All of those errors are down to the fact that the validator doesn't understand HTML 5. Although it is quite interesting to note the chicken-and-the-egg problem of publishing the specification for a document format in the document format itself. You need to understand the format in order to read the document that explains how to understand the format.
It's like watching people program without a care about optimizing for size or speed. They're paid by the hour, not for the quality of the code.
Funny, that's how I feel about people who don't use CSS. Seriously, if you are that concerned with the size of pages and bandwidth, like you say in your other comment, then why are you transmitting your style information on every single page load?
I actually find things like "normal <B>bold <I>bold italic</B> italic</I> normal" useful
I hate to break it to you, but that's not HTML 4.01 Transitional either. No version of HTML has permitted overlapping elements in the way that you describe. You are merely exploiting error handling that is fairly common amongst web browsers.
no one is taking seriously their largely incompatible work on 'next-generation' XHTML or 'modularized' XHTML.
Everybody is ignoring XHTML 2.0 because it isn't finished yet. XHTML 1.1 is not an option for most developers for one reason in particular: you can't use it with Internet Explorer. Blame Microsoft.
Both HTML and XHTML are in sorry need of removing deprecated items
No, both HTML 4.01 Strict and XHTML 1.0 Strict are available for those people who wish to use a document type that doesn't include the deprecated stuff. And even if they weren't available, nobody needs deprecated items to be removed. If you don't want them, don't use them. Just because they appear in a specification it doesn't mean you are forced to use them.
The quality of this work has reached the point that Apple, Opera, and Mozilla have requested the adoption of HTML5 as the new 'W3C Recommendation' for Web development.
No, they are requesting that the W3C — the organisation you've just written off as closed and useless — adopt their work as a starting point, so that it can be developed further at the W3C. They aren't asking that the W3C give it Recommendation status, they are asking the W3C to take over its development.
On the other hand do I want sensitive data stored on someone else's server?
The privacy angle is bogus. If you are using somebody else's mx, then they can archive all your mail anyway, even if you are using a desktop application. If you are using your own mx, then there's nothing stopping you installing a webmail application on your own server.
Since running the program makes a copy of it in computer memory and since the user does not have permission to do so, that copy in memory is an infringement.
(a) Making of Additional Copy or Adaptation by Owner of Copy. -- Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
(1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or...
I'm the author of one of the dictionaries that Google "adopted"
Then if you wanted attribution, you should have included it in the license. As far as I know, the Googlebot doesn't index people's minds yet, so if you want something, you need to ask for it.
Nobody disputes that this was in violation of your license.
Actually, a number of times Theo characterised their complaint as being about copyrighted whitespace and variable names, even after being told to look at the code. Example:
I mean, if I were him, why would I bother going on, when there are
accusations about copyright being based on white space, variable
names which are the same, or simple "save the registers" algorithms
which you feel are too similar.
Michael Busch's whole argument that they GPL'ed the damn thing because they didn't want Broadcom to take advantage of their work is BS.
Of course it is. Of course, most people don't realise this, because the evil, inhuman Michael Busch used his time machine to travel back to 2005 and plant fake mailing list archives saying that the reason they chose the GPL over the BSD license was because they didn't want it taken proprietary especially by Broadcom, because of particular features of the open driver, when we all know it's just an evil, inhuman plot against Theo and OpenBSD. Thanks for alerting us to this deviousness, AC!
commiting to cvs is not and has never been distribution.
So if I strip out all the copyright notices from a Vista ISO and commit it to a public CVS repository, it doesn't count as copyright infringement or plagiarism? And I won't have to worry about a nasty lawsuit from Microsoft?
Theo's passionate, a good quality many people are lacking.
There's a difference between passion and anger or hatred. Theo is repeatedly calling them inhuman, implying that he could introduce security holes into the Linux version of OpenSSH, and stating that he intends to persue a vendetta. Take a look at some of the things he has been saying:
Your postings have been simply inhuman.
