flat assembler
Message board for the users of flat assembler.

flat assembler > Heap > Skype bug ‘system’ level access and English is the solution

Goto page 1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 7630
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
https://9to5mac.com/2018/02/13/skype-bug-grants-system-access-microsoft-too-lazy-to-fix/
Quote:
A nasty Skype bug could allow a malicious attacker to gain “system” level access, if exploited. The bug is applicable on both macOS and Windows desktop platforms.

However, Microsoft says that fixing the bug will take “too much work”, stating that it would require a full rewrite of the application to fix the bug, ZDNet


probably mean, i will get calls very soon, probably in the early morning of monday, Laughing

thanks microsoft, or fu microsoft?
wasting human resources?
Post 17 Feb 2018, 00:59
View user's profile Send private message Reply with quote
Coty



Joined: 17 May 2010
Posts: 545
Location: ␀
Oh that’s nice... Makes me reconsider using Skype to handle my main business line... probably should switch back to using a land line been thinking of getting a fax machine anyway... Have been getting tired of running to the shop and paying 10cents per page because apparently more people still use fax than I thought...
Post 17 Feb 2018, 06:50
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1260
Skype has a beta web version, hopefully it becomes more full featured so we stop relying on bloated desktop messengers. I mean... yeah, your browser could be vulnerable, but you use it anyway even without Skype... Rolling Eyes
Post 17 Feb 2018, 13:43
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7630
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
this one even more funny,
https://www.rt.com/news/419089-iphone-bug-killer-symbol-apple/

Trolls crash Apple devices with ‘killer symbol’ from South Indian language
Quote:

Software engineers at Aloha Browser initially discovered two Unicode symbols in Telugu that crashes any Apple device using the default San Francisco font which includes iPhones, iPads, Macs and watch OS devices with text-displaying screens.


Quote:

It can also wreak havoc when deployed as an SSID (service set identifier) in a WiFi network. For instance, if a user were to input the offending Unicode symbols in their SSID and then use their device as a WiFi hotspot, they could, theoretically, flash crash all Apple devices within range that had their WiFi enabled.
Post 17 Feb 2018, 17:10
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16057
Location: 112 Ocean Avenue, Amityville
Apple: "It just works". Hehe.
Post 17 Feb 2018, 17:16
View user's profile Send private message Visit poster's website Reply with quote
Coty



Joined: 17 May 2010
Posts: 545
Location: ␀
sleepsleep wrote:

Quote:

It can also wreak havoc when deployed as an SSID (service set identifier) in a WiFi network. For instance, if a user were to input the offending Unicode symbols in their SSID and then use their device as a WiFi hotspot, they could, theoretically, flash crash all Apple devices within range that had their WiFi enabled.

That's funny. I'm going to have to try that later.
Post 17 Feb 2018, 17:42
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1260
Stuff like this and many other Unicode exploits (like the hebrew/arabic crap bugs in some apps since they are written from right to left) are the reason that Unicode should be OPTIONAL and able to be forcefully disabled.
Post 17 Feb 2018, 18:32
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16057
Location: 112 Ocean Avenue, Amityville
If you are writing an app that displays characters (unicode, or otherwise) then there is no excuse for not testing every character. There are only just over 1M valid Unicode characters, a test program could spin through those in a few seconds. "It just works", hehe.
Post 17 Feb 2018, 18:46
View user's profile Send private message Visit poster's website Reply with quote
Coty



Joined: 17 May 2010
Posts: 545
Location: ␀
revolution wrote:
If you are writing an app that displays characters (unicode, or otherwise) then there is no excuse for not testing every character. There are only just over 1M valid Unicode characters, a test program could spin through those in a few seconds. "It just works", hehe.


It's a little more complicated than that. Uni-code is capable of rendering character combinations together. For example it can see that you have "e" and "`" glued together with the appropriate syntax it will render "è". It appears that this is what is happening with this "single character". Something in apples unicode renderer (Core Text) is messed up when this instance in particular is introduced (and it must be fairly uncommon as it effects the last 2 years of OS).

This particular character combination appears to be from a combination of two symbols (Notice, I have them spaced out with a "+" in-between them so they don't marry each other):

Code:
జ్ఞ  +  ‌ా     


Bellow is 2 things, The screen shots of what removing the space does on both win10 and macOS as well as a zip file of the character that crashes texedit.

Notice I had to put it in a zip file as the web browser on my mac crashed every-time I attempted to attach uncompressed. Razz


Description:
Filesize: 60.03 KB
Viewed: 2644 Time(s)

Untitled-1.jpg


Description:
Download
Filename: Crash.zip
Filesize: 652 Bytes
Downloaded: 59 Time(s)

Post 17 Feb 2018, 20:19
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16057
Location: 112 Ocean Avenue, Amityville
And a test program can spin through those composed characters also. It called "testing", maybe Apple doesn't know about it?
Post 18 Feb 2018, 04:35
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1260
revolution wrote:
And a test program can spin through those composed characters also. It called "testing", maybe Apple doesn't know about it?
Unicode is convoluted so doing it "properly" requires expertise and is a pain in the ass.

It's too much work and everyone should use English anyway. Better just remove it.

(I'm half sarcastic)
Post 18 Feb 2018, 13:54
View user's profile Send private message Reply with quote
Coty



Joined: 17 May 2010
Posts: 545
Location: ␀
Furs wrote:
Unicode is convoluted so doing it "properly" requires expertise and is a pain in the ass.


Correct, although, I'll admit I only know enough about uni-code to stumble around it with code that looks like I just took a hammer to a rock, and to know it's a PITA.

I don't see any reason you couldn't write such a program. But I think in the end you might end up with some code that looks like it's working... but misses a few characters... and someone who knows all the possible symbols would have to still comb through it to make sure it works... And then, uni-code dumps 7000 new symbols on on June 2017... just like they did in Jun 2016... and in 2015...

Furs wrote:
It's too much work and everyone should use English anyway. Better just remove it.

(I'm half sarcastic)

I'll admit... sometimes I feel that way.
Post 18 Feb 2018, 16:31
View user's profile Send private message Send e-mail Visit poster's website AIM Address Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2309
Location: Usono (aka, USA)
Furs wrote:

Stuff like this and many other Unicode exploits (like the hebrew/arabic crap bugs in some apps since they are written from right to left) are the reason that Unicode should be OPTIONAL and able to be forcefully disabled.

Unicode is convoluted so doing it "properly" requires expertise and is a pain in the ass.


Not only is Unicode not optional, but it's considered mandatory, the only supported path going forward. For many years, many programs have only used Unicode-aware APIs.

Sure, as a DOS fan, I would love if so-called "portable" sources had a fallback to 8-bit chars, but that's not going to happen. Don't forget that even Python 2 is going away soon, in favor of Unicode-by-default Python 3.

I agree that it's got some dark corners, but that's (almost) unavoidable. Sure, I also dislike the obsoletion of older OSes, and I think the big promise of Unicode support for many languages is rarely matched, usually only giving a handful of common languages as supported. Potential that is unmet is not any better than broken promises.

But many countries' governments (and EU?) require support for their languages in all software they buy and use.

Furs wrote:

It's too much work and everyone should use English anyway. Better just remove it.

(I'm half sarcastic)


Are you an American? I am, and thus I only really know English. (It's not absolute, but most Americans are monolingual, unlike most of the rest of the world.) To say "English only" is a bit naive and will never happen. Remember "lingua franca"? It's not that common anymore, nor is Latin. While English is indeed popular, out of principle many people refuse to be forced to use it.

The world, especially Europe, is very fractured. Dr. L. L. Zamenhof grew up in Poland, as a lapsed Jew (Hebrew) of Lithuanian descent speaking Russian. He thought many problems of the world were due to incompatible languages. Thus, he invented Esperanto as a simplified language (only 16 grammar rules) with a relatively small, affix-based vocabulary. While it has had some minor success in the past 100 years (many organizations, tons of publications), overall it is ignored.

E-o was meant to be politically neutral, only as a secondary language (thus didn't replace or obsolete anyone). It was based upon common, existing, universal root words. But people still whine about it being too Euro-centric. The alphabet is supported in Unicode's BMP, but you can also kludge it with (e.g.) "ch" instead of "c with circumflex". So it's not hard to support, and certainly having a common secondary language removes the need to support dozens of others, reducing the burden enormously. That doesn't mean you can't (or shouldn't) support others too, but it's meant as a kind of minimum common base to build upon.

