can you catch this cookie through visiting other sites
o_0 it's not the flu. AFAIK you can only set a cookie for your own domain or a subdomain thereof. I'm sure someone who actually cares will clarify.
It is possible, though unlikely. If your browser is not set to block "third party" cookies, or Bing is in your trusted sites list which allow third party cookies regardless of your general settings, then nay object (an image, js file, css stylesheet, html in an iframe, anything requested via xmlhttprequest (though same origin checks should block this),...) requested from that domain can leave cookies. In fact "something in an iframe" can probably leave cookies anyway as I don't think it would count as third party. Why such an object would be present in any given page is the question to ask here, though the sites that are checking for the cookie need to interact with Bing in your browser in some way.
None of that is needed. For the client, ItJustWorks. The hardest part is if they don't use Messenger already (as otherwise they have to find the RA client tool and get the invitation file to you by some means such as email) otherwise it is no harder then "ooh, Dave is online, I'll ask him to look, open chat, click 'activity', click 'request remote assistance', done." and the last two clicks I can talk them through over Messenger if they have forgotten where the command is. Of course it doesn't work if Messenger isn't working for some reason, but any remote admin tool requires a certain level of "the system is working" to be useful.
For a couple of family members I support I find the Remote Assistance function (essentially Remote Desktop with a different make-up job) works fine. They have MSN Messenger (or Live Messenger, or what-ever it is branded as today) accounts as do I so all they have to do is click select "request remote assistance" from the "activity" menu. You will need to have port 3389 pointing open at your firewall and pointing to the machine you will be answering the call on though, which is a disadvantage (make sure all your passwords are well chosen!), but the other end doesn't need any open ports.
Pre XP I had OpenVPN and VNC installed on their machines. All they had to do was open the VPN and I could take/share control via VNC. RDC/RA works better though, as it is more responsive over slow ADSL lines and does not require any setup on the machine the person is asking for support on, though for family members who I have built machines for still have the VPN installed so I can connect it if I want/need to try interact with the machine by anything other than the RA connection (accessing fileshares directly for instance, if the problem being reported is "I can see the MP3s on the main machine from my laptop" or such), but I've not needed to do that for some time.
Inferior in what way? While I have no reason to call the quality of Asus products into question (aside from the anecdotal single-case evidence of a motherboard that died on me after a couple of months use), I very much doubt their build quality is greater than that of most other manufacturers. Do you have any evidence to the contrary?
Acer were perfectly happy to sell me a decent netbook without Windows, for less than the equivalent Asus product at the time even if you took a full Windows refund into account, and it is still working day-in-day-out several month later. Asus are not the only game in town, nor is anyone else.
Your post is extremely arrogant and has no valid points. Were you just hoping to get modded up?
Pot, meet kettle. Kettle, this is pot. Actually, the original poster did have a point to make. It was a point based on his opinion and how this change of circumstances changes his likelihood of purchasing a product from the company the current discussion is about. His point may not be relevant to you, but that doesn't mean it isn't a valid point in his case. Your post on the other hand...
Now, if they abused their workers (beatings, sexual harassment, unsafe working conditions--not unclean or otherwise poor, just unsafe, unpaid overtime), that's a different story. But as long as the treatment of workers remains humane and dignified, it's probably not as bad as you think, and not nearly as immoral as activists make it out to be.
There is a body of evidence to suggest that such abuses are all too common, which is as much of concern (if not more so, as you point out) with "sweatshop" factories as the wage the workers are paid relative to their general economic conditions or ours.
Which is why there is an IP case about Chinese fonts, but illegal copies of Windows 98 to Windows XP being sold on the streets of China for $1 a CD each. If Microsoft were a Chinese company, the Chinese government would crack down on the illegal copies, but since Microsoft is a US company, the Chinese government turns a blind eye on the illegal copies of Windows 98 to Windows XP.
And western owned companies take a similar attitude to human rights. They won't have their people working in sweatshop conditions, as the public outcry would ruin them if legal action didn't first, but they are quite happy to deal with factories in countries further east that are run that way. Governments don't do enough about the issue because it isn't directly affecting their voters and the indirect affect on their economies and lifestyles (at least in the short-to-medium term, certainly on the scale of a political term) through cheaper products is largely positive.
While China has no good case not to be called hypocritical on IP law enforcement and other issues, other nations have no such claim to even handed fairness in all issues either and the Chinese are likely to see (well, those who can see it, pervasive censorship will reduce the number that can) our calling their government hypocritical as, well, hypocritical....
If the ISPs get their way and force NAT on everyone then P2P can be shut down pretty fast.
Most NAT arrangements can be pushed through, at least of UDP traffic, using STUN and similar methods.
Many ISPs are moving towards NAT more because that is the least-investment-now way to get around the supply of IP addresses being harder to come by, rather than any desire to break P2P applications anyway.
This isn't a fault of the protocol though. The protocol is doing its job properly (putting you in contact with many potential peers) to the extent that your router doesn't cope and isn't failing gracefully.
you might be able to mitigate the issue somewhat by reducing the number of connections your client makes/accepts, but if the issue is incoming connection attempts (irrespective of whether they are accepted or not) then you may have to stop your router forwarding in bittorrent connections (but this will limit your participation in the swarm to just connections you make, which is not ideal).
Caveat: I've not used a public tracker aside from when I last updated my local Ubuntu install set for quite some time, so PEX & DHT are not something I use myself.
1. Loss of some caching options. If you app tells the browser it can cache the page something.php?sid=12345 for a while even though it is dynamic content, in yuor next session the cached version won't be used because something.php?sid=23456 isn't the same query as something.php?sid=12345
2. Referrer security: any direct link from a page with the session ID in the query string will be given that session ID as part of the referrer header. This could perhaps make session hijacking a chunk easier.
3. Simplicity: with the cookie you can just set the session ID at session start, and it will last until unset/changed/expired (or the user closes their browser in the case of a session only cookie) and be sent back to you in future requests. Without the cookie option you code needs to make sure it appends the session ID to every request.
1 isn't a major issue as most sites don't bother with that sort of cache control. 2 can be worked around by always replacing external links with a wrapper script at your server that is called without the session id and doesn't nothing more than just redirect - but then you need to secure that somehow so you don't become some freeloader's link source anonymising service. 3 cold be quite a pain, especially if you need to retrofit the technique into an app or framework that currently depends on cookie values.
so will we finally be able to predict where the fly will be so that way we can swat them? or is this just a good excuse for doing some mathing?
If landed, swat from behind aiming above the fly (from its perspective). The instinctive reaction to a moving threat from behind is to take off upwards and forwards, which is directly into the path of the swat if you judge it right. This beats the fly's reactions (which are far faster than yours) by aiming where it is likely to be at the time, not where it is as you start your attack swing.
GPL is about forcing future software to also be free. Not using it doesn't rob anyone of anything.
GPL is about forcing future software that uses on GPLed code to also be free. You don't want to be held by the GPL? Then don't use GPLed code. Is it really that difficult?
Got GPLed code in your project by accident? Then you didn't do due diligence properly. Your fault, not the GPL's fault.
Got GPLed code in your project by no fault of your own (bad contractor, used a library or other source that itself broke GPL, or some such reason)? That does sometimes happen and here you need to discuss it with the owner of the affected code.
"...general public seem somewhat immune to the effects of such education probably because critical thinking doesn't appear to be fashionable."
Hence the rush to support Obama-care....even though we in the US are so far down the debt hole, that we cannot possibly afford such measures at this time....
I thought that was more to do with noticing that, amongst other things, despite how bad the NHS is at times over here (and three are parts of it that really need attention) we spend far less per capita on health care yet manage to have a better average lifespan. Or are you one of those people who thinks that all is OK as long as it is only poor people who can't afford exorbitant medical insurance that have problems? Caveat: I know almost nothing about the American health care system (though that is a little more than those using ours as a counter example know about it).
Someone please do the right thing and mod the both of us off-topic. Because we are. Grossly off-topic.
Fair catch. But win this one in court and then they just point out that it says nothing about guaranteed rates. Used more then 1Gb? 1Kbyte/sec maximum it is for you then.
there *HAS* to be some lawyer out there who's good enough to get a judge to realize that this is nothing but false advertising, and some pretty obvious bait-and-switch tactics.
