I went to an Ajax conference last fall and I'm pretty sure that presenters mentioned this vulnerability in JSON.
All AJAX applications transfer data between the webpage in the client's browser and the server. If the data is in XML, the webpage and the XML have to come from the same server. If it's JSON (JavaScript Object Notation), then they do not have to come from the same server. So, if you are sending data that depends on some kind of authentication - don't use JSON.
The JSON vulnerability comes from having your session open too long. Someone navigates to a bad site and it access the active session on the target site. Shorter session timeouts help with this. You can also do some authentication in the XML request as well. And don't use JSON for data that requires authentication.
In short, if you're using AJAX for data that requires authentication, then you need to take some simple precautions.
# Buying DVDs # Buying expensive games for consoles As much as folks gripe about the music industry, I do wonder if people are simply shifting their entertainment dollars elsewhere. In the last ten years, you've had a huge increase in movie sales with the introduction of affordable DVD - you can now have a version of the movie for less than it costs to see it once (especially if you include travel and food) that has extra stuff you won't see in the movie theater. This has already changed the economics of the movie industry - movies can now be bigger blockbusters in the DVD market than in theaters. In the last few years, the average 18-34 U.S. male now spends more money on video games than music. I also know many people who have satellite radio and now rarely buy CDs. Also, you have paid music programming available on countless satellite and digital cable outlets in addition to the internet.
All of these other forms of entertainment cut into both the money spent on recorded music and the time listening to music.
It sounds like people opened one bad attachment and that was it. It's easy to blame them for that, but people get personal e-mail with legitimate attachments all the time. All it takes is one mistake to infect your PC. Also, the malware these days often does some devious things -
*Often, the software uses your copy of outlook to hit other people in your address book. Consequently, the infected messages often come from a trusted source - bypassing spam filters as well as the recipients normal level of suspicion.
*The messages often mirror a terse business communication ie, "Please review and respond" along with a safe looking file name. These are no longer the "click here for nude pictures" e-mails, but good impersonations of day-to-day business correspondance.
I think of a friend of mine who kept birds. Her boyfriend got her a cat (she was a big animal fan) and she figured she could keep both in her apartment as long as the birds were in a room with a door to it. Her plan was to close the door every day before she went to work so the cat couldn't get in there when she was out. Of course, she had several things she had to do every morning before going to work and the cat had only one thing to pay attention to - did she leave the door open today? Eventually, she was in a rush one morning and came home to find the door open to the bird's room but no bird.
And yep, having Windows and MS Office was the canary to the hacker's cat.
There was an interesting article in March's Harpers written by a reporter who checked himself into an "Internet Addiction Treatment Center." Unfortunately, the acticle's not online, but it's worth checking out at a library or newstand.
The Post article is a little less behind the scenes, but it does detail how China is pretty much treating Internet Addiction along the same lines as heroin and alcohol addictions.
The pizazz of the blood elf area may have been intentional, but I'm not convinced that Belfs are creating many switchers from Alliance to Horde.
I tried rolling both a Draenei and a Belf during the launch week for Burning Crusade. While the Blood Elfs are prettier, it still seemed like folks were rolling more Draenei. The Draenei area was packed like the checkout area of a Wal-Mart. There were so many players in that small zone that it was unplayable - you had to camp on a postage stamp to kill the same respawn over and over. I eventually gave up and didn't roll another Draenei until the next week. The Belf starting zone was busy, but playable.
It's very hard to start your first character in a new faction. If you have a higher level character who can help out with a few starting items (like bags to carry loot), it's much easier to roll in your own faction. Also, most players have guildmates and friends who play. If you want to chat with those friends in-game, you have to stay in your faction.
While I've liked both starting areas, I have quite enjoyed the Draenei starting quests. It's true that the architecture in the Blood Elf region is more complex, but that's consistent with the game in my opinion - the Blood Elfs are starting in their recently wrecked city, the Draenei start stranded on a remote island. The starting quests on the Draenei side are quite good - in fact, the "Medal Ceremony" at the end of the final elite quest is very cool. And then there's the Kessell Run.
