The point here is that hidden/offscreen/behind logo/transparent/etc AUTOFILL fields should NOT be sent.
Not only should they not be sent, they shouldn't even be filled in. But, deciding whether to fill them in often comes down to trying to guess the intent. Is the field just below the scroll, or is it really hidden in some illegitimate way? Maybe it's hidden in some legitimate way. It could be tough to determine why the field isn't visible, or even if it's not really visible. Hell, you could make a div act exactly like a form field, hidden or not.
But frankly, even not sending the hidden fields wouldn't stop the problem from happening- with some sneaky javascript form fiddling you could copy the data from the hidden fields into some dynamically-created "legit" hidden fields, and they'd get sent along with all the other (valid) fields when the form was submitted.
Using a browser these days is a lot like playing Russian Roulette.
Sorry, I meant to say fields with hidden visibility (color tricks, size tricks, etc) would never be sent if the auto complete was not put into the field (by the browser) until it was clicked.
Ahh, okay, my misunderstanding.
-
For the sake of slurping information, I assumed these were not fields kg the type hidden, but fields hidden from being seen, like text fields that couldn't be seen.
If the browser didn't fill the DOM until a field was interacted with, then it couldn't be sneakily taken.
I'd bet there's still a way to fill in the fields (or extra alt-fields) by stealing the information...probably using some ajax and dom parsing and other sneaky tricks. For example, you could dynamically create some legit hidden fields on demand as soon as the submit function was triggered, fill in whatever info you want into the newly-created fields, and they'd be sent along with the rest of the form.
You're missing the point...if this add-wifi-to-everything bullshit isn't stopped then every manufacturer will reason that since LG does it they'll also have to add wifi in order to match LG in terms of feature set. And if every manufacturer does it then how will you buy a fridge that's not an internet fridge?
This whole "everything needs wifi" mindset is like an infection, and it needs to be stamped out like an infection. So I vote for the "put them up against a wall" approach even if it seems a little harsh.
Or alternatively you could not buy a fucking internet fridge.
You're missing the point...if this add-wifi-to-everything bullshit isn't stopped then every manufacturer will reason that since LG does it they'll also have to add wifi in order to match LG in terms of feature set. And if every manufacturer does it then how will you buy a fridge that's not an internet fridge?
This whole "everything needs wifi" mindset is like an infection, and it needs to be stamped out like an infection. So I vote for the "put them up against a wall" approach even if it seems a little harsh.
-
Which is admittedly less macho than taking out the Board of Directors with an M134 mini gun.
Macho or not, I think that would be the coolest and most effective way to do it.
Or maybe Google is closing something that is used so little that most developers who have put time and effort into it have written it off as a failure long ago.
Or maybe you're missing the point, which is that Google will drop you like a used condom as soon as they decide your unpaid work on their latest shiny bag of hipster hype isn't making them enough money.
0.1% of $5.83 Billion is actually $5.83 Million. Closer to chump change in a nearly-$6 Billion budget.
It's barely even a rounding error, but look at how many American workers will bite the dust for this shameless bullshit. It's an epic fuck-up by the university on every level.
The only thing that draws me to Windows is the software. Otherwise I don't see it having a killer feature.
On that I wholeheartedly agree...there are still quite a few serious applications that will run only under Windows.
Even using Wine or CrossOver there are some applications that won't run or are too unstable to use in a production environment. But with that said, I've found Wine and CrossOver will get you about 95% of the way there, even for finicky stuff like Photoshop.
And before too many people chime in saying, "But you could use GIMP....", let me respectfully say "no". Photoshop is THE graphics application that rules the roost. I've tried GIMP and just never got used to it. If it works for you, great, but no employer I'm aware of that uses Photoshop will hire you based on the fact that you can use GIMP.
I've always liked Nokia phones and I'm looking forward to see what they come up with over the next few months. I'd bet the new Nokias will be pretty attractive in terms of price and features/performance.
And needless to say, they'll probably be rugged as hell *AND* come with a headphone jack. I'm hoping to see a waterproof model.
On the otherhand, Look at Korora or Chapeau Linux or even a Fedora based Linux from outside of the USA. Those versions shame Ubuntu.
What would you say are the things that set Korora or Chapeau apart from Ubuntu? (I'm not familiar with either of them so I'd be interested in what the differences and/or benefits are.)
Yeah: you're trying to use Bitcoin to store value. Bitcoin is for moving your savings around, not for storing them.
I prefer a bank, so if it gets robbed then I still get my money back no matter what.
Storing value is one of the primary functions of any currency, except bitcoin apparently.
