Hint: they failed. They've been providing an Alternate DNS Root for over a decade, and now they resort to a browser plugin as they couldn't convince any ISPs to include their roots in local resolvers.
"StartSSL is the trade mark of the StartCom Certification Authority"
Look for StartCom in your list; it is there. If you want the "green identity" on the address bar, you need an EV (extended validation) cert. Supported browser list at the bottom of the page.
If you are using firefox, you should do this to make non-EV certs "stand out":
about:config
browser.identity.ssl_domain_display > 2
Exactly. Most organizations use an internal domain name (e.g. slash-corp.net), or a sub-domain of their primary domain (e.g. int.slashdot.org). So simply wildcard that domain, (*.int.slashdot.org) then use the same cert everywhere (dev1.int.slashdot.org, prod2.int.slashdot.org). You'll have to copy the private key with the cert, but then you only have one piece of data to manage.
You can get a GeoTrust / VeriSign wildcard cert for 6 years. No browser / client modifications necessary.
Stop spreading the old Java FUD. Please do some research if you feel so strongly about how someone else chooses to do their work. I don't care what languages you use, why should you care what I use?
My leather golf gloves work great on a samsung galaxy S capacitive touch screen, but _not_ on the capacitive buttons below the screen, which is a bummer for switching applications.
But you still need to memorize _some_ of the qwerty layout, from a visual perspective. (my hands have it memorized on a normal keyboard). When Swyping, my finger or thumb blocks letters near it. I do agree that you don't have to memorize any gestures.
(I realize that this girl probably would have killed her baby anyway as she didn't know not to shake it; whether the baby interrupted a game, tv, or a texting/phone conversation. Sad for sure.)
Correct, RequestPolicy doesn't stop the same domain, but it can block 3rd party access.
Until you allow a 3rd party site (like a major one such as facebook/google/etc). Which is just like the other whitelisting methods, except you can't clear the EverCookie by expunging select cookies/LSOs. You are forced to clear your entire history and file cache.
What sucks about the EverCookie is that there is no browser extension to selectively block or clear history or cache; so to clear them, you have to wipe everything.
That said, keeping a hard stance against even temporarily allowing remote scripts in RequestPolicy and NoScript is your best bet. Unfortunately, 3rd party scripts are nearly required these days. (E.g. loading jquery from googleapis, which could set an EverCookie.)
The problem with that method is that you still have to clear your entire cache (specifically PNG files and HTML5 local storage, though you can't pick and choose) AND browser history, even when using privacy enhancing extensions. Samy's method uses external sites for the browser history hack, but it could easily use the same domain.
I'm one of the few that likes the 'awesome bar' and I rarely use bookmarks anymore as history serves my needs, and is quicker from the keyboard too. (Versus a hierarchy of bookmarks I must mouse through.)
Perhaps we need a whitelist like system for storing history and disk cache... only allow the sites we need/want to trust.
How does that prevent HTML5 local storage? How about the BrowserHistory storage? (e.g. domain/path/unique/1st-byte, domain/path/unique/2nd-byte, etc.) And CSS history storage? The most ingenious method is PNG RBG value storage! You block all images too?
I use NoScript (but I still temp-allow the primary site, otherwise why browse at all), CookieMonster in whitelist-only mode, and BetterPrivacy to delete flash LSOs on startup and shutdown. This still does not prevent the Ever Cookie.
Seems like Python would be the obvious second language to be compiled to Dalvik bytecode.
See this thread from back in 2008 before Android even shipped.
Linked at the bottom of that thread are the Dalkvik VM docs (link updated to head).
Also is a Stack Overflow post that links to many methods for Python and scripting languages to create Android apps. (Though some methods like Jython are still using Java.)
Some libraries are monstrous and require loading the full (even if compressed) feature set.
However, MooTools is highly modularized. It lets you pick and choose which parts of the total library you need. Many MooTools Add-ons will explicitly list the sections of the library needed.
If you feel it is better to re-write parts of a library, then either choose another or contribute your superior code back to the community.
What I wanted to learn from this review is, why should I do anything in pure JavaScript instead of using a JS library like jQuery? What are some recipes that are simpler in this cookbook than finding a jQuery example on StackOverflow?
I suppose built-in data structures, looping, and math is independent of a library, but why would you ever do form manipulation, DOM manipulation, or ajax without using jQuery (or your favorite js lib)?
In addition to measuring bytes transacted per bytes of information rendered, how about connection counts too?
Those 20 external javascripts, and the 15 CSS documents (including @import), and the 40 images, all requested from several domains and multiple subdomains requires a ton of DNS lookups as well as TCP connections.
HTTP/1.1 helped solve the multiple request problem by enabling keep-alives. But if you request a resource from a different domain/subdomain, they obviously don't help.
Like others have said on this thread, simply using NoScript opens your eyes to the bloat of third party resource fetching.
Slashdot Mirror
No, you are not safe. It is trivial for someone between you and ns*.opendns.ch to intercept the DNS response and modify it.
Only DNSSEC can save you here.
Ask new.net how successful they are?
Hint: they failed. They've been providing an Alternate DNS Root for over a decade, and now they resort to a browser plugin as they couldn't convince any ISPs to include their roots in local resolvers.
If you bothered to visit the site, they say:
"StartSSL is the trade mark of the StartCom Certification Authority"
Look for StartCom in your list; it is there. If you want the "green identity" on the address bar, you need an EV (extended validation) cert. Supported browser list at the bottom of the page.
If you are using firefox, you should do this to make non-EV certs "stand out":
about:config
browser.identity.ssl_domain_display > 2
Exactly. Most organizations use an internal domain name (e.g. slash-corp.net), or a sub-domain of their primary domain (e.g. int.slashdot.org). So simply wildcard that domain, (*.int.slashdot.org) then use the same cert everywhere (dev1.int.slashdot.org, prod2.int.slashdot.org). You'll have to copy the private key with the cert, but then you only have one piece of data to manage.
