Many businessmen hope that economic considerations will prevent both sides from marching down a self destructive path.
Meanwhile, hippies hope that love of peace will prevent both sides from marching down a self destructive path, and Slashdotters hope that considering the impact of a war on American technology consumers will prevent the war.
Educating the users is a very slow process, especially when it's tricky to do. Amazon has long, complicated URLs and if you pass me an Amazon URL I'm not likely to go scanning it for an @ (except now I'm going to).
You can stop scanning after the first/, which always signals the end of the hostname. Any @'s after the first / are part of the path, not the end of the username.
Sites can already spoof status bar text using JavaScript. Unless that bug affects forums like Slashdot (where users can create links but not add scripts), it's not a big deal.
As far as I can tell the best solution to this problem is to eliminate support for @ in a URL as a redirector. Is this going to break anything useful?
Eliminating support for passwords-in-URLs would break existing links, as other posters have pointed out. But leaving that part of the URL out of the address bar would solve the spoofing problem (http://www.zdnet.com@slashdot.org/ looks like a zdnet URL unless you are extremely familiar with how URLs work) without breaking much.
http://bugzilla.mozilla.org/show_bug.cgi?id=138198 - "open link in new tab" doesn't work for javascript links. IMO, this is a bug, not a feature request.
http://bugzilla.mozilla.org/show_bug.cgi?id=1038 43 - option to make links set to open in new windows open in new tabs instead.
Slashdot has kept its HTML 3.2 design for a long time ("because it works")
HTML 3.2 with tables does not work for forums. It requires the server to detect and break up long words, which is difficult to code and annoys anyone who tries to copy a URL from a comment. If the pages used a CSS layout instead of a table layout, one wide post wouldn't cause all the other posts to wrap at the longer width.
If by "valid XHTML" you mean "validates and is served with an XML mime type", that's not a good idea, because it triggers Mozilla's XML parser. I don't think Mozilla's XML parser supports incremental rendering like its HTML parser does.
"English-speaking Canada"? What does that mean? If your province makes French the official language, you're suddenly disqualified for this game, even if you speak English?
Slashdot Mirror
I don't remember the number of wires from Lain, but I do remember the sound. Now whenever I hear an electric hum I think "Lain".
I'm impressed that Google thought of that, even though I'm not sure I agree with their decision. Google UK and Google Germany and Google Portugal show the new logo, but Google Brazil does not.
Don't miss today's Google logo.
Many businessmen hope that economic considerations will prevent both sides from marching down a self destructive path.
Meanwhile, hippies hope that love of peace will prevent both sides from marching down a self destructive path, and Slashdotters hope that considering the impact of a war on American technology consumers will prevent the war.
So now you're telling us that roshambo is illegal? How the hell else are we supposed to settle disputes?
How about rock-paper-scissors?
X wasn't pointing out the order of "christian" and "scientist". He was pointing out that one was labelled a "zealot" while the other was not.
Not to mention, it would be added security from over-the-shoulder password collectors.
i d=134370
Well, it could be worse.
http://bugzilla.mozilla.org/show_bug.cgi?
Educating the users is a very slow process, especially when it's tricky to do. Amazon has long, complicated URLs and if you pass me an Amazon URL I'm not likely to go scanning it for an @ (except now I'm going to).
/, which always signals the end of the hostname. Any @'s after the first / are part of the path, not the end of the username.
You can stop scanning after the first
Sites can already spoof status bar text using JavaScript. Unless that bug affects forums like Slashdot (where users can create links but not add scripts), it's not a big deal.
Maybe "critical" is reserved for security holes that
A) Do more damage (e.g. full compromise of the user's system/account)
B) Require less user interaction (e.g. just loading the malicious site or receiving an e-mail)
If you call everything "critical", then "critical" loses its meaning. Just because it isn't "critical" doesn't mean they won't fix it.
As far as I can tell the best solution to this problem is to eliminate support for @ in a URL as a redirector. Is this going to break anything useful?
Eliminating support for passwords-in-URLs would break existing links, as other posters have pointed out. But leaving that part of the URL out of the address bar would solve the spoofing problem (http://www.zdnet.com@slashdot.org/ looks like a zdnet URL unless you are extremely familiar with how URLs work) without breaking much.
Cracks have both appeared for both the download limit and cache descrambling.
How about an English localization crack?
Are there more gun owners or P2P users in the United States?
The nearest exponent of two could be smaller. I think I know what you meant.
There are several groups of Mozilla contractors/consultants.
http://bugzilla.mozilla.org/show_bug.cgi?id=138198 - "open link in new tab" doesn't work for javascript links. IMO, this is a bug, not a feature request.
8 43 - option to make links set to open in new windows open in new tabs instead.
http://bugzilla.mozilla.org/show_bug.cgi?id=103
In what way is "The 'Open Link in New Tab' command should work with JavaScript links" like "cars should only have 3 wheels"?
I see PR5 for lazylightning right now. I have the toolbar set to use Google's "va" datacenter.
Or just "LA", because that's what many people call it anyway.
Slashdot has kept its HTML 3.2 design for a long time ("because it works")
HTML 3.2 with tables does not work for forums. It requires the server to detect and break up long words, which is difficult to code and annoys anyone who tries to copy a URL from a comment. If the pages used a CSS layout instead of a table layout, one wide post wouldn't cause all the other posts to wrap at the longer width.
If by "valid XHTML" you mean "validates and is served with an XML mime type", that's not a good idea, because it triggers Mozilla's XML parser. I don't think Mozilla's XML parser supports incremental rendering like its HTML parser does.
It's a bug in slashdot. Don't blame the poster.
But enabling the firewall is equivalent to disabling the services, isn't it?
"Enable the firewall by default"? Why not just disable the services by default?
"English-speaking Canada"? What does that mean? If your province makes French the official language, you're suddenly disqualified for this game, even if you speak English?