New Firefox bug (and fix)

Discussion in 'Computer Security' started by Imhotep, Sep 11, 2005.

  1. Imhotep

    Imhotep Guest

    Imhotep, Sep 11, 2005
    #1
    1. Advertising

  2. "Imhotep" <> wrote in message
    news:...
    > One thing about firefox those guys fix their software's problems very,

    very
    > quickly...
    >
    > Please read immediately:
    >
    > http://it.slashdot.org/article.pl?sid=05/09/10/1625241&from=rss


    "Fixed" in the same way that "turn off JScript" is a valid fix for IE :eek:\

    "IDN functionality will be restored in a future product update". My
    suggestion would be a nested RFC-compliant filter on the URI... sometimes
    the simplest approaches *are* the best.

    /Very/ neat way to change the config, though - haven't had to take a look
    before now. Hope that it's inaccessible from the outside world!

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Sep 12, 2005
    #2
    1. Advertising

  3. Imhotep

    Imhotep Guest

    Hairy One Kenobi wrote:

    > "Imhotep" <> wrote in message
    > news:...
    >> One thing about firefox those guys fix their software's problems very,

    > very
    >> quickly...
    >>
    >> Please read immediately:
    >>
    >> http://it.slashdot.org/article.pl?sid=05/09/10/1625241&from=rss

    >
    > "Fixed" in the same way that "turn off JScript" is a valid fix for IE :eek:\
    >
    > "IDN functionality will be restored in a future product update". My
    > suggestion would be a nested RFC-compliant filter on the URI... sometimes
    > the simplest approaches *are* the best.
    >
    > /Very/ neat way to change the config, though - haven't had to take a look
    > before now. Hope that it's inaccessible from the outside world!
    >


    I believe this posting was to inform people about a bug and temp fix. So,
    what is you point anyway? That it is a temp fix? Do you really want to
    compare IE to Firefox, if so, let's talk about the mean time to fix
    security holes. Don't think you want to go there :-O

    P.S. I agree that interface was pretty cool. First time I saw it too.

    Im
    Imhotep, Sep 12, 2005
    #3
  4. "Imhotep" <> wrote in message
    news:...
    > Hairy One Kenobi wrote:


    <snip>

    > I believe this posting was to inform people about a bug and temp fix. So,
    > what is you point anyway? That it is a temp fix? Do you really want to
    > compare IE to Firefox, if so, let's talk about the mean time to fix
    > security holes. Don't think you want to go there :-O


    This isn't a fix. It's a workaround.

    A fix isn't a workaround.

    As it stands, FF is significantly more vulnerable than IE at the moment
    (gasp, shock, horror). Heck, noone's even /bothered/ to test the older
    versions ("older" meaning a month or two. How many 200k desktop
    organizations roll-out every fortnight?)

    Look. They're just bloody browsers, not some kind of weapons in a Jedi
    conflict. Or something.

    It's a bit like comparing car sparkplugs by judging the damage they'd cause
    if you threw them at someone - they're there to do a job and (specifically)
    not get in the way of that job. TBH, I'm getting pretty tired of "software
    (written by bad programmers) is better than your software (written by bad
    programmers)".

    For the next couple of weeks, FireFox has just gone the way of Internet
    Explorer - a bloody obvious flaw that should have shown up in *any* decent
    testing regime. It failed. Live with it. It'll be fixed eventually, but for
    now there's a workaround (turning off a whole chunk of code that turns out
    to not be quite as RFC-compliant as its author(s) envisaged).

    Having an RFC dosen't mean it's any good (sometimes quite the contrary -
    read some of the recommendations in SMTP!). My software is *all* RFC
    compliant (no exceptions that I'm aware of), but - crucially - I get to pick
    which RFC ;o)

    > P.S. I agree that interface was pretty cool. First time I saw it too.


    Ditto. I generally write servers, so I manage to avoid this whole issue.
    Next time I write a "proper" client with options, then I'll be copying that
    idea. Sod all this INI vs. registry crap - this *is* the future for rational
    people.

    H1K
    Hairy One Kenobi, Sep 13, 2005
    #4
  5. Imhotep

    Winged Guest

    Hairy One Kenobi wrote:
    > "Imhotep" <> wrote in message
    > news:...
    >
    >>One thing about firefox those guys fix their software's problems very,

    >
    > very
    >
    >>quickly...
    >>
    >>Please read immediately:
    >>
    >>http://it.slashdot.org/article.pl?sid=05/09/10/1625241&from=rss

    >
    >
    > "Fixed" in the same way that "turn off JScript" is a valid fix for IE :eek:\
    >
    > "IDN functionality will be restored in a future product update". My
    > suggestion would be a nested RFC-compliant filter on the URI... sometimes
    > the simplest approaches *are* the best.
    >
    > /Very/ neat way to change the config, though - haven't had to take a look
    > before now. Hope that it's inaccessible from the outside world!
    >


    It is relatively inaccessible to the outside world because the path to
    the file has a pseudo random directory assignment making targeting the
    user config file difficult via a file replacement to a defined path,
    though it might be achieved using programmatic logic. This would
    increase the virus size but it could be possible to accomplish.

    To avoid this potential flaw however is to make the browser run with
    dropped privileges This works not only in IE but Firefox and other
    browsers as well.

    Then do not give standard user privileges modify permissions to the
    directory (read only) or certain system files you do not want to allow
    modified by "standard user". This prohibits the browser from making
    these modifications.

    A guide on using the MS drop my rights MSI utility can be found at:

    http://msdn.microsoft.com/security/.../library/en-us/dncode/html/secure11152004.asp

    The neat thing about learning this methodology is it can be used with
    almost any application and even used to break certain functionalities
    without breaking the application such as certain DRM software which uses
    a certain DRM directory....but that is outside the scope of this
    newsgroup.

