But then again, you'll want to fsck from time to time to know if you have an issue. If you're waiting for the issue to appear "hey boss we apparently lost half the db" you'll lose more data during the time the corruption happens and you're not aware of it, than if you detected it earlier.
Thus being able to fsck in a decent amount of time matters.
Thats not the only thing of course. Sometimes you don't have a backup. Sometimes things are fucked up. Sometimes you're just required to get the thing running before the backup restoration is complete. Etc.
Otherwise, you know, we could just delete fsck, since as you pointed out, it's *never* needed! Yea, right.:)
Now then again I've never had a terrible experience like that with Firefox (neither with Chrome in fact, even thus both crash sometimes - Chrome noticeably more often - but its easier to recover most crashes by a tab reload, Firefox crash like twice a year). Then Chrome is actually slightly slower for some things, and still vastly faster for some other things (either that or things are Chrome optimized)
Anyhow, first of all the "there's no memory leak" has: 1/ often been true as it is very often the extensions causing it - until Firefox 4 - and guess what, they acknowledge it there, and worked on it. 2/ what "Mozilla" says is usually what 1 single developer says, because Mozilla does not really have much "official" declarations. This one and many other were. Like the "dont care for entreprise" thing. If one lone dev from another company says something wrong, everyone understands. Odd.
Secondly, Chrome uses different processes not just for tabs, but also for the UI (and the rendering and java, etc). While this eats up memory like there's no tomorrow, its very good for reactivity. Firefox simply does not do that. Then again, they're working on it too, but I fear this one will be too little too late.
On Android however, where it seems they put a lot of resources, this went fast. Firefox went to multiprocessing model (one per tab + one for UI) and it is pretty good, response is always instant (like Chrome) - yeah but - it uses a lot of memory - and needs to load it's own libraries which it has a lot of - and which is slow on Android, because, the storage ain't that fast.
Firefox then went to the Android's "Native" UI which is basically Android Java UI that asynchronously talk to Gecko, Firefox's engine. No more "one process per tab". No more memory wasted. It's also faster than the multiprocess model on really slow hardware (yep - you'll notice the Android webkit browser also do not have multiprocess). But also, as it's full async, since the UI has been written from scratch, it's just as responsive as the multiprocess model. Doesn't block. Ever. Like Chrome.
On the bad side, most extensions are incompatible, but then again, extensions weren't compatible on the first Firefox for Android either. They don't all need a full rewrite, just an API to call the new native UI stuff.
There's a large difference tho. Google has the public opinion still on it's side. MS had lost it way before they started ActiveX.
And technically - Google's stuff is usually slightly better and more open (because yeah, no matter what you hear, some MS still is actually genuinely awesome.Surface, Kinnect, Singularity, etc, are actually splendid, some of which are open too)
And that is why Google is currently a danger for the free web we still have today.
the big diff is if the source does bad stuff its easy to find and fix once you figured something was wrong.
plus, when its big (a mobile OS for example), there's hundred of people from various places writing and eyeballing source and commits. those people have no incentive to get backdoors in, and if there's a blacksheep, it's going to be very tricky to insert rogue code (it has to look like regular code with a security bug, and the bug must be non-trivial so others won't notice).
For iOS it's different. This story has to be a PR disaster for the backdoor to be removed. Plus they could just change it and claim it was removed (in some PR fashion, like, we removed a security feature that helped capture terrorists and was used under the rules of law, or whatever)
"6. Lastly, if you are running standard open-source packages test your site for cross-scripting vulnerabilities. " so closed-source packages are immune to XSS? Great!
I'm also amazed how many people offer their services through/. in this field.
