The porn site proxies the image as well as the result. If the user does not identify the captcha correctly, they don't get access to the pics. The porn site doing the proxying need not know anything about the contents of the captcha or how to judge if the user got it right -- it just passes the data along to the yahoo mail signup (or whatever), and if successfull, let the user see the porn.
Don't worry, there was a/. article about this practise several years ago. Anyone who would benefit from this and has the means to implement it has already done so.
Now, I'm sure you can find a bunch of cases in which a blog isn't exactly a journal and a podcast isn't exactly a radio show. But in the vast majority of cases, they are.
Now if you'll excuse me, I have to get in my time machine and find the first idiot to use the 'podcast' word. And kill him.
To play devil's advocate: Most of those "hacks" depend on other bugs in IE, such as it improperly parsing certain CSS2 selectors and so on. So the "hack" amounts to hiding the IE fixes behind something that no compliant browser would notice, or overriding the fixes with a construct that any compliant browser will parse.
If they fix both things at the same time (IE's box model as well as the various minor parsing bugs that made the hacks possible) then IE will behaive just as how a compliant browser like Gecko would, and since its box model is correct it will render properly.
Or in other words, those "hacks" (when done properly) were made specifically such that a compliant browser would always do the right thing. If you fix the bugs in IE it will be one of those such browsers, and so pages won't mysteriously start breaking.
The only way your scenario would happen is if MS fixes the major box model bugs but leaves the (relatively minor and more straightforward to fix) parsing bugs. I wouldn't put it past them to do something that stupid, but you have to realize that if they fix everything at once everything will be fine.
It's not Free software (they do have a trial version though) but check out UltraEdit. It has just about everything you could possibly want in a text editor.
That's a good point as well. Only use this method if you're confident that you know what you're doing and that you've actually fully troubleshot (-shooted?) the problem yourself. I.e. you know it's bad hardware or whatever.
That sounds like an unfortunate amount of time to spend on the phone with tech support, and I'm sorry you had to go through it. But I think this is a perfect time to point out that you can avoid much of that hassle.
If you know what you're doing then you have already diagnosed the problem and know that using Nero vs. XP's burn software shouldn't make a difference, and that reinstalling is a complete cop-out that changes nothing. So just lie.
"Yes, I'm using [whatever software they support]."
"No, of course I would never think of using any software except [whatever they support]."
"Why yes, I just reinstalled the system from your CD the other day."
Just follow their script, and whenever they suggest something brain-dead, tell them you've done it. As they go through their little script they will eventually get to a point where they have to either punt or hand you off to someone with a clue. It's all a matter of just knowing what their bosses expect of them, which is for them to follow their little scripts and try every conceivable weasel excuse for not actually doing anything to support you. Just play along...
Read the fine print. For reproductions of paintings it will usually say "Courtesy of..., used by permission" in the photo credits section, or something similar. That means that the publisher obtained permission from the copyright holder to include reproductions of the works in the book. It does NOT mean that because there are some books that include many reproductions of works of art that ANY book can do this under some misunderstanding of "fair use". Quite the contrary, it means that the publisher had to specifically clear everything.
And in the case of architecture, buildings in the public space have special rules. A particular photo of such a building can be copyrighted, and the book must pay the photographer royalties (also arranged by the publisher) but the appearance of the building itself cannot be copyrighted if it's a public building.
For life? Or until gmail notices that you're using their service to store files and disables it. Or until they close, or require you to pay. Or until they decide to make a change that breaks gmailfs. gmail is great and all and it's fine to use for "light duty" as you say but calling it "for life" is a real stretch. Anyone that uses it as the primary or sole means of backup is really asking for it though.
So install Cygwin, and that's exactly what you get.
$ ls -l/proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentCo ntrolSet/ total 0 dr-xr-x--- 64 Administrators SYSTEM 0 Jun 13 21:01 Control/ dr--r-xr-- 18 Administrators SYSTEM 0 Apr 16 02:14 Enum/ dr-xr-x--- 5 Administrators SYSTEM 0 Jun 13 21:01 Hardware\ Profiles/ dr-xr-x--- 337 Administrators SYSTEM 0 Jun 13 22:00 Services/
Each key is a file that you can edit with any regular unix tool.
