I loved the old TV Tome website. Being absorbed and ruined was bad, and revival is good. But why turn it into yet another wiki?
<negativity> I'm not hard out against blogs or wiki's (and everything else thats popped up and become popular recently). But do other slashdotters think these things are making the web more bland, or making otherwise awkward sites easier to produce and more useful to surfers?
My concern is, although a wiki formats are great for user contribution, they all look the same and this will stint the growth and popularity of the site. </negativity>
MSN Messenger isn't an open protocol either (The recent matter of MS opening up some API's for it and some other of their goodies is good, but doesn't count). This hasn't stopped FOSS implementations of the protocol based on reverse engineering.
At the moment Skype is a good product with a geek (& Joe Noob) friendly image so there's no incentive to want to create an alternative client. Should Skype drop a platform though, i'm sure atleast some of this enthusiasm for the service would be sucked into open source.
Even if Skype itself were to fail on platform X and noone was to create openSkype it should have generated enough buzz over VoIP by now to get open source to start picking up the slack.
That'd work but I suspect the first wave of dodgy scam URL's that are smart enough to exploit firefox users would also be smart enough to thawte this just by introducing a random string into the URL on each hit.
Theres also no gaurentee the domain/IP will remain the same..and then there's the privacy issue of sending mozilla url's of extensions you're trying to install.
Thats why i suggested some kind of heuristic/hash mechanism on the code.
"Whatever you think about ActiveX, I've never heard about an evil control that pretends to be Windows Update or Macromedia Flash."
Very very true. The problems with ActiveX all stem from uninformed users clicking yes to that XXX Toolbar popup.
I definately think it'd be a good idea for Mozilla to implement a community page for every extension any firefox browser anywhere tries to install from a remote location. Something much like the current extension directory, but inclusive of extensions not even hosted there (even any commercial extensions that may arise in the future). It could work something like this:
The browser hashes the extension code minus any fuzziness, whitespace etc (or better yet hash the bytecode) to try and ensure malicious authors don't try to scatter negative feedback.
The user can read other peoples warnings, doubts, or happy reviews see the extension rating, how many people have installed it, etc and can then decide for themselves whether it's trustable enough to install.
The hash links could be redirected to proper extension pages with names, descriptions and version #'s etc once the extension is well established and rated to be 'safe' by the community.
For users too lazy to 'waste' time checking the feedback pages thoroughly, the warning dialog could show any immediate threat or trust rating and whether the code for this extension has been peer reviewed.
Problems:
Successfully identification of extensions could be tricky if a malicious author tries to dodge the system.
The trust ratings and user comments need to be safe from poisoning and therefore moderated
"I'm sure at some pont a signing mechanism like Authenicode will be deemed necessary."
Just like signed ActiveX?
Anyone can sign something. For signing to work you need a trusted registry/organisation to cryptographically sign things and use a whitelist system to reject untrusted signitures, just like SSL certificates. But we aren't talking about certificates we're talking about code. Anytime someone sticks an official stamp on something people start expecting the official stamper/supposed quality assurer to take responsibility when shit hits the fan.
No, the best bet is to show a blatant warning when the user installs an extension and produce a centralised link to somewhere (like addons.mozilla.org) where users can discuss an extension and decide if they trust it for themselves. This would be the open source community bit. A blacklist of bad extensions/spyware might be a good idea too.
Theres not much you can do to improve the way ActiveX components are installable except to educate users and provide easily accessable resources (as above). The security model underneath ActiveX apparently sucks (no personal experience)...but then firefox extensions can be a pain too.
You shouldn't worry too much about anything beyond personal assessment and a warning IMHO. It's a definate slippery slope to spyware removal tools for Firefox. It's gonna happen unless someone makes a revelation.
Windows users: Follow sister post's URL and complete quicktime midi configuration instructions. It works well with Quicktime Alternative just go via control panel, quicktime, browser tab.
Opera 7.x and 8.x both have 0 unpatched vulnerabilities.
Safari has only 1 reported vulnerability (which is unpatched).
Come on now, we all know by now response time, patch effectiveness and ease of deployment are all AS important, and that the number of vulnerabilities discovered is in relation to the number of people in the userbase.
If we're ever going to conclude the debates on the security of these browsers we need to do some serious statistical analysis of all of the above.
