So, Microsoft isn't going to bother fixing the security holes in their products, just break the HTTP protocol.

http://www.theregister.co.uk/content/55/35253.html

This really ****s me off.

Correct me if I'm wrong, but hasnt this (the '@' trick to 'hide' urls) been around for years?

------------------
Snail racing: (500 posts per line)
-------------@%

DSettahr's Homepage

It's been around for who knows how long, and Microsoft is just now doing something about it. How sad.

What's even more sad is that they are going to disable it. If they do, they dam better have an option to turn it back on, or I will never use IE again (Not that I use it much now).

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...

It's not the user@host thing that's the problem. It's a specific problem where you can use that to spoof the ENTIRE url. It's a severe bug in their browser. It came up two months ago. It would be like using user@host/file.html and if you type it just so, you can make it just print "http://www.ebay.com/" in the URL bar. Way different than simply putting a URL in the "user" section and making it LOOK like a real address.

Thats fine, let them change it. It doesnt affect me in the slightest.

------------------
The future is here, and all bets are off.

There is one workaround not listed on the Microsoft support ariticle.... Dont use IE!

------------------
The future is here, and all bets are off.

DING DING!

------------------
"Honey, you got real ugly."

I just switched to Linux full time and my favorite browser came with me http://www.opera.com/

The 20 bucks I spent on it was well worth it!

Well, at least you got one thing right...

What distro?

------------------
The future is here, and all bets are off.

Hey Microsoft! I've got two words for ya: f*** u.

------------------
Madquack and Firbnic have a signature.
*Remnant Temple beta almost done*
Light And Darkness

How easy is it to get into Linux? Since abandoning everything MS apart from Office and Windows (\Hugs Opera) I've been considering looking at Linux.

I'm fairly computer literate, though not quite to the standard of building machines and all that, is it a mare to get off the ground?

------------------
If at first you don't succeed, lower your standards.

Linux is good, except I have no use for it. And IE? I can't get anything else to work. They all freeze.

------------------
The Earth is the cradle of the mind, but one cannot stay in the cradle forever.
-- Konstantin Tsiolkovsky, The Father of Rocketry

You do not need M$ Offi$e ever again.

Get Abiword. Or failing that, OpenOffice. That is all.

------------------
[Blue Mink Bifocals !] [fsck -Rf /world/usr/] [<!-- kalimonster -->] [Capite Terram]
"You'll have to face it, the endings are the same however you slice it. Don't be deluded by any other endings, they're all fake, with malicious intent to deceive, or just motivated by excessive optimism if not by downright sentimentality. The only authentic ending is the one provided here: John and Mary die. John and Mary die. John and Mary die." -Happy Endings [Margeret Atwood]
NPC.Interact::PressButton($'Submit');

The only thing Linux doesn't have is Powerpoint. Abiword is a good Linux or Windows alternative. It's only a few megs, works perfectly(for me) and is free. Better than Word imo.

------------------
There is no signature

Though then again the vast majority of what i do text wise is either plain text or html. I've turned in term essays i did in html. Or i can type it all up as plain-text then dump it into a word processor for formatting and printing..

------------------
[Blue Mink Bifocals !] [fsck -Rf /world/usr/] [<!-- kalimonster -->] [Capite Terram]
"You'll have to face it, the endings are the same however you slice it. Don't be deluded by any other endings, they're all fake, with malicious intent to deceive, or just motivated by excessive optimism if not by downright sentimentality. The only authentic ending is the one provided here: John and Mary die. John and Mary die. John and Mary die." -Happy Endings [Margeret Atwood]
NPC.Interact::PressButton($'Submit');

Abiword sucks noodles. I prefer KWord...



Linux is alot of hard work. Everything can be tweaked to to perfection, to suit your every need, but it does take effort. There are *ALOT* of options, apps, environments and possible configurations out there, and finding one that works for you can take some time. If you lack patience, Linux is not for you. But if you desire control, flexability, and security, go for it. Post any questions you may have here, but not before giving them the Google treatment.



