Thanks to the China exploit most IE versions out there execute arbitrary code just by visiting a web site. I don't think this is true for any other browser: e.g. when new vulnerabilities are discovered in Firefox they are patched quickly (Microsoft sits on bugs for months or years) and most user actually upgrade to the latest Fx version because they don't have to fear that a security upgrade will cripple their computer.
I just ran this test, and I was horrified to discover that every font I have installed on my system shows up! I had no idea the browser (Firefox v. 3.5.7 with NoScript) leaks this kind of information.
It doesn't. It's the Adobe Flash plugin, deinstall it and try the test again. BTW, if you have noscript and flash, instead of JS enabled and flashblock, you have your configuration exactly backwards.
Python is a very good suggestion. Be sure to check out the turtle module (included in the Python standard library), it's quite nice and inspired by Logo.
Also, Python 3.1 is slightly simpler and easier to understand for a beginner that the old Python 2.x.
Wrong. 1.1 + 2.2 in Python 3.1 shows as 3.3000000000000003, just like any other Python version.
The change is for e.g. "1.1 + 1.1" which shows 2.2 (instead of 2.2000000000000002 in old Pythons). And of course "1.1 + 1.1 == 2.2" is always True, in any Python version. If and only if two floats have the same repr(), they will be equal (except NaNs), again this is true for any Python version.
Back on topic: according to TFA Google added protection from CSRF attacks to their login form. But why is this necessary? AFAIK login forms with passwords aren't vulnerable to this attack unless the user gives their password to the attacker's site.
I ask because on my website I have CSRF protection for all forms except logins and I wasn't able to find specific information about security problems with my approach with a Google search.
The problem is the programmer, they should simply have maintained a count of the ticks in an integer and then multiplied it by 0.1 when necessary. Even better, use a proper data type, not a suckish 24-bit float in a freaking weapon, unless they understand very well what are they doing.
Python 2.6.2 (release26-maint, Apr 19 2009, 01:56:41) [GCC 4.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from decimal import Decimal, getcontext
>>> n = 0
>>> tick = Decimal('0.1')
>>> for i in range(3600000): n += tick ...
>>> n
Decimal('360000.0')
>>> Decimal(1) / Decimal(7)
Decimal('0.1428571428571428571428571429')
>>> getcontext().prec = 50
>>> Decimal(1) / Decimal(7)
Decimal('0.14285714285714285714285714285714285714285714285714')
And, yes, I know that Decimal in Python 2.6/3.1 is slow. Will be faster in 2.7/3.2. And there are similar libraries in Java and other languages.
What has been (hopefully temporary) removed is the mention of Ogg Theora as baseline format since Apple and Microsoft haven't yet accepted to implement it (Safari supports it anyway with the XiphQT component installed). OTOH, Mozilla, Google and Opera all support Ogg Theora (and Vorbis for audio) in their browsers (current of future versions), so apparently Theora is still the strongest candidate, altough Google may change this if they buy On2 and free the VP8 codec.
P.S.: sorry fanboys, H.264 is not an option: starting from 2011 websites with H.264 videos will have to pay an unspecified amount of money to the MPEG LA.
The key to dealing with DRM is to make sure you are aware that the media is encumbered before you decide to buy and to factor the DRM into the purchase (for instance, most people that know about and understand the DRM used on DVDs purchase them anyway), not to avoid any and all hardware that supports playing that media.
I see two problems here: first, most people don't know that Amazon can remotely delete or change their books at any time (yes, they can even change the contents of your books after you have purchased them; the Kindle it's a censor wet dream).
Second I don't have any problem with hardware or software that allows me to read/listen/watch DRMed formats (e.g.: mplayer allows me to watch DVDs, that ok). What I don't like is when my computers/devices obey someone not me (e.g.: my hardware DVD player don't allow me to skip that stupid FBI bullshit).
Not to nitpick, but 1984 and Animal Farm aren't available for the iRex at all. Not legally anyway. And if they are, I will certainly mod you up for linking me to them.
They are legally published by Project Gutenberg Australia (see: George Orwell). Depending on how sane is copyright law in the country where you live it may be illegal for you to read them, and/or you may be legally allowed to buy a DRMed copy and convert it to a non-DRMed format.
For "$DEITY" sake, don't use, buy or recommend to anyone the Kindle!
It was designed from day one to be enable Amazon to fuck you and this is exactly what happened. I'm not surprised.
An alternative ereader with better hardware, open architecture and NOT defective by design is the iLiad by iRex. Yes, it runs Linux and you can install third-part programs. And, yes, it costs a little more, but if you value your freedom (and your books) it's more than worth it.
Disclaimer: I don't work for iRex, I'm only an happy customer.
The developers of Theora state that the codec is not encumbered by patents, but to my knowledge, there's been no legal tests of that
How can you do a legal test of the claim that nobody can sue you over Theora? Nobody has been sued! What more proof do you think can be provided?
Proving a negative is always very difficult, often impossible. Try to prove that the Invisible Pink Unicorn doesn't exist.
So either provide the patent number, or be ready to be accused of spreading FUD.
And don't even start with submarine patents: this is a technical term for a questionable practice of the USPTO that can hide a patent for at most two or three years, Theora is based on VP3 which is more than ten years old.
no intensive review of the possible areas of infringement by a patent attorney.
So you are trolling: Firefox, Opera and Chrome will all ship with Theora support later this year. Mozilla and Opera have publicly stated that their lawyers have verified that Theora is clear from hostile patents (and this can be tested: patents are by their very nature public). I don't know about Google, but you can't possibly suggest that a company worth $ 31 billion would ship a video codec without extensive legal checks.
And, BTW, there's proof that the alternative, H.264, is heavily patented: you need to pay for the encoding, the decoding and for every download of a video from your site. The pay-for-each-download part is only true for videos longer than 12 minutes, but they can change the patent licensing terms any time they want.
There are three things that this test doesn't consider:
for the same bitrate (1000 kbit/s) the Mpeg-4 file is 5.2% bigger than the Ogg one;
nobody uses video alone like in this test, there's always audio and the audio codec associated with Theora (Vorbis) rocks: same quality as MP3 for half the bitrate. Bits saved on the sound can be used to improve the video; and, yes, it is apples-to-apples comparing the overall bitrate of Ogg/Theora+Vorbis against an all-Mpeg-4 solution.
but the most important detail is that they used a constant average bitrate encoding with Theora, which is known to give inferior results for the same bitrate to simply setting the quality to match the desired bitrate.
I know, this is/., but the article was written by someone who wasn't even able to spell correctly the names of the rockets, and the summary fails to mention the stronger alternative that doesn't requires big jobs losses within NASA in the next few years (DIRECT).
First of all, the iLiad doesn't have a bigger screen or higher resolution than the Kindle DX.
Yeah, whatever: you are comparing a product that has been available for years to one that is has not yet been released. I call BS.
To compare apples to apples, the first generation of iLiads has a bigger screen that the first generation of Kindle (including Kindle 2) and the same is true for the latest offerings. And I'm being generous here because the iRex DR-1000 is actually available now, the Kindle DX is not.
One more thing I forgot: unlike the Kindle, the iLiad also has a touchscreen and you can take notes, make drawings and add corrections directly on the pages of any file supported, including PDF and HTML files, just like you would do with a paper book.
But really I want to stress that the most important "feature" is that is not Defective By Design: with the Kindle you have to send your PDF or HTML files to Amazon to be converted to the proprietary and DRM'ed format used, which will then only work on a single device, no matter what license you have... How can people accept this? They are simply screwing their customers by trying a lock-in on your books!
I don't know why most people think that Kindle is the only e-book reader available.
It isn't. It's not even the best.
Check out the iLiad: it has a bigger screen, higher resolution, much better connectivity (wifi, ethernet, SD/MMC, CF, USB host and device, which means it can read USB keys, but it can also appear as an USB key to a PC) and most important is very open: no DRM bullshit, it runs Linux and if you want you can get root access (without having to crack into your own device), install new applications or whatever...
Disclaimer: I have no relation with iRex, the maker of iLiad, I'm only an happy customer that's pissed off by all the attention that inferior and DRM-infested products like the Kindle get, while a lot of people don't even know that there are alternatives.
P.S.: on a similar note: the iPods are not the only MP3 players, not even the best ones. It's a big world...
I think many people are not aware that some ASUS EeePC netbooks already have an HSPA modem (a.k.a. 3.75G) builtin.
E.g. the model 901 GO sold in Italy or in Germany. They're pretty awesome, you can find them on Ebay and at least the Italian ones were sold by the operator TIM, but they are not locked in any way.
There also doesn't appear to be any redundancy, which has long been a design contention in the US and Russian schools of thoughts. I don't know where the ESA is, philosophically, on this issue.
This is easy: ESA has designed and is building and flying the most redundant and fault-tolerant unmanned spacecraft ever seen on this small planet: the ATV.
In an extreme case these things are able of successfully completing their missions with half of the solar panels and fuel tanks and 2/3 of everything else (including computers, antennas, sensors, fuel lines, thrusters, actuators, electrical lines, etc...) completely damaged. Of course this is theoretical, since they would abort the mission in these circumstances, to keep the ISS safe. But still as demonstrated by the first ATV, the Jules Verne, they can successfully complete a mission with any single failure in any subsystem except the main fuel tanks.
But, the absense of thrusters in the nose leaves few options if the brakes fail or are damaged.
Hmm... I'm not a rocket scientist, but you seem to know even less than me about this. Anyway this is only a technology demonstrator and one-time test.
It's simple, very hackable, Mac- and Linux-compatible and it's a true free/open source design, so they don't have a monopoly on it and you can buy compatible boards from other sources or DIY!
Within the Python community, interest in Parrot seems completely dead.
Generic VMs are so 2005, the future of Python runtime is PyPy. From a single implementation of Python (written in Python), they can compile Python code to C, JVM, automatically create a customizable JITed VM, etc...
Check them out: they are doing some seriously cool stuff and they can use a bit of help.
Let's not beat around the bush: this is not an isolated error, this is only the tip of the iceberg.
If you disagree with the government you are an enemy of the state and it's the police that will deal with you. There's a name for this ideology: fascism.
JavaScript in Firefox is (almost?) never the source of security problems in the real world. If Noscript stops something is only because an exploit in another component also uses JavaScript (and often only because the person writing the exploit code was lazy).
Try disabling Java and deinstalling Flash and all the plugins (or at least using Flashblock) and Adblock Plus+Easylist. You will achieve exactly the same results.
I'm a web developer and I'm asking to please don't disable JavaScript. It's not a security problem per-se if you keep your browser updated and in fact makes the web *less* safe because encourages legitimate web developers to use much worse alternatives, like Flash.
Try writing a large program that needs to do heavy number-crunching in Java/Ruby/Perl/Python, or whatever is your preferred language.
Python + Numpy is probably faster that anything most C++ programmer can write, since it uses libraries that can be optimized for the specific processor they run on, including using multiple processors/cores if available.
Hand-optimizing code that runs on modern processors is not a trivial task at all (very simple example: caches can have extremely big and very non-intuitive effects on the speed of code).
Try writing a trivial (5 or 6 lines of code) md5 implementation using only the Python standard library and compare its speed to the GNU md5sum program (written in C). Hint: read blocks with sizes of roughly 10 kB.
Worst part is despite the searches and seizures, they accomplish very little. You inconvenience and step all over the rights of average, law-abiding citizens to give the impression of safety.
It's not for nothing. They are not stupid, there's a very good reason for this: power. Information is power, and if they know about your data (it doesn't matter if it's something legal or not), they have power over you.
