What I find even worse than the 'non-randomness' of the choice screen, is that the choices are shown in a fixed order as the page is downloaded and prior to the script being run. This can take several seconds, depending on your connection speed etc. This is more than enough to read the first couple of entries and make your choice.
Internet explorer 8 is the first choice in the fixed order that you see while the page is downloading.
Saying that you "don't think so" because you actually took a real world look at the product in hand seems like a pretty reasonable response, and doesn't need a 'you must be illiterate because I read a statement put out months ago'. Perhaps that's since been revoked? Or perhaps they made a typo. Or perhaps they never got around to actually implementing it.
Turns out they do trust it, just Opera downloads certs on demand.
But I wouldn't go around saying it was "patently false" just because of some blog post and trusting that over looking at the browser itself.
Do they realise that SSL traffic causes a higher load on the server than a regular request? This would be an indication it is trying to bring the site down.
I don't see how sending packets to 'major websites' disguises the real communications in any way. Just filter those requests. The more 'major' the web site for the garbaage packets, the easier it is to distinguish them from the real packets.
And once Firefox 3.6 is out, that line for Firefox 3.5 will drop by half and IE 7 will become more popular than Firefox 3.5 overnight (according to the submitter's logic).
What good is that when the only way to buy a locked phone is with a 24 month contract? Surely they don't sell subsidised phones to people unless they enter a contract, otherwise why would they subsidise it? Perhaps they do that in America, but in Australia you must typically enter a 2 year contract.
How's this any different to the existing task bar, which shows a button/tab for each application? Move it up to the top if you want to.
If every app becomes tabbed by the OS, then they are basically re-writing the taskbar.
I think the key feature they are omitting in this article is the ability to *group* apps into different tabbed windows. So that the task bar is used to select the group of apps, then the tab to select the individual app.
You don't understand how these 'modders' work - they aren't cheating in game. They are just able to play backup discs as well as originals. Most if not all use that feature to pirate games, but this is a separate argument from in-game cheating, which they aren't doing.
Also, it's trivial to redirect the POST to login.cgi or add an entry to/etc/hosts for bank.com to a different site that just presents a 'failed to login' instead of logging in. Meanwhile your password, security code etc has been sent off to the bad guys machine which does an automated "transfer *.* funds to x" script using these credentials.
Because as the author explains in the comments, key loggers can run at the low level device driver level. At this level, it can hook key presses in a VM just as well as the host OS.
It's a pain, because nobody wants to go to the trouble of rebooting twice for the sake of paying a few bills. But it's the only way to be sure of a clean environment, unless your BIOS has been hacked. It's at least one good argument for the trusted platform, TPM, or whatever it is. In theory you could be sure that you are running only un-altered digitally signed executables and nothing else.
Well it is probably the 'login' or some other high privilege process that is doing the Guest account erasing after the Guest user logs off. The login process would have permissions to the Admin user data.
It probably wouldn't be left to a process running as Guest to erase the account.
You are confusing a virus with a worm and/or remote exploit.
A virus does still require clicking 'yes' or otherwise running code, but it just piggy-backs on "innocent" programs you pirate from your friends. It still requires running an executable from dubious sources. So it's not necessarily your OS's fault, as you still need to manually execute the non-verified code. Basically, if you choose to run it, then you deserve to get whatever it does.
If it requires no intervention, then it is a worm. Or a trojan that is using a remote exploit.
Either way, the 10% of savvy users are keeping their OS and browser up to date, using a firewall and not running random programs from the pirate bay.
You are implying that these viruses/spyware aren't being installed by people clicking 'Yes' to "Do you want to run setup.exe from codecs.xxx_teens.com" prompts.
This 'hole' will never be closed. The only option is to develop software which scans for and intercepts these installs for people that can't make an informed judgement for themselves. (i.e 90% of computer users).
Google reader has "J" and "K" keyboard navigation to go the the next/prev article.
In fact, most online RSS aggregators have keyboard navigation. This is not quite the same as what google flip is however. Being able to see images, page layout and headlines combined on a page and the next/previous pages just out of the corner of your eye is closer to reading a real magazine.
