hrmm... i was not aware of this. i thought XMLHttpRequest could not be executed across domains. this seems like a pretty serious security design flaw.
i mean, shouldn't the same origin security policy prevent XMLHttpRequest from making requests across domains? i remember when i wrote AJAX applications in the past that i couldn't even call XMLHttpRequest on a subdomain.
your comment suggests that you don't understand what a CSRF attack is.
http referer can be intentionally spoofed by an untrusted browser, but a CSRF attack is executed by an untrusted page on a trusted browser. in this case the server is not the target, the user is. the attacker's page can cause the victim's browser to make a forged GET or POST request without the user's knowledge, but the request headers are still set by the browser, and thus cannot be altered by the attacker.
if you were using http referer to prevent a user from accessing a restricted page, then of course that can be spoofed since the user would be the attacker, and the server the target. but that is completely unrelated to CSRF attacks.
how exactly would the attacker use a brute force attack on a CSRF vulnerability? i don't think a user can be convinced to resubmit a form more than 2-3 times, much less the hundreds of thousands of times necessary to crack any moderately secure session token.
and all you need to do is block outside referrers. that's the oldest trick in the book. it's simple to implement and effectively protects against most CSRF attacks.
can someone please explain to me why the wikipedia page on the confused deputy problem (the class of attacks to which CSRF belongs to) contains a picture of Don Knotts?
i really don't see what Barney Fife has to do with privilege escalation or computer security.
the LHC is not a commercial corporation. it's not even an organization. it's a particle physics experiment/apparatus
CERN is the organization that funds the LHC. and they are not a commercial corporation either. they're a particle physics laboratory and research institution. they're concerned with scientific & academic research, not making money. they're driven by the desire for knowledge, not the desire for profit.
obsolescence has nothing to do with the physical life-span of a video card. when a video card becomes obsolete depends primarily on the user and the application. what these articles are referring to is the physical life of the video card before it is expected to fail.
and not everyone uses their computer primarily for gaming. outside of gaming, technical obsolescence does not occur so quickly. at the moment i'm using a 5-6 year old workstation at work and at home. i do graphic design and web development, and both of these systems work just fine with the latest version of Photoshop, Illustrator, Dreamweaver, QuarkXpress, etc.
the workstation i use at the office has had some memory upgrades, but aside from that, the occasional power supply, and a couple hard drives, the systems have held out just fine. my home system is a little more powerful, so i use it for more serious design work, but the office workstation is sufficient for print ads and web graphics. the video cards in either system were only about mid-range when they were first installed. i just needed a video card that supported 32-bit color depth since the integrated graphics controller only supported 24-bit truecolor. so beyond that, all that mattered was sturdiness and a long functional life-span.
my boss has recently offered to purchase a new workstation for me to use, but we'll probably keep the current workstation and just give it to one of the sales staff or someone else who only needs it for word processing, e-mail, web browsing, etc. as long as the hardware doesn't fail, the system is good for probably another 3-4 years.
obviously there were other camera attachments (the gameboy advance and gameboy color both had similar attachments i think). but what game can you name off of the top of your head that uses a camera--and is actually fun?
what about battery life? any noticeable difference there?
unless the original DS's screen is really unacceptable (i probably won't be playing outdoors or anything), i don't mind a slightly inferior display. can anyone with experience with the original DS and the PSP tell me how the two compare in terms of brightness?
the ergonomic advantage Tetsujin mentioned does make a difference a to me, so i'll probably have to try each one out for myself to see how it feels.
it seems like the PS2 goes for about $60-80 used. and i see the original DS going for $50-60 used on eBay. what's a reasonable price for a refurbished DS original/lite in decent condition?
when will console makers realize that piracy is unpreventable? homebrew development adds value to their products, and they should be supporting the homebrew community rather than opposing it. every single console has had piracy problems, and that isn't about to change in the future.
well, at least Nintendo isn't wasting time constantly putting out new firmware updates which don't add any new functionality, and are just designed to break backwards compatibility with old firmware versions.
that means i'll be able to find an old DS for cheap. =P
aside from the size and aesthetics, is their any difference in functionality between 1st gen DS and the DS lite?
the only console i own at the moment is the PSP, and while i love the system (it's a sweet piece of hardware) I am rather disappointed by Sony's attitude towards their customers and their mismanagement of the platform (why make PSP owners purchase a PS3 to access the PSN when the PSP already has wi-fi + web browser?).