And I will go out of my way to ensure that anyone in the future
understands that is our viewpoint on this.
You are a very poor example of humankind.
You're right -- perhaps you should not trust us.
By the way, we are the people who write OpenSSH. Perhaps you should
not trust it, either.
The crux of Theo's complaint seems to be that they "went public" by emailing too many people. When some of the people in on the email pointed out that they were the ones that actually did the hard work of reverse-engineering, Theo said:
And how exactly does seeing this public flogging involve you?
Wow. Just, wow. I often agree with Theo even when he's being a knob because he's usually got a point. But in this case, he's been embarrassed, and he is using whatever he can think of as an incredibly flimsy excuse to attack the people whom the OpenBSD developer plagiarised. What a childish, unproductive attitude. Pulling the code and giving up on the driver instead of taking them up on their offer to relicense the code is cutting off your nose to spite your face, and worse for your users. Just take your ball and go home, Theo.
Since when do you judge an entire continent based on a single country (that is barely even on that continent)? Why aren't you saying "What's wrong with the Middle East" or "What's wrong with Asia?"? Turkey is in those regions just as much as it is in Europe. And Turkey are pretty out of sync with the rest of Europe when it comes to things like this, which is part of the reason why they are having such a hard time getting into the EU.
You can't have selective free speech!
Would you care to name a government that doesn't place limits on free speech? You need to head to international waters or off-planet if you want free speech without any limits. All governments have at least some laws against slander, libel, shouting fire in a crowded theatre, copyright infringement, spamming, etc. I know it's traditional to redefine these as some sort of "unspeech" in the USA so that people can continue to pretend that they have total freedom of speech, but these are forms of speech too, as undesirable as you might consider them to be.
For instance, Germany will soon be attempting to reintroduce legislation into the EU banning swastikas and Holocaust denial.
Germany are free to try, but they won't get anywhere. Previously Nazi-occupied countries are over-sensitive about the swastika, but the rest of Europe isn't.
Surprisingly, at least in the Holocaust issue, England is one of the few countries that put up a fuss last time it came up (2005).
I think you're thinking of the UK, not England. England doesn't even have its own government, and is only a member of the EU indirectly by virtue of being a constituent country of the UK.
The GPLv2 is one of the simplest, straightforward software licenses I've ever seen. It uses plain English, virtually no legal jargon, and even includes a summary. And I always see people talking about GPL-this and GPL-that who don't appear to have even read it, much less understood it.
Now the GPLv3 is more complicated than the GPLv2, but the main reason for it having to be explained is because so many people already have misconceptions about it from the rumour mill and because of its novelty. I wouldn't say that the necessity for an explanation is inherently a cause for concern.
Click on the prominent link in the middle of their home page.
It's really not that hard to find details. All you really need is the ability to operate a web browser, a search engine, and about thirty seconds of your time.
Where did you read this in the article? The article has no details.
Are we reading the same article? It lists vulnerable Ajax libraries. It uses GMail and webmail in general as examples of potentially vulnerable web applications. GMail and typical webmail applications aren't designed to be called from other domains in mashups.
Or do you have another source?
Here's the advisory (PDF). They override the Object() constructor before calling the JSON so they can capture the data without worrying about scope.
Re:Okay, I'll be the first to ask.
on
Web 2.0 Under Siege
·
· Score: 4, Informative
this only affects AJAX APIs / apps that are designed to be called from other domains.
No, that's the vulnerability. This allows other domains to get the data when the applications don't want to share it.
Bottom line: Don't expose any data / functionality through an API that allows cross-domain XHR unless you add additional precautions.
The news here is that the "additional precautions" that most Ajax libraries take are ineffective.
Re:Okay, I'll be the first to ask.
on
Web 2.0 Under Siege
·
· Score: 4, Informative
No, that kind of thing has always been possible since the very first implementation of JavaScript. If you don't need POST, then you can even do it with plain HTML 2.0, no JavaScript.
