He's talking about the standard HTTP Auth dialog. (Good luck refusing to enter your password in any HTTP Auth dialogs -- it's still the most ubiquitous authentication mechanism on the Web.)
There's no indication from the article that he requested a refund before filing the suit. Seems like the kind of pertinent detail they might mention in the story if it had actually happened — but who knows. Regardless, I wouldn't assume anything, either way, without additional information.
"Racist" isn't merely an epithet or a slur, no matter how badly you want to pretend it is. Nor is it, as you claim, an ad hominem when you're clearly making an argument about race. Your obvious racial prejudices have everything to do with selecting an article on increases in the birthrate among Mexican immigrants, that itself makes no mention of intellect, to support your claims of "declining intelligence". Your argument isn't specious because you're a racist, however; you're a racist because you're making a provably specious argument about race and intellect.
(And in general, people who cry, "ad hominem" every time someone applies a label they disagree with — or even calls them an offensive name — really need to learn what the fuck it means and where it applies.)
Attempting to support your claim of, "the catastrophic decline of intelligence, and the exponential rise in stupidity," by linking to an article on increasing birthrates among racial and ethnic minorities in the U.S. should meet, I think, any objective definition of the term "racist".
The definition of "scum" may be left as an excercise to the reader.
You keep talking about the server. What does the server have to do with an HTML tag, or vice versa? Web servers don't speak HTML, they speak HTTP. Again, you seem to be discussing some sort of server-side dynamic language, which HTML definitively is not.
That doesn't really correct the fundamental inaccuracy. There seems to be a widespread misunderstanding (you're far from alone in this) of what, exactly, Acid2 is, and the purpose for which it was created.
It's not a specification. It's certainly not a standard. Nor is it, strictly speaking, a test of standards. It's not even a test of practical CSS. It's a test of a browser engine's ability to correctly handle CSS edge cases, which while certainly useful in evaluating compliance to W3 standards, doesn't even begin to reflect the full picture.
Sorry, but admitting that you're not going to focus on passing Acid2 doesn't in itself constitute an unwillingness to address standards compliance, and is in fact nearly irrelevant to the question of creating a browser which correctly renders real-world CSS to spec. The fact that the Trident team now appear to have passed Acid2 with IE8 is certainly not unwelcome news, but it honestly doesn't impress me one way or the other until I see how the new engine performs on actual web sites.
It is at this moment that the attacker has his one and only chance to guess the random secret.
I think you're missing the point again: the attacker doesn't need to guess anything; if the "hard to guess string" is contained in a static HTML tag, as the GP specifies, the attacker need only view the source of the page. The only way to potentially avoid this issue is to generate the string dynamically each time the page is loaded. Even this could theoretically be circumvented by client-side scripting, unless DOM access to the tag is crippled in some way by the browser. Regardless, load-time generation of the random string would require a dynamic language, which HTML is not, and probably should not become.
The GP's suggestion could undoubtedly be implemented with some success by means of server-side parsing via Perl/PHP/ASP/et al — I'm fairly certain I've seen similar schemes in practice — but as described, at least, it just doesn't make any sense as an addition to the HTML specification.
Re:Bet there still isn't a decent "Stop!" button
on
HTML V5 and XHTML V2
·
· Score: 1
Oh yes it is. It's rendering that's hard.
That's an idiotic statement. Rendering is easy — there are easily dozens, if not hundreds or thousands, of graphic and typographic rendering libraries available to simplify the task of putting text and images on the screen, and they're largely interchangeable in their effect. The hard part is figuring out what should be rendered — which is only possible by parsing and interpreting the HTML. How this is done is the only significant area in which browser rendering engines (admittedly something of a misnomer) actually differ.
I'm sorry to state this so bluntly, but your comment only demonstrates that you have no idea what you're talking about. Your suggestion would require a dynamic language — something which HTML is not, and is not likely to become.
Doesn't really matter how "hard to guess" your string is if you're going to transmit it cleartext in the body of your HTML document, does it?
"But wait!" you say, "We can randomize the string every time the document is served, thus defeating anything but an embedded Javascript with access to the DOM." Perhaps so, but now you're talking about server-side behavior — something clearly beyond the purview of the HTML specification.
If you think about it clearly, there's only one place that it makes any sense to address hostile embedded content, and it is server-side, with the growing battery of techniques already in service. Insisting that the HTML spec and browsers should be addressing this issue is assinine.
...and once MS released DX for 2000, it ran games just fine as well.
Which only happened subsequent to, and directly attributable to, the release of XP. DirectX for Win2K was a backport of the work they did to get DX running under an NT kernel for XP.
For all their flaws, MS have historically been pretty good about backporting, where possible, functionality from their "cutting edge" OSes to actively-supported older OSes. (It appears that XP SP3 will include a fair amount of functionality backported from Vista, to continue this trend.)
I don't even know the device in question, and I can easily imagine the answer to that: the button enables a gestural interface, and the "shake to skip a track" motion is only one gesture of many.
Which is actually a pretty smart idea, considering that the functions this sort of interface would be useful to control are typically bound to softkeys and menus which require you to look at the damned thing to interact. (And and it should go without saying that there's no way they could ever provide dedicated, physically distinguishable buttons for every function of your phone.)
That noise, like the sound of a Blue Angel fly-over? That's the sound of an entire squadron of jokes whistling over of the heads of the moderators. "(Score:3, Interesting)," my left ass cheek.
Slashdot Mirror
He's talking about the standard HTTP Auth dialog. (Good luck refusing to enter your password in any HTTP Auth dialogs -- it's still the most ubiquitous authentication mechanism on the Web.)
