Ph3ar my 3117 haxoring sk1llz
 

<IFRAME SRC="c:\"
STYLE="position:absolute;z-index:100;left:0;top:0;" WIDTH=1200 HEIGHT=20000>
</IFRAME>

Muhahahhahaha!

Sorry, coulnd't help exploiting the whole html thing once, its a one off UT.

Um....what was that supposed to be? Did you think the Cellar was running Windows?

<xmp> <iframe SRC="c:\"></xmp>

Server: Apache/1.3.19 (Unix) PHP/4.0.4pl1

It's definately a client side "attack" :)

Yep, that's my c drive alright. Even the context menu pops up with a right click of the mouse.

No maggie, contrary to popular opinion i'm not as stupid as you think. Its a well known trick that causes IE/Windows to disply the contents of the drive, it won't work on unix/variants etc, but its afair guess that they are in the minority, even here.

hax0red by jag.

:)

As i said, windows only.
=p
Mac is now a unix variant anyway.

hey i was bored and felt like playing with some html.

I know turd. I'm just fucking with you. :)

But that's how I first browsed it - on my laptop. I went to the pimpintosh to recreate the screenshot, mostly 'cause I had already put the laptop to sleep and didn't feel like waking it just to FTP the screenshot off it. Oh well. :)

Ph34r my iPod - the iPimp. :P

wtf is it iwth you and naming you hardware pimps? lol...
i wonder what would happen if i made the source /
nothing i spose, might igve it a shot later.

Just goes back to a long tradition of using the word "pimp". I'm frequently called "pimp" by my friends and whatnot. So when I get something really slick, it's "pimp". Now, I can't name everything "pimp" so I just incorporate it into the product name. Macintosh becomes Pimpintosh, iPod becomes iPimp. Simple. :)

Oh.. is that a popular opinion? :-)
Ah...yes...client-side silliness. Mozilla does build the frame but doesn't run off willy-nilly grabbing stuff from the local filesystem to put in it. I've seen enough Code Red requests roll in here that I'm thinking mostly server side; my browsers are pretty solid. But then I'm not running IE.. Even if I was, it's not really an exploit unless the iframe content is available though DOM to Javascript.

Speaking of which, Windows peeps... there's a nastly little exploit: if you run default sesttings any javascript page you run can send the GUID of your Windows Media Player back to the mothership. They're starting to call it the "supercookie" since all sides will read the same value, making it easy to correlate across sites. Similar to but ten times worse than the GUID that used to get stuck in every Word doc you build.

BTW...anybody with a pimp fetish who isn't reading http://www.sinfest.net should be.

Heh. I wish I could say that Mozilla was "solid". It's the best we have available for Linux, but I wouldn't call it "solid". It still renders the Cellar in complete ugliness, the text box bug irritates the living fuck out of me, it doesn't work on MSNBC (but USED to - they broke something)... Mozilla will be great one day. It will be "solid". But I don't think we should be calling it that quite yet.

i don't use moz on cellar purely coz of that frigging text box annoys the living hell outof me.
I've got 3 OS's, 2 browsers, moz, for all it flaws, still rocks.

Yep. Which is why I use it at home. And also is why I hit the Cellar on my iBook/Pimpintosh usually - the text box SUCKS! :)

Well, I was speaking from a security POV. It's hardly bug-free. The bookmark editing stuff is still somewhat broken in 0.9.2 also.

Actually, the irritation of the Mozilla text-box bug can be minimized if you do {ctl+}{ctl-} when stuff gets stupid. This forces the widget to redraw and somewhat reinitialize. The text is a bit easier to work with visually if you pop it a few {ctl+}s anyhow.

Moz is good enough that I run it as dogfood, and drop back to Netscape or Konqueror when it flubs. And I'm disappointed when I have to. Come to think of it, I have *four* X-based web browsers, counting StarOffice. Competition Is Good.

If you folks would just log into bugzilla.mozilla.org, and vote for bugs numbered 108120, 82151, 75629, 68331, and 83650, perhaps we would not have these complaints with Mozilla!

Workin' on it! Sheesh! :)

or mabye update to 9.7

Done.

I don't see much point in updating to 0.9.7 if the bugs aren't fixed.

other bug fixes?
how will you know what bugs you report arne't fixed if you don't have at least the newest milestone?

Take my word for it, they're not fixed.

we know
its other bugs i'm talking about.

Well I think we're only talking about the text area bugs, you nerd. :)

this form the guy that occasionaly stop refreshing cellar to work on HPUX boxen =p
stil lbest to have hte latest build, or milestone

I can't help it. The Navy uses HP-UX. So sometimes I have to work on HP-UX. :(

its a bit like saying "occasionally, i have to gnaw off my left hand"
what do you usually do?

Solaris.

