Mind you, it's not like we should be surprised - they acted in exactly the same way about the Roland Piquepaille(sp?) stories, and have acted the same in the past too (anyone else remember the troll report thread and related mod bombing and moderation blacklisting? I *still* can't moderate). The bottom line is that for all slashdot seems to rail against poor customer service, they're quick to ignore their own customers.
Actually, far more likely is that they don't have time to read/. comments all day since they are busy doing other stuff and managing the sbumission queue.
I toally agree this whole ScuttleMonkey thing is BS and the guy should be fired, but if you want to make your point known, you should be emailing OSTG about it, not ranting on here where no one sees you.
But http://my.yahoo.com/ is awesome. Its totally customizeable, you can add your own RSS feeds, integrates with all your Yahoo services like calerndering, etc.
It is basically what Google personal wants to be, but isn't yet (My Yahoo! has several items you can't find on Google personal, like TV listings for my area, a calender that syncs with exchange and my PDA, and a better stock ticker, for example).
Try it out. I don't understand why it isn't the default start page at www.yahoo.com either. It is much better. Maybe some people are just too attached to the old Yahoo! where you start at the directory.
No, he did not. He signed up for a redirect. Podkeywords.com is a redirection service. Hell, you even *pick* your redirect keyword to use in your URL when you sign up.
THe guy is a fucking moron. Even read what he says himself, he didn't have a clue what he was signing up for when he signed up, he was in some mad frenzy to list his podcast wherever he could.
So basiclaly, he signed up for a redirect, search engines indexed his redirect (which is totally expected), then complains when people use the more highly-rated redirect instead of the direct URl.
Why he complains, I still don't understand, there is no way that podkeywords.com could even change the stream location anyway without his listeners noticing.
There *is* no podjacker. The whole fucking article is retarded.
He submitted his RSS feed for a redirect, then complained about it when search engines indexed his redirect instead of the normal URL. *THEN* he invents some bullshit word, "Podjacking", for a problem that does not exist, that he brought on himself.
No, he *thought* he submitted a listing, too bad he didn't read the goddamned description of what the site was.
Podkeyword.com provides keywords for podcatss in URL redirectors. Hell, I can tell this from *the goddamned url*, let alone the signup process, where you even pick the keyword you want for your redirect.
If you read the article I get the distinct impression this guy had no clue what hew as doing when he signed up for podkeyword.com.
Anyways, the truth is, this guy is an idiot, signed up fomr something he didn't understand, then got all pissed off when search engines started indexing the redirect instead of the real URl. Why he got so pissed off, I still don't know. LIke, for some reason he thinks that podkeyword.com could all of a sudden redirect his podcast to somewhere else? He doesn't think his listeners would notice that? Man vegans are even more weird than I initially thought.
Actually, it is more like if Yahoo themselves went and registered a redirect to their own site.
The guy signed up for this *himself*. Then he complained about it when he later realized everyone was using the redirector instead of his "front door" url (wtf???)
It is like going to tinyurl.com and making a tinyurl for your site, then complaining later on when people use it to access your site instead of the real URL.
The guy is a fruitcake and shouldn't even be allowed to podcast until he takes a few courses on how the internet works.
While most of my viewpoint was already iterated by this comment, I have one more thing to add.
This is what happens when a very new technology that is highly experimental becomes widespread too fast. People who doen't have a goddamned clue how the web actually works start submitting things to sites left and right, without understanding the consequences of what they are doing. My personal guess is that this bozo did not even know what a URL redirector *was* when he signed up for this service.
Anyway, I personally stand 100% beside podkeyword.com on this, this guy is a complete tool. He may know stuff about vegan food, but he certainly does not know much about the web or technology, and he should leave the management of his podcast site up to someone who has two clues about what is going on.
What a freak. I can't believe how much media coverage this has gotten, it is really a shame because podkeyword.com provided a nice service (not unlike tinyurl.com, actually nearly identical) and now their name will be tarnished beyond repair.
MOD PARENT UP, this guy is a tool
on
The Podjacker Threat
·
· Score: 3, Informative
What a waste of my time.
No one "jacked" anything, this guy submitted the site to this URl forwarder himself The site that "podjacked" him is no different than cjb.net or tinyurl.com or any other redriector service.
It is anyone's fault this guy is a complete tool and does not realize what he is doing.
I was taught by my english teacher in high school that ain't was a perfectly valid word as long as you are using it in the "am not" sense, where it originated. He said that this was because there is no other way to form a contraction based on these words ( amn't? ).
I dunno if he is full of crap or not, but at least he wasn't anal about it. It makes sense too, there is no reason to use ain't for 'is not' when isn't is just as short and is more proper.
I'm in a similar situation as Mr. Kohler, since Slashdot is not cool enough to receive a review console.
This is very surprising considering all the positive press that Microsoft routinely gets out of Slashdot. From past experience I can safely say that most Slashdotters would have been rushing the stores after the guarenteed-to-be-glowing review of the new console produced by such a respectable company.
IFrame refresh hacks are not "asynchronous" because the user can see them happening, just by watching the browser load icon.
They also break the back button even worse than Ajax. With Ajax at least the back button takes you back a page, if you are doing iframe nonsense and do not know what you are doing (ie, using location = instead of location.replace) it frequently just moves the iframe back a page, resulting in it doing nothing, or worse, sending/retrieving duplicate data.
IFrame refresh hacks are not "asynchronous" because the user can see them happening, just by watching the browser load icon.
They also break the back button even worse than Ajax. With Ajax at least the back button takes you back a page, if you are doing iframe nonsense and do not know what you are doing (ie, using location = instead of location.replace) it frequently just moves the iframe back a page, resulting in it doing nothing, or worse, sending/retrieving duplicate data.
See that first part? Asynchronous? You can't do that without XMLHttpRequest*. AJAX is not a methodology without it.
Basically, AJAX *is* XMLHttpRequest, because you would not use XMLHttpRequest for anything else, and you can't do AJAX without it. The whole acronymn is retarded and useless, and created by a marketing junkie at Adaptive Path to drive up business. It is no more a "methodology" than wiping your ass.
* I am not including iframe refresh hacks here, because they are not really asynchronous (watch your web browser spinning icon!), though they accomplish the same goals.
Anyone who designs a webapp around the idea of frugal use of the back button or bookmarks should be shot, plain and simple. Such a thing could never be more complicated than a bulliten board system, and would not be clasified as a "web application".
AJAX relies on the XMLHttpRequest object to do anything. Without it, there is no AJAX (you could say it puts the A in AJAX). Microsoft invented this object, it has shipped with the MSXML COM object for a long time. They first used it in Outlook Web Access in the late 90s.
AJAX only started to get popular in the media after Adaptive Path coined a stupid buzzword for it, but IE-specific developers had been using it for years. Adaptive Path just stumbled upon it being more sueful because Firefox started also shipping an XMLHttpRequest object.
But Microsoft *did* create it, so it is totally accurate to call it a "Microsoft Technology". Just like SMB networking is a "Microsoft technology", even though there is Samba, and.Net is a "Microsoft Technology", even though there is Mono.
Yeah, NOBODY uses frames in development anymore. Thats old news!
What's that? GMail uses hidden iframes? Google Maps uses hidden frames? Yahoo maps? AdSense? Slashdot? Nah, those guys are all small potatoes!
</sarcasm>
Get a clue. Just because you can't see frames, does not mean they are not there. Frames are used all over the freaking place. Nearly every web page you visit has an ad in an iframe in it.
This is the reason that this article, and also the one it spoofed, are both wrong. Not every state of a web page has to be, or should be, bookmarkable. The back button was never meant to be an 'undo' and should not be treated as such. etc etc...
Both frames and Ajax are very useful and powerful in web applications.
The whole bug is that there is a XSS vulnerability within the IE JavaScript engine around CSS imports. The vulnerability will let you load the contents of any other site into your own site and examin them. This is normally not allowed.