However, I can see how someone might prefer the flavor of the Blood Elf starting area to the Draenei area. To me, that difference in flavor shows how much thought Blizzard put into each area.
At one company I worked for, the merchandising software (the system that lets business people price products for sale) had a prompt whenever someone priced a product below its wholesale cost - something to the effect of "The cost of item Z is $Y, do you really want to change it to $X?" However, items were priced below cost so often (especially on clearance merchandise) that the data entry folks began just accepting the prompt every time without reading the numbers. Eventually, someone priced a $299 item at $149 instead of $249. Because of that, we had to write reports to track cases where the price reduction was more than a certain percent of the cost.
My guess is that Amazon's promotional system will let them give away products for free and someone didn't check that promotion before setting up on the site.
Whenever you make what you think is a foolproof system, someone comes up with a bigger fool.
...unless he can do it more than once. I shudder to think how many musical artists have one trick and have generated one catchy tune by perfecting the one trick they now.
The other section of McCain's legislation targets convicted sex offenders. It would create a federal registry of "any e-mail address, instant-message address, or other similar Internet identifier" they use, and punish sex offenders with up to 10 years in prison if they don't supply it.
Then, any social-networking site must take "effective measures" to remove any Web page that's "associated" with a sex offender.
People are going to freak on this - both liberals and people with any online presence at all. It think McCain was thinking MySpace when he crafted this but we all know many uses for forums beyond social networks. These include -
*Software support forums (both vendor moderated and third party). *Customer review sites. *Comments sections on countless news organization sites.
All of these would have to implement and maintain a massive database of e-mail addresses to screen out sex offenders or subscribe to a service that identifies e-mail addresses. Both of these options cost money to solve a problem that most public forums don't have.
The legislation is completely clueless and will have businesses banging on McCain's door to kill it.
It's not just the location of the bottom trigger but the location of the top buttons AND their functionality (one is a "thumb pad" type device, the other is a regular old button). Lastly, the Wii-mote is shaped more like a remote control than a gun or a two-handed controller. So, Interlink's remote seems more unique and it bears a striking resemblance to the Wii-mote.
One limitation is that you choose your faction at the moment you create your character, not through the quests that you choose. It's interesting to imagine how the game would be different if someone could choose to join the Defias or Bloodsail Buccaneers or the Venture Company by accepting certain quests. Sure, some quests let you gain reputation with certain factions, but the game doesn't really force you to choose one side or another through your actions.
I started playing WoW with a friend who's a policeman. When we got to the mid-twenties, we were gathering quests in Darkshire when he sent me a tell - "This guy just offered me money to make a hit on a guy in jail." Now, it's just a regular quest in the game, but from a real-life ethics perspective - especially for a guy whose day job revolves around the judicial process - a vigilante killing for hire is serious stuff. What if players could choose to kill the guy or escort him out after subduing him?
But yeah, we did end up killing all those dudes in the stockades.
This is supposed to be taught in Freshman Composition...
Too true. Unfortunately, Freshman Comp is typically taught by lower level English graduate students; in fact, it's often the instructor's first time teaching a class. Undergrads don't get exposed to more experienced Liberal Arts instructors until they get into higher level classes. I don't intend that as a dig at Freshman Comp teachers - many go on to become excellent professors once they've gained some experience. Occasionally, you'll get a Freshman Comp instructor who's either a natural teacher or has prior teaching experience, but that's somewhat rare.
I was an English major and made my way into IT through the workplace. I constantly encounter situations where I use my college skills to write and speak clearly. In fact, I'm struck by how well those skills have aged at this point in my career versus the skills of IT/CS majors my age (I'm 40).
