Cross-site scripting is when you create a form on your web page which targets a page on another site. An example of cross-site scripting used appropriately is when you insert a Google search box on your page. The search form sends the query to Google, not your site, so it's cross-site.
The problem comes when people create deceptive forms that get the user to do bad things, or create forms that blatently allow the user to do something they shouldn't.
Someone can easily post links and more information and make some karma off of this post...
how can you justify calling the key a trade secret?
I think one of the DVD player manufacturers tried to use this argument on a programmer once... that the five bytes themselves constitute a trade secret and that their product had been reverse-engineered illegally or something...
I use Firebird--it is the BEST BROWSER EVER! The UI is smooth and simple (I use a skin called Breeze), it responds almost instantly (cough*the suite doesn't*cough), and it works... the tab-browsing is much better in that it opens tabs in the background by default. I use this to read through slashdot, open all the stories I want to read (without having to switch back to the homepage again) and then I can read all the stories without waiting for them to load or going back to the homepage again.
My major problem with the suite is that it takes much, much longer to load and is missing a lot of the smoothness and snappiness of the individual components by themselves. XUL and all that related GUI stuff, I think, is an extra layer of complication that makes the app too slow.
Another gigantic complaint is the Address Book. I don't know if anyone is actually paying attention to it, but it still sucks, even if it is "bug-free" for the moment. It's really unintuitive to make groups, and most of the time, creating a group creates extra, non-removable address entries. They should start over and have three ways to add and remove addresses from groups: drag and drop, a list of "who's in this group" and a list of "what groups is this person in'. It also needs to give the address book the same automatic recognition of names that the email client has, to make creating groups easier.
They're realizing it's really easy to fake someone's identity, so they need to use progressively more private and dangerous information. To even get tech support or discuss services like wireless internet on my Cingular account, they need the last 4 digits of my Mom's SSN!
Of course, Cingular just seems to suck in many ways...
Worse, they require a large, floating-point (yes, there is an integer version, too, but it's still big) decoder that needs memory space to store decompressed music. From the sound of iRiver's website, it's pretty hard to implement OGG in a player that wasn't really designed to have large new codecs installed.
Yep, I know I'm *way* off-topic. I'll slink away like the A.C. I am.
From the looks of your score, most Slashdotters don't care.
Anyway, that's an awesome idea. I also think we should be able to give whole or half points, since -1 through 5 isn't always enough to show a comment's real value. -1 is Shitty, 0 is Whatever, 1 is Okay, 2-3 is Good, 4-5 is Great. It's not enough to capture the subleties of how Informative a post is, or just how stupid a Troll is being.
Personally, I always set Flat Mode/Newest First when I'm moderating. I don't moderate stories I'm interested in, since I'm likely to post and destroy the moderations, so I'm not interested in reading the comments in an intelligible, threaded form. I just want to moderate fairly, and the people with newer posts haven't had as much time to be moderated.
What Slashcode needs is Middlest First and Farthest First options to list the comments in ascending or descending order of number of moderations.
That's pretty clever--although fixing that side effect leaves another side effect: people will be reluctant to be the first person to mod up a post, since it uses a whole 1 point instead of 1/2 or 1/4.
Slashdot is what you make of it. If you don't like it, you don't have to read it. Nobody has yet written a worm that changes your homepage to Slashdot and forces you to read it!
I'll bet it would be possible to use a spam-filter-esque system to compare the text of the articles and the links they point to. By weighting heavily the text of the links and the headings in the linked documents, they could give stories a dup-score and the editors would be shown a list sorted from highest-to-lowest.
Wait... it would have to have a limit on the number of stories it goes back, or else it will compare this one story to every other story in the database! Any ideas?
Yeah, I'm an idiot. It was almost impossible to get it in the right way either, so it was hard to tell... We couldn't see which way it was supposed to go... Yeah, it was dumb.
Come on, use a regular expression to fix crap like that.
Well I have--the support people are usually friendly, but there's the occasional snippy bastard who's pissed I know what he's talking about and that I don't need walkthroughs about voicemail and text messaging but actual help. Their main problem is they're patched together organizationally and can't get things done easily. Also, their tech support and "cellular data group" (i.e. people who control your account access and stuff) are both in-house--you can't call tech support! That *really* sucks.
