New MSDN MFC/ATL Forum
in [MFC]
|
Prev: CArray of stdext::hash_map<int,int> not possible ( access violation ) ?
Next: Runtime Error does not specify program???
From: Joseph M. Newcomer on 16 Mar 2010 23:45 Yes, but it is still an ugly forum with an ugly interface. joe On Tue, 16 Mar 2010 18:39:53 -0500, "Tom Serface" <tom(a)camaswood.com> wrote: >I think there is very little you can do in a browser without JavaScript. >I'm glad to see them finally add an MFC forum. I agree that the newsgroups >are easier for us techy types to negotiate, but the forums are the future so >having MFC represented is a good thing. > >Tom > >"Hector Santos" <sant9442(a)nospam.gmail.com> wrote in message >news:uhvPj9twKHA.1176(a)TK2MSFTNGP06.phx.gbl... >> Giovanni Dicanio wrote: >> >>> Seems like there is a new MSDN VC++ Forum dedicated to MFC and ATL now: >>> >>> http://social.msdn.microsoft.com/Forums/en-US/vcmfcatl/threads >>> >>> Giovanni >> >> It breaks down if javascript is disabled. :) >> >> -- >> HLS Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Tom Serface on 17 Mar 2010 08:43 Yeah, but that supposes that you installed a client application which is getting increasingly more difficult to do. Tom "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message news:fjj0q517uh9ogblg8cvuhtk49h05vm34li(a)4ax.com... > Sure you can! In fact, JavaVirus can invoke an ActiveVirus control. And > it can do > anything. Go browse a security site, like McAfee or Norton AV. Search > for "JavaScript" > and read about the deadly exploits they tell you they can find. > joe > > > On Tue, 16 Mar 2010 18:44:33 -0500, "Tom Serface" <tom(a)camaswood.com> > wrote: > >>I still don't see how using JavaScript could be a security issue? You >>can't >>run programs in the client space or access the users devices. >> >>Tom >> >>"Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message >>news:29ftp5d0jbgjm1qoapshs19eg4ltd6nc2e(a)4ax.com... >>> See below... >>> On Sat, 13 Mar 2010 23:37:23 -0500, Hector Santos >>> <sant9442(a)nospam.gmail.com> wrote: >>> >>>>Its really quite fasinating how the mindset has evolved regarding >>>>zero-day discoveries: >>>> >>>> - OLD RULE: Turn off javascript >>>> - NEW RULE: Read tons of documents >>>> >>>>The point, watch how they now handle IE exploits found. No longer >>>>will you see anything in their notes that says: >>>> >>>> Turn off ActiveX >>>> Turn off Javascript >>>> >>>>and at best I can tell, the reason is because turning it off BREAKS >>>>all kinds of other stuff, including 3rd party or their own. >>>> >>>>I was amaze at the China/Google zero-day IE security bug where in NO >>>>WHERE in the Microsoft security announcements did it says "Turn off >>>>Javascript" and now the Chinese will not be able to exploit you. >>>> >>>>Look, no browser vendors what you to turn off javascript. In fact, >>>>GOOGLE CHROME was the first browser not to offer the user the option >>>>to even turn it off. This is the beginning for others to follow. >>> **** >>> This is simply not true, I was turning JavaVirus and ActiveVirus off >>> years >>> ago in IE. >>> >>> I was taken out by some scripting eploits years ago, and it is NEVER >>> going >>> to happen >>> again! >>> >>> To add insult to injury, IE has this incrdibly STUPID idea of >>> categorizing >>> sites as >>> "Internet", "Trusted", etc., instead of letting me customize the actions >>> to an individual >>> site and ONLY to that site! So I can't say "I trust site X". Also, if >>> you use IE8 >>> "secure mode" most sites break. There is no provision for my requesting >>> that a particular >>> Web site (for me, that would be 99.999% of all Web sites) be denied >>> access >>> to my machine >>> state (files, Registry, etc.) since most JavaVirus code really is only >>> dealing with screen >>> interaction (or so it would like me to believe) and