i'm also disappointed that the PSP seems to be the only platform not getting a Front Mission release. so i'm considering getting either a used PS2 or DS, though i'm still leaning a little towards the PS2 right now because of its library. it'll probably ultimately come down to price since i'm a cheapskate.
the only game i can think of that really uses a camera attachment is The Eye of Judgment on the PS3. so i can't see a lot of developers taking advantage of this new feature, especially as old DS owners won't be able to play the games which integrate the camera into the core gameplay.
that said, i think The Eye of Judgment is a very novel concept, and i wish more game developers would experiment with these types of innovative ideas.
and perhaps if the DS gets a decent music player, that'll compel Sony to make much-needed updates to the PSP's own music player. right now if you want an portable MP3 player + gaming device, your only viable option is the PSP. but while the XMB interface is beautifully designed, the integrated audio player just doesn't have many of the basic features users expect of a modern media player (like playlist support, and a media browser).
i think the DS's touchscreen could definitely allow for a great media browsing interface, one that might even give the iPod's click wheel a run for its money. i mean, having the storage capacity for thousands of songs does little good if you can't find the song you're looking for.
i said the fusion reaction itself releases very little of the bomb's net energy, i didn't say that it had no effect.
the advantage of a fusion-boosted nuclear bomb is that the fusion reaction speeds up the fission process, which doubles the efficiency of the fission reaction (which produces the majority of the energy/destruction), thus allowing fusion-boosted weapons to be made much smaller while producing equivalent yields.
Things that make REALLY BIG BOMBS tend to be difficult to control. Don't hold your breath waiting for economically-viable fusion power.
fusion is used to boost the yield of atomic weapons, but the fission reaction is the main destructive component. the fusion reaction is just meant to increase the rate at which fission occurs, and only adds about 1% to the amount of the energy released by a nuclear bomb.
fission reactors are already in use in many places and have been for quite some time now. the fact that fusion/fission are also used in nuclear weapons does not exclude them from being viable or controllable energy sources.
the PSP is a portable entertainment device, it doesn't just pay games. i use it to listen to audiobooks and read e-books more often than i actually play games on it these days. i mean, there are blind computer users even though computers use a visual display for most output.
well, that's why it's important to switch to plug-in electrics. plug-in hybrids would be a good compromise to help us phase into the new all-electric infrastructure.
with plug-in electric vehicles on the road, we eliminate the hugely inefficient ICEs and replace it with centralized power plants. even if all power plants were coal-burning, they're still far more efficient automobile engines. and once our transportation infrastructure is plugged into the power grid, we can simply focus on moving to more sustainable energy sources.
there's already a lot of alternative energy sources being used for electricity generation. hydroelectric, geothermal, wind power, solar thermal, tidal power, etc. but without replacing gas-powered vehicles with electric vehicles then none of these alternative energy sources can be taken advantage of. and even if we discover new, cleaner, more sustainable energy sources in the future, we wouldn't be able to take advantage of it unless we had plug-in electric vehicles.
so the argument that electric vehicles just pollute somewhere else is very specious. anyone with even moderate intelligence can see that it's ultimately just a banal excuse for inaction.
good on them. i hope other portable device makers will follow in their footsteps.
i was going to suggest that Sony should add accessibility features to the PSP, but the PSP's media player is still pretty much a bare-bone audio player. after all these firmware updates, the PSP still doesn't support playlists, much less the advanced media browsing features of the iPod (genres, artists, albums, etc.).
though i don't have much use for it, adding accessibility features for the blind would at least be more productive than releasing constant firmware updates that are simply made to break backwards-compatibility with old firmware versions. i don't understand why Sony would waste development resources on their vain attempts to combat piracy, which also has the perhaps intentional effect of hindering homebrew development--something that actually adds value to the PSP and benefits users much more than the useless firmware updates.
i guess it'll be up to the homebrew community once again to add this neglected feature.
well, i didn't mean the SpaceX project. AFAIK they don't have any satellites or space stations that need solar power--which is what i was primarily talking about in terms of solar power in space.
frankly, i agree with Musk. it won't be practical to use space solar for terrestrial power needs for at least another couple decades. i simply meant using small scale parabolic troughs for powering something like the ISS, since that seems to be simplest/cheapest method of tapping into solar energy--and more efficient than PV cells.
but in the far future we may be able to create a Dyson sphere, which would capture enough solar energy to be worth piping back to earth. but by then we'll probably have colonized several planets or even other planetary/star systems.
