it's such an obvious misstep, i have to believe it was intentional to make all their twits feel relieved that "the good folks at twitter fixed the virus"... they'll never know it was the incompetence of those same folks that the exploit existed in the first place
yes, but NEW SERVICES UTILIZING "core HTML/JavaScript" have their own syntax and internal interfaces... such as the t.co service EXPLOITED IN THIS CASE.
you are so dumb.
emphasizing sanitizing output allows you to keep the users originally provided input for reference. if you've never needed such a reference i'd argue you probably don't do this for a living.
i never said anything about feces or bestiality. someone else, likely you, pathetically and cowardly registered a username in my given name's likeness and attempted to hijack my identity and disrespect my wife.
you are a coward.
if you present yourself, and admit to these actions, i will kill you. this is a simple fact i'm sure you're aware of. i'm not a gun nut... i'm a man with a gun and a disrespected wife, hunting a coward.
is this still the guy i got expelled from college? bitter about that child porn i reported to the dean that was on your student file server account? you've moved on to fantasizing about bestiality?
because the raw input should be stored in case additional sanitation processing is required in the future. re-sanitizing might not be feasible as new special characters were introduced to replace old.
this is about sanitizing OUTPUT... there is probably someone in the company like you that handles output sanitation by completely ignoring it and doing all sanitation on the input side... then they are switched to a different team or a new feature is thrown in the mix that doesn't comply with the standards used in different teams... boom. billion dollar company looks like chumps. children playing on daddy's computer. certainly not to be trusted.
a web application allowing users to output html that can alter layout, or javascript that can be executed is such a giant fail, that twitter should seriously consider firing the highest members of it's management staff responsible for code architecture review.
as is always the case, they'll claim it passed regression testing, so there was nothing they could do... but the simple fact is they failed at creating viable regression tests.
this is kindergarten CS stuff... these are the developers the big name outfits are hiring? do they work in the US? did anyone check their resumes?
i don't mean to be rude, but how about you just make an audio recording of you live streaming from one machine to another? a video maybe? do you have a digital camera that can take videos?
1 picture... 1000 words, and such. i could have made a video of this comment and uploaded it to youtube faster than i could type and post it.
i understand latency might not be an issue for the intended application, but developers choosing which codec is best for their own applications will certainly require initial response delay and continued latency numbers to make informed decisions.
i agree latency SHOULD NOT be an issue. my issue was determining IF latency IS an issue.
bruce has stated a.1 second total codec processing time on the 3.75 sec audio sample. i don't know what that means for response times, or how they change with longer or shorter or streaming audio samples. what happens if a stream is interrupted? how many frames are lost? is there a noticeable audible byproduct of lost or damaged data?
yeah, this is what i'm trying to figure out... sally says "hi"... how long until bob hears her.
.1 seconds does bode well for an eventual lower level implementation. 3.85 seconds and you might as well trash it, but i'm almost certain that isn't the case as the phrase "real-time" was thrown out a few times.
if the spec says USER A can choose to allow HOST A to interact with HOST B using USER A's secure credentials... and your only argument is that such a policy is not a "valid security policy"
Which is why it's an issue with BOTH the spec and the implementation.
NO, you gimpy idiot. it's why YOU BELIEVE there is an issue.
there is no implicit exploitable security flaw in allowing a user to have a system do what they wish of it. the max OS X interface allows me to enter a "Speak Text" dialog... i could put my password in and everyone in earshot would know it. does that mean it's an issue with the OS?
perhaps your mother prefers when i post using fresh accounts with my given name to make apparent the flaws of building systems of control that limit the potential of 1 user, but don't limit the ability of 1 person to create and function as multiple users.
it could take 16MB/s and still function in real time over the internet for me... my problem isn't that the latency wasn't shown, it was that the bitrate WAS shown BUT the latency wasn't shown.
also, considering the advantages of using lower bitrate voice codecs, the ability to implement the encoder and decoder algorithms directly in very low transistor count custom hardware would appeal to the same crowd... so not just latency in terms of x86 instructions per second, but the ability to implement those instructions in hardware.
i am concerned about bruce's use of the term "real time"... either he is implying there is no noticeable latency to him, (which is irrelevant to me as numerous others claim skype video chat is "real time", and also impossible given the implicit time consuming process of encoding), or he's cleverly stating that the time it takes to encode is the real time it takes to encode. it's not the fake time. it's real time.
again, i assume, and it seems i'm correct to do so, that the codec is "very usable"... i won't be trying it as i have no need for it.