All the stuff you are describing is just details around how to use this exploit to get information from Google Desktop. But you can easily do the same thing to exploit any service who uses an embedded IE component to render data from a server, be it internal or external.
Take my Ultimate Bet example for instance. All you would need to do is have a webpage with the rogue code in it visited by the user at the same time they are logged into Ultimate Bet. You can then use the exploit to load up the user's account page (which will load fine, since they are already logged in), and get whatever the hell data you want, including withdrawing money from their account.
It's a very dangerous scenario. Someone could write a whole bunch of rogue scripts that looked for various exploitable applications to steal data, that all execute from one page. If the user happened to be running the app at that time they would be instantly screwed by visiting that page. The only reason Google Desktop is a particularly interesting target is that it is *always* running. But that is not a prerequisite for the exploit.
This article summary, and also most comments posted so far, are total misinformed garbage.
First of all, Google did not fix an IE bug. All they did is make their own software a bit more tight in security, so that *they* are not suceptible to the IE bug. It does not *fix* it.
Second of all, the bug was *not* in Google Desktop, it *is* an IE bug, it just happens that people who use Google Desktop are vulnerable to it since it embeds IE.
But *ANY* app that embeds IE is (and remains) vulnerable, including many other pieces of software. For example, for all you poker players, if you have an account a UltimateBet, you *are* vulnerable to ths bug, and in theory someone could use it to steal your account information, which is very dangerous, since they may be able th initate withdraws from your account as well.
This is just the tip of the iceburgm there are literally hundreds of apps that embed the IE engine for rendering. All are at risk.
The power of a military is not based on sheer numbers of soldiers.
China does not even hold a candle to the US in terms of hardware and technology, even if you give them a generous amount of 'tom sectret' type developments.
The UK has a capable military for sure, but again it is not even in the same ballpark as the US.
A few figures for your consideration. Sure, dollars spent is not a direct 1:1 correlation with military might, but it should give some perspective as to the ballpark.
Slashdot Mirror
scuttlemonkey.user.js:
Actually, far more likely is that they don't have time to read /. comments all day since they are busy doing other stuff and managing the sbumission queue.
I toally agree this whole ScuttleMonkey thing is BS and the guy should be fired, but if you want to make your point known, you should be emailing OSTG about it, not ranting on here where no one sees you.
www.yahoo.com is total, crap, I agree with you.
But http://my.yahoo.com/ is awesome. Its totally customizeable, you can add your own RSS feeds, integrates with all your Yahoo services like calerndering, etc.
It is basically what Google personal wants to be, but isn't yet (My Yahoo! has several items you can't find on Google personal, like TV listings for my area, a calender that syncs with exchange and my PDA, and a better stock ticker, for example).
Try it out. I don't understand why it isn't the default start page at www.yahoo.com either. It is much better. Maybe some people are just too attached to the old Yahoo! where you start at the directory.
No, he did not. He signed up for a redirect. Podkeywords.com is a redirection service. Hell, you even *pick* your redirect keyword to use in your URL when you sign up.
THe guy is a fucking moron. Even read what he says himself, he didn't have a clue what he was signing up for when he signed up, he was in some mad frenzy to list his podcast wherever he could.
So basiclaly, he signed up for a redirect, search engines indexed his redirect (which is totally expected), then complains when people use the more highly-rated redirect instead of the direct URl.
Why he complains, I still don't understand, there is no way that podkeywords.com could even change the stream location anyway without his listeners noticing.
The guy is a moron.
There *is* no podjacker. The whole fucking article is retarded.
He submitted his RSS feed for a redirect, then complained about it when search engines indexed his redirect instead of the normal URL. *THEN* he invents some bullshit word, "Podjacking", for a problem that does not exist, that he brought on himself.
No, he *thought* he submitted a listing, too bad he didn't read the goddamned description of what the site was.
Podkeyword.com provides keywords for podcatss in URL redirectors. Hell, I can tell this from *the goddamned url*, let alone the signup process, where you even pick the keyword you want for your redirect.
If you read the article I get the distinct impression this guy had no clue what hew as doing when he signed up for podkeyword.com.