I really don't understand this "registry aversion" meme. I've been using Windows for quite a long time (since before it even had a registry) and I've never once experienced any kind of registry corruption. Sure, windows systems often encounter problems that seem mysterious and so I'm sure it's a great hand waving to just say "oh, your registry is corrupted, you have to reinstall." But that has not been my experience at all, and I hardly ever reinstall windows except when changing hardware.
If you don't like the themed interface, disable it and XP will look just like your precious 2k. But don't assume that that's the only change under the hood. I used to think the same thing, and was a diehard 2k user. Then I actually tried XP and read the above article.
The actual term is a 'transparent web cache'. What happens is the ISP proxys all traffic on port 80 outbound through a machine on their network running squid. To the end user, the effect is the same as if they were connecting directly to the destination web server, but they're really connecting to this squid proxy. That way if two of their customers request the same page, the squid machine only has to fetch it once (assuming it's cacheable) and it can then send it to both customers. It's a bandwidth-saving measure, because to the ISP the 'external' traffic is more costly than internal traffic that doesn't have to leave their core network.
The effect of this is that web traffic on the destination server appears to come from the proxy machine, not the end user's actual machine/IP address. Usually there is a HTTP header (such as 'X-Forwarded-For:') that contains the real IP address of the actual end user. The problem for the site though is that you cannot trust this header, because anyone can add any HTTP header they want. If slashdot were to consider the header as genuine, then any old crapflooder could claim to be any IP address they desire, and evade bans. There is no way to differentiate the case of a real squid proxy that is actually inserting a legitimate header, and an end-user that is doing the same for nefarious purposes. You really can't blame slashdot for not considering the X-Forwarded-For header, because it's just completely unreliable.
Many other web applications have similar problems. For example, some forum software such as IPB (Invision Power Board) *does* consider the IP address contained in the X-Forwarded-For header, because it does make for better logging for users with ISPs that use transparent proxies. However, it makes banning forum users by IP address completely worthless, because the malicious user can just stick anything there they desire.
This also crops up with BitTorrent trackers, because when the BT client contacts the tracker, the tracker must note the IP address of the client so that it can give it out to other clients. (Clients are introduced via the common middleman of the tracker.) If the tracker is on port 80 and the user has an ISP that has one of these transparent proxies, the tracker will get the IP of the proxy and not the end-user. This means it will give out the wrong address to other clients, and that user will never get any incoming connections. The solution to this is to either tell the client to explicitly inform the tracker of its IP address, or to have the tracker on a port other than 80. The former is fraught with difficulties when you consider dynamically changing IP addresses and NAT, because it requires that the end user's software be configured correctly to send the proper IP address. The latter is the preferred way of handling it, because transparent proxies really only care about stuff on port 80.
Ironically there is an extension to do just that. I think it's called Mass Installer. THe idea is that on a fresh Fx install, you just install this one extension and then give it a URL where you have your list of desired extensions stored and it loads them all.
Me, I just keep the.xpi files of all my extensions in a directory, then select them all and drag & drop onto the 'extensions' window. Instant mass install of all desired extensions.
"The quick prefs thing is a really big thing for me, but for some reason firefox users don't care." Care to elaborate what quick prefs are? The ability to adjust preferences somewhere different than tools->options? I really am clueless...
I think he was referring to something where you can enable disable things (e.g. javascript, images, flash) with a single click without opening any menus. The Firefox extension "PrefBar" is the equivalent for this, and gives you single-click access to all that junk.
1. TBE (Tabbrowser Extensions) is universally regarded as a huge, slow, bloated extension. It more or less re-implements the entire tab interface in its own way. Many people, myself included, got sick of its sluggishness and got rid of it. You can get the same functionality with a handful of other extensions. I use TBP (tabbrowser preferences), miniT, and Single Window to achieve most of what TBE gives you. Though I use about three dozen extensions in total, so I am not a model of the stock firefox user.
2. Finding/reinstalling extensions is easy once you learn the trick... and that is this: When you see an extension that you want to try, don't just click and install it. Rather, save the.XPI file to a directory. For every extension that you plan to use regularly, save the.XPI file into that directory. Now, whenever you want to reinstall or whatever, all you have to do is select all the files in that directory, and then drag them onto the Extensions window and drop them. They will all be installed in one go. No more hunting around for a ton of links, you just maintain this directory with your set of desired XPI files. You don't even have to keep it up to date: If you reinstall Fx and then mass install the extensions from your XPI dir, then you can just hit 'Auto-Update' and get the latest versions of all of them in one go.
