1. It can already be turned off via about:config (RTFA), and if it actually makes it into Firefox 2.0 there will probably be a checkbox in Preferences.
2. As a guy with a website, I'm actually curious as to which links people click on to leave. Server logs will tell me which pages on my site are most popular and where visitors are coming from, but they won't tell me where they're going unless I go to the effort of creating a redirect script and linking through that -- and while I'm curious, I don't care enough to go to that effort. (Though advertisers and sites with marketroids do care, and have gone to the effort -- often sneakily.)
No, it's different because the WHATWG is operating with public specs and has reps from 3 of the 4 major browser developers (Mozilla, KHTML/WebKit, and Opera) alread on board to implement things. You may have heard of the element first used in Safari, now available in Firefox, and soon to be available in Opera?
Well, I think that referrer is much more privacy-invasive than this one.
I suppose it depends on where the ping is going. As a guy who owns a web page, I'm definitely curious about how people leave my site. Do they just close the window, or do most of them follow a particular link. Since you already know people are visiting your page, and you already know what links you've put there, it only gives you a little more info.
On the other hand, this can also be used to notify third-party sites. Ad servers, for instance.
It's amazing how many people on the comment thread don't seem to recognize that simple fact. I mean, WHATWG already has reps from Mozilla, KHTML/WebKit, and Opera -- just look at the implementation of <canvas> in Safari 2.0, then Firefox 1.5, then Opera 9.0 (I think I've got the versions right).
Most importantly, the intended behavior is defined in a public spacification, which means that if Microsoft feels like it, they can easily add any WHATWG feature to IE and have it work the same way as existing implementations.
An extension probably won't be necessary by the time 2.0 is released. Either Firefox will abandon the feature, or they'll have written the UI to disable it.
It's technically not necessary right now for people who are willing to deal with about:config and toggle the preference there -- which is the only people who should be using the trunk builds anyway.
NEVER post your e-mail on a web page. 2. NEVER e-mail somebody you don't know.
Neither will protect you from dictionary attacks. And now that spammers have armies of zombies at their beck and call, they're doing distributed dictionary attacks, which are harder to detect and block.
Common first names, first initials with common last names, role descriptions... Heck, we even get spam sent to template@(domain name) because it happened to be active at the time someone tried sending it mail.
Unless you make your email address really hard to guess....
Could this be a trend forming where sites run and therefor promoted by geeks, even though the content isn't actually geek related tends to have a higher number of visitors using firefox?
Hard to say. One of my websites (the one in my sig) is obviously geek-oriented, and has had Firefox in the lead since it started. Current stats for this month are running Firefox at 46%, IE at 21% and Opera at 19%. (Of course, I do tend to promote it in Opera and Firefox communities.)
At another site I run, which gets a more mainstream audience (most of the traffic goes to a comic-book fan site), IE still has the lead, but Firefox has consistently pulled about twice its global marketshare at any given time, currently running about 18.5% (current global stats are at just under 10%).
I suspect the previous poster was referring to some of the DHTML tutorials on W3Schools, which IIRC include IE-only techniques. It's been a long time since I've gone there for anything other than stats, though, so I'm not entirely sure.
For the most part Firefox installs it's own updates unless you're using some ancient version or somehow disable updating.;)
The 1.0 series is only ancient if you've been following the alphas and betas. 1.5 final -- with automatic updates -- has been out for less than two months.
Prior to that, all Firefox did for updates was put a red circle in your toolbar and hope you'd notice it.
It's well known that Opera has a much higher usage share in Europe than in other parts of the world. I've seen the map showing Firefox usage per country, but I'd like to see what the IE, Opera, and Safari figures are as well. Maybe a map that turns each country into a pie chart with the top four?
In the year since Firefox hit 1.0, it's received much more attention from people trying to find security vulnerabilities than Mozilla ever did. (Check out Secunia for some examples.) On the other hand, a lot of that attention was from researchers, Mozilla's had a good track record at fixing them, and there hasn't been much in the way of exploitation of those vulnerabilities.
Agreed. A Firefox near-monopoly would be marginally better than the IE near-monopoly, but a duopoly or triopoly (is that a real word?) would be even better. It's great that we're seeing so much convergence toward standards among Gecko browsers, KHTML/WebKit browsers, and Opera. Even IE7, while not everything we (as designers) would have wanted, look slike it'll be a darn sight better than IE6 in terms of what it supports. (Things'll blow wide open once W3C's XHTML 2 and/or WhatWG's HTML 5 really get going, but even WhatWG has more collaboration that you might expect.)
