you add a script element and it is parsed and executed... seems fairly straightforward to me. Except the specs came to lengths to prevent this kind of behaviour in cross-domain linking. You can't perform xmlHTTPRequest for a website other than the one the page is loaded from. You can't do shit to a DOM tree of a document in other frame/window. The specs' intention of preventing ability to dynamically load scripts from sites other than where the page comes from seems obvious. You can statically include a "foreign" script upon loading the webpage and then that's the end. You can't change src of existing script. (actually you can, but the new script won't load), you can't perform live request to download XML data. You can't access data or scripts in frames you've dynamically (or statically) loaded. There's a lot of safeguards against cross-domain scripting. But inserting a new "Script" element isn't protected in any way and you can do far more serious changes to the page (document, scripts, browser settings etc) using it, than you would if cross-site xmlHTTPRequest was legal.
It works exactly as it's supposed to. That's not a bug. So disabling/limiting cross-frame scripting, cross-site scripting, preventing loading data from other sites, these all are bugs then? Because they stand in direct opposition of this idea. It's a gaping hole in what they try to prevent.
Seems you look for things that aren't very profitable.
I wanted to pick a new banking account, and looking for a good Internet bank. So I tried all the "online banking comparison", "reviews", "consumer opinions" and such. Nothing worked, the keywords around banking got spammed by some "partnership" program where if you convince someone to join one of 6 or 7 banks participating in the program, you get some decent cash. Of course all the participating banks are crappy, but thousands of people battling each other to get more hits in Google and to trick people into joining one of the banks efficiently killed any search reliablity of the term. I finally found some forum where people discussed the banks. About 15th page of results.
Some other time my dog ate a whole box of Bactrim pills. Pretty dangerous medicine if overused. The vet did all the basic stuff but didn't have experience with this particular drug. So I typed in Google "Bactrim overdose". Guess what? Thousands of sites trying to sell Bactrim, spamming their pages with all kinds of terms like "$drugname poisoning", "$drugname abuse", "$drugname interactions" and all kinds of stuff that can lead whoever overdosed some drug to death before you can find how to heal it. Luckily the vet's intuition-based judgement was good and the dog recovered. I reported that to Google, next time I typed "Bactrim overdose" the first hit was "Bactrim overdose in dogs", a PDF with a paper describing the exact procedure of fighting the overdose. The spammer sites were nowhere to be found:)
I think it's even better than this. I believe Microsoft actually believes in all its own crap. And that are its death spasms, the same spasms that killed Commodore and Atari.
Amiga CDTV? Amiga CD32? New AmigaOS? A few dumb investments that didn't even partially return the costs, or didn't even come to life, all after years of stagnation and Commodore died.
Atari Jaguar, Tower ST, Atari Portfolio, and Atari died. Rapid burst of products nobody asked for and nobody really wanted, lots of hype nobody bought, flop.
The recent decisions of Microsoft are heading just the same way. True Microsoft still has the huge money-making engine of MS Office, but the marketing moves behind the new products seem more and more frantic.
Eventually they will have targeted ads on everyone's desktop, which they will (hopefully) use to subsidize the cost of their OS.
Yepperz, they already do. In XP.
New install of XP. Very slow connection. I wanted to check something in docs for MySQL. These of you who know the docs, know it comes in a "convenient" 1.6MB HTML file. So I start downloading the file, 30 or so minutes pass and I play with tweaking the desktop in the meantime. I enter the "Plus" tab, change some settings and suddenly MSIE pops into view, and my 3/4-loaded MySQL doc gets replaced with "Would you like to buy a Plus Desktop Themes Pack?" on microsoft.com. Of course partially downloaded file doesn't get cached, and they didn't get the idea of launching a separate window - so I've just lost half a hour thanks to Microsoft's greed and incompetence.
Let's sum up: - Windows Update sends a lot of informations MS shouldn't be interested in. - Spyware. - Said popup - Adware. - Disrupting normal workflow and breaking tasks in progress (like that popup), nagging for payment to stop said disruptions - Malware.
