Forgot your password?
typodupeerror

Comment: Pledging for automatic updates? (Score 2) 74

by praseodym (#37682938) Attached to: Father of SSL Talks Serious Security Turkey
The guy is pledging for automatic updates:

We have to build a mechanism to automatically update things. We did not do that. The right way to design, if we were to update things an updating protocol that automatically updates itself so when the next version comes up it knows where to find the next version rather than having to wait for a Windows update or whatever.

Actually, newer windows versions (Vista and later) use Microsoft's online Certificate Trusts Lists which allows exactly this. Microsoft revoked the DigiNotar certificate without issuing a real Windows update:

On August 29, 2011, Microsoft removed the trust from one DigiNotar root certificate by updating the Microsoft CTL. Why is Microsoft releasing an update? Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List to validate the trust of a certification authority. As a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.

(http://technet.microsoft.com/en-us/security/advisory/2607712)

Data Storage

LackRack Makes Home Colocation More Affordable 4

Posted by samzenpus
from the swedish-DIY dept.
An anonymous reader writes "The LackRack is the ultimate, low-cost, high shinyness solution for your modular datacenter-in-the-living-room. Featuring the LACK side table from Ikea, the LackRack is an easy-to-implement, exact-fit datacenter building block. It provides superior mounting for up to 8 U of 19" hardware, such as switches and other professional gear. Multi-shiny LackRack can also be painted to your specific preferences and the airflow is unprecedented."

Comment: Re:IE8 is *not* vulnerable (Score 1) 83

by praseodym (#30250762) Attached to: Major IE8 Flaw Makes "Safe" Sites Unsafe

That doesn't make sense:
1. Google serves all ads within Google.com from that same domain. No cross-site scripting anywhere, so nothing for the XSS filter to block.
2. For external sites (AdSense), disabling the XSS filter on Google.com won't help either: the external site would have to disable it. Otherwise anyone could just disable the XSS filter on their own domain and hack away on other sites.

Comment: Re:IE8 is *not* vulnerable (Score 5, Informative) 83

by praseodym (#30220680) Attached to: Major IE8 Flaw Makes "Safe" Sites Unsafe

Except, that was the FIRST security flaw linked in the article. The SECOND one (at The Register) is about a different security flaw, in the XSS filter. The XSS filter is new in IE8.

And, BTW, Google does indeed disable it so that they are not vulnerable to the flaw: their servers send a "X-XSS-Protection: 0" header.

Comment: Re:Er, no (Score 1) 154

by praseodym (#30187834) Attached to: Microsoft's Lack of Nightly Builds For IE

There have been several beta releases for Internet Explorer 7 and 8. Still no need for nightly builds: if it's not release quality, why publish it at all?

In open source projects, nightly builds are mostly a service for developers/testers as well. And since everybody can help improve the code, having more people test can certainly be beneficial.

Comment: Re:Obvious... (Score 2, Informative) 154

by praseodym (#30183524) Attached to: Microsoft's Lack of Nightly Builds For IE
In recent interviews, the IE team explained that they run many testsets (W3C sets, Acid3, CSS3.info) themselves anyway. They have also contributed a lot of new tests to W3C (e.g. http://blogs.msdn.com/ie/archive/2009/01/27/microsoft-submits-thousands-more-css-2-1-tests-to-the-w3c.aspx). They ask for feedback about their tests. The only thing we can do to improve IE is to make sure there's enough test coverage.

Comment: Re:Obvious... (Score 1) 154

by praseodym (#30183508) Attached to: Microsoft's Lack of Nightly Builds For IE

What if they'd just release their rendering engine, with a very simple UI which only lets testers enter a URL? After all, most of the problems are in IE's rendering engine, not in its UI. That would solve the problem of journalists etc. looking at it as a real product.

Now, I do doubt the usefulness. We can't improve the code like we can with open source projects. Giving feedback about the rendering engine isn't all too useful either, because the IE team cares about standards nowadays and uses many tests themselves (W3C testsets, Acid3, CSS3.info). They already know the bugs, so the only thing we could conclude with a nightly is how far along they are.

Comment: BitTorrent links (Score 5, Informative) 744

by praseodym (#29910449) Attached to: Ubuntu 9.10 Officially Released

Comment: How will it work? (Score 1) 423

by praseodym (#28919701) Attached to: Microsoft Drops Windows 7 E Editions

How will the ballot screen work? Will it redirect to the chosen browser maker's website, will it download an installer? If so, that'd be way too much work for 'simple' users and they'll just close the ballot screen leaving IE as the default browser.

Also, I can't help thinking that there must be a prettier way to make this ballot screen (outside of IE, preferably!).

Your program is sick! Shoot it and put it out of its memory.

Working...