Oh there no doubt is. But the people who want him to fight the case can't afford his fees, and the people who would prefer he didn't can afford to keep him busy elsewhere.
That was tried in the UK with ADSL providers advertising "unlimited" broadband. They got around it by reclassifying exactly what is unlimited - it is now "unlimited access" so at any time 24/7/365.25 you can have access, but it isn't unlimited bandwidth.
Sue all you like - they'll find a loop-hole somewhere and the only people to really gain will be the lawyers.
The only real way to fix the current advertising problems is to educate the general public to not fall for stupendously unrealistic claims in advertising - unfortunately the general public seem somewhat immune to the effects of such education probably because critical thinking doesn't appear to be fashionable.
I find that to be generally useful NoScript has to be used in its more paranoid settings, which makes it a bit too much of a blunt implement for my current needs.
Also, and I may be wrong here to please correct me if I am, I was under the impression that some video/audio content delivered via the new HTML5 facilities would be presented without the need for any scripting support?
I'm waiting for "HTML5VideoBlock" to go along with FlashBlock, because it won't take long for irritating adverts to start using the option. To be honest, I'm surprised it hasn't started already...
That particular test isn't really a relevant benchmark when talking about most browser applications though. That test is a number-crunching test and most of the time in apps like gmail, Google's calendar, and so forth the main bottlenecks are rendering speed (especially if you find yourself supporting IE6/7 (8 may be better in that respect, though I've not tested it much yet myself)) and network latency (which you sometimes have to accept as a consequence of a thin-client design, but can often be worked around by making the client-side code cache data, buffer and read-ahead requests more effectively), not shear language interpretation speed.
Even where the speed of JS code execution is the bottleneck, be careful quoting benchmarks for Google's V8 engine otherwise people may see you as a JS "fan-boi" just picking the best benchmark scores. V8 is, IIRC, not in a non-beta version of Chrome yet never mind anything else. Other versions of Chrome are a little slower, Firefox 3.5 slower again, FF4.x slower stil, and IE6/7/8 are all off the bottom of the scale (Im not sure where Opera and the other alternatives fit in on that scale off the top of my head) - so that benchmark does not represent the speed that most people will see in a JS application at the moment. The same for server-side implementations - most I've seen are based on SpiderMonkey so perform similarly to recent FireFox versions (as that is the engine FF uses).
Having said that though, your point is not incorrect even if it is not entirely accurate in the context of browser apps in current browser releases, the latest JS interpreters and JIT compilers (like V8 from Google and SpiderMonkey+TraceMonkey as found in FF3.5+) can outperform other common languages like Perl and Python more readily than most people would assume (with the caveat that a good Python programmer can faster code then a bad/intermediate JS programmer, and vice versa, so you need to consider the quality of the code you are benchmarking too).
Why are people investing so much in a fundamentally flawed scripting language that has almost no use at all outside the browser and that Palm Pre thing that is basically a browser in a plastic case?
Actually JavaScript is a rather good language in many ways, though it does have some flaws. Give "JavaScript, the Good Parts" a quick read some time.
The main problem in the place where people usually see the language, in the browser, is when interacting with the Document Object Model in browsers - a model that isn't exactly my favourite environment to start with and that is before considering all the hacking you have to do to get things to work well on multiple browsers (even when only considering modern versions).
Ah, yet another legislative solution that simply isn't going to achieve anything...
How many scam sites are actually hosted in a country where this new act carries any weight what-so-ever? Even if you close one that is in your country, how much time to you think it would take for the fraudsters to just move elsewhere?
The auction will include rights to everything but the first two films.
I don't get it. Why would someone pay for rights that exclude everything of value?
Maybe if you think you can somehow inject more value back into it, then trying to get hold of the franchise for a bargain price might be worth a little effort and expenditure in the long run.
Or, more likely, it'll be bought by someone who has no bright ideas or plans. They'll sit on it until other people have bright ideas (given the franchise still has a following and the first films are still held in the high esteem they are, people are going to be thinking about it) then sell/lease the rights to them for profit.
What is this story about? uTP, because it promises to reduce bittorrent interference with other apps on the network. From what I have gathered it is only offered by utorrent.
Ah sorry, I completely forgot the fact that rTorrent has become the "official" client since its purchase.
