Maybe I'm just being dense, but I still see this as very limited. Unless those scripts can somehow access server-side data - perhaps using your cached site authorization?
But this isn't just SWF payload - any kind of payload can be embedded in the same way, and carry the same risks. In addition, unless I'm missing something, the flash content is limited to accessing things owned by that domain, and stored on the client computer by that domain (maybe even within flash itself? not sure?) . Which means - unless a server is particularly stupid about what it keeps on teh client - that the damage it can do is fairly limited, doesn't it?
Instead, Arkin added, Adobe has tried to get the word out to Web application designers and site administrators about the danger of allowing users to upload content. "Sites should not allow user uploads to a trusted domain," Arkin argued. "The real issue here is that developers should be cautious about using techniques that can be misused maliciously. In general, this is a general challenge in managing active content."
Arkin is from Adobe. And he's seriously saying that in order to "fix" this, web site owners must simply disallow users from uploading files. Period. (Not through Flash, but all file uploading.) That's a spectacular answer.
On the other hand... I kind of understand where he's comign from. If you let your users upload content unchecked, and serve that content up, you are potentially giving some level of access to client machines. In this case, it seems somewhat minimal? I'm not familiar with actionscript, but you don't get free reign to the user's machien do you? Only content specifically store under the domain of the owning server, in the context of Flash?
I've had that same role for years, and the best way to not make it a nuciance is to do things right the first time.
AVG Free, SpyBot (and setup auto-updates/scans for it), setup windows Updates.
I have 11 family members I support, no issues, and they range from 6 to 60 in age.
I have the same setup for my traveling sales folks at work too, AVG Network Edition, Spybot, Forced windows updates. Never had a problem. Stop complaining and do the task correctly.
You're doing it wrong. Teach them what not to do so that they don't require all that bloatware to be installed. Then the first time they don't listen, tell them they're on their own.
And if I do need to give them support? 99% of the time I can just have them fire up iChat and share their desktop with me. Quick and easy for them, and doesn't require messing with opening ports in any firewalls or NATs.
You don' t have them running behind a NAT'd firewall? I don't really care which operating system you use, this is just a basic precaution that there's seldom reason/not/ to take.
The top two hits are spam sites. Three and four are for google's language. Five is the wikipedia page for this language -- and it was apparently just created yesterday. The book itself is self-published and does not show up (at least in the first page of results I looked at). I'm not sure that this is something that google should reasonably be expected to find; and while it would be good PR for them to change the name, I'm not sure that there's really a need for it.
More likely, they'll just shovel some cash at the guy to convince him it's not a big deal. Not a bad ending - write a language nobody knows about, talk about it, profit!
Reminds me of a couple years ago, when a routine update from... Ubuntu, I thnk? Or that may have been during my thankfully brief flirtation with Gentoo? Anyway - a routine update to the xorg layer made X refuse to boot. That issue was owned entirely by the team who manages the distro updates - and sure enough, it as a long time before I would again blindly take the latest required updates.
So I went to check this out... and I couldn't find any helpful information! The web site had lots of good stuff about getting started, FAQ, etc... but nothing that told me what OGP actually is. Before I jump in and start installing it, maybe some information about what OGP is/does/solves might be good to put there on the front page, especially if you're shamelessly plugging it?
True, and the "fun factor" isn't to be underestimated -- it's definitely enjoyable to learn new stuff. It's just the attitude of "must learn because of who made it" that rubs me the wrong way.
You're pretty bold giving MS any credit here. This is the home of the Google fanboi, for reasons I don't understand other than some people hope Google will take down Microsoft.
I'm an AC because of companies like google.
The most common five reasons for AC posting:
Too lazy to register
You have an account and overestimate how many people care about what you post;
You have an account and overestimate the importance of your slashdot karma score as pertains to real life.
No, no - "Go Open Source Programming e-Language"... GOSPeL. That would not only make it easier to find in searches, but the occasional unrelated search result would most assuredly a topic loved by programmers everywhere!
Whenever Google announces something, you have to make the decision... jump on it immediately and get ahead of the curve, but risk wasting all that time if it doesn't take off? Or wait?
That makes it sound like you're going to fall hopelessly behind "the curve" if you don't jump on a successful product.