Slashdot Mirror
Thanks to the China exploit most IE versions out there execute arbitrary code just by visiting a web site. I don't think this is true for any other browser: e.g. when new vulnerabilities are discovered in Firefox they are patched quickly (Microsoft sits on bugs for months or years) and most user actually upgrade to the latest Fx version because they don't have to fear that a security upgrade will cripple their computer.
I just ran this test, and I was horrified to discover that every font I have installed on my system shows up! I had no idea the browser (Firefox v. 3.5.7 with NoScript) leaks this kind of information.
It doesn't. It's the Adobe Flash plugin, deinstall it and try the test again. BTW, if you have noscript and flash, instead of JS enabled and flashblock, you have your configuration exactly backwards.
Python is a very good suggestion. Be sure to check out the turtle module (included in the Python standard library), it's quite nice and inspired by Logo.
Also, Python 3.1 is slightly simpler and easier to understand for a beginner that the old Python 2.x.
Wrong. 1.1 + 2.2 in Python 3.1 shows as 3.3000000000000003, just like any other Python version.
The change is for e.g. "1.1 + 1.1" which shows 2.2 (instead of 2.2000000000000002 in old Pythons). And of course "1.1 + 1.1 == 2.2" is always True, in any Python version. If and only if two floats have the same repr(), they will be equal (except NaNs), again this is true for any Python version.
Back on topic: according to TFA Google added protection from CSRF attacks to their login form. But why is this necessary? AFAIK login forms with passwords aren't vulnerable to this attack unless the user gives their password to the attacker's site.
I ask because on my website I have CSRF protection for all forms except logins and I wasn't able to find specific information about security problems with my approach with a Google search.
The problem is the programmer, they should simply have maintained a count of the ticks in an integer and then multiplied it by 0.1 when necessary. Even better, use a proper data type, not a suckish 24-bit float in a freaking weapon, unless they understand very well what are they doing.
Python 2.6.2 (release26-maint, Apr 19 2009, 01:56:41) [GCC 4.3.3] on linux2
...
Type "help", "copyright", "credits" or "license" for more information.
>>> from decimal import Decimal, getcontext
>>> n = 0
>>> tick = Decimal('0.1')
>>> for i in range(3600000): n += tick
>>> n
Decimal('360000.0')
>>> Decimal(1) / Decimal(7)
Decimal('0.1428571428571428571428571429')
>>> getcontext().prec = 50
>>> Decimal(1) / Decimal(7)
Decimal('0.14285714285714285714285714285714285714285714285714')
And, yes, I know that Decimal in Python 2.6/3.1 is slow. Will be faster in 2.7/3.2. And there are similar libraries in Java and other languages.
... the video functionality that, while officially removed from the HTML5 standard, will be implemented by everyone anyway...
I really don't know where this urban legend started and why people believe it, since it's trivial to verify that <video> has never been removed from HTML5.
What has been (hopefully temporary) removed is the mention of Ogg Theora as baseline format since Apple and Microsoft haven't yet accepted to implement it (Safari supports it anyway with the XiphQT component installed). OTOH, Mozilla, Google and Opera all support Ogg Theora (and Vorbis for audio) in their browsers (current of future versions), so apparently Theora is still the strongest candidate, altough Google may change this if they buy On2 and free the VP8 codec.
P.S.: sorry fanboys, H.264 is not an option: starting from 2011 websites with H.264 videos will have to pay an unspecified amount of money to the MPEG LA.
The key to dealing with DRM is to make sure you are aware that the media is encumbered before you decide to buy and to factor the DRM into the purchase (for instance, most people that know about and understand the DRM used on DVDs purchase them anyway), not to avoid any and all hardware that supports playing that media.
I see two problems here: first, most people don't know that Amazon can remotely delete or change their books at any time (yes, they can even change the contents of your books after you have purchased them; the Kindle it's a censor wet dream).