So, for Computer Science/IT/MIS majors, I'd recommend the following -
Take at least one class a year outside of your field that requires writing assignments. It can be in Literature, History, Economics,Psychology - whatever interests you - but learning about diverse subjects and being able to write in response keeps your writing skills honed and your abstract reasoning skills sharp. Also, learning outside of your major may help apply your technical skills to real life domains.
Take a Public Speaking class. Some degree programs require it, but anyone who graduates from a university should be able to give a coherent oral presentation. Most Public Speaking classes aren't just about the mechanics of speaking (vocal projection, enunciation, body language and eye contact) but also how to organize your thoughts and shape a presentation for a given audience and time frame. People won't see the value in your ideas if they don't understand what you're talking about.
The questions on the quiz were pretty reasonable. However, I know plenty of adults who probably wouldn't pass. I find that there's a divide...around the age of 30 right now...between people who use social networking sites and those who don't. That means that there's a considerable need to educate parents, not just kids.
Based on the occasional hysteria over MySpace, many adults either assume that merely being on MySpace makes you a target for predators or on the other hand that kids implicitly know how to manage themselves. Like many things, the truth is somewhere in the middle - if you're reasonably careful, you can interact with people safely online. However, there are a few precautions to take.
I've just started cracking a few books on AJAX and I think this book avoided the libraries you mentioned for a couple of reasons.
*The book's goal is to teach you how AJAX actually works through coding JavaScript and JAVA in a sampleproject. GWT (I'm not real familiar with ECHO) very much abstracts what's going on at the browser level. In short, you could make AJAX apps with GWT, but you wouldn't really learn how AJAX apps function. For the purposes of illustratring how AJAX works, the libraries in something like Dojo work better.
*There is a surfeit of libraries and tools for AJAX. I've seen plenty of books that just catalog libraries; unfortunately, that broad coverage tends to keep you from using the technology in depth. If anything, until you start using one set of tools, you never really know what best suits your needs. It seems like it doesn't focus on just one toolkit anyway.
In short, the books gives you exposure to a few different libraries as you work through the projects so you can make a more informed choice later when looking at tools like GWT.
I was the first among my friends to get World of Warcraft. However, two friends (a Diablo II Mac player and another who never bought a single game) have gotten it and are as avid players as me if not more so. Unlike other games, there is a very strong cooperative play aspect to the game along with some great game content. Also, you don't have to have exceptional eye-hand coordination to play it (though it helps with certain classes in PvP). In that respect, I think that WoW has attracted many people who wouldn't normally play games - MMO or otherwise.
On the other hand, I don't think they're more likely to buy other games now.
Cannibalizing their own playerbase has to be a big concern for Blizzard. When the expansion pack comes out later this year, that will give the hardcore players a few more months of play. I doubt they would do anything to distract from marketing that release.
My guess is you won't see a different MMORPG from Blizzard for a couple of more years - depending on how WoW subscriptions go.
A friend of mine's IPod died after it fell out of his cart into a rain filled gutter. He let his one-year-old daughter play with it. She would shake it around and drop it on the carpet repeatedly. After she was done playing with it, he picked it up and hit the play button. It worked!
My guess is that his daughter managed to shake it just enough to fix whatever was loose without knocking something else out of place. Of course, he doesn't let her play with the iPod anymore.
Actually, I wouldn't say it's a "dumbing down" as much as a "one size fits all" approach in public schools. Ideally, schools should help all students approach their potential. If you have the potential to be an auto mechanic and end up flipping burgers, the school has failed as much as if you could have been a computer scientist but end up as an auto mechanic. I say this because there isn't just a shortage in computer science grads but there's a shortage of qualified candidates for non-degree technical jobs such as heavy equipment operators, electricians and auto mechanics.
It seems that most high schools are geared to creating candidates for lightweight business degrees through rote learning. Can't sit still and would rather work with your hands? Too bad! Want to be learn on your own and study advanced math and science? Tough luck!