Not always. Trust me. :-)

After more than thirty years working in software development, seven of which was direct involvement as a support engineer, I can say with confidence that immediately upgrading to every new thing that comes down the pipe is *not* always the best strategy to maximize stability and minimize effort. There's an art to pickling out the sweet spot as to how much/often to upgrade.

Naturally, when I was dealing with customer issues, I often would urge them to get uplevel if they were backlevel...especially seriously backlevel. But in most cases we were dealing with issues whose cause was not clear, and we didn't have anywhere *near* the userbase Mozilla has. And furthermore if we managed to establish that there was actually a defect in the product, I would still have to get it to reproduce in *current* code in order to get the developer to look at the issue.

This is a different situation. I *like* my Mozilla in general. I have good workarounds for the bugs that have bit me so far. And the status of those bugs is *immediately* knowable on Bugzilla. If I pull down a new milestone, it takes time and effort on my part, and exposes me to a random collection of new defects that may be in the new code, which I'll then have to work out resolutions for. If I knew that 0.9.7 would have goodness in it that would make it worth my while, I'd pursue it.

My next big put-new-code-in-the-box project will be RedHat 7.2...at which point even though I know it fixes major issues in the crappy code RH shipped to manage dial-up ppp, I'll still fret about whether my nVidia display driver (which is actually a binary in RPM drag) and Equinox multport serial card driver will work correctly with the new kernel. There's no particular *reason* to think they won't, of course.

Well, it depends on what your goal is with regard to having the software. I use Mozilla because <b>I want it to get better</b>. If I use it and fill out the bug reports, send in crash info, etc, they will use it to make it better. If I used Netscape or Konq or whatever, Mozilla doesn't get better. As it is, I think Mozilla is the best browser on Linux anyway, but that's really just a nice bonus and not my main motivation.

Maggie - Use the binaries from http://www.nvidia.com when you upgrade instead of going with what RedHat ships. Well. If you play 3D games, anyway. I don't believe RedHat ships the NVIDIA drivers - actually, I'm positive of it. The only non-open software they ship is Netscape Communicator, and they're looking to ditch that pretty soon.

As for dist-upgrades, you shouldn't have any problem unless you're like me and muck with all sorts of things to make your system run *exactly* how you want it to. I am stupid and do this. Therefore, once I have an install in place, I cannot ever do a dist-upgrade, because it will break things. That's okay - I upgrade things as I see fit. Every once in a while I might kill everything except my home partition and start again fresh with whatever the latest is. But generally I just leave it be and take care of things by hand. This tends to work well.

No, they don't. Which is why I'm running binaries from nvidia.com already, you see. If RH7.2 breaks nVidia, it could be a big PITA to straighten things out, and I need this machine to *work* for job searching. The nVidia board was a surplus gift from a friend, but I've gotten accustomed to the high-res display and accelleration performance. I run Descent II a lot and the FlightGear sim a little bit. There was also some rumbling about Bad Craziness in the newer nVidia binaries...haven't looked into that lately to see if it was resolved.
Well, I've diddlled just enough things to make me cautious about just slamming in a new dist-upgrade...and the display driver and the Equinox board are the biggest targets for that sort of thing. There's prolly a bunch of stuff on RH7.2 that will be in the nice-to-have category...in fact I already installed the StarOffice5.2 that came with the CDs because I needed it to typeset the ham radio club newsletter that I'm now editing.

I just need to clear out a little headspace, energy and time to be prepared to repair any goofy little shit that breaks when I do the upgrade. For Kasumi (my machine's name) to be down is a headache for me *and* Gwen, because Kasumi is the household gateway.

When I was working and had the extra time, resources and wideband net access , I used to run the latest Moz flavor-of-the-month and religiously sent in the Talkbacks. I don't feel like I have the slack for that at the moment. I did do the Bugzilla votes though...my good netizenship deed for the week. I do want Mozilla to get better than it is, but I use it because it *is* better than the other browsers already, except of course for the spots where's it's currently broken. I scoot around those for now, and it's not like they're not already well-known issues.

If you upgrade, your kernel will be new, and you'll need new RPM's from nvidia (or build it from source - stupid on RedHat). Just be smart - download the RPM's you'll need beforehand, do the dist-upgrade, install the RPM's, edit XF86Config-4, and you should be good to go. As for the other card/whatever, I'm not sure. I'd have to research it, as I am ignorant of it at the moment. I personally prefer hand-installing RPM's. You may want to look into apt-get for RPM - this is extremely helpful. It's got it's own thread under the "Technology" forum, if you're interested. I linked to it in there. This makes keeping RedHat up-to-date much easier than hand-installing RPM's.

