Facebook killed the radio star. And by radio star, I mean the premise of distributed forums around the internet. And that got got by Instagram/SnapChat. And that got got by TikTok. Where the fuck is the internet we once knew?
0 Members and 1 Guest are viewing this topic.
http://it.slashdot.org/it/06/01/05/2027259.shtml?tid=172&tid=128&tid=201&tid=218Awesome. Ahead of schedule. It only ~100 or so variants of this vulnerability for them to go "oh, shit, maybe we are fuckbags."
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz[17:32:54] * xar sets mode: +o newby[17:32:58] <xar> new rule[17:33:02] <xar> me and newby rule all
Quote from: CrAz3D on June 30, 2008, 10:38:22 amI'd bet that you're currently bloated like a water ballon on a hot summer's day.That analogy doesn't even make sense. Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT.
I'd bet that you're currently bloated like a water ballon on a hot summer's day.
It was posted to DSL Reports earlier. We obtained a copy of it to see if it was actually malware - turned out to be from Microsoft "for real" and contained "WindowsXP-KB912919-x86-ENU.exe" within a ZIP file. We fed it to a few lab rats and it wanted to write to a strange new folder on a D: drive. So we ran it on a couple of lab rats that HAD a D: drive. Setup began, wham! BSOD that would have made NT 3.5 proud. "kernel-in-page" error and the world latched. Hard reboot and the "you've been naughty" check of the D: drive every time. I can see why they were a bit miffed at it escaping Redmond. Heh.
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min[20:21:15] xar: that was funny
A guy from hexblog released an unofficial fix for this before MS did:http://www.packetstormsecurity.org/Win/patches/WMFHotfix-1.4.msi
Ilfak patched only his own build of Windows XP. Later, Steve Gibson had to help him add support for Windows 2000 SP4 and various others helped with mechanisms for repackaging and deploying on managed corporate networks.Microsoft dealt with 9 versions and service pack levels of Windows (including 64-bit editions) in U.S. English PLUS 23 localized versions. Since Microsoft’s patch was built into gdi32 rather than “hooked” via AppInit_DLLs, there was much more regression testing required (more to check for build errors than for code/logic errors).The resulting builds must be signed and packaged with CAT files required by Windows File Protection. Those hotfix packages also contain versioning and dependency checks so that a future hotfix for gdi32 will not be overwritten if this hotfix is accidentally reinstalled. (This sounds simple when you’re only dealing with one DLL but when a hotfix includes multiple DLLs with dependencies, it used to be a real problem in the 2000-2001 timeframe before Microsoft established the current mechanism.)Additionally, there is automatic “migration” capability so that you can install the hotfix on XP SP1 and then apply SP2 without redownloading and reapplying the hotfix. (If you look under the hidden folder %SystemRoot%\$hf_mig$, that’s what those files are for.)Conclusion of testing and packaging still left hundreds of files to be mirrored AND verified. There are servers supporting microsoft.com/downloads (direct download), Windows Update/Microsoft Update (the site known to end-users), MBSA (detection tool requiring metadata updates) and Windows Server Update Services (corporate tool). If you snoop through the filenames and XML metadata files used internally, you’ll see that these are separate infrastructures which obviously involve substantial work to stage around the world. Given how heavy the load on hexblog.com was, it still only represented a tiny fraction of technically inclined Windows users. When Microsoft releases a critical fix, the server hits are measured in the hundreds of millions.Lastly, certain documentation (much of it in multiple languages) must be ready to publish at the same time as the hotfix itself. This always includes Security Bulletins (in simplified and technical versions) and KB articles. In a high-profile situation like this, key partners and enterprise accounts don’t like their “Support Flash” communications to trail the hotfix availability by much.So when Microsoft says “testing,” you need to realize that there is also substantial “build” and “release” work implied as part of the process. Although grandma probably understands “testing,” it’s unlikely that she cares to hear about anything from the realm of makefiles or XML manifests so you wouldn’t hear about build/release aspects in the soundbite quotes given by Microsoft to mainstream media for laypeople.
They have to ENSURE to thier customers that the patch will work with no strings attached, say that guy's patch hadn't worked, it wouldn't be a big deal. Microsoft deals with hundreds of millions of customers and they have thier reputation to lose along with thier credibility of being able to fix bugs in thier OS. I'd opt for more bug testing and a later release as opposed to less bug fixing and a earlier rushed release.
I think they realized that and after thiers was leaked they had no choice but to release it and hope for the best. It's a hard decision to make I'd agree but atleast it's fixed now officially.