Basically you can pre-calculate a huge set of POST parameter names which will all be hashed to the same value. Since these are stored in a hash-map by most web-frameworks - this will lead to a o(n) lookup time instead of a o(1) lookup time, when testing the hash-map for a given parameter name. This will max out your cpu quite quickly depending on how many lookups you perform per request.
Since the attack has "script kiddie" difficulty, this needs to be patched ASAP by all vendors... or we will see a lot a downtime on many public servers.
in this way flash is a lot like google gears. We get the features of tomorrow delivered today (or even earlier considering the age of flash)... and in the case of flash on 97% of browsers with the small cost of being a plugin.
So all the flash bashing folks should think a second about the bad plugin management of todays browsers. maybe html 5 should also define a better way to handle browser and plugin interaction. this would make copy+paste/drag and drop from plugin to html content much easier.
I read about lively quite a time ago... but tried it just now to see how it feels.
And i must say... it sucks... big time!
If they do really want to make anything fun of it... it looks like starting from scratch would be a good idea.
Why ?
- Its slow (on a dual core system that runs cyrsis just fine) - Loading takes ages - Controll via point and click not well done - Camera controll annoying - Overall usability far away from google standards
I can already see Windows7 being shipped without all that useless bloatware... ... and having it all installed again after selecting all "important" "security" updates...
since both are open source, i dont see a problem there?
Why shouldn't Firefox also use this "fast and improved" Javascript engine, if it proves to be superior?
Also Firefox already has an established userbase which google certainly is not going to ignore.
Above that... i dont see Chrome capturing too many Firefox users no matter how good it is sinice it lacks the supply of addons that make Firefox so great.
Afaik Sisvel is responsible for collecting the money on Mpeg Patents... so pretty much everything using DVB-T without paying them fees is considered illegal.... in the past Sisvel made its money in collecting fees for the volume bar used in all modern TVs. So you can clearly call them a patent troll.
i habe been reading/. for quite a time now and never read the word "usability" ever. (i think most FOSS guys also never heard of it)
Interface Usability is a whole science. There are plenty of books describing exactly what you are trying to reinvent!
For a start you might want to check out Jakob Nielsen's Alterbox Website, which is full of small articles regarding common usability problems.
http://www.useit.com/alertbox/... and if you like his style of writing you might also want to buy his book "Usability Engineering" (which is a must-have when you work in the field of usability IMHO)
Slashdot Mirror
Just to make it clear - this affects a whole lot of systems and is based on a flaw in the design of hash-tables:
http://packetstormsecurity.org/files/108209/n.runs-SA-2011.004.txt
Basically you can pre-calculate a huge set of POST parameter names which will all be hashed to the same value. Since these are stored in a hash-map by most web-frameworks - this will lead to a o(n) lookup time instead of a o(1) lookup time, when testing the hash-map for a given parameter name.
This will max out your cpu quite quickly depending on how many lookups you perform per request.
Since the attack has "script kiddie" difficulty, this needs to be patched ASAP by all vendors ... or we will see a lot a downtime on many public servers.
i wonder that nobody yet pointed to this webpage: http://ishtml5readyyet.com/ ...
in this way flash is a lot like google gears. We get the features of tomorrow delivered today (or even earlier considering the age of flash)... and in the case of flash on 97% of browsers with the small cost of being a plugin.
So all the flash bashing folks should think a second about the bad plugin management of todays browsers. maybe html 5 should also define a better way to handle browser and plugin interaction. this would make copy+paste/drag and drop from plugin to html content much easier.
I read about lively quite a time ago ... but tried it just now to see how it feels.
And i must say ... it sucks ... big time!
If they do really want to make anything fun of it ... it looks like starting from scratch would be a good idea.
Why ?
- Its slow (on a dual core system that runs cyrsis just fine)
- Loading takes ages
- Controll via point and click not well done
- Camera controll annoying
- Overall usability far away from google standards
I can already see Windows7 being shipped without all that useless bloatware ...
... and having it all installed again after selecting all "important" "security" updates ...
As far as i remember, Debian kicked Firefox because its logo is non-free. So i guess it is not affected by these EULA changes.
does it run Vista? ... oh wait!
since both are open source, i dont see a problem there?
Why shouldn't Firefox also use this "fast and improved" Javascript engine, if it proves to be superior?
Also Firefox already has an established userbase which google certainly is not going to ignore.
Above that ... i dont see Chrome capturing too many Firefox users no matter how good it is sinice it lacks the supply of addons that make Firefox so great.
Afaik Sisvel is responsible for collecting the money on Mpeg Patents ... so pretty much everything using DVB-T without paying them fees is considered illegal. ... in the past Sisvel made its money in collecting fees for the volume bar used in all modern TVs. So you can clearly call them a patent troll.
I just wanted to check when this beauty is going live ... but as i discovered:
http://www.lhcountdown.com/
seems to be down ... i hope this kind of misconfiguration does not apply to the rest of the system! (else we are all doomed! *runs away in panic*)
i habe been reading /. for quite a time now and never read the word "usability" ever. (i think most FOSS guys also never heard of it)
Interface Usability is a whole science. There are plenty of books describing exactly what you are trying to reinvent!
For a start you might want to check out Jakob Nielsen's Alterbox Website, which is full of small articles regarding common usability problems.
http://www.useit.com/alertbox/ ... and if you like his style of writing you might also want to buy his book "Usability Engineering" (which is a must-have when you work in the field of usability IMHO)