| |
| I am a hacker and you are afraid and that makes you more dangerous than I ever could be. |
|
FastTrack Protocol Details |
|
|
|---|
| Topic: Technology |
2:02 pm EDT, Apr 15, 2007 |
This document attempts to describe what's currently known of the FastTrack protocol.
Storing this for later... FastTrack Protocol Details |
|
Microsoft: Word 2007 crashes aren't a bug, they're a feature |
|
|
|---|
| Topic: Technology |
9:44 am EDT, Apr 14, 2007 |
When asked to clarify that statement, she acknowledged Microsoft won't classify the flaws as security problems. Rather, the behavior of Word 2007 is a feature, not a bug. "In fact, the behavior observed in Microsoft Word 2007 in this instance is a by-design behavior that improves security and stability by exiting Microsoft Word when it has run out of options to try and reliably display a malformed Word document," the spokeswoman said.
... [sigh]... [deep breath]... ITS F#@&ING INPUT VALIDATION! [Smack] WHERE's MY MONEY? [smack] Your first problem is to continue rendering something you know is corrupted! Recovery is different from rendering. At first error, the program should stop rendering, shell the file out to a external recovery program which attempts to extract valid data structures and chunks. Any recovered data should be written to a new file and loaded into Word. Worst case is the recovery program crashes, in which case you don't lose Word. She went on to suggest that it is no big deal if Word 2007 did crash under those circumstances, a scenario that could lead to the loss of any unsaved data. "The sample code in [Aharoni's] postings cause Microsoft Word to crash, and users can restart the application to resume normal operations."
And users can just reboot the box when a blue screen happens, so I guess thats not a DoS either. Jackass. I'm really surprised the MSRC made an official statement that is to utterly retarded. One things for sure: Kymberlee Price wouldn't have tried to pull this crap. She respects the security community too much to try and keep a straight face when saying something as fucked up as "a crash isn't a DoS." I think Frank Hayes of Computer World says it best: If your application code is in control, it can gracefully reject bad input. If your app code ISN'T in control, you crash. You're already owned. This suicide-before-capture approach isn't "by-design" behavior. It's lack-of-design behavior. And a "code guru" of any kind who thinks that's not a security and stability problem that needs fixing doesn't belong in this business.
Microsoft: Word 2007 crashes aren't a bug, they're a feature |
|
O'Reilly Radar > Call for a Blogger's Code of Conduct |
|
|
|---|
| Topic: Society |
11:12 am EDT, Apr 10, 2007 |
Take responsibility for your actions? Ignore people who are mean? Come up with a ratings system of the vulgarity you wish to have? Are you fucking kidding me? We have smart and interesting people wasting time on this bullshit? Making a code of conduct for blogs? Ok people, its time to let go of mommy's apron now. Seriously, This is crazy. Having listened to Tim O'Reilly speak in person at a few conferences, I'm amazed a man who has such vision is wasting time trying to setting up meaningless guidelines about how to play nice. That's like John Nash teaching long division to 4th graders. "As discussed at a brain storm at Etech..."
Damn, you dragging other smart people into this asinine discussion? I'm still corresponding with people I met at ETech from more than 2 years ago. And the discussions I had there and the people I talked with gave me ideas still percolating in the back of my head. Anyone who attends ETech only to get drawn into a discussion about flame wars should be shot. And that is what we are dealing with here! We are talking about trying to control/limit flame wars for god sakes. And that's fucking stupid. HTTP:// is no different from news:, and your self-important "geek chic" XHTML 1.1 compliant W3C verified liquid CSS blog doesn't change that. This is a heartbreaking waste of time and a complete fool's errand. O'Reilly Radar > Call for a Blogger's Code of Conduct |
|
Fuck test driven development |
|
|
|---|
| Topic: Technology |
3:21 pm EDT, Apr 9, 2007 |
Fuck test driven development |
|
Saturday Night Science: Drink 5 |
|
|
|---|
| Topic: Miscellaneous |
12:22 am EDT, Apr 8, 2007 |
no. more. triple sec. |
|
Saturday Night Science: Drink 4 |
|
|
|---|
| Topic: Science |
10:47 pm EDT, Apr 7, 2007 |
3/4 shot peach vodka.
3/4 shot peach schnapps
1/2 shot triple sec
fill with OJ
splash of grenadine So so tasty... Its a tie between #3 and #4. I want to cook brownies, but I don't know if I should operate a stove right now. but its really hard to burn down the apartment with an electric over. Hmmmmm... |
|
Saturday Night Science: Drink 3 |
|
|
|---|
| Topic: Miscellaneous |
10:11 pm EDT, Apr 7, 2007 |
1/2 shot peach vodka.
1 shot peach schnapps
1 shot triple sec
fill with OJ
splash of grenadine I think we might have a winner. Smooth, yet very tasted. My cat Butterscotch keeps trying to lick my wine glass. I don't have the will to fight him off... |
|