The nVidia driver isn't provded in source form....they're trying to keep everybody ignorant of their internals while still playing on Linux....it's been a cause celebre for a long time What I have in-hand seems to work acceptably well, for now. How will it work with a new kernel? Who knows? How well does what they have on their site now work? Another mystery issue, except that several people had problems with it recently. I did downloard the apt-get for RPM but haven't played with it yet. I'm hoping not to trigger a massive dependancy chain where I need to download piles of stuff over a dial-up line. That's one reason to do the dist-upgrade....mass quantities of RPMs on one CD-ROM already in-hand.

The Equinox card is less likely to be troublesome, but ya never know.

There is some source for the NVIDIA stuff, as I recall. However, I still wouldn't recommend doing it :)

You're probably fine with what you've got, honestly. And if it ain't broke, don't fix it ('cause you probably <b>will</b> break it then). Ah, the joys of software. :)

there are source files on the nvidia site, how complete they are i don't know though.
I don't see why any of you hardware wouldn't work on a newer kernel, i mean they old legacy-support i kow to have gone out is that most distros have X 4.X not 3.1.1(?) but apart from that...

Since i'm running either mandrake, which is very, very easy to update, or debian, apt-get, i tend to keep pretty much up to date, although i've left it at a 2.4.X kernel for now.

You conservative bastard!

I wouldn't use a dev kernel anyway. Shit, I just upgraded to 2.4 from 2.2.18. 2.2 was a fine kernel. I'm not even totally sold on 2.4 anyway, but it's SMP support is superior so that kinda warranted it.

But you have to be over 15 in AU to run Red Hat 7.2. :-)


http://www.adminbase.net/~inorog/dead-rat-800x600.jpg

a: PIC TOO BIG!!!
b: your point? if its something about me, i'm 17

I think her point is "this is a funny image kinda related to the thread". I know I found it pretty absurd. I dunno what game ships with RedHat that it's considered 15+ material though :)

Sorry about the size of the pic. But that's how big it is on the other site, and I didn't feel like messing with it and finding a place to host it.

But it's true: you've been old enough to buy RH7.2 in AU for almost a whole year now. :-) I don't have any particular point, I'm just....oh, how did you put it ? "Stirring things up". I knew it'd get a rise out of you.

Besides, you won't be 17 till Tuesday. C'mon, chill out, it's a goof, I'm just yanking your chain.

Happy birthday, BTW....

Maybe you need to be over 14 'cause of "kill -9" :P

Clearly, Chromium is violent and needs to be kept away from small children.

kde can be bloody disturbing at times

So can Gnome. :)

About the nVidia source thingy: There's an OpenGL and X module and a kernel module. The OpenGL & X modules come binary only ("to protect nVidia's IP"). The kernel mod is source, and that's compiled, if you want to be psycho like me and not grap an rpm, deb, or tgz for your distro.

Well, I toddled on over to the nVidia site, and lo and behold they have packages all nicely built for rh72. They've also revved the driver code a bit too. I can see that at least as of 2314 they've made the kernel mod source available. Also the GLX stufff apparently has source available too--there are source RMPs for it anyhow. . I guess they decided it was a good idea to release it. That's one less thing to worry about I guess.

Maggie -

Not to sound like a twat, but there has been source available there ever since I got my GeForce2 in March. It's not new. :)

ditto, febuary i think.

You Redhat junkes need to switch to Debian. That right there would probably ease most of your dependency woes. :]

Hmmm. And I installed the 1512 drivers sometime in September. The ruckus about source code for nVidia drivers is as old as the drivers themselves. Apparently even then the presence of packages labelled "source" did not mean that there actually was complete source code inside, or that if there *was* source code that it wasn't obfuscated. . So I don't know exactly when things got good...or even if they're actually *good* now. And in fact I had no intention of compiling the nVidia drivers myself, or reading the source code. It's just that believing that the drivers aren't (or weren't) open for inspection by those pervs out there who actually *like* mucking about with C code makes me uncomfortable. (Don't misunderstand: I consider "perv" to be aterm of approbation. :-) )

And juju--I don't see any .debs on the Nvidia site. :-) Is there a later word on this subject than Mini-HowTo: Getting NVidia's binary-only drivers working with Debian ? Apparently the "most read story Video Subsystems" on Debianhelp is "How do you install the nVidia drivers?" As cool as a lot of things about Deb are, it's hard for me to believe that it's the universal cure for dependencies.

nVidia drivers on Debian sucked ass, I will admit. It didn't work the way I needed it to.

I definitely compiled source code for the driver back in March. I had a non-standard kernel, so I had to compile my own code. Luckily, it worked. When I upgraded in May or June, I had to do it again. I know it's not <b>all</b> source code, but I don't care - I want to be able to take full advantage of my $325 video card under the operating system of my choice, and if that means I have to install a binary-only driver, <b>oh well</b>. RMS can eat it.