Vox Barb, I'm not quite sure I know what the hell you're saying (but I think you took charm lessons from some of the guys in AO).
Yes, "reality counts".
pscates, well, i took my lessons
Sometimes i don't understand what i am talking either, - words just appear and i pick them up. Afterward i am sometimes just picking up the pieces - then, anyway, - you've probably got the pic.
Well deep in my heart (oh well that sounds horribly overacting) i am with you, i pretty much share all your opinion. And, well, the smarter ones will eventually realize that windows is just another great rock an' roll swindle.
On the other hand i am pretty much settled with the state, that i belong to the mere 2% mac user in my country - or perhaps worldwide? It is just fine for me, i am not scared about that. Apple rocks, X just blows me, daily use is just a pleasure. Most windows users (those i know personaly) think similar. But they almost always come up with the one and only question: "Ah, an apple computer, looks great, works great, but pricey, no?"
And i almost always state: "Ah, well, pricey, yes, but in the long run, anyway ... everything to your likeing. "
Ok, straight back to topic: If this (code leaking) is the beginning of the end of windows reputation in the IT world, than what? ITpeople would rather migrate to linux. And Joe Doe wouldn't care about at all.
with the masses come the asses - viruses - scripts and so on, unix is less suseptable to these things but what about apple-script? what could malisious people do with that (a hammer can build a home or break a scull)?
Well, you have to get people to run it first: I don't think mail.app is as keen to run attached code/scripts as Outlook has been. Also, you'd probably have to escalate your malware's privileges to do major damage, as normal users don't have root priviliges all the time.
i would love for this to be great news, but i got a feeling its going to be over quick, or worse, may turn out positively for the evil empire. whichever miscreants make the viruses are going to do so in a matter of days, people will notice, and the viruses will get fixed. possibly a surge of viral power, but not more than general humanity can handle. it's not like the international viral community can simultaneously notice every hole in w2k and release the mass of virii at the same time. eventually, these evil programmers will find all the holes in windows, and ms (probably months and months after) will patch the holes. but, having brought them to ms' attention means ms knows about it. ie, they can patch 2k3, me, and whatever other crappy versions they have which might share the same holes. this damned involuntary opensourcedness may turn out to be a good thing for ms in the long run. maybe they'll learn from it. maybe ms will realize and accept one of the greatest benefits of open source software: everyone can help find the bugs. i got a feeling they'd use the benefit of oss, but turn around and go back to their obfuscation techniques.
I was thinking along the same lines. Another bad thing for Microsoft though might be that people can have insight now into some programming techniques Microsoft uses and use those techniques for their own programs. On the other hand, if any of the Windows source code would turn up in open source software, Microsoft can and will take proper actions, thereby probably not missing the chance to make open source software look bad (stealing code).
the first exploit based off of the stolen code has been found. this involves looking at a .bmp file in IE5 and having the other person able to execute and code they'd like.
who wants to bet this isn't the worst or last one we see?
Looks like this could be a positive surprise for MS. If this article is right then the code quality of Windows isn´t really as bad as some think. Some of the shit comes from problems very hard to avoid when you have the most popular OS (Introducing hacks as replacements for bugs other applications were using. Imagine having to take into account stuff like that. )
But of course your code can be elegant while the result sucks
the first exploit based off of the stolen code has been found. this involves looking at a .bmp file in IE5 and having the other person able to execute and code they'd like.
who wants to bet this isn't the worst or last one we see?
Oh god. A bitmap codec IN THE KERNEL. Oh the humanity.
If there was ever a reason not to use Windows, it is that.
What this leak may do is have some I.T. types reconsider a migration to Longhorn and Trustworthy Computing. A simple risk assessment might have them consider that Linux, Darwin (FreeBSD), etc. have source code (all of it) out there, and nothing untoward has occured. And at that point, the case for choosing anything but M$ becomes much stronger.
Would you leave your money in a bank that is constantly robbed and embroiled in Enron-like scandals?
Security is design and implementation. One of the most secure OS' on the planet, OpenBSD, is open source. It's secure because it's designed to be, because the open code makes finding and fixing flaws much easier, and because the maintainers are careful and deliberate to a degree that most commercial vendors(including Apple) would not tolerate. Ditto FreeBSD.
The release of Windows code is troubling because Windows is full of holes. Some of those holes are buried so deep in the OS that they're not something MS could just patch - if someone found a way to exploit Windows Messaging, that would be the end of Windows. They'd have to start over, literally, because the whole legacy of Windows applications depends on its fundamentally insecure behavior. Fixing it would break the whole thing.
Microsoft might be just about to find out exactly how worthless security though obscurity is. Unfortunately, millions of innocent people might end up paying dearly for their mistakes.
What's Windows Messaging?
Security through Obscurity? Sounds like what PC advocates claim the Mac uses.
Windows Messaging is an API used by Windows and it's applications to interoperate. It is also fundamentally insecure. For instance, any application running on your computer can record what other applications are doing. All the fancy passwords and permissions count for nothing when any one application can record what any other application is doing.
To what detail this recording can go? Could not be done in OS X or Linux?
Mac OS X and Linux have a good permissions system. Something running as one user cannot exceed their privilages by hijacking another application running as a different user. Of course, any trojan that infects your computer can wreak havoc inside your user space... maybe it could even hijack your applications that are currently running, but I'm not much of a programmer (or at least knowledgable to know either way).
In Windows, it's not just copying data from other applications. It's hijacking them to run arbitary code as that application. On Mac OS X, there is no way (known, although there was a vulnerability of this kind in Terminal.app a while ago) to do this, so any Mac OS X virus would find it difficult to do anything major like erase your hard drive.
Comments
Originally posted by pscates
Vox Barb, I'm not quite sure I know what the hell you're saying (but I think you took charm lessons from some of the guys in AO).
Yes, "reality counts".
pscates, well, i took my lessons
Sometimes i don't understand what i am talking either, - words just appear and i pick them up. Afterward i am sometimes just picking up the pieces
Well deep in my heart (oh well that sounds horribly overacting
On the other hand i am pretty much settled with the state, that i belong to the mere 2% mac user in my country - or perhaps worldwide? It is just fine for me, i am not scared about that. Apple rocks, X just blows me, daily use is just a pleasure. Most windows users (those i know personaly) think similar. But they almost always come up with the one and only question: "Ah, an apple computer, looks great, works great, but pricey, no?"
And i almost always state: "Ah, well, pricey, yes, but in the long run, anyway ... everything to your likeing. "
Ok, straight back to topic: If this (code leaking) is the beginning of the end of windows reputation in the IT world, than what? ITpeople would rather migrate to linux. And Joe Doe wouldn't care about at all.
my2c
best
>_>... you are such a worm in AI... <_<
with the masses come the asses - viruses - scripts and so on, unix is less suseptable to these things but what about apple-script? what could malisious people do with that (a hammer can build a home or break a scull)?
Well, you have to get people to run it first: I don't think mail.app is as keen to run attached code/scripts as Outlook has been. Also, you'd probably have to escalate your malware's privileges to do major damage, as normal users don't have root priviliges all the time.
Originally posted by thuh Freak
i would love for this to be great news, but i got a feeling its going to be over quick, or worse, may turn out positively for the evil empire. whichever miscreants make the viruses are going to do so in a matter of days, people will notice, and the viruses will get fixed. possibly a surge of viral power, but not more than general humanity can handle. it's not like the international viral community can simultaneously notice every hole in w2k and release the mass of virii at the same time. eventually, these evil programmers will find all the holes in windows, and ms (probably months and months after) will patch the holes. but, having brought them to ms' attention means ms knows about it. ie, they can patch 2k3, me, and whatever other crappy versions they have which might share the same holes. this damned involuntary opensourcedness may turn out to be a good thing for ms in the long run. maybe they'll learn from it. maybe ms will realize and accept one of the greatest benefits of open source software: everyone can help find the bugs. i got a feeling they'd use the benefit of oss, but turn around and go back to their obfuscation techniques.
I was thinking along the same lines. Another bad thing for Microsoft though might be that people can have insight now into some programming techniques Microsoft uses and use those techniques for their own programs. On the other hand, if any of the Windows source code would turn up in open source software, Microsoft can and will take proper actions, thereby probably not missing the chance to make open source software look bad (stealing code).
the first exploit based off of the stolen code has been found. this involves looking at a .bmp file in IE5 and having the other person able to execute and code they'd like.
who wants to bet this isn't the worst or last one we see?
Looks like this could be a positive surprise for MS. If this article is right then the code quality of Windows isn´t really as bad as some think. Some of the shit comes from problems very hard to avoid when you have the most popular OS (Introducing hacks as replacements for bugs other applications were using. Imagine having to take into account stuff like that.
But of course your code can be elegant while the result sucks
Originally posted by alcimedes
well, it took all of one weekend.
the first exploit based off of the stolen code has been found. this involves looking at a .bmp file in IE5 and having the other person able to execute and code they'd like.
who wants to bet this isn't the worst or last one we see?
Oh god. A bitmap codec IN THE KERNEL. Oh the humanity.