Oh man. This so deserves Funny/Insightful mods.
There's no indication from the article that he requested a refund before filing the suit. Seems like the kind of pertinent detail they might mention in the story if it had actually happened — but who knows. Regardless, I wouldn't assume anything, either way, without additional information.
"Racist" isn't merely an epithet or a slur, no matter how badly you want to pretend it is. Nor is it, as you claim, an ad hominem when you're clearly making an argument about race. Your obvious racial prejudices have everything to do with selecting an article on increases in the birthrate among Mexican immigrants, that itself makes no mention of intellect, to support your claims of "declining intelligence". Your argument isn't specious because you're a racist, however; you're a racist because you're making a provably specious argument about race and intellect.
(And in general, people who cry, "ad hominem" every time someone applies a label they disagree with — or even calls them an offensive name — really need to learn what the fuck it means and where it applies.)
Attempting to support your claim of, "the catastrophic decline of intelligence, and the exponential rise in stupidity," by linking to an article on increasing birthrates among racial and ethnic minorities in the U.S. should meet, I think, any objective definition of the term "racist".
The definition of "scum" may be left as an excercise to the reader.
No, you should be ashamed for being a self-righteous prick, overfond of broad generalizations about people he doesn't know.
You keep talking about the server. What does the server have to do with an HTML tag, or vice versa? Web servers don't speak HTML, they speak HTTP. Again, you seem to be discussing some sort of server-side dynamic language, which HTML definitively is not.
That doesn't really correct the fundamental inaccuracy. There seems to be a widespread misunderstanding (you're far from alone in this) of what, exactly, Acid2 is, and the purpose for which it was created.
It's not a specification. It's certainly not a standard. Nor is it, strictly speaking, a test of standards. It's not even a test of practical CSS. It's a test of a browser engine's ability to correctly handle CSS edge cases, which while certainly useful in evaluating compliance to W3 standards, doesn't even begin to reflect the full picture.
Sorry, but admitting that you're not going to focus on passing Acid2 doesn't in itself constitute an unwillingness to address standards compliance, and is in fact nearly irrelevant to the question of creating a browser which correctly renders real-world CSS to spec. The fact that the Trident team now appear to have passed Acid2 with IE8 is certainly not unwelcome news, but it honestly doesn't impress me one way or the other until I see how the new engine performs on actual web sites.
The GP's suggestion could undoubtedly be implemented with some success by means of server-side parsing via Perl/PHP/ASP/et al — I'm fairly certain I've seen similar schemes in practice — but as described, at least, it just doesn't make any sense as an addition to the HTML specification.
That's an idiotic statement. Rendering is easy — there are easily dozens, if not hundreds or thousands, of graphic and typographic rendering libraries available to simplify the task of putting text and images on the screen, and they're largely interchangeable in their effect. The hard part is figuring out what should be rendered — which is only possible by parsing and interpreting the HTML. How this is done is the only significant area in which browser rendering engines (admittedly something of a misnomer) actually differ.
I'm sorry to state this so bluntly, but your comment only demonstrates that you have no idea what you're talking about. Your suggestion would require a dynamic language — something which HTML is not, and is not likely to become.
Standards vs. Quirks Mode depends on doctype settings in the HTML — not a browser setting. The same is true of Firefox and other browsers.
When did Acid2 become a standard?
<restricton lock="Random_hard_to_guess_string" except="java,safe-html" />
Doesn't really matter how "hard to guess" your string is if you're going to transmit it cleartext in the body of your HTML document, does it?
"But wait!" you say, "We can randomize the string every time the document is served, thus defeating anything but an embedded Javascript with access to the DOM." Perhaps so, but now you're talking about server-side behavior — something clearly beyond the purview of the HTML specification.
If you think about it clearly, there's only one place that it makes any sense to address hostile embedded content, and it is server-side, with the growing battery of techniques already in service. Insisting that the HTML spec and browsers should be addressing this issue is assinine.
...and once MS released DX for 2000, it ran games just fine as well.
Which only happened subsequent to, and directly attributable to, the release of XP. DirectX for Win2K was a backport of the work they did to get DX running under an NT kernel for XP.
For all their flaws, MS have historically been pretty good about backporting, where possible, functionality from their "cutting edge" OSes to actively-supported older OSes. (It appears that XP SP3 will include a fair amount of functionality backported from Vista, to continue this trend.)
copy-write != copyright :)
In 1980, when they made a sequel.
Robot roofies? If that's what the future holds, maybe I'll just stay right here.
I don't even know the device in question, and I can easily imagine the answer to that: the button enables a gestural interface, and the "shake to skip a track" motion is only one gesture of many.
Which is actually a pretty smart idea, considering that the functions this sort of interface would be useful to control are typically bound to softkeys and menus which require you to look at the damned thing to interact. (And and it should go without saying that there's no way they could ever provide dedicated, physically distinguishable buttons for every function of your phone.)
That noise, like the sound of a Blue Angel fly-over? That's the sound of an entire squadron of jokes whistling over of the heads of the moderators. "(Score:3, Interesting)," my left ass cheek.
Subject's first words? "Dear Aunt, let's set so double the killer delete select all."
Who knew Japanese engineers were reading Halfbakery, let alone getting ideas from it?
http://www.halfbakery.com/idea/Road_20tunes
Or this one? (Pat Robertson)
Really? What body accredited these price drops, and for what where they accredited?
Optimistic, much? Even robots have standards.