It's only misleading if you consider the world wide web to include sites that aren't available without third-party plugins. If so, then what about ActiveX plugins, and Silverlight, and Quicktime VRML, and Acrobat, and SafeTCL, and Processing, and Silverlight, and Firefox extensions, and Lively, and plugins that require SVGA or larger displays... what's "the whole internet" anyway?
I've run into all kinds of "kiosk" applications on every platform where this kind of bug exists, from bulletin board systems using applications with shell escapes in the '70s and '80s through "telnet:" URLs in restricted freenix front ends to embedded browsers on dektop operating systems. You can also use similar tricks to get past Apple's kiosk attract mode on Macs in computer stores, an I've run into them in a number of PC vendor demo modes over the years.
When you build a sandbox you have to build it from the inside out. Never introduce anything to the sandbox unless you are absolutely certain that it doesn't have a backdoor. Not "unless you are certain you can close the backdoors"... sandbox programs have to be built around a model that "fails closed"... any action that increases privileges must require an explicit action from outside the program (such as installing a plugin). The amount of effort to build a sandbox out of components that default to an open mode and need to be "locked down" is so much greater that it's easier to reinvent the wheel than patch up the wrong kind of wheel to fit.
including such things as utilizing specific instruction sets for given architectures and fine tuning the compile based on run time statistics
1. That's a nice theory but in practice JIT implementations of interpreters are not actually anywhere near as fast as compilers for real world workloads.
2. When performance is critical (or even if you only THINK it's critical, see "Gentoo Linux"), compilers can use the same techniques, and still take advantage of the better regional and global optimizations they can do... see Intel's compiler for the IA64 architectures for an extreme example.
3. Improvements in local optimization are nice, but unless you're running on something like Itanium regional optimizations trump local ones. And if you are, regional optimizations STILL trump local ones.
4. Finally, when you're REALLY up against a wall, there's JIT recompilation.
I'm a Mac user, I've had my share of "Road Apples" over the years, and I say the conventional wisdom that Apple makes "great" hardware is pure and unadulterated horse exhaust.
I'd like a legal "crappy mac clone" much more than my crappy Macs, but that doesn't change the fact that Psystar's got no legs to stand on... and it's up to Apple, and not Psystar, to shut down the reality distortion field.
When you get an Apple labeled computer and run the Apple labeled operating system on it, it works like a mortal luser would expect it to.
Unless you have a first generation Macbook Pro, or any other of the many "Road Apples" that have shipped with that "Designed in the US by Apple" label.
Apple's hardware is as prone to faults as any other "tier 1" product. It has had compatibility problems with graphic cards and chipsets, it has put people through years of patches, like the people who got their original G3 PCI bridge chipset. The first couple of generations of OS X had HUGE problems, and they've put a lot of work into the OS making it stable... and control of the hardware is not the most important part of how they did it.
So while I know that "conventional wisdom" says that the high level of integration is why it's stable, I think that "conventional wisdom" has a selective memory.
I don't remember enough about the circumstances to know if it may apply here.
No.
IBM was the dominant player in the computer business. Apple has 7.5% of the US home market, less outside the US, and a negligible amount of the business market.
Much as I would love to run OS X on a Thinkpad, nobody sane is going to say that Apple is a monopoly.
I don't think you can credit Bjarne with "compiled code is faster than interpreted code" (or the 21st century version: "compilers can perform better optimizations that JIT translators").
C++ happens to be the most popular fully compiled language, having edged Fortran out of that position some time near the end of the last century.
Back in the early '80s, when he was coming up with C++, the big Fortran savants were saying stuff like "Fortran is bigger than ever. There are more than X million Fortran programmers. Everywhere I look there has been an uprising... a lot of teaching was going to Pascal, but more are teaching Fortran again. There has been a backlash."
----
And that's not the only thing C++ has in common with Fortran, either.
I fail to see why everyone hasnt adopted ad blockers
Because many of us don't object to ads that are actually supporting the content we're using, so long as they don't make it harder to view that content.
So I vote with my eyeballs. I block popups and flash, not because they're ads, but because they're bad behavior that gets in the way. I can't block those in-page popups, so I just quit using sites that don't let me disable them... and let them know that.
I know this makes me insufficiently fanatical for slashdot. Tough.
Maybe they mean the end of the mayan calendar long cycle? That gives them until 2012. Though that doesn't leave much time to recover the costs before the end of the world.
I like one thing FF3 does that previous versions didn't - local certificate caching.
That's how it should be done (and how I've been suggesting it for years), except it should be handled similarly to the way SSH does it. I think there's 6 cases to consider:
1. First time, if and only if you have not seen a certificate for that site before: "This is a self-signed certificate. Click here to accept it once, click here to accept it every time."
