Well here are facts. One of least popular (if popular at all) extensions for firefox is the EV certificate thing. They (Verisign) couldn't even make it work right. Thats my point, few people are going to install extensions, and even fewer will do it for security extensions, that's why this sort of thing has to come by default.
Phishing prevention is one thing, selling your soul to Google and send them every single URL (including the page part) you visit is another. True, but paypal havent said you have to sell your soul to google, hell i quite liked the FF2 method of downloading a list, do that regularly with diffs and you dont really need to send anybody your URLS
There are Paypal phishing pages which are up for DAYS as you can see from http://www.phishtank.com/ which they (as they are mega corp) can call the countries police chief directly from his home phone and get site raided. True, but some sites can be unknowningly infected, others can be in strange juristicion, its alot harder to catch them than it is to try and stop people getting caught in the first place. OFC paypal SHOULD go after them, but theyre a company and its just not worth it:(
Also, another fact: Never, ever call a system default browser insecure if you are CTO of a high profile company like Paypal. Why not Jobs, thinks its fine to show other operating systems with a BSOD, even non-windows systems. If jobs is calling other systems unstable, why should everybody suck up to mac. Also It was only due to a whitepaper that actually got read that it came up, they didn't go out of their way to slag off safari, its just insecure. I dont see anybody from KDE or gnome complaining
Get the damned source from www.webkit.org , code and mail/call Apple "We think Safari would be better with EV certificate checking, here is the code you can review internally." why would they want to look at webkit? this isn't to do with rendering pages this is all about the closed source safari part, the UI and lack of anti-phishing features can be provided by webkit AFAIK.
They might download something so it doesn't break, but go back to whatever they wanted to use in the first place. People do that you know. But in that case paypal has made them make their browser secure.
You do make a good point, but the people that get hit most by phising are those that dont even know what a browser is, the kind of people that will phone you up with such useful complaints as "paypal is broken, what do i do?". These people will have a friend "fix paypal" like this, and wont even know what's happened.
The next most affected people are People who do understand thier browser but dont know about phising, this will not protect them, but hopefully this will cause apple to fix their defective browser where it matters instead of work on ACID3
The least affected people are the slashdot crowd that can argue about reading address bars and the have always checked the site for a padlock.
While not perfect this does help a lot of vulnerable users, at little cost to the rest
I work for the federal bank of Nigeria, i would like to inform you that a recently deceased prince, left 500 mod points in his acount. No one will ever come forward to claim them and according to The Law of Nigerian Government, at the expiration of 10 years the, Money will revert to the Ownership of the Nigerian Government. We decided to contact you to assist me in claiming these mod points for safe Keeping and investments on her behalf as everything will be taken over by the government as provided in section 129 sub 63(N), Africa Banking Edit of 1961. This prompted us to contact you. In exchange for passing on you slashdot account details you will be credited with 10% of the mod points, The Transaction is 100% Legal and totally free of risks as all modalities has been Perfected to ensure the hitch free success of the Transaction, however due to some security risks we can only accept applicants who are using an recent version of Mac os X
Joking aside, just teach people to type addresses in the address bar, and to check the address bar and status bar when they are entering sensitive information. Problem solved. They tried that, it turns out users are idiots.
oh noes a bunch of fan boys rushed to irationally hate a company for putting out a whitepapper then implementing sane security messures, quick resign, infact the whole company should go bankrupt, hell they should go bankrupt then kill themselves for what theyve done.
OH, right its just 5% of 5%, im tempted to start using pay pal, only if they ban safari, just to keep mac fanboys crying.
EV matters? How much it cost to a commercial site at size of Paypal? Does Paypal feel their consumers are insecure instead of using FREE data from community powered services like http://www.phishtank.com/ [phishtank.com] ? Post a job listing for Cocoa/Carbon, Objective C developer. Cough some money and distribute your plugin. Don't use "No XUL" as excuse, it is easy to watch current URL on Safari. ICQ from 2003 can still read it. to the 5% of the users that know how to install plugins, thats great, but the fact is that unless its done by default, phishing victims wont install it.