I'm split on this one... I have a TI-89, and there are literally dozens of times I dropped it onto hardwood floor, cement, etcetera and was sure the screen was broken. It's never broken--the case is beat up a bit, but it's still working. (The one part that breaks on all my calculators is the link port--it tends to snap off the circuit board. Cybiko also had the same problem with the power plug on their first model. Solder alone is just not strong enough to attach a jack that will receive the full force of a plug coming in.)
But once, I accidentally dropped my brother's TI-83+ off the bed, and the screen had a huge, "fatal" crack across it. I would have maybe expected a dead row, column, or something, but it's a huge diagonal line with blue crap next to it.
I did that at computer camp once... it was build and repair a PC class, and the instructor had already had us plug everything in. My group had had a hell of a time with the floppy cable since it was in an awkward location and hard to get to, right-side-up or upside-down! So, we jammed it in--backwards (we didn't know yet). He told us to wait for him to check everything out, but I was impatient. I plugged it in, turned it on. It started booting, and suddenly it smelled smoky. I immediately knew what had happened and gave the power cord a quick tug out of the back. The smoke only started pouring out of the case after I unplugged it (I was really quick).
The guy was actually a bit of a jerk--he was like, "you know, I have half a mind to bill you for that!". First, it was a mistake--accidents happen. Second, the stuff was ancient--Pentium 100's, 1GB hard drives, Windows 95, 16 MB RAM or something... Third, the damn drives cost almost nothing. Well, he never did, but he was a bit of a jackass.
Anyway, it adds another trick to the repertoire of pranks (replace heatsink with anchovie, switch PSU to 220V, surgically rotate R, G, and B connectors, install OS/2, Windows 3.1, BeOS, or another OS the user can't figure out) to my bag of tricks. I've never done it to anyone, but it would be pretty fun.
Wait. Why the hell don't floppy drive manufacturers install a coupla diodes so power isn't supplied or shorted if the connection is bad?
Most sales people are nice--it's hard for them to get a job if they're mean, ugly, or pushy.
and excellent coverage
That's true--Verizon has (IIRC) the best network in the US.
But most people have a good experience up to here--it's when something goes wrong or against the best interest of the company that you get to see their true colors.
Cingular's really picky about "stuff" with other carriers. I've been trying to get my Sony Ericsson T226 unlocked so I can stop it from bouncing between two networks every 15 seconds, and they insist on a signed letter from the other company.
I have a feeling that Cingular is one of the companies that concentrates on getting new customers with free (or cheap) phones, pretty good service plans, and annoying TV ads. Then they give you not mediocre, but okay/so-so service, and try to make it hard for you to switch providers or do anything.
Same here--I use Firebird, which opens tabs in the background by default. It's awesome--I can cruise Slashdot and open all the articles I wanna read, then open links, etc.
And Firebird (maybe Mozilla too, I'm too lazy to check) has a feature where you can save/load multiple tabs as a single bookmark.
...HTML is debatable as WYSIWYG editors are quite adequate for everything she might need to create.
No. It's not.
There have been times I have written school reports, essays, etc. because I need to use images and Word does a horrible job of handling images on a slow system. All my pages are plain XHTML with lots of CSS added on. And god help you if you have Internet Explorer--don't even think about telling me what I did wrong...
Meh.
Not knowing HTML makes it really hard to make a good site. Teaching CSS along with XHTML (the right way--only for organization, then CSS for formatting) is much better--once I learned how to do it that way, my pages looked much better in crappy browsers, even on my cell phone! And when you compare updating a single CSS file to going through every file in a decent-sized site and replacing FONT tags, it's much, much better.
For example look at the structure of common phone numbers.
They are not listed commonly as ###########, but as #-###-###-####. Same with credit card numbers, IP addresses, and more.
Well it depends on your point of view. Credit card numbers were designed simply for chunking. Phone numbers were designed so each "chunk" is a different "index," i.e. the last four digits are a phone number within your neighborhood, the middle three are a neighborhood, and the area code is a larger area. Changes in the phone system have gradually forced us to remember all the chunks, but the chunking itself was done from a technological standpoint.
Same with IP addresses: the dots aren't arbitrary separators, since 1.234.56.78 != 12.34.56.78 != 123.45.67.8 != 123.45.6.78 != 123.4.56.78, etc... They indicate the byte parts of the address, and are used as successively more "specific" indicators of the computer they represent.
Slashdot Mirror
Cross-site scripting is when you create a form on your web page which targets a page on another site. An example of cross-site scripting used appropriately is when you insert a Google search box on your page. The search form sends the query to Google, not your site, so it's cross-site.
The problem comes when people create deceptive forms that get the user to do bad things, or create forms that blatently allow the user to do something they shouldn't.
Someone can easily post links and more information and make some karma off of this post...
It's only one letter different from INANE!
I think one of the DVD player manufacturers tried to use this argument on a programmer once... that the five bytes themselves constitute a trade secret and that their product had been reverse-engineered illegally or something...
It's not CSS that's the problem--the five-digit player key is a trade secret.
Anyway, let's celebrate!
I use Firebird--it is the BEST BROWSER EVER! The UI is smooth and simple (I use a skin called Breeze), it responds almost instantly (cough*the suite doesn't*cough), and it works... the tab-browsing is much better in that it opens tabs in the background by default. I use this to read through slashdot, open all the stories I want to read (without having to switch back to the homepage again) and then I can read all the stories without waiting for them to load or going back to the homepage again.
My major problem with the suite is that it takes much, much longer to load and is missing a lot of the smoothness and snappiness of the individual components by themselves. XUL and all that related GUI stuff, I think, is an extra layer of complication that makes the app too slow.
Another gigantic complaint is the Address Book. I don't know if anyone is actually paying attention to it, but it still sucks, even if it is "bug-free" for the moment. It's really unintuitive to make groups, and most of the time, creating a group creates extra, non-removable address entries. They should start over and have three ways to add and remove addresses from groups: drag and drop, a list of "who's in this group" and a list of "what groups is this person in'. It also needs to give the address book the same automatic recognition of names that the email client has, to make creating groups easier.
I thought the pilot purposefully crashed it into the ground to prevent it hitting something?
They're realizing it's really easy to fake someone's identity, so they need to use progressively more private and dangerous information. To even get tech support or discuss services like wireless internet on my Cingular account, they need the last 4 digits of my Mom's SSN!
Of course, Cingular just seems to suck in many ways...
Me too!
Great, now you can moderate me -1 Redundant.
No really, I did get mod points!
Worse, they require a large, floating-point (yes, there is an integer version, too, but it's still big) decoder that needs memory space to store decompressed music. From the sound of iRiver's website, it's pretty hard to implement OGG in a player that wasn't really designed to have large new codecs installed.
From the looks of your score, most Slashdotters don't care.
Anyway, that's an awesome idea. I also think we should be able to give whole or half points, since -1 through 5 isn't always enough to show a comment's real value. -1 is Shitty, 0 is Whatever, 1 is Okay, 2-3 is Good, 4-5 is Great. It's not enough to capture the subleties of how Informative a post is, or just how stupid a Troll is being.
Personally, I always set Flat Mode/Newest First when I'm moderating. I don't moderate stories I'm interested in, since I'm likely to post and destroy the moderations, so I'm not interested in reading the comments in an intelligible, threaded form. I just want to moderate fairly, and the people with newer posts haven't had as much time to be moderated.
What Slashcode needs is Middlest First and Farthest First options to list the comments in ascending or descending order of number of moderations.
That's pretty clever--although fixing that side effect leaves another side effect: people will be reluctant to be the first person to mod up a post, since it uses a whole 1 point instead of 1/2 or 1/4.
Slashdot is what you make of it. If you don't like it, you don't have to read it. Nobody has yet written a worm that changes your homepage to Slashdot and forces you to read it!
If you don't like apple, say it--nicely.
I'll bet it would be possible to use a spam-filter-esque system to compare the text of the articles and the links they point to. By weighting heavily the text of the links and the headings in the linked documents, they could give stories a dup-score and the editors would be shown a list sorted from highest-to-lowest.
Wait... it would have to have a limit on the number of stories it goes back, or else it will compare this one story to every other story in the database! Any ideas?
Yeah, I'm an idiot. It was almost impossible to get it in the right way either, so it was hard to tell... We couldn't see which way it was supposed to go... Yeah, it was dumb.
Come on, use a regular expression to fix crap like that.
Well I have--the support people are usually friendly, but there's the occasional snippy bastard who's pissed I know what he's talking about and that I don't need walkthroughs about voicemail and text messaging but actual help. Their main problem is they're patched together organizationally and can't get things done easily. Also, their tech support and "cellular data group" (i.e. people who control your account access and stuff) are both in-house--you can't call tech support! That *really* sucks.