I'm also not sure where you want to store your sql credentials. they're to be stored somewhere and the backend scripts have to access sql. from that point on, what you write is moot. instead you probably mean "be careful where you're storing simple things such as passwords, and what can access them".
finally, don't "close down ports you don't use". instead "close everything down and open what you use". on the network point of view that's easy and the general practice.
it depends what security experts do. i don't know many experts that spent a lot of time in school. it doesn't even really matter as most work on stuff at home too and always did so anyway.
the best experts i know are typically your ex hacker, however cliché that is. that's because it's different when you attempt to "just break software" following instructions, and being in front of the problem without any limitation.
a hacker, as in a guy attacking and compromising hosts has indeed no limitation. he has a target and he has to compromise it. those guys are generally creative and have to think outside the box all the time.
again, that' a different mindset than having a list of rules or checkpoints, or following a "how to buffer overflow xx" and attempting to do it yourself, or "how to unpack program ZZ" and attempting to unpack a program yourself. the later is useful, but it's still the wrong mindset.
Isn't that the basics? Everyone knows so since forever.
you nailed the issue "theres always a shortcut to save time or money" (actually its time and money, time *is* money;-)
there's no point having a secure app if it's not going to sell. making money is more important than being secure. it's all about balance, aka making money while being as secure as possible. some achieve better balance than others.
Firefox addons are full javascript. Plus Chrome supports similar addons. They've nothing in common with NaCl.
Re:Is Google trying to fragment web?
on
MAME Running In Chrome
·
· Score: 4, Informative
It's not a plugin. It's integrated in chrome. It's called NaCl aka native client. the mame emulator is just ran from NaCl just like you load a java applet when you visit the web, except that the java part would be integrated into chrome.
it doesn't work anywhere else. do you call java applets loaded from - the web - local programs?
And there are tons of emulators that work on the web *without* NaCl and which are fully open. Heck there's even a Linux emulator.None of which uses NaCl.
Finally please note that you can't currently run NaCl properly on tablet devices. Also that's *Android* tablet devices, and no, they don't actually ship with Chrome yet.
And no, MS point of activex was, probably to allow easier plugin implementation (they already had sufficient lock-ins to have 95% of the OS market back then) Google's goal is obviously client browser control by enforcing Chrome. For one thing, NaCl is actually, well, about running native apps and not writing open apps (web technologies such as html/js/webgl/etc force you to write open apps). For the other, it's terribly difficult to implement in other browsers, and there is not a single doubt that Google would change the specs along the way so that other browsers don't have all the features.
Now you don't have to believe me on that. You can just check.
- Google's playing the spec/changes game already on HTML5. Many things are Chrome-only, and often in obscure way. Like, Gmail, Gdocs offline? Well it works only on Chrome because it uses Chrome specific tags. Please go ahead and look at it.
- Google has a Chrome-only webstore which only, only works with Chrome. Even thus the apps on it are regular webapps, those use also a few Chrome-only things and you require Chrome to use the web apps (which, btw, are just websites of course, by nature).
Now if that's not attempting to lock-in users and fragmenting the web I don't know what is.
Actually Google created Chrome to push Google technologies.
Pushing Google technologies make sure people keep using Google websites and thus keep getting their ads (and Google to get people's data - remember, you're the product now).
So while the conclusion is what you said, I think it's important to decompose the steps. Specially because pushing Google technologies may go against Mozilla/Firefox sometimes, as all technologies are not made for the "open, standard, etc. web" and Mozilla would actively refuse those (like NaCl or Dart).
And that's why the fingerprint's used to actually check which key is what. The short keyid has always been a short hand for the sake of simplicity, aka, if it doesn't match, it's wrong (that always works).
For performing true verification, fingerprint, always. If you check the key signing parties, they always check fingerprints too. For that reason.
It's not very clear but what you mean, is that only Google and IE are left, there will still be many IE users using Bing. If Firefox is there too, and uses Google search, that's many users which could have been using IE instead of Chrome.
That's true. Although it's not all there is to it, its certainly part of it.
