Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:IE8 is *not* vulnerable (Score 1) 83

That doesn't make sense:
1. Google serves all ads within from that same domain. No cross-site scripting anywhere, so nothing for the XSS filter to block.
2. For external sites (AdSense), disabling the XSS filter on won't help either: the external site would have to disable it. Otherwise anyone could just disable the XSS filter on their own domain and hack away on other sites.

Comment Re:IE8 is *not* vulnerable (Score 5, Informative) 83

Except, that was the FIRST security flaw linked in the article. The SECOND one (at The Register) is about a different security flaw, in the XSS filter. The XSS filter is new in IE8.

And, BTW, Google does indeed disable it so that they are not vulnerable to the flaw: their servers send a "X-XSS-Protection: 0" header.

Comment Re:Er, no (Score 1) 154

There have been several beta releases for Internet Explorer 7 and 8. Still no need for nightly builds: if it's not release quality, why publish it at all?

In open source projects, nightly builds are mostly a service for developers/testers as well. And since everybody can help improve the code, having more people test can certainly be beneficial.

Comment Re:Obvious... (Score 2, Informative) 154

In recent interviews, the IE team explained that they run many testsets (W3C sets, Acid3, themselves anyway. They have also contributed a lot of new tests to W3C (e.g. They ask for feedback about their tests. The only thing we can do to improve IE is to make sure there's enough test coverage.

Comment Re:Obvious... (Score 1) 154

What if they'd just release their rendering engine, with a very simple UI which only lets testers enter a URL? After all, most of the problems are in IE's rendering engine, not in its UI. That would solve the problem of journalists etc. looking at it as a real product.

Now, I do doubt the usefulness. We can't improve the code like we can with open source projects. Giving feedback about the rendering engine isn't all too useful either, because the IE team cares about standards nowadays and uses many tests themselves (W3C testsets, Acid3, They already know the bugs, so the only thing we could conclude with a nightly is how far along they are.

Comment BitTorrent links (Score 5, Informative) 744

Comment How will it work? (Score 1) 423

How will the ballot screen work? Will it redirect to the chosen browser maker's website, will it download an installer? If so, that'd be way too much work for 'simple' users and they'll just close the ballot screen leaving IE as the default browser.

Also, I can't help thinking that there must be a prettier way to make this ballot screen (outside of IE, preferably!).

Comment Re:Depends how you define characters (Score 2, Informative) 186

You're correct. And to complete it:

"Larger content (Concatenated SMS, multipart or segmented SMS or "long sms") can be sent using multiple messages, in which case each message will start with a user data header (UDH) containing segmentation information. Since UDH is inside the payload, the number of characters per segment is lower: 153 for 7-bit encoding, 134 for 8-bit encoding and 67 for 16-bit encoding." -- from Wikipedia

So, in this case it's 134 bytes and not 140 since the payload probably doesn't fit in a single 140 bytes.

Comment Re:Why not respond to all AAAA DNS requests? (Score 1) 264

No; your DNS server resolves the domain names at Google, so technically they're correct (although it may be a bit confusing). The idea is that ISPs with proper IPv6 can register their DNS servers so that Google will give out AAAA records to those DNS servers. Google can't help a single user since there's no way for them to influence the DNS query.

I still think that it'd be great if maybe OpenDNS or a similar service would provide an option to get AAAA records for Google.

Comment Re:Why not respond to all AAAA DNS requests? (Score 3, Informative) 264

From Google:

To qualify for Google over IPv6, your network must have good IPv6 connectivity to Google. Multiple direct interconnections are preferred, but a direct peering with multiple backup routes through transit or multiple reliable transit connections may be acceptable. Your network must provide and support production-quality IPv6 networking and provide access to a substantial number of IPv6 users. Additionally, because IPv6 problems with users' connections can cause users to become unable to access Google if Google over IPv6 is enabled, we expect you to troubleshoot any IPv6 connection problems that arise in your or your users' networks.

Simply said, some networks may have borked IPv6 which would mean that users will be unable to access Google. I can understand that they're doing this before rolling it out to everyone. Maybe there could be something like OpenDNS for IPv6 so that more advanced users have a choice?

Slashdot Top Deals

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman