The latest Mozilla build also has something similair to this. It will automagically fill in your info on order forms and such (such as name, address, email address,...) You can also put in your SS#, credit card number, exp date and such. I'm not sure exactly how mozilla stores this info.
There are two options for how you can have Mozilla store your form info: - obscured: I think Mozilla uses an obscuring mechanism slightly more sophisticated than ROT13, but anyone with read access to your file system would be able to extract the information, because the information is not protected by a password. - encrypted: You specify a master password when you enable this feature. Mozilla will ask you for the master password before autofilling a form. You can specify whether it asks you at each form, only after restarting the browser, or after some amount of idle time. Again, I don't know the exact algorithm, but I assume it's decent since Mozilla already has crypto functions built in to handle https sites.
(These options are all under Edit > Preferences > Privacy and Security, in the subcategories Web Passwords and Master Passwords.)
Of course, you can always opt to not have Mozilla store your passwords and credit card number. It always asks before storing a password, and it won't try to remember your credit card number unless you specifically tell it to.
When a pop-up ad for a Delta Airlines appears while you're surfing AmericanAirlines.com, is it clear to the user that a) the advertisement is coming from Gator, not from American Airlines, and b) the user can stop this type of ad from appearing by uninstalling Gator?
Also, c) Can a user who has been using Gator for several years uninstall Gator without losing his/her passwords? d) If not, does typing this bookmarklet into the location bar at hotmail.com (after Gator fills in your password for you) show your password in a dialog?
javascript:x = document.getElementsByTagName( 'input' ); y=false; for(i=0; i < x.length; ++i) { if (x[i].type == "password") { alert("Password: " + x[i].value); y = true; } } if (!y) { alert("Use this bookmarklet on a page with a pre-filled password field."); } void 0;
Assuming the javascript URL works with Gator-filled passwords, a Gator user could place that bookmarklet on his/her personal toolbar, and then activate it on each site where Gator remembered the password by clicking the personal toolbar button.
Why it probably won't happen: suing Microsoft over this draws attention to the fact that your company's computer systems are insecure, and that your admins were too lazy/stupid to install the patch.
Three words: class action lawsuit.
Re:Freenet as a distribution channel for videos?
on
Roasting Sacred Cows
·
· Score: 2
Why don't you?!! I want to see it too.
I just got freenet and I'm still trying to figure out how to use it. I *think* I just inserted the two 12-minute segments under the keys
brass eye special part 1 of 2 (divx)
brass eye special part 2 of 2 (divx)
How can I find out whether I successfully inserted the files?
Freenet as a distribution channel for videos?
on
Roasting Sacred Cows
·
· Score: 3, Insightful
When the cookdandbombd.avi mirrors were first linked to from the Plastic forums, they were immediately unavailable due to high demand. I was able to download the first avi from mirror4 and the second avi from mirror5 (only mirrors 1-3 had been linked to from the main page), but most Plastic readers probably didn't think of that. Now, cookdandbombd has stopped distributing the avis, and their front page says "closed for legal reasons" (copyright?).
What if, instead of hosting the avis themselves, they had put the avis on freenet and given out the key on their web site? That would have taken care of the Plastic effect (which, btw, is an order of magnitude weaker than the Slashdot effect) and also any legal problems arising from distributing the copyrighted show.
It sounds like you're saying: If KDE and Gnome both produce a desktop, that's wasted effort. But if Microsoft and Corel both produce an office suite, that's competition and choice for the user. I don't see how those two statements can be compatible.
Netscape 4 requesting from IIS is markedly slower than you'd expect by looking at relative performance on Apache with NN and IE. But it's not illegal, just ethically grey
Hmm, I wonder if that was because of a decision made by Netscape, a decision made by Microsoft, or just bad luck.
"Buy one get one free!" isn't very annoying though -- you know right away that they're not really giving you anything free, only discounted. On the other hand, "$20 free groceries" at the top of a long ad (with no footnote reference), with "With a $50 purchase" on the back, is annoying. IMO, it should either be illegal to misuse the word "free" without a clear and nearby qualifier, or we need to come up with a new word that means the same thing that "free" used to mean.
Why can't five or six different web sites get together that have common characteristics and charge one rate to access content on all these sites? I would gladly pay one overall bill to access five of my favorite sites rather than having to pay each one less. Say Slashdot gets X% of the total, Kuro5hin gets a slice, bluesnews, etc. Then those who do pay get the sites with no ads plus one general login account for all sites.
Is the problem that it takes too much effort to donate to a single site? I'm trying to help solve that problem by distributing the tip bookmarklet, a button that sits in your personal toolbar and lets you quickly send $5 to any site whose author includes an e-mail address on the site.
Because the pop-unders tend to form above, and then go below on linux, they are actually far more obtrusive, and that's part of why people hate them.
Actually, the same thing happens on WinNT and Win98, at least with IE and Mozilla.
Another way pop-unders can interrupt your chain of thought: the window.focus() that call that differentiates pop-unders from pop-ups causes the site that creates the pop-under to jump in front of whatever you were reading. So if you loaded about.com in one window while reading Slashdot, you would see a pop-under appear, and then the about.com window would jump in front of the ad and in front of slashdot.
I don't _want_ my web browser to have the job of filtering these things out. I've got other programs to do this and they do a much better job.
An external program can't filter something like eval("wind" + "ow.op" + "en(...)"); without blocking all eval calls. It can't tell the difference between a web page using window.open because you surfed to that site, and a page using it because you clicked on something within the site. It can't tell the difference between a single window.open used as part of a link and while(1)window.open(); used in the same context.
Well, maybe it could, but it would have to emulate most of your browser.
"All advertising is annoying to a certain extent, and the effectiveness of the pop-unders is driven by their ability to generate sales, not by their branding or traffic-driving effect," he said.
This article misses a fundamental difference between tranditional ads (banner ads and interstitials) and pop-up ads. If a site is covered with banner ads, you can leave the site. If a television station shows 50% ads, you can change the channel. But with pop-up ads, you have to go through extra effort to close the advertisements. To make things worse, it's often difficult to find out which of the many windows you have open triggered the ad, so it's hard to avoid the ads in the future.
That's why I'm trying to come up with a spec for Mozilla to block annoying pop-ups without breaking sites that use window.open for links, and without breaking bookmarklets. I threw this proposal around the mozilla newsgroups (n.p.m.security and n.p.m.ui) last week, and it met a mixed response, so I'm curious what the slashdot crowd thinks. The bug numbers referenced can be looked up on Bugzilla.
Most current browsers, including Mozilla, allow a class of profitable denial of service attacks. These attacks involve opening a large number of ad windows, or opening a new ad window each time the user tries to close an open one. Unlike most other forms of advertisement in any medium, these ads do not even give the user a chance to leave the site rather than view the ads, and cannot be ignored because they're in your way. Most of the sites using this type of DoS are adult sites, but there are are others, such as exitfuel.com partners (see bug 84749 for an example).
Somewhat less annoying are ordinary pop-up and pop-under ads. Some users think of them as interstitials, no more annoying than television ads. Some users are confused by them because they're used to having only one browser window open at a time. Some users are annoyed by them to the point where they'll immediately stop visiting a site that uses them or advertises in them.
The solution we come up with should:
a. Not be vulnerable to denial-of-service attacks such as "hydras" and cascading pop-up ads, at least with the default settings.
b. Not force Netscape to choose between (not being able to show pop-ups on netscape.com) and (being vulnerable to a widely exploited denial of service attack).
c. Have a user-interface simple enough that mpt won't complain about the number of prefs added.
d. Not break a large number of existing sites. Breaking a few sites is ok: pop-ups annoy a lot more people than browsers using alt text for tooltips, and we changed that at the expense of breaking more than several sites.
e. Make it possible to use bookmarklets and benign javascript in web pages while disallowing pop-up ads.
Here's my proposed plan:
1. Provide a pref:
Web pages may open new browser windows:
( ) Always
(*) Only when I click on the page or select "open in new window"
( ) Only when I select "open in new window"
See bug 55696 for some ideas about how the third option might work.
2. If "Always" is selected, windows opened by javascript will require a click before they can call window.open anyway. This will let users kill "hydras" as easily as they can kill normal pop-up ads. However, after the user clicks, the window will revert to the "Always" setting, because the user may have started using the window as a normal browser window.
3. Limit the number of consecutive window.opens to 3 or so. If a web page exceeds that limit, deny access to the last window.open call. This will break the "open selected links" bookmarklet , but bug 9274 will make up for that.