EVS anti-phishing is important for the masses doest show you a URL, before you click it (by default, again default is important for the masses).
Sure you dont need security, but that's like saying that corporate networks should use virus scanners because they're users should be smart enough to not get infected / scammed.
I could browse the web using lynx and not get scammed, it doesn't mean that anybody else can.
Execpt that new users to paypal, will only sign up if they have a secure browser. And existing users that use pay pal before getting scammed will upgrade.
Your argument is like saying google shouldn't get a new capatcha because spammers have already signed up, but if they change now they can at least stop new idiots / spammers signing up.
Wait so you had an open group, and somebody messed up your group, so your blaming paypal. If I was paypal id of told you to sort out your end, and done whatever i wanted. I'm not sure if i understand this group buy stuff, but if their unrelated to paypal, its making a pool to pay for a something, you send somebody into a store, that person messes the store around, then blaming the store for thier actions.
to GP: I'm sure they miss you! but in order to keep ebay popular they have a commitment to the users above the sellers, that way they get more users and sellers that didn't leave sell more stuff, even if it comes with a restriction.
Wait so as a firefox3 user with fission user I get a safari style address bar, with EVS & it shows me the links. Why does anybody use safari? oh right it gives nice fonts:S
Yeah i mean its like they're running a web browser with admin privileges! Bash windows as much as you like but with windows you know you fscked, mac users seam to think they're safer, but running a web browser as root is a throw back to 2001. How hard would it be to crack out a wifi hostspot that modifies the webpage your browsing to install malicious payload. Hell the issue paypal are talking about is ssh, without something like EVS, it would be very easy to crack out wifi hot spots that steal all your paypal data, without end users realising, and whos going to get hit? mobile devices like the iPhone.
Maybe paypal should grown some cohones and tell the mac fan boys to spin on one! Instead of getting acid3 compliance maybe the safari guys could have been working on features like this that are actually needed. Hopefully behind the scenes, apple have said they're going to add this feature soon and paypal have given them something like 6 months before enforcing what is all round a good idea.
Yeah i mean its like they're running a web browser with admin privileges! Bash windows as much as you like but with windows you know you fscked, mac users seam to think they're safer, but running a web browser as root is a throw back to 2001. How hard would it be to crack out a wifi hostspot that modifies the webpage your browsing to install malicious payload. Hell the issue paypal are talking about is ssh, without something like EVS, it would be very easy to crack out wifi hot spots that steal all your paypal data, and whos going to get hit? mobile devices like the iPhone.
Maybe paypal should grown some cohones and tell the mac fan boys to spin on one! Instead of getting acid3 compliance maybe the safari guys could have been working on features like this that are actually needed. Hopefully behind the scenes, apple have said they're going to add this feature soon and paypal have given them something like 6 months before enforcing what is all round a good idea.
Closed source yes, but they do produce academic papers on most of their stuff, and work to open specifications (like actual html or at least good enough for cross browser, long before ms). Minor interface tweaks are fairly easy a quick search gives better gmail ( bunch of userscripts ) , gives encryption.
Your email is still on their server, if they give you a millions options it costs them lots of money, and at heart they are still a company, if you want more customisation that gmail offers, you can always use POP/IMAP (i think the same goes for hotmail) and do the processing on your side (that way they dont really care about how much you customise the interface).
Thats very inter...yawn, i skimmed through all of that non of that really limits what you can do with their API (theirs a limit that you wont be allowed to reproduce/redistribute their SDK or their services, but that doesn't mean you cant open source a project developed using it). Theres also a bit about the use of adverts, but unless i misunderstood that only applies to their tool kits, your ap doesn't have to have ads
Have i missed something or is this pointless google bashing.
Yes there is corruption ofc, but the Peer review system means that unless, somebody at every recognised journal wants to keep you theory down, its unlikely to happen. What most ID 'scientists' do is get the science part of their research publishes (such as failures in explanation of protein folding), then complain that nobody will publish their ID research.
The peer review system isn't immune from abuse but it does work.