...WTF?


I can name 2 just off the top of my head, KPresenter (Part of the KOffice suite) and Impress (Part of the OpenOffice suite). I know there are others.

------------------
The future is here, and all bets are off.

Linux is seeming better and better. I am really thinking about getting it or at least getting another comp that does. The one major problem with it seems to be that it will limit my gaming capability a HUGE amount.

------------------
When you expect the pain - nothing left to ascertain
When you respect the lie - Deadly chasm open wide
---Circle of Dust "Chasm"

All I'm saying is it doesn't have POWERPOINT, which is important for one reason: for student it's used mainly for presentations, and if you can't use your own computer these presentations require powerpoint. I knew there were programs LIKE Powerpoint...yah.


POST 256!!
------------------
There is no signature

[This message has been edited by Dj Yoshi (edited January 30, 2004).]

In Win32, Editplus2 >>> *
In Linux, Bluefish >>> *
That is all.

------------------
[Blue Mink Bifocals !] [fsck -Rf /world/usr/] [<!-- kalimonster -->] [Capite Terram]
"You'll have to face it, the endings are the same however you slice it. Don't be deluded by any other endings, they're all fake, with malicious intent to deceive, or just motivated by excessive optimism if not by downright sentimentality. The only authentic ending is the one provided here: John and Mary die. John and Mary die. John and Mary die." -Happy Endings [Margeret Atwood]
NPC.Interact::PressButton($'Submit');

I noticed something before on AOL Instant Messenger. I did the hyperlink thing, where I typed in http://www.aol.com, but instead of that, the text read MSN.com and if you clicked it, it took you to the AOL website. If you wanted to, type in a random CNN address, and have ot link to say that You are an idiot flash thing.

------------------
I can't think of anything to put here right now.

In windows, EditPlus costs money, Crimson Editor does not.

------------------
Ω of 14

Crimson Editor does appear to be quite sexy.. however it is lacking several features i rather approved of in editplus.

1; can't seem to get the document tabs at the bottom of the window.
2; can't close tabs with middle mouse button
3; can't dump a binary file in there and upload it via ftp as binary. i used to do this all the time with editplus, open an image in the window as the binary garbage and just upload it as a binary document.

------------------
[Blue Mink Bifocals !] [fsck -Rf /world/usr/] [<!-- kalimonster -->] [Capite Terram]
"You'll have to face it, the endings are the same however you slice it. Don't be deluded by any other endings, they're all fake, with malicious intent to deceive, or just motivated by excessive optimism if not by downright sentimentality. The only authentic ending is the one provided here: John and Mary die. John and Mary die. John and Mary die." -Happy Endings [Margeret Atwood]
NPC.Interact::PressButton($'Submit');

Cheers GBK, I'll do that (I'm seeing you as something of a champion of Linux )

I'll look into this Abiwork and Kword stuff too - especially seeing as they're free!

------------------
If at first you don't succeed, lower your standards.

You honestly believe that KPresenter and Impress lack the ability to load/save to PowerPoint files? I find your lack of faith disturbing....

You dont NEED Powerpoint. What you NEED is a program that can load powerpoint files, modify them, and save to that format. KPresenter and Impress can do this. As can all the other OSS Presentation apps. Wake up and smell the napalm; you dont NEED Microsoft for ANYTHING. Accept it, and move on.

------------------
The future is here, and all bets are off.

Crimson Editor also seems to handle remote browsing more awkwardly, doesn't seem to be the same settings or whatever as Editplus. And scrolling in Crimson vs Editplus takes significantly more cpu. Memory-wise theyre more or less equivelant.

So my only real incentive to use Crimson is that it's freeware, and has fewer features or poorer implementation of the ones i'm used to.. hm..