    Using this methodology you can make IE almost safe. Though I still
    prefer Firefox. This method reduces the potential vulnerability of
    having the user config files modified in Firefox. It also dramatically
    reduces possibility of web based sites doing drive by shootings of the
    registry. This does not mean the method is safe, but would require a
    significant change of approach for most malware, and limit most issues
    to the specific session.

    Note: If you use this method you may want a shortcut configured that
    does not drop rights for certain activities for example windows update
    (in IE) or for example doing about:config in Firefox. Elevated
    shortcuts should be placed somewhere not readily accessible (i.e. not
    directly on the desktop) to prevent inadvertent running with elevated
    permissions.

    Winged
    Winged, Sep 13, 2005
    #5
  6. Imhotep

    Imhotep Guest

    Winged wrote:

    > Hairy One Kenobi wrote:
    >> "Imhotep" <> wrote in message
    >> news:...
    >>
    >>>One thing about firefox those guys fix their software's problems very,

    >>
    >> very
    >>
    >>>quickly...
    >>>
    >>>Please read immediately:
    >>>
    >>>http://it.slashdot.org/article.pl?sid=05/09/10/1625241&from=rss

    >>
    >>
    >> "Fixed" in the same way that "turn off JScript" is a valid fix for IE :eek:\
    >>
    >> "IDN functionality will be restored in a future product update". My
    >> suggestion would be a nested RFC-compliant filter on the URI... sometimes
    >> the simplest approaches *are* the best.
    >>
    >> /Very/ neat way to change the config, though - haven't had to take a look
    >> before now. Hope that it's inaccessible from the outside world!
    >>

    >
    > It is relatively inaccessible to the outside world because the path to
    > the file has a pseudo random directory assignment making targeting the
    > user config file difficult via a file replacement to a defined path,
    > though it might be achieved using programmatic logic. This would
    > increase the virus size but it could be possible to accomplish.
    >
    > To avoid this potential flaw however is to make the browser run with
    > dropped privileges This works not only in IE but Firefox and other
    > browsers as well.
    >
    > Then do not give standard user privileges modify permissions to the
    > directory (read only) or certain system files you do not want to allow
    > modified by "standard user". This prohibits the browser from making
    > these modifications.
    >
    > A guide on using the MS drop my rights MSI utility can be found at:
    >
    >

    http://msdn.microsoft.com/security/.../library/en-us/dncode/html/secure11152004.asp
    >
    > The neat thing about learning this methodology is it can be used with
    > almost any application and even used to break certain functionalities
    > without breaking the application such as certain DRM software which uses
    > a certain DRM directory....but that is outside the scope of this
    > newsgroup.
    >
    > Using this methodology you can make IE almost safe. Though I still
    > prefer Firefox. This method reduces the potential vulnerability of
    > having the user config files modified in Firefox. It also dramatically
    > reduces possibility of web based sites doing drive by shootings of the
    > registry. This does not mean the method is safe, but would require a
    > significant change of approach for most malware, and limit most issues
    > to the specific session.
    >
    > Note: If you use this method you may want a shortcut configured that
    > does not drop rights for certain activities for example windows update
    > (in IE) or for example doing about:config in Firefox. Elevated
    > shortcuts should be placed somewhere not readily accessible (i.e. not
    > directly on the desktop) to prevent inadvertent running with elevated
    > permissions.
    >
    > Winged



    Wow. Good info man...

    Im
    Imhotep, Sep 13, 2005
    #6
  7. Imhotep

    Imhotep Guest

    Hairy One Kenobi wrote:

    > "Imhotep" <> wrote in message
    > news:...
    >> Hairy One Kenobi wrote:

    >
    > <snip>
    >
    >> I believe this posting was to inform people about a bug and temp fix. So,
    >> what is you point anyway? That it is a temp fix? Do you really want to
    >> compare IE to Firefox, if so, let's talk about the mean time to fix
    >> security holes. Don't think you want to go there :-O

    >
    > This isn't a fix. It's a workaround.
    >
    > A fix isn't a workaround.
    >

    <snip>

    It is a temp fix. Most importantly, they informed people with the fix
    preventing people from getting infected, etc, etc in impressive time. I
    monitor a lot of security sites (some quite shaddy) and the firefox people
    did not waste any time getting this out to the people who use their
    software. Good job. Now look at MS. The delayed a patch that, I believe
    will be for the outlook and IE apps leaving people vulnerable for at least
    another week. And yes, many people know of the flaw...the kind of people
    you do not want to know...

    My background is software too. And let's face it the more complex the code
    the higher the probability of flaws. Again, when I judge I look at how a
    company deals with their software bugs. Do they ignore it until there are
    numerous hacks out there? Do they get the info out right way (even with a
    temp fix)?

    Again, good job Firefox!

    >> P.S. I agree that interface was pretty cool. First time I saw it too.

    >
    > Ditto. I generally write servers, so I manage to avoid this whole issue.
    > Next time I write a "proper" client with options, then I'll be copying
    > that idea. Sod all this INI vs. registry crap - this *is* the future for
    > rational
    > people.
    >
    > H1K


    Yes, I liked it too. Pretty cool and easy to alter the config...


    Im
    Imhotep, Sep 13, 2005
    #7
  8. "Imhotep" <> wrote in message
    news:...
    > Hairy One Kenobi wrote:
    >
    > > "Imhotep" <> wrote in message
    > > news:...
    > >> Hairy One Kenobi wrote:

    > >
    > > <snip>
    > >
    > >> I believe this posting was to inform people about a bug and temp fix.