Slashdot Mirror
What because you can cross-site script XML? Enlighten me.
I went to an Ajax conference last fall and I'm pretty sure that presenters mentioned this vulnerability in JSON.
All AJAX applications transfer data between the webpage in the client's browser and the server. If the data is in XML, the webpage and the XML have to come from the same server. If it's JSON (JavaScript Object Notation), then they do not have to come from the same server. So, if you are sending data that depends on some kind of authentication - don't use JSON.
The JSON vulnerability comes from having your session open too long. Someone navigates to a bad site and it access the active session on the target site. Shorter session timeouts help with this. You can also do some authentication in the XML request as well. And don't use JSON for data that requires authentication.
In short, if you're using AJAX for data that requires authentication, then you need to take some simple precautions.
# Buying expensive games for consoles As much as folks gripe about the music industry, I do wonder if people are simply shifting their entertainment dollars elsewhere. In the last ten years, you've had a huge increase in movie sales with the introduction of affordable DVD - you can now have a version of the movie for less than it costs to see it once (especially if you include travel and food) that has extra stuff you won't see in the movie theater. This has already changed the economics of the movie industry - movies can now be bigger blockbusters in the DVD market than in theaters. In the last few years, the average 18-34 U.S. male now spends more money on video games than music. I also know many people who have satellite radio and now rarely buy CDs. Also, you have paid music programming available on countless satellite and digital cable outlets in addition to the internet.
All of these other forms of entertainment cut into both the money spent on recorded music and the time listening to music.
It sounds like people opened one bad attachment and that was it. It's easy to blame them for that, but people get personal e-mail with legitimate attachments all the time. All it takes is one mistake to infect your PC. Also, the malware these days often does some devious things -
*Often, the software uses your copy of outlook to hit other people in your address book. Consequently, the infected messages often come from a trusted source - bypassing spam filters as well as the recipients normal level of suspicion.
*The messages often mirror a terse business communication ie, "Please review and respond" along with a safe looking file name. These are no longer the "click here for nude pictures" e-mails, but good impersonations of day-to-day business correspondance.
I think of a friend of mine who kept birds. Her boyfriend got her a cat (she was a big animal fan) and she figured she could keep both in her apartment as long as the birds were in a room with a door to it. Her plan was to close the door every day before she went to work so the cat couldn't get in there when she was out. Of course, she had several things she had to do every morning before going to work and the cat had only one thing to pay attention to - did she leave the door open today? Eventually, she was in a rush one morning and came home to find the door open to the bird's room but no bird.
And yep, having Windows and MS Office was the canary to the hacker's cat.
There was an interesting article in March's Harpers written by a reporter who checked himself into an "Internet Addiction Treatment Center." Unfortunately, the acticle's not online, but it's worth checking out at a library or newstand.
c le/2007/02/21/AR2007022102094.html
The Post article is a little less behind the scenes, but it does detail how China is pretty much treating Internet Addiction along the same lines as heroin and alcohol addictions.
http://www.washingtonpost.com/wp-dyn/content/arti
Well, sorta.
The pizazz of the blood elf area may have been intentional, but I'm not convinced that Belfs are creating many switchers from Alliance to Horde.
I tried rolling both a Draenei and a Belf during the launch week for Burning Crusade. While the Blood Elfs are prettier, it still seemed like folks were rolling more Draenei. The Draenei area was packed like the checkout area of a Wal-Mart. There were so many players in that small zone that it was unplayable - you had to camp on a postage stamp to kill the same respawn over and over. I eventually gave up and didn't roll another Draenei until the next week. The Belf starting zone was busy, but playable.
It's very hard to start your first character in a new faction. If you have a higher level character who can help out with a few starting items (like bags to carry loot), it's much easier to roll in your own faction. Also, most players have guildmates and friends who play. If you want to chat with those friends in-game, you have to stay in your faction.
