Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Bad Summary (Score 3, Interesting) 54

Not only that, this is not even Cross Site Scripting (XSS), but a straight up Cross Site Request Forgery (CSRF) even though XSS might be involved for this issue. XSS is where client-side scripts are injected directly into the response body of an affected website, typically through unescaped html input that gets rendered by web browsers belonged to victims who then make that subsequent client request. CSRF is where the victim's browser is told to do an action (via Javascript doing an asynchronous javascript/xml (AJAX) request) on the target's website by an unrelated website that the victim somehow visited, and sometimes this attack script is injected via XSS by attackers on a completely unrelated site. While XSS can be related, it is completely distinct to the CSRF issue which is what is being not properly mitigated against by these top websites (In fact, as parent said, they purposefully disabled this protection).

Comment Re:Google should revert that decission (Score 0) 208

Yup, exactly this. Having talked with some of my friends who do various things in the industry dealing with corporate clients, they basically had to say don't use Google Chrome, use the browser that is shipped with your system as it will continue to support those legacy plugins they need. Google forgot to slowly escalate the size of the stick being used, i.e. they at least could have do a soft-deprecation and warn its users that the plugin will cause security flaws and use them to pressure their vendors to fix the issue at hand.

Comment Verbosity is easy? (Score 4, Insightful) 414

Really? Having a pile of needless verbosity makes it more difficult to read in the long run simply because one needs to figure out what exactly is being done even for the most trivial client application. To do even just simple fetch of some resource over HTTP requires rather laborious conversion routine from a stream to a string type before most common JSON libraries would be able to use it. In any more modern language it can simply be used right away rather than having to figure out which JSON libraries to use or why toString() doesn't seem to work on InputStream (I mean intuitively shouldn't toString() on a stream get back a string?).

Granted the Apache commons can make this a bit easier, I find it extremely annoying to have to cast things into the right object type just to access some simple JSON object, instead of just doing something like result['collections']['links'][0] which is much easier to understand. Dumbing things down does not necessary make better programmers.

Comment At a coffee factory (Score 1) 310

The client had a separate network off the Internet hence physical presence was required to access the contents needed to build/deploy that particular internal site. Machines were loud, even behind the closed door. Naturally the place was completely filled with coffee beans of all kinds in all stages of processing, and just after an afternoon there both my boss and I smelled like coffee - the scent was transferred to his car so it still smelled like coffee the next day I stepped into that car.

What's more unusual is that it was running a rather old Red Hat distro (for its time even; Fedora was already out for nearly two years at that point) and they only gave me the root account. No XFree86, so a 80x25 terminal on a 13" CRT screen, and of course no way to install anything else aside from what's there (Apache/PHP and vi (not vim) for editing). I can't even remember how I got the skeleton project files onto that machine, might have been a 3.5" floppy, I really forgot about that part.

At that time I felt like I was thrown back a few years back, but thinking about this now it would have been a stranger experience today.

Comment Removing feature for parity with another platform? (Score 5, Interesting) 237

Anyway, if i'm right, optimus support under linux is not on par with windows.
Are you nvidia going to fix optimus on linux, or "for feature parity" are you going to make the optimus support worse on windows too?

Directly quoting someone from that thread because this was exactly what I was thinking of.

Comment Re:These big battles are a rarity (Score 4, Interesting) 296

Think of it as an open sandbox. There isn't any purpose to any single pile of sand, except to individuals who are creative and persistent enough to sculpt something out of it, and changes made inside the sandbox has long lasting legacy (if not impact) for future users of that sandbox.

If you think of EVE Online as a means to an end, not the end in itself, it makes much more sense. Consider that in other games, the achievements within often are the end in themselves. While being the first group to beat a raid boss in WoW might get you talked about for a week, pulling off a legendary heist or being a double agent to take down an empire results in the party responsible still being referred to many years later. This is the kind of thing that EVE Online provide that no other games out there have.

Comment Re:These big battles are a rarity (Score 4, Insightful) 296

> I felt barely competent after 4 months of play.

Try three years. Nobody is really competent in this game. If you are looking for fun in the game play you won't really find it, I've had more fun chatting with the people I met there, maybe while doing things which may or may not be tangentially related to the actual game play. It is an MMO after all.

Comment Re:Oystercard: transfer of costs to the passenger (Score 1) 140

I don't get why Western countries seem to have problems with providing affordable yet ubiquitous electronic currency. Limiting these uses to transit just serve to annoy users. The approach Hong Kong took with the Octopus card should be the example to follow. Not only can they be used for nearly all types of mass transit (except for taxi), they can be used at nearly all fast-food joints (e.g. McDonalds), all major convenient stores (i.e. 7-11, and typically people top up there card over there), even major restaurants now support this contact-less payment system.

If this is adopted by other parties, users should feel less apprehensive about storing value onto these cards.

Comment Re:Nickel-and-diming (Score 1) 384

... and people bought that sparklie flying horse for $25 in droves. Blizzard wanted to make that mount "exclusive", and one way to do that is to have it priced very high. Well, so much for that plan. If they can sell it to 10% of the player base at $25 and results in near maximum total profit, I don't see why they should not do this. Not like this mount is a requirement to enjoy the game, nor the auction house in D3 be required for maximum amount of fun for you.

Simple economics, my friend.

Oh, you always have the option to vote with your wallet, too.

The Internet

Two-Thirds of US Internet Users Lack Fast Broadband 402

jbrodkin writes "Two-thirds of US Internet connections are slower than 5 Mbps, putting the United States well behind speed leaders like South Korea, where penetration of so-called 'high broadband connectivity' is double the rate experienced in the United States. The United States places ninth in the world in access to high broadband connectivity, at 34% of users, including 27% of connections reaching 5 Mbps to 10 Mbps and 7% reaching above 10 Mbps, Akamai says in its latest State of the Internet Report. That's an improvement since a year ago, when the United States was in 12th place with only 24% of users accessing fast connections. But the United States is still dwarfed by South Korea, where 72% of Internet connections are greater than 5 Mbps, and Japan, which is at 60%. The numbers illustrate the gap between expectation and reality for US broadband users, which has fueled the creation of a government initiative to improve access. The US government broadband initiative says 100 million Americans lack any broadband access, and that faster Internet access is needed in the medical industry, schools, energy grid and public safety networks."

Sharks Seen Swimming Down Australian Streets 210

As if the flood waters weren't bad enough for the people of Queensland, it now appears that there are sharks swimming in the streets. Two bull sharks were spotted swimming past a McDonald’s in the city of Goodna, Butcher Steve Bateman saw another making its way past his shop on Williams street. Ipswich councillor for the Goodna region Paul Tully said: "It would have swam several kilometres in from the river, across Evan Marginson Park and the motorway. It’s definitely a first for Goodna, to have a shark in the main street."

Comment Re:Seconded. (Score 2, Informative) 525

Not to mention lack of well insulated houses. Any heating won't do you any good (unless you live in apartments, but that too can vary). With the high energy costs here it's more economical to wear coats if it gets that cold.

Then again, Canadian winters have trained me well, I laugh at people who complain about the cold here.

Slashdot Top Deals

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.