Rape is usually about 5-20 years, isn't it? I agree that 9 years is a little extreme for spamming.
9 years would be an extremely high sentence for spamming one person. Conversely, 5-20 years would be an extremely low sentence for raping hundreds of thousands of people.
Why is this attack lumped together with phishing attacks? It sounds to me like this attack involves a hole that lets the attacker run arbitrary code with the user's permissions, which could just as easily be used to install a keylogger.
The parent's link is completely fucked. Slashdot stripped the slashes from the link and added a space to the link text. To follow the link, copy the text (not the link) and remove the space before giving it to a P2P client.
XSS is never a feature and always an unintentional security hole. The "feature" in the design of the Web that makes XSS possible is the ability for a site to link to another site.
If an ATM is susceptible to worms, it's susceptible to direct hacking too. I don't know about the Slashdot editors, but I'm more worried about someone stealing my money than I am about them crashing my bank's ATMs.
"In the United States, driver distraction is a bigger thing than in Europe," said Norbert Seitner, head of product planning for Audi North America. "People in America tend to sue companies very easily," he added, if something goes wrong with the technology.
That is why many car navigation systems in the United States display terms and conditions on the screen before they can be used, a requirement not done in other markets.
Thus further distracting the driver, or causing the driver to become lost. Good job, courts.
The attachment is on bug 252679. Rafael Ebron, who attached it, said "this attachment is invalid and the review is '-'. A EULA is needed to protect us from frivolous lawsuits and that's all."
It makes as much sense as listing "Web browsers" as a Windows vulnerability. If you read the sections on Web browsers and P2P apps, you'll see that they're talking about specific vulnerabilities in Web browsers and P2P apps, not Web browsers and P2P apps themselves.
I wouldn't take SANS's list of browser security holes too seriously. It lists the most publicized holes in Mozilla rather than the most serious holes. (To get a list of the most serious holes, look the "critical severity, high risk" holes (marked in red) on mozilla.org's list.) SANS's list includes Mozilla XPInstall Dialog Box Security Issue, which was fixed a few months ago, but fails to mention that a fully-updated version of IE in SP2 is still vulnerable. Under the list, SANS claims that Firefox does not have automatic updates, which is false.
Allowing votes might encourage "advocating" bugs, but at least the noise is in forums and in vote counts, not in bug comments. And since I seem to be the only person working on Firefox who looks at vote counts, noise in vote counts isn't a big deal. (I use vote counts to speed up searches for common/popular bugs, and sometimes to decide what to work on.)
Slashdot Mirror
Rape is usually about 5-20 years, isn't it? I agree that 9 years is a little extreme for spamming.
9 years would be an extremely high sentence for spamming one person. Conversely, 5-20 years would be an extremely low sentence for raping hundreds of thousands of people.
Which bug number? It's a dup of 240095.
Spoofing has nothing to do with XUL. Firefox's fix is the same as IE's: force the status bar to always be visible.
Click the information bar and select "Don't show this message...". Then you'll only get status bar notifications.
You can download without uploading with BitTorrent, but uploading makes the download four times faster.
Why is this attack lumped together with phishing attacks? It sounds to me like this attack involves a hole that lets the attacker run arbitrary code with the user's permissions, which could just as easily be used to install a keylogger.
The parent's link is completely fucked. Slashdot stripped the slashes from the link and added a space to the link text. To follow the link, copy the text (not the link) and remove the space before giving it to a P2P client.
XSS is never a feature and always an unintentional security hole. The "feature" in the design of the Web that makes XSS possible is the ability for a site to link to another site.
Your other examples are wrong, too.
If an ATM is susceptible to worms, it's susceptible to direct hacking too. I don't know about the Slashdot editors, but I'm more worried about someone stealing my money than I am about them crashing my bank's ATMs.
Did you write that bookmarklet? I might post it on my site, so I want to know who to credit.
Trunk nightlies or aviary branch nightlies?
"In the United States, driver distraction is a bigger thing than in Europe," said Norbert Seitner, head of product planning for Audi North America. "People in America tend to sue companies very easily," he added, if something goes wrong with the technology.
That is why many car navigation systems in the United States display terms and conditions on the screen before they can be used, a requirement not done in other markets.
Thus further distracting the driver, or causing the driver to become lost. Good job, courts.
If you're interested in helping find memory leaks, look at how David Baron has been finding them:
l s. htmlw nbag.h tml= 25682 2#c2d =25721 8#c0
http://www.mozilla.org/projects/xpcom/MemoryToo
http://www.mozilla.org/performance/leak-bro
https://bugzilla.mozilla.org/show_bug.cgi?id
https://bugzilla.mozilla.org/show_bug.cgi?i
Or e-mail David Baron and say "I'd like to help find memory leaks in Firefox. How can I help?".
If you're not interested in helping, and you're just trying to get people already volunteering to shift their priorities, that's ok too.
>md5sum fileutils-1.0.6.patch.tar.gz
68349c219d941209af8f7c968b89d622 *fileutils-1.0.6.patch.tar.gz
So you can be sure you're getting the real fake patch.
They wanted to see if they could Slashdot Slashdot.
Every version after takes just as long as Windows Media Player to run
Not for me. I'm using 5.05 and it opens almost instantly. It might help that I'm using a Winamp 2 skin (Labyskin) instead of a Winamp 3 skin.
Who actually uses winamp for playing videos?
I do. It opens faster than Windows Media Player. It has a "5 second rewind" keyboard shortcut, which is my favorite keyboard shortcut in any program.
It's plaintiffs lawyers (like John Edwards) suing doctors with junk science
Are you saying that John Edwards has sued doctors with junk science, or just that some plantiffs' lawyers have?
The Google "Search Bar" is the same as the nice, wide address bar, whereas the FF Search Bar is tiny.
You can make the address bar work as a Google search bar.
The attachment is on bug 252679. Rafael Ebron, who attached it, said "this attachment is invalid and the review is '-'. A EULA is needed to protect us from frivolous lawsuits and that's all."
DomainKeys protects the from From field. SPF does not.
It makes as much sense as listing "Web browsers" as a Windows vulnerability. If you read the sections on Web browsers and P2P apps, you'll see that they're talking about specific vulnerabilities in Web browsers and P2P apps, not Web browsers and P2P apps themselves.
I wouldn't take SANS's list of browser security holes too seriously. It lists the most publicized holes in Mozilla rather than the most serious holes. (To get a list of the most serious holes, look the "critical severity, high risk" holes (marked in red) on mozilla.org's list.) SANS's list includes Mozilla XPInstall Dialog Box Security Issue, which was fixed a few months ago, but fails to mention that a fully-updated version of IE in SP2 is still vulnerable. Under the list, SANS claims that Firefox does not have automatic updates, which is false.
Allowing votes might encourage "advocating" bugs, but at least the noise is in forums and in vote counts, not in bug comments. And since I seem to be the only person working on Firefox who looks at vote counts, noise in vote counts isn't a big deal. (I use vote counts to speed up searches for common/popular bugs, and sometimes to decide what to work on.)
Your system administrator doesn't allow you to keep your web browser up to date? That's scary.
maybe they LIKE having an integer decimal percentage of the GNP
A what?