While I've liked both starting areas, I have quite enjoyed the Draenei starting quests. It's true that the architecture in the Blood Elf region is more complex, but that's consistent with the game in my opinion - the Blood Elfs are starting in their recently wrecked city, the Draenei start stranded on a remote island. The starting quests on the Draenei side are quite good - in fact, the "Medal Ceremony" at the end of the final elite quest is very cool. And then there's the Kessell Run.
However, I can see how someone might prefer the flavor of the Blood Elf starting area to the Draenei area. To me, that difference in flavor shows how much thought Blizzard put into each area.
Or it could be their pricing business people.
At one company I worked for, the merchandising software (the system that lets business people price products for sale) had a prompt whenever someone priced a product below its wholesale cost - something to the effect of "The cost of item Z is $Y, do you really want to change it to $X?" However, items were priced below cost so often (especially on clearance merchandise) that the data entry folks began just accepting the prompt every time without reading the numbers. Eventually, someone priced a $299 item at $149 instead of $249. Because of that, we had to write reports to track cases where the price reduction was more than a certain percent of the cost.
My guess is that Amazon's promotional system will let them give away products for free and someone didn't check that promotion before setting up on the site.
Whenever you make what you think is a foolproof system, someone comes up with a bigger fool.
...unless he can do it more than once. I shudder to think how many musical artists have one trick and have generated one catchy tune by perfecting the one trick they now.
So, welcome to the One-Hit-Wonder club Mr. Gjertsen. Please take the seat next toToni Basil across from Antonio Romero Monge and Rafael Ruiz.
The other section of McCain's legislation targets convicted sex offenders. It would create a federal registry of "any e-mail address, instant-message address, or other similar Internet identifier" they use, and punish sex offenders with up to 10 years in prison if they don't supply it.
Then, any social-networking site must take "effective measures" to remove any Web page that's "associated" with a sex offender.
People are going to freak on this - both liberals and people with any online presence at all. It think McCain was thinking MySpace when he crafted this but we all know many uses for forums beyond social networks. These include -
*Software support forums (both vendor moderated and third party).
*Customer review sites.
*Comments sections on countless news organization sites.
All of these would have to implement and maintain a massive database of e-mail addresses to screen out sex offenders or subscribe to a service that identifies e-mail addresses. Both of these options cost money to solve a problem that most public forums don't have.
The legislation is completely clueless and will have businesses banging on McCain's door to kill it.
It's not just the location of the bottom trigger but the location of the top buttons AND their functionality (one is a "thumb pad" type device, the other is a regular old button). Lastly, the Wii-mote is shaped more like a remote control than a gun or a two-handed controller. So, Interlink's remote seems more unique and it bears a striking resemblance to the Wii-mote.
/ 08/90interlink_screen005.jpg
Best image is here
http://image.com.com/gamespot/images/2006/news/12
I have to admit that I can't think of a another remote control looking device with a trigger on the bottom.
One limitation is that you choose your faction at the moment you create your character, not through the quests that you choose. It's interesting to imagine how the game would be different if someone could choose to join the Defias or Bloodsail Buccaneers or the Venture Company by accepting certain quests. Sure, some quests let you gain reputation with certain factions, but the game doesn't really force you to choose one side or another through your actions.
I started playing WoW with a friend who's a policeman. When we got to the mid-twenties, we were gathering quests in Darkshire when he sent me a tell - "This guy just offered me money to make a hit on a guy in jail." Now, it's just a regular quest in the game, but from a real-life ethics perspective - especially for a guy whose day job revolves around the judicial process - a vigilante killing for hire is serious stuff. What if players could choose to kill the guy or escort him out after subduing him?
But yeah, we did end up killing all those dudes in the stockades.
This is supposed to be taught in Freshman Composition...
