Sometimes ideas on the extreme need to heard to put things in perspective. Without a loud voice yelling, "All information needs to be free!" maybe no one would be working hard to make just some information free.
It's a little like having libertarians running for office. They remind us that the Republican suggestion of small government still means huge government.
I don't necessarily disagree, but the site is almost obligated to put up that message if they don't want to be brought to court after it happens. They're simply trying to cover their asses.
Hey Verisign, it's called "open source". If you'd like the feature added submit a patch and they'll consider it. Until then the people working on it will finish when they can. Thanks.
Take out a $10,000 simolian loan and place a natural gas power plant in a corner. It costs $9,000 simolians and produces "moderate pollution", so residential and commercial zones won't develop well nearby. But your city won't grow quickly without a lot of power.
I attempted to create one specific to Slashdot comments. I don't like Slashdot's built in search for anything but articles. Unfortunately slashdot blocks the indexing of pages at/comments.pl (probably to prevent duplicate content, thereby helping their SEO). But it does work well for my site documenting the best Slashdot comments. So please give it a try and let me know what you think. What I'd really like to know is if it's worth adding slashdot's article URLs even though it'll then search the summary's text as well. Also if there are any other sites which should be included.
I tried the site integration code but the search form submission seems to conflict with my CMS. So a custom page outside the execution of a CMS may be required for some sites.
Oh, I use Parallels too. But I still see no value in the blog post. Plus the statement in the summary that this blog post gives insight to cross-platform development is just silly. He's developing inside a Windows environment to create Windows applications.
The piece does a good job talking about development for different environments then the one that you are programming in.
No, he's developing.NET apps using Windows. His database is SQL Server. He doesn't want to use Mono. So he's almost definitely developing for Windows. Mac apps have far better native options for development.
The only tip someone might find useful in this blog post is his informal test of memory settings in Parallels.
As a former employee of one of the credit card companies, I'd like to explain a little bit of how they think. Banks and credit card companies take fraud for granted. They have departments which analyze potential and reported fraud. They set certain thresholds which they consider acceptable. Since they know it's going to happen they study it and figure out the best way to flag accounts. To the credit card companies it makes the most financial sense to not bother with the technological blocks and catch the fraud on the tail end. For example, with smaller purchases no longer requiring a signiture, card use for small purchases has gone up. If a few percent of those purchases are fraud the banks and credit card companies don't care because in the end they're making more money. People who notice fraudulent transactions on their statements will make calls and the banks will eat the cost of the purchases. Banks who suspect fraud has taken place simply block the accounts until the card holder calls. It all works out to the benefit of the banks and credit card companies.
So even though the credit card companies should do more to protect the information from a logical and PR perspective, they've already decided that the small potential increase in the cost of fraud is outweighed by the increased use of these cards that some people consider more convenient.
Point taken. I guess I envisioned some javascript that repeatedly hit the virtual back button (window.back() or whatever it is) looking for any interesting information, then using this vulnerability to get that data to the "attacker". But you're right, it's probably more trouble than it's worth. It's a lot less likely to get you valuable information than simple phishing.
According to their copyright policy they place the burden squarely on the uploaders. I'm sure it's for legal reasons. If they claim to screen all content they may become liable for any content that gets through. But they should at least attempt a more rigorous screening process than just waiting for random people to flag it.
How about running javascript to go back through IE's history until it finds a bank URL it recognizes. If a secured page is cached (as some poorly written sites are) then this vulnerability could be exploited to go find that data and transmit it to the site you're currently on.
Everyone who owns or develops web sites knows this. Anyone who hints in a forum the numbers may be accurate immediately gets slapped down. It's the non-technical advertisers who don't know this. And they're the only ones who care about this ranking in order to gauge how much to spend on purchasing web site advertising. Since almost no web sites publicly display traffic info advertisers find Alexa rankings very convenient and probably just don't understand why they'd be useless.
Until advertisers "get it" or a much more accurate public metric is made available, Alexa rankings will unfortunately matter to web sites that are supported by advertising.
This IE hole requires no user interaction. Unlike the firefox bugs he links to a simple web page can leverage this IE hole with no extra user input. And considering the URI exploited is used within email I'd imagine Outlook is susceptable, too. So the firefox vulnerabilities mentioned are much less likely to be exploited than this IE hole.
I'm not sure if you're serious or not, but this bug was announced months ago in IE 6:
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.
Scroll up. This bug was discovered at least 5 months ago. IE 7 is not new software. It's an update to the IE 6 code base. This product is far from new. Hence this shared bug.
Slashdot Mirror
I'm not sure if it's funny or scary you were modded insightful. Am I the only one who got your joke?
Sometimes ideas on the extreme need to heard to put things in perspective. Without a loud voice yelling, "All information needs to be free!" maybe no one would be working hard to make just some information free.
It's a little like having libertarians running for office. They remind us that the Republican suggestion of small government still means huge government.
