Cookies have limitations. Evercookie helps me overcome some of those limitations. That could be a good thing and that could be a bad thing depending on who is using it and for what purpose. It also depends on whether you are iformed of this use.
But what evercookie is doing is NOT blackhat and is perfectly acceptable. There is nothing hidden about what Evercookie is doing. Now someone could use the technology that evercookie is offering in an unacceptable way that is no more the fault of evercookie than copyright infringment is the fault of the internet.
I think apple is riding on its marketing success with the iphone which rode on the marketing success of the ipod.
Or perhaps people like devices that pack a lot of functionality into a small footprint.
I'm old but I loved the walkman because it was small. I loved the iPod because it was small, I love my iPhone because it is small, and I love the small size of the iPad.
I have a web based application that uses cookies to validate a single machine, or a group of machines.
An administrator goes to each machine and logs in as the administrator and clicks "AUTHORIZE" this authorizes this machine for use. If a user attempts to use the application on any other machine/browser they will not be allowed access.
When a user uses the machine the cookie is rewritten with session information and that last used session validates the next use. The means the "valid" cookie changes with each new session. This makes copying the cookie difficult.
The application is a Time Clock and is designed with the premise that trust must be ensured to both the employee and also to the employer. So by design employees and also employers are not able to change any punch data, but employers are able to add notations that include adjustments.
I can see that evercookie would be a great way to allow my users to create more resilient cookies. I wonder if using cookies that are not the same but keypairs would help in my situationto to validate the machine more accurately. That way simply copying the cookie without copying the RGB data would not be sufficient to spoof a machine/browser. Hmmm. Interesting.
No, what he is doing is not wrong. What others might do with it may be wrong. Using your logic we should outlaw copiers as they might be used for copyright infringment.
I use web applications that I want to follow me from browser to browser, I want it to know who I am, and I want it to be convenient. Just because you see no positive use cases for this kind of thing doesn't mean anyone using it is using it for nefarious purposes.
I wholey agree that doing this sort of thing without someones consent or permission is wrong. That doesn't mean doing it is wrong.
i think what you meant to say is "...grammar Nazis stating i can not...
I think what you meant to do was CAPITOLIZE the letter i.
I think you meant capitalize.
This kind of recursion could co on forever, the only way to terminate it is to have a grammatically correct response, that is spelled correctly, with correct punctuation etc. and without runon sentences and also following all the correct rues of the queens english etc. etc. etc.
Awseome, now if you could also tell me how to disable it in all the 100,000+ other websites and programs and im clients and and and... Then I will refrain from stating that it annoys me.
Like I'd settle for like an e-mail program that like just strips out the like all the like emoticons and LOLz and like makes people write like someone like writing, and not like someone like writing while simultaneously trying to like communicate body language.
You must know there is a difference between Apple pulling something because they don't like it, and getting a legal order to remove an application?
I agree there is a difference, and I agree it is a big difference. I guess my point wasn;t so much that se they do it too but the point that BIG corporations like to hold the keys so to speak.
"blah...blah... has notified Google/Apple to remove all blah... blah... from Android Market/the App Store. I am one of the developers of blah... blah... I have received an email warning that my blah... was suspended from Android Market/The App Store due to a violation of...
Did this get mixed up I thought Apple and the app store did stuff like this. I thought Google was open, free and...
Personally, I think the best solution that would allow all the use-cases I mentioned (most of which are hacks to get around flaws in browsers' Ajax implementations) would be to allow only pages that have been specifically declared to be frame-able to be put in frames.
Exactly. Can anyone think of a reason this would not work?
the Web designers are told to design to make IE work first, Safari on iPhone second, Firefox or Safari third, and worry about the rest of the pack when time permits.
If the web designers are smart they will make it work first on Safari, or Firefox, or Chrome, or whatever they believe to be most compliant. Then that arduous process of getting it to work with IE will be easier. You have to start with a level or a plumbline when building a house and that is how you should start when building a web application. IE can be coaxed into working correctly but trying to do it the other way will only cause major problems.
I leave all my vehicle keys in my vehicles, my wife does the same.
When we were first married we had our vehicle stolen 4 times. The last time it was stolen the insurance agent asked if I had locked the doors. I told him I quit locking it because I didn't want the thieves to break the window. He looked at the history and noticed that they had replaced the window the other times. So for me I just decided I like the convenience of just leaving my keys in the vehicle.
Slashdot Mirror
Cookies have limitations. Evercookie helps me overcome some of those limitations. That could be a good thing and that could be a bad thing depending on who is using it and for what purpose. It also depends on whether you are iformed of this use.
But what evercookie is doing is NOT blackhat and is perfectly acceptable. There is nothing hidden about what Evercookie is doing. Now someone could use the technology that evercookie is offering in an unacceptable way that is no more the fault of evercookie than copyright infringment is the fault of the internet.
I think apple is riding on its marketing success with the iphone which rode on the marketing success of the ipod.
Or perhaps people like devices that pack a lot of functionality into a small footprint.
I'm old but I loved the walkman because it was small. I loved the iPod because it was small, I love my iPhone because it is small, and I love the small size of the iPad.
Good.
Well, actually there are other ways to do it like putting that infomation in the URL, or hidden form elements, or http://samy.pl/evercookie/...
