Here we go again:

http://www.winnetmag.net/Article/ArticleID/44502/44502.html

I broke down yesterday and installed SP2, against my better judgment. It seems like a lot of the security concerns have to do with IE, which I don't use, so I'm feeling pretty ok about things. But you have to imagine I sat with my finger over the install button for a while before I flipped the switch. Nice to see I'll be patching my patch soon...

I broke down yesterday and installed SP2, against my better judgment. It seems like a lot of the security concerns have to do with IE, which I don't use, so I'm feeling pretty ok about things. But you have to imagine I sat with my finger over the install button for a while before I flipped the switch. Nice to see I'll be patching my patch soon...

I broke down too!!! Only stupid thing is some firewalls tend to have issues after SP2 :evil:

My Sygate seems to fuction just fine, but they recently released a fix, which I have to install at home (it's installed now at work).

I'm still on good old XPSP1, I think the main difference is the computer was patched manually and not by Micro$oft ;)

My only real problem with Micro$oft is IE.

Agreed. Actually, my real problem is with IE and FrontPage. Regular Office apps work well, and Visio is pretty kick-butt for what it does. I don't mind XP and patching -at least they make it easy. I just wish one set of patches didn't beget a whole new set every time.

Here's one of the IE holes, so it looks like the aren't all XPSP2:

http://www.securitytracker.com/alerts/2004/Nov/1012138.html

I don't think sticking with SP1 is the answer.

Good to know, since I just upgraded. I was more concerned with the ways in which IE loses its local scripting acceptance. I like the idea of being able to use JavaScript locally and have it turned off when pulling remote content. I guess I'll just have to make myself a trusted site.

Actually, SP2 FINALLY fixes that horrible JS hole that had been there from the start with IE. I think disabling JS altogether is overly paranoid, but then again I don't surf through multiple proxies with faked UA strings, either...

BTW, as to your custom UA strings, you realize a side effect is you'll never be served a page from an intermediary cache? See, squid and others make a table of UA strings to compare with page served from the source. You'll hit these, and not be in the table, causing a redirect to source. This may make you happy, but it mucks about with CDNs like Akamai. FYI. I just learned this yesterday, your little string came to mind...

Hey now, it's just one proxy, and it's localhost. No more advertisements. Funny...if we put banners on IWDN, I'd never se them...

I had to go look up CDNs - that's a new one for me. "Content Delivery Networks," for those who didn't know. This may be the case, that my proxy messes with this function, but better for me to give them something to develop to than to give up my browsing preferences, right? After all, it's my experience to have. I'm just thankful developers haven't abused the !important demarcation (!important still overrides browser preferences, right?).

Out of curiousity, what do I lose by not being served pages from an intermediary cache?

Lose? Nothing. Gain? Latency and download times. As long as you're aware that you're making that tradeoff. :)

I had to go look up CDNs - that's a new one for me. "Content Delivery Networks," for those who didn't know.

Another nifty little mod I'm sure exists for this forum software implements a little something I set up when I had PmWiki going -- acronym markup. Can also be used for abbreviation. Good ol' HTML to the rescue, all you have to do is create a reference file for the site, and some spiffy CSS to pop up the expansion on hover. Probably come in handy around here...

http://www.benmeadowcroft.com/webdev/articles/abbr-vs-acronym.shtml

It would have to be a dual system using JavaScript and CSS to cover those few lost souls who still use IE, since IE doesn't understand the :hover pseudo-class on anything other than links. :(

The only thing "hover" is needed for is if you want to change the cursor, otherwise CSS isn't involved. It's back-end application functionality to search for acronyms on a list and change them like so:

<acronym title="Cascading Style Sheets">CSS</acronym>

Like I said, good ol' HTML! That 'title' will display on hover, right? 8)

Like I said, good ol' HTML! That 'title' will display on hover, right?

Supposed to I believe.

By the way, it turns out I'm running a 'Streamlined' SP2 but my system detects it as 1 because not all the junk is in there, just what we wanted in ;)

I figured as much. That's why I included the above link. Scroll down to the bottom of it for evidence of my position:

XPSP2 is different enough to qualify as a new OS. There are many many more interdependencies than I think the people selectively applying patches to SP1 are aware of. Without subjecting the resulting hybrid to the same rigorous testing the SP2 implementation gets not only from Microsoft but the black-hat crowd as well, how do you know your custom job is more secure, let alone whether the latest security flaw applies to you or not?

If you are doing those things, in addition to paying for XP licenses, congratulations on deploying the world's most expensive-to-maintain XP installation... :lol:

how do you know your custom job is more secure, let alone whether the latest security flaw applies to you or not?

My dad works along side a security expert who patches their company computers and also advises my dad what to do etc. ;) It may not necessarily be more secure, but I have good reason to believe so.