it's such an obvious misstep, i have to believe it was intentional to make all their twits feel relieved that "the good folks at twitter fixed the virus"... they'll never know it was the incompetence of those same folks that the exploit existed in the first place

yes, but NEW SERVICES UTILIZING "core HTML/JavaScript" have their own syntax and internal interfaces... such as the t.co service EXPLOITED IN THIS CASE.

you are so dumb.

emphasizing sanitizing output allows you to keep the users originally provided input for reference. if you've never needed such a reference i'd argue you probably don't do this for a living.

because i'm capable of designing test cases likely to drastically fail user interface tests?

you're an idiot.

can't let it be, can you, coward?

i never said anything about feces or bestiality. someone else, likely you, pathetically and cowardly registered a username in my given name's likeness and attempted to hijack my identity and disrespect my wife.

you are a coward.

if you present yourself, and admit to these actions, i will kill you. this is a simple fact i'm sure you're aware of. i'm not a gun nut... i'm a man with a gun and a disrespected wife, hunting a coward.

is this still the guy i got expelled from college? bitter about that child porn i reported to the dean that was on your student file server account? you've moved on to fantasizing about bestiality?

you are NOTHING

can you prove there isn't exploit potential in the m.twitter.com interface?

because the raw input should be stored in case additional sanitation processing is required in the future. re-sanitizing might not be feasible as new special characters were introduced to replace old.

this is about sanitizing OUTPUT... there is probably someone in the company like you that handles output sanitation by completely ignoring it and doing all sanitation on the input side... then they are switched to a different team or a new feature is thrown in the mix that doesn't comply with the standards used in different teams... boom. billion dollar company looks like chumps. children playing on daddy's computer. certainly not to be trusted.

obligatory you're an idiot...

the issue was with sanitizing database OUTPUT.

little bobby tables wouldn't even allow such a trivially basic error like this to make it's way onto production servers.

a web application allowing users to output html that can alter layout, or javascript that can be executed is such a giant fail, that twitter should seriously consider firing the highest members of it's management staff responsible for code architecture review.

as is always the case, they'll claim it passed regression testing, so there was nothing they could do... but the simple fact is they failed at creating viable regression tests.

this is kindergarten CS stuff... these are the developers the big name outfits are hiring? do they work in the US? did anyone check their resumes?

this is pathetic

what am i doing wrong? i'm curious if the UI will do something that you or i would think was wrong.

when you lean forward then back then forward then back repeatedly while hiding an arm between your legs?

he later said it took .06 sec to encode and .04 sec to decode the 3.75 sec sample.

do those numbers mesh?

i don't mean to be rude, but how about you just make an audio recording of you live streaming from one machine to another? a video maybe? do you have a digital camera that can take videos?

1 picture... 1000 words, and such. i could have made a video of this comment and uploaded it to youtube faster than i could type and post it.

i understand latency might not be an issue for the intended application, but developers choosing which codec is best for their own applications will certainly require initial response delay and continued latency numbers to make informed decisions.

i agree latency SHOULD NOT be an issue. my issue was determining IF latency IS an issue.

bruce has stated a .1 second total codec processing time on the 3.75 sec audio sample. i don't know what that means for response times, or how they change with longer or shorter or streaming audio samples. what happens if a stream is interrupted? how many frames are lost? is there a noticeable audible byproduct of lost or damaged data?

i was never worried. you're an idiot.

heavy or not at all