4. Disallow window.open, alert, prompt, and confirm in and after the onunload event (bug 33448).
5. Make sure a failed window.open call is reported to the user in some way (bug 47128, bug 83131).
6. Perhaps allow holding Ctrl while a page loads to enable onload pop-ups.
7. Allow power users to change the settings for specific sites or groups of sites using zone prefs (ui: bug 38966).
8. Make it so that activating a bookmarklet counts as a click, and selecting "open bookmark in new window" on a bookmarklet works similarly to selecting "open link in new window".
Automatic JavaScript on and off based on URL might be OK, but I want a button down in my tray where I can easily turn it on and off -- with, of course, indication of state.
Slashdot rumor has it that Microsoft toyed with this idea for a while and then dropped it when it internally became known as the "porn button". Vote for (or help us fix) one or both of these if you'd like to see the feature added to Mozilla:
bug 38521 Preferences Toolbar, for most commonly used prefs bug 87538 [RFE] preferences buttons on status bar
Intermediate way: Use Photoshop's Batch Action (or equivalent) on a bunch of files to resize them. Unfortunately, I believe this only outputs them all with the same filenames in a different directory. You'll still need to manually go through and rename the files. Not quite as intuitive. Still annoying.
Advanced way: Type this:
for i in *.jpg; do mogrify -geometry '96x96!' < "$i" > "$(basename "$i").jpg"; done
Not at all intuitive. Incredibly quick and easy if you know how.
Remember, having a book available to learn about an OS doesn't necessarily mean that the novice way isn't there. It does mean that the advanced way is there. That's a good thing. I hope there are always books available about the software I use.
Wouldn't it be even better if Photoshop gave you a way to find out the command-line equivalent of its batch thumbnailify command, and your file manager gave you a way to find out the command-line way to rename a bunch of files? Then intermediate users would have no trouble doing what they need to do, and advanced users would be able to combine the two commands into a "give me thumbnails for the images in this directory" script without having to look anything up in a reference manual.
If your CD is damaged, you might not be able to get a good digital copy of the music, and you'll have to do an analog copy instead. An analog copy of a three-minute song takes three minutes. (It's possible that I was using bad ripping software when I made this observation.)
Slashdot Mirror
The latest Mozilla build also has something similair to this. It will automagically fill in your info on order forms and such (such as name, address, email address, ...) You can also put in your SS#, credit card number, exp date and such. I'm not sure exactly how mozilla stores this info.
There are two options for how you can have Mozilla store your form info:
- obscured: I think Mozilla uses an obscuring mechanism slightly more sophisticated than ROT13, but anyone with read access to your file system would be able to extract the information, because the information is not protected by a password.
- encrypted: You specify a master password when you enable this feature. Mozilla will ask you for the master password before autofilling a form. You can specify whether it asks you at each form, only after restarting the browser, or after some amount of idle time. Again, I don't know the exact algorithm, but I assume it's decent since Mozilla already has crypto functions built in to handle https sites.
(These options are all under Edit > Preferences > Privacy and Security, in the subcategories Web Passwords and Master Passwords.)
Of course, you can always opt to not have Mozilla store your passwords and credit card number. It always asks before storing a password, and it won't try to remember your credit card number unless you specifically tell it to.
When a pop-up ad for a Delta Airlines appears while you're surfing AmericanAirlines.com, is it clear to the user that
a) the advertisement is coming from Gator, not from American Airlines, and
b) the user can stop this type of ad from appearing by uninstalling Gator?
Also,
c) Can a user who has been using Gator for several years uninstall Gator without losing his/her passwords?
d) If not, does typing this bookmarklet into the location bar at hotmail.com (after Gator fills in your password for you) show your password in a dialog?
javascript:x = document.getElementsByTagName( 'input' ); y=false; for(i=0; i < x.length; ++i) { if (x[i].type == "password") { alert("Password: " + x[i].value); y = true; } } if (!y) { alert("Use this bookmarklet on a page with a pre-filled password field."); } void 0;
Assuming the javascript URL works with Gator-filled passwords, a Gator user could place that bookmarklet on his/her personal toolbar, and then activate it on each site where Gator remembered the password by clicking the personal toolbar button.
I just say no to
...
6. The Cutting Edge
7. Planned Obsolesence
You mean you buy things when they're already obsolete?