    So,
    > >> what is you point anyway? That it is a temp fix? Do you really want to
    > >> compare IE to Firefox, if so, let's talk about the mean time to fix
    > >> security holes. Don't think you want to go there :-O

    > >
    > > This isn't a fix. It's a workaround.
    > >
    > > A fix isn't a workaround.
    > >

    > <snip>
    >
    > It is a temp fix.


    Sorry, we're going to have to disagree. "Don't turn your computer on" if a
    workaround, not a fix.

    Likewise turning off an entire chunk of functionality (in this case,
    absolutely everything to do with IDN)

    > My background is software too. And let's face it the more complex the code
    > the higher the probability of flaws


    Software mantra: you can always reduce the size of the executable by one
    machine code operand. There is always one more bug. Corollary: you can
    reduce any piece of software down to one machine code operand. That doesn't
    work :eek:)

    H1K
    Hairy One Kenobi, Sep 13, 2005
    #8
  9. Imhotep

    Imhotep Guest

    Hairy One Kenobi wrote:

    > "Imhotep" <> wrote in message
    > news:...
    >> Hairy One Kenobi wrote:
    >>
    >> > "Imhotep" <> wrote in message
    >> > news:...
    >> >> Hairy One Kenobi wrote:
    >> >
    >> > <snip>
    >> >
    >> >> I believe this posting was to inform people about a bug and temp fix.

    > So,
    >> >> what is you point anyway? That it is a temp fix? Do you really want to
    >> >> compare IE to Firefox, if so, let's talk about the mean time to fix
    >> >> security holes. Don't think you want to go there :-O
    >> >
    >> > This isn't a fix. It's a workaround.
    >> >
    >> > A fix isn't a workaround.
    >> >

    >> <snip>
    >>
    >> It is a temp fix.

    >
    > Sorry, we're going to have to disagree. "Don't turn your computer on" if a
    > workaround, not a fix.
    >
    > Likewise turning off an entire chunk of functionality (in this case,
    > absolutely everything to do with IDN)


    Well I guess I look at it differently. I prefer a temp fix over being
    vulnerable and yes even if it turns off a piece of functionality. Look at
    the alternative. Users of MS are going to be vulnerable for yet another
    week because they pulled the patch because of quality issues. Honestly, why
    not turn off the functionality that has the security hole, providing a temp
    fix. Then when the permanent fix arrives, install the patch which restores
    the functionality. That is doing it the rightway.

    >> My background is software too. And let's face it the more complex the
    >> code the higher the probability of flaws

    >
    > Software mantra: you can always reduce the size of the executable by one
    > machine code operand. There is always one more bug. Corollary: you can
    > reduce any piece of software down to one machine code operand. That
    > doesn't work :eek:)
    >
    > H1K
    Imhotep, Sep 13, 2005
    #9
  10. "Imhotep" <> wrote in message
    news:...
    > Hairy One Kenobi wrote:
    > > "Imhotep" <> wrote in message
    > > news:...
    > >> Hairy One Kenobi wrote:
    > >>
    > >> > "Imhotep" <> wrote in message
    > >> > news:...
    > >> >> Hairy One Kenobi wrote:
    > >> >
    > >> > <snip>
    > >> >
    > >> >> I believe this posting was to inform people about a bug and temp

    fix.
    > > So,
    > >> >> what is you point anyway? That it is a temp fix? Do you really want

    to
    > >> >> compare IE to Firefox, if so, let's talk about the mean time to fix
    > >> >> security holes. Don't think you want to go there :-O
    > >> >
    > >> > This isn't a fix. It's a workaround.
    > >> >
    > >> > A fix isn't a workaround.
    > >> >
    > >> <snip>
    > >>
    > >> It is a temp fix.

    > >
    > > Sorry, we're going to have to disagree. "Don't turn your computer on" if

    a
    > > workaround, not a fix.
    > >
    > > Likewise turning off an entire chunk of functionality (in this case,
    > > absolutely everything to do with IDN)

    >
    > Well I guess I look at it differently. I prefer a temp fix over being
    > vulnerable and yes even if it turns off a piece of functionality.


    I too prefer a workaround to *nothing*.

    But a workaround isn't a t-fix.

    Meaning no disrespect whatsoever, I do this shit for a living and can tell
    the difference between the two.

    There are undoubtedly cases where a t-fix doesn't involve a code change.
    Let's be generous and call it 1 in 500. A quick config hack is a
    /workaround/ that stops you experiencing a problems but (by definition) has
    potential impact to the running of your Production system.

    Let's take a specific example that (hopefully) is quite hard to refute: stop
    running Flight Trials software on a (random) aircraft if it causes it to
    fall out of the sky. This is a workaround, because you no longer gather
    flight trials data.

    Give it to a software engineer to work out why it caused the avionics
    lock-up, fix it, and patch the software so that you can run it - /that's/ a
    t-fix. Once it's passed full, safety-critical, QA then it becomes either a
    fix or an enhancement (depends upon the contract and acceptance rules)

    Are we now clear on this, or have I again somehow been obtuse?

