Not on their system. In the attack scenario the user's current directory, by whatever means, is a foreign system. Maybe it's a PC on the local network, maybe it's a Webdav share on some server in another country.

Yes I was wondering if it was more the possibility of non-local loading. But in that case, I'd still say it's an OS flaw, not an application flaw - surely it's the OSs job to set the allowed DLL paths up correctly and securely, so that the local disk and trusted networks are included, but things like webdav shares or downloading from a web page in general aren't.

Thanks for the info, I was wondering if that was the case. Although given that the standard linking case allows for DLLs to be anywhere in the search path, it's still unclear to me why specifying a DLL in LoadLibrary without a specific path is bad, and if it has different behaviour, shouldn't that be an OS flaw? (I.e., ideally an application should be able to use LoadLibrary with the same paths being searched as in the standard linking case when a DLL is needed for the application to start.)

But if it's true that the folder of the data file is included in the search path for DLLs (as opposed to the folder of the application), isn't that something that Microsoft should fix?

How would an application developer fix it to avoid this problem, whilst still allowing the possibility of loading DLLs from the application folder (honest question, I'm not saying it isn't possible, just curious of the solution)?

Do you know how things work with linking the usual way with a lib file (as opposed to manually calling LoadLibrary)?

You mean of the ebook (text) itself, or the physical ebook reader? Either way, I don't see how that makes anything illegal.

You don't agree to a contract before buying these things; contracts are a civil not criminal issue; and I don't see how that should prevent someone producing a screen reader, even if someone else had "agreed" to not use one on "their" device.

Sorry, you're confusing Microsoft, with PCs. Yes, one advantage PCs had over other platforms was that they could be made by anyone, and worked to a common standard.

But that would still be true, with or without Microsoft, and whether we had a monopoly OS company or not. There were other OSs you could run on any PC.

And, for that matter, would any other company be better than MS? Apple is all about lock-in.

Well, I agree that Apple are far worse in this respect (look at the IPRODUCTS), but equally, it's wrong to claim that Microsoft are responsible for creating interoperability. They've done plenty to resist open standards regarding their operating system and file formats, too (e.g., restricting use of NTFS).

Heaven forbid...

Well, PCs had already achieved dominance in business in the 80s, and there were other operating systems for PCs. Some of them were dire, but then so was DOS, and there were better alternatives to DOS (e.g., OS/2 - yes we laugh now, and I laughed at the time when I compared it to AmigaOS, and saw how they were bragging about 32-bit and multitasking in 1994, but they were still ahead of Microsoft, who did the same thing in 1995).

So most likely we'd still be using PCs, running some other operating system.

And even though other platforms may have benefitted from a lack of Microsoft, there was far more than Apple - e.g., the Amiga, BeOS, Linux - who also would have benefitted.

I agree - it's unclear to me what the "fault" of the developer is here, and which applications are at fault. I thought that loading a DLL by name without a specific path was standard practice? And how does it work with linking - in my experience, all applications I've written and used can either use a DLL in the standard path, or be overridden by a local DLL, so surely that's standard practice too? And wouldn't this affect almost every Windows program that uses DLL?

But then, I'm not sure that this is a bad system anyway. Well, if it's possible to include a DLL loaded off a web page as being the standard path, that seems a gaping hole. However, if this flaw requires an attacker to already install a dodgy DLL in the user's path on their system, surely that would already be the security flaw? I mean, it's a bit like saying "It's a flaw that people can run exes by double clicking, there could be malicious code" - the flaw isn't in running exes, the flaw is how they got there in the first place.

What is the proposed fix for applications that link to DLLs? And how do other operating systems work - again, I thought that having a path system allowing multiple possible locations for shared libraries wasn't uncommon?

Yet you're happy to sign up for a Slashdot account, using a 3rd party server. Are you seriously saying that that's just as weird as if "North Korea" had an account to post on here?

The point is, if he did want that, there are many phones to consider besides the Iphone. Even sticking with Nokia, they have the number one smartphone platform, Symbian.

Stop trying to treat your phone like a desktop ... or even a sub notebook and you'll be a lot happier AND more productive.

If you just want a phone, get a locked down feature phone that does Internet access and apps, and is way cheaper than Apple's. But the point of a smartphone is, or was before Apple redefined the term, to provide something more like a mobile handheld computer.

If you had 15 mod points all in one go, I presume you must have multiple sockpuppet accounts, which you're using to mod down people for liking the N900, and then you come and violate the spirit of the rules by posting in the same thread.

And you accuse them of being fanatical?

(And yes, it is a once in a blue moon thread about Nokia, the number one phone company. If you don't like people praising devices and being unable to cope with any criticism, why not have a go on the many Iphone stories?)

That would be like me saying I can't put a GPS on my car to keep tabs on where it goes when my son drives it.

What if you were running a hire car business, and kept a big database on every customer and where they drove to in the cars you hired out?

I mean, there's an uproar on places like here about the possibility of Google doing similar things with search queries - I don't hear the "But it's their server" argument then. And rightly so - the issue of privacy rights is separate to who owns what.

And an employee should have every right to monitor everything about the company, after all, they're giving up their time to work for that company? I don't think that logic follows.

Should a company put cameras in in toilet cubicles and changing rooms because they own the premises? Sometimes the issue of privacy still exists (as Germany has decided), even if someone owns the equipment. Yes, an employee is choosing to work there and use said equipment, but equally, the employer chooses to hire people, and let them use that equipment.

The problem is that erecting a big fence (or forest, as you suggest) on your own land to hide it would likely breach regulations such as planning permission (which probably wouldn't be allowed, for something that significantly changes how it looks).

So I think there should be some balance here. If we're saying it's fair game to publish anything you can from a public street, in any way, we should also allow people to take whatever steps they like on their own private land.

But if society is saying that people should be limited in what they can do, even on their private land, because it affects how it looks when viewed from other people's land, then it's also a fair balance to say that you don't necessarily have blanket rights to do absolutely whatever you like with data that's taken of private land.

(With windows, we can close the curtains. If there was a law saying you couldn't close the curtains without permission, I'd also expect laws controlling stalkers who might point a camera through the window all day long.)

FWIW, I think that Google have the right balance (not just legally, but also ethically - Don't Be Evil, remember?), in that they put the images up, but remove them if people object. This photographer may have a legal right to take photos, but others also have a legal right to criticise him for doing so.

Well, once you have taken the photograph, you then own the copyright on it. This entitles you to do pretty much whatever you like with it.

No - copyright means you can stop others from copying it. It's a necessity for being able to publish, but not a sufficiency. If there's another reason why you can't publish it (which could be anything from model rights as we're discussing here, or other things like defamation, or indeed, if the photograph is itself of a copyrighted work of someone else's), then owning the copyright isn't always sufficient for you to publish.

No one cares.

Evidently this photographer cares.

(Anyhow, you're missing the point. The problem isn't that lots of random people will be flocking to view your photo. But that people such as employers, potential employers, family, can easily see it, without you even knowing - and with easy search faciltiies, i.e., the fact that this is being linked to Google Maps rather than simply being put on a random web page, it's not simply lost in the noise. The claim isn't that everyone is watching you, the problem is that at least some people may do so.)