Step 2: Succeed and convincing management types that it's a problem that should be dealt with before it's serious.
Step 3: Fix problem ahead of time.
Step 4: Nothing serious happens because the problems were fixed ahead of time.
Step 5: Identify huge date based problem (GPS rollover).
Step 6: Fail to convince management types that it's a huge problem. They spent a lot of money fixing Y2K and it didn't cause any problems, why should this?
Step 7: Everything goes offline because the problem wasn't fixed.
Step 8: Management has no idea what happened. Y2K wasn't this bad!
Yes, it is trivial to fix, though you have to write an extension with the scary "can look at all web pages you visit" permission since it has to muck with all pages.
There's a standard mechanism to inject a script into every page that loads. You would set it to inject on every page and frame. The script should look for any a tags with the ping attribute, and remove the attribute. Then you want to set up a MutationObserver (or whatever the newer API is now?) to detect any changes to the page which could add in ping attributes to a tags or new a tags. When the event fires, you run your code again to scan for a tags with ping attributes and remove the attributes.
That's the basic functionality and it would not take long to make. You'd probably want to make it fancy by adding things like a pings blocked counter or whatever which would take longer. Such extensions probably already exist.
You can make the links work properly when right clicked, the problem is whoever coded it didn't care enough to make that happen.
The proper way to do it is to make it a normal link, but then hook up some JavaScript that stops the default link behavior and/or does something extra in the background.
If you're going from that angle, it's unfair to single out Fortnite. Many games now use similar monetization mechanics including mechanics borrowed from gambling. And mobile games have done so for much longer than PC games. Banning Fortnite will not solve this problem and it's incredibly naive and short-sighted to think something else won't appear that's the same or even worse (and in fact it probably already has).
Tacoma is one of those walking simulator games, but I liked the story. It takes place in the future, and one of the things you can figure out is a bit of context about how jobs work. In the future, companies have introduced their own currency they call "Loyalty" to pay workers. However each company has its own "Loyalty" and it's a lot of trouble to switch companies as you have to exchange your "Loyalty" and you can't always do it all (it sounds like it works like college credit when you switch colleges). This article reminded me of that. I guess we're getting closer to the future.
What would be nice is option like run un-trusted, which starts a VM automatically and runs that, checks that nothing bad has happened to your computer as well
While it's real easy to come up with ideas, in the real world they need to be viable. "Nothing bad"? How do you even define that? If I am finished with some files on my computer and I decide to wipe the whole folder out of existence how does my PC know I intended to do that, or if it is some malware trying to trick it so it can wipe out my personal files?
Running programs isolated is not a new idea. However because lots of legacy desktop apps interoperate with your files and other applications, that's not viable for normal use. Android and iOS are more recent OSs though so they don't have to worry about legacy concerns, and they do this. They also have a good permission system to only allow apps the acces they need. Users still ignore permissions prompts and install suspicious apps all the time.
Being able to change the cursor is a pretty important thing. You know how links turn into a hand when you hover over them? That's the main use. I myself have used custom cursors to provide intuitive help when the user hovers over a UI element. It shows you how to use it. Is it a resizer? What directions can it resize? Does it move something? Can you not interact with it at all? Is it a hyperlink? Is it text I can select?
This is something that could be exploited waaaay back to IE6 and probably earlier, and should work in every browser. Chrome is particularly vulnerable because alert boxes are not popup boxes which block the whole browser, to prevent pages from locking up the browser with alert boxes, so the cursors still show even when an alert box is up as the user has their mouse over the webpage. I presume at least part of the fix will be to disable custom cursors when an alert box is shown, since the user can't interact with the page anyway until it's dismissed.
This is pretty easy to get yourself out of once you realize what is going on. It works mostly by confusion. Users move their cursor up to close the tab or click OK on the alert, but the cursor is actually still inside the webpage. Once you move the cursor outside of the webpage, the custom cursor is correctly changed back to a standard one. However users see the cursor outside the webpage and think it is there (understandably) but it's actually inside, so the custom cursor remains in play. Chrome could potentially detect cursors where the hotspot is transparent and simply block those entirely, fixing this problem altogether, and I hope they do.
Custom cursors or standard cursor changes are entirely CSS and require no JavaScript to implement on a webpage, though of course JavaScript can be used to add or modify CSS at runtime. Blocking JavaScript will not completely protect you from this exploit.