Slashdot Mirror
can you catch this cookie through visiting other sites
o_0 it's not the flu. AFAIK you can only set a cookie for your own domain or a subdomain thereof. I'm sure someone who actually cares will clarify.
It is possible, though unlikely. If your browser is not set to block "third party" cookies, or Bing is in your trusted sites list which allow third party cookies regardless of your general settings, then nay object (an image, js file, css stylesheet, html in an iframe, anything requested via xmlhttprequest (though same origin checks should block this), ...) requested from that domain can leave cookies. In fact "something in an iframe" can probably leave cookies anyway as I don't think it would count as third party. Why such an object would be present in any given page is the question to ask here, though the sites that are checking for the cookie need to interact with Bing in your browser in some way.
None of that is needed. For the client, ItJustWorks. The hardest part is if they don't use Messenger already (as otherwise they have to find the RA client tool and get the invitation file to you by some means such as email) otherwise it is no harder then "ooh, Dave is online, I'll ask him to look, open chat, click 'activity', click 'request remote assistance', done." and the last two clicks I can talk them through over Messenger if they have forgotten where the command is. Of course it doesn't work if Messenger isn't working for some reason, but any remote admin tool requires a certain level of "the system is working" to be useful.
You might find the other end has uPnP - I think it works if either or both ends have an incoming port available.
For a couple of family members I support I find the Remote Assistance function (essentially Remote Desktop with a different make-up job) works fine. They have MSN Messenger (or Live Messenger, or what-ever it is branded as today) accounts as do I so all they have to do is click select "request remote assistance" from the "activity" menu. You will need to have port 3389 pointing open at your firewall and pointing to the machine you will be answering the call on though, which is a disadvantage (make sure all your passwords are well chosen!), but the other end doesn't need any open ports.
Pre XP I had OpenVPN and VNC installed on their machines. All they had to do was open the VPN and I could take/share control via VNC. RDC/RA works better though, as it is more responsive over slow ADSL lines and does not require any setup on the machine the person is asking for support on, though for family members who I have built machines for still have the VPN installed so I can connect it if I want/need to try interact with the machine by anything other than the RA connection (accessing fileshares directly for instance, if the problem being reported is "I can see the MP3s on the main machine from my laptop" or such), but I've not needed to do that for some time.
Have fun running your inferior hardware then.
Inferior in what way? While I have no reason to call the quality of Asus products into question (aside from the anecdotal single-case evidence of a motherboard that died on me after a couple of months use), I very much doubt their build quality is greater than that of most other manufacturers. Do you have any evidence to the contrary?
Acer were perfectly happy to sell me a decent netbook without Windows, for less than the equivalent Asus product at the time even if you took a full Windows refund into account, and it is still working day-in-day-out several month later. Asus are not the only game in town, nor is anyone else.
Your post is extremely arrogant and has no valid points. Were you just hoping to get modded up?
Pot, meet kettle. Kettle, this is pot. Actually, the original poster did have a point to make. It was a point based on his opinion and how this change of circumstances changes his likelihood of purchasing a product from the company the current discussion is about. His point may not be relevant to you, but that doesn't mean it isn't a valid point in his case. Your post on the other hand...
Now, if they abused their workers (beatings, sexual harassment, unsafe working conditions--not unclean or otherwise poor, just unsafe, unpaid overtime), that's a different story. But as long as the treatment of workers remains humane and dignified, it's probably not as bad as you think, and not nearly as immoral as activists make it out to be.
There is a body of evidence to suggest that such abuses are all too common, which is as much of concern (if not more so, as you point out) with "sweatshop" factories as the wage the workers are paid relative to their general economic conditions or ours.
Which is why there is an IP case about Chinese fonts, but illegal copies of Windows 98 to Windows XP being sold on the streets of China for $1 a CD each. If Microsoft were a Chinese company, the Chinese government would crack down on the illegal copies, but since Microsoft is a US company, the Chinese government turns a blind eye on the illegal copies of Windows 98 to Windows XP.
And western owned companies take a similar attitude to human rights. They won't have their people working in sweatshop conditions, as the public outcry would ruin them if legal action didn't first, but they are quite happy to deal with factories in countries further east that are run that way. Governments don't do enough about the issue because it isn't directly affecting their voters and the indirect affect on their economies and lifestyles (at least in the short-to-medium term, certainly on the scale of a political term) through cheaper products is largely positive.
