JavaScript runs on the client machine only, yes, however depending on what server provides the JavaScript you can do certian things. eg JavaScript you download from slashdot.org can manipulate slashdot.org cookies, JavaScript you download from gmail.com can manipulate gmail.com cookies, JavaScript run on a webpage on your account can do anything your account can do. So when you can inject JavaScript into another website you can set up a JavaScript so that the websites of the users will send their cookies to you, which you can then use to log on.
It's called cross site scripting, and it's a pretty serious vulnerability.
Directed at everyone who thinks they can put a mike on the door, take a recording, and be able to replay the sequence to get entry later; you apparently haven't heard of rolling keys. They're why a criminal can't unlock your car by replaying the radio signals your keyring remote sent.
Basically both the knocker and lock have a microcontroller inside which run a stream cipher and share the same key. When the reciever detects knocking it generates the correct code, and if it matches it unlocks and then increments the position in the cipher so the next knock will have to match the next code in the stream. Once used a code is useless.
Sounds like a pretty good idea to me anyway. I'm not sure why they don't use radio signals instead though, or a keypad on the wall, just for the sake of convenience.
I don't understand why the/. crowd is becoming more hostile towards Google. They're doing business in China, just like Microsoft and Yahoo!, because if they don't others will anyway. Google is defending our privacy by saying no to the DoJ, and even if they end up getting overturned it's a bunch of search queries.
What are people worried that Google know about them? So you have an account and Google has your unencrypted non-private correspondance (mailing lists and such), a list of your search queries (the ones which you aren't concerned enough about to log off your account to run), and (if you haven't got adblock/cookie filtering) can track which adwords sites you've been on. What insights into your personal life can they gain from this? What's the concern? Seems like a load of FUD to me, and I'm just surprised the slashdot crowd is running with it.
Different frequencies of radio waves get absorbed by different things. Microwaves, X-rays, ultraviolet light, and gamma rays, for example, are small enough to be absorbed by our bodies, so they're a potential health concern. Radio waves transmitted by radio stations are much larger so they can work their way around things which are in the way, and need long antennae to be absorbed, so aren't a health concern.
Also the amount of waves you send is important as well as the frequency. WiMAX, for example, operates in the same band as a technology generated by the military to incapacitate enemy troops(!), but it couldn't be harmful because it's not aimed in any direction in large enough amounts to have any noticeable effect.
But yeah, banning wifi for health concerns is bogus. I'd expect this from a scare tactics journalist but not from the head of a university.
Okay this is going to be a bit of a long post but if you're unfamiliar with breeder reactors this is worth a read:
For use in the most common reactors you need to have a 5:95 mix of uranium-235:uranium-238 , but uranium ore is only 1% U-235, and the rest is U-238. So out of a batch of 100kg of ore you'll get ~1kg of U-235, so only ~10kg of reactor fuel.
The rest of the uranium-238 is depleted uranium waste; it's not pleasant stuff and we've got a whole bunch of it (the US alone has hundreds of thousands of tonnes) lying around. Going at the rate we're mining uranium ore we have, apparently, around 50 years of enrichable uranium ore left.
But uranium-238 isn't waste, at least not to a breeder reactor; when it accepts a neutron it becomes plutonium-239, which is a fissile fuel. In fact 1/3 of the power generated, even in conventional nuclear reacors, is from fission of plutonium-239 produced from uranium-238.
Basically put lots of uranium-238 into a reactor with a radioactive fuel which gives off a load of neutrons, and you're turning nuclear 'waste' back into nuclear fuel!
Fast breeder reactors use plutonium as the initial charge to get non-enriched uranium going (remember plutonium is produced in the reaction, so no worries about plutonium running out), and thermal breeder reactors use thorium, which is about as abundant as lead, to keep it going.
Using breeder reactors we've got all the nuclear fuel we'll possibly need; apparently in the range of 10,000 to five billion years worth. Also because actinide waste products are reprocessed and reused the spent fuel is less harmful, either being stable, or very unstable and having a short half-life (thus decaying and becoming stable).
This isn't science fiction either; Russia is using a breeder reactor at the moment, and India and China are planning to build their own (India is where most of the world's Thorium is so it's a natural choice for them). The reason it's not widely used is because it's slightly more expensive than using 5% uranium-235, and why use an expensive process when you can use a cheaper one.
So basically although electricity may get slightly more expensive we'll always have it available from breeder reactors. For me the real mystery is why environmentalists aren't crazy about this, taking nuclear waste and generating energy and non-radioactive waste? Sounds like an environmentalist's dream, but I guess they just can't see past the N-word.
Yeah damn GNOME, every other software name makes sense.. Like grep, awk, nano, vim, Skype, Outlook, Firefox, Safari, QuickTime, Atmosphere, Lazarus, etc, etc.
