Have you ever seen a user using a Windows machine that isn't logged in? That means there is basically constant access to Chrome passwords. I'd prefer to have the option of a separate master password for my browser like Firefox does. It's not like it would even be that hard for Chrome to implement, so I'm not sure why there is such a struggle to add it. (Could be a hidden advanced feature even.) Are there scenarios where an attacker could get the master password? Yes, of course, but with the current system they are guaranteed access. Are there scenarios where they could not get the master password? Absolutely.

I'd prefer to minimize my security risk. I'm not proposing that you are forced into the same master password system, merely that I have the option to choose it. (Which I currently do by using Firefox.)

Hmm, that's good to know that I should watch out for this if using FAT. I pretty much only use NTFS these days, so this is not something I've ever noted.

I checked out the options in robocopy and I wonder if one of these two would fix this issue: /FFT :: assume FAT File Times (2-second granularity). /DST :: compensate for one-hour DST time differences.

That seems lame it isn't handled automatically by default with an option to switch it off.

Maybe I'm misunderstanding you, but robocopy does keep dates across volumes. You can also control whether or not you want to copy them. File times are copied by default and for directory you add the DCOPY:T parameter. Are you speaking of some other underlying file system date?

That number is over 3 years according to the summary, so you need to divide by 3.

They exclude people that don't match the results they want? Sounds like a pretty biased experiment. Or perhaps I'm misunderstanding this experiment? (Granted, it's already not a real random sample either, so it was already heading for statistical hell.)

IP address certainly seems like a great way to filter, but some users are switching IP addresses randomly by using proxies or get new IP addresses more often, because of their connection. So IP can be an unreliable detection method. Also, since it's possible the person is on your network when sniffing your request, they could possibly just use your same IP address anyway.

Using the browser ID (or other headers) is no good either, because the attacker can sniff and use that as well. In fact, nothing that is in a request or response can be helpful, because the attacker can sniff all that and craft their headers to be the same.

HTTPS is the way to stop all this.

The only thing I can see being helpful would maybe be some sort of prenegotiated key to sign the requests with. It would have to be negotiated before the attacker sniffs the connection and last for a long time, though.

This assumes Yahoo doesn't filter. Every online company is most definitely going to filter javascript. No website wants someone to inject javascript into their pages. Your attack only works if there is a bug in the filter.

If the user can inject javascript, they don't even need to use an image. They can directly do whatever they want in javascript.

If this was true, Yahoo would be completely incompetent for not patching their filter. Do you have a source for this?

Session expiration only can minimize the possible damage. In reality, the second the attacker gets the session id they could do whatever they wanted with it. Unless you are expiring the session every second, it does not stop an instant attack. I do agree that it can help minimize the danger, though, so it is still useful.

Your whole assumption is based on the attacker having access to javascript. If they have that, then your hidden form field is useless, because they have access to that as well.

Real solution for your javascript attack method: Add HTTP_ONLY attribute to cookies, which prevents javascript access.

As far as stopping a person attacking by sniffing the line, HTTPS is the only way to fix that. I could possibly see a way for a site to create a predetermined key for the user and store it with HTML5 Web Storage. Then submissions via javascript could use that key to sign the content being submitted. (Or encrypt it outright.) Since most of these attacks are drive-bys, it's less likely the attacker would have the pre-negotiated key. This is a more complicated solution and has its own flaws of course.

I've switched motherboards out at least two different times in the past and reused the current Windows install (XP both times I think) when I did it. So it's definitely possible for it to work.

The WRT54GL is the reincarnation of the original WRT54G. The WRT54G used linux until version 5 when it switched to VX Works OS. It sounds like AC's was one of the original ones, so it is relevant this thread.

See here for details: http://en.wikipedia.org/wiki/Linksys_WRT54G_series#WRT54GL
"The WRT54GL is technically a reissue of the version 4 WRT54G."

Pro-tip: Take care of your mouth. Brush your teeth and tongue at least twice a day. In particular get that white/yellow stuff off your tongue, including on the back of it. You may gag a bit at first, but you'll get used to it. Also, floss. 90% of issues fixed. Now garlic and other smells you are on your own.

Steam has a very consistent schedule of getting updates on Tuesday, many of which take the network down. I would not be surprised if this was the case. I've learned to avoid any games that require a Steam connection on Tuesdays. (Usually ones that are tracking achievements that affect the game or using steam cloud I would guess.)

Your response would be taken much better if it wasn't in the form of a condescending question that contributes nothing to the discussion. How about some logic or real world examples why you think I'm wrong? (Something that doesn't involve 0.001% of users.)

As far as user efficiency goes, 99.9% of users take the exact same steps that take all of about 1-3 seconds. They don't lose any efficiency, because the workflow to complete the action is the same for both.

If your question is about actual software/hardware efficiency of displaying a list on desktop vs fullscreen, then that's an entire different ballgame and I won't argue against that. (Lame argument, though, considering how powerful hardware is these days.) I, also, was not arguing on whether the metro start is better than Win7 start. Win7 start is better to me. Being popped to a fullscreen start is an annoyance, but does not hinder normal user efficiency of accessing top programs.

Using the metro start for your top programs is no different than for the Windows 7 top programs. Hit the windows key and select your program. One just happens to be a fullscreen start menu. I don't really see how that is less efficient. I'd prefer to have a start menu of course, but really I'm on the desktop 99.99% of the time and all the functionality I used in Windows 7 is just as efficient in Windows 8.

I think you are correct that Microsoft wants everyone to use metro apps. (I don't use them myself. I just use the desktop and metro is my start menu.) I believe it is so they can get a foot hold on mobile and get a cut of software sales. Part of it could be a vision of taking your OS everywhere, though.

So sort of another con or pro, depending on how you look at it:
Windows 8 has removed the Previous Versions functionality. It has a new functionality called File History, which doesn't use shadow copies and instead only copies some files (libraries, desktop, etc) to a second hard drive. This is a bit of a step backwards in my opinion for these reasons:

1) Previous Versions didn't need an entire copy of the file. So you only used space as it was changed. I think File History copies the entire file every time it backs it up.
2) Previous Versions worked on the entire hard drive, not just a small subset of files.

The pros for File History:
1) On a separate hard drive, so if one being backed up goes down, you are good to go.
2) Interface allows copies to be made more regularly. However, this could've been done just as easily with if Previous Versions had been beefed up.

I've found that you may still be able to use Previous Versions, though. You have to re-enable system protection on the drive first, though. After that, you have to access the drive through the network interface. ie: \\ComputerName\C$. Then Restore Previous Versions should be in the menu again. I haven't seen this work in action, though, as I just recently installed, so I can't confirm for sure it works. Here's a site with more info: http://winhowto.blogspot.com/2012/09/windows-8-how-to-recover-previous.html

I definitely agree with this.

Thanks for the suggestion of RetroUI. I hadn't thought of using the metro apps inside of a window on the desktop.