It's not only California, almost every other state that imposes Sales tax also applies Use tax.
Sales Tax - Tax that is collected by the seller on behalf of the taxing authority(state/county/city) on the goods that are purchased within the jurisdiction of the taxing authority.
Use Tax - Tax which needs to be paid by the buyer to the taxing authority for the goods that are purchased from the seller who is based outside the jurisdiction of the taxing authority.
It is easy to enforce Sales tax because you can identify sellers within the jurisdiction based on licenses. It is difficult to enforce/audit Use Tax because it is voluntary. Most of the time the sellers are based in jurisdictions outside the taxing authority and so sellers cant be controlled by state goverment.
The Tamarin Project mentions Firefox 2, and as far as I can tell from reading the Firefox 2 features, it never made a new impact in the 2 release. Will this impact Firefox 3? When will it be implemented, and what exactly does it mean?
It is Mozilla 2 not Firefox 2. All the Mozilla products like Firefox, Thunderbird uses Gecko engine underneath. Firefox 2 is based on Gecko engine 1.8.1 and Firefox 3 will be based on Gecko engine 1.9. Mozilla 2 is the major change to the underlying Gecko engine which will be used by Firefox future versions after Firefox 3.
Even I am also new to Cross site scripting and I am learning about it. Today I discovered that I was wrong when I said third party websites cant make POST request to websites in different domain. Actually they can make POST requests through iframes but they cant read the data sent by the server due to same origin policy[1].
When a request is sent to the server either one of the following things may happen, 1. Data remains the same in the server after the server completes the request. Ex. Get the list of all contacts. In this case data is not changed in the server side. This is just a Data request. 2. Data gets changed due to the incoming request. Ex. Transfer $100 from Account A to B. In this case data gets changed in the server side.
My solution works only for request which are of type 1 and it will fail for requests of type 2. Gmail vulnerability discovered now belongs to type 1 request where data is not changed. Even if the third party web sites makes a POST request to Google site, they will not be able to read the data. So my solution works for Gmail vulnerability but it may not work for other type of requests where data is changed in the server side due to the client request.
[1] I simulated this case in my pc, I was able to make POST requests using to a different website iframes. But I was not able to read the data that was sent from the server to the iframe. If you want peek at these files, just drop me an email.
I have posted this solution earlier in this thread. Since you are asking I am posting it again. Easiest way is to filter by HTTP Request method. 1. Check for the HTTP Request method. If it is POST, send the data. For other request methods like HEAD, GET send HTTP Status code 403(Forbidden). 2. For Google applications, they should use XMLHttpRequest and POST method to retrieve the data. This will be allowed due to same domain policy. 3. Unless otherwise specified, browsers does a GET request for a required resource. So javascript url in scripts tag of third party web sites will be processed as GET by browser and will get a 403 response code. So third party websites must use POST to get google data which is impossible due to same domain restrictions.
Even with JSON it is possible to prevent these type of leaks. For the requests that contains sensitive data, send data only if the HTTP request method is POST. If it is GET, then simply give a 403. Third party websites can get javascript file/data from Google only through GET(using script tags, not with XMLHttpRequest). They can't make POST request because they will be prevented by same domain policy. Google applications can retrieve the data through POST method using XMLHttpRequest because they will be in the same domain.
MS Patent covers a central system that will be responsible for aggregating various feed formats (RSS, Atom, RDF) and provide a common interface to other programs for using the feed information. Availability of several feed formats and the errors in them makes a nightmare for the applications that need to use feeds. So a common system will be helpful. Several parsers available today to parse RSS and Atom feeds. The most popular one is Universal Feed Parser parses all known web feeds and presents, feed data in usable form that can be used by the application developers. UFP is part of popular open source feed based applications like Planet Feed reader and Democracy Player. So Microsoft's patented process is nothing new. Most of it can be claimed as prior art.
Absolutely true. Indian govt banned only 17 websites. But the ISPs blocked the websites that are not in the list. Indian newspaper Hindu has posted the copy of govt order that is sent to ISP for blocking the websites.
Q. Does Camino support Firefox extensions?
A. No, and it never will. Firefox extensions rely on XUL (a user interface toolkit made by the Mozilla Foundation) to interact with the user and draw their interface. Camino uses Cocoa (an interface toolkit made by Apple) and does not support XUL.