Here is what evercookie tells me when I go there...
Cookie found: id = 34452062
cookieData mechanism: 34452062
localData mechanism: 34452062
globalData mechanism: undefined
sessionData mechanism: 34452062
historyData mechanism: undefined
dbData mechanism: 34452062
pngData mechanism: 23235035
lsoData mechanism: 34452062
Interesting to note that on my system the pngData doesn't match the rest. Perhaps thats because I am using OS X with Safari and ColorSync.
For that you would want the server to enforce IP security, and alternatively... put a cookie there, but looks like were full circle again.
I have a web based application that uses cookies to validate a single machine, or a group of machines.
An administrator goes to each machine and logs in as the administrator and clicks "AUTHORIZE" this authorizes this machine for use. If a user attempts to use the application on any other machine/browser they will not be allowed access.
When a user uses the machine the cookie is rewritten with session information and that last used session validates the next use. The means the "valid" cookie changes with each new session. This makes copying the cookie difficult.
The application is a Time Clock and is designed with the premise that trust must be ensured to both the employee and also to the employer. So by design employees and also employers are not able to change any punch data, but employers are able to add notations that include adjustments.
I can see that evercookie would be a great way to allow my users to create more resilient cookies. I wonder if using cookies that are not the same but keypairs would help in my situationto to validate the machine more accurately. That way simply copying the cookie without copying the RGB data would not be sufficient to spoof a machine/browser. Hmmm. Interesting.
No, what he is doing is not wrong. What others might do with it may be wrong. Using your logic we should outlaw copiers as they might be used for copyright infringment.
I use web applications that I want to follow me from browser to browser, I want it to know who I am, and I want it to be convenient. Just because you see no positive use cases for this kind of thing doesn't mean anyone using it is using it for nefarious purposes.
I wholey agree that doing this sort of thing without someones consent or permission is wrong. That doesn't mean doing it is wrong.
hurtling
?
Mostly agreed, except on the bonjour point. You really ought to learn about what it is and what it does.
Sweet. I can disable em for myself, ... but how about the guy reading my code? Will it be disabled for him as he is reading it?
i think what you meant to say is "...grammar Nazis stating i can not...
I think what you meant to do was CAPITOLIZE the letter i.
I think you meant capitalize.
This kind of recursion could co on forever, the only way to terminate it is to have a grammatically correct response, that is spelled correctly, with correct punctuation etc. and without runon sentences and also following all the correct rues of the queens english etc. etc. etc.
Stop the madness.
Awseome, now if you could also tell me how to disable it in all the 100,000+ other websites and programs and im clients and and and... Then I will refrain from stating that it annoys me.
Like I'd settle for like an e-mail program that like just strips out the like all the like emoticons and LOLz and like makes people write like someone like writing, and not like someone like writing while simultaneously trying to like communicate body language.
Which curated platform would you like today Apple iPhone or google Android?
(FF, FM, MF or MM)
FF is not possible
FM is not possible
Yep, your right, and when it all blows up the guy who made those decisions WILL wisen up.
No, it punishes Microsoft. Hopefully it will help to wisen up users and admins that use Microsoft.
You must know there is a difference between Apple pulling something because they don't like it, and getting a legal order to remove an application?
I agree there is a difference, and I agree it is a big difference. I guess my point wasn;t so much that se they do it too but the point that BIG corporations like to hold the keys so to speak.
"blah...blah... has notified Google/Apple to remove all blah... blah... from Android Market/the App Store. I am one of the developers of blah... blah... I have received an email warning that my blah... was suspended from Android Market/The App Store due to a violation of...
Did this get mixed up I thought Apple and the app store did stuff like this. I thought Google was open, free and...
Personally, I think the best solution that would allow all the use-cases I mentioned (most of which are hacks to get around flaws in browsers' Ajax implementations) would be to allow only pages that have been specifically declared to be frame-able to be put in frames.
Exactly. Can anyone think of a reason this would not work?
Can you say that a bit slower I am missing how/what happened that someone could execute code on your server using frames.
Any external projects like that, because I was assuming external public facing projects when I wrote what I did.
Internal projects are much more controlled environments than the wild wild web.
You are in IT, you do what management tells you.
You miss the point. The shortest route to a cross browser solution is the way I propose.
If you are saying that management dictates an IE ONLY solution then I will have to ask for a citation as that does not seem plausible to me.
the Web designers are told to design to make IE work first, Safari on iPhone second, Firefox or Safari third, and worry about the rest of the pack when time permits.
If the web designers are smart they will make it work first on Safari, or Firefox, or Chrome, or whatever they believe to be most compliant. Then that arduous process of getting it to work with IE will be easier. You have to start with a level or a plumbline when building a house and that is how you should start when building a web application. IE can be coaxed into working correctly but trying to do it the other way will only cause major problems.
I leave all my vehicle keys in my vehicles, my wife does the same.
When we were first married we had our vehicle stolen 4 times. The last time it was stolen the insurance agent asked if I had locked the doors. I told him I quit locking it because I didn't want the thieves to break the window. He looked at the history and noticed that they had replaced the window the other times. So for me I just decided I like the convenience of just leaving my keys in the vehicle.
And remember, folks, lawsuits fabricated is an anagram of aw! fast is lubricated.
I liked this one...
audible fascist wart