Here is a screenshot of Acid 2 in 1.5b1 and Opera. There doesn't appear to be any visible progress from FF 1.0.6/Mozilla 1.7.10 to 1.5b1.
Opera nazi disclaimer: I'm by no means trying to downplay the good work of the folks at Mozilla or the significance of this release, i'm just stating the facts.
Personally I think XML data islands are rather elegant, and they've been around since long before Firefox/Mozilla was on the average web developers horizon.
Instead, for simple data display, we're stuck with XMLHTTPRequest object overkill, or slightly more elegantly, using javascript to hotswap in <script> elements which does the job with fewer lines of code cleanly enough.
I was under the illusion both had advantages (HD-DVD's being it's compatibility layer, Toshiba pushing for a unified format, cheaper to produce, etc) and disadvantages.
Why have all slashdotters seemingly decided blu-ray is just...better. We in buzzword town again? Ooo shiney blue lasers?
Why don't you setup seperate maintainance admin/appropriate level accounts on all your client networks and then keep the password the same?
Obviously you'll need to get your clients to agree to this, but it sounds like you already have this level of access anyway.
Since all these networks are disconnected, it's unlikely anybody will know you are using the same password for all of your clients, and I don't see how this is a worse risk than storing all of them in one location/file.
"Scientists have long known that less complex creatures have an impressive ability to regenerate. Many fish and amphibians can regrow internal organs or even whole limbs."
It occurs to me that anything that'd let your penis grow back and therefore let one breed more (excluding slashdotters) wouldn't be dropped from the feature list for more 'complex' lifeforms without a whopper of a bug.
Re:"Always trust code from Microsoft"
on
Do You Code Sign?
·
· Score: 1
xe.com doesn't let you type in vague but useful input like "62 dollars in australian money" which is supported by both Google and coinmill.com.
The benefit of this form of input is questionable when you have a nice scrollable select list, but maybe some people find typing "south african money" easier...I think I do.
Slashdot Mirror
No just seven components:
Outlook, Word, Excel, Powerpoint, Publisher, Access and Frontpage.
I loved the old TV Tome website. Being absorbed and ruined was bad, and revival is good. But why turn it into yet another wiki?
<negativity>
I'm not hard out against blogs or wiki's (and everything else thats popped up and become popular recently). But do other slashdotters think these things are making the web more bland, or making otherwise awkward sites easier to produce and more useful to surfers?
My concern is, although a wiki formats are great for user contribution, they all look the same and this will stint the growth and popularity of the site.
</negativity>
Good luck with TV IV.
"His eyes are just big dollar signs."
...anyone for a "I used KaZaA and Skype before they sold out" t-shirt?
Yeah gret...anyhoo
MSN Messenger isn't an open protocol either (The recent matter of MS opening up some API's for it and some other of their goodies is good, but doesn't count). This hasn't stopped FOSS implementations of the protocol based on reverse engineering.
At the moment Skype is a good product with a geek (& Joe Noob) friendly image so there's no incentive to want to create an alternative client. Should Skype drop a platform though, i'm sure atleast some of this enthusiasm for the service would be sucked into open source.
Even if Skype itself were to fail on platform X and noone was to create openSkype it should have generated enough buzz over VoIP by now to get open source to start picking up the slack.
That'd work but I suspect the first wave of dodgy scam URL's that are smart enough to exploit firefox users would also be smart enough to thawte this just by introducing a random string into the URL on each hit.
Theres also no gaurentee the domain/IP will remain the same..and then there's the privacy issue of sending mozilla url's of extensions you're trying to install.
Thats why i suggested some kind of heuristic/hash mechanism on the code.
Very very true. The problems with ActiveX all stem from uninformed users clicking yes to that XXX Toolbar popup.
I definately think it'd be a good idea for Mozilla to implement a community page for every extension any firefox browser anywhere tries to install from a remote location. Something much like the current extension directory, but inclusive of extensions not even hosted there (even any commercial extensions that may arise in the future). It could work something like this:
Problems:
"I'm sure at some pont a signing mechanism like Authenicode will be deemed necessary."
Just like signed ActiveX?
Anyone can sign something. For signing to work you need a trusted registry/organisation to cryptographically sign things and use a whitelist system to reject untrusted signitures, just like SSL certificates. But we aren't talking about certificates we're talking about code. Anytime someone sticks an official stamp on something people start expecting the official stamper/supposed quality assurer to take responsibility when shit hits the fan.