I wouldn't be really surprised if they put more of that junk in Vista.
And the "script injection" method IS standard-compilant as far as you believe in standards. Thing is "standards" don't equal to "perfection", standards have their own errors too.
Standard specifies you're allowed to insert any DOM element at will, and makes no special exceptions for "script." It makes lots of assertions about cross-window, cross-frame etc scripting, about limits of what can you do with elements inherited by inserted elements etc, but in normal conditions you're free to load a script from an arbitrary site, and there are no assertions making inserting DOM elements anything "not normal".
It's abusing a hole in the specs, because "script" elements should be treated differently than others and follow different rules when created upon document creation than when inserted through DOM methods - but there are no exceptions and inserting a script is just the same as inserting anything else. The browser support is there (MSIE requires "DEFER", but that's about all). Specs say "all elements" and make no exception. So let's live happily and use the godsent feature not caring that it's a bug.
Tape a minimicrophone to the bottom of the door, by the hinges. Pull a thin wire to the recorder hidden nearby - or just use one of the commercial short-range "bugs". You can attach it on top of the door, between the door and the frame to hide it better. Replay the sequence by putting a speaker with a small metal bar attached to the membrane to produce actual knocks.
The proof is not at "credible sources" because any reachable credible sources get either silenced or discredited ("I've never seen anything remotely credible"). The source is total lack of counter-proof despite all the common-sense. You hear of new revolutionary energy sources to power cars about once a month. Just google for "alternate fuel". There are thousands or millions of designs. But none hits the road, one that did, got scrapped despite being a nice success. WHAT is the reason that there's not a single common, affordable alternate energy car? Why did Toyota Prius get scrapped despite quite successful start-up and loud protests of would-be buyers? Conspiracy theory? Yes, absolutely. No solid proof, just clues and counter-proofs. But unlike most conspiracy theories that have lots of solid counter-proofs and just few clues, this one has no real counter-proofs to speak of and thousands of clues. You must draw your own conclusions and ask yourself "Where did all these designs go, then?"
This story is only a half-step above the recent perpetual motion machine stories.
This story is a half-step to a story of a car that goes 0-60 in 4s at 50mpg of biodiesel and passes emissions and crash testing. The points are valid but not show-stoppers. This is a working prototype, a point about half-way between the idea and a final product, and more importantly a point beyond most stumble-and-crash obstacles, that is ones that make the final product impossible. Now that they have something to show, they can start thinking of passing all the tests, preparing the model for mass manufacturing, getting from development to production.
There's just one big show-stopper hurdle in front of them yet. $$$, big, big $$$, especially these in hands of oil corporations. They would pay a lot to have the project cancelled.
As for open sourcing the design, why do you begrudge them a profit? You think these kids don't need the money? I do free software because I choose to, but the data don't support the hypothesis that it is a practical way to make a living.
The answer is, because the profit would (and most likely will) come from some big$$$ oil companies, who will buy the patent, the project and silence, and this will be the last we see of this car. There -already- are quite a few revolutionary alternative fuel/power technologies that would blast crude oil into obsolescence, but they are all held by said companies and guarded carefully so that nobody builds any of these cars before oil gets so scarce and expensive that governments force the companies to release the patents. I don't really see why this idea would end up differently. Of course "open-sourcing" the design would thwart the "lock-out" concept.
Yes, but the direction and dissipation changes. You create LOWER total sound output, but in a small area near your head the levels increase. Similar to radiational cancer cells removal or 3D laser drawings inside crystal blocks, where the beams create destructive effect in place where they cross while remaining harmless outside. Instead of one or two strong sound sources filling the whole area (and lots beyond it), you create 5 narrow, directional weak streams that create a small high-intensity zone where they cross. The speakers don't cancel anything, instead they add up in one place, creating voice loud enough to hide Jackson in the background, but move a step away from the "sweet spot" and you hear one of them at full volume, instead of five.
