Navigation
User login
Quote
Thomas Jefferson
He who receives an idea from me, receives instruction himself without lessening mine; as he who lights his taper at mine, receives light without darkening me.
vwon, twoooo, thrreeeee, voor!
Tue, 07/13/2004 - 11:54 — kebernet
Ok, it's hard to sound like The Count in text. However, there are now four new critical IE flaws out today.
I'm too tired of this rant to even try anymore.
This work is licensed under a Creative Commons License.
1998-2008 temple of the screaming penguin
TotSP Search
Community
Chatter
- Great Show!
3 hours 17 min ago - Bigfoot update - costume in a cooler revealed
7 hours 10 min ago - See you tonight!
22 hours 48 min ago - Really isn't difficult to put
2 days 16 hours ago - It were Oliver Wellington that felled the creature
3 days 7 hours ago - I swear I did not see this before I wrote that
6 days 34 min ago - LHC and welcome back
1 week 7 hours ago - good rant
2 weeks 6 days ago - Not really impressed either
3 weeks 1 day ago - This article is useful
4 weeks 1 day ago
Comments
RE: vwon, twoooo, thrreeeee, voor!
Funny that an open source site such as this one failed to mention that Mozilla Thunderbird and Firefox both had critical vulnerabilities this week.
And don't go spouting " there's so many more of IE, blah, blah, blah."
Critical is critical and though you can not praise TeamMoz's response enough, it is still worthy of bashing.
RE: vwon, twoooo, thrreeeee, voor!
Yeah. Honestly I can't understand why Mozilla on Windows even HAD a shell: protocol handler. But frankly there was a patch available before I even realized there was a bug :P
RE: vwon, twoooo, thrreeeee, voor!
And I might point out that the mozilla issue only affected Mozilla ON WINDOWS. This appears to be a windows issue as much or more so as it is a Moz issue ;)
Dont get me wrong, sure Mozilla will have flaws and bugs, ALL SOFTWARE WILL (and I dont think anyone here has *ever* disputed that) but its very very valid to compare the frequency and severity of the issues.
To say "dont go spouting theres so many more of IE. . ." is stupid. What the number of flaws and the degree of severity are irrelevant? Because Moz has had, lets count, yeah I get one also, and IE has had a plethora (almost daily) thats just the same thing is it?
RE: vwon, twoooo, thrreeeee, voor!
I brought up the Homeland Security recommendation AGAINST IE the other day at the office and that raised some eyebrows.
Of course nothing will change (especially not where I currently work, I dont think you could design a bigger mess if that was your intent) and web apps are still most often "optimized for IE" (code for we never write, test or check in any other damn browser and we use software that codes to IE proprietary BS) but at least all the IE press lately supports what people that know a thing or two about browsers having been saying for years, IE SUCKS ASS.
RE: vwon, twoooo, thrreeeee, voor!
Actually, the reason the shell: thing is an issue on windows is because there are buffer overflow exploits for the cmd.exe :P
RE: vwon, twoooo, thrreeeee, voor!
"To say "dont go spouting theres so many more of IE. . ." is stupid."
No its not. To call something stupid when you obviously don't understand it is stupid....
My point is that Critical is Critical. When there is an IE exploit, this site and every other pro-OS site puts it up on the headlines. I was merely pointing out that I didn't see anywhere near as many pointers to the Moz exploit, including this site, which is so near and dear to my heart.
One critical exploit is all it takes.
Oh and one more thing: don't be such an inflamatory dillhole.
RE: vwon, twoooo, thrreeeee, voor!
Well, I will certainly take your advice about being a "dillhole" (or try to). But try to keep in mind I was responding to "And don't go spouting" which has a dillhole connotation of its own.
And for the record, like it or not, it is stupid to say that the frequency and severity of the exploits dont matter.
Yeah one is all it takes if it bites you but that was never the point of the original post or the historical argument around all of this. Not only that but the "bite" issue is also affected by the number and severity of issues (even though its not the point). You see these software things, "browsers" they are called in this case, are installed on many computers, not just one. And therefore the more exploits there are that affect them the greater the chances of any single exploit actually affecting any or a large number of machines.
There definitely is an "obvious" understanding issue here, a "stupid" one as you put it, but its not on my part. (But dont worry, the name calling makes up for it.)
The actual point was and is that in terms of the quality of the product and the code the number and type of exploits are a reflection. Paint it however you want but the reality is certainly that the number of defects and the severity of those defects IS a commonplace and justifiable method in which software is judged.