That woudl be a helluva frantic life to live. It's just technology in the end. There are thousands of new technological ideas, innovations, and products coming out every year. The choice you really need to make is this: a) figure out what you want to do, then look for the technology that best supports it... or b) focus on a couple of Big Names, learn the neat new technological toys they release, then begin searching desperately for something problem to solve with them.
One of those two options nets you a solution to a problem at hand. The other nets you solutions in search of problems, with perhaps a bit more opportunity to play with fun toys along the way.
I've lost about 45 lbs in the last 8 months -- 1-2 lbs a week most weeks. Sometimes more, sometimes less, sometimes I gain a little. I have about 20 more to go, if that. I won't say it was easy, because it wasn't, but it was very/simple/. Common-sense simple. I've also dropped my cholesterol into a healthy range. I've listed the changes I made in the order that I 'feel' they make a difference:
Stop eating when you're not hungry This may have been the biggest change. I would regularly eat until I was "full" - two meals a day. A few weeks of just paying close attention to exactly how much I was eating... eating a little slower and listening to my body when it says "Yeah that tastes really good, but I'm kinda done now."... let my body adjust to more natural meal sizes, and now it's very easy to know when I'm near to having enough. I still have "too much" sometimes, but but it's far from occurring at every meal now.
Watch proportions. I don't mean the size of each portion of food, but the size relative to other portions. I increased vegetable servings (which wasn't hard to do, since I often didn't have them at all), making them and complex carbs ('starch') the bulk of my meal. The meat/protein is usually lesser in proportion to either one of the two, though not always. Even without changing the specific things you eat, this by itself can make a difference.
You must become aware of what you're eating, and be willing to change it Keep a journal is best - I did not, but that's only because my wife did, and so I more or less tracked off of what she was doing. Don't eat mcdonalds, pizza, etc several times a week. McDonalds I might have once per two months now (no loss, that crap is nasty but I didn't realize it until I started eating less of it).You will find that overall, you still tend to eat things that you like - but you'll also find that the things you want to eat will change over time, so that you won't find yourself missing foods when you're not having them. And when you do "miss" (or crave..) them... by all means have them! Just don't go to excess, and don't do it every day...
Some exerciseI take my dogs for a walk now, 3-5 nights a week (no less than three, no more than 5). It's a fast walk, and I do it for about a half hour. Not a major effort by any stretch, and it doesn't take a lot of time out of my life. My heart rate - depending on terrain - ranges from 120-150 bpm though I don't really monitor it except once in a while. I don't think this significantly helps in terms of burning off x calories, but rather it seems to cause an overall hike in metabolic rate. In addition, there are smaller things you can do - stairs instead of elevator, etc. Don't push it though... you'll eventually feel comfortable enough to just do it one day, without doing it specifically for hte purpose of getting exercise... that's probably the right time, especially if you've a lot of weight to lose in the beginning. I've found that indulging this once in a while prevents me from "building up" and then over-indulging by far.
Eat smaller and more oftenA lot of diets recommend following these rigid, ridiculous eating schedules that have you eating 9 times a day (hyperbole...). That's over-killl - I eat 3 meals, 2 or 3 snacks, and some nights a desert a couple hours after dinner. It's all flexible to my schedule, which is often insane, and if I don't manage to do all of the above a day or two, it's not the end of the world. (Speaking of snacks: I don't mean nasty rice cakes, but... things that taste good and yet aren't all that bad for you. personally, I love cheeze-its. You can have 30 of 'em in a serving, and they're not all that horrible for you as long as you['re eating well overall. Much better than various chips, etc. Goldfish are even better - 60 per serving. Fruit sometimes works... )
Minor tweaks There's no one-size fits all. There are other things I d
I keep hearing that with this bill in place, not getting insurance would cause you to have to pay heavy fines or go to jail. That's not exactly good for people without money. Who also don't get sick or hurt.
I keep hearing about how people make things up because they're bored. That's not exactly conducive to worthwhile conversation, but that doesn't stop them.
I remember this popping up back in the 90s as well, though I thought it was actually a good, if not especially novel, idea. The main issue isn't technological, it's just marketshare; in order for this to work right just about everyone has to be using the same service.
Or a standard agreed upon, so that the service provider doesn't matter...
The first two - password type information, are not effectively culture - they occupy none of the same mental space that culture has traditionally been in society.
So now you're saying it's okay to put shackles on some information, but not other? Non-creative information doesn't belong to everyone, but creative information does? What's the distinction? Who determines whether something has cultural value?
Either information can be privately held, or it can't. Once you get into notions of dividing into categories of information, it becomes far too open to interpretation.
As an example, medical records can give a history of your lifestyle, which is a direct reflection of the culture in which you live. So which is it? Private information, or cultural artifact?
Nope. Culture, information, we should never approve of shackles on these things. We should reject claims of ownership of ideas or data.
Yes, that sounds like a fine idea. Please reply with the dates of birth and SSNs of you and your extended family, your vehicle registration information, you complete medical history, complete transcripts of every private conversation you've held, your grocery lists for the last decade, your children's scribblings and schoolwork.
You would provide this willingly, no recompense required, right? After all, it's only information - raw data, when it comes down to it. A good deal of it will undoubtedly also reflect the values and mores of our culture. Some of it is surely creative.
The only way I can see this being an attitude that survives into adulthood is if someone is living fully supported by someone else (ie, no expenses) , a professional student, or is working for a university -- each of these would allow the luxury of thinking that there's no cost to the creation of cultural artifacts.
Slashdot Mirror
Maybe I'm just being dense, but I still see this as very limited. Unless those scripts can somehow access server-side data - perhaps using your cached site authorization?
But this isn't just SWF payload - any kind of payload can be embedded in the same way, and carry the same risks. In addition, unless I'm missing something, the flash content is limited to accessing things owned by that domain, and stored on the client computer by that domain (maybe even within flash itself? not sure?) . Which means - unless a server is particularly stupid about what it keeps on teh client - that the damage it can do is fairly limited, doesn't it?
Instead, Arkin added, Adobe has tried to get the word out to Web application designers and site administrators about the danger of allowing users to upload content. "Sites should not allow user uploads to a trusted domain," Arkin argued. "The real issue here is that developers should be cautious about using techniques that can be misused maliciously. In general, this is a general challenge in managing active content."
Arkin is from Adobe. And he's seriously saying that in order to "fix" this, web site owners must simply disallow users from uploading files. Period. (Not through Flash, but all file uploading .) That's a spectacular answer.
On the other hand... I kind of understand where he's comign from. If you let your users upload content unchecked, and serve that content up, you are potentially giving some level of access to client machines. In this case, it seems somewhat minimal? I'm not familiar with actionscript, but you don't get free reign to the user's machien do you? Only content specifically store under the domain of the owning server, in the context of Flash?
Ah, gotcha
I've had that same role for years, and the best way to not make it a nuciance is to do things right the first time.
AVG Free, SpyBot (and setup auto-updates/scans for it), setup windows Updates.
I have 11 family members I support, no issues, and they range from 6 to 60 in age.
I have the same setup for my traveling sales folks at work too, AVG Network Edition, Spybot, Forced windows updates. Never had a problem. Stop complaining and do the task correctly.
You're doing it wrong. Teach them what not to do so that they don't require all that bloatware to be installed. Then the first time they don't listen, tell them they're on their own.
And if I do need to give them support? 99% of the time I can just have them fire up iChat and share their desktop with me. Quick and easy for them, and doesn't require messing with opening ports in any firewalls or NATs.
You don' t have them running behind a NAT'd firewall? I don't really care which operating system you use, this is just a basic precaution that there's seldom reason /not/ to take.
Cool, thanks for the info. This is for any game, or is there a list of games it works with?
More likely, they'll just shovel some cash at the guy to convince him it's not a big deal. Not a bad ending - write a language nobody knows about, talk about it, profit!
Reminds me of a couple years ago, when a routine update from ... Ubuntu, I thnk? Or that may have been during my thankfully brief flirtation with Gentoo? Anyway - a routine update to the xorg layer made X refuse to boot. That issue was owned entirely by the team who manages the distro updates - and sure enough, it as a long time before I would again blindly take the latest required updates.