    H1K
    Hairy One Kenobi, Sep 14, 2005
    #10
  11. Imhotep

    Imhotep Guest

    Hairy One Kenobi wrote:

    > "Imhotep" <> wrote in message
    > news:...
    >> Hairy One Kenobi wrote:
    >> > "Imhotep" <> wrote in message
    >> > news:...
    >> >> Hairy One Kenobi wrote:
    >> >>
    >> >> > "Imhotep" <> wrote in message
    >> >> > news:...
    >> >> >> Hairy One Kenobi wrote:
    >> >> >
    >> >> > <snip>
    >> >> >
    >> >> >> I believe this posting was to inform people about a bug and temp

    > fix.
    >> > So,
    >> >> >> what is you point anyway? That it is a temp fix? Do you really want

    > to
    >> >> >> compare IE to Firefox, if so, let's talk about the mean time to fix
    >> >> >> security holes. Don't think you want to go there :-O
    >> >> >
    >> >> > This isn't a fix. It's a workaround.
    >> >> >
    >> >> > A fix isn't a workaround.
    >> >> >
    >> >> <snip>
    >> >>
    >> >> It is a temp fix.
    >> >
    >> > Sorry, we're going to have to disagree. "Don't turn your computer on"
    >> > if

    > a
    >> > workaround, not a fix.
    >> >
    >> > Likewise turning off an entire chunk of functionality (in this case,
    >> > absolutely everything to do with IDN)

    >>
    >> Well I guess I look at it differently. I prefer a temp fix over being
    >> vulnerable and yes even if it turns off a piece of functionality.

    >
    > I too prefer a workaround to *nothing*.
    >
    > But a workaround isn't a t-fix.
    >
    > Meaning no disrespect whatsoever, I do this shit for a living and can tell
    > the difference between the two.
    >
    > There are undoubtedly cases where a t-fix doesn't involve a code change.
    > Let's be generous and call it 1 in 500. A quick config hack is a
    > /workaround/ that stops you experiencing a problems but (by definition)
    > has potential impact to the running of your Production system.
    >
    > Let's take a specific example that (hopefully) is quite hard to refute:
    > stop running Flight Trials software on a (random) aircraft if it causes it
    > to fall out of the sky. This is a workaround, because you no longer gather
    > flight trials data.
    >
    > Give it to a software engineer to work out why it caused the avionics
    > lock-up, fix it, and patch the software so that you can run it - /that's/
    > a t-fix. Once it's passed full, safety-critical, QA then it becomes either
    > a fix or an enhancement (depends upon the contract and acceptance rules)
    >
    > Are we now clear on this, or have I again somehow been obtuse?
    >
    > H1K



    Your example illustrates an absolute. This is not the case here. The
    software (firefox) is still usuable *even* with the fix. It is a temp fix,
    you are correct. However, it prevents people from being hacked while they
    are still able to use the product. Even better, from a users view, while
    using the product can you even tell that IDN has been disabled? Nope.

    This is a temp fix that I can live with. And as IE users are again
    vulnerable for another week, it is a lesson MS should learn from.

    Now, have my comments been perfectly lucid?

    Good. Now, let's keep on topic shall we?

    Im
    Imhotep, Sep 14, 2005
    #11
  12. Imhotep

    Jim Watt Guest

    On Tue, 13 Sep 2005 20:23:07 -0400, Imhotep <>
    wrote:

    >Now, have my comments been perfectly lucid?
    >
    >Good. Now, let's keep on topic shall we?


    I see you seem to insist on having the last word in every
    discussion, even if the words are worthless.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Sep 14, 2005
    #12
  13. "Imhotep" <> wrote in message
    news:...
    > Hairy One Kenobi wrote:


    <big snip>

    > >> >> > This isn't a fix. It's a workaround.
    > >> >> >
    > >> >> > A fix isn't a workaround.
    > >> >> >
    > >> >> <snip>
    > >> >>
    > >> >> It is a temp fix.


    > > I too prefer a workaround to *nothing*.
    > >
    > > But a workaround isn't a t-fix.
    > >
    > > Meaning no disrespect whatsoever, I do this shit for a living and can

    tell
    > > the difference between the two.


    > Your example illustrates an absolute. This is not the case here. The
    > software (firefox) is still usuable *even* with the fix. It is a temp fix,
    > you are correct. However, it prevents people from being hacked while they
    > are still able to use the product. Even better, from a users view, while
    > using the product can you even tell that IDN has been disabled? Nope.


    (Sigh) How many examples do you need, before you see what's right in front
    of you?

    And I *didn't* give an example of a t-fix, just a workaround. Stating that
    I've said the contrary doesn't make it so.

    USAian users will not notice any real differencs in IDN support, because
    most don't use it. I won't either, as I tend to only look at
    English-language sites.

    > Good. Now, let's keep on topic shall we?


    Chance would be a fine thing.. <_< Best bet is, before you post next to
    reread what you've written. Then remove any bigotry, and only /then/ post..
    saves all of this spinning.

    H1K
    Hairy One Kenobi, Sep 14, 2005
    #13
  14. Imhotep

    Imhotep Guest

    Jim Watt wrote:

    > On Tue, 13 Sep 2005 20:23:07 -0400, Imhotep <>
    > wrote:
    >
    >>Now, have my comments been perfectly lucid?
    >>
    >>Good. Now, let's keep on topic shall we?

    >
    > I see you seem to insist on having the last word in every
    > discussion, even if the words are worthless.
    > --
    > Jim Watt
    > http://www.gibnet.com


    Jim, wash you mouth it smells like ass...
    Imhotep, Sep 14, 2005
    #14
  15. Imhotep

    Imhotep Guest

    Hairy One Kenobi wrote:

    > "Imhotep" <> wrote in message
    > news:...
    >> Hairy One Kenobi wrote:

    >
    > <big snip>
    >
    >> >> >> > This isn't a fix. It's a workaround.
    >> >> >> >
    >> >> >> > A fix isn't a workaround.
    >> >> >> >
    >> >> >> <snip>
    >> >> >>
    >> >> >> It is a temp fix.