That's certainly an interesting concept and I applaud them for innovative thinging... But holy shit do you pay a premium. I couldn't find any pricing details but based on the info on the home page you are paying a huge markup over going rates for equivalent services.
This is incorrect. The exploit fakes the Firefox security model by loading a page on a trusted site and then injecting javascript into the context of that page. Becuase JS in that context has the privileges to download and install things, it then fetches the payload from an untrusted site and installs it. So even if you only have update.mozilla.org whitelisted you are STILL VULNERABLE.
Now, in recent days the admins of that site have made a work-around that makes it harder for the vulnerability to load a given update page from update.mozilla.org. But the fundamental vulnerability still exists, and needs to be fixed.
Heh, I think I just had a flashback to circa 1995-96... Around then VRML was a hot fad, as the web was really taking off, and there were all sorts of browser plug-ins....all of which sucked. Hard.
They amounted to crappy wireframe renderings of rooms, perhaps some objects, and usually some (literal) avatars of other people. The software must have been unoptimized, because even simple 16 color wireframe models were godawful slow. The controls were hard to use, and immersion was nil. Still, it was supposed to be a "hot" thing that was going to take off. At the time the notion of a video card with 3D acceleration was just beginning to materialize. Most everybody had plain old 2D framebuffers. And pentiums. With like 32 megs of ram. ouch.
Anyway... back then it was still novel to have high speed internet connections in the dorms, and when we discovered CUSeeMe (or however it's spelled) that pretty much drew all our attention away from the crappy VRML.
I think the key word was "just". Using only the mouse (without the other hand on the keyboard) would be nearly impossible, if not suicidal, in most FPS games.
Slashdot Mirror
PDF version of the above paper from the author's site
Uh... no.
The porn site proxies the image as well as the result. If the user does not identify the captcha correctly, they don't get access to the pics. The porn site doing the proxying need not know anything about the contents of the captcha or how to judge if the user got it right -- it just passes the data along to the yahoo mail signup (or whatever), and if successfull, let the user see the porn.
Don't worry, there was a /. article about this practise several years ago. Anyone who would benefit from this and has the means to implement it has already done so.
Are you kidding me?
"blog" -> journal
"podcast" -> radio show
Now, I'm sure you can find a bunch of cases in which a blog isn't exactly a journal and a podcast isn't exactly a radio show. But in the vast majority of cases, they are.
Now if you'll excuse me, I have to get in my time machine and find the first idiot to use the 'podcast' word. And kill him.
I remember it too, but I wasn't planning on making a stink about it.
/. are bad, try digg.com for a while *yeesh*)
(If you think the dupes on
To play devil's advocate: Most of those "hacks" depend on other bugs in IE, such as it improperly parsing certain CSS2 selectors and so on. So the "hack" amounts to hiding the IE fixes behind something that no compliant browser would notice, or overriding the fixes with a construct that any compliant browser will parse.
If they fix both things at the same time (IE's box model as well as the various minor parsing bugs that made the hacks possible) then IE will behaive just as how a compliant browser like Gecko would, and since its box model is correct it will render properly.
Or in other words, those "hacks" (when done properly) were made specifically such that a compliant browser would always do the right thing. If you fix the bugs in IE it will be one of those such browsers, and so pages won't mysteriously start breaking.
The only way your scenario would happen is if MS fixes the major box model bugs but leaves the (relatively minor and more straightforward to fix) parsing bugs. I wouldn't put it past them to do something that stupid, but you have to realize that if they fix everything at once everything will be fine.
In case you didn't get the joke: http://apple.slashdot.org/article.pl?sid=01/10/23/ 1816257&tid=107
It's not Free software (they do have a trial version though) but check out UltraEdit. It has just about everything you could possibly want in a text editor.
That's a good point as well. Only use this method if you're confident that you know what you're doing and that you've actually fully troubleshot (-shooted?) the problem yourself. I.e. you know it's bad hardware or whatever.
That sounds like an unfortunate amount of time to spend on the phone with tech support, and I'm sorry you had to go through it. But I think this is a perfect time to point out that you can avoid much of that hassle.
