> It would also help quite a bit if we had better encapsulation
> technology. Binary plug-ins for browsers are generally a bad
> idea -- having things like video players in separate processes
> where operating system facilities can be used to cage them more
> effectively would also help to mitigat
Jerry Leichter writes:
> On Jul 26, 2009, at 11:20 PM, Perry E. Metzger wrote:
>> Jerry Leichter writes:
>>> While I agree with the sentiment and the theory, I'm not sure that it
>>> really works that way. How many actual implementations of typical
>>> protocols are there?
>>
> I'm aware of at
> > While I agree with the sentiment and the theory, I'm not sure that it
> > really works that way. How many actual implementations of typical
> > protocols are there?
For Adobe Flash, there are three separate implementations -- Adobe's
proprietary one, GNU Gnash, and Swfdec.
Gnash is focused o
"Perry E. Metzger" writes:
>Jerry Leichter writes:
>> One way or another, a single implementation usually wins out in the
>> OSS community.
>
>See above -- even counting only open source, we have *many* implementations.
>Heck, there are even multiple independent open source SSL, SSH and PGP
>impl
"Perry E. Metzger" writes:
>This highlights an unfortunate instance of monoculture -- nearly everyone on
>the internet uses Flash for nearly all the video they watch, so just about
>everyone in the world is using a binary module from a single vendor day in,
>day out.
There are quite a number of
On Jul 26, 2009, at 11:20 PM, Perry E. Metzger wrote:
Jerry Leichter writes:
While I agree with the sentiment and the theory, I'm not sure that it
really works that way. How many actual implementations of typical
protocols are there?
I'm aware of at least four TCP/IP implementations in comm
Jerry Leichter writes:
> While I agree with the sentiment and the theory, I'm not sure that it
> really works that way. How many actual implementations of typical
> protocols are there?
I'm aware of at least four TCP/IP implementations in common use, several
common HTTP servers (though there ar
On Jul 26, 2009, at 2:27 PM, Perry E. Metzger wrote:
...[T]here is an exploitable hole in
Adobe's "Flash" right now, and there is no fix available yet
This highlights an unfortunate instance of monoculture -- nearly
everyone on the internet uses Flash for nearly all the video they
watch,
s
This is purely about security, not on crypto.
For those of you not in the know, there is an exploitable hole in
Adobe's "Flash" right now, and there is no fix available yet:
http://www.adobe.com/support/security/advisories/apsa09-03.html
(See also:
http://www.us-cert.gov/cas/techalerts/TA09-204