Second I don't have any problem with hardware or software that allows me to read/listen/watch DRMed formats (e.g.: mplayer allows me to watch DVDs, that ok). What I don't like is when my computers/devices obey someone not me (e.g.: my hardware DVD player don't allow me to skip that stupid FBI bullshit).
Not to nitpick, but 1984 and Animal Farm aren't available for the iRex at all. Not legally anyway. And if they are, I will certainly mod you up for linking me to them.
They are legally published by Project Gutenberg Australia (see: George Orwell). Depending on how sane is copyright law in the country where you live it may be illegal for you to read them, and/or you may be legally allowed to buy a DRMed copy and convert it to a non-DRMed format.
For "$DEITY" sake, don't use, buy or recommend to anyone the Kindle!
It was designed from day one to be enable Amazon to fuck you and this is exactly what happened. I'm not surprised.
An alternative ereader with better hardware, open architecture and NOT defective by design is the iLiad by iRex. Yes, it runs Linux and you can install third-part programs. And, yes, it costs a little more, but if you value your freedom (and your books) it's more than worth it.
Disclaimer: I don't work for iRex, I'm only an happy customer.
The developers of Theora state that the codec is not encumbered by patents, but to my knowledge, there's been no legal tests of that
How can you do a legal test of the claim that nobody can sue you over Theora? Nobody has been sued! What more proof do you think can be provided?
Proving a negative is always very difficult, often impossible. Try to prove that the Invisible Pink Unicorn doesn't exist.
So either provide the patent number, or be ready to be accused of spreading FUD.
And don't even start with submarine patents: this is a technical term for a questionable practice of the USPTO that can hide a patent for at most two or three years, Theora is based on VP3 which is more than ten years old.
no intensive review of the possible areas of infringement by a patent attorney.
So you are trolling: Firefox, Opera and Chrome will all ship with Theora support later this year. Mozilla and Opera have publicly stated that their lawyers have verified that Theora is clear from hostile patents (and this can be tested: patents are by their very nature public). I don't know about Google, but you can't possibly suggest that a company worth $ 31 billion would ship a video codec without extensive legal checks.
And, BTW, there's proof that the alternative, H.264, is heavily patented: you need to pay for the encoding, the decoding and for every download of a video from your site. The pay-for-each-download part is only true for videos longer than 12 minutes, but they can change the patent licensing terms any time they want.
There are three things that this test doesn't consider:
For real life examples, that also include sound see "YouTube / Ogg/Theora comparison" and "Another online-video comparison".
I know, this is /., but the article was written by someone who wasn't even able to spell correctly the names of the rockets, and the summary fails to mention the stronger alternative that doesn't requires big jobs losses within NASA in the next few years (DIRECT).
First of all, the iLiad doesn't have a bigger screen or higher resolution than the Kindle DX.
Yeah, whatever: you are comparing a product that has been available for years to one that is has not yet been released. I call BS.
To compare apples to apples, the first generation of iLiads has a bigger screen that the first generation of Kindle (including Kindle 2) and the same is true for the latest offerings. And I'm being generous here because the iRex DR-1000 is actually available now, the Kindle DX is not.
One more thing I forgot: unlike the Kindle, the iLiad also has a touchscreen and you can take notes, make drawings and add corrections directly on the pages of any file supported, including PDF and HTML files, just like you would do with a paper book.
But really I want to stress that the most important "feature" is that is not Defective By Design: with the Kindle you have to send your PDF or HTML files to Amazon to be converted to the proprietary and DRM'ed format used, which will then only work on a single device, no matter what license you have... How can people accept this? They are simply screwing their customers by trying a lock-in on your books!
I don't know why most people think that Kindle is the only e-book reader available.
It isn't. It's not even the best.
Check out the iLiad: it has a bigger screen, higher resolution, much better connectivity (wifi, ethernet, SD/MMC, CF, USB host and device, which means it can read USB keys, but it can also appear as an USB key to a PC) and most important is very open: no DRM bullshit, it runs Linux and if you want you can get root access (without having to crack into your own device), install new applications or whatever...