Really, do you guys not get the news we do? Burning cars in France, oh I know, the PC word is immigrants. Killing of writers in Europe because they dared to write about someone's god? Burning cars in protest to actions by the government, has nothing to do with stupidity. Yes there are a minority of Muslims who over react here, but here we dont vote them into positions of power (not the crazies at least).
mod to me to hell if you like, but it is true that it takes a big does of exaggeration to make ID people out as a representative of America or religious America. You do raise a point but, the things that made loose respect for religious America, go far beyond ID, i think threating people because they have cars with "gay is ok" on them was what made me decide that crossing the pond isnt for me http://www.youtube.com/watch?v=LE1QVhYdIpg about 2 minutes in she "gets the boys"
Yes we can, that sounds like a great idea, at my school we had a devout atheist physics teacher (mainly due to American bible belt and the fact he had his career halted by the headmaster who was CofE), but he would say stuff like "this is the scientific theory, there is...but you can learn about it in Religious Education, because it aint science", in fact I think that what all my science teachers would say! (well other than "GTFO, the fish was for dissecting not slapping people with")
My "theory" is that i created man this morning, between my breakfast and my coffee. is that a theory, probably, is it bullshit, also true, is it a scientific theory hell no! It provides no basis for empirical testing.
ID thinking is the kind of thinking that leads you to believe that the universe popped into existence exactly as it was a 10 seconds ago, 10 seconds ago, it does actually explain the universe better than any cosmological theory, its logically infallible, and as a bonus it cant be disproved. If you start teaching ID in schools (as anything other than philosophy/Religious studies), where do you stop intelligent falling, turtles all the way down theory, brains in a vat?
On the other hand, maybe he gets the debate on the front page in a popular vein. Could be time for him and Dawkins in a live MTV cage match. And Dawkins is taking a beating, but whats this... Stephen hawkin has entered the ring and smashed stein over the head with a chair, looks like stein is out for the count.
And the whole point of the academic system, peer review, having your director check what you publish & most importantly reproduction of results, aim to keep personal bias in check.
After all your not going to spend 5/10 years working on something you think might be wrong.
Right so you end up in jail, or the give the cops a description of some kids for an offence like that and they....oh right, they have serious crime to deal with, like children getting attacked by grown men.
Actually i think they register it for you, whenever you purchase a TV the BBC get told about it.
Fortunatly for me i dont have have a tv but can watch BBC programing on iplayer for free. I think there must be some good US channels? I think the BBC also pushes up the competition, I find C4 much better, but if it wasnt for the BBC they would slump as ITV & FIVE just cant put on anything other than reality TV.
I do worry about Russia, not allowing free access to the internet is the first step in blocking out any opposition to your government. I think Putin/sock puppet putin is looking for cold war v2, with the weakening $ and the crap loads of oil in the artic circle that they've flagged ( I mean serious whats up with that, if I develop a flag can i go into a cake shop and claim any cake I 'flag' is mine?). Either that or hes looking at china becoming a superpower and just wants to hang round Whos house When he can? either way unless the people of either of those countries see past government propaganda before they loose free speech entirely, i predict 'bad shit'!
Slashdot Mirror
You do make a good point, but the people that get hit most by phising are those that dont even know what a browser is, the kind of people that will phone you up with such useful complaints as "paypal is broken, what do i do?". These people will have a friend "fix paypal" like this, and wont even know what's happened.
The next most affected people are People who do understand thier browser but dont know about phising, this will not protect them, but hopefully this will cause apple to fix their defective browser where it matters instead of work on ACID3
The least affected people are the slashdot crowd that can argue about reading address bars and the have always checked the site for a padlock.
While not perfect this does help a lot of vulnerable users, at little cost to the rest
I work for the federal bank of Nigeria, i would like to inform you that a recently deceased prince, left 500 mod points in his acount. No one will ever come forward to claim them and according to The Law of Nigerian Government, at the expiration of 10 years the, Money will revert to the Ownership of the Nigerian Government. We decided to contact you to assist me in claiming these mod points for safe Keeping and investments on her behalf as everything will be taken over by the government as provided in section 129 sub 63(N), Africa Banking Edit of 1961.