Two or three browsers constantly jockeying for position, with enough common capabilities that people can just write code to one set of rules and have it work everywhere? Sounds great to me!
I did some digging, and it looks like I lost track of the legal status a few years ago when my bank stopped charging me the foreign fee.* I kind of assumed they wouldn't have stopped if they had a choice, so I figured one of the laws being tossed around had gotten passed.
Personally, I think the Santa Monica ordinance is backward. IMO the ATM owner should be able to charge you but your own bank should not. I'm mainly thinking in terms of privately-owned ATMs that you find in malls and convenience stores, but to be fair that should be extended to banks as well. But it makes less sense for your bank to charge you for you using someone else's ATM.
*Oddly enough, the foreign fee -- the charge your bank makes for you using someone else's ATM -- still shows up on the current fee schedule. I'll have to check the fine print on my statements and figure out why they're not charging me.
About 10 years ago it was common for banks to charge their customers for using 3rd-party ATMs and for the 3rd-party ATM to charge for accessing another bank's account. If you used another bank's ATM, or a privately-operated ATM, you'd get charged twice for the privilege.
I always figured it made sense for the 3rd-party ATM to charge you for using it, since its maintenance and overhead wasn't subsidized by your own bank, but it seemed insane for your bank to charge you for using someone else's equipment that they didn't manage.
Evidently, California* lawmakers agreed with me and passed a law forbidding the practice. Now if you have an account at one bank and use another bank's ATM, you only get charged by the ATM's owner.
*I'm fairly certain it was a state law, but I could be mistaken.
What I can't figure out about the blindfolded competition is how they can tell they've succeeded. Do they memorize the configuration before they begin, then solve it "in their head" as it were, or is there some way to tell the different colored labels apart by touch?
Maybe they should focus more on security rather than a fancy new AeroGlass interface....because UI design experience and artistic ability are all you need to carry out security research and code audits!
I hear Floria's a great vacation spot, though I've never been there myself. I always assumed it was near Florida, but I can't seem to find it on a map.
RShearman has been posting on a bunch of these threads that the WINE bug turned out to be a different bug in the same function. In WINE, SetAbortProc didn't check things properly and therefore certain code could execute. In Windows, it seems to react only with the length==1 and appears to start a new thread.
The thing is, this exploit requires minimal user action to download and process a malicious image. You can't just send malformed data to the right IP address and have it work, you have to find some way of getting that image onto the user's computer and getting it to process that image.
Some ideas include: - Seed it on a web page and hope the user visits it - Embed it in an email or IM and try to convince them to open it - Put it on an unprotected shared directory try to convince them to look at it.
These are scattershot methods, though -- good for placing spyware or zombies on large numbers of random machines, but not terribly good for getting your code to run on a specific computer, which is what a law enforcement or intelligence agency would really want.
Can you imagine a CIA agent reporting, "Well, we managed to get into about 30,000 computers where we discovered some nice cookie recipes, a bunch of fanfic, some software reg keys and photo collections, but we didn't have any luck getting at that Al Qaeda operative we're shadowing."
In the article, Gibson hypothesized that it might have been a last-ditch updater for Microsoft in the event that someone couldn't download an.exe through the firewall, couldn't run Windows Update because ActiveX was disabled, etc. they could put a WMF with update code on www.microsoft.com and tell people to visit it to get patched. That's about the most benign deliberate-backdoor interpretation you can get, though, especially considering how many people don't trust Microsoft's above-the-board updates.
There's an awful lot of "common sense" knowledge that turns out to be wrong. Some things are just counter-intuitive, some are easy to misinterpret.
Anyone looking at the apparent motion of the sun and moon over the course of a day would reasonably assume that both revolve around the Earth. The sun comes up, the sun goes down. Over time, people who took careful notes of the movements of the planets noticed that things didn't quite line up, and eventually they realized that it could easily be explained if Earth revolved around the sun and just rotated once a day. Since then we've sent out spacecraft based on this theory and they've gotten where they're supposed to, which suggests we're on the right track.
Until then, "common sense" said otherwise.
It's always worth double-checking common sense to confirm it. Sometimes you'll find out that, yes, people are groggy when they first wake up, and maybe you'll even find out why and be able to deal with it. Sometimes you'll find out that there isn't enough tryptophan in turkey to put people to sleep after a Thanksgiving dinner, and the reason they're drowsing off is just that they've eaten too much food.
Slashdot Mirror
1. It can already be turned off via about:config (RTFA), and if it actually makes it into Firefox 2.0 there will probably be a checkbox in Preferences.