The worst thing is that if it were called gFontFinder you would be moaning about using 'g' at the start of every app to distinguish between GNOME FontFinder and KDE FontFinder. And if GNOME used FontFinder and KDE used FindFont you'd be moaning about how it's too confusing.
Humour isn't a meme, though you might consider a certain style of comedy a meme, just like the ability to speak a language isn't a meme, though a language itself is.
With the amount of datacenters google has all over the globe how can you possibly think it can be done for free? And of course you can't effectively distribute a search engine over PC sized nodes.
I'd almost go so far as to say the idea of a free search engine which is as popular as google is almost as realistic as the idea of Tibet being freed.
There's a difference beetween using search queries to show relevant ads (which is what happened from day one) and using personal files, e-mails, AdWords, and user profiling to show relevant ads.
I don't know why people give Advent Children so much praise. I completed FF7, it was one of the best games I've ever played, but I thought Advent Children was mediocre at best.
Spoilers!
First off where did the other SOLDIER members come from? If a sequel relies on being able to sneak entirely new charecters in and pretend they were there all along then it's not going to be a great sequel.
Why does Jenova's cells + an ex SOLDIER member = Sephiroth? Sephiroth is himself an ex SOLDIER member.. Again this just seemed like an excuse to bring him back for a quick rumble. Why did Kadaj rally up all those children for the re-union when in the end just him and Jenova's cells did the job?
Why the corny dialogue? If you haven't watched this get ready for all the hilarious mid battle "you're late" comments you can handle. Why did they have to make the ex SOLDIER members cry to show some kind of instablity?
The one part which was true to the game was the random battles; about half of them were pointless and just happened for the sake of a fight scene.
'Re-union'? In the game the re-union was to bring back Jenova, this is what I was hoping to see, but instead it brings back Sephiroth for some reason.. This film gives you the impression that the writers didn't understand the game very well.
There were a couple of good fight scenes, and the graphics and soundtrack were pretty good, but the storyline blew chunks. This is fine for movies marketed to people who like this sort of thing, but FF7 players will be watching the sequel for the storyline.
So most of it's pretty incomprehensible unless you've played FF7, yet if you've played FF7 you won't like the film because the storyline was severely lacking. So who's the intended audience?!
I'll be one of the ones not buying the DVD after having downloaded it.
Here in Australia we're also having a strangley cold summer. IANAG so this might be evidence for or against global warming, or have nothing to do with it.
If it's more convenient we'll keep on wasting energy. The worst part is the standby circuits use practically no power compared to the transformers, which waste far more energy as heat than the standby circuitry uses.
There should be a seperate battery power source powering the suspend-mode circuitry, which lets current into the transformer to provide the power needed for normal operation.. But of course this would cost extra, and consumers wouldn't pay extra for it even if it saved money on power bills in the long run.
Who added the "and therefore its processing power" to the quote? Was it the reporter or someone from Intel? Moores law has nothing to do with processing power.
Moore's law has everything to do with processing power.. Transistor count is related to processing power in the same way the number of bricks are related to the size of a house. You can get a larger house out of the same number of bricks if you design it well, but more bricks means a larger house.
You're right, if it's more convenient we'll keep on wasting energy. The worst part is the standby circuits use practically no power compared to the transformers, which waste far more energy as heat than the standby circuitry uses.
There should be a seperate battery power source powering the suspend-mode circuitry, which lets current into the transformer to provide the power needed for normal operation.. But of course this would cost extra, and consumers wouldn't pay extra for it even if it saved money on power bills in the long run. "A DVD player with the same basic features which is $5 more? Why would I go for that one?"
Most of the most glaring Windows XP security problems (being in the Admininstrators group by default, being allowed to write anywhere by default, having the firewall off [pre-SP2] by default) were there to preserve compatibility with previous versions of Windows.
Will Vista comprimise on security, or compatibility?
OS X/Linux/*BSD are designed from the ground up to be immune to the kinds of attacks that Windows gets constantly pounded by.
They couldn't have been designed from the ground up to be immune viruses because they were designed before they were even around.
Common e-mail viruses have nothing to do with the specific operating system anyway; user opens a file he gets in an e-mail, it sends itself to other e-mail addresses it finds. There's no reason you couldn't write a virus to do it for UNIX, other than it wouldn't spread because there are so few people who use UNIX and would execute an e-mail attachment.
This sort of blind overconfidence is exactly what the article was talking about..
By the way has anyone seen the new Dell laptop which can play media without booting into Windows? If Apple did this market analysts would predict the end of TVs as we know them and Mac daddys everywhere would cream themselves, but when Dell do it no-one raises an eyebrow.. That's the Steve Jobs effect.
