You're likely referring to the JavaScript Hijacking paper from Fortify Software, the one which finds a loophole in a ridiculously contrived scenario that applies to roughly six sites on the planet. The threat they identify is real, but unlikely; it's orders of magnitude less severe than an XSS flaw or SQL-injection attack. Bob Ippolito demystifies the threat.
Nine times out of ten, a security exploit that uses JavaScript as the attack vector must be solved on the server-side, not in the JavaScript itself. This isn't buck-passing; it's just the truth. Nothing I can add to a JavaScript library will intercept a XSS attack, since the vulnerability (unsanitized HTML) lies on the server. Once the malicious JavaScript is on the page, the game is over.
That said: one of the suggested ways to protect yourself from this hijacking flaw is to surround the returned JSON with comment delimiters. Prototype 1.5.1, released on Tuesday, can handle this automatically.
Having managed a movie theater for a few years when I was in college I can tell you that plenty of underage kids end up getting into R rated movies simply by the incompetence of the ticket booth people, or by theater hopping.
I don't doubt it. The movie industry has never tried all that hard to go after kids who try to circumvent the rules. Of course, my guess is you're a lot closer to 15 or 16, as opposed to thirteen, if you're trying to get into an R-rated movie.
What more can the video game industry do though? What happens to a retailer when they sell a DVD that is rated R to a 13 year old? When a 13 year old buys a tape that has the "Explicit lyrics label?". Does the MPAA or RIAA shun them and not send them any products? There doesn't seem to be any enforcment in other areas of the entertainment spectrum, so why should there be with video games?
I agree -- video game makers shouldn't pay for the sins of video game retailers. Maybe I'm naive, but I imagine those underage kids in the FCC study were so successful not because cashiers were malicious (or even inept) -- but rather because a lot of stores have no cohesive policy for preventing minors from buying M-rated games. Either that or they don't bother to enforce it.
If retailers buckle to political pressure and start getting tougher on this stuff, then it'll be somewhat harder for kids to buy M-rated games. At that point it's less of a problem that there's no disciplinary mechanism in place.
Is this really any different from rating movies and not letting 18 and unders into R rated movies?
Yes; it's completely different. The MPAA ratings are policed by the theaters themselves; there's no law that says a theater can't sell a 4-year-old a ticket to an R-rated movie. The ratings were put in place several decades ago under pressure from Congress, yes, but the movie industry got out of having this stuff legislated by agreeing to play ball.
The idea behind an industry rating system, as opposed to a government rating system, is that it puts the ratings in the hands of those most qualified to make them. The system in place with video games right now is most comparable to movie ratings. The problem, it seems, is that many game retailers aren't playing ball. According to Yee, a vast majority of underaged participants in an FCC undercover study were able to buy M-rated games without their parents.
What Yee is proposing is basically throwing out the ESRB rating system and using his more stringent guidelines to decide which games are unsuitable for children. He leaves the door wide open for "T"-rated games to be unavailable for purchase to those under 18.
Is this wrong? Yes. But so is being able to buy Vice City if you're 13 years old. It's not just stupid parents -- it's game retailers as well. Until they stop selling violent video games to unaccompanied children, we haven't got much ground to stand on.
I'll be far less skeptical when they quote someone other than an unnamed source.
One thing I know about Sony--they're a big company, and thus have lots of lawyers. If Rockstar wants to wage a giant legal battle over the semantics of a contract, then I'd advise them to start of small and work up to multinational conglomerates.
Fair enough. But it's also abundantly clear that they scrapped those plans at some point, salvaging them only after the success of the game on PC.
Again I say that making an attempt at a port is a step in the right direction. You've got a right to be pissed, however. Maybe they'll learn their lesson when they release their shitty port to lackluster sales--and try to do it better next time.
This item shows that they had conceived of a Linux client during development, granted. But it also says they planned to port NWN to OS X and BeOS (!), which clearly didn't even get done.
If it had been "planned" then it wouldn't have arrived a year late with less functionality than the PC version.
Well, I've got to think that a Linux port was not planned from day one, or else they'd have chosen a video format that could be played on all platforms.