Unfortunately that's what most of nowadays' game producers think, resulting in the 'idea crisis' aka "almost all new games suck." Shiny graphics and detail on the same old reused idea.
Now imagine, REALLY high-quality positional audio in a theater making it sound to everyone in the theater that the 6th guy in the 5th row just farted really loudly. And then even the guy from the screen pointing at the seat and blaming the poor bastard.
That's true. And why? Because even uncompressed audio doesn't transfer all the frequencies. And audio equipment is meant to record/play only "audible" frequencies. Sure you don't HEAR the extra frequencies below or above the standard spectrum. But you FEEL them. Ultrasound adds the "piercing" impression, "music reaching to your inner depths". Subsonic makes you uncalm, feels like fear, danger. It's what makes animals flee from incoming hurricane, it's what makes your skin crawl. And harmonics, acords with these are possible too. One note audible, one inaudible, so you hear only one, but depending on the other one, the one you hear may sound right or wrong. Instead of adding more speakers, they should increase the wave spectrum they play.
'kay, headphones beat the speakers in the efficiency of that, but headphones get tiring pretty fast. If your sister behind a thin wall turns on her stereo with Michael Jackson, you NEED a sound barrier. And in the meantime, getting stronger, louder speakers will just result in race of arms and neighbors getting involved for excessive noise. This won't work. You need a subtle solution and 5.1/7.1 comes to the rescue. Each of the speakers taken separately is pretty weak, and emits sound in one direction. 6 meters away and neither your neighbors nor your sister get affected. But all 5 or even better all 7 crossing their sound tracts over your head give you a small local zone of volume high enough to hide everything, from "Moonwalker" to "Invincible". Screw the quality, you just get a private noise-cancellation (or more like noise-override) zone.
Well, movies, music, such stuff where quality matters, if you're a connesseur you may want 5.1 or even 7.1. But 5.1 may mean difference between being alive and dead, and you NEED it in certain case. Friend's tale. He's the 1337, I'm just a n00b so it doesn't matter in my case. UT deathmatch. He bought his new 5.1 and configured it correctly. Some tunnel deep underground. And then he hears, left-behind, the sound of a Ripper, that deadly spinning disk that upon hitting your neck cuts your head off, granting the opponent an instant frag and counting as headshot. "Duck" and the ripper zooms over his head. Fast turn and a rocket into the enemy's face. One frag less for the opponent, one more for him, one 1337 tale more to tell, one more deathmatch won in total... Thanks to 5.1.
Depends. Some of the joysticks (3rd party) had "real" 2 fire buttons (that is 2 buttons attached to 2 different pins.) Most had "fake" 2 or more fire buttons, that is several buttons connected in paralell so it didn't matter which one you pressed. There were at least few joysticks with 2 top buttons on the grip and 2 buttons in the base, meaning 8 sets of contacts in the joystick total:) Add things like auto-fire, system compatiblity switch (Amstrad, Nintendo, Sega, Atari), momentary/fixed autofire (separate autofire switch and button), extra autofire for "real" fire B, and you easily would come with joysticks with 12 and more sets of contacts.
Well, I have a "flight grip" joystick, one of multitude of the "multisystem" joysticks for 8-bit computers like Atari and Commodore. It has the D-pad too, but damned thing gets diagonals FAR too easily. All you need is to tilt your thumb a bit up while pressing left, and the hero on screen jumps straight onto a landmine instead of walking up to it to climb a near ladder.
Slashdot Mirror
95 % of the users do not need them.
Another 4% use them to write viruses.
Do you believe in Apocrypha? Apocrypha exist.
you add a script element and it is parsed and executed... seems fairly straightforward to me.
