Posts by Andy Shaw 16 publicly visible posts • joined 19 Nov 2007
"Are you saying that the gormless cretin, that vandalised her car out of petty spite and jealousy, should be let off because her classic car didn't have a modern proximity alarm?"
No, people are saying - to extend your analogy - that he should pay for the repairs, but *not* for installing a modern proximity alarm that wasn't there in the first place.
<rant type="pedantic">
I assume you mean "by and large". It's an old nautical term implying that a ship could sail into the wind ("by the wind") as well as when the wind was behind the ship (or "large").
It's a pretty common mistake, so as long as you don't say anything about intensive purposes I'll let you off.
</rant>
Granted I'm currently a dilettante in this field, but if I'm reading the blog entry you linked correctly, Mr. Williams is wrong. No javascript is being injected into Twitter, and whilst a small portion of text that looks like CSS is 'injected' (which is to say posted perfectly normally), escaping everything that looks like it might be CSS is going to be pretty hard and probably have some false positives - if it's not outright impossible. Notwithstanding, of course, that when viewed by itself in a browser it's utterly harmless. The posted text isn't in a "CSS context" as Mr. Williams put it until an attacker uses the twitter page as a stylesheet for his attack page. And the CSS doesn't have any javascript in it then, either.
The issue is that IE - when told that the twitter page in question is a CSS file - tries to parse the page, and despite any number of issues that should prevent it from doing so, sticks pretty much the entire thing into an easily-accessible CSS property. That property can then be parsed by javascript on the attacker's site.That's pretty clearly an IE bug to me.
Perhaps Mr. Williams should have examined the sample exploit more carefully before commenting?
...and not for any particularly good reason - Gregory D. Evans currently has pride-of-place at the top of attrition.org's charlatans list (http://attrition.org/errata/charlatan/gregory_evans/) and has been there for a while. The various claims compiled there make for interesting reading - basically, the guy appears to have serious truth issues.
Oh for the love of Pete. I was going to stay out of this one, because Mac vs PC discussions always devolve into religeous flame wars, but really.
Geoffrey, you can't attack one side of an argument for making an ad-hom attack in response to an ad-hom attack. And yes, "idiots with a IQ in the lower single digit get a Mac" is an ad-hom attack, and it *is* grammatically incorrect. If (Mectron) you're going to insult me, please try to get it right.
John, he's right. And there's several better ways to point out the holes in Mectron's arguments; such as for example the fact that my Macbook's case is made of solid aluminium, presenting a rather more solid form-factor than the average Dell. Or the fact that a Mac *is* a personal computer, and is such is *part* of the competition.
Yes, I have a Macbook. However I'm typing this on my office desktop PC, which like my home desktop runs Windows. Vista here, W7RC at home. I'm also personally responsible for several Linux (mastly Debian, one Ubuntu) servers, so I feel sufficiently to say the following:
Windows historically presents a pretty bad user interface. This has been improved with W7 and Vista, although Vista screwed the pooch with UAC (which has been toned down in W7). The downside to that is that the old familiarity has gone away. Popular Linux window managers (both Gnome and KDE) make me grimace; other WMs tend to be insufficiently well-featured. OSX provides a wonderful UI - it is widely acknowledged that Apple are the masters at this - and being based on BSD it allows me to Get Shit Done(tm) in the same way that Linux does. However, yes, the hardware is overpriced.
Basically, it boils down to what you can afford. Windows is okay because it's familiar (up until recently, anyway) and is much better from a stibility perspective than it used to be; Linux is stable, powerful and very customiseable if you've got the time and inclination to learn; and OSX is stable at the cost of expensive hardware, powerful and very easy to use.
There. Now can we please learn to live and let live?..
Of course, with Microsoft pushing heavy changes to both the Windows and Office interfaces, a "Windows skin" on a Linux window manager and a copy of OpenOffice actually provide more familiarity than new versions of Windows do. It's an anecdote I know, but my mother (the only typical user I have to support) is much happier with this setup than she was with Vista and Office 2007.
Why on Earth are people still doing these studies? What has been proved - conclusively - by several studies before is that people will quite happily tell a researcher a word that may or may not be their actual password in exchange for a reward.
Hell, I'd be more than happy to tell a researcher that my password was "scr3wball" in return for £5 worth of loot. It's not, of course, but how exactly are they going to know that?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