The *Google* engineer post about how is company is an angel and he doesn't get how *people* don't want to "understand" (the word he's looking for is *believe*) his point of view, he gets all mad. In my days we'd have just written "roflololol" or some dumb thing like that, cause, that's what it's worth. At best, it's an attempt to insult everyone's intelligence.
Advance the web like, there's now about 10% of the sites I visit which have Chrome only functions?
Making your own stuff because you own a vast majority of the web services and now web clients, telling others "you can copy if you like" is NOT advance. That's usually what happens with monopolies. That's why there's a 3rd party called W3C to make standards - not Google. Google can propose. But they don't do that. They enforce too. Specially the things they know others will not implement (NaCl => buy game companies => release games)
(unfortunately you then have the lobbying issue, corporations go out of their bounds to enforce stuff at any level, but it slows them down.)
You know what's funny? I'd trust a company telling the bare truth like that a little more. "We do it because it brings us a 11% profit over trying to crush them, according to our analysis it's the best course of action". Heck, I'd almost go work for them.
kinda suck to read on a phone tho. - bright screen hurt my eyes over time - low battery (aka you can't read the whole book before its dead) - small screen - they're often not cheaper
That is, some guys change stuff in the UI and declare it's where the innovation is. It's not that it's good. It's just different, and backed with strong advertising (Apple, etc).
Then others feel they *have* to follow a similar path to survive and "have something new to announce". Otherwise, you're not news worthy, etc, etc.
I also call it being blind:P
It's fine to copy concepts, but copy the ones that are actually good.
Slashdot Mirror
the "cool" stuff about patents and all the lawsuits
the only losers are always us, the consumers. no one else.
But then again, you'll want to fsck from time to time to know if you have an issue.
If you're waiting for the issue to appear "hey boss we apparently lost half the db" you'll lose more data during the time the corruption happens and you're not aware of it, than if you detected it earlier.
Thus being able to fsck in a decent amount of time matters.
Thats not the only thing of course. Sometimes you don't have a backup. Sometimes things are fucked up. Sometimes you're just required to get the thing running before the backup restoration is complete. Etc.
Otherwise, you know, we could just delete fsck, since as you pointed out, it's *never* needed! :)
Yea, right.
Well, you could use Firefox ESR then, unless updating once a year is still too much.
Most Android apps are pure java and run on the JVM.
That is, those would run on intel just as well as on ARM without any single change.
It' only an issue for apps using the NDK but there aren't many.
Now then again I've never had a terrible experience like that with Firefox (neither with Chrome in fact, even thus both crash sometimes - Chrome noticeably more often - but its easier to recover most crashes by a tab reload, Firefox crash like twice a year). Then Chrome is actually slightly slower for some things, and still vastly faster for some other things (either that or things are Chrome optimized)
Anyhow, first of all the "there's no memory leak" has:
1/ often been true as it is very often the extensions causing it - until Firefox 4 - and guess what, they acknowledge it there, and worked on it.
2/ what "Mozilla" says is usually what 1 single developer says, because Mozilla does not really have much "official" declarations. This one and many other were. Like the "dont care for entreprise" thing. If one lone dev from another company says something wrong, everyone understands. Odd.
Secondly, Chrome uses different processes not just for tabs, but also for the UI (and the rendering and java, etc). While this eats up memory like there's no tomorrow, its very good for reactivity.
Firefox simply does not do that. Then again, they're working on it too, but I fear this one will be too little too late.
On Android however, where it seems they put a lot of resources, this went fast.
Firefox went to multiprocessing model (one per tab + one for UI) and it is pretty good, response is always instant (like Chrome) - yeah but - it uses a lot of memory - and needs to load it's own libraries which it has a lot of - and which is slow on Android, because, the storage ain't that fast.
Firefox then went to the Android's "Native" UI which is basically Android Java UI that asynchronously talk to Gecko, Firefox's engine. No more "one process per tab". No more memory wasted. It's also faster than the multiprocess model on really slow hardware (yep - you'll notice the Android webkit browser also do not have multiprocess).