    >
    >> > I too prefer a workaround to *nothing*.
    >> >
    >> > But a workaround isn't a t-fix.
    >> >
    >> > Meaning no disrespect whatsoever, I do this shit for a living and can

    > tell
    >> > the difference between the two.

    >
    >> Your example illustrates an absolute. This is not the case here. The
    >> software (firefox) is still usuable *even* with the fix. It is a temp
    >> fix, you are correct. However, it prevents people from being hacked while
    >> they are still able to use the product. Even better, from a users view,
    >> while using the product can you even tell that IDN has been disabled?
    >> Nope.

    >
    > (Sigh) How many examples do you need, before you see what's right in front
    > of you?


    You are hung up the the word "temp fix" I am not. If you want to call it a
    "t-fix" or "work around" sure whatever. Frankly I really don't give a
    damn...

    What I do give a damn about is that a security hole was plugged quickly.
    Honestly, too many software vendors are leaving their users hanging when it
    comes to security. Too many people are getting ripped off by ID fraud, etc,
    etc. When a software company addresses the problem right away by providing
    a "t-fix"/"temp fix"/"work around"/"whatever-the-hell-you-want-to-call-it"
    then I am satisfied as the issue is *NOT* being ignored.

    Look at MS and IE. They backed out of a "critical" security patch leaving
    the IE users unprotected for another *MONTH*. Sorry but this is
    unacceptable to me. They at least could have released a "t-fix"/"temp
    fix"/"work around"/"whatever-the-hell-you-want-to-call-it" to protect
    theirs users until a perminate fix/patch is available.

    Why can you not see this very obvious point???????????????????????????

    > And I *didn't* give an example of a t-fix, just a workaround. Stating that
    > I've said the contrary doesn't make it so.
    >
    > USAian users will not notice any real differencs in IDN support, because
    > most don't use it. I won't either, as I tend to only look at
    > English-language sites.
    >
    >> Good. Now, let's keep on topic shall we?

    >
    > Chance would be a fine thing.. <_< Best bet is, before you post next to
    > reread what you've written. Then remove any bigotry, and only /then/
    > post.. saves all of this spinning.


    Bigotry? Do you even know what he hell the word means? Please illustate
    where I have said a bigoted statement! Do not waste my time with foolish BS
    either as I am rapidly loosing my patients with your dribble.

    > H1K
    Imhotep, Sep 14, 2005
    #15
  16. "Imhotep" <> wrote in message
    news:...
    > Hairy One Kenobi wrote:


    <snip>

    > > Chance would be a fine thing.. <_< Best bet is, before you post next to
    > > reread what you've written. Then remove any bigotry, and only /then/
    > > post.. saves all of this spinning.

    >
    > Bigotry? Do you even know what he hell the word means? Please illustate
    > where I have said a bigoted statement! Do not waste my time with foolish

    BS
    > either as I am rapidly loosing my patients with your dribble.


    No drool on *my* keyboard.. did you mean "drivel", perchance?

    bigot, n, a person who is predudiced in their views and intolerant of the
    opinions of others (Source - Concise OED)

    bigotry, n, demonstrating that fact... ;o)

    I'll just stick to the first page in Google for this very froup (for
    brevity)

    "Again, this was what java was all about. However, M$ did successfully
    sabotage it on Windows just for that reason."

    (Again concerning Java) "Kinda funny that is runs well in Linux, BSDs and
    Macs but, only Windows has a problem with it....hummmmm... "

    "Did you even read the paragraph??? The point was that MS intentional
    sabotaged Java because it threaten their marketing strategy... "

    "People have only been saying that Linux will be on the desktop for about
    three years (not talking about those lame "computer" magizines that are
    nothing more and a couple of "articles" and 9000 adds."

    "Even Gartner is saying that within 5 years Linux will be common place on
    the desktop."

    "In fact Linux growth is only slow in the US. "

    "Open Source has just recently become a big item."

    "I know MS, the last thing they want is software that IS NOT dependant on
    Windows. That IS a fact. This is how they make suckers of sooo many. " (I
    guess we skipped that whole DOS & XENIX thang, then? Mind you, OS/2
    <shudder>)

    [The BBC] "listened, rather than trying to push new laws or hardware (Like
    Microsoft and their partners)...."

    "Ah yes, the old use proprietary hardware and pass the cost to the your
    users...Personally, I'm not interested. " (only mentioned this one to see if
    you'll retort with "Intel isn't proprietory" ;o)

    "The registry was intentionally made overly complex as to force companies to
    become a "Microsoft partner"."

    "Ditching Microsoft would be a good start! If Linux/BSD is not your thing
    check out the Macs."

    "VMS was a stable reliable OS and, well, windows is just not and never has
    been.... " (not that I necessarily disagree too strongly with this one - I
    invariably find some excuse to reboot every few months. Although I genuinely
    can't remember why I rebooted the web server last July..?)

    "So, I challenge anyone to come up with a reasonable explanation on what you
    think Microsoft's motives are (if you do not believe me when I say they are
    benefiting from spammers)"

    (On the subject of spam) "Banning Windows is a thought."

    "Occasionally, I hear that out-of-touch argument about "not enough
    applications on linux/BSD/UNIX"..."

    "Just makes sense, as proprietary software is a trap"

    "When trying to understand Microsoft often one must look in the shadows for
    the truth"

    I've skipped the "intolerant" part - just look at any post where both you
    and Jim have posted <whistling>..

    By now, I've had /quite/ enough of reading this crap, as I'm sure everyone
    else has. At least they didn't have to wade through it twice.

    Feel free to post random news quotes - I can filter that mentally, rather
    than resort to the killfile. And a killfile is, by definition, against the
    very principle of Usenet. (This isn't some sort of cock-eyed threat, merely
    a comment, BTW)

    *Please* just follow the suggestion.. if it makes you feel better,
    substitute "FUD" for that three-syllable word.

    H1K

    P.S. Let's just recap on the actual topic of the thread. Two exploits. FF =
    turn off all IDN functionality; IE = turn off all ActiveX functionality.

    Apparently, one is a wonderfully responsive "temporary fix" that affects
    noone, while the other is the spam-sucking malicious deviation of a
    perverted ("prevert", if you're a Kubrick/Sellers fan) US corporation that
    is in on an evil consipracy to change all the hardware in the world, doesn't
    produce any products (none of which are, if ever written, stable), forces
    every user to become a /bone fide/ business partner (including Flight Sim
    users?) merely to access their software configuration. "Evil" being defined,
    of course, as anyone who maintains a trade secret. We can, of course,
    thoroughly believe the source, as he works for a 45-man company that has a
    turnover in excess of the entire IT industry of the sub-continent of India,
    was a VMS admin at the age of twelve (but hasn't used it since shortly after
    graduation), but has the saving grace that he helped to tidy-up the
    crappiest IP implementation in the history of computing. And likes *nix.

    Hmmm...

    P.P.S. By all means attempt to refute.. but, when doing so, please try to
    imagine someone the same age as yourself, sitting in front of two Dell 20"
    TFTs, with a dual-AMD under the desk and a variety of hardware in a room
    behind him (including two Solaris boxes and one RH machine) laughing his
    'nads off at your supposed logic and displaying an erect middle finger on
    his right hand.

    P.P.P.S. None of this would have been written if you'd just let everything
    slide. That's the thing about flame wars - someone gets burnt. Recommend
    (again!) that we both stop this here and now, and agree to go our own ways.


    P.P.P.P.S. I daresay the answer will be "fat chance" :eek:\

    P.P.P.P.P.S. Anyone know where I can buy shares in popcorn? :eek:D
    Hairy One Kenobi, Sep 15, 2005
    #16
  17. Imhotep

    Ant Guest

    "Hairy One Kenobi" wrote:

    > "Imhotep" wrote:
    >> [...] I am rapidly loosing my patients with your dribble.

    >
    > No drool on *my* keyboard.. did you mean "drivel", perchance?


    Looks like he's some kind of medical practitioner, and your spittle
    works as a fast acting laxative for his patients.
    Ant, Sep 15, 2005
    #17
  18. Imhotep

    Imhotep Guest

    Hairy One Kenobi wrote:

    > "Imhotep" <> wrote in message
    > news:...
    >> Hairy One Kenobi wrote:

    >
    > <snip>
    >
    >> > Chance would be a fine thing.. <_< Best bet is, before you post next to
    >> > reread what you've written. Then remove any bigotry, and only /then/
    >> > post.. saves all of this spinning.

    >>
    >> Bigotry? Do you even know what he hell the word means? Please illustate
    >> where I have said a bigoted statement! Do not waste my time with foolish

    > BS
    >> either as I am rapidly loosing my patients with your dribble.

    >
    > No drool on *my* keyboard.. did you mean "drivel", perchance?


    Nope drool...

    > bigot, n, a person who is predudiced in their views and intolerant of the
    > opinions of others (Source - Concise OED)
    >
    > bigotry, n, demonstrating that fact... ;o)
    >
    > I'll just stick to the first page in Google for this very froup (for
    > brevity)
    >
    > "Again, this was what java was all about. However, M$ did successfully
    > sabotage it on Windows just for that reason."
    >
    > (Again concerning Java) "Kinda funny that is runs well in Linux, BSDs and
    > Macs but, only Windows has a problem with it....hummmmm... "
    >
    > "Did you even read the paragraph??? The point was that MS intentional
    > sabotaged Java because it threaten their marketing strategy... "
    >
    > "People have only been saying that Linux will be on the desktop for about
    > three years (not talking about those lame "computer" magizines that are
    > nothing more and a couple of "articles" and 9000 adds."
    >
    > "Even Gartner is saying that within 5 years Linux will be common place on
    > the desktop."
    >
    > "In fact Linux growth is only slow in the US. "
    >
    > "Open Source has just recently become a big item."
    >
    > "I know MS, the last thing they want is software that IS NOT dependant on
    > Windows. That IS a fact. This is how they make suckers of sooo many. " (I
    > guess we skipped that whole DOS & XENIX thang, then? Mind you, OS/2
    > <shudder>)
    >
    > [The BBC] "listened, rather than trying to push new laws or hardware (Like
    > Microsoft and their partners)...."
    >
    > "Ah yes, the old use proprietary hardware and pass the cost to the your
    > users...Personally, I'm not interested. " (only mentioned this one to see
    > if you'll retort with "Intel isn't proprietory" ;o)
    >
    > "The registry was intentionally made overly complex as to force companies
    > to become a "Microsoft partner"."
    >
    > "Ditching Microsoft would be a good start! If Linux/BSD is not your thing
    > check out the Macs."
    >
    > "VMS was a stable reliable OS and, well, windows is just not and never has
    > been.... " (not that I necessarily disagree too strongly with this one - I
    > invariably find some excuse to reboot every few months. Although I
    > genuinely can't remember why I rebooted the web server last July..?)
    >
    > "So, I challenge anyone to come up with a reasonable explanation on what
    > you think Microsoft's motives are (if you do not believe me when I say
    > they are benefiting from spammers)"
    >
    > (On the subject of spam) "Banning Windows is a thought."
    >
    > "Occasionally, I hear that out-of-touch argument about "not enough
    > applications on linux/BSD/UNIX"..."
    >
    > "Just makes sense, as proprietary software is a trap"
    >
    > "When trying to understand Microsoft often one must look in the shadows
    > for the truth"


    Yup!