So personally I think Esperanto is a better "solution" than "English only". But you can only lead a horse to water, you can't make him drink. If someone doesn't want to cooperate, no potential solution will change that. People have to make their own mistakes.
Post 20 Feb 2018, 05:50
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2309
Location: Usono (aka, USA)
Languages of the European Union is an interesting read.

Wikipedia wrote:

The EU has 24 official languages, of which three (English, French and German) have the higher status of "procedural" languages of the European Commission (whereas the European Parliament accepts all official languages as working languages).

The most widely spoken language in the EU is English, which is understood by 51% of all adults, while German is the most widely used mother tongue, spoken by 18%. All 24 official languages of the EU are accepted as working languages, but in practice only two – English and French – are in wide general use and of these English is the more commonly used. French is an official language in all three of the cities that are political centres of the Union.

When the United Kingdom and Ireland joined the EU's predecessor in 1973, French was the dominant language of the institutions. With the addition of Sweden and Finland in the 1990s, and the Eastern European states in the 2000s, English slowly supplanted French as the dominant working language of the institutions. In 2015, it was estimated that 80% of legislative proposals were drafted first in English. The role of English as a lingua franca is believed to be likely to continue, given how heavily staff rely on it.

For millennia, Latin has served as a lingua franca for administrative, scholarly, religious, political, etc. purposes in the area of the present-day European Union. Latin as a lingua franca of Europe was rivalled only by Greek. Latin served as the undisputed European lingua franca until the 19th century, when the cultures of unwritten languages and the "national languages" started to gain ground and claim status.

The European party Europe – Democracy – Esperanto seeks to establish the planned language as an official second language in the EU in order to make international communication more efficient and fair in economical and philosophical terms. They are based on the conclusions of the Grin Report, which concluded that it would hypothetically allow savings to the EU of €25 billion a year (€54 for every citizen) and have other benefits. However, the EU Parliament has stated clearly that language education is the responsibility of member states.
Post 20 Feb 2018, 06:16
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7630
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
Firefox Quantum
they will upgrade / downgrade your current firefox, Laughing and this actually cause incompatible with some "used to work" websites,

and i dont think they ask your permission either because one f. morning after you switch on your computer, your firefox changed by itself, Laughing
Post 20 Feb 2018, 07:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16057
Location: 112 Ocean Avenue, Amityville
Automatic updates are not a good thing IMO. No external source should have that sort of control over one's local systems.
Post 20 Feb 2018, 08:06
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1260
rugxulo wrote:
Not only is Unicode not optional, but it's considered mandatory, the only supported path going forward.
I know. That's exactly the problem I have with it.

rugxulo wrote:
Sure, as a DOS fan, I would love if so-called "portable" sources had a fallback to 8-bit chars, but that's not going to happen. Don't forget that even Python 2 is going away soon, in favor of Unicode-by-default Python 3.
Linux uses UTF-8 which is also "8-bit chars" for any ASCII character less than 128... which is more ok, but I still hate the fact I'm forced to use Unicode in cases I don't want to.

What I mean by that is like this case: displaying a stupid character I wouldn't be able to read anyway and have it crash and so on. How about people can just disable all the stupid languages they couldn't care less about? I mean, WTF is the point of them if one can't even read them...?

rugxulo wrote:
But many countries' governments (and EU?) require support for their languages in all software they buy and use.
It's one of the main reasons I hate the EU.

rugxulo wrote:
Are you an American? I am, and thus I only really know English.
No, I'm in the EU, sadly (in a crap country called Romania on top of that). English is not even my first language.

I don't understand why people make a fuss about their native language. I mean, their emotional attachment to their "native" language as if it matters where they were born to change their damn character. I will never understand this garbage or nationalism or patriotism or whatever.

Let's face it: English is the international language, no matter how many others hate this fact. And they hate it because of the aforementioned irrational "emotional attachment" to their stupid native languages.

rugxulo wrote:
So personally I think Esperanto is a better "solution" than "English only". But you can only lead a horse to water, you can't make him drink. If someone doesn't want to cooperate, no potential solution will change that. People have to make their own mistakes.
I completely disagree.

Esperanto failed because it sounds like Spanish. If it were designed around a simplified English language it would have probably succeeded long ago.

Why are people so stubborn into loving English even as it is the international language? It's usually the people here in the EU who are so opposed and resistant to English -- look at many Asian countries, they speak English if not their native language. EU is sickening to me.