I don't get it. Is Minsky trying to say that using a random neural net doesn't mean that the net won't have any preconceptions?
Why it probably won't happen: suing Microsoft over this draws attention to the fact that your company's computer systems are insecure, and that your admins were too lazy/stupid to install the patch.
Three words: class action lawsuit.
Why don't you?!! I want to see it too.
I just got freenet and I'm still trying to figure out how to use it. I *think* I just inserted the two 12-minute segments under the keys
brass eye special part 1 of 2 (divx)
brass eye special part 2 of 2 (divx)
How can I find out whether I successfully inserted the files?
When the cookdandbombd .avi mirrors were first linked to from the Plastic forums, they were immediately unavailable due to high demand. I was able to download the first avi from mirror4 and the second avi from mirror5 (only mirrors 1-3 had been linked to from the main page), but most Plastic readers probably didn't think of that. Now, cookdandbombd has stopped distributing the avis, and their front page says "closed for legal reasons" (copyright?).
What if, instead of hosting the avis themselves, they had put the avis on freenet and given out the key on their web site? That would have taken care of the Plastic effect (which, btw, is an order of magnitude weaker than the Slashdot effect) and also any legal problems arising from distributing the copyrighted show.
Oops! I just noticed that you already linked to the bug.
I searched bugzilla for "localhost" and found this: bug 86449, Cannot browse http://localhost on some linux systems.
Choice is good, fragmentation is bad.
It sounds like you're saying: If KDE and Gnome both produce a desktop, that's wasted effort. But if Microsoft and Corel both produce an office suite, that's competition and choice for the user. I don't see how those two statements can be compatible.
Netscape 4 requesting from IIS is markedly slower than you'd expect by looking at relative performance on Apache with NN and IE. But it's not illegal, just ethically grey
Hmm, I wonder if that was because of a decision made by Netscape, a decision made by Microsoft, or just bad luck.
"Buy one get one free!" isn't very annoying though -- you know right away that they're not really giving you anything free, only discounted. On the other hand, "$20 free groceries" at the top of a long ad (with no footnote reference), with "With a $50 purchase" on the back, is annoying. IMO, it should either be illegal to misuse the word "free" without a clear and nearby qualifier, or we need to come up with a new word that means the same thing that "free" used to mean.
or make it use a minimal amount of power until it gets to the large intestine?
Why can't five or six different web sites get together that have common characteristics and charge one rate to access content on all these sites? I would gladly pay one overall bill to access five of my favorite sites rather than having to pay each one less. Say Slashdot gets X% of the total, Kuro5hin gets a slice, bluesnews, etc. Then those who do pay get the sites with no ads plus one general login account for all sites.
Is the problem that it takes too much effort to donate to a single site? I'm trying to help solve that problem by distributing the tip bookmarklet, a button that sits in your personal toolbar and lets you quickly send $5 to any site whose author includes an e-mail address on the site.
Because the pop-unders tend to form above, and then go below on linux, they are actually far more obtrusive, and that's part of why people hate them.
Actually, the same thing happens on WinNT and Win98, at least with IE and Mozilla.
Another way pop-unders can interrupt your chain of thought: the window.focus() that call that differentiates pop-unders from pop-ups causes the site that creates the pop-under to jump in front of whatever you were reading. So if you loaded about.com in one window while reading Slashdot, you would see a pop-under appear, and then the about.com window would jump in front of the ad and in front of slashdot.
I don't _want_ my web browser to have the job of filtering these things out. I've got other programs to do this and they do a much better job.
An external program can't filter something like eval("wind" + "ow.op" + "en(...)"); without blocking all eval calls. It can't tell the difference between a web page using window.open because you surfed to that site, and a page using it because you clicked on something within the site. It can't tell the difference between a single window.open used as part of a link and while(1)window.open(); used in the same context.
Well, maybe it could, but it would have to emulate most of your browser.
How do you disable the popup sidebar in mozilla?
Are you talking about the way the Search sidebar opens when you do a Google search? That's bug 56969.
"All advertising is annoying to a certain extent, and the effectiveness of the pop-unders is driven by their ability to generate sales, not by their branding or traffic-driving effect," he said.
This article misses a fundamental difference between tranditional ads (banner ads and interstitials) and pop-up ads. If a site is covered with banner ads, you can leave the site. If a television station shows 50% ads, you can change the channel. But with pop-up ads, you have to go through extra effort to close the advertisements. To make things worse, it's often difficult to find out which of the many windows you have open triggered the ad, so it's hard to avoid the ads in the future.