I'm split on this one... I have a TI-89, and there are literally dozens of times I dropped it onto hardwood floor, cement, etcetera and was sure the screen was broken. It's never broken--the case is beat up a bit, but it's still working. (The one part that breaks on all my calculators is the link port--it tends to snap off the circuit board. Cybiko also had the same problem with the power plug on their first model. Solder alone is just not strong enough to attach a jack that will receive the full force of a plug coming in.)
But once, I accidentally dropped my brother's TI-83+ off the bed, and the screen had a huge, "fatal" crack across it. I would have maybe expected a dead row, column, or something, but it's a huge diagonal line with blue crap next to it.
I did that at computer camp once... it was build and repair a PC class, and the instructor had already had us plug everything in. My group had had a hell of a time with the floppy cable since it was in an awkward location and hard to get to, right-side-up or upside-down! So, we jammed it in--backwards (we didn't know yet). He told us to wait for him to check everything out, but I was impatient. I plugged it in, turned it on. It started booting, and suddenly it smelled smoky. I immediately knew what had happened and gave the power cord a quick tug out of the back. The smoke only started pouring out of the case after I unplugged it (I was really quick).
The guy was actually a bit of a jerk--he was like, "you know, I have half a mind to bill you for that!". First, it was a mistake--accidents happen. Second, the stuff was ancient--Pentium 100's, 1GB hard drives, Windows 95, 16 MB RAM or something... Third, the damn drives cost almost nothing. Well, he never did, but he was a bit of a jackass.
Anyway, it adds another trick to the repertoire of pranks (replace heatsink with anchovie, switch PSU to 220V, surgically rotate R, G, and B connectors, install OS/2, Windows 3.1, BeOS, or another OS the user can't figure out) to my bag of tricks. I've never done it to anyone, but it would be pretty fun.
Wait. Why the hell don't floppy drive manufacturers install a coupla diodes so power isn't supplied or shorted if the connection is bad?
Most sales people are nice--it's hard for them to get a job if they're mean, ugly, or pushy.
That's true--Verizon has (IIRC) the best network in the US.
But most people have a good experience up to here--it's when something goes wrong or against the best interest of the company that you get to see their true colors.
Cingular's really picky about "stuff" with other carriers. I've been trying to get my Sony Ericsson T226 unlocked so I can stop it from bouncing between two networks every 15 seconds, and they insist on a signed letter from the other company.
I have a feeling that Cingular is one of the companies that concentrates on getting new customers with free (or cheap) phones, pretty good service plans, and annoying TV ads. Then they give you not mediocre, but okay/so-so service, and try to make it hard for you to switch providers or do anything.
DSM, Digital Security Management... wait, it's already Digital, it's a computer...
I don't know either.
But it has to refer to the fact that the restrictions are for the good of the system's security, not the good of the user's rights...
CSBSSM = Cryptographic Signature-Based System Security Management?
MP3 files are played by executing Windows Media Player, which is obviously signed, since it comes from Microsoft!
Same here--I use Firebird, which opens tabs in the background by default. It's awesome--I can cruise Slashdot and open all the articles I wanna read, then open links, etc.
And Firebird (maybe Mozilla too, I'm too lazy to check) has a feature where you can save/load multiple tabs as a single bookmark.
No. It's not.
There have been times I have written school reports, essays, etc. because I need to use images and Word does a horrible job of handling images on a slow system. All my pages are plain XHTML with lots of CSS added on. And god help you if you have Internet Explorer--don't even think about telling me what I did wrong...
Meh.
Not knowing HTML makes it really hard to make a good site. Teaching CSS along with XHTML (the right way--only for organization, then CSS for formatting) is much better--once I learned how to do it that way, my pages looked much better in crappy browsers, even on my cell phone! And when you compare updating a single CSS file to going through every file in a decent-sized site and replacing FONT tags, it's much, much better.
Well it depends on your point of view. Credit card numbers were designed simply for chunking. Phone numbers were designed so each "chunk" is a different "index," i.e. the last four digits are a phone number within your neighborhood, the middle three are a neighborhood, and the area code is a larger area. Changes in the phone system have gradually forced us to remember all the chunks, but the chunking itself was done from a technological standpoint.
Same with IP addresses: the dots aren't arbitrary separators, since 1.234.56.78 != 12.34.56.78 != 123.45.67.8 != 123.45.6.78 != 123.4.56.78, etc... They indicate the byte parts of the address, and are used as successively more "specific" indicators of the computer they represent.