I like the integration of Buzz and Reader. In fact I would rather buzz be *part of* reader, a way to drop in comments that aren't actually links, without having to run a blog. I would like to have a single set of followers and followees.
It makes more sense.
In fact, I had forgotten about reader until buzz made me aware of it:
``I wasn't a Google Reader user until the whole "buzz" thing started. I hadn't quite "got" Google Reader, the guy who first showed reader to me had a zillion feeds and I looked at it and didn't imagine having enough time to actually read something like that.
Then I got into Buzz, and started seeing Reader coming in, and started reading reader. And saw that my friend had a reader feed, so I subscribed to that...
So I guess I was at least a potential Google Reader user. But I was a Buzz user first.''
Not even Microsoft gets things wrong 100% of the time.
I am not sure that the actual algorithm and heuristics that Vista/Seven use is ideal... there are reports of cached applications causing page-outs of running programs working set... but the principle of using "free" memory as a cache is completely sound.
Cross site scripting attacks can also be prevented by encapsulation and encoding. Do not allow HTML to be inserted into forms and fields: completely encode the text (using & etc...) and if you want to allow people to mark up the content use a markup language you control.
Yes, Slashdot, I'm talking to you. It's a bear entering text into Slashdot if you want to refer to markup (I had to use &amp; up there). If Slashdot used something like [i]bbcode[/i] where sloppy whitelisting wouldn't do anything but leave extra bracketed commands around to look funny, and encapsulated HTML <tags> on input, it would be much easier to use.
Improper Sanitization of Special Elements used in an OS Command
The best solution is not "sanitization" (which people usually perform by blocking or editing out what THEY think are dangerous metacharacters) but proper encapsulation. In addition, there's a misleading section here:
For example, in C, the system() function accepts a string that contains the entire command to be executed, whereas execl(), execve(), and others require an array of strings, one for each argument. In Windows, CreateProcess() only accepts one command at a time. In Perl, if system() is provided with an array of arguments, then it will quote each of the arguments.
Execl() is not a "C" API, it's a UNIX API. It doesn't involve quoting. On a UNIX system, you can safely take advantage of this mechanism to pass parameters and bypass either shell or application quoting inconsistencies. On Windows, even if your program is in Perl and you pass system() an array of arguments, Perl is still at the mercy of the called program to correctly parse the quoted string it gets from CreateProcess()... *unless* you are operating under the POSIX subsystem or a derivitive like Interix.
In addition, whether you quote your arguments, use execl(), or use a smart wrapper like Perl's system(), you still need to ensure that COMMAND level metacharacters (like the leading dash (on UNIX) or slash (on Windows) of an option string) are properly handled.
This latter problem may remain even if you pass the command arguments through a configuration file to avoid the possibility of shell metacharacters being exploited.
Whitelists can't be simplistic. You can't ban the use of "-" in email addresses, for example. Encoding is better.
And it happened that nobody else in the entire world was following any of these people on FB? OK, I could see that, but the real takeaway here is "check facebook and twitter for SOSes", not "make sure you have FB on your home page".
It's not that it shows up in the gmail interface, that's fine. It's that it also sends followups to your Inbox if you "like" or "comment" on a message. That happens whether you have buzz in your interface or not.
It's as if Facebook didn't give you a way to turn off notifications going to email.
I'd add every mouse and keyboard under Jobs. The last decent keyboard Apple made was the Extended-II, and their passive-aggressive fight with the second mouse button has sold a lot of Microsoft mice to Mac users (no, there's no clue-anticlue explosion when you plug it in).
Oh, and the first and second generation iPod shuffles were great products. The current model... yeesh, I hope they wise up and put he controls back on the case for the next version.
Law of unintended consequences - they cut off chat for something pretty minor (using chat when sitting next to each other - that's "abuse"?) and created a much bigger problem.
Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.
Boo Hoo, you won't be able to use Spotlight on your encfs.
Any application that actually *depends on* extended attributes should be shot. File system metadata... even such commonplace metadata as the file name... is inherently fragile, and should only be used as a convenience and depended on as a last resort.
Non-512-byte sectors first showed up with some early CD-R drives, which used 2k blocks. I also had to deal with Sun SCSI drives requiring non-512-byte blocks back in the '90s. Non-512-byte block size didn't magically become an issue in 2006.
Twelve, almost thirteen years of dealing with the fallout of Microsoft's fundamentally flawed "security zones" model makes that "reality", not "bigotry".
My point was after someone did something, they will think it the right thing, even if it takes some massively twisted internal logic, because people inherently believe themselves to be good.
I had a very strange conversation with someone who thought like you after I got a speeding ticket. I was only speeding for a few minutes while I was overtaking a truck that was driving erratically, but I *was* speeding. I didn't *need* to pass that truck, I could have fallen back and waited until a better time to pass. I would rather not pay that ticket, but that doesn't mean I wasn't *wrong*.
They thought this was a weird way to think.
Now if the fine for speeding was a million bazillion dollars, I would DEFINITELY argue that it was unreasonable, but that's a whole different dimension.
So I follow the link to Bing world-wide telescope.
This page requires Silverlight 3.
No thanks.
1. I have enough trouble with two CPU-intensive web plugin environments. 2. If I wanted to take on the risk of Microsoft's security models, I'd be running Windows.
You don't need to share your top email contacts to use Buzz. The people you WANT to share "buzz" with may not even be the top email contacts. So it's not something anyone would expect for "creating a profile" to include sharing this information, and sharing them may be a risk.
Therefore, whether you have created a profile or not, it should be off by default and only enabled by explicit action, not on by default and only disabled by unchecking a box when you create the profile.
So I don't think they actually understand the problem, or fixed it.
And I know most of/. probably got beaten up on the school bus, but that was also a part of finding our social circle and knowing how to behave around jocks and other idiots.
And part of that was jocks learning how to behave around normal people. I've had bosses who were jocks. Did they beat me up? No, they asked me for advice, 'cos that's what they were paying me for. One of the ways they learned that was by being around people who were actually doing geek stuff when they didn't have to.
Learning that you don't have to be a rowdy yobbo to have fun is useful. Who knows, maybe some of them will actually discover that it's handy to have a few geeks in their social circle earlier in life.
Here's the problems, so far as I can tell from the back-and-forth:
1. Google Buzz is opt-out. 2. Google Buzz treats gmail contacts as "friends". 3. Google Buzz exposes "friends" in your profile. This is also opt-out.
This means that people who have never interacted with Buzz at all *already* have had their privacy exposed. And people who *have* interacted with buzz may not know about the problem.
How do you fix this? Well, you can't "unsee" things on the Internet, so they can't undo any compromises that have happened as a result of this exposure, but they could block everyone's friends lists and make everyone opt in again. Have they done that? I still see Buzz showing up in my list of filters, and the option to display friends is still opt-out. Making it more obvious IF YOU GO LOOKING FOR IT doesn't change the fact that it's on by default.
Slashdot Mirror
I like the integration of Buzz and Reader. In fact I would rather buzz be *part of* reader, a way to drop in comments that aren't actually links, without having to run a blog. I would like to have a single set of followers and followees.
It makes more sense.
In fact, I had forgotten about reader until buzz made me aware of it:
``I wasn't a Google Reader user until the whole "buzz" thing started. I hadn't quite "got" Google Reader, the guy who first showed reader to me had a zillion feeds and I looked at it and didn't imagine having enough time to actually read something like that.
Then I got into Buzz, and started seeing Reader coming in, and started reading reader. And saw that my friend had a reader feed, so I subscribed to that...
So I guess I was at least a potential Google Reader user. But I was a Buzz user first.''
Not even Microsoft gets things wrong 100% of the time.
I am not sure that the actual algorithm and heuristics that Vista/Seven use is ideal... there are reports of cached applications causing page-outs of running programs working set... but the principle of using "free" memory as a cache is completely sound.
Cross site scripting attacks can also be prevented by encapsulation and encoding. Do not allow HTML to be inserted into forms and fields: completely encode the text (using & etc...) and if you want to allow people to mark up the content use a markup language you control.
Yes, Slashdot, I'm talking to you. It's a bear entering text into Slashdot if you want to refer to markup (I had to use &amp; up there). If Slashdot used something like [i]bbcode[/i] where sloppy whitelisting wouldn't do anything but leave extra bracketed commands around to look funny, and encapsulated HTML <tags> on input, it would be much easier to use.
Improper Sanitization of Special Elements used in an OS Command
The best solution is not "sanitization" (which people usually perform by blocking or editing out what THEY think are dangerous metacharacters) but proper encapsulation. In addition, there's a misleading section here:
Execl() is not a "C" API, it's a UNIX API. It doesn't involve quoting. On a UNIX system, you can safely take advantage of this mechanism to pass parameters and bypass either shell or application quoting inconsistencies. On Windows, even if your program is in Perl and you pass system() an array of arguments, Perl is still at the mercy of the called program to correctly parse the quoted string it gets from CreateProcess()... *unless* you are operating under the POSIX subsystem or a derivitive like Interix.
In addition, whether you quote your arguments, use execl(), or use a smart wrapper like Perl's system(), you still need to ensure that COMMAND level metacharacters (like the leading dash (on UNIX) or slash (on Windows) of an option string) are properly handled.
This latter problem may remain even if you pass the command arguments through a configuration file to avoid the possibility of shell metacharacters being exploited.
Whitelists can't be simplistic. You can't ban the use of "-" in email addresses, for example. Encoding is better.
And it happened that nobody else in the entire world was following any of these people on FB? OK, I could see that, but the real takeaway here is "check facebook and twitter for SOSes", not "make sure you have FB on your home page".
What's the Android spin, that he happened to notice the message because of the app running on his home screen?
It's not that it shows up in the gmail interface, that's fine. It's that it also sends followups to your Inbox if you "like" or "comment" on a message. That happens whether you have buzz in your interface or not.
