http://www.apache.org/info/css-security/ has a good explanation and some links.
The basic example is that you have a web page that asks for the user's name in a text entry field and then displays "Hi [name]"
I come along and instead of entering my name I end the text entry with "> and then proceed to write javascript or whatever that performs some function on the server. It gets more interesting that that though.
I believe that the 10K Gs was referring to the acceleration from rest until it hit the target....in the barrel: 130 feet to reach 5400mph (28080000 feet per hour -- 468000 feet per minute -- 7800 feet per second in a fraction of a second....10k Gs seems pretty reasonable there
you forgot to add: "and the government injects me with mind altering drugs as I sleep, and the aliens are already in control."
Look at the timing of this....Office Xp was released a few months ago with Smart Tags, then there was the media circus about how Smart Tags in IE were bad juju. Surf+ sees the idea and knows that they won't have any competition from MS for a good while and decides to make the leap and do it themselves.
The difference here is that with MS tags, users could disable them if they never wanted to see them, select which they wanted to appear, download new ones from any third party developer they chose, or even write ones themselves, just as can be done in the most recent Word and Excel.
The problem with the MS tags in IE is that they demoed them with only MS specific targets and didn't really advertise that these were just placeholders for new and better ones to be written by developers all around the web, and distributed for free or pay without owing anything back to MS. Have any of you looked at the SDK in public view on MSDN? It is damned simple to roll your own Smart Tags. If you don't want them, you turn them off and never see them again.
This new attempt apparently gives you no such power and tells the user what to do. It looks like a thrown together approach to a probably good idea, that was poorly implemented here.
As for websites losing control, I have not seen exactly how these work, so I don't know if they alter your site at all, but it looks like they just add a layer on top of your site, like MS did. At that point it is beyond your control. The client has rendered your site and is mining it for data that the user hopefully finds useful (if not they should be able to turn it off). If you write a book, and in the course of reading it someone highlights or makes notes in it, that is their choice and is fairly close to the ideal situation with these third-party highlighters. If you record a television program, do you have to dutifully sit through the ads or can you just FF right past them?
Slashdot Mirror
http://www.apache.org/info/css-security/ has a good explanation and some links.
The basic example is that you have a web page that asks for the user's name in a text entry field and then displays "Hi [name]"
I come along and instead of entering my name I end the text entry with "> and then proceed to write javascript or whatever that performs some function on the server. It gets more interesting that that though.
I believe that the 10K Gs was referring to the acceleration from rest until it hit the target....in the barrel: 130 feet to reach 5400mph (28080000 feet per hour -- 468000 feet per minute -- 7800 feet per second in a fraction of a second....10k Gs seems pretty reasonable there
So, anyone want to set up a pool betting when the first "then we strapped a SCRAMJET on the back of Bob's old VW Bus" story appears?
you forgot to add: "and the government injects me with mind altering drugs as I sleep, and the aliens are already in control."
Look at the timing of this....Office Xp was released a few months ago with Smart Tags, then there was the media circus about how Smart Tags in IE were bad juju. Surf+ sees the idea and knows that they won't have any competition from MS for a good while and decides to make the leap and do it themselves.
The difference here is that with MS tags, users could disable them if they never wanted to see them, select which they wanted to appear, download new ones from any third party developer they chose, or even write ones themselves, just as can be done in the most recent Word and Excel.
The problem with the MS tags in IE is that they demoed them with only MS specific targets and didn't really advertise that these were just placeholders for new and better ones to be written by developers all around the web, and distributed for free or pay without owing anything back to MS. Have any of you looked at the SDK in public view on MSDN? It is damned simple to roll your own Smart Tags. If you don't want them, you turn them off and never see them again.
This new attempt apparently gives you no such power and tells the user what to do. It looks like a thrown together approach to a probably good idea, that was poorly implemented here.
As for websites losing control, I have not seen exactly how these work, so I don't know if they alter your site at all, but it looks like they just add a layer on top of your site, like MS did. At that point it is beyond your control. The client has rendered your site and is mining it for data that the user hopefully finds useful (if not they should be able to turn it off). If you write a book, and in the course of reading it someone highlights or makes notes in it, that is their choice and is fairly close to the ideal situation with these third-party highlighters. If you record a television program, do you have to dutifully sit through the ads or can you just FF right past them?