I know I'm going to lose karma for this but there's more to Apple than Steve Jobs.. Attributing all of Apple's recent success to him is insulting to everyone working behind the scenes. Jobs' role is more of a public face than anything else, and he's damn good at this, but Jonathan Ive probably deserves the credit more.
Besides if Dell had brought an iPod to market first they'd have called it the MJS P440 or the Musicon 5500.
Slashdot Mirror
Exactly, and Edison knew that pissing onto a source of DC is much less harmful than pissing onto a source of AC.
JavaScript runs on the client machine only, yes, however depending on what server provides the JavaScript you can do certian things. eg JavaScript you download from slashdot.org can manipulate slashdot.org cookies, JavaScript you download from gmail.com can manipulate gmail.com cookies, JavaScript run on a webpage on your account can do anything your account can do. So when you can inject JavaScript into another website you can set up a JavaScript so that the websites of the users will send their cookies to you, which you can then use to log on.
It's called cross site scripting, and it's a pretty serious vulnerability.
Directed at everyone who thinks they can put a mike on the door, take a recording, and be able to replay the sequence to get entry later; you apparently haven't heard of rolling keys. They're why a criminal can't unlock your car by replaying the radio signals your keyring remote sent.
Basically both the knocker and lock have a microcontroller inside which run a stream cipher and share the same key. When the reciever detects knocking it generates the correct code, and if it matches it unlocks and then increments the position in the cipher so the next knock will have to match the next code in the stream. Once used a code is useless.
Sounds like a pretty good idea to me anyway. I'm not sure why they don't use radio signals instead though, or a keypad on the wall, just for the sake of convenience.
I don't understand why the /. crowd is becoming more hostile towards Google. They're doing business in China, just like Microsoft and Yahoo!, because if they don't others will anyway. Google is defending our privacy by saying no to the DoJ, and even if they end up getting overturned it's a bunch of search queries.
What are people worried that Google know about them? So you have an account and Google has your unencrypted non-private correspondance (mailing lists and such), a list of your search queries (the ones which you aren't concerned enough about to log off your account to run), and (if you haven't got adblock/cookie filtering) can track which adwords sites you've been on. What insights into your personal life can they gain from this? What's the concern? Seems like a load of FUD to me, and I'm just surprised the slashdot crowd is running with it.
How? How would this be even theoretically possible without hardware enforcement?
Different frequencies of radio waves get absorbed by different things. Microwaves, X-rays, ultraviolet light, and gamma rays, for example, are small enough to be absorbed by our bodies, so they're a potential health concern. Radio waves transmitted by radio stations are much larger so they can work their way around things which are in the way, and need long antennae to be absorbed, so aren't a health concern.
Also the amount of waves you send is important as well as the frequency. WiMAX, for example, operates in the same band as a technology generated by the military to incapacitate enemy troops(!), but it couldn't be harmful because it's not aimed in any direction in large enough amounts to have any noticeable effect.
But yeah, banning wifi for health concerns is bogus. I'd expect this from a scare tactics journalist but not from the head of a university.
Okay this is going to be a bit of a long post but if you're unfamiliar with breeder reactors this is worth a read:
For use in the most common reactors you need to have a 5:95 mix of uranium-235:uranium-238 , but uranium ore is only 1% U-235, and the rest is U-238. So out of a batch of 100kg of ore you'll get ~1kg of U-235, so only ~10kg of reactor fuel.
The rest of the uranium-238 is depleted uranium waste; it's not pleasant stuff and we've got a whole bunch of it (the US alone has hundreds of thousands of tonnes) lying around. Going at the rate we're mining uranium ore we have, apparently, around 50 years of enrichable uranium ore left.
But uranium-238 isn't waste, at least not to a breeder reactor; when it accepts a neutron it becomes plutonium-239, which is a fissile fuel. In fact 1/3 of the power generated, even in conventional nuclear reacors, is from fission of plutonium-239 produced from uranium-238.
Basically put lots of uranium-238 into a reactor with a radioactive fuel which gives off a load of neutrons, and you're turning nuclear 'waste' back into nuclear fuel!
Fast breeder reactors use plutonium as the initial charge to get non-enriched uranium going (remember plutonium is produced in the reaction, so no worries about plutonium running out), and thermal breeder reactors use thorium, which is about as abundant as lead, to keep it going.
Using breeder reactors we've got all the nuclear fuel we'll possibly need; apparently in the range of 10,000 to five billion years worth. Also because actinide waste products are reprocessed and reused the spent fuel is less harmful, either being stable, or very unstable and having a short half-life (thus decaying and becoming stable).
This isn't science fiction either; Russia is using a breeder reactor at the moment, and India and China are planning to build their own (India is where most of the world's Thorium is so it's a natural choice for them). The reason it's not widely used is because it's slightly more expensive than using 5% uranium-235, and why use an expensive process when you can use a cheaper one.
