If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page
No ifs about it. Javascript has quite a number of mouse dependant event-handlers, onMouseOver, onMouseOut, onMove, onClick, onMouseDown, onMouseUp.
Getting the details back to the server is even easier, just condense mousemovements into a bunch of characters (like Logo commands), stick them into a query string.
Now use a hidden image (a transparent 1x1 gif), useing javascript you can change this object on the fly - change the src attribute of that image to a cgi script, with the query string attached, plus a timestamp (making the url unique, thus not cached). The cgi-script then stores/analyses/ignores the data presented, and returns a status 204 - No change.
Its too simple, really.
On the plus side, hopefully it will convince more and more people to disable Javascript - and then boycott any websites that rely/insist on having it enabled. There's enough sites out there as competition to safely avoid intrusive websites - if not, then there's a niche market you can join.
I agree with the Author that the Open Source community has no choice but to embrace Java. At least that way we will not simply be a M$ copycat.
Why just one direction? Surely the Open Source members outnumber a little Redmond company (in more ways than one). FWIW, Open Source gave the end-user the freedom to choose - so if its a choice between J2EE and.net, surely _both_ is an appropriate choice?
I do like a lot of things in J2EE, I like quite a number of things with.net. I think there's room in the Open Source enviroment for both.
Keep in mind that nearly every law that outlaws hacking is based on "unauthorized access."
Define "unauthorised access". All it takes to run a program on an infected box is an HTTP request. So are all HTTP requests "unauthorised"?
Lets say only "linked" URL's are authorised - so any link you click is okay, but you can't enter http://www.slashdot.org in a location bar of your browser - so authorised HTTP requests must encompass this
So if entering http://www.slashdot.org is authorised, why not http://www.infectedbox.com/cmd.exe?somefunnystring thatdoessomethingonthewebserver ? Since in both cases they are HTTP requests, one could be a static page, but the other is a call to a server-side script.
IMO any HTTP request to a webserver connected to the Internet is authorised unless its explicitly stated otherwise and/or causes visible damage, harm or loss to the website owner - such as a Denial of Service.
My soundcard works fine on the Thinkpad 600e (Linux Mandrake 8.0). Just configure it manually with sndconfig. The autodetect comes up with this Crystal 4280, but choose instead the cs4232 soundcard. Just get all the IRQ, DMA and io settings from ps2.exe before you start.
I used this site as a guide: http://www.pc.ibm.com/qtechinfo/MIGR-4BP6Q6.html?s electarea=SUPPORTbrand=root
In order to advance cleanly and get out of the complete tangle we are in now, something like this has to be done.
Since website's core objective is to deliver information, and looking at the directions of "alternate" technologies, the best way of moving forward would be to push for a clean separation between content and presentation - not just on an HTML/CSS level. More like an XML/XSL level.
Then we kill off all the cross-browser incompatibilities in one swoop by delivering the XML to the client, and the client then decides on the presentation by a customised XSL (since they'd only be interested in the content and buying on-line anyways).
XHTML is already a small step in this direction - since it should be a valid XML document.
Its the information that makes the web what it is - not the cool effects.
Whenever the freeserve network is busy, the message of "BT Network is currently busy, please try again later" - strange that its a BT Network message and not an Energis one.
Slashdot Mirror
If a JavaScript or a Java applet can subtly catch your mouse movements, then they can be imbedded in hidden inputs on the web page
No ifs about it. Javascript has quite a number of mouse dependant event-handlers, onMouseOver, onMouseOut, onMove, onClick, onMouseDown, onMouseUp.
Getting the details back to the server is even easier, just condense mousemovements into a bunch of characters (like Logo commands), stick them into a query string.
Now use a hidden image (a transparent 1x1 gif), useing javascript you can change this object on the fly - change the src attribute of that image to a cgi script, with the query string attached, plus a timestamp (making the url unique, thus not cached). The cgi-script then stores/analyses/ignores the data presented, and returns a status 204 - No change.
Its too simple, really.
On the plus side, hopefully it will convince more and more people to disable Javascript - and then boycott any websites that rely/insist on having it enabled. There's enough sites out there as competition to safely avoid intrusive websites - if not, then there's a niche market you can join.
Why just one direction? Surely the Open Source members outnumber a little Redmond company (in more ways than one). FWIW, Open Source gave the end-user the freedom to choose - so if its a choice between J2EE and .net, surely _both_ is an appropriate choice?
I do like a lot of things in J2EE, I like quite a number of things with .net. I think there's room in the Open Source enviroment for both.
Keep in mind that nearly every law that outlaws hacking is based on "unauthorized access."
Define "unauthorised access". All it takes to run a program on an infected box is an HTTP request. So are all HTTP requests "unauthorised"?
Lets say only "linked" URL's are authorised - so any link you click is okay, but you can't enter http://www.slashdot.org in a location bar of your browser - so authorised HTTP requests must encompass this
So if entering http://www.slashdot.org is authorised, why not http://www.infectedbox.com/cmd.exe?somefunnystring thatdoessomethingonthewebserver ? Since in both cases they are HTTP requests, one could be a static page, but the other is a call to a server-side script.
IMO any HTTP request to a webserver connected to the Internet is authorised unless its explicitly stated otherwise and/or causes visible damage, harm or loss to the website owner - such as a Denial of Service.
My soundcard works fine on the Thinkpad 600e (Linux Mandrake 8.0). Just configure it manually with sndconfig. The autodetect comes up with this Crystal 4280, but choose instead the cs4232 soundcard. Just get all the IRQ, DMA and io settings from ps2.exe before you start.
I used this site as a guide: http://www.pc.ibm.com/qtechinfo/MIGR-4BP6Q6.html?s electarea=SUPPORTbrand=root
Examples please
Since website's core objective is to deliver information, and looking at the directions of "alternate" technologies, the best way of moving forward would be to push for a clean separation between content and presentation - not just on an HTML/CSS level. More like an XML/XSL level.
Then we kill off all the cross-browser incompatibilities in one swoop by delivering the XML to the client, and the client then decides on the presentation by a customised XSL (since they'd only be interested in the content and buying on-line anyways).
XHTML is already a small step in this direction - since it should be a valid XML document.
Its the information that makes the web what it is - not the cool effects.
Whenever the freeserve network is busy, the message of "BT Network is currently busy, please try again later" - strange that its a BT Network message and not an Energis one.