The problem here is that JSON is a subset of JavaScript and so it is automatically parsed under the local domain's security context when it's included in a document with <script>. There's a few tricks to "hide" it even though it's already been parsed and is sitting in memory, I assume these guys have found a way around that.
They are criminalising commercial copyright infringement. Non-commercial copyright infringement is still illegal. This means that you get sued and pay damages instead of getting arrested and going to jail.
Er, isn't it kinda derivative of the GNU standard C library?
No, it doesn't use glibc. Think about it — when the kernel boots up, it hasn't even mounted the root partition, how is it supposed to link in any libraries? And it's certainly not going to statically link glibc, it's far too big for that.
You may develop application programs, reusable components and other
software items that link with the original or modified versions of the
Software. These items, when distributed, are subject to the following
requirements:
a. You must ensure that all recipients of machine-executable forms of
these items are also able to receive and use the complete
machine-readable source code to the items without any charge
beyond the costs of data transfer.
b. You must explicitly license all recipients of your items to use
and re-distribute original and modified versions of the items in
both machine-executable and source code forms. The recipients must
be able to do so without any charges whatsoever, and they must be
able to re-distribute to anyone they choose.
c. If the items are not available to the general public, and the
initial developer of the Software requests a copy of the items,
then you must supply one.
Slashdot Mirror
All of those errors are down to the fact that the validator doesn't understand HTML 5. Although it is quite interesting to note the chicken-and-the-egg problem of publishing the specification for a document format in the document format itself. You need to understand the format in order to read the document that explains how to understand the format.
Funny, that's how I feel about people who don't use CSS. Seriously, if you are that concerned with the size of pages and bandwidth, like you say in your other comment, then why are you transmitting your style information on every single page load?
I hate to break it to you, but that's not HTML 4.01 Transitional either. No version of HTML has permitted overlapping elements in the way that you describe. You are merely exploiting error handling that is fairly common amongst web browsers.
No, the W3C have been very busy.
No, XHTML was last updated two months ago.
Everybody is ignoring XHTML 2.0 because it isn't finished yet. XHTML 1.1 is not an option for most developers for one reason in particular: you can't use it with Internet Explorer. Blame Microsoft.
No, both HTML 4.01 Strict and XHTML 1.0 Strict are available for those people who wish to use a document type that doesn't include the deprecated stuff. And even if they weren't available, nobody needs deprecated items to be removed. If you don't want them, don't use them. Just because they appear in a specification it doesn't mean you are forced to use them.
No, they are requesting that the W3C — the organisation you've just written off as closed and useless — adopt their work as a starting point, so that it can be developed further at the W3C. They aren't asking that the W3C give it Recommendation status, they are asking the W3C to take over its development.
The privacy angle is bogus. If you are using somebody else's mx, then they can archive all your mail anyway, even if you are using a desktop application. If you are using your own mx, then there's nothing stopping you installing a webmail application on your own server.
This has already happened: Hacked Chinese Bank Server Phishes for US Banks.
At least in the USA, it is not copyright infringement to copy software for the purpose of using it. 117. Limitations on exclusive rights: Computer programs:
Then if you wanted attribution, you should have included it in the license. As far as I know, the Googlebot doesn't index people's minds yet, so if you want something, you need to ask for it.
Actually, a number of times Theo characterised their complaint as being about copyrighted whitespace and variable names, even after being told to look at the code. Example:
Of course it is. Of course, most people don't realise this, because the evil, inhuman Michael Busch used his time machine to travel back to 2005 and plant fake mailing list archives saying that the reason they chose the GPL over the BSD license was because they didn't want it taken proprietary especially by Broadcom, because of particular features of the open driver, when we all know it's just an evil, inhuman plot against Theo and OpenBSD. Thanks for alerting us to this deviousness, AC!
So if I strip out all the copyright notices from a Vista ISO and commit it to a public CVS repository, it doesn't count as copyright infringement or plagiarism? And I won't have to worry about a nasty lawsuit from Microsoft?