    > I've skipped the "intolerant" part - just look at any post where both you
    > and Jim have posted <whistling>..


    <yawning> whatever.

    > By now, I've had /quite/ enough of reading this crap, as I'm sure everyone
    > else has. At least they didn't have to wade through it twice.


    I was just thinking the same about you. You waste my time yet again....

    > Feel free to post random news quotes - I can filter that mentally, rather
    > than resort to the killfile. And a killfile is, by definition, against the
    > very principle of Usenet. (This isn't some sort of cock-eyed threat,
    > merely a comment, BTW)


    Do you think, even for a second, that I care what you do? Even for a second?

    > *Please* just follow the suggestion.. if it makes you feel better,
    > substitute "FUD" for that three-syllable word.


    Can say the same about you. You have wasted my time again, not even close to
    the original topic about the firefox bug. I have listen patiently to you
    many times more than I wanted to.

    Well, times up, I don't really care what you think about anything. Honestly
    I think your nothing more than a fruitloop with too much time on your
    hands. Your replies are all over the place and at time barely make sense.

    So, in short, whatever...

    > H1K
    >

    <snip yet more mindless crap>

    Hint: refill your bottle of lithium...
    Imhotep, Sep 15, 2005
    #18
  19. Imhotep

    Winged Guest

    Hairy One Kenobi wrote:
    > "Imhotep" <> wrote in message
    > news:...
    >
    >>Hairy One Kenobi wrote:

    >
    >
    > <snip>
    >
    >>>Chance would be a fine thing.. <_< Best bet is, before you post next to
    >>>reread what you've written. Then remove any bigotry, and only /then/
    >>>post.. saves all of this spinning.

    >>
    >>Bigotry? Do you even know what he hell the word means? Please illustate
    >>where I have said a bigoted statement! Do not waste my time with foolish

    >
    > BS
    >
    >>either as I am rapidly loosing my patients with your dribble.

    >
    >
    > No drool on *my* keyboard.. did you mean "drivel", perchance?
    >
    > bigot, n, a person who is predudiced in their views and intolerant of the
    > opinions of others (Source - Concise OED)
    >
    > bigotry, n, demonstrating that fact... ;o)
    >
    > I'll just stick to the first page in Google for this very froup (for
    > brevity)
    >
    > "Again, this was what java was all about. However, M$ did successfully
    > sabotage it on Windows just for that reason."
    >
    > (Again concerning Java) "Kinda funny that is runs well in Linux, BSDs and
    > Macs but, only Windows has a problem with it....hummmmm... "
    >
    > "Did you even read the paragraph??? The point was that MS intentional
    > sabotaged Java because it threaten their marketing strategy... "
    >
    > "People have only been saying that Linux will be on the desktop for about
    > three years (not talking about those lame "computer" magizines that are
    > nothing more and a couple of "articles" and 9000 adds."
    >
    > "Even Gartner is saying that within 5 years Linux will be common place on
    > the desktop."
    >
    > "In fact Linux growth is only slow in the US. "
    >
    > "Open Source has just recently become a big item."
    >
    > "I know MS, the last thing they want is software that IS NOT dependant on
    > Windows. That IS a fact. This is how they make suckers of sooo many. " (I
    > guess we skipped that whole DOS & XENIX thang, then? Mind you, OS/2
    > <shudder>)
    >
    > [The BBC] "listened, rather than trying to push new laws or hardware (Like
    > Microsoft and their partners)...."
    >
    > "Ah yes, the old use proprietary hardware and pass the cost to the your
    > users...Personally, I'm not interested. " (only mentioned this one to see if
    > you'll retort with "Intel isn't proprietory" ;o)
    >
    > "The registry was intentionally made overly complex as to force companies to
    > become a "Microsoft partner"."
    >
    > "Ditching Microsoft would be a good start! If Linux/BSD is not your thing
    > check out the Macs."
    >
    > "VMS was a stable reliable OS and, well, windows is just not and never has
    > been.... " (not that I necessarily disagree too strongly with this one - I
    > invariably find some excuse to reboot every few months. Although I genuinely
    > can't remember why I rebooted the web server last July..?)
    >
    > "So, I challenge anyone to come up with a reasonable explanation on what you
    > think Microsoft's motives are (if you do not believe me when I say they are
    > benefiting from spammers)"
    >
    > (On the subject of spam) "Banning Windows is a thought."
    >
    > "Occasionally, I hear that out-of-touch argument about "not enough
    > applications on linux/BSD/UNIX"..."
    >
    > "Just makes sense, as proprietary software is a trap"
    >
    > "When trying to understand Microsoft often one must look in the shadows for
    > the truth"
    >
    > I've skipped the "intolerant" part - just look at any post where both you
    > and Jim have posted <whistling>..
    >
    > By now, I've had /quite/ enough of reading this crap, as I'm sure everyone
    > else has. At least they didn't have to wade through it twice.
    >
    > Feel free to post random news quotes - I can filter that mentally, rather
    > than resort to the killfile. And a killfile is, by definition, against the
    > very principle of Usenet. (This isn't some sort of cock-eyed threat, merely
    > a comment, BTW)
    >
    > *Please* just follow the suggestion.. if it makes you feel better,
    > substitute "FUD" for that three-syllable word.
    >
    > H1K
    >
    > P.S. Let's just recap on the actual topic of the thread. Two exploits. FF =
    > turn off all IDN functionality; IE = turn off all ActiveX functionality.
    >
    > Apparently, one is a wonderfully responsive "temporary fix" that affects
    > noone, while the other is the spam-sucking malicious deviation of a
    > perverted ("prevert", if you're a Kubrick/Sellers fan) US corporation that
    > is in on an evil consipracy to change all the hardware in the world, doesn't
    > produce any products (none of which are, if ever written, stable), forces
    > every user to become a /bone fide/ business partner (including Flight Sim
    > users?) merely to access their software configuration. "Evil" being defined,
    > of course, as anyone who maintains a trade secret. We can, of course,
    > thoroughly believe the source, as he works for a 45-man company that has a
    > turnover in excess of the entire IT industry of the sub-continent of India,
    > was a VMS admin at the age of twelve (but hasn't used it since shortly after
    > graduation), but has the saving grace that he helped to tidy-up the
    > crappiest IP implementation in the history of computing. And likes *nix.
    >
    > Hmmm...
    >
    > P.P.S. By all means attempt to refute.. but, when doing so, please try to
    > imagine someone the same age as yourself, sitting in front of two Dell 20"
    > TFTs, with a dual-AMD under the desk and a variety of hardware in a room
    > behind him (including two Solaris boxes and one RH machine) laughing his
    > 'nads off at your supposed logic and displaying an erect middle finger on
    > his right hand.
    >
    > P.P.P.S. None of this would have been written if you'd just let everything
    > slide. That's the thing about flame wars - someone gets burnt. Recommend
    > (again!) that we both stop this here and now, and agree to go our own ways.
    >
    >
    > P.P.P.P.S. I daresay the answer will be "fat chance" :eek:\
    >
    > P.P.P.P.P.S. Anyone know where I can buy shares in popcorn? :eek:D
    >
    >