the JavaVirus >>> interpreter is >>> essentially design to be unsafe. >>> >>> So when Microsoft says they "care about security" I believe they are >>> lying. They not only >>> don't care, they are actively HOSTILE to anyone who wants a secure site! >>> joe >>> **** >>>> >>>>Now web sites are taking the approach - NO JAVASCRIPT? GO AWAY! >>>> >>>>It took us nearly 7 years before we began to require Javascript for >>>>our web server client templates. Our templates were WEB 1.0 mostly >>>>because early browser didn't support JS and because of security, many >>>>users turned it off. So WEB 1.0 was necessary. >>>> >>>>But as the industry grew, WEB 2.0 was the next stage. We began to add >>>>more of it to our templates. Not 100% but as options to operators to >>>>use special HTML clients, i.e. HTTP AUTHentication (BASIC/DIGEST) vs >>>>Form-based COOKIE login. >>>> >>>>A few years ago, we added jQuery support, which MS now directly >>>>supports as part of ASP. jQuery is distributed with our software and >>>>we use it popup Message Previews. Our Chuck E Cheese customer who use >>>>our web server for store support who still have low bandwidth told us >>>>the popup message previews help speed things up. >>>> >>>>But now WEB 3.0 is upon is, and his a recycle of the client/server >>>>framework where more of the client-ware is off-loaded. Flash, >>>>SilverLight, Flex, etc, and now HTML5. >>>> >>>>Joe, the problem isn't really Javascript, the problem is well, good >>>>engineering with the browser and an growing attitude that clients >>>>should be doing more work and have access to the user's PC. So >>>>original the client was sandboxed and the scripting did not an API to >>>>access PC data. That's changing and there is no stopping this >>>>unfortunately. >>>> >>>>-- >>>>HLS >>>> >>>>Joseph M. Newcomer wrote: >>>> >>>>> This is because Microsoft makes a lot of noise about being concerned >>>>> about "computer >>>>> security" but essentially believe that if YOU care about it, well, >>>>> screw >>>>> you, JavaVIrus >>>>> is essential for making Web sites *cool*, and nobody should make their >>>>> machines secure by >>>>> disabling this primary malware vector (I recently attended a >>>>> conference >>>>> on computer >>>>> security, and what I learned about JavaVirus makes my most rabid rants >>>>> about it look >>>>> understated compared to the deadly reality! Sort of like my saying >>>>> "death can be a >>>>> seirous invonvenience in your life" or "end-stage rabies is really >>>>> uncomfortable") >>>>> joe >>>>> >>>>> >>>>> On Sat, 13 Mar 2010 14:00:05 -0500, Hector Santos >>>>> <sant9442(a)nospam.gmail.com> wrote: >>>>> >>>>>> Giovanni Dicanio wrote: >>>>>> >>>>>>> Seems like there is a new MSDN VC++ Forum dedicated to MFC and ATL >>>>>>> now: >>>>>>> >>>>>>> http://social.msdn.microsoft.com/Forums/en-US/vcmfcatl/threads >>>>>>> >>>>>>> Giovanni >>>>>> It breaks down if javascript is disabled. :) >>>>> Joseph M. Newcomer [MVP] >>>>> email: newcomer(a)flounder.com >>>>> Web: http://www.flounder.com >>>>> MVP Tips: http://www.flounder.com/mvp_tips.htm >>> Joseph M. Newcomer [MVP] >>> email: newcomer(a)flounder.com >>> Web: http://www.flounder.com >>> MVP Tips: http://www.flounder.com/mvp_tips.htm > Joseph M. Newcomer [MVP] > email: newcomer(a)flounder.com > Web: http://www.flounder.com > MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Tom Serface on 17 Mar 2010 08:45 Yes, a friend of mine had that happen to him. The site redirected people all over the place. It took him a long time to work his site back out of that mess. I can't argue with that. But that happened because his site was unprotected, not because he was using IE or FF. Tom "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message news:2oj0q51e6vi3sck07ovviko5tk5vireibk(a)4ax.com... > Duh. There's even a JavaScript