Here it is, a year after the initial release of NWN, and the Linux port is still in development and slightly crippled. Doesn't seem very planned to me.
A shabby Linux client is infinitely better than no client at all. Efforts are being made in good faith, and while that doesn't exactly satisfy me as a gamer, it is comforting in the larger sense.
NWN2 will be done a lot better and will, hopefully, open the door for more Linux ports of retail games.
From what I can piece together, "licensing/porting problems" means (a) There is no Bink codec for Linux, and (b) Bink's license w/ NWN forbids BioWare from converting the cinematics to any other format.
While this sucks, it should be said in BioWare's defense that a Linux port was not originally planned. Bink was a fine choice at the time--it's not BioWare's fault that they're pioneers in the Linux retail gaming market. Instead, fault Bink for not having their shit together.
"Sucked" is an understatement. Several publications called Prince of Persia 3D one of the biggest flops ever in computer gaming. It was plagued by way-too-ambitious (albeit pretty) graphics, absurdly and disappointingly linear level design, and perhaps the slowest gameplay in the history of interactive entertainment. Considering its predecessor, it was such a let-down that I'm still pissed off they suckered me into playing it.
Honestly, they could give the new one out for free and it wouldn't make things better.
if you're going to have 81 gigs of mp3s, then you're going to need to orgainze them. logically, it would be by id3 tag, but how the hell are you going to navigate through that many songs? and playlists?
looking at it, i can see program, select, play, stop, and one big button. that one big button had better do a lot, because i wouldn't want to be navigating through ZZ Top music when i want to go to Ace of Base.
Comments like "if people are too stupid to figure out these ballots, then that's not Florida's problem," are incredibly condescending. If SO MANY people made this mistake, then maybe it's the duty of the government to make sure that these ballots are clarified in the future. Sure, the ballots are approved by both parties beforehand, but what are they supposed to do? Run them through a focus group? A mistake like this could have gone either way and everybody knows it. If Bush's name were listed third instead of Gore's, then Republicans would be just as miffed.
As for the actual numbers, 3,500 people in Palm Beach voted for Buchanan, while Buchanan amassed less than 1000 votes in both Broward and Dade, both of which are heavily Democratic and both of which are bigger than Palm Beach. As it was said on CNN (and I paraphrase), "There is no way that 3500 elderly Jewish people voted for Pat Buchanan."
Slashdot Mirror
You're likely referring to the JavaScript Hijacking paper from Fortify Software, the one which finds a loophole in a ridiculously contrived scenario that applies to roughly six sites on the planet. The threat they identify is real, but unlikely; it's orders of magnitude less severe than an XSS flaw or SQL-injection attack. Bob Ippolito demystifies the threat.
Nine times out of ten, a security exploit that uses JavaScript as the attack vector must be solved on the server-side, not in the JavaScript itself. This isn't buck-passing; it's just the truth. Nothing I can add to a JavaScript library will intercept a XSS attack, since the vulnerability (unsanitized HTML) lies on the server. Once the malicious JavaScript is on the page, the game is over.
That said: one of the suggested ways to protect yourself from this hijacking flaw is to surround the returned JSON with comment delimiters. Prototype 1.5.1, released on Tuesday, can handle this automatically.
(Disclosure: I'm a member of Prototype Core.)
Actually, the text of the bill says that one must specify either a street address or an e-mail address.
I agree in spirit. But if the video game industry doesn't make it the retailer's job, then government will make it the retailer's job.
I don't doubt it. The movie industry has never tried all that hard to go after kids who try to circumvent the rules. Of course, my guess is you're a lot closer to 15 or 16, as opposed to thirteen, if you're trying to get into an R-rated movie.
What more can the video game industry do though? What happens to a retailer when they sell a DVD that is rated R to a 13 year old? When a 13 year old buys a tape that has the "Explicit lyrics label?". Does the MPAA or RIAA shun them and not send them any products? There doesn't seem to be any enforcment in other areas of the entertainment spectrum, so why should there be with video games?