Disclaimer: I have no relation with iRex, the maker of iLiad, I'm only an happy customer that's pissed off by all the attention that inferior and DRM-infested products like the Kindle get, while a lot of people don't even know that there are alternatives.
P.S.: on a similar note: the iPods are not the only MP3 players, not even the best ones. It's a big world...
I think many people are not aware that some ASUS EeePC netbooks already have an HSPA modem (a.k.a. 3.75G) builtin.
E.g. the model 901 GO sold in Italy or in Germany. They're pretty awesome, you can find them on Ebay and at least the Italian ones were sold by the operator TIM, but they are not locked in any way.
There also doesn't appear to be any redundancy, which has long been a design contention in the US and Russian schools of thoughts. I don't know where the ESA is, philosophically, on this issue.
This is easy: ESA has designed and is building and flying the most redundant and fault-tolerant unmanned spacecraft ever seen on this small planet: the ATV.
In an extreme case these things are able of successfully completing their missions with half of the solar panels and fuel tanks and 2/3 of everything else (including computers, antennas, sensors, fuel lines, thrusters, actuators, electrical lines, etc...) completely damaged. Of course this is theoretical, since they would abort the mission in these circumstances, to keep the ISS safe. But still as demonstrated by the first ATV, the Jules Verne, they can successfully complete a mission with any single failure in any subsystem except the main fuel tanks.
But, the absense of thrusters in the nose leaves few options if the brakes fail or are damaged.
Hmm... I'm not a rocket scientist, but you seem to know even less than me about this. Anyway this is only a technology demonstrator and one-time test.
Don't forget the Arduino official homepage.
It's simple, very hackable, Mac- and Linux-compatible and it's a true free/open source design, so they don't have a monopoly on it and you can buy compatible boards from other sources or DIY!
Within the Python community, interest in Parrot seems completely dead.
Generic VMs are so 2005, the future of Python runtime is PyPy. From a single implementation of Python (written in Python), they can compile Python code to C, JVM, automatically create a customizable JITed VM, etc...
Check them out: they are doing some seriously cool stuff and they can use a bit of help.
If you disagree with the government you are an enemy of the state and it's the police that will deal with you. There's a name for this ideology: fascism.
May SpaceX be there to participate as man finally reaches for the stars.
Let's bring some women too.
JavaScript in Firefox is (almost?) never the source of security problems in the real world. If Noscript stops something is only because an exploit in another component also uses JavaScript (and often only because the person writing the exploit code was lazy).
Try disabling Java and deinstalling Flash and all the plugins (or at least using Flashblock) and Adblock Plus+Easylist. You will achieve exactly the same results.
I'm a web developer and I'm asking to please don't disable JavaScript. It's not a security problem per-se if you keep your browser updated and in fact makes the web *less* safe because encourages legitimate web developers to use much worse alternatives, like Flash.
Try writing a large program that needs to do heavy number-crunching in Java/Ruby/Perl/Python, or whatever is your preferred language.
Python + Numpy is probably faster that anything most C++ programmer can write, since it uses libraries that can be optimized for the specific processor they run on, including using multiple processors/cores if available.
Hand-optimizing code that runs on modern processors is not a trivial task at all (very simple example: caches can have extremely big and very non-intuitive effects on the speed of code).
Try writing a trivial (5 or 6 lines of code) md5 implementation using only the Python standard library and compare its speed to the GNU md5sum program (written in C). Hint: read blocks with sizes of roughly 10 kB.
Worst part is despite the searches and seizures, they accomplish very little. You inconvenience and step all over the rights of average, law-abiding citizens to give the impression of safety.
It's not for nothing. They are not stupid, there's a very good reason for this: power. Information is power, and if they know about your data (it doesn't matter if it's something legal or not), they have power over you.