Posts by Pascal
16 posts • joined Friday 25th December 2009 13:08 GMT
Re: Times are changing in Googleland
"
The opt out wasn't there because you mindlessly clicked next. It comes up in big shiney letters. "We would like to install google toolbar, click next to accept this, or click cancel to continue the intallation"
"
If that's really how it is, it's clearly a cheap tactic meant to install without the user being aware. If replacing a checkbox opt-in with some phrasing that says "you must hit cancel to continue installing without this extra junk" is acceptable, then eventually this crap will get so obfuscated that you will need a lawyer to understand if the addon is going in or not.
"I understand that by clicking next I am not agreeing to the notion that I oppose the fact that adware will be installed now or at a later date and should I hit alt-F4, it will signify the opposite of that non-agreement."
Re: Give an automatic rifle
"Is the USA driving age still strangely low?"
Young men can join the air force and fly combat missions where they get to drop bombs on people while they're still considered too young to drink.
Re: @Meh ...
http://images.wikia.com/star-trek/answers/images/0/00/Kardashian_vs_Cardassian.jpg
Re: Pedantry...
So, you actually mean it was Big Bang powered?
Call it paranoia if you will but,
"I love Dropbox, and have used it in both the personal and corporate contexts."
Using dropbox in a corporate settings to share folders or files, even just "as we collaborate on presentations or other files", is unbelievably crazy. I'd love to see the face on most of the companies we work for if we told them we shared files with dropbox "because it's convenient".
Given that we're a non-US company, and that Dropbox puts out statements like this:
"As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox's encryption from the files before providing them to law enforcement."
This makes using dropbox entirely unacceptable within our entire company. It's not paranoia, it's actual business contracts - none of my clients would be please with the idea that we hand anything related to them to Dropbox to do with as they please.
And spare me the bit about "using it only for non-sensitive material". Once you put dropbox in your users' hands, no matter how much you drill it into them that it's not to be used for sensitive information, you can be sure that some retard somewhere will find it convenient enough to sneak some super sensitive crap there to work on it from home without thinking.
Re: Platforms that scale
" "We had never in our industry seen four network platforms that scale."
What is a "network platform" and what does it mean to say that "it scales"? Can anyone provide definitions for both that make it clear why the chosen four meet the criteria and no-one else does?"
I would assume he meant "four network platforms OF that scale." - that's how I read it anyway.
Not that I don't fully agree with the rest of your sentiment.
Re: What does "support" mean though?
" ... but if a catastrophic security flaw surfaces in iOS 5, would Apple fix it and offer a patch?"
Actually no, they won't.
I bought an iPhone 3G the day they were available up here in Canada. Only way to buy was with a 3 years contract (yeah it's a Rogers contract, but fact is, I bought a phone I was not allowed to use / pay for less than 3 years). Just under 2.5 years later, the first iOS that was not supported on my phone came out.
At that time a few Safari bugs / flaws were floating around. Apple declared it was fixed in the new iOS only, and therefore users should upgrade. But I couldn't without buying a new phone. Before the actual contract on mine was over.
That was the last product I will ever get from Apple.
IMHO forcing people into contracts and then ending support for bug fixes on a product that you still have a contract for should be criminal.
Re: Volume issue, amongst other things.
You're missing the point here. That brick isn't for your basement, it's for the streets / walkways outside to let water seep through underground before it gets to your basement, instead of flowing and accumulating (and eventually getting to your basement).
Re: £25 for a box and a couple of DVDs
To accomodate the retail channel's profit margin maybe?
So you're one of those "it's not the thief's fault, your goods were stolen because the lock on your door didn't work properly" guys?
I read the two sentences, didn't see a difference.
I read them again, because your post made no sense to me, I mean what were you talking about, those two sentences are the same.
But wait, they're not the same length, SOMETHING is going on! Only caught it on the 3rd pass, comparing word for word visually :(
Posted in Apple logging passwords in plain text
Re: Old-timer Mac Fan despairs
Doesn't it make your hear hurt a little when, as a Mac user, you type "Microsoft" with a dollar sign?
meh
So-so argument there.
To use ANY browser, you have to buy a computer.
Therefore no browser is free.
Poly9...
Was actually purchased by Apple, and it was announced, including here:
http://news.softpedia.com/news/Apple-Buys-Mapping-Firm-Poly9-147614.shtml
I remember that because these guys were my neighbors ;)
Ok this is somewhat of an issue, but...
If I understand what they're describing, it's a way to bypass the filter you can pass to the HTML "input type=file" file selector control, that will let you pick a file named something like "evilcode.asp;.jpg", and then once posted, this would show up in the values that the upload-processing page would get as "evilcode.asp;.jpg", in which case poor validation code might not catch it, and if that code were to use that file name to write the file to an IIS-readable folder (say, for an avatar as in the example), then it would end up on the disk as "evilcode.asp".
For this to be any sort of threat, doesn't it require some major programming/security failures on the part of the developer in the first place?
1) The programmer trusted the client-side file extension filter
2) The programmer's upload validation code did not catch the bad name
3) The programmer used the client-supplied name instead of saving said avatar to something like "avatar12345.jpg"
4) The security context the web site runs in has write-access to an EXECUTABLE folder, which is a disaster waiting to happen in the first place (someone needs to get fired over this)
While there is definitely something fishy going on because of the way .asp;.jpg can eventually transform into .asp while handling the file, if a site is set up in such a way that this can be exploited, then we're dealing with a site managed by people that don't have the slightest clue about security in the first place...