I agree -- video game makers shouldn't pay for the sins of video game retailers. Maybe I'm naive, but I imagine those underage kids in the FCC study were so successful not because cashiers were malicious (or even inept) -- but rather because a lot of stores have no cohesive policy for preventing minors from buying M-rated games. Either that or they don't bother to enforce it.
If retailers buckle to political pressure and start getting tougher on this stuff, then it'll be somewhat harder for kids to buy M-rated games. At that point it's less of a problem that there's no disciplinary mechanism in place.
Yes; it's completely different. The MPAA ratings are policed by the theaters themselves; there's no law that says a theater can't sell a 4-year-old a ticket to an R-rated movie. The ratings were put in place several decades ago under pressure from Congress, yes, but the movie industry got out of having this stuff legislated by agreeing to play ball.
The idea behind an industry rating system, as opposed to a government rating system, is that it puts the ratings in the hands of those most qualified to make them. The system in place with video games right now is most comparable to movie ratings. The problem, it seems, is that many game retailers aren't playing ball. According to Yee, a vast majority of underaged participants in an FCC undercover study were able to buy M-rated games without their parents.
What Yee is proposing is basically throwing out the ESRB rating system and using his more stringent guidelines to decide which games are unsuitable for children. He leaves the door wide open for "T"-rated games to be unavailable for purchase to those under 18.
Is this wrong? Yes. But so is being able to buy Vice City if you're 13 years old. It's not just stupid parents -- it's game retailers as well. Until they stop selling violent video games to unaccompanied children, we haven't got much ground to stand on.
Why is this modded up? That wasn't GameSpot. That was GameSpy.
One thing I know about Sony--they're a big company, and thus have lots of lawyers. If Rockstar wants to wage a giant legal battle over the semantics of a contract, then I'd advise them to start of small and work up to multinational conglomerates.
(Yeah, yeah, I know. Collector's item and whatnot.)
I rather like the ugly little unit, actually. Bit of a nostalgia kick that only the Japanese can appreciate.
Again I say that making an attempt at a port is a step in the right direction. You've got a right to be pissed, however. Maybe they'll learn their lesson when they release their shitty port to lackluster sales--and try to do it better next time.
If it had been "planned" then it wouldn't have arrived a year late with less functionality than the PC version.
Here it is, a year after the initial release of NWN, and the Linux port is still in development and slightly crippled. Doesn't seem very planned to me.
A shabby Linux client is infinitely better than no client at all. Efforts are being made in good faith, and while that doesn't exactly satisfy me as a gamer, it is comforting in the larger sense.
NWN2 will be done a lot better and will, hopefully, open the door for more Linux ports of retail games.
From what I can piece together, "licensing/porting problems" means
(a) There is no Bink codec for Linux, and
(b) Bink's license w/ NWN forbids BioWare from converting the cinematics to any other format.
While this sucks, it should be said in BioWare's defense that a Linux port was not originally planned. Bink was a fine choice at the time--it's not BioWare's fault that they're pioneers in the Linux retail gaming market. Instead, fault Bink for not having their shit together.
"Sucked" is an understatement. Several publications called Prince of Persia 3D one of the biggest flops ever in computer gaming. It was plagued by way-too-ambitious (albeit pretty) graphics, absurdly and disappointingly linear level design, and perhaps the slowest gameplay in the history of interactive entertainment. Considering its predecessor, it was such a let-down that I'm still pissed off they suckered me into playing it.
Honestly, they could give the new one out for free and it wouldn't make things better.
looking at it, i can see program, select, play, stop, and one big button. that one big button had better do a lot, because i wouldn't want to be navigating through ZZ Top music when i want to go to Ace of Base.
this is to download the TiVo scheduling information. It has to know what's on in your area before it can record stuff.
finally i'll be able to see the conclusion to that "masculine itch" commercial with joe montana and ronnie lott.
As for the actual numbers, 3,500 people in Palm Beach voted for Buchanan, while Buchanan amassed less than 1000 votes in both Broward and Dade, both of which are heavily Democratic and both of which are bigger than Palm Beach. As it was said on CNN (and I paraphrase), "There is no way that 3500 elderly Jewish people voted for Pat Buchanan."