    Actually, The purpose of business is to make money. What better way to
    make money than to force users to upgrade every couple years. It is a
    different model that HP or any of the other commercial OS vendors use,
    but the bottom line is the purpose of making money for the stockholders
    of the corporation. Did you ever see what the yearly usage fees being
    charged for VMS or HPUX? I have seen articles how MS is wanting to go
    to the lease model, because they can make more money, but they are
    afraid of revolt...

    Winged
    Winged, Sep 15, 2005
    #19
  20. "Winged" <> wrote in message
    news:cd685$4328edd2$18d6dabf$...
    > Hairy One Kenobi wrote:


    > Actually, The purpose of business is to make money. What better way to
    > make money than to force users to upgrade every couple years. It is a
    > different model that HP or any of the other commercial OS vendors use,
    > but the bottom line is the purpose of making money for the stockholders
    > of the corporation. Did you ever see what the yearly usage fees being
    > charged for VMS or HPUX? I have seen articles how MS is wanting to go
    > to the lease model, because they can make more money, but they are
    > afraid of revolt...


    Too right I did - and the cost of the hardware in the first place. Thing is,
    at the time, they still looked cheap, when compared to the opposition.

    Things got even better when Sun joined the fray..

    TBH, MS already has leasing deals (things like the Small Business specials -
    top of my head, it's SBS, 10 XP, 10 Office licenses, GBP 200 per annum.
    Could be wrong - I don't use it). Ditto MSDN.

    CA is an example of a company that relies on the leasing model - the
    difference there is that the software clearly sits on top of someone else's
    platform - for an OS vendor to start leasing, the whole OEM thing goes
    pretty much out of the window (pun not intended). As you say, bad news for
    monopolistic MS - at least in the short term.

    Longer term, it's hard to tell - typical Industry S&M comes in at between 15
    and 21% of purchase price, so it's an interesting balance between lease
    price, purchase price (and what you could have done with the cash), and
    ongoing maintenance. Nothing's simple :eek:)

    As techies, I assume that none of us are paying support fees for our own
    personal gear, but I would suspect that the companies that we work for
    generally /do/ have a support contract in place. To help with those "WTF"
    moments (a friend has just hit this with QuickBooks - an eBay retailer, he
    just hit the 14,500 absolute customer limit. This is a complete show-stopper
    for his entire business...)

    Interestingly, this whole web activation thing - now adopted by all and
    sundry - makes the perfect base point for MS to introduce a leasing model;
    the downside is, of course, that no corporation in their right mind is going
    to free-up their desktops to that extent, or provide that type of
    bi-directional link. So we're back to the retail vs. business argument.

    As goes my own company - we've had web activation for years, and have
    offered leasing packages for years. Most customers still opt to purchase.
    Maybe it's just the market segment we're in, because when it comes to the
    development platforms, most corporates prefer to use us for PS work.

    H1K
    Hairy One Kenobi, Sep 15, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Verizon User

    Any fix on the FF/touchpad scroll bug?

    Verizon User, Apr 25, 2005, in forum: Firefox
    Replies:
    3
    Views:
    4,828
    Dene Charlesworth
    Apr 26, 2005
  2. janet_princess_2k
    Replies:
    0
    Views:
    483
    janet_princess_2k
    Aug 9, 2006
  3. A bug catalogue for bug lovers!

    , Sep 16, 2005, in forum: Digital Photography
    Replies:
    4
    Views:
    524
  4. mdew
    Replies:
    1
    Views:
    621
    Lennier
    Nov 21, 2003
  5. Peter Potamus the Purple Hippo

    Re: Fx 3.01: "Manage Search Engines..." link bug and quick fix

    Peter Potamus the Purple Hippo, Aug 14, 2008, in forum: Firefox
    Replies:
    1
    Views:
    889
    Lou Briccant
    Aug 14, 2008
Loading...

Share This Page