------------------
[Blue Mink Bifocals !] [fsck -Rf /world/usr/] [<!-- kalimonster -->] [Capite Terram]
"You'll have to face it, the endings are the same however you slice it. Don't be deluded by any other endings, they're all fake, with malicious intent to deceive, or just motivated by excessive optimism if not by downright sentimentality. The only authentic ending is the one provided here: John and Mary die. John and Mary die. John and Mary die." -Happy Endings [Margeret Atwood]
NPC.Interact::PressButton($'Submit');

I like Texturizer for Windows as my text editor, although it isn't free.

------------------
Bassoon, n. A brazen instrument into which a fool blows out his brains.

Oh, believe me, i'd love to start using linux and get to be a pompous holier-than-thou ***hole and stuff, but from what i hear gaming on Linux is a giant pain. So here I am.

------------------
WOOSH.
-----@%

I'm glad I switched to Firebird.

------------------
"It has become appallingly obvious that our technology has exceeded our humanity."

-Albert Einstein

[This message has been edited by SG1_129 (edited January 31, 2004).]

what about those who have not used any other UI but windows for their whole life and have never had Uber-drastic problems that you say happen every day.

------------------
your curiosity will get the better of YOU one day.
Jon`C:Irony is spelling 'quality' poorly.
Spork:Well I think 'Irony is spelling grammar poorly'
Snail racing: (500 posts per line)-@%

Microsoft is now offering an alternative solution here

[oops: clicked wrong button ]

[This message has been edited by DeTRiTiC-iQ (edited February 01, 2004).]

Why did you edit my post? I demand explanation.

[This message has been edited by oSiRiS (edited February 01, 2004).]

I agree except that you do need microsoft to play PC games without having to run WineX which is unstable at best, and generally doesn't run games half as well as if you were running them under their own environment.

If you want customization but don't want to have to mess with Linux altogether, thereby having to learn how to make Linux play games, get LiteStep. There are filemanager modules that you can download for LS now that completely circumvent the need for explorer. The only thing it does is run on the Windows kernel. Games run smoothly, you can set up easy to use hotkeys, have a sexy desktop, (sexier by far than any Linux GUI) and have the control that you would get with Linux. But it doesn't make you work as hard as you would with a Linux distro. You only have to configure what you want, the rest of it will work as though you're running Windows, because you are.

desktop example...



iBDE v5 completely customized. Popup runs the way I want, filemanager runs the way I want, apps are linked, hotkeys present, but all of my microsoft apps work just fine..


------------------
-=I'm the wang of this here site, and it's HUGE! So just imagine how big I am.=-
1337Yectiwan
OSC Returns!!
10 of 14 -- 27 Lives On

That sounds like a really good deal....are there any disadvantages?

------------------
WOOSH.
-----@%

I have used Debian on my laptop for ages, and I have Knoppix on my desktop and my server here. Knoppix is based on Debian and thus, supreme.

Martyn, you can try linux with nothing more than a cd burner and bandwidth to download Knoppix. Knoppix is a "live" cd which means you burn it, put it in your drive, boot from it, and you have a fully configured and working linux system up and running in as much time as it takes to boot your computer. It doesn't touch your existing hard drive so if you don't like it, you can simply remove the cd, reboot, and you're back in windows. Try it for a few days and see if you like it (run a search for knoppix on google).

I don't use many games, but I also don't want to go through the headache of trying to get windows programs working in linux. Thus, if I ever want to play a game, I just boot into windows. With knoppix, it's -really- easy to hd-install it to a second hard drive. It configures itself for dual boot if it detects a previous windows installation. I strongly suggest you get more help before you just "try it" (setting up the dual boot) - because it -is- possible to seriously hose things if you don't know what you're doing. But not if you just try the knoppix live cd w/out a hd-install.

I don't use linux because I'm a champion of open-source. I use linux because it works flawlessly. Once my system is configured to my liking, I don't have to touch anything. It just works. It doesn't crash, I don't get virii, and I don't have to worry about all the zillions of annoyances of windows.