This prompted us to contact you. In exchange for passing on you slashdot account details you will be credited with 10% of the mod points, The Transaction is 100% Legal and totally free of risks as all modalities has been Perfected to ensure the hitch free success of the Transaction, however due to some security risks we can only accept applicants who are using an recent version of Mac os X
I look forward to hearing from you http://www.slashdot.scam.nig/
OH, right its just 5% of 5%, im tempted to start using pay pal, only if they ban safari, just to keep mac fanboys crying. EV matters? How much it cost to a commercial site at size of Paypal? Does Paypal feel their consumers are insecure instead of using FREE data from community powered services like http://www.phishtank.com/ [phishtank.com] ?
Post a job listing for Cocoa/Carbon, Objective C developer. Cough some money and distribute your plugin. Don't use "No XUL" as excuse, it is easy to watch current URL on Safari. ICQ from 2003 can still read it. to the 5% of the users that know how to install plugins, thats great, but the fact is that unless its done by default, phishing victims wont install it.
EVS
anti-phishing is important for the masses
doest show you a URL, before you click it (by default, again default is important for the masses).
Sure you dont need security, but that's like saying that corporate networks should use virus scanners because they're users should be smart enough to not get infected / scammed.
I could browse the web using lynx and not get scammed, it doesn't mean that anybody else can.
Execpt that new users to paypal, will only sign up if they have a secure browser.
And existing users that use pay pal before getting scammed will upgrade.
Your argument is like saying google shouldn't get a new capatcha because spammers have already signed up, but if they change now they can at least stop new idiots / spammers signing up.
Wait so you had an open group, and somebody messed up your group, so your blaming paypal. If I was paypal id of told you to sort out your end, and done whatever i wanted. I'm not sure if i understand this group buy stuff, but if their unrelated to paypal, its making a pool to pay for a something, you send somebody into a store, that person messes the store around, then blaming the store for thier actions.
to GP: I'm sure they miss you! but in order to keep ebay popular they have a commitment to the users above the sellers, that way they get more users and sellers that didn't leave sell more stuff, even if it comes with a restriction.
Wait so as a firefox3 user with fission user I get a safari style address bar, with EVS & it shows me the links.
Why does anybody use safari? oh right it gives nice fonts:S
Yeah i mean its like they're running a web browser with admin privileges! Bash windows as much as you like but with windows you know you fscked, mac users seam to think they're safer, but running a web browser as root is a throw back to 2001. How hard would it be to crack out a wifi hostspot that modifies the webpage your browsing to install malicious payload. Hell the issue paypal are talking about is ssh, without something like EVS, it would be very easy to crack out wifi hot spots that steal all your paypal data, without end users realising, and whos going to get hit? mobile devices like the iPhone.
Maybe paypal should grown some cohones and tell the mac fan boys to spin on one! Instead of getting acid3 compliance maybe the safari guys could have been working on features like this that are actually needed. Hopefully behind the scenes, apple have said they're going to add this feature soon and paypal have given them something like 6 months before enforcing what is all round a good idea.
damm formatting!
Yeah i mean its like they're running a web browser with admin privileges! Bash windows as much as you like but with windows you know you fscked, mac users seam to think they're safer, but running a web browser as root is a throw back to 2001. How hard would it be to crack out a wifi hostspot that modifies the webpage your browsing to install malicious payload. Hell the issue paypal are talking about is ssh, without something like EVS, it would be very easy to crack out wifi hot spots that steal all your paypal data, and whos going to get hit? mobile devices like the iPhone. Maybe paypal should grown some cohones and tell the mac fan boys to spin on one! Instead of getting acid3 compliance maybe the safari guys could have been working on features like this that are actually needed. Hopefully behind the scenes, apple have said they're going to add this feature soon and paypal have given them something like 6 months before enforcing what is all round a good idea.