But also, as it's full async, since the UI has been written from scratch, it's just as responsive as the multiprocess model. Doesn't block. Ever. Like Chrome.
On the bad side, most extensions are incompatible, but then again, extensions weren't compatible on the first Firefox for Android either. They don't all need a full rewrite, just an API to call the new native UI stuff.
Hope that clears up the misconceptions.
That has nothing to do with it. Do you imply Microsoft dropped javascript back in the days? Of course, they did not.
It's called embrace, extend, extinguish. You did not remember the lesson with IE?
There's a large difference tho.
Google has the public opinion still on it's side. MS had lost it way before they started ActiveX.
And technically - Google's stuff is usually slightly better and more open (because yeah, no matter what you hear, some MS still is actually genuinely awesome.Surface, Kinnect, Singularity, etc, are actually splendid, some of which are open too)
And that is why Google is currently a danger for the free web we still have today.
the big diff is if the source does bad stuff its easy to find and fix once you figured something was wrong.
plus, when its big (a mobile OS for example), there's hundred of people from various places writing and eyeballing source and commits. those people have no incentive to get backdoors in, and if there's a blacksheep, it's going to be very tricky to insert rogue code (it has to look like regular code with a security bug, and the bug must be non-trivial so others won't notice).
For iOS it's different. This story has to be a PR disaster for the backdoor to be removed. Plus they could just change it and claim it was removed (in some PR fashion, like, we removed a security feature that helped capture terrorists and was used under the rules of law, or whatever)
"6. Lastly, if you are running standard open-source packages test your site for cross-scripting vulnerabilities. "
so closed-source packages are immune to XSS? Great!
I'm also amazed how many people offer their services through /. in this field.
I'm also not sure where you want to store your sql credentials. they're to be stored somewhere and the backend scripts have to access sql. from that point on, what you write is moot.
instead you probably mean "be careful where you're storing simple things such as passwords, and what can access them".
finally, don't "close down ports you don't use". instead "close everything down and open what you use". on the network point of view that's easy and the general practice.
it depends what security experts do. i don't know many experts that spent a lot of time in school. it doesn't even really matter as most work on stuff at home too and always did so anyway.
the best experts i know are typically your ex hacker, however cliché that is. that's because it's different when you attempt to "just break software" following instructions, and being in front of the problem without any limitation.
a hacker, as in a guy attacking and compromising hosts has indeed no limitation. he has a target and he has to compromise it. those guys are generally creative and have to think outside the box all the time.
again, that' a different mindset than having a list of rules or checkpoints, or following a "how to buffer overflow xx" and attempting to do it yourself, or "how to unpack program ZZ" and attempting to unpack a program yourself. the later is useful, but it's still the wrong mindset.
Isn't that the basics? Everyone knows so since forever.
you nailed the issue "theres always a shortcut to save time or money" (actually its time and money, time *is* money ;-)
there's no point having a secure app if it's not going to sell. making money is more important than being secure. it's all about balance, aka making money while being as secure as possible. some achieve better balance than others.
Firefox addons are full javascript. Plus Chrome supports similar addons.
They've nothing in common with NaCl.
It's not a plugin. It's integrated in chrome. It's called NaCl aka native client.
the mame emulator is just ran from NaCl just like you load a java applet when you visit the web, except that the java part would be integrated into chrome.
it doesn't work anywhere else. do you call java applets loaded from - the web - local programs?
And there are tons of emulators that work on the web *without* NaCl and which are fully open. Heck there's even a Linux emulator.None of which uses NaCl.
Finally please note that you can't currently run NaCl properly on tablet devices. Also that's *Android* tablet devices, and no, they don't actually ship with Chrome yet.
So you're entire post is very uninformed.
NaCl is much more similar to java applets.