Also from the interview with Camino Project lead Mike Pinkerton
We recognize this is a problem for our users, but extensions only exist because of the cross-platform UI layer upon which Firefox is built. It's that same cross-platform UI layer that makes Firefox feel "wrong" on Mac OS X. Camino's use of Cocoa for the user interface makes it fit in with the rest of the platform, but prohibits us from using extensions. We feel this is a trade-off worth making. That said, we are investigating ways to allow non-user-interface extensions to register and work correctly.
Sad state of slashdot.The editors are not bothered to look into the link they post.
Why osdn is still keeping editors like Zonk who regularly post dupes and posts like this ? Dont they have any performance reviews for the editors ?
Westchester County executive Andrew Spano is seeking for reelection next week. Andrew Spano is unpopular among Westchester County residents due to the bad handling of bus strike during this year. I dont think this legistation will be made into law.
Actually you dont have to manually remove the cookies. If you setup the option of Keep Cookies until I Close Firefox then Firefox automatically clears the cookies when you close the browser. I have this option setup.
In Firefox 1.1 has an option called Sanitize. Sanitize is invoked it clears the cookies, cache, history, saved form/password info. ya you can customize the items you want sanitize. you can also set the firefox to execute Sanitize option whenever you exit firefox.
>>How many malwarez does it take for the proles to get fed up? joe user will live with it by buying anti spyware from M$. firefox only has 10% in browser market share in spite of IE being hounded by loads of spywares. finally some education is needed for joe user to understand the problems of insecure software developed by world's largest software company and move to a better one.
Slashdot Mirror
It's not only California, almost every other state that imposes Sales tax also applies Use tax.
Sales Tax - Tax that is collected by the seller on behalf of the taxing authority(state/county/city) on the goods that are purchased within the jurisdiction of the taxing authority.
Use Tax - Tax which needs to be paid by the buyer to the taxing authority for the goods that are purchased from the seller who is based outside the jurisdiction of the taxing authority.
It is easy to enforce Sales tax because you can identify sellers within the jurisdiction based on licenses. It is difficult to enforce/audit Use Tax because it is voluntary. Most of the time the sellers are based in jurisdictions outside the taxing authority and so sellers cant be controlled by state goverment.
New York Cigarette Tax is one example of Use tax that was enforced aggresively.
Wikipedia entry for use tax
Have a look at Wikimedia servers page. It's more advanced and complicated than what you think.
More about Mozilla 2
http://weblogs.mozillazine.org/roadmap/archives/2
http://weblogs.mozillazine.org/roadmap/archives/2
According to Hitwise, Google Blog Search traffic over took Technorati's traffic in December.
SQLite is not a new feature in Firefox 3. It is already available in Firefox 2.0.
Even I am also new to Cross site scripting and I am learning about it. Today I discovered that I was wrong when I said third party websites cant make POST request to websites in different domain. Actually they can make POST requests through iframes but they cant read the data sent by the server due to same origin policy[1].
When a request is sent to the server either one of the following things may happen,
1. Data remains the same in the server after the server completes the request.
Ex. Get the list of all contacts. In this case data is not changed in the server side. This is just a Data request.
2. Data gets changed due to the incoming request.
Ex. Transfer $100 from Account A to B. In this case data gets changed in the server side.
My solution works only for request which are of type 1 and it will fail for requests of type 2. Gmail vulnerability discovered now belongs to type 1 request where data is not changed. Even if the third party web sites makes a POST request to Google site, they will not be able to read the data. So my solution works for Gmail vulnerability but it may not work for other type of requests where data is changed in the server side due to the client request.
[1] I simulated this case in my pc, I was able to make POST requests using to a different website iframes. But I was not able to read the data that was sent from the server to the iframe. If you want peek at these files, just drop me an email.
Thanks for your comment. I forgot about 405. 405 will be the appropriate status code in this case.
I have posted this solution earlier in this thread. Since you are asking I am posting it again. Easiest way is to filter by HTTP Request method.
1. Check for the HTTP Request method. If it is POST, send the data. For other request methods like HEAD, GET send HTTP Status code 403(Forbidden).
2. For Google applications, they should use XMLHttpRequest and POST method to retrieve the data. This will be allowed due to same domain policy.
3. Unless otherwise specified, browsers does a GET request for a required resource. So javascript url in scripts tag of third party web sites will be processed as GET by browser and will get a 403 response code. So third party websites must use POST to get google data which is impossible due to same domain restrictions.
Even with JSON it is possible to prevent these type of leaks. For the requests that contains sensitive data, send data only if the HTTP request method is POST. If it is GET, then simply give a 403. Third party websites can get javascript file/data from Google only through GET(using script tags, not with XMLHttpRequest). They can't make POST request because they will be prevented by same domain policy. Google applications can retrieve the data through POST method using XMLHttpRequest because they will be in the same domain.
MS Patent covers a central system that will be responsible for aggregating various feed formats (RSS, Atom, RDF) and provide a common interface to other programs for using the feed information. Availability of several feed formats and the errors in them makes a nightmare for the applications that need to use feeds. So a common system will be helpful. Several parsers available today to parse RSS and Atom feeds. The most popular one is Universal Feed Parser parses all known web feeds and presents, feed data in usable form that can be used by the application developers. UFP is part of popular open source feed based applications like Planet Feed reader and Democracy Player. So Microsoft's patented process is nothing new. Most of it can be claimed as prior art.
Also Read
Niall Kennedy's wonderful analysis of the MS feed patent.
Blog post by Microsoft Program Manager Lead for RSS Sean Lyndersay defending this patent.
GWT source code is available under Apache 2.0 license.
Absolutely true. Indian govt banned only 17 websites. But the ISPs blocked the websites that are not in the list. Indian newspaper Hindu has posted the copy of govt order that is sent to ISP for blocking the websites.
Camino doesnt support extensions.
From Camino FAQ
Q. Does Camino support Firefox extensions?
A. No, and it never will. Firefox extensions rely on XUL (a user interface toolkit made by the Mozilla Foundation) to interact with the user and draw their interface. Camino uses Cocoa (an interface toolkit made by Apple) and does not support XUL.
Also from the interview with Camino Project lead Mike Pinkerton
We recognize this is a problem for our users, but extensions only exist because of the cross-platform UI layer upon which Firefox is built. It's that same cross-platform UI layer that makes Firefox feel "wrong" on Mac OS X. Camino's use of Cocoa for the user interface makes it fit in with the rest of the platform, but prohibits us from using extensions. We feel this is a trade-off worth making. That said, we are investigating ways to allow non-user-interface extensions to register and work correctly.
Opera 9 Beta supports greasemonkey scripts. Greasemonkey scripts should work in opera as is or with some minor modifications.
Sad state of slashdot.The editors are not bothered to look into the link they post. Why osdn is still keeping editors like Zonk who regularly post dupes and posts like this ? Dont they have any performance reviews for the editors ?
What happened to this postm l?tid=126&tid=95&tid=146
http://slashdot.org/articles/05/12/15/1437218.sht
use Gmail secure Greasemonkey script.
http://www.userscripts.org/scripts/show/784
Westchester County executive Andrew Spano is seeking for reelection next week. Andrew Spano is unpopular among Westchester County residents due to the bad handling of bus strike during this year. I dont think this legistation will be made into law.
You can use Greasemonkey 06.2 beta for Firefox 1.5.
- compatible-greasemonkey.html
more details in Greasemonkey blog
http://greaseblog.blogspot.com/2005/09/firefox-15
Its time to add the link "Dupes by Zonk" in the "Related Links" section
Site Slashdotted. Coral Cached
http://www.getfoxie.com.nyud.net:8090/
Linux Trademark owned by Linusm l
See Slashdot post
http://slashdot.org/articles/00/01/19/0828245.sht
http://youngpup.net.nyud.net:8090/gmtalk/presentat ion.html
Actually you dont have to manually remove the cookies. If you setup the option of Keep Cookies until I Close Firefox then Firefox automatically clears the cookies when you close the browser. I have this option setup.
In Firefox 1.1 has an option called Sanitize. Sanitize is invoked it clears the cookies, cache, history, saved form/password info. ya you can customize the items you want sanitize. you can also set the firefox to execute Sanitize option whenever you exit firefox.
>>How many malwarez does it take for the proles to get fed up?
joe user will live with it by buying anti spyware from M$. firefox only has 10% in browser market share in spite of IE being hounded by loads of spywares. finally some education is needed for joe user to understand the problems of insecure software developed by world's largest software company and move to a better one.