And yes, the volatility of bitcoin matters to me, since I would prefer not to see any significant amount of my savings disappear overnight due to fluctuations in the perceived value of bitcoin.
My point is that if the value of bitcoin drops from $1000 to $500, now I can only make 1/2 of the number of house payments I could before. That doesn't happen with dollars. A thousand dollars will always make my house payment irrespective of anything else.
That headline reminds me of a problem the Jedi had in the Minora system
Okay, I like Star Wars but this comment hit my Nerd-O-Meter so hard that the needle broke off, went rocketing into the sky and was last seen punching a hole in one of Saturn's rings.
Clearly you weren't paying attention the past two years when they got hit multiple times for being behind on security patches (both their site and distribution) and then for a while there they were distributing infected ISOs.
but I seriously hope that his saved passwords are complicated
I certainly would hope so too, but knowing what I know about him I wouldn't count on it. Seriously, I'd bet his password is something like "iloveivanka" or his birth date or maybe "MAGA".
Oh dear. I hadn't thought of something as obvious as cracking his password. We can only hope that he has been strongly persuaded to use REALLY hard passwords.
Oh fer sure. Since he knows so much about "the cyber" I'm sure it's nothing guessable like "IdLoveToBangMyDaughter" or "password" or "1234".
Slashdot Mirror
The point here is that hidden/offscreen/behind logo/transparent/etc AUTOFILL fields should NOT be sent.
Not only should they not be sent, they shouldn't even be filled in. But, deciding whether to fill them in often comes down to trying to guess the intent. Is the field just below the scroll, or is it really hidden in some illegitimate way? Maybe it's hidden in some legitimate way. It could be tough to determine why the field isn't visible, or even if it's not really visible. Hell, you could make a div act exactly like a form field, hidden or not.
But frankly, even not sending the hidden fields wouldn't stop the problem from happening- with some sneaky javascript form fiddling you could copy the data from the hidden fields into some dynamically-created "legit" hidden fields, and they'd get sent along with all the other (valid) fields when the form was submitted.
Using a browser these days is a lot like playing Russian Roulette.
Sorry, I meant to say fields with hidden visibility (color tricks, size tricks, etc) would never be sent if the auto complete was not put into the field (by the browser) until it was clicked.
Ahh, okay, my misunderstanding.
-
For the sake of slurping information, I assumed these were not fields kg the type hidden, but fields hidden from being seen, like text fields that couldn't be seen.
If the browser didn't fill the DOM until a field was interacted with, then it couldn't be sneakily taken.
I'd bet there's still a way to fill in the fields (or extra alt-fields) by stealing the information...probably using some ajax and dom parsing and other sneaky tricks. For example, you could dynamically create some legit hidden fields on demand as soon as the submit function was triggered, fill in whatever info you want into the newly-created fields, and they'd be sent along with the rest of the form.
Good luck when you find every other fucking vendor following suit.
Heh, this was *exactly* the point I was making in my other post: https://hardware.slashdot.org/...
Basically, here's what I said:
You're missing the point...if this add-wifi-to-everything bullshit isn't stopped then every manufacturer will reason that since LG does it they'll also have to add wifi in order to match LG in terms of feature set. And if every manufacturer does it then how will you buy a fridge that's not an internet fridge?
This whole "everything needs wifi" mindset is like an infection, and it needs to be stamped out like an infection. So I vote for the "put them up against a wall" approach even if it seems a little harsh.
Or alternatively you could not buy a fucking internet fridge.
You're missing the point...if this add-wifi-to-everything bullshit isn't stopped then every manufacturer will reason that since LG does it they'll also have to add wifi in order to match LG in terms of feature set. And if every manufacturer does it then how will you buy a fridge that's not an internet fridge?
This whole "everything needs wifi" mindset is like an infection, and it needs to be stamped out like an infection. So I vote for the "put them up against a wall" approach even if it seems a little harsh.
-
Which is admittedly less macho than taking out the Board of Directors with an M134 mini gun.
Macho or not, I think that would be the coolest and most effective way to do it.
Hidden fields would be unclickable, and never actually sent.
Errr....hidden fields are unclickable, but they do need to be sent.
Hidden fields are part of normal form elements and often (usually) contain information that is required when submitting the form.
The Marketing Division of LG is a bunch of mindless jerks who'll be the first against the wall when the revolution comes.
Why wait for a revolution, I say we hunt 'em down now and fix this fucking problem before it gets out of hand.
"LG Threatens To Put Wi-Fi in Every Appliance it Introduces in 2017"
And I, as a consumer, opt not to buy their wifi-enabled craptastic gadgets. Problem solved.
