Well, driving a car is the lazy ass way of getting around, but it's still more productive for humans.

As for the box shape, I agree. Most bee hives are customized by the bees, and they build for their environment as well as for honey/egg optimization. I wonder if they could make this thing in a hexagonal configuration? Since you're not needing to pull the comb, it seems to me that they could build this in any shape a bee might like.

The plastic containers may actually be a benefit to the bees, as they would have to spend less time on infrastructure. Eventually though, the thing is going to need to be cleaned. The bees will have to move out for that part.

The assets are still loaded from the same place, so AdBlock should still catch most of them with no tweaking.

I've been noticing less granular visibility in my HTML5 assets than I used to have in Flash though; Safari is the only browser that has shown me each individual asset being loaded. Adding this functionality into AdBlock/Ghostery/NoScript et al would be a great help.

One last response, and then I stop, as you've obviously got an axe to grind and my pointing out the original reasoning isn't going to change that.

See another response to my comment; a bookmarklet that does what you want. However, the idea behind the add-on is that it sticks a button in your toolbar, so you don't have to "get to the add-on".

The JS toggle in settings is global. If you have multiple tabs open, it gets turned off for ALL tabs, not just the malicious page. But then on the other side, loading a banking page in the same browser as a potentially untrusted page at the same time isn't really a good idea in the first place.

This global toggle wasn't an issue back when it existed, as web pages would load their JS on load, and that would be that -- so you'd just turn JS off, reload the malicious page, and you're done, without affecting the other pages. Nowdays with REST and dynamic page content, this doesn't work -- you disable JS and the next time an active script goes to pull down some other data and run it, things will fail in unexpected ways. You're pulling the rug out from under the scripts, and unless they were all coded well (most aren't), you're going to find that toggling the JS causes you to have to start your other tabs from scratch, potentially losing data.

Sounds like you should complain about THIS. With my settings, I always get the Oops page, and can always uncheck the bad page and keep the others. And my copy of firefox takes as long to close and re-open like this as navigating to the Prefs/Options and toggling JS would take. One of the benefits of modern Firefox is that it caches the other tabs, and doesn't re-load them to refresh data until it needs to, which really speeds things up (and also means that even if the Oops page somehow didn't come up, you can still close the malicious tab, as scripts haven't started running on it yet after load).

I recommend you take another look at AdBlock; it's much more than just an ad blocker. I have a bunch of filters in there for known malicious path fragments (including things like invoice.php and the like) -- it's a great way to prevent your browser from loading uris you never want to see.
Most people just "set and forget" AdBlock Plus, but there's a lot more you can do with it, such as blocking malicious sites or malicious site content, based on heuristics and regex substrings. I believe there's even a blocklist you can subscribe to that's all about the malicious stuff, instead of just about ads.

If you click on the widget and select "Open Blockable Items" on a malicious page, you'll get a listing of all items loaded for the page, and you can block any of them from loading. So for example, if there's a JS file that the page loads and you know it's causing you grief, you can select it and block it. And then if you want, you can block that JS file if it's loaded from ANY site, not just the one you're on. You can restrict where a domain refers you to, block specific asset types, etc.

I'm going to play Troll's Advocate for a moment. We always talk about how patent trolls contribute nothing to society. However, they DO buy the patents, which means the original holders get money from them that they can invest into something useful themselves, when otherwise they may have gone bankrupt. And the patents in a troll's portfolio are generally more solid than the ones in megacorps' war chests, because they are planning to use them in court, not just to wave around to threaten competitors. So they've got actual inventions they use, and if they truly paid the original inventors, that means Apple & co. DIDN'T.

So if the patent is unoriginal, it should be thrown out. If it isn't, Apple had no right to just steamroll over someone else's invention and force them to make back their lost money by selling their patent to someone who could afford the litigation fees.

Yeah, kind of a stretch, but we don't really get that side of the argument on here much, so I thought it was worth a try :)

The alternative is that he best represents the level of education and intelligence of his constituents....

Also an excellent solution :)

Yeah; I made extensive use of the "toggle images" button back in the day. I generally browsed with images off, and only loaded them when I needed to.

Interesting selective response.

I proposed a complicated by-page or by-site manager as something that won't break other open tabs. Feel free to propose something better, like NoScript.

The global toggle breaks things. This was obvious in the bug reports from the time when it was removed, and I have personal experience to back that up. It doesn't work with all the other modern features.

The fact that it DID work for you in a specific use case back when it existed doesn't say anything about today. I challenge you to make an add-on that does only one thing: toggles Javascript. Then use it for a while, and see what the results are. Unless you browse the web with only one window open and don't use multiple tabs, you're going to run into problems in short order -- I run into problems even when using NoScript, which has more advanced features to mitigate the issues resulting from Javascript vanishing unexpectedly on loaded pages.

Breaking malicious web pages is good (not going to them is also good) -- breaking banking pages, search pages, webmail pages, etc. is not so good.

You know what my replacement for the JS toggle was?
If a page starts messing with me, I close my browser down completely. When I re-launch, I uncheck the page that caused the problem and load the rest of my tabs. I then add said page to AdBlock. Problem solved.

I've never been stuck on a page that won't let me go anywhere.

His entire point was that HIS experience doesn't need to be the same as yours, or anyone else's. The DEFAULT one should be sane for most use cases though.