Slashdot Mirror
it's such an obvious misstep, i have to believe it was intentional to make all their twits feel relieved that "the good folks at twitter fixed the virus"... they'll never know it was the incompetence of those same folks that the exploit existed in the first place
you are so dumb.
emphasizing sanitizing output allows you to keep the users originally provided input for reference. if you've never needed such a reference i'd argue you probably don't do this for a living.
you're an idiot.
i never said anything about feces or bestiality. someone else, likely you, pathetically and cowardly registered a username in my given name's likeness and attempted to hijack my identity and disrespect my wife.
you are a coward.
if you present yourself, and admit to these actions, i will kill you. this is a simple fact i'm sure you're aware of. i'm not a gun nut... i'm a man with a gun and a disrespected wife, hunting a coward.
is this still the guy i got expelled from college? bitter about that child porn i reported to the dean that was on your student file server account? you've moved on to fantasizing about bestiality?
you are NOTHING
can you prove there isn't exploit potential in the m.twitter.com interface?
this is about sanitizing OUTPUT... there is probably someone in the company like you that handles output sanitation by completely ignoring it and doing all sanitation on the input side... then they are switched to a different team or a new feature is thrown in the mix that doesn't comply with the standards used in different teams... boom. billion dollar company looks like chumps. children playing on daddy's computer. certainly not to be trusted.
the issue was with sanitizing database OUTPUT.
little bobby tables wouldn't even allow such a trivially basic error like this to make it's way onto production servers.
as is always the case, they'll claim it passed regression testing, so there was nothing they could do... but the simple fact is they failed at creating viable regression tests.
this is kindergarten CS stuff... these are the developers the big name outfits are hiring? do they work in the US? did anyone check their resumes?
this is pathetic
what am i doing wrong? i'm curious if the UI will do something that you or i would think was wrong.
when you lean forward then back then forward then back repeatedly while hiding an arm between your legs?
do those numbers mesh?
1 picture... 1000 words, and such. i could have made a video of this comment and uploaded it to youtube faster than i could type and post it.
i understand latency might not be an issue for the intended application, but developers choosing which codec is best for their own applications will certainly require initial response delay and continued latency numbers to make informed decisions.
bruce has stated a .1 second total codec processing time on the 3.75 sec audio sample. i don't know what that means for response times, or how they change with longer or shorter or streaming audio samples. what happens if a stream is interrupted? how many frames are lost? is there a noticeable audible byproduct of lost or damaged data?
i was never worried. you're an idiot.
heavy or not at all
you're a presumptuous IDIOT.
you're an ignorant hypocrite.
until you provide a SINGLE PROVABLE FACT, you are NOTHING
you are NOTHING
ur mum's face amuse me
if the spec says USER A can choose to allow HOST A to interact with HOST B using USER A's secure credentials... and your only argument is that such a policy is not a "valid security policy"
Which is why it's an issue with BOTH the spec and the implementation.
NO, you gimpy idiot. it's why YOU BELIEVE there is an issue.
there is no implicit exploitable security flaw in allowing a user to have a system do what they wish of it. the max OS X interface allows me to enter a "Speak Text" dialog... i could put my password in and everyone in earshot would know it. does that mean it's an issue with the OS?
NO. it means you're an idiot.
SUCK MY TOES.
why not refine the a DSP chip architecture until it works well with the original codec? i know masks are expensive... but why not do it all the way?
you are NOTHING
you are NOTHING
also, considering the advantages of using lower bitrate voice codecs, the ability to implement the encoder and decoder algorithms directly in very low transistor count custom hardware would appeal to the same crowd... so not just latency in terms of x86 instructions per second, but the ability to implement those instructions in hardware.
i am concerned about bruce's use of the term "real time"... either he is implying there is no noticeable latency to him, (which is irrelevant to me as numerous others claim skype video chat is "real time", and also impossible given the implicit time consuming process of encoding), or he's cleverly stating that the time it takes to encode is the real time it takes to encode. it's not the fake time. it's real time.
again, i assume, and it seems i'm correct to do so, that the codec is "very usable"... i won't be trying it as i have no need for it.