Japanese. But, as many ways as there are to ruin a series (horrible dubbing of an anime, or almost anything Hollywood does over here) there are still more to do a good job.
Now, if they do a good job, you're going to have to go watch it. And then you'll feel silly for all the terrible things you said about the movie now ^.^
"Cloud computing" sounds exactly like how (I'd imagine, beinga young'un) mainframe time was rented back in the Bad Old Days. Except that one mainframe has been replaced with one "cloud."
However they billed for a batch job back in the '50s is how I'd expect them to build for their cloud. Just replace dumb terminals or an operator with the interwebs, and you're good to go.
Karma whoring disclaimer: I posted a similar, equally insightful and witty response to another comment. *wink*
Internet Explorer isn't exactly "a part of the OS." It's not a part of the kernel, it's not a part of the Win32 API proper, it's not part of the TCP/IP stack, etc., and the computer will boot without it.
But, it exports a COM interface, which makes adding HTML support to your code trivial. How many people want to compile Webkit into their program to get a link to their website working in "help-about"? Other programs use it to render help files, or even their interface.
That's why it's nigh-impossible to remove, short of vLite-ing an install disc without it - it's how practially any Windows program, especially MFC/Win32 ones, will do simple internet-y things. It's not a Norton thing.
As it is now, I specify Firefox as the default browser and disable access to IE. It doesn't matter which version of IE, I'm still not using it.
Doesn't matter - upgrade. You don't want old versions of Microsoft code waiting around for viruses to exploit, especially when it's used commonly used.
No. It isn't technically accurate no matter how you look at it.
Do a ^W on the "kernel" part, and it's accurate. At least as far as any library or API that's supposed to be available for an application to link to is.
Every version of Internet Explorer in recent history has exported a COM interface. This makes it trivial for a Win32 developer to add web rendering support to an application - you just hook the interfaces Internet Explorer provides, and *bam!* HTML rendering!
This is why it's difficult (and why you're not "supposed" to) remove Internet Explorer - a lot of applications use it, even if it's just one function call to process a blue hyperlink in their help-about.
That's also why it's a good idea to upgrade it. "Core part of the Windows kernel" is a bit far, but that's the right idea - lots of programs take the two-lines-of-code solution to link with something guaranteed to be on 99.9% of Windows boxes rather than writing their own browsing engine around Webkit.
Slashdot Mirror
Presumably they don't mention any details because A) they don't want people destroying 1% of the world's computers (and, as one of the 1%, I thank them) or B) because a site named "techtarget" doesn't understand technology.
The only concrete detail I could find in the article: "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."
So... they're taking advantage of the fact that Internet Explorer loades .NET DLLs into memory? Doesn't sound like there's "nothing they could do" - naive solution is to just break web-based .NET applications. A better solution might be to put some finer grain security controls on what a .NET program running within a browser is allowed to do.
Quite true... But it sounds like the "we can't cut everyone's pay" is just a lame excuse to do nothing, rather than a million instances of $3.65 or whatever throughout the code. Why actually work (as the Californian budget languishes) when you can just do the easy thing and let things grind to a halt, just like every year?
Not that I RTFA, but it doesn't sound like it "requires a client app installed on any user's machine" either - it's payroll, which means it's probably running on a nearly-forgotten VAX in a basement somewhere, with a janitor who occaisionally winds it up again.
The solution is to A) fire the person who thinks it's impossible to cut somebody's pay (I mean, they manage to raise it often enough) and B) contract out to a COBOL developer. Worst case scenario is C) have a clerk manually write each employee a paycheck three times a year until they find somebody who can figure out Quicken (a bit of sarcasm there.)
COBOL is a dead language, but that's not to say we don't have an undead infestation. And in our case, those zombies do payroll. And occaisionally bite us. And sometimes moonlight in the tortured metaphor or two. But, it's not like payroll is a terribly complicated - people used to do it on 8 bit processors or even, curse Xenu, by hand.
I'll even help them out and provide the algorithm: hours * $*(hr**-1).
What would happen to all the weapons the military has laying around, would someone invade us or would peace break out all over when the worlds biggest and most aggressive country stopped being big and aggressive?
Thing is, most conservatives believe a national defense is a legitimate purpose of government. But you weren't talking about Ron Paul's utopia, you were asking "what the world would be like if all the state and federal workers were fired."
So... it'd be some kind of reverse "Left Behind?" Sweet. Presumably they wouldn't leave the nuclear launch codes lying around, though.
Nyoro~n :(
...waits for negative moderation...
If he did, unemployment might have been better.
Nyoro~n
I'm pretty sure you could hammer out a fitting analogy out of a movie theater where someone's skipping or ignoring the "boring" parts could actually affect the others, but that's up to you to figure out. :)
I'm thinking "Movie Theater TiVo thinks I'm gay?!" but I'm running out of ideas.
Exercise to the reader? Maybe "WoW Glider = MLB Steroids" is better, and then Sammy Sosa goes out and ganks lowbies.
Please, tell us all how you think the oil companies are blameless in this and their record profits are nothing more than what they have fairly earned. I'll even bookmark it so I can refer back to it whenever you feel like posting more idiotic garbage and I want to show people what a damn fool you are.
You can do division, can't you? Take $11.6 billion in profit and divide it into $138 billion of revenue. Exxon Mobil's making eight cents on the dollar.
Your post made it into my favorites, though.
What I'd like to know is why performance enhansing drugs are illegal, but performance enhansing surgery (like LASIK, which can give a person with normal eyesight better than 20/20 vision, albeit with the risk of blindness) is perfectly acceptable?
If it were a sharp-shooting contest, there might be some consternation. But, having better-than-average eyesight doesn't give you the same advantage in sports as, say, being able to rip down Yankee Stadium with your teeth during the half-time show.
Not that I have any first-hand experience with a muscular physique or a working set of eyes. I'm working with second-hand information here 8.8
It's a bit like skipping ads in your favorite TV show. Do you not watch your show because it has ads? No, you tape it and skip the ads.
Counter-metaphor?!
No, it's more like taping over the boring parts of a rented VHS tape. The way most people go about skipping the boring parts (and farming, and griefing) affects other players too.
Riposte!
Thing is, steroids aren't exactly without side effects. Forcing every MLB player to take steroids isn't a good solution. (But, you still haven't solved your problem - how are you going to force every player to take the same AMOUNT of the required steroids?)
That said, Bruce Banner did this, like, a million years ago. Changes user color to green. Incompatible with mood stabilizers. Lame.
So, that's kinda like saying people don't want to actually go all the way around the board in Monopoly to get their $200 - so they should just take an interest-free loan from the bank instead? And blame Parker Brothers for making a boring game? And then grief other Monopoly players on their realm, and break my extended metaphor...?
If the game is tedious, the Right Answer (tm) is to not play it. The Wrong Answer (R) is to buy multiple accounts, run hack programs, grief other players, etc. Whether you care about the in-game economy or anything else is one thing, but one of the most annoying thing WoW Glider does is let you programatically PvP or camp other players.
That rant done, I haven't played WoW in a long time, and I haven't played Monopoly in even longer. But, the WoW Glider author needs to lose a game of rochambeau (capitalization?) with pneumatic press.
but that example is of course true if, and only if you use either of those two OSs in a real time environment, which neither of them is exactly famous for excelling at.
In America, most people drive as if they're in a cooperative multitasking environment, not a real-time environment. My lame joke sounds like the perfect simulation.
Crysis ran "well" for me at Medium settings on an 8800 GTX and a 2.6GHz dual core at my monitor's native resolution of 1680x1050. (Using DirectX 10 on Vista!)
But, it ran everything on "zomg high amazing ponies!" when I connected it to my lower-resolution 720p television.
(I love doing that to Xbox fanboys - "You think Team Fortress 2 looks "amazing" on your little toy? Come over here and see it played at 60fps with more antialiasing than you could fit in the 12 dimensions of a X-hypercube, let alone an X-box, and cry a little bit. Here, you can even play on a controller if you want... PC wins!)
That's the way unix is supposed to work. Many isolated processes communicating over pipes. That's why it's so stable compared to windows.
An adapatation of something I read on /. long, long ago:
Say that Mac (UNIX) and PC from the commercials went off and started their own family. (Say PC got lucky with one of those cheerleaders in the background.)
If PC were to teach his child how to drive, he would have the child launch multiple threaders and store the HANDLEs, assigning hRightFoot to the gas, hRightHand && hLeftHand to the stearing wheel, and hEyes to the road, with hBrain launching the message queue. One child doing all the driving with threads!
Mac would have septuplets. He'd fork one child process for controlling the gas, one child for controlling the stearing, one child for controlling the iRadio, and have them all communicate with pipes!
That way, if one of them crashes, they can just be restarted! Wait...
Interesting. And who knows how the failed bit got toggled anyway? Perhaps the checksum would have been built around the bad information anyway, and all the other machines would have picked it up as valid.
Or they could checksum their UDP packets. The entire packet, not just the customer payload. Duh.
Not a network engineer, but I believe that UDP packets contain the source MAC address. When a router receives that packet, it will blow away that MAC address, replace it with it's own, and forward it out the right interface. (This is assuming they're using UDP, TCP/IP, or something else entirely to transmit whatever state fields were corrupted.)
If they did checksum the entire packet, they would have to rebuild the sum at every node to account for the changing MAC address, and who knows what else is modified in the packet header between nodes. This smacks of a lot of wasted processing time, times, like, a metric internet or two.
If it did get corrupted in transmission (not due to faulty memory, as some speculated, or due to evil gremlins or something else) then maybe adding a checksum just to the state bits would be worthwhile.
If you're an organization designed to affect change and shake-up the status quo, and nobody hates you, you're not doing your job.
Very true - but "hate" is a very poor metric of job performance. Being hated for productively accomplishing your organization's goals is one thing; trying to be hated to "raise awareness" is another.
That's what I meant - I'm looking forward to Haruhi in October! But, in the context of the parent I was replying to, that translation couldn't be anything but a travesty to the original, no?
Since when to Anonymous Cowards get to file amicus briefs?
Watchmen was a great comic. A fantastic graphic novel. No one "Should make a movie of this". Or a game. Or a TV show.
Why not? It's how Japan does it. An author writes a paperback ("raito noberu"), and if it's successful, maybe he'll pursue a manga adaptation. Or get a studio for an anime production.
Granted, it's a somewhat different situation, and I will never be able to "appreciate" the originals until I learn Japanese. But, as many ways as there are to ruin a series (horrible dubbing of an anime, or almost anything Hollywood does over here) there are still more to do a good job.
Now, if they do a good job, you're going to have to go watch it. And then you'll feel silly for all the terrible things you said about the movie now ^.^
The Nuremberg trials after the Holocaust established that.
Wow, way to site foreign precedent. These aren't admiralty courts, y'know! ^^
"Cloud computing" sounds exactly like how (I'd imagine, beinga young'un) mainframe time was rented back in the Bad Old Days. Except that one mainframe has been replaced with one "cloud."
However they billed for a batch job back in the '50s is how I'd expect them to build for their cloud. Just replace dumb terminals or an operator with the interwebs, and you're good to go.
Karma whoring disclaimer: I posted a similar, equally insightful and witty response to another comment. *wink*
Internet Explorer isn't exactly "a part of the OS." It's not a part of the kernel, it's not a part of the Win32 API proper, it's not part of the TCP/IP stack, etc., and the computer will boot without it.
But, it exports a COM interface, which makes adding HTML support to your code trivial. How many people want to compile Webkit into their program to get a link to their website working in "help-about"? Other programs use it to render help files, or even their interface.
That's why it's nigh-impossible to remove, short of vLite-ing an install disc without it - it's how practially any Windows program, especially MFC/Win32 ones, will do simple internet-y things. It's not a Norton thing.
As it is now, I specify Firefox as the default browser and disable access to IE. It doesn't matter which version of IE, I'm still not using it.
Doesn't matter - upgrade. You don't want old versions of Microsoft code waiting around for viruses to exploit, especially when it's used commonly used.
No. It isn't technically accurate no matter how you look at it.
Do a ^W on the "kernel" part, and it's accurate. At least as far as any library or API that's supposed to be available for an application to link to is.
But, that's being pedantic ^.^
Every version of Internet Explorer in recent history has exported a COM interface. This makes it trivial for a Win32 developer to add web rendering support to an application - you just hook the interfaces Internet Explorer provides, and *bam!* HTML rendering!
This is why it's difficult (and why you're not "supposed" to) remove Internet Explorer - a lot of applications use it, even if it's just one function call to process a blue hyperlink in their help-about.
That's also why it's a good idea to upgrade it. "Core part of the Windows kernel" is a bit far, but that's the right idea - lots of programs take the two-lines-of-code solution to link with something guaranteed to be on 99.9% of Windows boxes rather than writing their own browsing engine around Webkit.