If you think custom cursors are terrible, you are welcome to go to Windows Mouse settings and change all the cursor types to the default, and see how long it takes you to give up and change them back.
My guess is they had backups, but only on new material dating back three years. OR backups only included NEW material (so they only ever actually had a single backup copy of everything) and the process was broken and they never realized it. Three years ago they changed backup processes to one that worked and they still failed to recognize all their old backups were useless.
At least for the Service Packs (whatever they call them now) the error messages are supposedly going to be improved now. I would hope that process also makes it way to Windows Update.
The problem is you may own your computer, but Joe Average down the street does not own his computer because it was owned by a botnet years ago. I suspect Microsoft is more concerned about having millions of Windows PCs in botnets and potentially being liable for damages if Microsoft is found to have not done enough to push through updates that keep PCs patched.
They are proud of their children and want to send videos to family and friends, but don't know how the privacy features of YouTube work (or that they even exist).
In the transition time to deprecating Flash and removing it from browsers entirely, there are still sites that use Flash and users of those sites which rely on it. So, all of the browsers have a whitelist which allows some sites to continue working while preventing others from introducing brand-new Flash content. This helps with the transition. Eventually the browsers narrow this list down in scope and add more security barriers in front of Flash until they can remove it entirely. That sounds
exactly like what is happening here; the whitelist is down to two entries both of which are extremely popular sites. The whitelist and Flash itself will likely be removed at some point. I am not sure why the cause for alarm here; it wasn't too long ago that flash ran by default on ALL websites.
I think the only real point of concern here is the lack of click to play, especially since anyone can make a Flash app with who knows what spyware as content and get it uploaded as a Facebook app.
Or, you know, the "registering multiple free e-mail accounts" trick. Dots and pluses and multiple accounts are not the problem here. They have always been known and possible.
.NET Core allows you to bundle the runtime with your application so that limitation no longer exists. With.NET Core 3,.NET Core will be ready to replace.NET Framework so anyone should be able to take advantage of that capability if they want to.
Oh, and.NET Framework is built into the OS... so you usually do not need to install a runtime anyway except for 2.x/3.x which are disabled by default in modern Windows.
There are plenty of reasons but here is the simplest: because when you're dealing with HTTPS traffic, if you want to inspect or modify it, you MUST be listening at one of the endpoints, which here means inside the browser.
But you and I had to opt in to block them. This sounds like ALL Chrome users will benefit. Chrome has over 50% browser market share (thanks to Android) so this is huge.
Windows 10 no longer allows you to switch color themes so there's really no point in Google supporting that/ The only options it provides the user with are High Contrast themes (where certain colors can be customized) and dark mode (which doesn't actually adjust system colors).
This change was probably made since lots of programs don't respect system colors anyway. I used to try to set white text on a black background. Many apps hardcode black as a text color so this usually will break a number of apps.
There have been three major options... IE/Edge (they are just different versions of the same engine, and I have personally seen them share bugs), Chrome, and Firefox. With Edge gone that may downgrade the engine to rarely used (since IE and any IE/Edge reskins can still use it), leaving us with just Chrome and Firefox. Easier for web developers as well as malware developers: a double-edged sword.
Seriously this is what I call the cycle of/r/chrome because I see it all the time on there.
Chrome team introduces a new feature or a change, hides it behind a flag so they can privately test it or do a/b testing or whatever.
Nobody notices or cares.
Chrome team feals the feature/change is stable and turns it on for everyone.
Vocal minority hates it.
Someone finds the flag and realizes it can be used to revert the change, ignoring the big warning at the top of the page that flags may disappear for any reason.
Vocal minority is happy and thinks they have solved their problem.
Chrome team does cleanup and removes dead code and flags they no longer need.
"Fix" stops working, vocal minority is outraged and claims they will switch to Firefox.
Nobody actually switches to Firefox. The whole thing is soon forgotten.
GOTO 10
Honestly the changes aren't even all that big. The most noticeable changes are the tab design and the moving of the profiles button one inch down. Given that the tabs were ALWAYS the same shape, I'm not sure how changing that shape now makes it difficult to tell sites apart when it didn't before. If it's difficult now, it was difficult then, and it was probably difficult in every other browser. Get the site's creator to invest in a good favicon and now you can tell it apart. Chrome can only show you what the site has configured.
Also if you don't like the colors, fix it yourself. Chrome supports custom themes. Use one.
