Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Night Hammer on May 10, 2005, 12:46:06 am
-
http://news.yahoo.com/s/pcworld/120756
in case yall hadnt seen this...
-
At least it doesn't take them six months and fifty security patches to fix bugs. :p
-
Lies! Firefox is indestructable!
-
Oh hell. Paul's going to be all over this one.
-
I'm not worried about this. The exploit requires to user to do something to activate it.
Which means that those of us who actually know a damned thing about the system arne't going to be caught so easily...
Under IE, there're too many loopholes that allow automatic activation of exploit code.
-
It'll be fixed shortly.
-
Unlike those IE exploits...
-
At least I'm safe... no Java VM installed. :)
-
That's the beauty of Firefox, really; even when holes do pop up, they get fixed and the client updated hella quick thanks to good old open-source.
-
The benefit of Firefox is that it is invulernable. The benefit is:
1) Separate layer from the OS (IE is integrated into the OS)
2) Bugs are found, fixed, and then released promptly
-
Originally posted by Annorax
At least I'm safe... no Java VM installed. :)
And that has what to do with a JavaSCRIPT exploit? :rolleyes:
-
Originally posted by ZylonBane
And that has what to do with a JavaSCRIPT exploit? :rolleyes:
I keep javascript turned off? No Java + No JS = immune to a vast majority of the crap out there
-
Sigh.
Java and JavaScript are not the same thing. Not even close. So saying you're safe from these bugs because you don't have Java installed is just ignorant.
-
Originally posted by IceFire
The benefit of Firefox is that it is invulernable. The benefit is:
1) Separate layer from the OS (IE is integrated into the OS)
2) Bugs are found, fixed, and then released promptly
(diversion alert!)
Strangely (or not) RE 1 I was just thinking that today with regards to Windows - they've really ****ed up that Os by trying to make it more than an Os and cater to the lowest common denominator. If MS simply made a thin, efficient (god forbid) OS with minimal features, they not only wouldn't have half the security & interactivity problems they now have, they also wouldn't have to assume as much responsibility for the myriad security holes. I've read recently about Ms considering denying pure socket access (or similar) to programs to try and polyfilla the holes they present - actually denying the programs operating on the computer access to a facility when IMO it's the OS' job to facilitate access.
At the moment they're seemingly doing neither; they have this bloated Os with non-Os related features, and rather than take the more obvious step (given the way windows has seemingly evolved, at least on the home PC) of fully integrating security/etc control as part of the Os, they're spinning it off onto yet another layer of applications.... to me the obvious and sensible way is either to incorporate all this into the OS itself as a proper security protection (acknowledging it'll **** up access to OS functions for a number of 3rd party programs in the meantime), or simply specifically neglect areas of security (viruses, for example) as being the responsiblity of the user.
At the moment they seem to do neither; not giving the user any responsibility, yet not actually committing to proper fixes but more sticky-tape over an amputed limb type solutions. At least, that's my perspective.....
-
Originally posted by Annorax
I keep javascript turned off? No Java + No JS = immune to a vast majority of the crap out there
Javascript is just a name that was chosen to cash in on the popularity of Java at the time of development; offhand, Javascript was by Netscape (the actual Java language was by Sun; albiet it did spin out of a language for animated internet images, it's no relation), JScript was a competing MS equivalent, and ECMA262Script is what is colloquially known (now) as Javascript and was set by international standards (but not adhered to...).
The Java VM uses a sandboxing model specifically to try and prevent malicious access by remote code; principally by shoving it (code containing potentially dangerous methods of some description) into an access denied sandbox that stops it accessing files or operations upon your machine. Offhand there are 3 main ways it does this... I can only remember the one (bytecode verifier) at the mo.
anyways, Java has nothing to do with JavaScript, JScript, ECMA262, etc.
-
you cant just goto tools/options/webfeatures and turn off javascript no biggy
-
Originally posted by aldo_14
the actual Java language was by Sun; albiet it did spin out of a language for animated internet images
Umm, no.
History of Java (http://java.sun.com/features/1998/05/birthday.html)
-
Too bad there are quite a few sites out there that you need JS to navigate. >.<
-
Originally posted by ZylonBane
Umm, no.
History of Java (http://java.sun.com/features/1998/05/birthday.html)
[q]
The team returned to work up a Java technology-based clone of Mosaic they named "WebRunner" (after the movie Blade Runner), later to become officially known as the HotJavaTM browser. It was 1994. Daily, momentum behind the new vision grew. WebRunner was just a demo, but an impressive one: It brought to life, for the first time, animated, moving objects and dynamic executable content inside a Web browser. That had never been done.
[/q]
tis what i was thinking of.
-
1.0.4 is out! (w00t!)
Download (http://fileforum.betanews.com/detail/Mozilla_Firefox_for_Windows/1032985422/1)
Changes (http://www.mozillazine.org/talkback.html?article=6597)
For those who don't want to read the changelog - it basically fixes the last two security flaws discovered.
Go, Firefox!