There are of course some trade offs. I don't like the slowness of most open source browsers, thus I use opera. I don't like any of the "real" gui text editors on linux - there's simply -nothing- to compare to editplus or crimson editor. Thus, I use gvim. I'm not quite as fast at it as I am with editplus, but there are a lot of things I truely like better about it. Then there's the whole games thing, and I explain how I get around that above.

I really should write up a page about this because I find myself repeating... myself... in a lot of these threads.

Brian if you haven't already, you might want to look into Bluefish. I haven't used it much, but it seems fairly congruous to Crimson or Editplus, and doesn't seem to be slow or cumbersome or whatever.

http://bluefish.openoffice.nl/

------------------
[Blue Mink Bifocals !] [fsck -Rf /world/usr/] [<!-- kalimonster -->] [Capite Terram]
"You'll have to face it, the endings are the same however you slice it. Don't be deluded by any other endings, they're all fake, with malicious intent to deceive, or just motivated by excessive optimism if not by downright sentimentality. The only authentic ending is the one provided here: John and Mary die. John and Mary die. John and Mary die." -Happy Endings [Margeret Atwood]
NPC.Interact::PressButton($'Submit');

Cheers Bri, that sounds right up my level of competence! (I've already got a data HD and a system drive - big enough to subdivide one into yet another if I do like Knoppix - they're both pysical drives)

I'll look into that asap!

Maybe you're right about writing up this sort of thing - maybe a new board with a couple of threads at the top that can't be replied to, but never move from the top of the list?

People can argue away just beneath, but the stuff that's dead important to those looking into making changes are always there to be found?

Just a thought! Thanks again for the advice to all!



[EDIT: 122MB of Knoppix DL'd - I'll try it out later tonight!]

[This message has been edited by Martyn (edited February 01, 2004).]

Oh come on, all I had to do was look at my status bar before clicking that link and I could see that it would be a page that exploits a certain security flaw. Not big, not clever.

And on a closer look, they say the target page will only load in IE because it contains non-compliant code that should only work in IE.

So I ran it through the w3 validator.

Non of the code used to render any html was invalid, there was exactly one error and that was:



Opera and Firebird should have no problems rendering that page if they were allowed to get passed the weird "<!--[if IE]>" tags (never seen these before, something new?). If people want to make code that highlights flaws in IE, fine. But they should at least make sure they do it fairly.

So I did another test. I removed the "<!--[if IE]]>" stuff and created a page called test.aspx. Then I loaded it in all 3 browsers (IE, Opera and Firebird/Mozilla). Not only did Opera and Firebird have no trouble rendering the page, the appearance was also identical across all 3 browsers.

[Note: I accidently clicked edit rather than reply w/quote the first time, that's why there's an edited by under oS's post]

My virus-scanner picked up the exploit on that page. And it ran on opera.



------------------
Eat the pudding.

You should spend more time reading and less debating.

What it says is that it doesn't redirect because without the exploit it's not funny. The exploit it's referring to is the one that makes msie.microsoft.com be the only thing that appears in the address bar, not the redirect or display.

Loading the page in opera, a dialog box comes up NOTING the username thing. The page loads blank on mozilla as well, but neither of these exhibit the IE exploit.

Whether or not the page loads has no bearing at all on the exploit the entire page is about. For clarity, the exploit is that having %00 in the address before the @ leads to the rest of the text not appearing in the address bar. There's no excuse for that.

With access to the html, i could have used a few other exploits (using javascript to hide the link in the status bar, for example (something you can turn off in firebird)) and the entire thing would be flawless.

The redirect has nothing to do with the exploit and is instead a handy portal.

------------------
Ω of 14

On closer examination I see my error, sorry.

However, I still stand by the fact that the page isn't amusing. I'd much rather Microsoft fixed IE than be forced to use Opera or Mozilla.

"u" is not a word.

------------------
"LC Tusken: the idiot is the person who follows the idiot and your not following me your insulting me your following the path of a idiot so that makes you the idiot"
NMGOH || Jack Chick preaches it || The Link of the Dead