An easy solution to this was pointed out in that article: limit the number of input parameters.

And Apache Tomcat already has a release that does just this with a customizable property. The default is set to 10,000 parameters. If you use Tomcat as your servlet engine, then it should be resolved with 7.0.23 or 6.0.35.

A direct quote from the article:

The Ruby Security Team was very helpful in addressing this issue and both CRuby and JRuby provide updates for this issue with a randomized hash function (CRuby 1.8.7-p357, JRuby 1.6.5.1, CVE-2011-4815).

Oracle has decided there is nothing that needs to be fixed within Java itself, but will release an updated version of Glassfish in a future CPU (Oracle Security ticket S0104869).

Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection.

I won't have to worry about my credit card information being stolen, since my credit card has already been compromised since the last time I used Stream!

...

Twice.

Hooray for the credit card system! And the dependency on stupid companies to maintain this information!

(And no, I don't shop around on "suspicious" websites or anything. But, because they'll never tell me who compromised my information, I can't determine which merchants to no longer use.)

It's simple: tattoo a unique face (that isn't yours) to the pad of your thumb. Then just hold your thumb up to the camera!

It's two! two! two biometrics in one!

There's a bit more to it. Sure, if your app is trivial, then adding another platform is a simple formula of cost vs profit. But, for any app with any real complexity, each platform you write a native app for increases your design complexity in a non-linear fashion.

For example, if you have just one platform, adding a feature is a simple process of of writing that feature, testing (etc), and deploying.

Now, if you have two, you need to write the feature twice, test it twice, and coordinate deployment across multiple app stores while ensuring compatibility (if the platforms interact in some way). You've now more than doubled the workload for the second device, if nothing else, because of the deployment issues.

This also doesn't take into account the additional design costs if you are trying to builds a good, professional app that integrates with the device's OS. Or the fact that you may have to design to the lowest-common denominator for the two platforms, instead of focusing on what works best for that platform. Or that you now have to double your support efforts, which can be difficult for your support team unless you want different teams for each device, and may negatively affect the perception of your current platform.

Add a third, and the complexity ratchets up even faster.

Another key is a basic cost-benefit analysis: if you focus on one platform, you may be able to put the additional resources into improving that product at a faster rate. (Of course, this is only true if you have equally-capable resources.)

So, you've got to look at more than just a simple cost vs profit on a per-platform basis. It's total cost increase and potential negative effects against your current platform vs the new platform's potential profitability.

I'm not saying what you are saying is false, but if I did the math right, you are saying that you are only seeing about 13.5% as much email (total) as last year?

I got this by assuming that non-spam mail was constant, and calculating the difference between a body of mail that was 98.8% spam and 91.2% spam.

For example, using a fixed value of 1 email for non-spam, you should be getting 83.33 spam messages at 98.8%, and only 11.36 spam messages at 91.2%. (83.33/(1+83) = .988)

To me, a reduction down to 13.6% (11.36/83.33) of your previous amount of spam in one year seems more amazing than anything else.

Ewww - that's makes them sound like an STD. At the very least, you should probably wash your hands before returning to work.

I can explain it easily: I hadn't clicked "Get More Comments" at the bottom before replying. I apologize for being "redundant" - but when I replied, the original message didn't show any responses. I certainly wouldn't have written in otherwise!

Don't get too upset! :-)

It's kinda funny, really. Gotta love the New Slashdot(TM)

Have to correct you here: In JavaScript, ALL variables that are not explicitly declared with var are declared global. It's without question the worst "feature" of JavaScript. In your example, both x and y are global. The correct example code is:

x = 2; function test() { var y = x + 3; }

However, like almost all problems with JavaScript, running your scripts through Douglas Crockford's JSLint (and strictly adhering to it) pretty much eliminates that issue. It can be run on the command line as part of a build script, and has really helped me write much better JS code.

I would totally play that game!

If you've seen the movie Traitor, there's an interesting line in it, paraphrased as:

The character's underlying meaning is that an act of terrorism on a democratic country is acceptable because the people of the country are responsible for that government's choices.

I disagree that a true "act of terrorism" is ever acceptable, but I sadly agree that we, at least partially, are individually and personally responsible for the actions of our government.

If nothing else, it at least is an interesting way to look at it.

Funny, when I visit that link I hear a long stream of vulgarity, followed by some legible sentences. The legible stuff sounds like:

"Who the **** designs a ******* window so ******* small that you can only see FOUR ******* websites at a time?? ******* Adobe!"

The stupid box takes up less than 1/16 of my browser window. That's a great design.

On top of that, the idiot designers made the scrollbar grip without a minimum vertical height, so that it shrinks to a single pixel high. That's great.

That's completely beside the fact that, by default, websites can store huge amounts of data via Flash, even if I have cookies disabled. Thankfully, there's FlashBlock.

From WikiPedia: