Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

benjymouse Re:Some people might unfairly judge Ukraine (220 comments)

Ukraine was part of what happened in Hungary so why are you blaming only Russia? Ukraine was as much a core of the USSR as Russia was back then.

I am old enough to have lived through the cold war. We often referred to USSR (and even the Warsaw Pact) as "Russia" - using the names interchangeably - because it appeared to be one and the same. Of course, that was grossly ignorant and disrespectful to the other republics and states.

However, it now appears as it it wasn't so far off the mark anyway. The former "allies" of the Warsaw Pach - especially Poland - have wasted no time warning about the real intentions of Russia. And they should know - having lived almost 50 years in the shadows of what was effectively the continuation of the Russian Empire.

Talk to Estonia and the other Baltic states as well. They had a big hurry getting into NATO once they wrested themselves free from the "Russian federation". Little love was lost for their old big "ally" in the east.

What has emerged is an image of Russia consistently bullying their neighbor states, forcing them into becoming "friends", Russian domination of local people, even when russians were in the minority (they could always call on big brother). That was how the USSR and the Warsaw block was held together, and also why - when it finally broke - disrupted so astonishingly(!) fast.

This is nothing but Russia rising again after having licked its wounds for a couple of decades. And Russia (and I regretfully have to accept - the Russian people) have not changed in their aspirations.

What we see is pure 1920-1930 style fascism where a powerful nation prepares the population for conquests of weaker states by building a narrative of being "victims" while their true destiny is to be masters, hence they must strike back.

During the Kursk accident I was shocked by how many russians believed the propaganda and dangerous(!) allegations coming out of the Navy that a NATO submarine/torpedo had sunk Kursk. I thought: "Shouldn't they know better by now?".

During the illegal occupation of Crimea by the "green men", Putin claimed that they were just concerned citizens taking protecting their families by organizing self-defense against a perceived enemy.

We now know that Putin was lying. He even admitted as much. The occupation was set in motion from Russia, and the green men was regular Russian troops.

But what got the best of me was that Russians were never outraged by this blatant and dangerous violation of international laws and treaties. They applauded it!

And now it repeats, and we have russians here claiming the same thing as during the Crimea occupation.

When the MH17 was shot down, the rebels first believed they had shot down a Ukrainian plane. And they bragged about it on Twitter and Facebook. The news that the separatists had downed another Ukrainian plane even reached ITAR-TASS and Russia Today, where many Russians must have read it. When it became clear that it was civilian the news disappeared without a trace, without notice and without explanation.

The Russians who followed that initial news and how it was transformed into allegations against Ukraine, why didn't they stop and wonder. It is staring the Russian public in the face, and they refuse to acknowledge it. I blame them for that. I blame all Russians for that.

I have lost all respect for Russians. There may be good Russians, but from now on they will have to prove that they are not lying scumbags before I want to have anything to do with them. Sorry, but that is how it is.

12 hours ago

Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

benjymouse Re:Some people might unfairly judge Ukraine (220 comments)

2. Hello! This is Russia - which, in case you hadn't noticed, is different from the USSR.

Which is just another lie. You are the same.

Yes, Russia is smaller than USSR - but it seems you have a plan to remedy that.

And that is why you have lost all credibility. We cannot trust anything you say.

13 hours ago

Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

benjymouse Re:Wait.... what? (220 comments)

Oh, and they also scream: "Hang Russians on tree branches" (at 0:25). Just to show how Ukraine develops deep mutual appreciation and tolerance in a multi-cultural society from the very young age.

Page one in facism manual: We are the victims.

Page two: Tell the lie again and again: We are the victims, We are the victims, We are the victims.

Dear Russian: We cannot trust you. You have some serious cleaning up to do after Putin. Until you demonstrate that you have left the nationalism and dream of the Russian Empire behind, you cannot be trusted in a modern world. These few months - whatever way it turns out - will cast shadows for 15-20 years in the future.

After the Berlin Wall came down, we had hopes that the militarism and expansionism of past was due to an anti-democratic leadership run amok. We now know that it is a trait of the Russian people, not just the leadership. The fact that you so willingly let history repeat itself is a wake-up call for most of us.

We wanted to believe that you were genuinely interesting in peaceful coexistence with respect for other people. Your former "allies" in Poland, Latvia, Lithuania, Estonia, Czech Republic and Slovakia warned us about you. It is interesting how practically *all* of your former "allies" want's to have NO business with you. We should have listened to them.

This has shown the world the true Russia. Be prepared for a future where everything Russia tries to achieve will be viewed with suspicion.

It is not a question about whether we like you or not. It is much more severe: We do not trust you. You have proved for the World that you cannot be trusted.

13 hours ago

Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

benjymouse Re:Wait.... what? (220 comments)

If the separatists have the support of the majority of the local people, why would we oppose them?

Oh, you mean like when Chechnya declared independence from Russia and was granted it because the locals overwhelmingly supported it. Oh wait - how come they are still part of Russia?


Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

benjymouse Re:Wait.... what? (220 comments)

They were NOT staged.

Yes they WERE staged.

Do you even understand Russian or are you simply parroting the shit that the mass media blindly copies from Ukrainian media?

So, one has to speak russian to understand this conflict? Really?

I have been trying to follow the conflict reporting from both mainstream media as well as from Russia Today. The twists from RT is really mindblowing. They even broke the news that the seperatists had shot down *another* Ukrainian plane - only to pull it without any notice, update or trace whatsoever on the RT site once they found out that it was a civilian plane and that the official story was going to be to pin it on the Ukrainians.

Russia Today does not follow common practices for journalism designed to keep media outlets accountable. And Russia Today and Russian controlled media has lost every bit of trust.

Western media are not controlled by governments. Russian media are. Western governments do not crack down on dissidents and bloggers. Russian government does.

Which leads be to the reason for posting this:


- is a genus of political ideology whose mythic core in its various permutations is a palingenetic form of populist ultranationalism
- is a form of political behavior marked by obsessive preoccupation with community decline, humiliation, or victimhood and by compensatory cults of unity, energy, and purity
- abandons democratic liberties and pursues with redemptive violence and without ethical or legal restraints goals of internal cleansing and external expansion

All of the above fits Russia. Not Ukraine. I don't know if Putin is a fascist himself (I suspect so), but he is playing the ultranationalism card, he talk about Russia being humiliated and threatens nuclear retaliation, he talks about Russian superiority, he claims right to invade any country who (in his mind) humiliates russian citizens or ethnic/russian speaking minorities, he pursues dissidents of his regime and he disregards treaties and expands territory and annexes weaker states (see Georgia, Ossetia, Ukraine/Crimea).

Russia is now engulfed in neo-fascism, Russians taking pride in their new "superiority" and getting back at the world for laughing at them for so many years.

This time around there is no excuse for not knowing the truth. Last time you could claim you did not know because you were lied to. This time you have to actively put the fingers in your ears and shout LALALALA. And that's what you do.

You have shown once again that you will fall for a leader who promises to bully the world, steal and loot, break treaties, threaten nuclear strikes, lie and cheat and play fast and loose the peace of lives of people. For that you deserve despise.

We may not laugh at you any more. But we will never trust you again. You make me sick.


Ukraine Asks Zuckerberg to Discipline Kremlin Facebook Bots

benjymouse Re:Wait.... what? (220 comments)

Please, get the CNN polls and stuff them deep into your rectum. They are worth just that.

Please, take your astroturfing videos and stuff them deep in your rectum. They are worth just that. "Protests" like that are easy stage and - just like the "humanitarian" cargo convoy, the TV images has nothing to do with reality.

In polarized times you cannot trust any source, LEAST of all anecdotal "evidence" from activists on the street. Those not fired up by russian nationalism and russian superiority stay at home.

That's why you should go back to times with lesser polarization. That's why you can stuff your videos.

And you have the gall to talk about propaganda? The russian media has relentlessly described the Ukrainian government as fascists. You know what a fascist is? It is someone who believe he has more right than you because he is stronger. The fascists here are the russians threatening with nuclear conflict, invading and annexing sovereign states to "protect russian people". Yes - that's what happend in Georgia and Ossetia.

I always try to keep it calm when i post on /. But you telling others to stuff opinions up their rectum is genuinely offensive! You are a jerk! There, i said it.


Microsoft Releases Replacement Patch With Two Known Bugs

benjymouse Don't know what you are talking about (138 comments)

Perhaps you should give it 3 secs investigation before you shout off.

3 secs should be just enough to click the "more information" link.

3 days ago

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

benjymouse Re:NT is best (190 comments)

3 times this year MS has bricked my system with updates. I run a stock install from HP - the only software on the PC is Firefox, LO, Steam, and ARC. All 3 times it's corrupted my system hive. The first time I ended up re-installing, the last 2 times I've just replaced the hive.

There has not been a single update that corrupted the system hive. Never. Ever.

The system hive integrity is backed by multiple mechanisms. Firstly, Windows keeps 2 copies. Secondly, updates to the hive is protected by NTFS journaling. Thirdly, system hives are protected by system protection (on by default) which keeps previous versions using shadow copy service.

If your system hive has been corrupted you have serious hardware issues.

about a week ago

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

benjymouse Re:NT is best (190 comments)

Haven't been paying attention lately have ya?

Last Black Tuesday fucked up a lot of users of New modern great Windows systems

Less than 0.01% of Windows users. That may be "a lot of users" in absolute terms - but it is certainly not the big failure you (and Infoworld - the tabloid of tech) make it out to be.

Did MS do a proper jon when testing the updates? no. Did they fail massively? no.

about a week ago

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

benjymouse Re:NT is best (190 comments)

Wow, Ubuntu is behind the times.

Fedora can patch and dynamically replace the running kernel without a reboot.

BS. Fedora uses RPM, which is even worse at ensuring that patches become effective.

You are deluding yourself and confusing the fact that you are not instructed to reboot with reboot is not needed. Your complacency means that you processes lingers on in their vulnerable state. Fedora does not use ksplice (Oracle owns that now) and ksplice does depend on the patches being specifically prepared, anyway.

Not all patches require system reboot (same as on Windows). But patches that affect e.g. running network daemons do require a restart to become effective. I hope you are not responsible for administering production systems!

Ubuntu is just one distro of linux, if it is not doing what you want then try the others.

Oh - the universal answer: You are using the wrong distro. Love it. Deflect, avoid, goalposts shifting.

However, in this case (talking about Munich, remember?) they were using Ubuntu as base for Limux.

about a week ago

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

benjymouse Re:NT is best (190 comments)

I still regularly get "need to upgrade reboots" on my Windows machine. It's atleast once a month and always seems to pop up when I'm playing a game of LoL or CS:Go.

Yes, I use my Windows as a Wintendo. Got a problem with that?

And I suppose that Linux is better?

Just this past month I can count several Linux vulnerabilities, the patch for which requires a reboot:

After a standard system update you need to reboot your computer to make
all the necessary changes.

The same goes for all of these:,,,,

For this one you have to restart your Unity session:

The security notices also includes a number of patches to library files. Under Linux you can replace (patch) a file even if it is loaded in a current process. However, the patches file will not take effect until said process has been restarted.

As far as I know, under Linux there is no automated process for this. Linux will not be able to patch an open LibreOffice Writer application if one of the libraries it uses are being patched. Writer will happily continue running unpatched.

Worse, you will not get a warning, and the running processes may have already loaded some libraries before the patch, and load a version of a library that is incompatible with the running process *after* the patch, simply because the OS/processes are not aware of patches. This leads to application crashes. I regularly experience crashes when I use LO on Ubuntu. Granted, I have Ubuntu installed as a VM and use it rarely, but that also means that there's typically *a lot* of patches waiting for me when I spin up the VM. Linux seems to handle patching libraries poorly and I am not aware of any system mechanism that tries to mitigate this problem.

Under Windows you have the Restart Manager. When a process load a DLL, it also locks the DLL file because it may just discard the memory where it is loaded, expecting to be able to load the exact same image later. Applications (such as Office) registers with the Restart Manager. If the Windows Updater needs to replace a locked DLL file, it looks to see if the processes that locks the DLL are all registered with the RM. If so, it can ask the registered application for their "state", restart the processes and inject the state into the processes when they come back up and registers with the RM. The RM also watches the locked files, and if the last lock that prevents a patch set (multiple files that should be replaced as part of an atomic transaction) is being released, the RM can kick of the file replace operation. This latter part is the reason why sometimes the "need to restart the system" badge disappears without a system restart.

The bottom line: Linux needs restarts/reboots just as Windows does. Sometimes you are deceived to believe that it has fewer restarts because Linux cannot by itself figure out that you *do* need to restart a process or the system. But that's actually worse because it leads to crashes.

about a week ago

Heartbleed To Blame For Community Health Systems Breach

benjymouse Re:Access restrictions (89 comments)

How does getting onto the VPN equate to accessing the secret stuff? Isn't there another layer of security?

The Heartbleed bug is an extremely serious information disclosure bug.

Via a simple attack the attackers can read the memory of the VPN appliance which holds the latest SSL keys, passwords, usernames, you name it. The attackers could potentially also have been able to read session identifiers and thus potentially bypass 2-factor auth even if it was in place.

Heartbleed will go over in the history as the most expensive bug of all times. It already is, and we have not seen the last of the consequences.

about two weeks ago

Munich Reverses Course, May Ditch Linux For Microsoft

benjymouse Re:Its the second one Re: Surprise? (579 comments)

MSFT is relocating regional headquarters and Munich is a front runner. Lots of potential tax revenue, both directly from MSFT and indirectly from the employees and spin off economic activity.

Selection of Munich would undoubtedly be contingent on the city migrating back. I dont believe any outright bribing was involved or required.

Two problems with your conspiracy theory:

1) The decision to move the HQ was made almost a year ago. Whether or not Munich converts back will not change the plans.
2) The HQ is already in the Munich area. The new HQ will be located apx 15 kilometers to the south of the current one.

Nice try, though.

about two weeks ago

Windows 8.1 Update Crippling PCs With BSOD, Microsoft Suggests You Roll Back

benjymouse Re:It's pretty hard to roll back automated updates (304 comments)

All fastboot does is skip a few bios checks (eg: fast memory scan instead of full). It will not effect anything else, unless you have a hardware fault which can be detected at BIOS post.

Wrong. Fastboot hibernates the kernel but not the userland processes. It depends on drivers being capable of quickly re-initializing hw devices, but what it does is it brings up the kernel from a hibernated image and skips most of the usual hardware detection and device initialization.

Rule number 1 = Dont use system restore
Rule number 2 = Dont use system restore
Rule number 3 = Google "Stop 0x0000000e" error code on your BSOD.
Rule number 4 = Remember the last thing you did before the BSOD started happening, reverse the process. Job fixed.

Really, really stupid advice. System restore has N previous versions of your driver setup. You can reliably go back in time for the operating system but retain any changes to user files. It is stupid to NOT use system restore. Whenever you install a new driver, the system *will* retain the old files, registry settings etc as shadow copies. It is a well-tested and stable way to go back in time with your os.

about two weeks ago

Windows 8.1 Update Crippling PCs With BSOD, Microsoft Suggests You Roll Back

benjymouse Re:Forget TFA (304 comments)

"If you do not have media, you should use the power button to restart your computer during the startup process three times. This should start the Windows Recovery Environment. "

Oh yeah, THAT's gotta be good for the hardware. Definite improvement over F8. Thanks Microsoft...

It is actually quite clever: If the system barks 3 times in a row when trying to start, the operating system *should* infer that something is preventing an orderly startup. In that case, dropping into the recovery console is a perfectly good choice.

NTFS has volume shadow copy on by default for the system drive. It records changes to the *system* (Windows/** and Program Files/**) and lets you roll back those changes without rolling back any user/data files.

So even if you f***** up so royally as to make the system unbootable (e.g. a bad disk driver), the system will boot into the recovery console with a minimal number of known "basic" drivers.

about two weeks ago

Ask Slashdot: How Dead Is Antivirus, Exactly?

benjymouse Re:Saw similar posts before the web existed (331 comments)

Java was supposed to be sandboxed entirely with zero chance of malware getting to anything other than it's own litter tray. Look how that turned out when it was seen as all too hard and compromises were made.

The big problem with Java is that it requires quite a bit of C "glue" code to interface with the underlying operating system. The glue code necessary is often quite complex too, since it has to contend with issues such as the VM rearranging objects (thus glue need to "pin" the objects), garbage collection using a mark-and-sweep (thus the glue code need to make sure objects do not "dissapear" during the call), strange memory layout, multithreading/cpu cache issues etc, etc.

So while from the Java developer things may look simple, copious amount of complex glue code is need with all the traditional opportunities for security bugs.

There are probably more explanations than how the language runtime integrates with the OS, but the comparable .NET Framework seems to fare *a lot* better

Then there's the opposite that was born stupid, things like Active-X from MS that were such a stupid idea that a librarian (not a programmer) was telling me how stupid it was before launch.

ActiveX controls on the web was a stupid idea. Faced with the threat of Java applets, Microsoft decided to take a sound (and efficient) binary standard from the OS and put it on the web. The big problem with ActiveX is that from the OS perspective (at least until Windows 7) it is but binary code executing under the user account.

Imagine a system where you do not have sufficient control over what a process can do (because it is binary code executing directly against the OS), so instead you try to limit who can use what binary code - and under which circumstances. But once the code executes it acts as part of the host process. That actually works until some sneaks in malicious binary code, or - more likely - someone finds a memory corruption bug or finds a way to use the binary code in ways not intended by the developer.

That is putting a lot of trust in 3rd party developers, trusting that they do not have malicious intent and that they are actually competent and that proper quality assurance processes are in place. That turned out to be a stupid thing to trust (contrary to popular belief there has been precious few vulnerabilities in the ActiveX implementation itself - it was always the ActiveX controls -mostly 3rd party - that had vulnerabilities).

However, the idea behind whitelisting ActiveX controls was not new. It had been tried before (albeit not on the 'net), with similar results in terms of vulnerabilities, exploits and system compromises. To this day SUID/setuid is the most stupid intentional security weakness in the *nix security model, simply because - like with ActiveX - the permission structure is otherwise not capable of meeting simple, legitimate requirements.

Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way

I believe you may be confusing something here. When there is a vulnerability where a jpeg can "execute arbitrary code" it is *not* intentional. It is usually down to a memory corruption bug (such as buffer overflow), i.e. it is *unintentional*. I don't believe MS has made any image format with intentional capability to execute arbitrary code. If you have information to the contrary, then please cite source.

If you are insinuating that it is only MS who can make mistakes in image processing code, you should tread carefully. Compared to the typical open source libraries (libxml, libtiff, libpng et al) MS has had precious *few* vulnerabilities.

The answer as always is to learn from the lessons of the past instead of throwing together a pile of bits that look software shaped and rushing it out the door.

Yes. But if you want to learn the right lessons you must be careful to perform an unbiased analysis. Otherwise your results will have absolutely zero value towards avoiding similar situations in the future. Your petty attempts at laying this at the door of MS is an example of this. If - in your mind - the problem is simply MS, then you are overlooking the real problems. Ask yourself this: Why is it that it is only MS who has not had a *major* bug in their SSL implementation? (hint: MS SDL outlaws the use of the exact C library functions that were behind Heartbleed, so MS actually has a process in place where they analyze previous vulns and improves the guidelines for future development so that they can avoid *similar* mistakes).

about two weeks ago

Microsoft Black Tuesday Patches Bring Blue Screens of Death

benjymouse Second that (179 comments)

Updates Win 8.1 x64 all patches. No problems.

about three weeks ago

Microsoft Black Tuesday Patches Bring Blue Screens of Death

benjymouse Re:The suck, it burns .... (179 comments)

On the other hand, Apple, Debian and Redhat manage to release timely security patches that don't cause crashing en-masse.

Perspective, please. This seems to be a *very* limited problem and an (as usual) over-zealous Woody Leonhard trying to stir up a controversy.

Infoworld *is* the fox news of tech.

about three weeks ago

Microsoft Surface Drowning?

benjymouse Surface Mini is the reason for the write-down (337 comments)

TFA - especially the headline - is grossly misleading click-bait.

The story behind the latest numbers are that Microsoft has taken a write-down on investment in development of the *Surface Mini*. They scrapped that device only days before launch. When you do that, you have to write off all sunk cost on design and development of that product line.

Thus, those accounting numbers say *nothing* about how Surface Pro 3 - or indeed how the Surface line in general is performing in the market. For all we know demand is good but not excellent.

Tablet sales are tanking and PC sales are climbing again. If customers start to view tablets as "not for real work" Surface Pro 3 could be *the* device which is a perfect combination (compromise?) of PC and tablet.

For all the ridicule, Windows 8 does in fact deliver on being both a tablet as well as a PC operating system. The problem was never the tablet part nor the PC part - the main problem (especially with 8.0) was the rather poor integration (and yes, the fact that they tried to funnel desktop users through the "tablet" part to pent up demand for apps and attract developers).

about three weeks ago



VLC threatens Secunia with legal action in row over vulnerability report

benjymouse benjymouse writes  |  about a year ago

benjymouse (756774) writes "Following a blog post by security company Secunia, VideoLAN (vendor of popular VLC media player) president Jean-Baptiste Kempf accuses Secunia of lying in a blob post titled More lies from Secunia. It seems that Secunia and Jean-Baptiste Kempf have different views on whether a serious vulnerability has been patched. At one point VLC threatened legal action unless Secunia updated their SA51464 security advisory to show the issue as patched. While Secunia changed the status pending their own investigation, they later reverted to "unpatched". Secunia claimed that they had PoC illustrating that the root issue still existed and 3rd party confirmation (an independent security researcher found the same issue and reported it to Secunia)."

Pwn2Own 2009: Safari, IE8 and Firefox all pwned!

benjymouse benjymouse writes  |  more than 5 years ago

benjymouse (756774) writes "In a matter of seconds, Charlie Miller, last years winner of the PWN2OWN contest did it again at CanSecWest and successfully exploited a fully patched Safari running on a Mac. He came prepared, directed the operator of the browser to browse to a rigged website and it was all over.

He took the $10.000 first prize and the macbook home with him.

Last year he was quoted as saying "Every time I look for [a flaw in Leopard] I find one. I can't say the same for Linux or Windows. I found the iPhone bug a year ago and that was a Safari bug as well. I've also found other bugs in QuickTime.".

As I wrote this submission news came in that all of IE8, Safari (again) and Firefox was pwned by a researcher going by the name "Nils". So far only Chrome remains standing.

These were all drive-by exploits against fully patched browsers, not 3rd party plugins. Be careful out there."

Vista Capable lawsuit loses class action status

benjymouse benjymouse writes  |  more than 5 years ago

benjymouse (756774) writes "In a big setback for plaintiffs, a federal judge has stripped the class-action status from the Vista Capable suit against Microsoft.

Computerworld writes

The consumers who brought the original lawsuit, and those who followed as members of the class action, will be free to continue their cases, but they will have to do it individually, not as a group, Pechman said. "Approximately one year ago, this Court certified a class in this matter and allowed Plaintiffs 'to further develop their price inflation theory'," Pechman said. "It is now apparent that class treatment is no longer appropriate."

"Dr. Leffler did not attempt any regression analysis, much less an econometric analysis of the impact of 'Vista Capable' on demand," Pechman said. "It is ... critical to Plaintiffs' theory of proof to isolate Microsoft's purportedly deceptive efforts to increase demand from promotions OEMs had in the run up to the holiday season."

Presumably the lawyers for plaintiffs were expecting a good chunk of the potential damages. This will make it much more costly and risky to retrieve such damages. Will this effectively spell the end of the suits, or will the lawyers press on? IANAL so I wouldn't know whether they can appeal this ruling or not."


Microsoft urges Windows users to shun Safari

benjymouse benjymouse writes  |  more than 6 years ago

benjymouse (756774) writes "The Register has picked up on a recent Microsoft security bulletin which urges Windows users to "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple". This controversy comes after Apple has officially refused to promise to do anything about the carpet bombing vulnerability in the Safari browser. Basically, Apple does not see unsolicited downloads of hundreds or even thousands of executable files to users' desktops as being a security problem.

The MS bulletin speaks of a possible "blended" attack. This is obviously recognizing that having the desktop carpet bombed with executable files does not imply that they can be executed. However, once the files are on the desktop all an attacker needs to do is to find some social engineering attack vector or a way to launch one or more of the files through some other vulnerability. At the very least it does not take much imagination to come up with scenarios where this vulnerability can be used by spammers or skiddies out to annoy users.

It is unprecendented for Microsoft to recommend Windows users to abstain from using a mainstream software product, especially a competing product. Could it be that Microsofts security response team have grown sensitive over Apple TV ads ridiculing Windows users over security while at the same time Apple software products, especially Quicktime, and now Safari threatening the security of those very same users? Surely the "Apple software updater" push of Safari haven't exactly earned them points in Redmond. Surely MSRT realizes that this may be controversial. Is this a "stab" back at Apple and/or a way to shine light on Apples own security problems?"

Netcraft: Microsoft IIS may soon overtake Apache

benjymouse benjymouse writes  |  about 7 years ago

benjymouse (756774) writes "From the latest Netcraft web server survey:
In the August 2007 survey we received responses from 127,961,479 sites, an increase of 2.3 million sites from last month. Microsoft continues to increase its web server market share, adding 2.6 million sites this month as Apache loses 991K hostnames. As a result, Windows improves its market share by 1.4% to 34.2%, while Apache slips by 1.7% to 48.4%. Microsoft's recent gains raise the prospect that Windows may soon challenge Apache's leadership position."


benjymouse has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>