well, couldn't you use some form of CSP system to power a steam turbine, and then simply condense the steam back into water in a separate chamber? there isn't a need to cool the water that much. it just needs to be cool enough to condense back into liquid form so that it can once again be evaporated to drive the turbine. it seems to me that as long as you collect the exhaust into a chamber insulated from the heat transfer fluid, it will naturally lose energy and condense.
i never said their motivations were completely selfless, but Tesla Motors shows that you can make money and make the world a better place simultaneously. they are a commercial enterprise after all.
but simply taking a look around their site and reading interviews by the company's founders, you can see that they have a true desire to reduce our society's dependence on oil (particularly foreign oil) as well as promote environmentally friendly technology such as electric vehicles.
in fact, they've also stated that, though the price tag on the Tesla Roadster is very high, they plan to reinvest most of the profits back into R&D to create a more-affordable sedan and make quality electric vehicles accessible to the general public.
this is completely OT, but the picture on that wiki page has got me wondering; why is it that we aren't exploring solar power technologies in space aside from photovoltaic cells?
for instance, most solar power plants on earth seem to use solar thermal energy based on Concentrating Solar Power (CSP) systems like parabolic troughs or solar power towers rather than PV cells. would solar thermal energy not be as efficient in space? how would the lack of atmosphere affect these applications? would it allow for better thermal insulation, or would the cold temperatures in space drain the heat transfer fluid of its stored energy?
obviously, terrestrial solar energy plants are massive and take up significant land area, but for something like the ISS, the system could be scaled down as you don't need to supply power to an entire city. i mean, if current solar panels are so inefficient, why is it still the only form of solar energy collector that's used in space?
i know you meant that as a compliment, but i highly doubt someone like Musk would want to be compared with a protagonist form an Ayn Rand novel.
FYI, Musk invested much of his profits from PayPal in Tesla Motors. considering the altruistic goals (echoing the company's namesake) of the company to ultimately bring affordable electric vehicles to market, not to mention the various philanthropic projects funded by the Musk foundation, i really don't think it's appropriate to label him as the archetypal Randian objectivist.
he seems more like someone who's made his millions, and is now trying to use that wealth to better society rather than a staunch capitalist obsessed with acquiring money and power.
Slashdot Mirror
hrmm... i was not aware of this. i thought XMLHttpRequest could not be executed across domains. this seems like a pretty serious security design flaw.
i mean, shouldn't the same origin security policy prevent XMLHttpRequest from making requests across domains? i remember when i wrote AJAX applications in the past that i couldn't even call XMLHttpRequest on a subdomain.
that has nothing to do with CSRF. if the other article is unclear, try reading the Freedom to Tinker article.
your comment suggests that you don't understand what a CSRF attack is.
http referer can be intentionally spoofed by an untrusted browser, but a CSRF attack is executed by an untrusted page on a trusted browser. in this case the server is not the target, the user is. the attacker's page can cause the victim's browser to make a forged GET or POST request without the user's knowledge, but the request headers are still set by the browser, and thus cannot be altered by the attacker.
if you were using http referer to prevent a user from accessing a restricted page, then of course that can be spoofed since the user would be the attacker, and the server the target. but that is completely unrelated to CSRF attacks.
how exactly would the attacker use a brute force attack on a CSRF vulnerability? i don't think a user can be convinced to resubmit a form more than 2-3 times, much less the hundreds of thousands of times necessary to crack any moderately secure session token.
and all you need to do is block outside referrers. that's the oldest trick in the book. it's simple to implement and effectively protects against most CSRF attacks.
can someone please explain to me why the wikipedia page on the confused deputy problem (the class of attacks to which CSRF belongs to) contains a picture of Don Knotts?
i really don't see what Barney Fife has to do with privilege escalation or computer security.
the LHC is not a commercial corporation. it's not even an organization. it's a particle physics experiment/apparatus
CERN is the organization that funds the LHC. and they are not a commercial corporation either. they're a particle physics laboratory and research institution. they're concerned with scientific & academic research, not making money. they're driven by the desire for knowledge, not the desire for profit.
obsolescence has nothing to do with the physical life-span of a video card. when a video card becomes obsolete depends primarily on the user and the application. what these articles are referring to is the physical life of the video card before it is expected to fail.
and not everyone uses their computer primarily for gaming. outside of gaming, technical obsolescence does not occur so quickly. at the moment i'm using a 5-6 year old workstation at work and at home. i do graphic design and web development, and both of these systems work just fine with the latest version of Photoshop, Illustrator, Dreamweaver, QuarkXpress, etc.