2. As a guy with a website, I'm actually curious as to which links people click on to leave. Server logs will tell me which pages on my site are most popular and where visitors are coming from, but they won't tell me where they're going unless I go to the effort of creating a redirect script and linking through that -- and while I'm curious, I don't care enough to go to that effort. (Though advertisers and sites with marketroids do care, and have gone to the effort -- often sneakily.)
No, it's different because the WHATWG is operating with public specs and has reps from 3 of the 4 major browser developers (Mozilla, KHTML/WebKit, and Opera) alread on board to implement things. You may have heard of the element first used in Safari, now available in Firefox, and soon to be available in Opera?
Well, I think that referrer is much more privacy-invasive than this one.
I suppose it depends on where the ping is going. As a guy who owns a web page, I'm definitely curious about how people leave my site. Do they just close the window, or do most of them follow a particular link. Since you already know people are visiting your page, and you already know what links you've put there, it only gives you a little more info.
On the other hand, this can also be used to notify third-party sites. Ad servers, for instance.
WHATWG != Mozilla
It's amazing how many people on the comment thread don't seem to recognize that simple fact. I mean, WHATWG already has reps from Mozilla, KHTML/WebKit, and Opera -- just look at the implementation of <canvas> in Safari 2.0, then Firefox 1.5, then Opera 9.0 (I think I've got the versions right).
Most importantly, the intended behavior is defined in a public spacification, which means that if Microsoft feels like it, they can easily add any WHATWG feature to IE and have it work the same way as existing implementations.
An extension probably won't be necessary by the time 2.0 is released. Either Firefox will abandon the feature, or they'll have written the UI to disable it.
It's technically not necessary right now for people who are willing to deal with about:config and toggle the preference there -- which is the only people who should be using the trunk builds anyway.
NEVER post your e-mail on a web page. 2. NEVER e-mail somebody you don't know.
Neither will protect you from dictionary attacks. And now that spammers have armies of zombies at their beck and call, they're doing distributed dictionary attacks, which are harder to detect and block.
Common first names, first initials with common last names, role descriptions... Heck, we even get spam sent to template@(domain name) because it happened to be active at the time someone tried sending it mail.
Unless you make your email address really hard to guess....
Could this be a trend forming where sites run and therefor promoted by geeks, even though the content isn't actually geek related tends to have a higher number of visitors using firefox?
Hard to say. One of my websites (the one in my sig) is obviously geek-oriented, and has had Firefox in the lead since it started. Current stats for this month are running Firefox at 46%, IE at 21% and Opera at 19%. (Of course, I do tend to promote it in Opera and Firefox communities.)
At another site I run, which gets a more mainstream audience (most of the traffic goes to a comic-book fan site), IE still has the lead, but Firefox has consistently pulled about twice its global marketshare at any given time, currently running about 18.5% (current global stats are at just under 10%).
I suspect the previous poster was referring to some of the DHTML tutorials on W3Schools, which IIRC include IE-only techniques. It's been a long time since I've gone there for anything other than stats, though, so I'm not entirely sure.
For the most part Firefox installs it's own updates unless you're using some ancient version or somehow disable updating. ;)
The 1.0 series is only ancient if you've been following the alphas and betas. 1.5 final -- with automatic updates -- has been out for less than two months.
Prior to that, all Firefox did for updates was put a red circle in your toolbar and hope you'd notice it.
It's well known that Opera has a much higher usage share in Europe than in other parts of the world. I've seen the map showing Firefox usage per country, but I'd like to see what the IE, Opera, and Safari figures are as well. Maybe a map that turns each country into a pie chart with the top four?
Sort of.
In the year since Firefox hit 1.0, it's received much more attention from people trying to find security vulnerabilities than Mozilla ever did. (Check out Secunia for some examples.) On the other hand, a lot of that attention was from researchers, Mozilla's had a good track record at fixing them, and there hasn't been much in the way of exploitation of those vulnerabilities.
I wonder if I could even get away with tautologies like "most Christians are Christian"
I have to wonder about the implication here of Christians who aren't Christian... though I've certainly heard the claim made about certain sects.
Agreed. A Firefox near-monopoly would be marginally better than the IE near-monopoly, but a duopoly or triopoly (is that a real word?) would be even better. It's great that we're seeing so much convergence toward standards among Gecko browsers, KHTML/WebKit browsers, and Opera. Even IE7, while not everything we (as designers) would have wanted, look slike it'll be a darn sight better than IE6 in terms of what it supports. (Things'll blow wide open once W3C's XHTML 2 and/or WhatWG's HTML 5 really get going, but even WhatWG has more collaboration that you might expect.)
Two or three browsers constantly jockeying for position, with enough common capabilities that people can just write code to one set of rules and have it work everywhere? Sounds great to me!