Except the specs came to lengths to prevent this kind of behaviour in cross-domain linking. You can't perform xmlHTTPRequest for a website other than the one the page is loaded from. You can't do shit to a DOM tree of a document in other frame/window. The specs' intention of preventing ability to dynamically load scripts from sites other than where the page comes from seems obvious. You can statically include a "foreign" script upon loading the webpage and then that's the end. You can't change src of existing script. (actually you can, but the new script won't load), you can't perform live request to download XML data. You can't access data or scripts in frames you've dynamically (or statically) loaded. There's a lot of safeguards against cross-domain scripting. But inserting a new "Script" element isn't protected in any way and you can do far more serious changes to the page (document, scripts, browser settings etc) using it, than you would if cross-site xmlHTTPRequest was legal.
It works exactly as it's supposed to. That's not a bug.
So disabling/limiting cross-frame scripting, cross-site scripting, preventing loading data from other sites, these all are bugs then? Because they stand in direct opposition of this idea. It's a gaping hole in what they try to prevent.
Seems you look for things that aren't very profitable. :)
I wanted to pick a new banking account, and looking for a good Internet bank. So I tried all the "online banking comparison", "reviews", "consumer opinions" and such. Nothing worked, the keywords around banking got spammed by some "partnership" program where if you convince someone to join one of 6 or 7 banks participating in the program, you get some decent cash. Of course all the participating banks are crappy, but thousands of people battling each other to get more hits in Google and to trick people into joining one of the banks efficiently killed any search reliablity of the term. I finally found some forum where people discussed the banks. About 15th page of results.
Some other time my dog ate a whole box of Bactrim pills. Pretty dangerous medicine if overused. The vet did all the basic stuff but didn't have experience with this particular drug. So I typed in Google "Bactrim overdose". Guess what? Thousands of sites trying to sell Bactrim, spamming their pages with all kinds of terms like "$drugname poisoning", "$drugname abuse", "$drugname interactions" and all kinds of stuff that can lead whoever overdosed some drug to death before you can find how to heal it. Luckily the vet's intuition-based judgement was good and the dog recovered. I reported that to Google, next time I typed "Bactrim overdose" the first hit was "Bactrim overdose in dogs", a PDF with a paper describing the exact procedure of fighting the overdose. The spammer sites were nowhere to be found
I think it's even better than this. I believe Microsoft actually believes in all its own crap. And that are its death spasms, the same spasms that killed Commodore and Atari.
Amiga CDTV? Amiga CD32? New AmigaOS? A few dumb investments that didn't even partially return the costs, or didn't even come to life, all after years of stagnation and Commodore died.
Atari Jaguar, Tower ST, Atari Portfolio, and Atari died. Rapid burst of products nobody asked for and nobody really wanted, lots of hype nobody bought, flop.
The recent decisions of Microsoft are heading just the same way. True Microsoft still has the huge money-making engine of MS Office, but the marketing moves behind the new products seem more and more frantic.
Oh well, I'm sure Google is currently in state of ROTFL.
Kill the competition by making them die from laughter, well, a tactic too.
Eventually they will have targeted ads on everyone's desktop, which they will (hopefully) use to subsidize the cost of their OS.
Yepperz, they already do. In XP.
New install of XP. Very slow connection. I wanted to check something in docs for MySQL. These of you who know the docs, know it comes in a "convenient" 1.6MB HTML file. So I start downloading the file, 30 or so minutes pass and I play with tweaking the desktop in the meantime. I enter the "Plus" tab, change some settings and suddenly MSIE pops into view, and my 3/4-loaded MySQL doc gets replaced with "Would you like to buy a Plus Desktop Themes Pack?" on microsoft.com. Of course partially downloaded file doesn't get cached, and they didn't get the idea of launching a separate window - so I've just lost half a hour thanks to Microsoft's greed and incompetence.
Let's sum up:
- Windows Update sends a lot of informations MS shouldn't be interested in. - Spyware.
- Said popup - Adware.
- Disrupting normal workflow and breaking tasks in progress (like that popup), nagging for payment to stop said disruptions - Malware.