Anyways, the truth is, this guy is an idiot, signed up fomr something he didn't understand, then got all pissed off when search engines started indexing the redirect instead of the real URl. Why he got so pissed off, I still don't know. LIke, for some reason he thinks that podkeyword.com could all of a sudden redirect his podcast to somewhere else? He doesn't think his listeners would notice that? Man vegans are even more weird than I initially thought.
Actually, it is more like if Yahoo themselves went and registered a redirect to their own site.
The guy signed up for this *himself*. Then he complained about it when he later realized everyone was using the redirector instead of his "front door" url (wtf???)
It is like going to tinyurl.com and making a tinyurl for your site, then complaining later on when people use it to access your site instead of the real URL.
The guy is a fruitcake and shouldn't even be allowed to podcast until he takes a few courses on how the internet works.
While most of my viewpoint was already iterated by this comment, I have one more thing to add.
This is what happens when a very new technology that is highly experimental becomes widespread too fast. People who doen't have a goddamned clue how the web actually works start submitting things to sites left and right, without understanding the consequences of what they are doing. My personal guess is that this bozo did not even know what a URL redirector *was* when he signed up for this service.
Anyway, I personally stand 100% beside podkeyword.com on this, this guy is a complete tool. He may know stuff about vegan food, but he certainly does not know much about the web or technology, and he should leave the management of his podcast site up to someone who has two clues about what is going on.
What a freak. I can't believe how much media coverage this has gotten, it is really a shame because podkeyword.com provided a nice service (not unlike tinyurl.com, actually nearly identical) and now their name will be tarnished beyond repair.
What a waste of my time.
No one "jacked" anything, this guy submitted the site to this URl forwarder himself The site that "podjacked" him is no different than cjb.net or tinyurl.com or any other redriector service.
It is anyone's fault this guy is a complete tool and does not realize what he is doing.
You buy a hard drive for 50 bucks, try it, if it doesn't work you're out 50 bucks.
This is what is considered "guts" now, putting down 50 bucks on a whim? Man you need to get out a little.
This is "Guts", not some nonsense with a hard drive window.
I was taught by my english teacher in high school that ain't was a perfectly valid word as long as you are using it in the "am not" sense, where it originated. He said that this was because there is no other way to form a contraction based on these words ( amn't? ).
I dunno if he is full of crap or not, but at least he wasn't anal about it. It makes sense too, there is no reason to use ain't for 'is not' when isn't is just as short and is more proper.
I'm in a similar situation as Mr. Kohler, since Slashdot is not cool enough to receive a review console.
This is very surprising considering all the positive press that Microsoft routinely gets out of Slashdot. From past experience I can safely say that most Slashdotters would have been rushing the stores after the guarenteed-to-be-glowing review of the new console produced by such a respectable company.
Copying another response...
IFrame refresh hacks are not "asynchronous" because the user can see them happening, just by watching the browser load icon.
They also break the back button even worse than Ajax. With Ajax at least the back button takes you back a page, if you are doing iframe nonsense and do not know what you are doing (ie, using location = instead of location.replace) it frequently just moves the iframe back a page, resulting in it doing nothing, or worse, sending/retrieving duplicate data.
IFrame refresh hacks are not "asynchronous" because the user can see them happening, just by watching the browser load icon.
They also break the back button even worse than Ajax. With Ajax at least the back button takes you back a page, if you are doing iframe nonsense and do not know what you are doing (ie, using location = instead of location.replace) it frequently just moves the iframe back a page, resulting in it doing nothing, or worse, sending/retrieving duplicate data.
Do you even know what AJAX stands for?
Asynchronous
Javascript
And
XML
See that first part? Asynchronous? You can't do that without XMLHttpRequest*. AJAX is not a methodology without it.
Basically, AJAX *is* XMLHttpRequest, because you would not use XMLHttpRequest for anything else, and you can't do AJAX without it. The whole acronymn is retarded and useless, and created by a marketing junkie at Adaptive Path to drive up business. It is no more a "methodology" than wiping your ass.