I did some digging, and it looks like I lost track of the legal status a few years ago when my bank stopped charging me the foreign fee.* I kind of assumed they wouldn't have stopped if they had a choice, so I figured one of the laws being tossed around had gotten passed.
Personally, I think the Santa Monica ordinance is backward. IMO the ATM owner should be able to charge you but your own bank should not. I'm mainly thinking in terms of privately-owned ATMs that you find in malls and convenience stores, but to be fair that should be extended to banks as well. But it makes less sense for your bank to charge you for you using someone else's ATM.
*Oddly enough, the foreign fee -- the charge your bank makes for you using someone else's ATM -- still shows up on the current fee schedule. I'll have to check the fine print on my statements and figure out why they're not charging me.
About 10 years ago it was common for banks to charge their customers for using 3rd-party ATMs and for the 3rd-party ATM to charge for accessing another bank's account. If you used another bank's ATM, or a privately-operated ATM, you'd get charged twice for the privilege.
I always figured it made sense for the 3rd-party ATM to charge you for using it, since its maintenance and overhead wasn't subsidized by your own bank, but it seemed insane for your bank to charge you for using someone else's equipment that they didn't manage.
Evidently, California* lawmakers agreed with me and passed a law forbidding the practice. Now if you have an account at one bank and use another bank's ATM, you only get charged by the ATM's owner.
*I'm fairly certain it was a state law, but I could be mistaken.
Yeah, for some reason the 3x3 Rubik's Square never caught on.
What I can't figure out about the blindfolded competition is how they can tell they've succeeded. Do they memorize the configuration before they begin, then solve it "in their head" as it were, or is there some way to tell the different colored labels apart by touch?
Maybe they should focus more on security rather than a fancy new AeroGlass interface. ...because UI design experience and artistic ability are all you need to carry out security research and code audits!
Forget the predictions -- I'm just surprised he spelled RADAR with all-caps.
Right in the Orlado area.
That's right by DizzyWorld, right?
I hear Floria's a great vacation spot, though I've never been there myself. I always assumed it was near Florida, but I can't seem to find it on a map.
RShearman has been posting on a bunch of these threads that the WINE bug turned out to be a different bug in the same function. In WINE, SetAbortProc didn't check things properly and therefore certain code could execute. In Windows, it seems to react only with the length==1 and appears to start a new thread.
The thing is, this exploit requires minimal user action to download and process a malicious image. You can't just send malformed data to the right IP address and have it work, you have to find some way of getting that image onto the user's computer and getting it to process that image.
.exe through the firewall, couldn't run Windows Update because ActiveX was disabled, etc. they could put a WMF with update code on www.microsoft.com and tell people to visit it to get patched. That's about the most benign deliberate-backdoor interpretation you can get, though, especially considering how many people don't trust Microsoft's above-the-board updates.
Some ideas include:
- Seed it on a web page and hope the user visits it
- Embed it in an email or IM and try to convince them to open it
- Put it on an unprotected shared directory try to convince them to look at it.
These are scattershot methods, though -- good for placing spyware or zombies on large numbers of random machines, but not terribly good for getting your code to run on a specific computer, which is what a law enforcement or intelligence agency would really want.
Can you imagine a CIA agent reporting, "Well, we managed to get into about 30,000 computers where we discovered some nice cookie recipes, a bunch of fanfic, some software reg keys and photo collections, but we didn't have any luck getting at that Al Qaeda operative we're shadowing."
In the article, Gibson hypothesized that it might have been a last-ditch updater for Microsoft in the event that someone couldn't download an
There's an awful lot of "common sense" knowledge that turns out to be wrong. Some things are just counter-intuitive, some are easy to misinterpret.
Anyone looking at the apparent motion of the sun and moon over the course of a day would reasonably assume that both revolve around the Earth. The sun comes up, the sun goes down. Over time, people who took careful notes of the movements of the planets noticed that things didn't quite line up, and eventually they realized that it could easily be explained if Earth revolved around the sun and just rotated once a day. Since then we've sent out spacecraft based on this theory and they've gotten where they're supposed to, which suggests we're on the right track.
Until then, "common sense" said otherwise.
It's always worth double-checking common sense to confirm it. Sometimes you'll find out that, yes, people are groggy when they first wake up, and maybe you'll even find out why and be able to deal with it. Sometimes you'll find out that there isn't enough tryptophan in turkey to put people to sleep after a Thanksgiving dinner, and the reason they're drowsing off is just that they've eaten too much food.
Sounds like these should go perfectly with the joystick-enabled pants.