So I went to check this out... and I couldn't find any helpful information! The web site had lots of good stuff about getting started, FAQ, etc... but nothing that told me what OGP actually is. Before I jump in and start installing it, maybe some information about what OGP is/does/solves might be good to put there on the front page, especially if you're shamelessly plugging it?
True, and the "fun factor" isn't to be underestimated -- it's definitely enjoyable to learn new stuff. It's just the attitude of "must learn because of who made it" that rubs me the wrong way.
You're pretty bold giving MS any credit here. This is the home of the Google fanboi, for reasons I don't understand other than some people hope Google will take down Microsoft.
I'm an AC because of companies like google.
The most common five reasons for AC posting:
No, no - "Go Open Source Programming e-Language" ... GOSPeL. That would not only make it easier to find in searches, but the occasional unrelated search result would most assuredly a topic loved by programmers everywhere!
Whenever Google announces something, you have to make the decision... jump on it immediately and get ahead of the curve, but risk wasting all that time if it doesn't take off? Or wait?
That makes it sound like you're going to fall hopelessly behind "the curve" if you don't jump on a successful product.
That woudl be a helluva frantic life to live. It's just technology in the end. There are thousands of new technological ideas, innovations, and products coming out every year. The choice you really need to make is this: a) figure out what you want to do, then look for the technology that best supports it... or b) focus on a couple of Big Names, learn the neat new technological toys they release, then begin searching desperately for something problem to solve with them.
One of those two options nets you a solution to a problem at hand. The other nets you solutions in search of problems, with perhaps a bit more opportunity to play with fun toys along the way.
and as a lawyer who sends C&Ds for a living... Wow, that's sad. That's almost like admitting to being a parking inspector...
I'm a parking inspector, you insensitive clod!
I keep hearing that with this bill in place, not getting insurance would cause you to have to pay heavy fines or go to jail. That's not exactly good for people without money. Who also don't get sick or hurt.
I keep hearing about how people make things up because they're bored. That's not exactly conducive to worthwhile conversation, but that doesn't stop them.
True, but then we couldn't hear the real experts comment on it like we can here.
I remember this popping up back in the 90s as well, though I thought it was actually a good, if not especially novel, idea. The main issue isn't technological, it's just marketshare; in order for this to work right just about everyone has to be using the same service.
Or a standard agreed upon, so that the service provider doesn't matter...
I think your understanding is off here. The specific code is what's copyrighted, not the functionality.
We are willing to stop consuming - legally or otherwise - expensive music and movies ridden with restrictions that do not work for our lifestyles.
If you go the "otherwise" route, you haven't stopped consuming ;)
Plagiarism is different from copyright.
That's not relevant to the point. His web site and all of its content is information -- which, according to GGP, should not be shackled.
Forbidding me to make an exact copy and claim it as my own is shackling that information.
The first two - password type information, are not effectively culture - they occupy none of the same mental space that culture has traditionally been in society.
So now you're saying it's okay to put shackles on some information, but not other? Non-creative information doesn't belong to everyone, but creative information does? What's the distinction? Who determines whether something has cultural value?
Either information can be privately held, or it can't. Once you get into notions of dividing into categories of information, it becomes far too open to interpretation. As an example, medical records can give a history of your lifestyle, which is a direct reflection of the culture in which you live. So which is it? Private information, or cultural artifact?
Ahh, flamebait... someone doesn't like having a hard truth pointed out, it seems :)
Nope. Culture, information, we should never approve of shackles on these things. We should reject claims of ownership of ideas or data.
Yes, that sounds like a fine idea. Please reply with the dates of birth and SSNs of you and your extended family, your vehicle registration information, you complete medical history, complete transcripts of every private conversation you've held, your grocery lists for the last decade, your children's scribblings and schoolwork.
You would provide this willingly, no recompense required, right? After all, it's only information - raw data, when it comes down to it. A good deal of it will undoubtedly also reflect the values and mores of our culture. Some of it is surely creative.
The only way I can see this being an attitude that survives into adulthood is if someone is living fully supported by someone else (ie, no expenses) , a professional student, or is working for a university -- each of these would allow the luxury of thinking that there's no cost to the creation of cultural artifacts.