Slashdot Mirror


User: amicusNYCL

amicusNYCL's activity in the archive.

Stories
0
Comments
6,246
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,246

  1. Re:Time to learn. on iOS Developer Site At Core of Facebook, Apple Watering Hole Attack · · Score: 1

    Yes, running a no-script browser is techincally safer, but it's also technically useless as you're missing out on the content provided by those scripted services. Do you manually type in captcha hashes? Do you ignore all video posted anywhere? You'll never run a single script, ever?

    Where did you get that from? The interface of the major application I work on is over 1.5MB of Javascript. I don't disable Javascript. I disable plugins from automatically starting plugin content. This has nothing to do with scripting. I'm talking about Java, not Javascript. Hopefully you know the difference, if you don't then don't bother to reply to things like this. As for video specifically, if I come across a Flash video on a news site or whatever that they embedded in a way where click-to-start doesn't work for that site (such as CNN), then I just copy and paste the URL into my development browser which otherwise never browses the general internet.

    Java is not uniquely bad, it's just the latest target.

    Whether or not Oracle's Java browser plugin is uniquely bad is in fact a matter of debate.

    The correct approach to security is mitigation of threat, not summary denial of vulnerability.

    I'm not sure what you're saying there, "mitigation of threat" and "denial of vulnerability" sound like the exact same thing. I am mitigating the threat by denying even the operation of the vulnerable Java plugins from automatically starting and executing whatever code a site is attempting to feed to them.

  2. Re:Time to learn. on iOS Developer Site At Core of Facebook, Apple Watering Hole Attack · · Score: 1

    a trusted platform like Java

    Sorry, what? Several things come to mind when I think about Java, "trusted" is not one of those things. Java is a textbook example of a single piece of the platform (the browser plugins) giving the entire thing a bad name, even if it's not justified. Anyone who still browses around the general internet with a browser that has the Java plugins enabled is either unaware of what the Java plugin is, or stupid. If you're a Java developer, have one browser with your plugins enabled that you use only to develop your own software. Your general-purpose browser should not have those things enabled, in fact all plugins should be click-to-start in your general browser. I have development and general use browsers and my applications don't even involve plugins, it makes sense for more reasons than just security.

    you can't avoid it directly

    Yeah you can, you really can. I visited the forum that was infected just to see what they were saying about it (interestingly, their announcement did not include anything about Java). I wasn't worried about visiting the forum because of how my browser is set up, it's not going to get infected even if they're trying to infect me. You really can avoid it, and it's not even hard to do. In this case, the forum was compromised because the attacker got credentials for an admin account and used it to modify the template to include his Javascript (or so claims the poster on the forum making the announcement). The users can't do anything about accounts getting compromised, but they sure as hell can avoid having a giant bullseye painted on their browser.

  3. Re:Seriously? on Python Trademark Filer Ignorant of Python? · · Score: 1

    If you google the word "python" THE TOP FOUR HITS ARE ALL ABOUT THE PROGRAMMING LANGUAGE. After that, we have one Wikipedia article on the snake, and then FOUR MORE ABOUT THE PROGRAMMING LANGUAGE.

    That's actually sort of telling that Google ranks the Wikipedia page for the language higher than the Wikipedia page for the animal. If you ask anyone on the street to define "python" they'll refer to the animal, but apparently the vast majority of people who use Google to search for it end up clicking on pages about the language.

  4. Re:Oh this will go well. on TPB Files Police Complaint Against CPIAC for Copying Website · · Score: 0

    The Pirate Bay, the world’s largest site for cultural diversity

    Is there some sort of citation for that, or do they just think it sounds good?

  5. Re:Fuck yeah on French Officials Say EU Will Sanction Google Over Privacy · · Score: 1

    Visiting almost any site on the web means you are using Google. Google Analytics, Ads, and blogging platforms... This isn't some optional service that you can simply choose not to use, like Dropbox or MS Office.

    It's pretty trivial to block *.google-analytics.com/* if you really have a problem with Analytics or their ads. People already use things like Adblock which automatically block their ads, it's really easy to add a rule to block google-analytics.com also.