Too true. Unfortunately, Freshman Comp is typically taught by lower level English graduate students; in fact, it's often the instructor's first time teaching a class. Undergrads don't get exposed to more experienced Liberal Arts instructors until they get into higher level classes. I don't intend that as a dig at Freshman Comp teachers - many go on to become excellent professors once they've gained some experience. Occasionally, you'll get a Freshman Comp instructor who's either a natural teacher or has prior teaching experience, but that's somewhat rare.
So, for Computer Science/IT/MIS majors, I'd recommend the following -
Add on outlook. Connect to trojan access points and allow them to get their malware.
I think the music came from a film strip from when I was in high school.
Yeah, that's right, I said "film strip". Maybe next time, they should use more current music like Ace Of Base or Hootie and the Blowfish.
The questions on the quiz were pretty reasonable. However, I know plenty of adults who probably wouldn't pass. I find that there's a divide...around the age of 30 right now...between people who use social networking sites and those who don't. That means that there's a considerable need to educate parents, not just kids.
Based on the occasional hysteria over MySpace, many adults either assume that merely being on MySpace makes you a target for predators or on the other hand that kids implicitly know how to manage themselves. Like many things, the truth is somewhere in the middle - if you're reasonably careful, you can interact with people safely online. However, there are a few precautions to take.
I've just started cracking a few books on AJAX and I think this book avoided the libraries you mentioned for a couple of reasons.
*The book's goal is to teach you how AJAX actually works through coding JavaScript and JAVA in a sampleproject. GWT (I'm not real familiar with ECHO) very much abstracts what's going on at the browser level. In short, you could make AJAX apps with GWT, but you wouldn't really learn how AJAX apps function. For the purposes of illustratring how AJAX works, the libraries in something like Dojo work better.
*There is a surfeit of libraries and tools for AJAX. I've seen plenty of books that just catalog libraries; unfortunately, that broad coverage tends to keep you from using the technology in depth. If anything, until you start using one set of tools, you never really know what best suits your needs. It seems like it doesn't focus on just one toolkit anyway.
In short, the books gives you exposure to a few different libraries as you work through the projects so you can make a more informed choice later when looking at tools like GWT.
I was the first among my friends to get World of Warcraft. However, two friends (a Diablo II Mac player and another who never bought a single game) have gotten it and are as avid players as me if not more so. Unlike other games, there is a very strong cooperative play aspect to the game along with some great game content. Also, you don't have to have exceptional eye-hand coordination to play it (though it helps with certain classes in PvP). In that respect, I think that WoW has attracted many people who wouldn't normally play games - MMO or otherwise.
On the other hand, I don't think they're more likely to buy other games now.
Cannibalizing their own playerbase has to be a big concern for Blizzard. When the expansion pack comes out later this year, that will give the hardcore players a few more months of play. I doubt they would do anything to distract from marketing that release.
My guess is you won't see a different MMORPG from Blizzard for a couple of more years - depending on how WoW subscriptions go.
A friend of mine's IPod died after it fell out of his cart into a rain filled gutter. He let his one-year-old daughter play with it. She would shake it around and drop it on the carpet repeatedly. After she was done playing with it, he picked it up and hit the play button. It worked!
My guess is that his daughter managed to shake it just enough to fix whatever was loose without knocking something else out of place. Of course, he doesn't let her play with the iPod anymore.
Actually, I wouldn't say it's a "dumbing down" as much as a "one size fits all" approach in public schools. Ideally, schools should help all students approach their potential. If you have the potential to be an auto mechanic and end up flipping burgers, the school has failed as much as if you could have been a computer scientist but end up as an auto mechanic. I say this because there isn't just a shortage in computer science grads but there's a shortage of qualified candidates for non-degree technical jobs such as heavy equipment operators, electricians and auto mechanics.
It seems that most high schools are geared to creating candidates for lightweight business degrees through rote learning. Can't sit still and would rather work with your hands? Too bad! Want to be learn on your own and study advanced math and science? Tough luck!
Ahab: LFM [White Whale] need rezzers pst