the workstation i use at the office has had some memory upgrades, but aside from that, the occasional power supply, and a couple hard drives, the systems have held out just fine. my home system is a little more powerful, so i use it for more serious design work, but the office workstation is sufficient for print ads and web graphics. the video cards in either system were only about mid-range when they were first installed. i just needed a video card that supported 32-bit color depth since the integrated graphics controller only supported 24-bit truecolor. so beyond that, all that mattered was sturdiness and a long functional life-span.
my boss has recently offered to purchase a new workstation for me to use, but we'll probably keep the current workstation and just give it to one of the sales staff or someone else who only needs it for word processing, e-mail, web browsing, etc. as long as the hardware doesn't fail, the system is good for probably another 3-4 years.
i said that's the only game i can think of.
obviously there were other camera attachments (the gameboy advance and gameboy color both had similar attachments i think). but what game can you name off of the top of your head that uses a camera--and is actually fun?
what about battery life? any noticeable difference there?
unless the original DS's screen is really unacceptable (i probably won't be playing outdoors or anything), i don't mind a slightly inferior display. can anyone with experience with the original DS and the PSP tell me how the two compare in terms of brightness?
the ergonomic advantage Tetsujin mentioned does make a difference a to me, so i'll probably have to try each one out for myself to see how it feels.
it seems like the PS2 goes for about $60-80 used. and i see the original DS going for $50-60 used on eBay. what's a reasonable price for a refurbished DS original/lite in decent condition?
when will console makers realize that piracy is unpreventable? homebrew development adds value to their products, and they should be supporting the homebrew community rather than opposing it. every single console has had piracy problems, and that isn't about to change in the future.
well, at least Nintendo isn't wasting time constantly putting out new firmware updates which don't add any new functionality, and are just designed to break backwards compatibility with old firmware versions.
that means i'll be able to find an old DS for cheap. =P
aside from the size and aesthetics, is their any difference in functionality between 1st gen DS and the DS lite?
the only console i own at the moment is the PSP, and while i love the system (it's a sweet piece of hardware) I am rather disappointed by Sony's attitude towards their customers and their mismanagement of the platform (why make PSP owners purchase a PS3 to access the PSN when the PSP already has wi-fi + web browser?).
i'm also disappointed that the PSP seems to be the only platform not getting a Front Mission release. so i'm considering getting either a used PS2 or DS, though i'm still leaning a little towards the PS2 right now because of its library. it'll probably ultimately come down to price since i'm a cheapskate.
the only game i can think of that really uses a camera attachment is The Eye of Judgment on the PS3. so i can't see a lot of developers taking advantage of this new feature, especially as old DS owners won't be able to play the games which integrate the camera into the core gameplay.
that said, i think The Eye of Judgment is a very novel concept, and i wish more game developers would experiment with these types of innovative ideas.
and perhaps if the DS gets a decent music player, that'll compel Sony to make much-needed updates to the PSP's own music player. right now if you want an portable MP3 player + gaming device, your only viable option is the PSP. but while the XMB interface is beautifully designed, the integrated audio player just doesn't have many of the basic features users expect of a modern media player (like playlist support, and a media browser).
i think the DS's touchscreen could definitely allow for a great media browsing interface, one that might even give the iPod's click wheel a run for its money. i mean, having the storage capacity for thousands of songs does little good if you can't find the song you're looking for.
i said the fusion reaction itself releases very little of the bomb's net energy, i didn't say that it had no effect.
the advantage of a fusion-boosted nuclear bomb is that the fusion reaction speeds up the fission process, which doubles the efficiency of the fission reaction (which produces the majority of the energy/destruction), thus allowing fusion-boosted weapons to be made much smaller while producing equivalent yields.
you can read more about the process here.
fusion is used to boost the yield of atomic weapons, but the fission reaction is the main destructive component. the fusion reaction is just meant to increase the rate at which fission occurs, and only adds about 1% to the amount of the energy released by a nuclear bomb.
fission reactors are already in use in many places and have been for quite some time now. the fact that fusion/fission are also used in nuclear weapons does not exclude them from being viable or controllable energy sources.
the PSP is a portable entertainment device, it doesn't just pay games. i use it to listen to audiobooks and read e-books more often than i actually play games on it these days. i mean, there are blind computer users even though computers use a visual display for most output.
well, that's why it's important to switch to plug-in electrics. plug-in hybrids would be a good compromise to help us phase into the new all-electric infrastructure.