On a side note, related to mobile UI, Slashdot's commenting sucks on mobile. I tried to post this four times and each time my comment form would randomly get closed and cleared out while I was typing. I eventually gave up and switched to my desktop PC where I can type a comment just fine. Not to mention typing HTML codes on a mobile keyboard is a pain.
YouTube shows a lot of stuff on top of the video. Ads, the controls, recommended videos (at the end or when paused), annotations, and so forth. So it's not surprising to see an empty div over the video, since such a div was probably related to one of those items.
The summary reads like an attempt to cram as many instances of "piracy" and "hacker" into the text as possible. There are other reasons people crack their Switches or other consoles, including running homebrew or just simply to explore how these devices work behind the scenes. Not everyone who is interested in hacking their Switch is interested in pirating Switch games.
One example is the lack of save game backup support like the Wii and Wii U had. We had over a year of Switch with no mechanism for backups available. Nintendo Online allows backups but certain titles opt out and there is no solution from Nintendo for backups of those. However, hacked Switches have been able to dump saved games to SD cards for months now. The hacker community does what Nintendon't.
Slashdot Mirror
Maybe it went something like this?
Yes, it is trivial to fix, though you have to write an extension with the scary "can look at all web pages you visit" permission since it has to muck with all pages.
There's a standard mechanism to inject a script into every page that loads. You would set it to inject on every page and frame. The script should look for any a tags with the ping attribute, and remove the attribute. Then you want to set up a MutationObserver (or whatever the newer API is now?) to detect any changes to the page which could add in ping attributes to a tags or new a tags. When the event fires, you run your code again to scan for a tags with ping attributes and remove the attributes.
That's the basic functionality and it would not take long to make. You'd probably want to make it fancy by adding things like a pings blocked counter or whatever which would take longer. Such extensions probably already exist.
You can make the links work properly when right clicked, the problem is whoever coded it didn't care enough to make that happen.
The proper way to do it is to make it a normal link, but then hook up some JavaScript that stops the default link behavior and/or does something extra in the background.
If you're going from that angle, it's unfair to single out Fortnite. Many games now use similar monetization mechanics including mechanics borrowed from gambling. And mobile games have done so for much longer than PC games. Banning Fortnite will not solve this problem and it's incredibly naive and short-sighted to think something else won't appear that's the same or even worse (and in fact it probably already has).
Tacoma is one of those walking simulator games, but I liked the story. It takes place in the future, and one of the things you can figure out is a bit of context about how jobs work. In the future, companies have introduced their own currency they call "Loyalty" to pay workers. However each company has its own "Loyalty" and it's a lot of trouble to switch companies as you have to exchange your "Loyalty" and you can't always do it all (it sounds like it works like college credit when you switch colleges). This article reminded me of that. I guess we're getting closer to the future.
While it's real easy to come up with ideas, in the real world they need to be viable. "Nothing bad"? How do you even define that? If I am finished with some files on my computer and I decide to wipe the whole folder out of existence how does my PC know I intended to do that, or if it is some malware trying to trick it so it can wipe out my personal files?
Running programs isolated is not a new idea. However because lots of legacy desktop apps interoperate with your files and other applications, that's not viable for normal use. Android and iOS are more recent OSs though so they don't have to worry about legacy concerns, and they do this. They also have a good permission system to only allow apps the acces they need. Users still ignore permissions prompts and install suspicious apps all the time.
I'm so happy that Chrome is the new Internet Explorer. Looks at all of the great reasons to use Chrome.
Actually this exact same exploit should work fine in IE too, including really old versions back to IE6 if not further.
My guess is they had backups, but only on new material dating back three years. OR backups only included NEW material (so they only ever actually had a single backup copy of everything) and the process was broken and they never realized it. Three years ago they changed backup processes to one that worked and they still failed to recognize all their old backups were useless.
At least for the Service Packs (whatever they call them now) the error messages are supposedly going to be improved now. I would hope that process also makes it way to Windows Update.
The problem is you may own your computer, but Joe Average down the street does not own his computer because it was owned by a botnet years ago. I suspect Microsoft is more concerned about having millions of Windows PCs in botnets and potentially being liable for damages if Microsoft is found to have not done enough to push through updates that keep PCs patched.
They are proud of their children and want to send videos to family and friends, but don't know how the privacy features of YouTube work (or that they even exist).