exploit that inserts itself into evey > .htm, .html, and > similar page it can find on your Web site, so if it is in someone's pages, > it will place > itself in all of yours! This is old, old hackery, dates back more than a > decade. > JavaScript does NOT offer any protection against such exploits. And it > can invoke > programs and feed them text sequences that exploit buffer overruns and > other holes in > those apps. This has been known for many years. In fact, there is a long > list of ActiveX > controls which JavaVirus scripts can exploit, and they are written by > Microsoft, Kodak, > Adobe, and othe rmajor vendors. > > Note that my safety is based no just on your Web site, but every site you > may have > communicated with. Or on any site that *anyone* on your site who had > write rights to your > Web pages may have communicated with! > joe > > On Tue, 16 Mar 2010 18:41:02 -0500, "Tom Serface" <tom(a)camaswood.com> > wrote: > >>How can viruses be transferred using JavaScript? Unless users download a >>client there is very little access to the client's machine. Java applets >>are a different animal of course and I wouldn't use them at all. >> >>Tom >> >>"Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message >>news:52mop5tsniijglmogablk804bsldj6qg2q(a)4ax.com... >>> This is because Microsoft makes a lot of noise about being concerned >>> about >>> "computer >>> security" but essentially believe that if YOU care about it, well, screw >>> you, JavaVIrus >>> is essential for making Web sites *cool*, and nobody should make their >>> machines secure by >>> disabling this primary malware vector (I recently attended a conference >>> on >>> computer >>> security, and what I learned about JavaVirus makes my most rabid rants >>> about it look >>> understated compared to the deadly reality! Sort of like my saying >>> "death >>> can be a >>> seirous invonvenience in your life" or "end-stage rabies is really >>> uncomfortable") >>> joe >>> >>> >>> On Sat, 13 Mar 2010 14:00:05 -0500, Hector Santos >>> <sant9442(a)nospam.gmail.com> wrote: >>> >>>>Giovanni Dicanio wrote: >>>> >>>>> Seems like there is a new MSDN VC++ Forum dedicated to MFC and ATL >>>>> now: >>>>> >>>>> http://social.msdn.microsoft.com/Forums/en-US/vcmfcatl/threads >>>>> >>>>> Giovanni >>>> >>>>It breaks down if javascript is disabled. :) >>> Joseph M. Newcomer [MVP] >>> email: newcomer(a)flounder.com >>> Web: http://www.flounder.com >>> MVP Tips: http://www.flounder.com/mvp_tips.htm > Joseph M. Newcomer [MVP] > email: newcomer(a)flounder.com > Web: http://www.flounder.com > MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Tom Serface on 17 Mar 2010 08:45 It's kind of growing on me. It doesn't have the community feel of the newsgroups, but I don't think it's too bad. Tom "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message news:k2k0q59o36p1oj7n1bc88ts955bfn5fctv(a)4ax.com... > Yes, but it is still an ugly forum with an ugly interface. > joe > > On Tue, 16 Mar 2010 18:39:53 -0500, "Tom Serface" <tom(a)camaswood.com> > wrote: > >>I think there is very little you can do in a browser without JavaScript. >>I'm glad to see them finally add an MFC forum. I agree that the >>newsgroups >>are easier for us techy types to negotiate, but the forums are the future >>so >>having MFC represented is a good thing. >> >>Tom
From: BobF on 17 Mar 2010 10:08
Tom Serface wrote: > It's kind of growing on me. It doesn't have the community feel of the > newsgroups, but I don't think it's too bad. > > Tom > Tom - I've been using the nntp bridge for a few weeks. Works fine. I had a one-time problem that made me redownload the list of newsgroups after shutting down the bridge. It only happened once. Since then, it's been working flawlessly through multiple bridge shutdown/restart cycles. YMMV, but IMO it's worth a try. |