And lastly: nobody wants a retarded language with "accents" or other garbage like that as the international one, especially not one you have to type. This is why English is the best fit as an international language or a "technical language". Simple as that. You don't even need Unicode if the language doesn't have accents and uses the latin alphabet.
Post 20 Feb 2018, 12:55
View user's profile Send private message Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2309
Location: Usono (aka, USA)
Furs wrote:

What I mean by that is like this case: displaying a stupid character I wouldn't be able to read anyway and have it crash and so on. How about people can just disable all the stupid languages they couldn't care less about? I mean, WTF is the point of them if one can't even read them...?


It's extremely ambitious and quite hard work to pretend to support everyone. But broken support should be disabled (or removed, if it can't be fixed). It's impossible for one person (or small group) to support literally all 6000+ active world languages. Even the EU "only" has 24 (for now). Partial support is still good, better than nothing, but not ideal.

Furs wrote:

rugxulo wrote:
Are you an American? I am, and thus I only really know English.
No, I'm in the EU, sadly (in a crap country called Romania on top of that). English is not even my first language.


Well, please don't let an American tell you to be more accepting of other languages. Cool

Romanian is a Romance language, apparently with 24 million speakers!! That's nothing to sneeze at.

Furs wrote:

I don't understand why people make a fuss about their native language. I mean, their emotional attachment to their "native" language as if it matters where they were born to change their damn character. I will never understand this garbage or nationalism or patriotism or whatever.

Let's face it: English is the international language, no matter how many others hate this fact. And they hate it because of the aforementioned irrational "emotional attachment" to their stupid native languages.


Well, native language is easiest (usually). It's dumb to tell someone to forcibly do something that is difficult or even impossible, especially exclusively. Certainly some languages are harder to learn and use than others. Also, fluency varies: dialects, slang, grammar, etc.

It doesn't mean there is no middle ground. That usually means supporting each in its own context, when appropriate, not obsoleting the others because they are politically unfavorable.

I agree that nationalism, legalism, etc. aren't beneficial to most people. It's better to be friendly and supporting rather than isolated. Pure stubbornness, without good reason, is harmful. It's easy to be "AMD64 only" or "C++17 only" or whatever, but truly there's a larger world out there.

A universal spirit of cooperation and openness is probably more beneficial to the world than any proprietary, local advantage. (Yes, I'm mixing ideologies here, but I don't want to turn this discussion too philosophical.)

Furs wrote:

rugxulo wrote:
So personally I think Esperanto is a better "solution" than "English only". But you can only lead a horse to water, you can't make him drink. If someone doesn't want to cooperate, no potential solution will change that. People have to make their own mistakes.
I completely disagree.

Esperanto failed because it sounds like Spanish. If it were designed around a simplified English language it would have probably succeeded long ago.


AFAIK, some say it sounds more like Italian (also a Romance language like Spanish). But it also has Slavic influence. There were already defined some English subsets (isn't everything in life a subset??) by various groups, but they didn't succeed (for random reasons).

Furs wrote:

Why are people so stubborn into loving English even as it is the international language? It's usually the people here in the EU who are so opposed and resistant to English -- look at many Asian countries, they speak English if not their native language.


I'm not aware of many Asian countries having English as official language. Singapore? Philippines? Dunno about Hong Kong (China) ... hmm, Wikipedia says little left there.

https://en.wikipedia.org/wiki/English-speaking_world#Countries_where_English_is_an_official_language

But that doesn't mean it is actively used much, officially or otherwise. Just calling something supported doesn't mean a lot.

I will barely agree that English is widely used, but that doesn't mean I agree that all (or any) communication must forcibly use it or even that it would be a good suggestion. I'm somewhat undecided and cynical, mostly because I know that others (rightfully) won't agree. I'm not naive enough to believe E-o can or will or should conquer the world (so to speak), but it's at least a viable option. Just because it's relatively unpopular (although widely successful in many ways) doesn't mean it doesn't "work". If you don't want to use it, fine, but it does what it set out to do.

Furs wrote:

And lastly: nobody wants a retarded language with "accents" or other garbage like that as the international one, especially not one you have to type. This is why English is the best fit as an international language or a "technical language". Simple as that. You don't even need Unicode if the language doesn't have accents and uses the latin alphabet.