with plug-in electric vehicles on the road, we eliminate the hugely inefficient ICEs and replace it with centralized power plants. even if all power plants were coal-burning, they're still far more efficient automobile engines. and once our transportation infrastructure is plugged into the power grid, we can simply focus on moving to more sustainable energy sources.
there's already a lot of alternative energy sources being used for electricity generation. hydroelectric, geothermal, wind power, solar thermal, tidal power, etc. but without replacing gas-powered vehicles with electric vehicles then none of these alternative energy sources can be taken advantage of. and even if we discover new, cleaner, more sustainable energy sources in the future, we wouldn't be able to take advantage of it unless we had plug-in electric vehicles.
so the argument that electric vehicles just pollute somewhere else is very specious. anyone with even moderate intelligence can see that it's ultimately just a banal excuse for inaction.
ah, of course... i guess there's no way to exploit the coldness of space? i know vacuum cooling is out since that would drain the water supply.
hey, don't forget Warren Buffet.
good on them. i hope other portable device makers will follow in their footsteps.
i was going to suggest that Sony should add accessibility features to the PSP, but the PSP's media player is still pretty much a bare-bone audio player. after all these firmware updates, the PSP still doesn't support playlists, much less the advanced media browsing features of the iPod (genres, artists, albums, etc.).
though i don't have much use for it, adding accessibility features for the blind would at least be more productive than releasing constant firmware updates that are simply made to break backwards-compatibility with old firmware versions. i don't understand why Sony would waste development resources on their vain attempts to combat piracy, which also has the perhaps intentional effect of hindering homebrew development--something that actually adds value to the PSP and benefits users much more than the useless firmware updates.
i guess it'll be up to the homebrew community once again to add this neglected feature.
well, i didn't mean the SpaceX project. AFAIK they don't have any satellites or space stations that need solar power--which is what i was primarily talking about in terms of solar power in space.
frankly, i agree with Musk. it won't be practical to use space solar for terrestrial power needs for at least another couple decades. i simply meant using small scale parabolic troughs for powering something like the ISS, since that seems to be simplest/cheapest method of tapping into solar energy--and more efficient than PV cells.
but in the far future we may be able to create a Dyson sphere, which would capture enough solar energy to be worth piping back to earth. but by then we'll probably have colonized several planets or even other planetary/star systems.
well, couldn't you use some form of CSP system to power a steam turbine, and then simply condense the steam back into water in a separate chamber? there isn't a need to cool the water that much. it just needs to be cool enough to condense back into liquid form so that it can once again be evaporated to drive the turbine. it seems to me that as long as you collect the exhaust into a chamber insulated from the heat transfer fluid, it will naturally lose energy and condense.
i never said their motivations were completely selfless, but Tesla Motors shows that you can make money and make the world a better place simultaneously. they are a commercial enterprise after all.
but simply taking a look around their site and reading interviews by the company's founders, you can see that they have a true desire to reduce our society's dependence on oil (particularly foreign oil) as well as promote environmentally friendly technology such as electric vehicles.
in fact, they've also stated that, though the price tag on the Tesla Roadster is very high, they plan to reinvest most of the profits back into R&D to create a more-affordable sedan and make quality electric vehicles accessible to the general public.
this is completely OT, but the picture on that wiki page has got me wondering; why is it that we aren't exploring solar power technologies in space aside from photovoltaic cells?
for instance, most solar power plants on earth seem to use solar thermal energy based on Concentrating Solar Power (CSP) systems like parabolic troughs or solar power towers rather than PV cells. would solar thermal energy not be as efficient in space? how would the lack of atmosphere affect these applications? would it allow for better thermal insulation, or would the cold temperatures in space drain the heat transfer fluid of its stored energy?
obviously, terrestrial solar energy plants are massive and take up significant land area, but for something like the ISS, the system could be scaled down as you don't need to supply power to an entire city. i mean, if current solar panels are so inefficient, why is it still the only form of solar energy collector that's used in space?
ugh...
i know you meant that as a compliment, but i highly doubt someone like Musk would want to be compared with a protagonist form an Ayn Rand novel.
FYI, Musk invested much of his profits from PayPal in Tesla Motors. considering the altruistic goals (echoing the company's namesake) of the company to ultimately bring affordable electric vehicles to market, not to mention the various philanthropic projects funded by the Musk foundation, i really don't think it's appropriate to label him as the archetypal Randian objectivist.
he seems more like someone who's made his millions, and is now trying to use that wealth to better society rather than a staunch capitalist obsessed with acquiring money and power.
Sterno -- the drink of choice for the discerning hobo.