While China has no good case not to be called hypocritical on IP law enforcement and other issues, other nations have no such claim to even handed fairness in all issues either and the Chinese are likely to see (well, those who can see it, pervasive censorship will reduce the number that can) our calling their government hypocritical as, well, hypocritical....
If the ISPs get their way and force NAT on everyone then P2P can be shut down pretty fast.
Most NAT arrangements can be pushed through, at least of UDP traffic, using STUN and similar methods.
Many ISPs are moving towards NAT more because that is the least-investment-now way to get around the supply of IP addresses being harder to come by, rather than any desire to break P2P applications anyway.
This isn't a fault of the protocol though. The protocol is doing its job properly (putting you in contact with many potential peers) to the extent that your router doesn't cope and isn't failing gracefully.
you might be able to mitigate the issue somewhat by reducing the number of connections your client makes/accepts, but if the issue is incoming connection attempts (irrespective of whether they are accepted or not) then you may have to stop your router forwarding in bittorrent connections (but this will limit your participation in the swarm to just connections you make, which is not ideal).
Caveat: I've not used a public tracker aside from when I last updated my local Ubuntu install set for quite some time, so PEX & DHT are not something I use myself.
Time to switch our systems to using challenge-response auth even when the entire site is carried over SSL...
Of course that means having to store passwords in a for that the server-side code can decode them, which is itself generally a no-no...
Anyone have good ideas for authentication mechanisms that can't be circumvented by this and similar hacks?
1 isn't a major issue as most sites don't bother with that sort of cache control. 2 can be worked around by always replacing external links with a wrapper script at your server that is called without the session id and doesn't nothing more than just redirect - but then you need to secure that somehow so you don't become some freeloader's link source anonymising service. 3 cold be quite a pain, especially if you need to retrofit the technique into an app or framework that currently depends on cookie values.
so will we finally be able to predict where the fly will be so that way we can swat them? or is this just a good excuse for doing some mathing?
If landed, swat from behind aiming above the fly (from its perspective). The instinctive reaction to a moving threat from behind is to take off upwards and forwards, which is directly into the path of the swat if you judge it right. This beats the fly's reactions (which are far faster than yours) by aiming where it is likely to be at the time, not where it is as you start your attack swing.
GPL is about forcing future software to also be free. Not using it doesn't rob anyone of anything.
GPL is about forcing future software that uses on GPLed code to also be free. You don't want to be held by the GPL? Then don't use GPLed code. Is it really that difficult?
Got GPLed code in your project by accident? Then you didn't do due diligence properly. Your fault, not the GPL's fault.
Got GPLed code in your project by no fault of your own (bad contractor, used a library or other source that itself broke GPL, or some such reason)? That does sometimes happen and here you need to discuss it with the owner of the affected code.
"...general public seem somewhat immune to the effects of such education probably because critical thinking doesn't appear to be fashionable."
Hence the rush to support Obama-care....even though we in the US are so far down the debt hole, that we cannot possibly afford such measures at this time....
I thought that was more to do with noticing that, amongst other things, despite how bad the NHS is at times over here (and three are parts of it that really need attention) we spend far less per capita on health care yet manage to have a better average lifespan. Or are you one of those people who thinks that all is OK as long as it is only poor people who can't afford exorbitant medical insurance that have problems? Caveat: I know almost nothing about the American health care system (though that is a little more than those using ours as a counter example know about it).
Someone please do the right thing and mod the both of us off-topic. Because we are. Grossly off-topic.
It says quite clearly, "unlimited data".
Fair catch. But win this one in court and then they just point out that it says nothing about guaranteed rates. Used more then 1Gb? 1Kbyte/sec maximum it is for you then.
there *HAS* to be some lawyer out there who's good enough to get a judge to realize that this is nothing but false advertising, and some pretty obvious bait-and-switch tactics.
Oh there no doubt is. But the people who want him to fight the case can't afford his fees, and the people who would prefer he didn't can afford to keep him busy elsewhere.