No, the best bet is to show a blatant warning when the user installs an extension and produce a centralised link to somewhere (like addons.mozilla.org) where users can discuss an extension and decide if they trust it for themselves. This would be the open source community bit. A blacklist of bad extensions/spyware might be a good idea too.
Theres not much you can do to improve the way ActiveX components are installable except to educate users and provide easily accessable resources (as above). The security model underneath ActiveX apparently sucks (no personal experience)...but then firefox extensions can be a pain too.
You shouldn't worry too much about anything beyond personal assessment and a warning IMHO. It's a definate slippery slope to spyware removal tools for Firefox. It's gonna happen unless someone makes a revelation.
It's better to respond in a day and prevent any exploitation at all than it is to do seemingly nothing.
They can fix the actual problem for the next release and re-enable IDN.
To bypass all the javascript and all other shit:
Opera 7.x and 8.x both have 0 unpatched vulnerabilities.
Safari has only 1 reported vulnerability (which is unpatched).
Come on now, we all know by now response time, patch effectiveness and ease of deployment are all AS important, and that the number of vulnerabilities discovered is in relation to the number of people in the userbase.
If we're ever going to conclude the debates on the security of these browsers we need to do some serious statistical analysis of all of the above.
Since when do companies go looking for potential employees?
I should be so lucky.
Here is a screenshot of Acid 2 in 1.5b1 and Opera. There doesn't appear to be any visible progress from FF 1.0.6/Mozilla 1.7.10 to 1.5b1.
Opera nazi disclaimer: I'm by no means trying to downplay the good work of the folks at Mozilla or the significance of this release, i'm just stating the facts.
... and they still haven't fixed CSS floats. See the 5 year old bug report.
Personally I think XML data islands are rather elegant, and they've been around since long before Firefox/Mozilla was on the average web developers horizon.
Instead, for simple data display, we're stuck with XMLHTTPRequest object overkill, or slightly more elegantly, using javascript to hotswap in <script> elements which does the job with fewer lines of code cleanly enough.
For Windows users get http://dijjer.org/dijjer.jar
instead of the exe installed, it's build 118 as opposed to build 117.
It's also cleaner to run and cleanup and you can see all the inner workings going on.
Cheers. 4.0 KBps from PBS was a joke.
Dijjer seems to work just as well as HTTP when there is no p2p connections and doesn't suffer from the lack of torrent.
/ NTV001/ntv001.mp4
http://dijjer.org/get/http://64.106.205.160/video
Confirmed this works with Opera 8 except for the "anchor.host" property for adding the coral cache link.
Also the graphics are pretty damn aweful.
I don't think there is a crime against selling syringes or ink that just so happens to work well for printing.
"Cartridge refill kit" -> "Ink and syringe pack".
So sue me.
they give out free rubbers in sex ed? o_O
What is it with peopel saying HD-DVD is inferior?
I was under the illusion both had advantages (HD-DVD's being it's compatibility layer, Toshiba pushing for a unified format, cheaper to produce, etc) and disadvantages.
Why have all slashdotters seemingly decided blu-ray is just...better. We in buzzword town again? Ooo shiney blue lasers?
Someone explain.
Why don't you setup seperate maintainance admin/appropriate level accounts on all your client networks and then keep the password the same?
Obviously you'll need to get your clients to agree to this, but it sounds like you already have this level of access anyway.
Since all these networks are disconnected, it's unlikely anybody will know you are using the same password for all of your clients, and I don't see how this is a worse risk than storing all of them in one location/file.
WinRAR isn't free
"Scientists have long known that less complex creatures have an impressive ability to regenerate. Many fish and amphibians can regrow internal organs or even whole limbs."
It occurs to me that anything that'd let your penis grow back and therefore let one breed more (excluding slashdotters) wouldn't be dropped from the feature list for more 'complex' lifeforms without a whopper of a bug.
xe.com doesn't let you type in vague but useful input like "62 dollars in australian money" which is supported by both Google and coinmill.com.
:P
The benefit of this form of input is questionable when you have a nice scrollable select list, but maybe some people find typing "south african money" easier...I think I do.
Oh, and you're all way offtopic