It's a bit more involved than that. That's a custom window, not the standard Win32 supplied one.
You'd have to write your own specialised window handler and your code would have to handle treating the window it as "modal over tabs but not quite modal over the entire application, but modal enough to stop executing scripts". It's not a trivial task, and certainly not as trivial as just "adding a checkbox".
Does anyone take these Japanese named ventures seriously?
I see them and automatically skip reading up on them, assuming it's something to appeal to manga/anime loving Japanese culturing loving nerds.
Don't get me wrong, I like Japan, it's people and the tech from there, but am not interested in anime/manga/hentai. Naming anything like this doesn't win you interest from people who aren't interested in this stuff, regardless of what it actually is.
Encryption isn't an option if you want the data to be searchable or remotely processed. (think searching your gmail messages).
The remote processing is a lot of the reason for using these services in the first place. Sometimes it may not even seem like remote processing (e.g rendering a graph in a spreadsheet into a jpg) but it is actually happening remotely for performance reasons.
I think you could just type your rego into the box so that you don't have to walk back to your car to place the paper ticket. This would require parking officials to have a copy of the registered vehicles (perhaps just a wireless link to the paybox) and scan rego plates rather than just looking at tickets.
Doesn't solve the problem of having to walk to the paybox in the first place however.
That doesn't stop them from blocking your login such that they are the only ones using the password/id. They log the keystrokes prior to it being sent over the wire to the bank, block the post to login.cgi, and login for themselves.
Slashdot Mirror
What I find even worse than the 'non-randomness' of the choice screen, is that the choices are shown in a fixed order as the page is downloaded and prior to the script being run. This can take several seconds, depending on your connection speed etc. This is more than enough to read the first couple of entries and make your choice.
Internet explorer 8 is the first choice in the fixed order that you see while the page is downloading.
http://www.browserchoice.eu/BrowserChoice/browserchoice_en.htm
They should have the options as 'visible=false' until they are randomly sorted, then make them visible.
Saying that you "don't think so" because you actually took a real world look at the product in hand seems like a pretty reasonable response, and doesn't need a 'you must be illiterate because I read a statement put out months ago'. Perhaps that's since been revoked? Or perhaps they made a typo. Or perhaps they never got around to actually implementing it.
Turns out they do trust it, just Opera downloads certs on demand.
But I wouldn't go around saying it was "patently false" just because of some blog post and trusting that over looking at the browser itself.
I saw the same thing in my copy of Opera 10.5.x
However, after visiting the test site : https://www.enum.cn/en/
I can now see the cert. My guess is Opera does not come preloaded with all root certs, but perhaps fetches them on demand from an online repository.
Do they realise that SSL traffic causes a higher load on the server than a regular request? This would be an indication it is trying to bring the site down.
I don't see how sending packets to 'major websites' disguises the real communications in any way. Just filter those requests. The more 'major' the web site for the garbaage packets, the easier it is to distinguish them from the real packets.
Funny
>> My question is, why would a professional want an email address containing anything other than their own business domain?
Because when you change jobs you lose that address.
And once Firefox 3.6 is out, that line for Firefox 3.5 will drop by half and IE 7 will become more popular than Firefox 3.5 overnight (according to the submitter's logic).
Communicating to some central server when you run it at least. If it stores the data and sends it on a different date you wouldn't know too easily.
Besides, it may be doing something other than sending off your data.. e.g encrypting it and ransoming you for the key to decrypt it.
What good is that when the only way to buy a locked phone is with a 24 month contract? Surely they don't sell subsidised phones to people unless they enter a contract, otherwise why would they subsidise it? Perhaps they do that in America, but in Australia you must typically enter a 2 year contract.
How's this any different to the existing task bar, which shows a button/tab for each application? Move it up to the top if you want to.
If every app becomes tabbed by the OS, then they are basically re-writing the taskbar.
I think the key feature they are omitting in this article is the ability to *group* apps into different tabbed windows. So that the task bar is used to select the group of apps, then the tab to select the individual app.
That's where it makes sense to use Unite - it has firewall and NAT traversal techniques built-in, with the help of the Opera servers.