2. If a different self-signed certificate shows up, whether or not you selected 'accept it every time', "This certificate has changed. Someone may be attempting to trick you... etc etc etc...".
3. If a CA-certified certificate shows up, and it had previously been self-signed, a similar warning, but less severe.
4. If a CA-signed certificate changes, tell the user that too, but informationally... not as a warning.
5. Don't notify for a new CA-signed certificate at all.
6. If a self-signed certificate shows up where a CA-signed certificate had previously shown up, THEN you pull out all the stops and require the folderol Firefox does right now. That's the case you REALLY have to watch for.
Well, slashdot is more informal than most newspapers.
What part of "or blog" is hard to understand.
Also, you could simply not read the reviews.
If I can't depend on slashdot actually restricting the front page to stuff that at least *someone* thinks "matters" (it's clear that not even the reviewer did) then it's less useful.
I think a better point is that in some way, they are entertaining you
In your dreams. I'm here because I had hoped that after a few cycles of this crap they'd quit posting it, but it's obvious that I gave Taco too much credit and ignoring it won't make it go away.
Crying wolf by making people jump through hoops for self-signed sites doesn't stop MiTM attacks, it just trains people to ignore warnings about self-signed certs. This is a scheme for adding a kind of web of trust to the "is this the same certificate as last time" check. It's a good idea, but it shouldn't be conflated with the Firefox overreaction to self-signed certs.
Mod parent up funny?
I could see a domain parker scripting an automated "clicker upper" program to promote their spam.
It's only misleading if you consider the world wide web to include sites that aren't available without third-party plugins. If so, then what about ActiveX plugins, and Silverlight, and Quicktime VRML, and Acrobat, and SafeTCL, and Processing, and Silverlight, and Firefox extensions, and Lively, and plugins that require SVGA or larger displays... what's "the whole internet" anyway?
I've run into all kinds of "kiosk" applications on every platform where this kind of bug exists, from bulletin board systems using applications with shell escapes in the '70s and '80s through "telnet:" URLs in restricted freenix front ends to embedded browsers on dektop operating systems. You can also use similar tricks to get past Apple's kiosk attract mode on Macs in computer stores, an I've run into them in a number of PC vendor demo modes over the years.
When you build a sandbox you have to build it from the inside out. Never introduce anything to the sandbox unless you are absolutely certain that it doesn't have a backdoor. Not "unless you are certain you can close the backdoors"... sandbox programs have to be built around a model that "fails closed"... any action that increases privileges must require an explicit action from outside the program (such as installing a plugin). The amount of effort to build a sandbox out of components that default to an open mode and need to be "locked down" is so much greater that it's easier to reinvent the wheel than patch up the wrong kind of wheel to fit.
Self-signed certificates are a security risk to virtually any normal user.
That's the conventional wisdom, and yet all SSH keys are self-signed, and MiTM attacks on SSH are really obvious.
The major security risk from self-signed certificates is a result of designing SSL to make self-signed certificates risky.
When spacecuube meets timecube, we're off to the 8th dimension for a hell of a party!
including such things as utilizing specific instruction sets for given architectures and fine tuning the compile based on run time statistics
1. That's a nice theory but in practice JIT implementations of interpreters are not actually anywhere near as fast as compilers for real world workloads.
2. When performance is critical (or even if you only THINK it's critical, see "Gentoo Linux"), compilers can use the same techniques, and still take advantage of the better regional and global optimizations they can do... see Intel's compiler for the IA64 architectures for an extreme example.
3. Improvements in local optimization are nice, but unless you're running on something like Itanium regional optimizations trump local ones. And if you are, regional optimizations STILL trump local ones.
4. Finally, when you're REALLY up against a wall, there's JIT recompilation.
It's a sad thing when a mother has to spend her golden years sitting in a pine tree.
I'm a Mac user, I've had my share of "Road Apples" over the years, and I say the conventional wisdom that Apple makes "great" hardware is pure and unadulterated horse exhaust.
The cable company is a local monopoly. If they weren't, they wouldn't be forced to do anything.
Apple has at most 7.5% of PART of the market.
It's not any kind of monopoly.
Next?
I'd like a legal "crappy mac clone" much more than my crappy Macs, but that doesn't change the fact that Psystar's got no legs to stand on... and it's up to Apple, and not Psystar, to shut down the reality distortion field.
When you get an Apple labeled computer and run the Apple labeled operating system on it, it works like a mortal luser would expect it to.
Unless you have a first generation Macbook Pro, or any other of the many "Road Apples" that have shipped with that "Designed in the US by Apple" label.