* I am not including iframe refresh hacks here, because they are not really asynchronous (watch your web browser spinning icon!), though they accomplish the same goals.
Anyone who designs a webapp around the idea of frugal use of the back button or bookmarks should be shot, plain and simple. Such a thing could never be more complicated than a bulliten board system, and would not be clasified as a "web application".
AJAX relies on the XMLHttpRequest object to do anything. Without it, there is no AJAX (you could say it puts the A in AJAX). Microsoft invented this object, it has shipped with the MSXML COM object for a long time. They first used it in Outlook Web Access in the late 90s.
.Net is a "Microsoft Technology", even though there is Mono.
AJAX only started to get popular in the media after Adaptive Path coined a stupid buzzword for it, but IE-specific developers had been using it for years. Adaptive Path just stumbled upon it being more sueful because Firefox started also shipping an XMLHttpRequest object.
But Microsoft *did* create it, so it is totally accurate to call it a "Microsoft Technology". Just like SMB networking is a "Microsoft technology", even though there is Samba, and
Yeah, NOBODY uses frames in development anymore. Thats old news!
What's that? GMail uses hidden iframes? Google Maps uses hidden frames? Yahoo maps? AdSense? Slashdot? Nah, those guys are all small potatoes!
</sarcasm>
Get a clue. Just because you can't see frames, does not mean they are not there. Frames are used all over the freaking place. Nearly every web page you visit has an ad in an iframe in it.
This is the reason that this article, and also the one it spoofed, are both wrong. Not every state of a web page has to be, or should be, bookmarkable. The back button was never meant to be an 'undo' and should not be treated as such. etc etc...
Both frames and Ajax are very useful and powerful in web applications.
The whole bug is that there is a XSS vulnerability within the IE JavaScript engine around CSS imports. The vulnerability will let you load the contents of any other site into your own site and examin them. This is normally not allowed.
All the stuff you are describing is just details around how to use this exploit to get information from Google Desktop. But you can easily do the same thing to exploit any service who uses an embedded IE component to render data from a server, be it internal or external.
Take my Ultimate Bet example for instance. All you would need to do is have a webpage with the rogue code in it visited by the user at the same time they are logged into Ultimate Bet. You can then use the exploit to load up the user's account page (which will load fine, since they are already logged in), and get whatever the hell data you want, including withdrawing money from their account.
It's a very dangerous scenario. Someone could write a whole bunch of rogue scripts that looked for various exploitable applications to steal data, that all execute from one page. If the user happened to be running the app at that time they would be instantly screwed by visiting that page. The only reason Google Desktop is a particularly interesting target is that it is *always* running. But that is not a prerequisite for the exploit.
Yes, a large part of Google Desktop will run in any browser.
But parts of the Sidebar component are rendered using an IE rendering engine. It is simple to verify if you check the references in the EXE and DLLs.
First of all, Google did not fix an IE bug. All they did is make their own software a bit more tight in security, so that *they* are not suceptible to the IE bug. It does not *fix* it.
Second of all, the bug was *not* in Google Desktop, it *is* an IE bug, it just happens that people who use Google Desktop are vulnerable to it since it embeds IE.
But *ANY* app that embeds IE is (and remains) vulnerable, including many other pieces of software. For example, for all you poker players, if you have an account a UltimateBet, you *are* vulnerable to ths bug, and in theory someone could use it to steal your account information, which is very dangerous, since they may be able th initate withdraws from your account as well.
This is just the tip of the iceburgm there are literally hundreds of apps that embed the IE engine for rendering. All are at risk.
The power of a military is not based on sheer numbers of soldiers.
China does not even hold a candle to the US in terms of hardware and technology, even if you give them a generous amount of 'tom sectret' type developments.
The UK has a capable military for sure, but again it is not even in the same ballpark as the US.
A few figures for your consideration. Sure, dollars spent is not a direct 1:1 correlation with military might, but it should give some perspective as to the ballpark.
What is to stop anyone who has a subscription from simply bypassing all DRM at the kernel level with a simple module to record whatever they want?