I wouldn't be really surprised if they put more of that junk in Vista.
The keyword?
we'll be more relevant in the U.S. market place
Not desktop, not user browser, not result list. Market place exactly.
I think Overture tried that already: selling positions in search. It was a flop.
Or three and a half of Chuck Norris. Gosh!
And the "script injection" method IS standard-compilant as far as you believe in standards. Thing is "standards" don't equal to "perfection", standards have their own errors too.
Standard specifies you're allowed to insert any DOM element at will, and makes no special exceptions for "script." It makes lots of assertions about cross-window, cross-frame etc scripting, about limits of what can you do with elements inherited by inserted elements etc, but in normal conditions you're free to load a script from an arbitrary site, and there are no assertions making inserting DOM elements anything "not normal".
It's abusing a hole in the specs, because "script" elements should be treated differently than others and follow different rules when created upon document creation than when inserted through DOM methods - but there are no exceptions and inserting a script is just the same as inserting anything else. The browser support is there (MSIE requires "DEFER", but that's about all). Specs say "all elements" and make no exception. So let's live happily and use the godsent feature not caring that it's a bug.
Tape a minimicrophone to the bottom of the door, by the hinges. Pull a thin wire to the recorder hidden nearby - or just use one of the commercial short-range "bugs". You can attach it on top of the door, between the door and the frame to hide it better.
Replay the sequence by putting a speaker with a small metal bar attached to the membrane to produce actual knocks.
The proof is not at "credible sources" because any reachable credible sources get either silenced or discredited ("I've never seen anything remotely credible"). The source is total lack of counter-proof despite all the common-sense. You hear of new revolutionary energy sources to power cars about once a month. Just google for "alternate fuel". There are thousands or millions of designs. But none hits the road, one that did, got scrapped despite being a nice success. WHAT is the reason that there's not a single common, affordable alternate energy car? Why did Toyota Prius get scrapped despite quite successful start-up and loud protests of would-be buyers? Conspiracy theory? Yes, absolutely. No solid proof, just clues and counter-proofs. But unlike most conspiracy theories that have lots of solid counter-proofs and just few clues, this one has no real counter-proofs to speak of and thousands of clues. You must draw your own conclusions and ask yourself "Where did all these designs go, then?"
This story is only a half-step above the recent perpetual motion machine stories.
This story is a half-step to a story of a car that goes 0-60 in 4s at 50mpg of biodiesel and passes emissions and crash testing.
The points are valid but not show-stoppers. This is a working prototype, a point about half-way between the idea and a final product, and more importantly a point beyond most stumble-and-crash obstacles, that is ones that make the final product impossible. Now that they have something to show, they can start thinking of passing all the tests, preparing the model for mass manufacturing, getting from development to production.
There's just one big show-stopper hurdle in front of them yet. $$$, big, big $$$, especially these in hands of oil corporations. They would pay a lot to have the project cancelled.
As for open sourcing the design, why do you begrudge them a profit? You think these kids don't need the money? I do free software because I choose to, but the data don't support the hypothesis that it is a practical way to make a living.
The answer is, because the profit would (and most likely will) come from some big$$$ oil companies, who will buy the patent, the project and silence, and this will be the last we see of this car. There -already- are quite a few revolutionary alternative fuel/power technologies that would blast crude oil into obsolescence, but they are all held by said companies and guarded carefully so that nobody builds any of these cars before oil gets so scarce and expensive that governments force the companies to release the patents. I don't really see why this idea would end up differently.
Of course "open-sourcing" the design would thwart the "lock-out" concept.
Yes, but the direction and dissipation changes. You create LOWER total sound output, but in a small area near your head the levels increase.
Similar to radiational cancer cells removal or 3D laser drawings inside crystal blocks, where the beams create destructive effect in place where they cross while remaining harmless outside. Instead of one or two strong sound sources filling the whole area (and lots beyond it), you create 5 narrow, directional weak streams that create a small high-intensity zone where they cross. The speakers don't cancel anything, instead they add up in one place, creating voice loud enough to hide Jackson in the background, but move a step away from the "sweet spot" and you hear one of them at full volume, instead of five.