I don't necessarily disagree, but the site is almost obligated to put up that message if they don't want to be brought to court after it happens. They're simply trying to cover their asses.
Hey Verisign, it's called "open source". If you'd like the feature added submit a patch and they'll consider it. Until then the people working on it will finish when they can. Thanks.
Take out a $10,000 simolian loan and place a natural gas power plant in a corner. It costs $9,000 simolians and produces "moderate pollution", so residential and commercial zones won't develop well nearby. But your city won't grow quickly without a lot of power.
Who is this Bennett person and why do I get the feeling he'll be as popular as John Katz?
I attempted to create one specific to Slashdot comments. I don't like Slashdot's built in search for anything but articles. Unfortunately slashdot blocks the indexing of pages at /comments.pl (probably to prevent duplicate content, thereby helping their SEO). But it does work well for my site documenting the best Slashdot comments. So please give it a try and let me know what you think. What I'd really like to know is if it's worth adding slashdot's article URLs even though it'll then search the summary's text as well. Also if there are any other sites which should be included.
I tried the site integration code but the search form submission seems to conflict with my CMS. So a custom page outside the execution of a CMS may be required for some sites.
Not the most recent copyright act.
I'm just curious as to what you guys think (IANAL).
/. NOIAL.
I see you're new here. I think this is the blog you're looking for. Because on
Oh, I use Parallels too. But I still see no value in the blog post. Plus the statement in the summary that this blog post gives insight to cross-platform development is just silly. He's developing inside a Windows environment to create Windows applications.
The piece does a good job talking about development for different environments then the one that you are programming in.
.NET apps using Windows. His database is SQL Server. He doesn't want to use Mono. So he's almost definitely developing for Windows. Mac apps have far better native options for development.
No, he's developing
The only tip someone might find useful in this blog post is his informal test of memory settings in Parallels.
As a former employee of one of the credit card companies, I'd like to explain a little bit of how they think. Banks and credit card companies take fraud for granted. They have departments which analyze potential and reported fraud. They set certain thresholds which they consider acceptable. Since they know it's going to happen they study it and figure out the best way to flag accounts. To the credit card companies it makes the most financial sense to not bother with the technological blocks and catch the fraud on the tail end. For example, with smaller purchases no longer requiring a signiture, card use for small purchases has gone up. If a few percent of those purchases are fraud the banks and credit card companies don't care because in the end they're making more money. People who notice fraudulent transactions on their statements will make calls and the banks will eat the cost of the purchases. Banks who suspect fraud has taken place simply block the accounts until the card holder calls. It all works out to the benefit of the banks and credit card companies.
So even though the credit card companies should do more to protect the information from a logical and PR perspective, they've already decided that the small potential increase in the cost of fraud is outweighed by the increased use of these cards that some people consider more convenient.
You expect otherwise on Slashdot?
Really? Apple profits are up 27% on a 30% increase in Mac sales. And they're not in Washington.
Well, that's how the system is supposed to work. But we all know how well the system is functioning these days.
Point taken. I guess I envisioned some javascript that repeatedly hit the virtual back button (window.back() or whatever it is) looking for any interesting information, then using this vulnerability to get that data to the "attacker". But you're right, it's probably more trouble than it's worth. It's a lot less likely to get you valuable information than simple phishing.
According to their copyright policy they place the burden squarely on the uploaders. I'm sure it's for legal reasons. If they claim to screen all content they may become liable for any content that gets through. But they should at least attempt a more rigorous screening process than just waiting for random people to flag it.
How about running javascript to go back through IE's history until it finds a bank URL it recognizes. If a secured page is cached (as some poorly written sites are) then this vulnerability could be exploited to go find that data and transmit it to the site you're currently on.
Here are some of my bits. Actually, they're Slashdot's, but I'll let you have them. Sue me.
Everyone who owns or develops web sites knows this. Anyone who hints in a forum the numbers may be accurate immediately gets slapped down. It's the non-technical advertisers who don't know this. And they're the only ones who care about this ranking in order to gauge how much to spend on purchasing web site advertising. Since almost no web sites publicly display traffic info advertisers find Alexa rankings very convenient and probably just don't understand why they'd be useless.
Until advertisers "get it" or a much more accurate public metric is made available, Alexa rankings will unfortunately matter to web sites that are supported by advertising.
This IE hole requires no user interaction. Unlike the firefox bugs he links to a simple web page can leverage this IE hole with no extra user input. And considering the URI exploited is used within email I'd imagine Outlook is susceptable, too. So the firefox vulnerabilities mentioned are much less likely to be exploited than this IE hole.
http://secunia.com/advisories/19738/
http://secunia.com/advisories/22477/
Your first link is for a vulnerability which requires the user to do something (type in a file name). The second is a phishing attack.
/.
You might want to retake an IQ test before you start calling names on
Scroll up. This bug was discovered at least 5 months ago. IE 7 is not new software. It's an update to the IE 6 code base. This product is far from new. Hence this shared bug.