It's as if Facebook didn't give you a way to turn off notifications going to email.
I must really be getting old
Could be. Could be.
like something ripped straight from the bowels of an A.D.D. teen populated forum.
This is Slashdot.
What's up with two posts from two supposedly different people in the same thread wanting to "kill it with fire?"
Results 1 - 10 of about 39,000,000 for "kill it with fire". (0.24 seconds)
But that may be because I'm only following people I actually know, and a few of the more lucid friends of theirs.
Who on earth are you following that are spamming you, and why are you following them?
It's worse.
I've been seeing Buzz showing up in Inbox, if I've replied to someone's comment and someone replies to THAT.
I'd add every mouse and keyboard under Jobs. The last decent keyboard Apple made was the Extended-II, and their passive-aggressive fight with the second mouse button has sold a lot of Microsoft mice to Mac users (no, there's no clue-anticlue explosion when you plug it in).
Oh, and the first and second generation iPod shuffles were great products. The current model... yeesh, I hope they wise up and put he controls back on the case for the next version.
Law of unintended consequences - they cut off chat for something pretty minor (using chat when sitting next to each other - that's "abuse"?) and created a much bigger problem.
Hey, friend, swivelling cameras like that have been around on laptops and handhelds for years.
Eg, Sony TR3A.
Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.
Boo Hoo, you won't be able to use Spotlight on your encfs.
Any application that actually *depends on* extended attributes should be shot. File system metadata... even such commonplace metadata as the file name... is inherently fragile, and should only be used as a convenience and depended on as a last resort.
Non-512-byte sectors first showed up with some early CD-R drives, which used 2k blocks. I also had to deal with Sun SCSI drives requiring non-512-byte blocks back in the '90s. Non-512-byte block size didn't magically become an issue in 2006.
Twelve, almost thirteen years of dealing with the fallout of Microsoft's fundamentally flawed "security zones" model makes that "reality", not "bigotry".
My point was after someone did something, they will think it the right thing, even if it takes some massively twisted internal logic, because people inherently believe themselves to be good.
I had a very strange conversation with someone who thought like you after I got a speeding ticket. I was only speeding for a few minutes while I was overtaking a truck that was driving erratically, but I *was* speeding. I didn't *need* to pass that truck, I could have fallen back and waited until a better time to pass. I would rather not pay that ticket, but that doesn't mean I wasn't *wrong*.
They thought this was a weird way to think.
Now if the fine for speeding was a million bazillion dollars, I would DEFINITELY argue that it was unreasonable, but that's a whole different dimension.
So I follow the link to Bing world-wide telescope.
This page requires Silverlight 3.
No thanks.
1. I have enough trouble with two CPU-intensive web plugin environments.
2. If I wanted to take on the risk of Microsoft's security models, I'd be running Windows.
Google Buzz, an add-on to Gmail that some have compared most closely to Sharepoint, one of Microsoft's enterprise tools.
Whiskey Tango Foxtrot, over?
Sharepoint is like a corporate wiki. It's got more in common with Google Wave... in fact Wave is like a cross between Sharepoint and OneNote.
No, because the individual questions and answers are copyrightable because they are NOT simply facts.
You don't need to share your top email contacts to use Buzz. The people you WANT to share "buzz" with may not even be the top email contacts. So it's not something anyone would expect for "creating a profile" to include sharing this information, and sharing them may be a risk.
Therefore, whether you have created a profile or not, it should be off by default and only enabled by explicit action, not on by default and only disabled by unchecking a box when you create the profile.
So I don't think they actually understand the problem, or fixed it.
And I know most of /. probably got beaten up on the school bus, but that was also a part of finding our social circle and knowing how to behave around jocks and other idiots.
And part of that was jocks learning how to behave around normal people. I've had bosses who were jocks. Did they beat me up? No, they asked me for advice, 'cos that's what they were paying me for. One of the ways they learned that was by being around people who were actually doing geek stuff when they didn't have to.
Learning that you don't have to be a rowdy yobbo to have fun is useful. Who knows, maybe some of them will actually discover that it's handy to have a few geeks in their social circle earlier in life.
I *thought* that welcome page meant it was opt-in too. And told it to take me straight to my email. Buzz still showed up in my list of filters.
Here's the problems, so far as I can tell from the back-and-forth:
1. Google Buzz is opt-out.
2. Google Buzz treats gmail contacts as "friends".
3. Google Buzz exposes "friends" in your profile. This is also opt-out.
This means that people who have never interacted with Buzz at all *already* have had their privacy exposed. And people who *have* interacted with buzz may not know about the problem.
How do you fix this? Well, you can't "unsee" things on the Internet, so they can't undo any compromises that have happened as a result of this exposure, but they could block everyone's friends lists and make everyone opt in again. Have they done that? I still see Buzz showing up in my list of filters, and the option to display friends is still opt-out. Making it more obvious IF YOU GO LOOKING FOR IT doesn't change the fact that it's on by default.