(And not even a word about the actual casuse of the exploit being cmd.exe?)
RE: vwon, twoooo, thrreeeee, voor!
You are still not getting the point. Yes, frequency matters. Yes Moz seems* to be a better product. Yes IE is one big dillhole (sorry, been watching "That 70's Show" reruns.)
My point, and only point, is that a Critical flaw is a critical flaw. It is worthy of mention. It doesn't matter that it is the only one. It must still be addressed, it must still be patched, the knowledge that it exists must still be spread. Period. The spouting reference was in exact anticipation of your last post.
Sure if I was comparing Moz to IE for a recommendation to a company, client, or Mom, the number of security flaws would be a prime factor.
That does not forgive nor excuse not loudly complaing about critical security flaws.
And that is the point. I am not judging IE vs Moz (I've not used IE in a non-work, non-dillhole IE only site for years.) I don't like IE. I like Moz. Moz is better. Alls I'm saying is that the Moz flaw didn't get the press it deserved.
Please, please, please drop the IE vs. Moz thing. I'd think that you'd know my browser orientation by now.
oh yeah, f the anti-Bill movement.
* - Like some dude on a Moz-zine site said, Moz is getting popular enough now to target by malware dweebs. I will be curious to see how well it stands up. I, of course, hope for the best, but it could be interesting, none-the-less.
RE: vwon, twoooo, thrreeeee, voor!
"Please, please, please drop the IE vs. Moz thing." Nice, noting that I didnt bring it up. Yeah I jumped in after it was made a "Moz vs IE" thing but that was you that put it on that footing.
Frankly I would not have commented here at all had someone not said "dont go spouting theres so many more about IE". Yet that comment was meant in "exact anticipation" of me bringing up the argument that it itself brought up. Very clever.
As for posting flaws and such about open source products I know that I do it quite frequently, when I notice one has such (just looking at the archive software categories proves that). I need to do it more, but the reason I havent lately is that I have been too busy to pay attention, not because I am putting some editorial filter on what I would post flaws about. Hell yeah that should be posted, and often IS.
In this case it just so happens that this particular "flaw" you point out as being critical to Mozilla is not critical IMHO and NOT ATTRIBUTABLE TO MOZILLA. When I first saw this flaw I was ready to post and then noted that it only affected Windows and didnt really care anymore, didnt seem like a big deal either way.
RE: vwon, twoooo, thrreeeee, voor!
Ya know, I should just let this go. I really should. Mainly since its like I'm talking to myself here.
But hey, its me, so here goes. I make a final historic attempt at communication.
Four IE flaws are written about (sort of) in a story. I say that funny that this OS site didn't mention when an OS product has a (single) similar flaw. Knowing that the usual response is something along the lines of, "Yeah but that's just one flaw in N months, but MS products have them all time." I say, "that's not a valid reason." And it is still not.
I never made it Moz vs IE. I made it a lack of posting about a Moz vulnerability. Period. That was it.
Now, however, I have to get all wound up again. I really, really don't get the "is not critical IMHO and NOT ATTRIBUTABLE TO MOZILLA....only affected Windows...."
Come on. No really. Come on. Half of the fuckin IE/Outlook/MSWord/blah/blah flaws are not due to that product, but that product's use of the OS. Are they no big deal? MS platforms are still by far the most prolific out there. I'd be willing to bet that the good readership of the penguin even use MS platforms to visit said site. To discount a critical flaw because it involves the use of an OS feature that is not an Open Source OS is just a little narrow minded.
Anyway, at best my original post "coverage of IE vs Moz" as opposed to "IE vs Moz" so you did, in fact, bring it up.
That's it, I'm shutting up because we have obviously reached an impass in comprehension.
RE: vwon, twoooo, thrreeeee, voor!
We were at an impass before this started I think.
But its entertaining to see the "point" shift so many times. I know I know, I am not getting the point, thats the problem, uh, yeah. Its just funny to see (in my not getting it view) the point go from what you literally said, "moz and fire had crit vulns and totsp didnt mention it", to one crit is enough dont bitch about IE, to its not IEs fault because its not due to that product, beautiful stuff really.
RE: vwon, twoooo, thrreeeee, voor!
jesus man, I never said not to bitch about IE. I said to bitch about Moz too! That's never changed. frickin read the post man.
RE: vwon, twoooo, thrreeeee, voor!
lol, i knew you werent done!