That was a complaint with E-o, but the official workaround (among others) is very simple to use. So it's easily 7-bit clean, too, if you desire. There has already been an incompatible fork of E-o (actually from a long time ago) called Ido (meaning offspring) that lacked accents, but it hasn't had nearly as much success, by far. So I don't think that's really a deal-breaker for anyone.

In all fairness, the urge to learn another language is low in some circumstances because there is no active need. You know, necessity is the mother of invention. So there's no reason to try to learn a language with no native speakers, no books, no raw data to ingest. The Internet does make communication easier, but overall, if there's no direct advantage, most people won't waste their time, even if we think it would be nice or respectful or whatever.
Post 20 Feb 2018, 22:07
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 1260
rugxulo wrote:
It's extremely ambitious and quite hard work to pretend to support everyone. But broken support should be disabled (or removed, if it can't be fixed). It's impossible for one person (or small group) to support literally all 6000+ active world languages. Even the EU "only" has 24 (for now). Partial support is still good, better than nothing, but not ideal.
I mean, make it optional, and remove the feature (or disable it) if user requests so. I mean, most software allows you to disable locales you don't care about, which is not even as bad since that doesn't actually have bugs. You may think it's more burden on the developers but Unicode is already a massive burden on them.

rugxulo wrote:
Well, native language is easiest (usually). It's dumb to tell someone to forcibly do something that is difficult or even impossible, especially exclusively. Certainly some languages are harder to learn and use than others. Also, fluency varies: dialects, slang, grammar, etc.

It doesn't mean there is no middle ground. That usually means supporting each in its own context, when appropriate, not obsoleting the others because they are politically unfavorable.
No, I mean people who know English on a good level, but prefer to not use it. Even if they don't know it perfectly, you don't need to know English perfectly to use software. And heck, you'll learn it more if you use it more often. Slang? It's not like software cares about slang, so it doesn't matter.

These people even ask questions on forum how to change the language, despite them perfectly understanding English. I mean they ask the question in perfectly-good English after all. Unsurprisingly, they're usually in some sort of EU country. And what they need it for? For software UI? As if that's difficult. It is clear they just hate the English language. This stupidity and irrationality is what pisses me off. They not just love their language for emotional (i.e. stupid) reasons, but they also hate English for similar reasons (maybe jealous on it).

I know that personal experience doesn't count as an argument, but I will say it anyway: I have never seen an asian or resident of other continent ask a question in good English (so he knows it) how to change language to his native one, or whatever. Never seen someone ask for Chinese or Japanese or Thai or whatever if he knew English (those asking in very bad English are a different matter, as they don't understand it and likely used Google Translate).

Plenty of requests for French and Spanish especially (lol), followed by German and eastern languages. Nordic ones very rarely, if ever. Pattern is obvious.

rugxulo wrote:
AFAIK, some say it sounds more like Italian (also a Romance language like Spanish). But it also has Slavic influence. There were already defined some English subsets (isn't everything in life a subset??) by various groups, but they didn't succeed (for random reasons).
Nah, even the name itself sounds very Spanish-like. That's its downfall. Doesn't matter how much influence it gets from other languages, the impression is what counts.

A new international language needs to borrow only from English, because English is the current international language. If you want it to replace English (for international communication), that's what you need to do.

Why a new language then? Because English is peculiar in many cases and kind of hard for some people (well, almost any language has its own issues), and a "designed English" would simplify it. That's all.



And lastly, accents have a different problem than just encoding. They're just stupid in general. It makes things harder to read, and if the pronounciation requires them, it means the language sucks. I mean, yeah, English has its own faults, but English is not a designed language, so it is "excused" here.

We're talking about a designed language here after all (Esperanto), so it's a perfectly valid concern. In short, Esperanto failed because it borrowed from the wrong languages. It should've borrowed the word origins only from English, with grammar perhaps from simple languages.
Post 21 Feb 2018, 15:27
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 7630
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
she likes, i like, they like, we like, he likes,

why adding s when the word before verb notify us whether it is singular or plural,

and why you need to have different kind of complexities in order to show past, present or future,

i move the stupid stone,
the stupid stone was moved by me,

is, are, was, were, why create complexities,

this, these, stupid stone, stones, are so damn unnecessary,
Post 21 Feb 2018, 15:38
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2018, Tomasz Grysztar.

Powered by rwasa.