And no, MS point of activex was, probably to allow easier plugin implementation (they already had sufficient lock-ins to have 95% of the OS market back then)
Google's goal is obviously client browser control by enforcing Chrome. For one thing, NaCl is actually, well, about running native apps and not writing open apps (web technologies such as html/js/webgl/etc force you to write open apps). For the other, it's terribly difficult to implement in other browsers, and there is not a single doubt that Google would change the specs along the way so that other browsers don't have all the features.
Now you don't have to believe me on that. You can just check.
- Google's playing the spec/changes game already on HTML5. Many things are Chrome-only, and often in obscure way. Like, Gmail, Gdocs offline? Well it works only on Chrome because it uses Chrome specific tags. Please go ahead and look at it.
- Google has a Chrome-only webstore which only, only works with Chrome. Even thus the apps on it are regular webapps, those use also a few Chrome-only things and you require Chrome to use the web apps (which, btw, are just websites of course, by nature).
Now if that's not attempting to lock-in users and fragmenting the web I don't know what is.
Actually Google created Chrome to push Google technologies.
Pushing Google technologies make sure people keep using Google websites and thus keep getting their ads (and Google to get people's data - remember, you're the product now).
So while the conclusion is what you said, I think it's important to decompose the steps. Specially because pushing Google technologies may go against Mozilla/Firefox sometimes, as all technologies are not made for the "open, standard, etc. web" and Mozilla would actively refuse those (like NaCl or Dart).
Some also like having a nice car and a nice home if they can afford it. Driving something better than a Civic doesn't make you a fool.
It is a vulnerability. What you mean is that it's not a design error.
The semantics here are actually important ;-)
And that's why the fingerprint's used to actually check which key is what.
The short keyid has always been a short hand for the sake of simplicity, aka, if it doesn't match, it's wrong (that always works).
For performing true verification, fingerprint, always. If you check the key signing parties, they always check fingerprints too. For that reason.
It's not very clear but what you mean, is that only Google and IE are left, there will still be many IE users using Bing.
If Firefox is there too, and uses Google search, that's many users which could have been using IE instead of Chrome.
That's true. Although it's not all there is to it, its certainly part of it.
The *Google* engineer post about how is company is an angel and he doesn't get how *people* don't want to "understand" (the word he's looking for is *believe*) his point of view, he gets all mad. In my days we'd have just written "roflololol" or some dumb thing like that, cause, that's what it's worth. At best, it's an attempt to insult everyone's intelligence.
More like Goozilla.
Advance the web like, there's now about 10% of the sites I visit which have Chrome only functions?
Making your own stuff because you own a vast majority of the web services and now web clients, telling others "you can copy if you like" is NOT advance.
That's usually what happens with monopolies. That's why there's a 3rd party called W3C to make standards - not Google. Google can propose. But they don't do that. They enforce too. Specially the things they know others will not implement (NaCl => buy game companies => release games)
(unfortunately you then have the lobbying issue, corporations go out of their bounds to enforce stuff at any level, but it slows them down.)
You know what's funny?
I'd trust a company telling the bare truth like that a little more. "We do it because it brings us a 11% profit over trying to crush them, according to our analysis it's the best course of action". Heck, I'd almost go work for them.
in the us, they are crazy, that is. and yes, they are. those guys make zillion and zillions cause you *need* them and theres generally no replacement
kinda suck to read on a phone tho.
- bright screen hurt my eyes over time
- low battery (aka you can't read the whole book before its dead)
- small screen
- they're often not cheaper
thus i still enjoy real books personally.
Yes and no.
It's the "Silicon Valley effect".
That is, some guys change stuff in the UI and declare it's where the innovation is. It's not that it's good. It's just different, and backed with strong advertising (Apple, etc).
Then others feel they *have* to follow a similar path to survive and "have something new to announce". Otherwise, you're not news worthy, etc, etc.
I also call it being blind :P
It's fine to copy concepts, but copy the ones that are actually good.