That's why I'm trying to come up with a spec for Mozilla to block annoying pop-ups without breaking sites that use window.open for links, and without breaking bookmarklets. I threw this proposal around the mozilla newsgroups (n.p.m.security and n.p.m.ui) last week, and it met a mixed response, so I'm curious what the slashdot crowd thinks. The bug numbers referenced can be looked up on Bugzilla.
Most current browsers, including Mozilla, allow a class of profitable denial of service attacks. These attacks involve opening a large number of ad windows, or opening a new ad window each time the user tries to close an open one. Unlike most other forms of advertisement in any medium, these ads do not even give the user a chance to leave the site rather than view the ads, and cannot be ignored because they're in your way. Most of the sites using this type of DoS are adult sites, but there are are others, such as exitfuel.com partners (see bug 84749 for an example).
Somewhat less annoying are ordinary pop-up and pop-under ads. Some users think of them as interstitials, no more annoying than television ads. Some users are confused by them because they're used to having only one browser window open at a time. Some users are annoyed by them to the point where they'll immediately stop visiting a site that uses them or advertises in them.
The solution we come up with should:
a. Not be vulnerable to denial-of-service attacks such as "hydras" and cascading pop-up ads, at least with the default settings.
b. Not force Netscape to choose between (not being able to show pop-ups on netscape.com) and (being vulnerable to a widely exploited denial of service attack).
c. Have a user-interface simple enough that mpt won't complain about the number of prefs added.
d. Not break a large number of existing sites. Breaking a few sites is ok: pop-ups annoy a lot more people than browsers using alt text for tooltips, and we changed that at the expense of breaking more than several sites.
e. Make it possible to use bookmarklets and benign javascript in web pages while disallowing pop-up ads.
Here's my proposed plan:
1. Provide a pref:
Web pages may open new browser windows:
( ) Always
(*) Only when I click on the page or select "open in new window"
( ) Only when I select "open in new window"
See bug 55696 for some ideas about how the third option might work.
2. If "Always" is selected, windows opened by javascript will require a click before they can call window.open anyway. This will let users kill "hydras" as easily as they can kill normal pop-up ads. However, after the user clicks, the window will revert to the "Always" setting, because the user may have started using the window as a normal browser window.
3. Limit the number of consecutive window.opens to 3 or so. If a web page exceeds that limit, deny access to the last window.open call. This will break the "open selected links" bookmarklet , but bug 9274 will make up for that.
4. Disallow window.open, alert, prompt, and confirm in and after the onunload event (bug 33448).
5. Make sure a failed window.open call is reported to the user in some way (bug 47128, bug 83131).
6. Perhaps allow holding Ctrl while a page loads to enable onload pop-ups.
7. Allow power users to change the settings for specific sites or groups of sites using zone prefs (ui: bug 38966).
8. Make it so that activating a bookmarklet counts as a click, and selecting "open bookmark in new window" on a bookmarklet works similarly to selecting "open link in new window".
Even if you did that, a web site that found a major security hole in your browser would be able to steal your Slashdot password...
This link is a fine example... difficult to get out of on Microsoft browsers.
Only on Microsoft browsers? I don't remember finding a browser where I could get out of that kind of loop.
See bug 59314, "Alerts should be content-modal, not window-modal", for fixing this in Mozilla.
don't forget to change a quote (") into "
And it might also be a good idea to turn & into & while you're at it.
Btw, I don't think you need to do the < and > transformations for attributes, but it doesn't hurt.
Automatic JavaScript on and off based on URL might be OK, but I want a button down in my tray where I can easily turn it on and off -- with, of course, indication of state.
Slashdot rumor has it that Microsoft toyed with this idea for a while and then dropped it when it internally became known as the "porn button". Vote for (or help us fix) one or both of these if you'd like to see the feature added to Mozilla:
bug 38521 Preferences Toolbar, for most commonly used prefs
bug 87538 [RFE] preferences buttons on status bar
metamod: -1, imaginary moderation
If your CD is damaged, you might not be able to get a good digital copy of the music, and you'll have to do an analog copy instead. An analog copy of a three-minute song takes three minutes. (It's possible that I was using bad ripping software when I made this observation.)