Apple's hardware is as prone to faults as any other "tier 1" product. It has had compatibility problems with graphic cards and chipsets, it has put people through years of patches, like the people who got their original G3 PCI bridge chipset. The first couple of generations of OS X had HUGE problems, and they've put a lot of work into the OS making it stable... and control of the hardware is not the most important part of how they did it.
So while I know that "conventional wisdom" says that the high level of integration is why it's stable, I think that "conventional wisdom" has a selective memory.
I don't remember enough about the circumstances to know if it may apply here.
No.
IBM was the dominant player in the computer business. Apple has 7.5% of the US home market, less outside the US, and a negligible amount of the business market.
Much as I would love to run OS X on a Thinkpad, nobody sane is going to say that Apple is a monopoly.
I don't think you can credit Bjarne with "compiled code is faster than interpreted code" (or the 21st century version: "compilers can perform better optimizations that JIT translators").
C++ happens to be the most popular fully compiled language, having edged Fortran out of that position some time near the end of the last century.
Back in the early '80s, when he was coming up with C++, the big Fortran savants were saying stuff like "Fortran is bigger than ever. There are more than X million Fortran programmers. Everywhere I look there has been an uprising... a lot of teaching was going to Pascal, but more are teaching Fortran again. There has been a backlash."
----
And that's not the only thing C++ has in common with Fortran, either.
To me the "Home" logo looks like a virus in the act of infecting a cell.
They really need to come up with something less evil-looking.
I fail to see why everyone hasnt adopted ad blockers
Because many of us don't object to ads that are actually supporting the content we're using, so long as they don't make it harder to view that content.
So I vote with my eyeballs. I block popups and flash, not because they're ads, but because they're bad behavior that gets in the way. I can't block those in-page popups, so I just quit using sites that don't let me disable them... and let them know that.
I know this makes me insufficiently fanatical for slashdot. Tough.
Maybe they mean the end of the mayan calendar long cycle? That gives them until 2012. Though that doesn't leave much time to recover the costs before the end of the world.
I like one thing FF3 does that previous versions didn't - local certificate caching.
That's how it should be done (and how I've been suggesting it for years), except it should be handled similarly to the way SSH does it. I think there's 6 cases to consider:
1. First time, if and only if you have not seen a certificate for that site before: "This is a self-signed certificate. Click here to accept it once, click here to accept it every time."
2. If a different self-signed certificate shows up, whether or not you selected 'accept it every time', "This certificate has changed. Someone may be attempting to trick you ... etc etc etc...".
3. If a CA-certified certificate shows up, and it had previously been self-signed, a similar warning, but less severe.
4. If a CA-signed certificate changes, tell the user that too, but informationally... not as a warning.
5. Don't notify for a new CA-signed certificate at all.
6. If a self-signed certificate shows up where a CA-signed certificate had previously shown up, THEN you pull out all the stops and require the folderol Firefox does right now. That's the case you REALLY have to watch for.
Even if it doesn't matter to me, it matters to someone.
This doesn't matter to enyone.
Not even the reviewer.
Stuff that in your deeply nested bullshit, troll.
Well, slashdot is more informal than most newspapers.
What part of "or blog" is hard to understand.
Also, you could simply not read the reviews.
If I can't depend on slashdot actually restricting the front page to stuff that at least *someone* thinks "matters" (it's clear that not even the reviewer did) then it's less useful.
I think a better point is that in some way, they are entertaining you
In your dreams. I'm here because I had hoped that after a few cycles of this crap they'd quit posting it, but it's obvious that I gave Taco too much credit and ignoring it won't make it go away.
Apparently Perspectives works around the Firefox wolf-crying.
I agree, I was objecting to the categorization of the Firefox behavior as a "solution" in the summary.
That is, this extension and working around the Firefox problem should be seen as separate goals.
Crying wolf by making people jump through hoops for self-signed sites doesn't stop MiTM attacks, it just trains people to ignore warnings about self-signed certs. This is a scheme for adding a kind of web of trust to the "is this the same certificate as last time" check. It's a good idea, but it shouldn't be conflated with the Firefox overreaction to self-signed certs.
/. gets books to review and some of them are awful.
So does every newspaper, magazine, blog, and publisher.
I can count the number of times I've seen any of the above publish a review of a book from their slushpile on the fingers of one hand.
I can count the number of times I've seen any of the above do it twice on the fingers of one foot.
I can vaguely recall seeing one that was worth reading, once, but it was probably by someone like Harlan Ellison.
Tell you what, get someone at Ellison's level to do the next review like this. Or... don't do it.
Please stop putting links to "idle" on the front page.
If it can suck all the hardcore purists into a place where they can quit annoying the rest of us, that'll be great.