In the transition time to deprecating Flash and removing it from browsers entirely, there are still sites that use Flash and users of those sites which rely on it. So, all of the browsers have a whitelist which allows some sites to continue working while preventing others from introducing brand-new Flash content. This helps with the transition. Eventually the browsers narrow this list down in scope and add more security barriers in front of Flash until they can remove it entirely. That sounds exactly like what is happening here; the whitelist is down to two entries both of which are extremely popular sites. The whitelist and Flash itself will likely be removed at some point. I am not sure why the cause for alarm here; it wasn't too long ago that flash ran by default on ALL websites.
I think the only real point of concern here is the lack of click to play, especially since anyone can make a Flash app with who knows what spyware as content and get it uploaded as a Facebook app.
Gas stations do it, but they do it by offering a different $ per gallon rate for cash and credit. They're exploiting a loophole somehow.
Or, you know, the "registering multiple free e-mail accounts" trick. Dots and pluses and multiple accounts are not the problem here. They have always been known and possible.
.NET Core allows you to bundle the runtime with your application so that limitation no longer exists. With .NET Core 3, .NET Core will be ready to replace .NET Framework so anyone should be able to take advantage of that capability if they want to.
Oh, and .NET Framework is built into the OS... so you usually do not need to install a runtime anyway except for 2.x/3.x which are disabled by default in modern Windows.
Yeah if I were Google I'd look into developing my own mobile platf... oh wait.
There are plenty of reasons but here is the simplest: because when you're dealing with HTTPS traffic, if you want to inspect or modify it, you MUST be listening at one of the endpoints, which here means inside the browser.
But you and I had to opt in to block them. This sounds like ALL Chrome users will benefit. Chrome has over 50% browser market share (thanks to Android) so this is huge.
Windows 10 no longer allows you to switch color themes so there's really no point in Google supporting that/ The only options it provides the user with are High Contrast themes (where certain colors can be customized) and dark mode (which doesn't actually adjust system colors).
This change was probably made since lots of programs don't respect system colors anyway. I used to try to set white text on a black background. Many apps hardcode black as a text color so this usually will break a number of apps.
There have been three major options... IE/Edge (they are just different versions of the same engine, and I have personally seen them share bugs), Chrome, and Firefox. With Edge gone that may downgrade the engine to rarely used (since IE and any IE/Edge reskins can still use it), leaving us with just Chrome and Firefox. Easier for web developers as well as malware developers: a double-edged sword.
Nobody could have seen that coming!
Seriously this is what I call the cycle of /r/chrome because I see it all the time on there.
Honestly the changes aren't even all that big. The most noticeable changes are the tab design and the moving of the profiles button one inch down. Given that the tabs were ALWAYS the same shape, I'm not sure how changing that shape now makes it difficult to tell sites apart when it didn't before. If it's difficult now, it was difficult then, and it was probably difficult in every other browser. Get the site's creator to invest in a good favicon and now you can tell it apart. Chrome can only show you what the site has configured.
Also if you don't like the colors, fix it yourself. Chrome supports custom themes. Use one.
On a side note, related to mobile UI, Slashdot's commenting sucks on mobile. I tried to post this four times and each time my comment form would randomly get closed and cleared out while I was typing. I eventually gave up and switched to my desktop PC where I can type a comment just fine. Not to mention typing HTML codes on a mobile keyboard is a pain.
YouTube shows a lot of stuff on top of the video. Ads, the controls, recommended videos (at the end or when paused), annotations, and so forth. So it's not surprising to see an empty div over the video, since such a div was probably related to one of those items.
We'll see an upsurge in browser extensions which strip referrer from affected sites and life will go on.
Also pirate sites will just link to referrer-stripping services instead of direct linking. It'll just turn into a different type of whack-a-mole game.
The summary reads like an attempt to cram as many instances of "piracy" and "hacker" into the text as possible. There are other reasons people crack their Switches or other consoles, including running homebrew or just simply to explore how these devices work behind the scenes. Not everyone who is interested in hacking their Switch is interested in pirating Switch games.
One example is the lack of save game backup support like the Wii and Wii U had. We had over a year of Switch with no mechanism for backups available. Nintendo Online allows backups but certain titles opt out and there is no solution from Nintendo for backups of those. However, hacked Switches have been able to dump saved games to SD cards for months now. The hacker community does what Nintendon't.