If there was ever a reason not to use Windows, it is that.
Barto
Originally posted by Anders
http://www.kuro5hin.org/story/2004/2/15/71552/7795
Oh man, those comments are hilarious!
private\
tos\\w32\
tuser\\client\
t6\\user.h:
* The magnitude of this hack compares favorably with that of the national debt.
private\\shell\\ext\\tweakui\\genthunk.c:
* CallProc32W is insane. It's a variadic function that uses
* the pascal calling convention. (It probably makes more sense
* when you're stoned.)
Screed
Arrgh!
procedures generally fit on a single screen.
WEAK!
(edit: I am King of the hundred line function.
Would you leave your money in a bank that is constantly robbed and embroiled in Enron-like scandals?
BOOL ShouldWeShowTheStartButtonBalloon()
{
DWORD dwType;
DWORD dwData = 0;
DWORD cbSize = sizeof(DWORD);
SHGetValue(HKEY_CURRENT_USER, REGSTR_EXPLORER_ADVANCED,
TEXT("StartButtonBalloonTip"), &dwType, (BYTE*)&dwData, &cbSize);
return (dwData == 0); // if StartButtonBalloonTip == 1, don't show
}
Originally posted by Crusader
Wow, this could be devastating. I have faith in M$ however...
.
/* Source Code to Windows 2000 */
#include "win31.h"
#include "win95.h"
#include "win98.h"
#include "workst~1.h"
#include "evenmore.h"
#include "oldstuff.h"
#include "billrulz.h"
#include "monopoly.h"
#define INSTALL = HARD
char make_prog_look_big[160000];
void main()
{
while(!CRASHED)
{
display_copyright_message();
display_bill_rules_message();
do_nothing_loop();
if (first_time_installation)
{
make_50_megabyte_swapfile();
do_nothing_loop();
totally_screw_up_HPFS_file_system();
search_and_destroy_the_rest_of_OS/2();
make_futile_attempt_to_damage_Linux();
disable_Netscape();
disable_RealPlayer();
disable_Lotus_Products();
hang_system();
}
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();
if (still_not_crashed)
{
display_copyright_message();
do_nothing_loop();
basically_run_windows_3.1();
do_nothing_loop();
do_nothing_loop();
}
}
if (detect_cache())
disable_cache();
if (fast_cpu())
{
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
}
/* printf("Welcome to Windows 3.1"); */
/* printf("Welcome to Windows 3.11"); */
/* printf("Welcome to Windows 95"); */
/* printf("Welcome to Windows NT 3.0"); */
/* printf("Welcome to Windows 98"); */
/* printf("Welcome to Windows NT 4.0"); */
printf("Welcome to Windows 2000");
if (system_ok())
crash(to_dos_prompt)
else
system_memory = open("a:swp0001.swp", O_CREATE);
while(something)
{
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
}
create_general_protection_fault();
}
Found it on xvsxp, comment from fark.com
Originally posted by Amorph
Security is design and implementation. One of the most secure OS' on the planet, OpenBSD, is open source. It's secure because it's designed to be, because the open code makes finding and fixing flaws much easier, and because the maintainers are careful and deliberate to a degree that most commercial vendors(including Apple) would not tolerate. Ditto FreeBSD.
The release of Windows code is troubling because Windows is full of holes. Some of those holes are buried so deep in the OS that they're not something MS could just patch - if someone found a way to exploit Windows Messaging, that would be the end of Windows. They'd have to start over, literally, because the whole legacy of Windows applications depends on its fundamentally insecure behavior. Fixing it would break the whole thing.
Microsoft might be just about to find out exactly how worthless security though obscurity is. Unfortunately, millions of innocent people might end up paying dearly for their mistakes.
What's Windows Messaging?
Security through Obscurity? Sounds like what PC advocates claim the Mac uses.
Barto
Originally posted by Barto
For instance, any application running on your computer can record what other applications are doing.
To what detail this recording can go? Could not be done in OS X or Linux?
Originally posted by PB
To what detail this recording can go? Could not be done in OS X or Linux?
Mac OS X and Linux have a good permissions system. Something running as one user cannot exceed their privilages by hijacking another application running as a different user. Of course, any trojan that infects your computer can wreak havoc inside your user space... maybe it could even hijack your applications that are currently running, but I'm not much of a programmer (or at least knowledgable to know either way).
In Windows, it's not just copying data from other applications. It's hijacking them to run arbitary code as that application. On Mac OS X, there is no way (known, although there was a vulnerability of this kind in Terminal.app a while ago) to do this, so any Mac OS X virus would find it difficult to do anything major like erase your hard drive.
Barto