As for installing addons to disable something, the only point against that is not having those things enabled by default. But as most of the web these days doesn't work without at least some level of javascript, having a dumb toggle default to either position is pretty much useless. They COULD have a "js manager" like their cookie manager, where you could disable js for specific websites or uris you've visited, and that would be an improvement. Or a "This page requires JavaScript from these external sites -- would you like to enable it?" dialog with checkboxes on first entry to any JS-enabled page with external scripts But the global toggle would be useless unless it was in your face, and even then it would seriously mess up any other tabs you have open.

Think about ways of improving things, not ways of adding more options that just cause things to break in yet more interesting ways.

You forgot "WE would rather have that toggle than install NoScript".

THE ENTIRE POINT of Firefox was that if you wanted a feature, you could just add it on.

Now let's move all the extra features into add-ons so that the default browser is a browser only, and I'll be happy. Oh, that and make the relationship between "Add-ons" and "extensions" more obvious. After all -- you have to go to the Add-ons menu to adjust your extensions -- but you can only "get add-ons" and not extensions, because....

(and I'm sure it's worse in other localizations).

Actually, the general feedback rule is 20/80 -- usually 80% of feedback is negative. So this is your balance point. 87% negative means that they're getting 7% negative feedback from users who normally wouldn't be providing negative feedback, which is a concern, but not as big as the 87% number would indicate.

So the real question is: How long have they been on a downward trend with an 81%+ negative rating? Are there signs that they are adjusting something to deal with that feedback?

The secondary question is: what exactly is the negative feedback about? Is it that Firefox now uses a bundleware installer that attempts to foist third party products on you? Is it that the Yahoo search doesn't give the same results people are used to from Google? Is it that the software crashes regularly? Slow javascript? Unimplemented features? Is it that certain sites don't work with Flash disabled or NoScript enabled? People don't like the icon?

Personally, I'm not having any problems with Firefox, other than that it is starting to roll some features into the core browser that in all fairness should be plugins. I still prefer it to the privacy mess that is Chrome and the "nothing to see here" way Safari and IE have been hiding details of their browsing experience from the end user by default. That said, I still go to Safari when I want to see what components are actually running during a web session -- some of that doesn't show up too well in Firefox's Web Console.

Huh? Being Christian has pretty much nothing to do with it. If you are registered with the state to be the overseeing signatory on a marriage certificate and you refuse to do so for some non-governmental reason, and the state supports gay marriage, you're out of luck. You can definitely refuse to perform a ceremony for them (or anyone else), as wedding ceremonies are not a state function but a religious function. And if you make remarks indicating that you are refusing strictly because of their sexual orientation, you'll likely be in a lot of trouble. However, you can probably even refuse to officiate the signing of the certificate under religious grounds due to their sexual practices, if they've been having sex outside of marriage. You can easily refuse to do the ceremony, as gay marriage and *traditional* biblical marriage are similar, but not identical things (the OT Bible states one man and one woman, no matter how you translate it, even if significant portions of the OT population failed to meet the requirements on polygamy rules or cleanliness rules, among other things).

So no -- homosexuality / christianity don't factor in here at all.

What DOES factor in is that he's billing this item as something to make gun parts, and FedEx doesn't ship things intended primarily for the manufacture of weapons. If the advertizing said "CNC machine perfect for milling small parts such as metal straws, rifled barrels, triggers for mechanical devices and other small metal parts that need to withstand explosive force", FedEx probably wouldn't bat an eye shipping it. But that's not what he put on the shipping invoice.

Kind of the same as the situation often found with Christian priests/pastors and gay marriage. It all depends on how you advertize.

The security hole is likely end users. The software being "tweaked" is probably Word documents pushing Dyreza malware. The issue they face is that if they want to allow Office documents with embedded VBA macros (this is probably heavily embedded in their office workflows), it doesn't matter that they've identified the security hole, they can't close it without making massive changes to how they do business (or significantly change their IT security policies for desktop endpoint use).

Based on the mincemeat the Office macro payloads have been making of everyone's security lately, this is probably all it is. There's probably no targeted hacking going on at all; just a failure to keep up with the latest generic malware attacks, like with almost everyone else. Of course, since the attackers probably realize by this point where they've gotten into, they're going to ensure they stay there by using the same methods.

That said, it could be just about anyone else employing APT methods too -- wouldn't be all that difficult; just more difficult than deploying the already common crimeware packages you can get on the darknet at a discount.

The fun thing is, I don't really mind being called a damage control operative, unlike the real ones :) The reason it sounds like I'm deliberately trying to downplay it is because it's not the issue many are making it out to be. I'm all for exploring what *could* happen (my post history will attest to that) but at the end of the day, it's not really much of an issue.

There *is* malware out there that actively exploits known VMs (mostly VMWare, but also VirtualBox) and escapes the VM by knowing where it hooks the host. The nasty part about these is that since they're exploiting the VM, they effectively act like a rootkit once they hit the host; you're not likely to notice what they're actually doing until it's too late.

On the other side, most malware can either be contained by a VM, or in many cases, will have AntiVM code baked-in, so it won't even run if it notices it's in a VM. If you add a few code analysis tools to your VM, any moderately complex malware will think it is running on a malware analyst's system and immediately shut down, or do something useful instead of something malicious.

So yeah; running in a VM adds protection in a few different ways.