No, because it STILL means the browser has to support ALL of them, in case a web app asks for it, and the mere existence of this support means it can be abused and even exploited. It's basically all or nothing.
Posts by Charles 9
16605 publicly visible posts • joined 10 Jun 2009
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- Next →
Gotta have standards? Security boffins not API about bloated browsers
"The suggestion can be improved with an additional attribute in script tags to revoke API permissions. Third party adverts script? Vibrate off, XHR off, Bluetooth off, USB off, file system off, locations services off, camera access off, etc."
The big thing is that browsers can just ignore them, probably because users (who don't know better) demand the browsers have more holes than a wheel of Emmentaler. Plus third parties can probably just disguise their scripts or otherwise find ways to get more permissions than they should.
The REAL real solution is to simply not offer them, in spite of user protests, because it's too much a security risk. Users are demanding too much of their browsers and are essentially opening themselves up to trouble. JavaScript, extensions, and interactivity in general opened a real Pandora's Box IMO, because it opened a back channel, and that's where the trouble really started.
Except that the web designers don't code for the least common multiple in mind. Meaning trying to use Lynx or some other simple-minded browser is an exercise in trying to drink sludge. Not even the damn Freenet frontend seems to appreciate an honest attempt to limit the attack surface and expects features that probably should never have seen the light of day.
IOW, the ONLY way to get things done, it seems, is to overly expose oneself to danger. Do we really want this?
"It's all about the adoption of mobile web and away from native apps. The biggest reason for native apps has always been the access to hardware. Access to these APIs allows a developer to create web apps instead and not rely on downloads, installs and wrappers. They aren't really designed for 'normal' websites so much."
Which again feels like cramming a square peg into a round hole. After all, didn't we try this with Java? Why not make it simpler to create multiplatform native apps? What makes the Web so useful over things like Java anyway?
How about a push away from an interactive Web that are probably behind most of the exploits and vulnerabilities. Now, perhaps a little information is needed, but they should be in overly broad terms, like if it's a desktop or a phone since that can have significant effects on readability. But anything that doesn't have a significant make-or-break effect should not be considered important enough to include.
Leave interactivity to protocols meant for it like VNC.
IETF mulls adding geoblock info to 'Bradbury's code'
Re: Geoblock is evil and dishonest
You know LaserDisc-encoded movies are just digitally-encoded analog composite video? In other words, not the best of quality in any event? If you want to rip a LaserDisc, you can do worse than hooking it up with good cables to a high-quality video capture rig. That's what the MAME team does right now to preserve LD-based games like Dragon's Lair.
I think I can see where this is going. The main idea behind code 451 is to report that a resource is blocked for varying legal but legitimate reasons (example, a government resources website intended for its citizens would likely block international queries except for perhaps designated portals; at least here, they can cite a reason). There are legitimate reasons for blocking, and a 451 at least makes the resources explain why.
It won't do much good against oppressive regimes since they'll take the Nineteen Eighty-Four route and deny the resource even exists and enforce this unexistence, but if you're in that kind of environment, you have bigger problems already.
Your data will get hacked anyway so you might as well give up protecting it
Re: even if the chance of cryonics working is only 1%
"I doubt there's a legal definition of death other than "has been declared dead by a doctor". Even if there was a legal definition, if someone recovers and is walking around talking then it doesn't really matter what the law said does it?"
Then why is a person who is Brain-Dead (though still having a beating heart, etc.) considered legally dead? There must be some medical evidence to support that once a brain stops functioning it's past the Point of No Return in order for the legal declaration to have standing.
Malware hidden in vid app is so nasty, victims should wipe their Macs
Re: Perhaps developers should work offline
"What if instead of a throw away solution you instead built it out of libraries that you had perfected by the same method. Code that had been reused over and again in many other different solutions to the point where any typos, logical errors etc. had already been removed. Whilst the library only does what it says on the tin it does it right every time under every condition possible to pass to it."
Not necessarily. Think gestalt exploits where the individual components are tried, tested, maybe even proven, but when they're taken as a whole suddenly exhibit unwanted behavior (in other words, the exploit is worse then the sum of its parts). The problem with code written by man is that it's nigh-impossible to predict EVERY circumstance where it will be used. Even formal proofs carry with them context limitations (ex. seL4 can't keep its proof with DMA in use).
Re: Perhaps developers should work offline
"I’ve been at a conference where they held a ‘Hack the (Hello) World’ competition; to do exactly what you suggest."
So they managed to hack a computer that had no code in it but the equivalent of "PRINT 'HELLO, WORLD!'"? Changing the source code is one thing; hacking a fixed program with so little functionality is another.
Re: A complete wipe?
"The only way to get around that would be to have a firmware persistent malware at which point you'd have to wipe and reinstall the firmware for everything as well, probably over USB."
Except if something like BadUSB hoses the USB controller, you can't trust it, either. Some malwares are getting SO bad that they can permanently brick hardware.
Wanna exorcise Intel's secretive hidden CPU from your hardware? Meet Purism's laptops
Re: Everybody's ethical
In other words, the basic human condition actually doesn't lend itself well to large societies. Even if you try to take the competitive nature into consideration, people along the way will start to change the rules. It's like the perennial problem with tax codes and other "necessary but unpopular" governmental necessities. People eventually gain the ability to cheat the system: either by locating loopholes or simply getting far enough into the government to change the rules directly.