  6. Re:Also, more is involved host files compromised.. on Facebook Hacks Points To Much Bigger Threat For Mobile Developers · · Score: 2

    Ok then, how did my hosts file get changed?

    Privilege escalation, arbitrary code execution.

    I don't have permission to write to it, no developer is going to visit a web page and then type in a password into a "webpage would like full access to your system" box.

    That point is moot if the exploit doesn't require any interaction.

  7. Is this even possible? I don't see anything that one needs to use the right pinky for except possibly /.

    How about [ ] \ ' ; etc? Or the Enter key?

  8. Re:I wonder if... on Asteroid 2012 DA14 Approaches · · Score: 4, Funny

    You were communicating with someone in Buenos Aires about an asteroid when the communication got cut off? I would like to know more.

  9. Re:Unrelated to 2012 DA14? on Huge Meteor Blazes Across Sky Over Russia; Hundreds Injured · · Score: 1

    They are probably rude because you keep asking which link to click on instead of just clicking on the links. There are only 6 of them, it's not like it's difficult to find information on this.

  10. Re:Almost? on Huge Meteor Blazes Across Sky Over Russia; Hundreds Injured · · Score: 1

    So you think God would go after some us heathens in the US that actually allow them to get married?

    Or maybe God just really SUCKS at aiming?

    If God had a message where he wanted to tell us that we're doing something wrong, what it is that we're doing wrong, why it's wrong, and what the right way is, maybe he would choose a better medium for his message than sending a random meteor to cause a sonic boom that breaks windows and injures a thousand people. Like, for example, appearing and actually speaking the message, so that there is no room for miscommunication.

    This God fellow sounds a lot like me in middle school. "I like that girl. I'm going to shoot a spitball at her. I'm sure she'll get the idea."

  11. Re:Regardless go 16:10 on Ask Slashdot: What Is Your Favorite Monitor For Programming? · · Score: 1

    I'll second that, I'm not sure that is the specific model that I own but it looks like it. I also got 2 of them, for $300 each at the time, and have one in portrait and one in landscape. Great for programming on, gaming is good also. Not a single broken pixel in either monitor, but the primary monitor does occasionally flicker just after I turn it on.

  12. Re:It's called the key on Driver Trapped In Speeding Car At 125 Mph · · Score: 2

    Here is the dashboard, where are these "ON" and "ACC" that you're referring to?

    Maybe he should have just pressed the "Eject" button.

  13. Re: It's called the key on Driver Trapped In Speeding Car At 125 Mph · · Score: 3, Informative

    This car doesn't have a "key", it has a button that says "Start/Stop".

  14. Re:Awesome on Driver Trapped In Speeding Car At 125 Mph · · Score: 5, Informative

    The article says that while he was unhurt, he did suffer two epileptic seizures. Imagine going through that, twice, at 125mph.

  15. Re:Musk isn't doing himself any favors here on Elon Musk Lays Out His Evidence That NYT Tesla Test Drive Was Staged · · Score: 1

    The US has a large market for luxury vehicles, this vehicle is in that market. Plenty of people are willing to spend $80k on a vehicle, especially one with zero emissions which very well may also cost nothing to refuel (if done at a Supercharger station). I'm one of those people, and I'm certainly not the only one. The Model S Signature model was sold out before delivery even started. They had over 13,000 preorders by Sept. 2012, and expect to sell 20k units in 2013. By the way, depending on batteries and performance, the base price of the various Model S vehicles are $57,400, $67,400, $77,400, $95,400, and $105,400 for the Signature Performance version in the US. All versions are more expensive in Europe.

  16. Re:Pathetic. on Elon Musk Lays Out His Evidence That NYT Tesla Test Drive Was Staged · · Score: 2

    So we take the word of a CEO as truth

    Not really, we just read his counter-argument and note the evidence that he puts forward to back up his claim.

    however consider the Reporter of a respected source a Lyer?

    I'm not sure why you capitalized (and misspelled) "Reporter" and "Lyer", but surely you're not suggesting that we take the claims of all journalists as fact. At what point after one gets hired by the New York Times do they become incapable of lying? He presents his narrative of the events that happened, and Elon Musk presents his narrative. The major difference is that Elon Musk has evidence, while the reporter has a history of writing anti-electric-vehicle articles.