You can get a GeoTrust / VeriSign wildcard cert for 6 years. No browser / client modifications necessary.
Whatever happened to "nice-ing" processes? Couldn't the menu icon that launches VLC or mplayer or whatever re-nice itself a few negative steps?
Even a $300 / yr EV cert is cheap for the top 100 internet properties.
Stop spreading the old Java FUD. Please do some research if you feel so strongly about how someone else chooses to do their work. I don't care what languages you use, why should you care what I use?
This is a mature 3D library + engine:
http://www.jmonkeyengine.com/engine-core/
My leather golf gloves work great on a samsung galaxy S capacitive touch screen, but _not_ on the capacitive buttons below the screen, which is a bummer for switching applications.
Uh, it sure would be nice to unlock the screen and answer a call with gloves on.
Some of us are outside for long periods of time, even when it is quite cold.
But you still need to memorize _some_ of the qwerty layout, from a visual perspective. (my hands have it memorized on a normal keyboard). When Swyping, my finger or thumb blocks letters near it. I do agree that you don't have to memorize any gestures.
Not only that, but his disguise was a woman!
The only difference is that in Civ III I get to kill people.
And in Farmville, people kill you!.
(I realize that this girl probably would have killed her baby anyway as she didn't know not to shake it; whether the baby interrupted a game, tv, or a texting/phone conversation. Sad for sure.)
Correct, RequestPolicy doesn't stop the same domain, but it can block 3rd party access.
Until you allow a 3rd party site (like a major one such as facebook/google/etc). Which is just like the other whitelisting methods, except you can't clear the EverCookie by expunging select cookies/LSOs. You are forced to clear your entire history and file cache.
What sucks about the EverCookie is that there is no browser extension to selectively block or clear history or cache; so to clear them, you have to wipe everything.
That said, keeping a hard stance against even temporarily allowing remote scripts in RequestPolicy and NoScript is your best bet. Unfortunately, 3rd party scripts are nearly required these days. (E.g. loading jquery from googleapis, which could set an EverCookie.)
Exactly. We need to prevent the storage in the first place, just like CookieMonster does in whitelist-mode, not clean it up later.
The problem with that method is that you still have to clear your entire cache (specifically PNG files and HTML5 local storage, though you can't pick and choose) AND browser history, even when using privacy enhancing extensions. Samy's method uses external sites for the browser history hack, but it could easily use the same domain.
I'm one of the few that likes the 'awesome bar' and I rarely use bookmarks anymore as history serves my needs, and is quicker from the keyboard too. (Versus a hierarchy of bookmarks I must mouse through.)
Perhaps we need a whitelist like system for storing history and disk cache... only allow the sites we need/want to trust.
How does that prevent HTML5 local storage? How about the BrowserHistory storage? (e.g. domain/path/unique/1st-byte, domain/path/unique/2nd-byte, etc.) And CSS history storage? The most ingenious method is PNG RBG value storage! You block all images too?
I use NoScript (but I still temp-allow the primary site, otherwise why browse at all), CookieMonster in whitelist-only mode, and BetterPrivacy to delete flash LSOs on startup and shutdown. This still does not prevent the Ever Cookie.
Did anyone here read the original documentation?
Uvumi is a small, but growing community of artists of varying genres:
http://www.uvumi.com/
Check out the Playlists contributed by users, as well as the Charts (based on user playback).
Isn't Liferay a "portlet" system? It has a rich feature set, but it's also complicated. If all they need is a wiki, I wouldn't recommend Liferay.
Seems like Python would be the obvious second language to be compiled to Dalvik bytecode.
See this thread from back in 2008 before Android even shipped.
Linked at the bottom of that thread are the Dalkvik VM docs (link updated to head).
Also is a Stack Overflow post that links to many methods for Python and scripting languages to create Android apps. (Though some methods like Jython are still using Java.)
Absolutely. If you need a cookbook of recipes to copy/paste to solve some JavaScript problems, research jQuery instead.
Some libraries are monstrous and require loading the full (even if compressed) feature set.
However, MooTools is highly modularized. It lets you pick and choose which parts of the total library you need. Many MooTools Add-ons will explicitly list the sections of the library needed.
If you feel it is better to re-write parts of a library, then either choose another or contribute your superior code back to the community.
What I wanted to learn from this review is, why should I do anything in pure JavaScript instead of using a JS library like jQuery? What are some recipes that are simpler in this cookbook than finding a jQuery example on StackOverflow?
I suppose built-in data structures, looping, and math is independent of a library, but why would you ever do form manipulation, DOM manipulation, or ajax without using jQuery (or your favorite js lib)?
In addition to measuring bytes transacted per bytes of information rendered, how about connection counts too?
Those 20 external javascripts, and the 15 CSS documents (including @import), and the 40 images, all requested from several domains and multiple subdomains requires a ton of DNS lookups as well as TCP connections.
HTTP/1.1 helped solve the multiple request problem by enabling keep-alives. But if you request a resource from a different domain/subdomain, they obviously don't help.
Like others have said on this thread, simply using NoScript opens your eyes to the bloat of third party resource fetching.
Look at the script nodes and domain counts from the table half-way down in this article: http://www.schillmania.com/content/entries/2009/browser-performance-cost-of-social-media/
Uh, how hard is it NOT to escape your output?
Maybe it's difficult to sanitize all of your input, fine. So simply escape it properly on output.
It's the same thing with SQL injection mitigation: simply use prepared statements and you don't need to worry about the user's input. (Mostly)
Google's AdWords platform supposedly uses MySQL.