You don't understand how these 'modders' work - they aren't cheating in game. They are just able to play backup discs as well as originals. Most if not all use that feature to pirate games, but this is a separate argument from in-game cheating, which they aren't doing.
This can be automated easily enough.
Also, it's trivial to redirect the POST to login.cgi or add an entry to /etc/hosts for bank.com to a different site that just presents a 'failed to login' instead of logging in. Meanwhile your password, security code etc has been sent off to the bad guys machine which does an automated "transfer *.* funds to x" script using these credentials.
It's been done.
And do you realise this authentication scheme has also been broken?
The crooks these days are breaking into your account in real-time by using your security token code as you login, and preventing you from logging in.
Read the article, he mentions this.
Because as the author explains in the comments, key loggers can run at the low level device driver level. At this level, it can hook key presses in a VM just as well as the host OS.
It's a pain, because nobody wants to go to the trouble of rebooting twice for the sake of paying a few bills. But it's the only way to be sure of a clean environment, unless your BIOS has been hacked. It's at least one good argument for the trusted platform, TPM, or whatever it is. In theory you could be sure that you are running only un-altered digitally signed executables and nothing else.
Well it is probably the 'login' or some other high privilege process that is doing the Guest account erasing after the Guest user logs off. The login process would have permissions to the Admin user data.
It probably wouldn't be left to a process running as Guest to erase the account.
You are confusing a virus with a worm and/or remote exploit.
A virus does still require clicking 'yes' or otherwise running code, but it just piggy-backs on "innocent" programs you pirate from your friends. It still requires running an executable from dubious sources. So it's not necessarily your OS's fault, as you still need to manually execute the non-verified code. Basically, if you choose to run it, then you deserve to get whatever it does.
If it requires no intervention, then it is a worm. Or a trojan that is using a remote exploit.
Either way, the 10% of savvy users are keeping their OS and browser up to date, using a firewall and not running random programs from the pirate bay.
You are implying that these viruses/spyware aren't being installed by people clicking 'Yes' to "Do you want to run setup.exe from codecs.xxx_teens.com" prompts.
This 'hole' will never be closed. The only option is to develop software which scans for and intercepts these installs for people that can't make an informed judgement for themselves. (i.e 90% of computer users).
Google reader has "J" and "K" keyboard navigation to go the the next/prev article.
In fact, most online RSS aggregators have keyboard navigation. This is not quite the same as what google flip is however. Being able to see images, page layout and headlines combined on a page and the next/previous pages just out of the corner of your eye is closer to reading a real magazine.
It's a bit more involved than that. That's a custom window, not the standard Win32 supplied one.
You'd have to write your own specialised window handler and your code would have to handle treating the window it as "modal over tabs but not quite modal over the entire application, but modal enough to stop executing scripts". It's not a trivial task, and certainly not as trivial as just "adding a checkbox".
Does anyone take these Japanese named ventures seriously?
I see them and automatically skip reading up on them, assuming it's something to appeal to manga/anime loving Japanese culturing loving nerds.
Don't get me wrong, I like Japan, it's people and the tech from there, but am not interested in anime/manga/hentai. Naming anything like this doesn't win you interest from people who aren't interested in this stuff, regardless of what it actually is.
meh.
Encryption isn't an option if you want the data to be searchable or remotely processed. (think searching your gmail messages).
The remote processing is a lot of the reason for using these services in the first place. Sometimes it may not even seem like remote processing (e.g rendering a graph in a spreadsheet into a jpg) but it is actually happening remotely for performance reasons.
I think you could just type your rego into the box so that you don't have to walk back to your car to place the paper ticket. This would require parking officials to have a copy of the registered vehicles (perhaps just a wireless link to the paybox) and scan rego plates rather than just looking at tickets.
Doesn't solve the problem of having to walk to the paybox in the first place however.
That doesn't stop them from blocking your login such that they are the only ones using the password/id. They log the keystrokes prior to it being sent over the wire to the bank, block the post to login.cgi, and login for themselves.
Also from that link is these stats:
http://gs.statcounter.com/#browser-RU-monthly-200901-200906
as you can see, in Soviet Russia, Opera browses you.