Unfortunately that's what most of nowadays' game producers think, resulting in the 'idea crisis' aka "almost all new games suck." Shiny graphics and detail on the same old reused idea.
Still, Europe is about half the size of the US. What about per capita numbers instead?
Now imagine, REALLY high-quality positional audio in a theater making it sound to everyone in the theater that the 6th guy in the 5th row just farted really loudly. And then even the guy from the screen pointing at the seat and blaming the poor bastard.
That's true. And why? Because even uncompressed audio doesn't transfer all the frequencies. And audio equipment is meant to record/play only "audible" frequencies.
Sure you don't HEAR the extra frequencies below or above the standard spectrum. But you FEEL them. Ultrasound adds the "piercing" impression, "music reaching to your inner depths". Subsonic makes you uncalm, feels like fear, danger. It's what makes animals flee from incoming hurricane, it's what makes your skin crawl. And harmonics, acords with these are possible too. One note audible, one inaudible, so you hear only one, but depending on the other one, the one you hear may sound right or wrong.
Instead of adding more speakers, they should increase the wave spectrum they play.
'kay, headphones beat the speakers in the efficiency of that, but headphones get tiring pretty fast. If your sister behind a thin wall turns on her stereo with Michael Jackson, you NEED a sound barrier. And in the meantime, getting stronger, louder speakers will just result in race of arms and neighbors getting involved for excessive noise. This won't work. You need a subtle solution and 5.1/7.1 comes to the rescue.
Each of the speakers taken separately is pretty weak, and emits sound in one direction. 6 meters away and neither your neighbors nor your sister get affected. But all 5 or even better all 7 crossing their sound tracts over your head give you a small local zone of volume high enough to hide everything, from "Moonwalker" to "Invincible". Screw the quality, you just get a private noise-cancellation (or more like noise-override) zone.
yeah, I loved that deep bass without all these noisy squeakers too.
> HELLO WORLD
> 29340 29340
The rotors in your enigma got stuck, n00b.
Well, movies, music, such stuff where quality matters, if you're a connesseur you may want 5.1 or even 7.1. But 5.1 may mean difference between being alive and dead, and you NEED it in certain case.
Friend's tale. He's the 1337, I'm just a n00b so it doesn't matter in my case. UT deathmatch. He bought his new 5.1 and configured it correctly. Some tunnel deep underground. And then he hears, left-behind, the sound of a Ripper, that deadly spinning disk that upon hitting your neck cuts your head off, granting the opponent an instant frag and counting as headshot. "Duck" and the ripper zooms over his head. Fast turn and a rocket into the enemy's face. One frag less for the opponent, one more for him, one 1337 tale more to tell, one more deathmatch won in total... Thanks to 5.1.
Texas alone is bigger than whole Europe, your point again?
Depends. Some of the joysticks (3rd party) had "real" 2 fire buttons (that is 2 buttons attached to 2 different pins.) Most had "fake" 2 or more fire buttons, that is several buttons connected in paralell so it didn't matter which one you pressed. There were at least few joysticks with 2 top buttons on the grip and 2 buttons in the base, meaning 8 sets of contacts in the joystick total :) Add things like auto-fire, system compatiblity switch (Amstrad, Nintendo, Sega, Atari), momentary/fixed autofire (separate autofire switch and button), extra autofire for "real" fire B, and you easily would come with joysticks with 12 and more sets of contacts.
Well, I have a "flight grip" joystick, one of multitude of the "multisystem" joysticks for 8-bit computers like Atari and Commodore. It has the D-pad too, but damned thing gets diagonals FAR too easily. All you need is to tilt your thumb a bit up while pressing left, and the hero on screen jumps straight onto a landmine instead of walking up to it to climb a near ladder.