Re: Everybody's ethical
"Under Communism the State is supposed to wither away, and people will have evolved to the point at which they voluntarily work for the good of everybody."
Which as reality notes is probably too utopian to be believable. It goes against the primal human instinct to compete. After all, the world's not infinite, and another primal desire is to be the one to leave progeny instead of the neighbor. That's likely why human social structure doesn't stay too stable beyond tribes and clans.
Communism requires everyone to play nice, which isn't going to happen. Pure libertarianism is similarly too utopian, though from a different angle.
Re: Everybody's ethical
"Semi-true: That can happen (DDR) but by that definition US and UK are overbearingly socialist countries now.
By US standards Germany is definitely a socialist country and they've specifially made the point of big brother not watching you, so I don't really buy this definitiön."
One, by your standard Germany is not overbearing. And two, how can one be sure Germany isn't actually watching its citizens on the sly?
Re: Everybody's ethical
I think part of the problem with your thought is the human condition itself. You NEED some coercion, or people will cheat. Libertarianism sounds too utopian without someone there to keep things fair, and the human condition means ANY position of control can be corrupted beyond any checks or balances that can be made by man.
Re: Everybody's ethical
Look, either way can get you into trouble. Overbearing socialism means Big Brother Is Watching You. Meanwhile, unfettered capitalism means Robber Barons Have You For Lunch. Both are extremes of control, and unfortunately that's a natural consequence of the human condition. Apply it to a sociopath or two, and this is the natural result. And because of their extreme need to control (which includes other humans), any attempt to thread the needle has to defy their gravities or you just end up gravitating toward one or the other extreme. It doesn't help that the average human is amenable to these sociopaths.
Re: We need companies like Purism
"In the end you only have but, Two options. Either do the job, you were tasked to do, Or find someone else who can."
There MUST be a third option because you may lack the skills to do it yourself and can't trust anyone else to do it.
For example, how can one be sure the government can't subvert every phone using their airwaves if all radio chips must go through them first?
Discover potholes in the information super-highway with this handy new tool (which itself just hit a roadblock)
Hackers nip into celeb plastic surgery clinic, tuck away 'terabytes'
Let's make the coppers wear cameras! That'll make the ba... Oh. No sodding difference
Re: And no significant change can be expected until...
"And that, ladies and germs, is how we might wrest control from government and start making their lives as much a misery as they've spent the last few thousand years doing to us...."
Until someone comes up with a way to produce plausible FAKE information and slips this ability into enough of the population to make the immutable untrustworthy.
Sorry, but it goes all the way back to E. E. Smith's Lensman series: Essentially "What man can create, man can RE-create." Thus he had to come up with something beyond the knowledge of all civilization to create something that couldn't be faked: the eponymous Lens.
Re: Really?
Or it could simply be a case of a different party funding the study. Always follow the money trail, and one shouldn't take a study at face value unless it contradicts the view of the funding party. After all, independent endorsement is fine and all, but it pales compared to being endorsed by the enemy.
Wowee. Look at this server. Definitely keep critical data in there. Yup
Didn't install a safety-critical driverless car patch? Bye, insurance!
Re: Good riddance to an entire industry
"As arguably the only industry even more corrupt and dishonest than banking, it will be a case of good riddance to auto insurance."
Wrong. You forget the worse, and your plan plays right into their hands. Incidentally, it's also probably the one industry that's impossible to avoid without anarchy.
Re: This is a waste of time
"We rely on the free market to keep the purveyors of insurance cover honest - not perfect, but good enogh. When driverless cars are rolled out, there would be no good reason for the risk of meatsack driven cars to go up, so there's no good reason for all insurance companies to suddenly jack prices up unless they've got some other reason for doing so."
Statistics will be used against the meatsacks. Once you have a critical mass of automated cars who are demonstrably much less likely to get into accidents, simple human error becomes the main reason for jacking up insurance for those who insist on driving themselves, especially since meatsack incidents are more likely to domino and involve other vehicles (think things like DUIs and ghost driving).
"It's possible, but it would be a bold move in a society where lots of people actually like their cars."
Is this backed up with unemotional statistics, because from where I sit, most people don't like their cars so much as tolerate them as an unfortunate necessity in a world where the weather's bad, the mass transit isn't very timely, and cabs are too expensive for one's budget.
NetBSD, OpenBSD improve kernel security, randomly
Windows 10 Fall Creators Update tackles IT's true menace: Cheating gamers
Re: Cheaters will cheat as Crackers will crack
"Personally, I can't wait for the day when an OS (ReactOS?) can run all legacy win32 stuff natively and flawlessly. That's the day when Windows can be dumped for good."
Two problems.
1. ReactOS isn't even out of the alpha phase. I don't think it can do a reasonable facsimile of Win2K yet, let alone Win7x64 which is pretty much the baseline these days.
2. Windows is a moving target, and Microsoft has the home field advantage. Even as ReactOS moves ahead (or tries), Windows keeps moving farther away.
Do fear the Reaper: Huge army of webcams, routers raised from 'one million' hacked orgs
Re: Safe home router ?
Doesn't work. The ONLY way to have externally-nonaccessible ports is to not have an outside connection AT ALL. Every time you connect to the outside Internet, you create a two-way link. The link you use to connect can be back-hacked to pwn you. That's how drive-by and watering-hole attacks work. That's also why they're particularly hard for firewalls to block because you're being pwned by a connection you made yourself, especially if run through an encrypted connection so they can't be sniffed.
Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- Next →