That was tried in the UK with ADSL providers advertising "unlimited" broadband. They got around it by reclassifying exactly what is unlimited - it is now "unlimited access" so at any time 24/7/365.25 you can have access, but it isn't unlimited bandwidth.
Sue all you like - they'll find a loop-hole somewhere and the only people to really gain will be the lawyers.
The only real way to fix the current advertising problems is to educate the general public to not fall for stupendously unrealistic claims in advertising - unfortunately the general public seem somewhat immune to the effects of such education probably because critical thinking doesn't appear to be fashionable.
When 1% of your population is in prison, you can be sure the vast majority are actually innocent. No culture is that wicked.
You have a higher opinion of human nature than I.
I find that to be generally useful NoScript has to be used in its more paranoid settings, which makes it a bit too much of a blunt implement for my current needs.
Also, and I may be wrong here to please correct me if I am, I was under the impression that some video/audio content delivered via the new HTML5 facilities would be presented without the need for any scripting support?
I'm waiting for "HTML5VideoBlock" to go along with FlashBlock, because it won't take long for irritating adverts to start using the option. To be honest, I'm surprised it hasn't started already...
That particular test isn't really a relevant benchmark when talking about most browser applications though. That test is a number-crunching test and most of the time in apps like gmail, Google's calendar, and so forth the main bottlenecks are rendering speed (especially if you find yourself supporting IE6/7 (8 may be better in that respect, though I've not tested it much yet myself)) and network latency (which you sometimes have to accept as a consequence of a thin-client design, but can often be worked around by making the client-side code cache data, buffer and read-ahead requests more effectively), not shear language interpretation speed.
Even where the speed of JS code execution is the bottleneck, be careful quoting benchmarks for Google's V8 engine otherwise people may see you as a JS "fan-boi" just picking the best benchmark scores. V8 is, IIRC, not in a non-beta version of Chrome yet never mind anything else. Other versions of Chrome are a little slower, Firefox 3.5 slower again, FF4.x slower stil, and IE6/7/8 are all off the bottom of the scale (Im not sure where Opera and the other alternatives fit in on that scale off the top of my head) - so that benchmark does not represent the speed that most people will see in a JS application at the moment. The same for server-side implementations - most I've seen are based on SpiderMonkey so perform similarly to recent FireFox versions (as that is the engine FF uses).
Having said that though, your point is not incorrect even if it is not entirely accurate in the context of browser apps in current browser releases, the latest JS interpreters and JIT compilers (like V8 from Google and SpiderMonkey+TraceMonkey as found in FF3.5+) can outperform other common languages like Perl and Python more readily than most people would assume (with the caveat that a good Python programmer can faster code then a bad/intermediate JS programmer, and vice versa, so you need to consider the quality of the code you are benchmarking too).
Why are people investing so much in a fundamentally flawed scripting language that has almost no use at all outside the browser and that Palm Pre thing that is basically a browser in a plastic case?
Actually JavaScript is a rather good language in many ways, though it does have some flaws. Give "JavaScript, the Good Parts" a quick read some time.
The main problem in the place where people usually see the language, in the browser, is when interacting with the Document Object Model in browsers - a model that isn't exactly my favourite environment to start with and that is before considering all the hacking you have to do to get things to work well on multiple browsers (even when only considering modern versions).
Ah, yet another legislative solution that simply isn't going to achieve anything...
How many scam sites are actually hosted in a country where this new act carries any weight what-so-ever? Even if you close one that is in your country, how much time to you think it would take for the fraudsters to just move elsewhere?
Reply to self to correct error: I of course meant uTorrent in the above, not rTorrent.
I don't get it. Why would someone pay for rights that exclude everything of value?
Maybe if you think you can somehow inject more value back into it, then trying to get hold of the franchise for a bargain price might be worth a little effort and expenditure in the long run.
Or, more likely, it'll be bought by someone who has no bright ideas or plans. They'll sit on it until other people have bright ideas (given the franchise still has a following and the first films are still held in the high esteem they are, people are going to be thinking about it) then sell/lease the rights to them for profit.
What is this story about? uTP, because it promises to reduce bittorrent interference with other apps on the network. From what I have gathered it is only offered by utorrent.
Ah sorry, I completely forgot the fact that rTorrent has become the "official" client since its purchase.