There's a difference between passion and anger or hatred. Theo is repeatedly calling them inhuman, implying that he could introduce security holes into the Linux version of OpenSSH, and stating that he intends to persue a vendetta. Take a look at some of the things he has been saying:
That isn't passion, that's hatred.
The crux of Theo's complaint seems to be that they "went public" by emailing too many people. When some of the people in on the email pointed out that they were the ones that actually did the hard work of reverse-engineering, Theo said:
Wow. Just, wow. I often agree with Theo even when he's being a knob because he's usually got a point. But in this case, he's been embarrassed, and he is using whatever he can think of as an incredibly flimsy excuse to attack the people whom the OpenBSD developer plagiarised. What a childish, unproductive attitude. Pulling the code and giving up on the driver instead of taking them up on their offer to relicense the code is cutting off your nose to spite your face, and worse for your users. Just take your ball and go home, Theo.
I bet that sounded very different in your head.
Since when do you judge an entire continent based on a single country (that is barely even on that continent)? Why aren't you saying "What's wrong with the Middle East" or "What's wrong with Asia?"? Turkey is in those regions just as much as it is in Europe. And Turkey are pretty out of sync with the rest of Europe when it comes to things like this, which is part of the reason why they are having such a hard time getting into the EU.
Would you care to name a government that doesn't place limits on free speech? You need to head to international waters or off-planet if you want free speech without any limits. All governments have at least some laws against slander, libel, shouting fire in a crowded theatre, copyright infringement, spamming, etc. I know it's traditional to redefine these as some sort of "unspeech" in the USA so that people can continue to pretend that they have total freedom of speech, but these are forms of speech too, as undesirable as you might consider them to be.
Germany are free to try, but they won't get anywhere. Previously Nazi-occupied countries are over-sensitive about the swastika, but the rest of Europe isn't.
I think you're thinking of the UK, not England. England doesn't even have its own government, and is only a member of the EU indirectly by virtue of being a constituent country of the UK.
The GPLv2 is one of the simplest, straightforward software licenses I've ever seen. It uses plain English, virtually no legal jargon, and even includes a summary. And I always see people talking about GPL-this and GPL-that who don't appear to have even read it, much less understood it.
Now the GPLv3 is more complicated than the GPLv2, but the main reason for it having to be explained is because so many people already have misconceptions about it from the rumour mill and because of its novelty. I wouldn't say that the necessity for an explanation is inherently a cause for concern.
Here. For future reference:
It's really not that hard to find details. All you really need is the ability to operate a web browser, a search engine, and about thirty seconds of your time.
This isn't true. The example they use is overriding the Object() constructor. Keeping the JSON out of scope doesn't save you.
Are we reading the same article? It lists vulnerable Ajax libraries. It uses GMail and webmail in general as examples of potentially vulnerable web applications. GMail and typical webmail applications aren't designed to be called from other domains in mashups.
Here's the advisory (PDF). They override the Object() constructor before calling the JSON so they can capture the data without worrying about scope.
No, that's the vulnerability. This allows other domains to get the data when the applications don't want to share it.
The news here is that the "additional precautions" that most Ajax libraries take are ineffective.
No, that kind of thing has always been possible since the very first implementation of JavaScript. If you don't need POST, then you can even do it with plain HTML 2.0, no JavaScript.
The problem here is that JSON is a subset of JavaScript and so it is automatically parsed under the local domain's security context when it's included in a document with <script>. There's a few tricks to "hide" it even though it's already been parsed and is sitting in memory, I assume these guys have found a way around that.
They are criminalising commercial copyright infringement. Non-commercial copyright infringement is still illegal. This means that you get sued and pay damages instead of getting arrested and going to jail.
No, it doesn't use glibc. Think about it — when the kernel boots up, it hasn't even mounted the root partition, how is it supposed to link in any libraries? And it's certainly not going to statically link glibc, it's far too big for that.
Section 6:
I think it's great.
They are modern day Robin Hoods, except legal!