Or maybe Google is closing something that is used so little that most developers who have put time and effort into it have written it off as a failure long ago.
Or maybe you're missing the point, which is that Google will drop you like a used condom as soon as they decide your unpaid work on their latest shiny bag of hipster hype isn't making them enough money.
Considering how "insignificant" Hangouts has become, it appears that most developers already abandoned the service.
If you think this is just about Hangouts, you haven't been paying attention.
Once again Google fucks people over, people who've spent a lot of time and energy building shit to work with their system.
The motto of this story is, "Work with Google and you'll get abandoned whenever they feel like it."
0.1% of $5.83 Billion is actually $5.83 Million. Closer to chump change in a nearly-$6 Billion budget.
It's barely even a rounding error, but look at how many American workers will bite the dust for this shameless bullshit. It's an epic fuck-up by the university on every level.
The only thing that draws me to Windows is the software. Otherwise I don't see it having a killer feature.
On that I wholeheartedly agree...there are still quite a few serious applications that will run only under Windows.
Even using Wine or CrossOver there are some applications that won't run or are too unstable to use in a production environment. But with that said, I've found Wine and CrossOver will get you about 95% of the way there, even for finicky stuff like Photoshop.
And before too many people chime in saying, "But you could use GIMP....", let me respectfully say "no". Photoshop is THE graphics application that rules the roost. I've tried GIMP and just never got used to it. If it works for you, great, but no employer I'm aware of that uses Photoshop will hire you based on the fact that you can use GIMP.
I've always liked Nokia phones and I'm looking forward to see what they come up with over the next few months. I'd bet the new Nokias will be pretty attractive in terms of price and features/performance.
And needless to say, they'll probably be rugged as hell *AND* come with a headphone jack. I'm hoping to see a waterproof model.
On the otherhand, Look at Korora or Chapeau Linux or even a Fedora based Linux from outside of the USA. Those versions shame Ubuntu.
What would you say are the things that set Korora or Chapeau apart from Ubuntu? (I'm not familiar with either of them so I'd be interested in what the differences and/or benefits are.)
Yeah: you're trying to use Bitcoin to store value. Bitcoin is for moving your savings around, not for storing them.
I prefer a bank, so if it gets robbed then I still get my money back no matter what.
Storing value is one of the primary functions of any currency, except bitcoin apparently.
And yes, the volatility of bitcoin matters to me, since I would prefer not to see any significant amount of my savings disappear overnight due to fluctuations in the perceived value of bitcoin.
My point is that if the value of bitcoin drops from $1000 to $500, now I can only make 1/2 of the number of house payments I could before. That doesn't happen with dollars. A thousand dollars will always make my house payment irrespective of anything else.
Perhaps you should be a little less dismissive of someone who got something right that so many people predicted would turn out the other way.
Being right and being batshit crazy aren't mutually exclusive.
"Much as I think Scott Adams has turned batsh!t crazy recently,"
Or maybe he's just smarter than you.
No, he's gone batshit crazy. I love the comic strip but he's gone full-blown cranktard in the last few years.
That headline reminds me of a problem the Jedi had in the Minora system
Okay, I like Star Wars but this comment hit my Nerd-O-Meter so hard that the needle broke off, went rocketing into the sky and was last seen punching a hole in one of Saturn's rings.
"Alexa, set fire to my house!"
Ha ha, just kidd- hey, do I smell smoke?
Clearly you weren't paying attention the past two years when they got hit multiple times for being behind on security patches (both their site and distribution) and then for a while there they were distributing infected ISOs.
My point still stands.
but I seriously hope that his saved passwords are complicated
I certainly would hope so too, but knowing what I know about him I wouldn't count on it. Seriously, I'd bet his password is something like "iloveivanka" or his birth date or maybe "MAGA".
Oh dear. I hadn't thought of something as obvious as cracking his password. We can only hope that he has been strongly persuaded to use REALLY hard passwords.
Oh fer sure. Since he knows so much about "the cyber" I'm sure it's nothing guessable like "IdLoveToBangMyDaughter" or "password" or "1234".
"Bitcoin president Nicolas Cary writes that bitcoin has become more stable than many of the world's top currencies"
Bitcoin guy says "Bitcoint is awesome!". Film at 11.
Except as others have pointed out, its volatility means it is in NO WAY "stable" by any use of the word that I'm familiar with.
And here I thought Oracle was supposed to be "bulletproof". {rimshot}
No need to thank me, just throw money!
If by get stuff done you mean "get infected with malware", sure.
Please troll harder, this is weak.