    Digital logs can be altered.

    That's probably why Elon Musk is encouraging the New York Times to do their own investigation. He wants them to police themselves. That's a much nicer way to approach this then if he outright just sued them, or the writer personally.

  17. Re:Schadenfreude on Brazilians Can Now Buy an "iPhone" Loaded With Android · · Score: 1

    http://en.wikipedia.org/wiki/Third_World

    Huh. Ireland, Austria, and 2/3 of Scandinavia are third-world countries, while Angola and Mozambique are first-world countries. I did not know that. I always wondered where that term originated, now I know.

  18. Re:Apple lost in court on Brazilians Can Now Buy an "iPhone" Loaded With Android · · Score: 1

    Maybe this is the most intelligent movement for Apple at the moment. Brazilian government won't accept such a loss of tax income and will provide a "legal" solution for Apple.

    There's nothing "intelligent" about this, Apple lost the court case. They already have 3 legal (no need to quote that, because they're actually legal) solutions:

    1. Purchase the rights to use the "iPhone" name, the same way they purchased the rights to use "iPad" from Proview in China.
    2. Change the name.
    3. Not sell in Brazil.

    Apple sees Brazil as an "emerging market", they want that market share and those dollars. They aren't just going to not sell there. They can either pay to use someone else's trademark, or rebrand their phone for that market. I'll give them 10 to 1 odds that they pay for the usage rights.

  19. Re:So... why use Opera? on Opera Picks Up Webkit Engine · · Score: 1

    Why are web browsers considered so special that people want them to be things other than web browsers?

    You've got that backwards. It's not that web browsers are "considered so special", it's that all of the other services you mentioned are considered so useful that it just makes sense to have them all in one place.

  20. Re:Why do these phones always suck? on £6700 Phone Uses Android Instead of Windows · · Score: 1

    A screen made from sapphire will also add to the bill. I doubt the leather really costs that much, but a sapphire screen can't be cheap.

  21. Re:Why do these phones always suck? on £6700 Phone Uses Android Instead of Windows · · Score: 1

    I'm sure that the people who hang out in those circles know perfectly well what it is.

  22. Re:You're not supposed to use it on £6700 Phone Uses Android Instead of Windows · · Score: 3, Insightful

    How exactly do you expect them to get a license to use iOS? Apple doesn't give those out, their options are Android or Windows Phone. Of course they're going to choose Android.

  23. Re:And replace it with what? on New Adobe Flash Vulnerabilities Being Actively Exploited On Windows and OS X · · Score: 1

    That... doesn't answer the question. If your argument is that Flash is so awesome because it's the best "online multimedia platform", then you're going to have to back that up to what the fuck an "online multimedia platform" is and why I would want one.

    We can start that pretty simply. It is a vector-based graphic and animation tool that allows you to synchronize audio with the animation. That alone has every other alternative beat. Things like drag and drop and all of the various interactions can be reproduced with Javascript in a browser, but letting a non-programmer artist create the content and synchronize the audio with what's going on in the content isn't found in other alternatives.

  24. Re:And replace it with what? on New Adobe Flash Vulnerabilities Being Actively Exploited On Windows and OS X · · Score: 2

    It's gotten worse lately, now with Captivate and Articulate being released, anyone who can type can create online learning content. I've seen plenty that are no better than a Powerpoint presentation. We have a full staff of instructional designers, artists, etc who actually manage to create engaging and award-winning content, but seeing our competition, I feel your pain.

  25. Re:And replace it with what? on New Adobe Flash Vulnerabilities Being Actively Exploited On Windows and OS X · · Score: 1

    Yup, and it's products like yours why I periodically have go open up the browser of insecurity (IE) to access because it's the only one what has Flash enabled. Usually 2-3 times per year some company-mandatory crap needs it.

    If only there was a viable alternative. I haven't seen a good way to synchronize audio with animation, or to let a non-programmer create good artwork, for that matter. Until an HTML5/SVG authoring environment comes along which can export projects that have all of the functionality of Flash and can be used by an artist, we're stuck with Flash. Flash can export some things to HTML5, but it drops a lot of features when it does so.