Your email is still on their server, if they give you a millions options it costs them lots of money, and at heart they are still a company, if you want more customisation that gmail offers, you can always use POP/IMAP (i think the same goes for hotmail) and do the processing on your side (that way they dont really care about how much you customise the interface).
Thats very inter...yawn, i skimmed through all of that non of that really limits what you can do with their API (theirs a limit that you wont be allowed to reproduce/redistribute their SDK or their services, but that doesn't mean you cant open source a project developed using it). Theres also a bit about the use of adverts, but unless i misunderstood that only applies to their tool kits, your ap doesn't have to have ads
Have i missed something or is this pointless google bashing.
Yes there is corruption ofc, but the Peer review system means that unless, somebody at every recognised journal wants to keep you theory down, its unlikely to happen.
What most ID 'scientists' do is get the science part of their research publishes (such as failures in explanation of protein folding), then complain that nobody will publish their ID research.
The peer review system isn't immune from abuse but it does work.
Yes there are a minority of Muslims who over react here, but here we dont vote them into positions of power (not the crazies at least). mod to me to hell if you like, but it is true that it takes a big does of exaggeration to make ID people out as a representative of America or religious America. You do raise a point but, the things that made loose respect for religious America, go far beyond ID, i think threating people because they have cars with "gay is ok" on them was what made me decide that crossing the pond isnt for me http://www.youtube.com/watch?v=LE1QVhYdIpg about 2 minutes in she "gets the boys"
Yes we can, that sounds like a great idea, at my school we had a devout atheist physics teacher (mainly due to American bible belt and the fact he had his career halted by the headmaster who was CofE), but he would say stuff like "this is the scientific theory, there is...but you can learn about it in Religious Education, because it aint science", in fact I think that what all my science teachers would say! (well other than "GTFO, the fish was for dissecting not slapping people with")
My "theory" is that i created man this morning, between my breakfast and my coffee.
is that a theory, probably, is it bullshit, also true, is it a scientific theory hell no! It provides no basis for empirical testing.
ID thinking is the kind of thinking that leads you to believe that the universe popped into existence exactly as it was a 10 seconds ago, 10 seconds ago, it does actually explain the universe better than any cosmological theory, its logically infallible, and as a bonus it cant be disproved. If you start teaching ID in schools (as anything other than philosophy/Religious studies), where do you stop intelligent falling, turtles all the way down theory, brains in a vat?
And the whole point of the academic system, peer review, having your director check what you publish & most importantly reproduction of results, aim to keep personal bias in check.
After all your not going to spend 5/10 years working on something you think might be wrong.
Right so you end up in jail,
or the give the cops a description of some kids for an offence like that and they....oh right, they have serious crime to deal with, like children getting attacked by grown men.
Have to agree, i think they've been illegal in the UK for some time, and we dont have to put up with that crap any more!
Actually i think they register it for you, whenever you purchase a TV the BBC get told about it.
Fortunatly for me i dont have have a tv but can watch BBC programing on iplayer for free.
I think there must be some good US channels? I think the BBC also pushes up the competition, I find C4 much better, but if it wasnt for the BBC they would slump as ITV & FIVE just cant put on anything other than reality TV.
I do worry about Russia, not allowing free access to the internet is the first step in blocking out any opposition to your government. I think Putin/sock puppet putin is looking for cold war v2, with the weakening $ and the crap loads of oil in the artic circle that they've flagged ( I mean serious whats up with that, if I develop a flag can i go into a cake shop and claim any cake I 'flag' is mine?). Either that or hes looking at china becoming a superpower and just wants to hang round Whos house When he can? either way unless the people of either of those countries see past government propaganda before they loose free speech entirely, i predict 'bad shit'!
Its the omnipotent bunnies they're more worried about!
Cue thinkgeek ad.
They only plan on porting zombie games, as we all no BSD is dead!
p.s before you mod me down, remember this is slashdot not youtube, you do get sarcasm here!
Sweden's vote invalidation makes much more sense.
Voting no would have lost them the furniture deal, but voting yes would not have increase furniture sales, its all falling into place now.