Slashdot

willdavid sends us to the ZDNet blogs for a provocative opinion piece by John Carroll. He points to Microsoft's evident cross-platform strategy with Silverlight, and wonders whether the company couldn't make money — and win friends — by extending its excellent development ecosystem cross-platorm. "Microsoft, apparently, is helping the folks at Mono to port Silverlight to Linux. This is good news, as the primary fear I've heard from developers is that Silverlight will be locked to Microsoft platforms and products. Microsoft has already committed to supporting Silverlight cross-browser on Windows, and has a version that runs on Mac OS X (which is even available from the Apple web site). The last step is Linux, and Microsoft is working with Novell and Mono to make this happen."

Ashraf Al Shafaki writes "The word 'tags' is the one in common use on the Web today and is one of the distinctive features of Web 2.0. Ever since Gmail came out, Google has decided to use the term 'label' instead of the term 'tag' despite they are basically the exact same thing and have the exact same function. Why is Google using inconsistent terminology in its products for such an important term? Is there a real difference between a tag and a label?"

87C751 writes "Security lists are abuzz about a presentation from the 23C3 conference, which details a fundamental design flaw in Javascript. The technique, called Prototype Hijacking, allows an attacker to redefine any feature of Javascript. The paper is called 'Subverting AJAX' (pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it."

An anonymous reader writes "Opera 9.10 released in December seemed to be a rather cosmetic update. But as heise Security reports, behind the scenes Opera patched two remote code execution holes — neither of them mentioned in the changelog. In addition, Opera rates an exploitable heap overflow as 'moderate' because it is 'not trivial to exploit it reliably'. From the article: 'JPEG images can be specially prepared to cause a buffer overflow on the heap. Even though Opera suggests in the heading to its security notice that this problem only causes the browser to crash, the flaw can nonetheless be exploited to inject and execute code. Security service provider iDefense, which reported the hole to Opera, has confirmed this. The same holds true for a flawed type conversion in the JavaScript support for Scalable Vector Graphics (SVG). Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights.'"