If you know what you're doing then you have already diagnosed the problem and know that using Nero vs. XP's burn software shouldn't make a difference, and that reinstalling is a complete cop-out that changes nothing. So just lie.
"Yes, I'm using [whatever software they support]."
"No, of course I would never think of using any software except [whatever they support]."
"Why yes, I just reinstalled the system from your CD the other day."
Just follow their script, and whenever they suggest something brain-dead, tell them you've done it. As they go through their little script they will eventually get to a point where they have to either punt or hand you off to someone with a clue. It's all a matter of just knowing what their bosses expect of them, which is for them to follow their little scripts and try every conceivable weasel excuse for not actually doing anything to support you. Just play along...
The space moose take on this situation is classic adam thrasher. It's truly one of his best strips.
Read the fine print. For reproductions of paintings it will usually say "Courtesy of ..., used by permission" in the photo credits section, or something similar. That means that the publisher obtained permission from the copyright holder to include reproductions of the works in the book. It does NOT mean that because there are some books that include many reproductions of works of art that ANY book can do this under some misunderstanding of "fair use". Quite the contrary, it means that the publisher had to specifically clear everything.
And in the case of architecture, buildings in the public space have special rules. A particular photo of such a building can be copyrighted, and the book must pay the photographer royalties (also arranged by the publisher) but the appearance of the building itself cannot be copyrighted if it's a public building.
For life? Or until gmail notices that you're using their service to store files and disables it. Or until they close, or require you to pay. Or until they decide to make a change that breaks gmailfs. gmail is great and all and it's fine to use for "light duty" as you say but calling it "for life" is a real stretch. Anyone that uses it as the primary or sole means of backup is really asking for it though.
Each key is a file that you can edit with any regular unix tool.
I really don't understand this "registry aversion" meme. I've been using Windows for quite a long time (since before it even had a registry) and I've never once experienced any kind of registry corruption. Sure, windows systems often encounter problems that seem mysterious and so I'm sure it's a great hand waving to just say "oh, your registry is corrupted, you have to reinstall." But that has not been my experience at all, and I hardly ever reinstall windows except when changing hardware.
Oh please. Sites get hacked, it happens. alpha.gnu.org was hacked BADLY and was readonly for like 6 to 8 months while they verified all their code. The same happened with gnome.org. Yet you don't see anyone running around screaming that "if the FSF and GNOME hackers can't secure their own servers, how do [they] expect the rest of the world to do it?" These things happen.
Agreed. Everyone that thinks XP is just a bunch of eye-candy on top of win2k should read this article by Mark Russinovich of sysinternals.
If you don't like the themed interface, disable it and XP will look just like your precious 2k. But don't assume that that's the only change under the hood. I used to think the same thing, and was a diehard 2k user. Then I actually tried XP and read the above article.
The actual term is a 'transparent web cache'. What happens is the ISP proxys all traffic on port 80 outbound through a machine on their network running squid. To the end user, the effect is the same as if they were connecting directly to the destination web server, but they're really connecting to this squid proxy. That way if two of their customers request the same page, the squid machine only has to fetch it once (assuming it's cacheable) and it can then send it to both customers. It's a bandwidth-saving measure, because to the ISP the 'external' traffic is more costly than internal traffic that doesn't have to leave their core network.
The effect of this is that web traffic on the destination server appears to come from the proxy machine, not the end user's actual machine/IP address. Usually there is a HTTP header (such as 'X-Forwarded-For:') that contains the real IP address of the actual end user. The problem for the site though is that you cannot trust this header, because anyone can add any HTTP header they want. If slashdot were to consider the header as genuine, then any old crapflooder could claim to be any IP address they desire, and evade bans. There is no way to differentiate the case of a real squid proxy that is actually inserting a legitimate header, and an end-user that is doing the same for nefarious purposes. You really can't blame slashdot for not considering the X-Forwarded-For header, because it's just completely unreliable.
Many other web applications have similar problems. For example, some forum software such as IPB (Invision Power Board) *does* consider the IP address contained in the X-Forwarded-For header, because it does make for better logging for users with ISPs that use transparent proxies. However, it makes banning forum users by IP address completely worthless, because the malicious user can just stick anything there they desire.
This also crops up with BitTorrent trackers, because when the BT client contacts the tracker, the tracker must note the IP address of the client so that it can give it out to other clients. (Clients are introduced via the common middleman of the tracker.) If the tracker is on port 80 and the user has an ISP that has one of these transparent proxies, the tracker will get the IP of the proxy and not the end-user. This means it will give out the wrong address to other clients, and that user will never get any incoming connections. The solution to this is to either tell the client to explicitly inform the tracker of its IP address, or to have the tracker on a port other than 80. The former is fraught with difficulties when you consider dynamically changing IP addresses and NAT, because it requires that the end user's software be configured correctly to send the proper IP address. The latter is the preferred way of handling it, because transparent proxies really only care about stuff on port 80.
Ironically there is an extension to do just that. I think it's called Mass Installer. THe idea is that on a fresh Fx install, you just install this one extension and then give it a URL where you have your list of desired extensions stored and it loads them all.
.xpi files of all my extensions in a directory, then select them all and drag & drop onto the 'extensions' window. Instant mass install of all desired extensions.
Me, I just keep the
"The quick prefs thing is a really big thing for me, but for some reason firefox users don't care."
Care to elaborate what quick prefs are? The ability to adjust preferences somewhere different than tools->options? I really am clueless...
I think he was referring to something where you can enable disable things (e.g. javascript, images, flash) with a single click without opening any menus. The Firefox extension "PrefBar" is the equivalent for this, and gives you single-click access to all that junk.
Two comments:
.XPI file to a directory. For every extension that you plan to use regularly, save the .XPI file into that directory. Now, whenever you want to reinstall or whatever, all you have to do is select all the files in that directory, and then drag them onto the Extensions window and drop them. They will all be installed in one go. No more hunting around for a ton of links, you just maintain this directory with your set of desired XPI files. You don't even have to keep it up to date: If you reinstall Fx and then mass install the extensions from your XPI dir, then you can just hit 'Auto-Update' and get the latest versions of all of them in one go.
1. TBE (Tabbrowser Extensions) is universally regarded as a huge, slow, bloated extension. It more or less re-implements the entire tab interface in its own way. Many people, myself included, got sick of its sluggishness and got rid of it. You can get the same functionality with a handful of other extensions. I use TBP (tabbrowser preferences), miniT, and Single Window to achieve most of what TBE gives you. Though I use about three dozen extensions in total, so I am not a model of the stock firefox user.
2. Finding/reinstalling extensions is easy once you learn the trick... and that is this: When you see an extension that you want to try, don't just click and install it. Rather, save the
That's certainly an interesting concept and I applaud them for innovative thinging... But holy shit do you pay a premium. I couldn't find any pricing details but based on the info on the home page you are paying a huge markup over going rates for equivalent services.
This is incorrect. The exploit fakes the Firefox security model by loading a page on a trusted site and then injecting javascript into the context of that page. Becuase JS in that context has the privileges to download and install things, it then fetches the payload from an untrusted site and installs it. So even if you only have update.mozilla.org whitelisted you are STILL VULNERABLE.
Now, in recent days the admins of that site have made a work-around that makes it harder for the vulnerability to load a given update page from update.mozilla.org. But the fundamental vulnerability still exists, and needs to be fixed.
Heh, I think I just had a flashback to circa 1995-96... Around then VRML was a hot fad, as the web was really taking off, and there were all sorts of browser plug-ins. ...all of which sucked. Hard.
They amounted to crappy wireframe renderings of rooms, perhaps some objects, and usually some (literal) avatars of other people. The software must have been unoptimized, because even simple 16 color wireframe models were godawful slow. The controls were hard to use, and immersion was nil. Still, it was supposed to be a "hot" thing that was going to take off. At the time the notion of a video card with 3D acceleration was just beginning to materialize. Most everybody had plain old 2D framebuffers. And pentiums. With like 32 megs of ram. ouch.
Anyway... back then it was still novel to have high speed internet connections in the dorms, and when we discovered CUSeeMe (or however it's spelled) that pretty much drew all our attention away from the crappy VRML.
I think the key word was "just". Using only the mouse (without the other hand on the keyboard) would be nearly impossible, if not suicidal, in most FPS games.
You can work around the firefox bug (it's not slashdot's fault) with an extension: http://hardgrok.org/blog/item/slashfix-firefox-ext ension.html