So basically although electricity may get slightly more expensive we'll always have it available from breeder reactors. For me the real mystery is why environmentalists aren't crazy about this, taking nuclear waste and generating energy and non-radioactive waste? Sounds like an environmentalist's dream, but I guess they just can't see past the N-word.
Yeah damn GNOME, every other software name makes sense.. Like grep, awk, nano, vim, Skype, Outlook, Firefox, Safari, QuickTime, Atmosphere, Lazarus, etc, etc.
The worst thing is that if it were called gFontFinder you would be moaning about using 'g' at the start of every app to distinguish between GNOME FontFinder and KDE FontFinder. And if GNOME used FontFinder and KDE used FindFont you'd be moaning about how it's too confusing.
Good point, but this effect will be reduced (or negated altogether) by the decrease in demand as people change over to other energy sources.
Humour isn't a meme, though you might consider a certain style of comedy a meme, just like the ability to speak a language isn't a meme, though a language itself is.
Something I just noticed on the official MS Vista website; http://www.microsoft.com/presspass/presskits/windo wsvista/images/image017.jpg
Are they copying Apple's Spotlight right down to the name?!
I live in Perth, and here it has definitely been a very cool summer.
With the amount of datacenters google has all over the globe how can you possibly think it can be done for free? And of course you can't effectively distribute a search engine over PC sized nodes.
I'd almost go so far as to say the idea of a free search engine which is as popular as google is almost as realistic as the idea of Tibet being freed.
There's a difference beetween using search queries to show relevant ads (which is what happened from day one) and using personal files, e-mails, AdWords, and user profiling to show relevant ads.
Spoilers!
There were a couple of good fight scenes, and the graphics and soundtrack were pretty good, but the storyline blew chunks. This is fine for movies marketed to people who like this sort of thing, but FF7 players will be watching the sequel for the storyline.
So most of it's pretty incomprehensible unless you've played FF7, yet if you've played FF7 you won't like the film because the storyline was severely lacking. So who's the intended audience?!
I'll be one of the ones not buying the DVD after having downloaded it.
Here in Australia we're also having a strangley cold summer. IANAG so this might be evidence for or against global warming, or have nothing to do with it.
If it's more convenient we'll keep on wasting energy. The worst part is the standby circuits use practically no power compared to the transformers, which waste far more energy as heat than the standby circuitry uses. There should be a seperate battery power source powering the suspend-mode circuitry, which lets current into the transformer to provide the power needed for normal operation.. But of course this would cost extra, and consumers wouldn't pay extra for it even if it saved money on power bills in the long run.
Take a polaroid of Adam Sandler, write 'the brain surgeon' at the bottom, slip it in Henry M's pocket.
You're right, if it's more convenient we'll keep on wasting energy. The worst part is the standby circuits use practically no power compared to the transformers, which waste far more energy as heat than the standby circuitry uses.
There should be a seperate battery power source powering the suspend-mode circuitry, which lets current into the transformer to provide the power needed for normal operation.. But of course this would cost extra, and consumers wouldn't pay extra for it even if it saved money on power bills in the long run. "A DVD player with the same basic features which is $5 more? Why would I go for that one?"
On the same subject:
Most of the most glaring Windows XP security problems (being in the Admininstrators group by default, being allowed to write anywhere by default, having the firewall off [pre-SP2] by default) were there to preserve compatibility with previous versions of Windows.
Will Vista comprimise on security, or compatibility?
OS X/Linux/*BSD are designed from the ground up to be immune to the kinds of attacks that Windows gets constantly pounded by.
They couldn't have been designed from the ground up to be immune viruses because they were designed before they were even around.
Common e-mail viruses have nothing to do with the specific operating system anyway; user opens a file he gets in an e-mail, it sends itself to other e-mail addresses it finds. There's no reason you couldn't write a virus to do it for UNIX, other than it wouldn't spread because there are so few people who use UNIX and would execute an e-mail attachment.
This sort of blind overconfidence is exactly what the article was talking about..
Are Symantec trying to tell us 'Dont use Spybot' or 'Use dd instead of Ghost'?.. Out of Ghost and Spybot I know which I consider more disposeable.
By the way has anyone seen the new Dell laptop which can play media without booting into Windows? If Apple did this market analysts would predict the end of TVs as we know them and Mac daddys everywhere would cream themselves, but when Dell do it no-one raises an eyebrow.. That's the Steve Jobs effect.
I know I'm going to lose karma for this but there's more to Apple than Steve Jobs.. Attributing all of Apple's recent success to him is insulting to everyone working behind the scenes. Jobs' role is more of a public face than anything else, and he's damn good at this, but Jonathan Ive probably deserves the credit more.
Besides if Dell had brought an iPod to market first they'd have called it the MJS P440 or the Musicon 5500.