| |
MemeStreams combines the power of weblogs and social networking. The members of our community work together to find interesting content on the web. As you use the site, it learns your interests, and provides new links it thinks you will like. Read more about MemeStreams or create an account!
|
Replace document.write using MooTools |
|
|
|---|
This is a very cool use of shimming native functions. So far I've only seen malicious uses of function shimming. We discussed shimming Ajax calls to man-in-the-middle browser traffic in Chapter 7 in Ajax Security and Jeremiah had the very cool Array() constructor attack against Google before that. Here MooTools is shimming document.write() to prevent its blocking behavior. 3rd party advertisers and others use document.write()'s and it can harm page performance quite a bit. Typically web developers cannot do anything because since these commands come from 3rd party components they do not control. Now a developer can shim document.write(), still have ads, and not kill page load performance. very very cool. Replace document.write using MooTools |
|
Privacy Requires Security, Not Abstinence |
|
|
|---|
Simson Garfinkel: Privacy matters. Until recently, people who wanted to preserve their privacy were urged to "opt out" or abstain from some aspects of modern society. Now, however, abstinence no longer guarantees privacy. The story of privacy in America is the story of inventions and the story of fear; it is best told around certain moments of opportunity and danger. It's comforting to know that U.S. law eventually gets things right with respect to privacy--that is the power of our republic, after all. But it's also troubling how long it sometimes takes. Though a stronger identification system would undoubtedly harm some citizens through errors, I think the opposition is unfortunate. We need to learn how to protect privacy by intention, not by accident.
Decius, in February 2009: The ship has already sailed on the question of whether or not it's reasonable for the government to collect evidence about everyone all the time so that it can be used against them in court if someone accuses them of a crime or civil tort.
Noam Cohen's friend, in February 2009: Privacy is serious. It is serious the moment the data gets collected, not the moment it is released.
See also: “Given his role in REAL ID, Tom Davis would not be a good choice for privacy, which is something that President Obama specifically promised to protect in his remarks on the cyber security strategy,” says Jim Harper, the director of information policy studies at the libertarian Cato Institute. “Many cyber security planners refer obliquely to ‘authentication’ and ‘identity management’ programs that would devastate privacy, anonymity and civil liberties. Davis would probably work to roll past these issues rather than solve them.”
Privacy Requires Security, Not Abstinence |
|
Will File-Sharing Case Spawn a Copyright Reform Movement? | Threat Level | Wired.com |
|
|
|---|
Now lawyers for the woman — if they don’t broker a settlement with the Recording Industry Association of America — are likely to go before Davis to attack the award. If they take Berkman’s approach, they have a big hurdle: The U.S. Supreme Court once rejected a cruel-and-unusual challenge to a 50-year prison term received by a California man caught shoplifting golf clubs.
For some good technical information about the Constitutional problems raised by the $1.92 million Jammie Thomas-Rasset decision, note this blog post from the EFF. However, the author of this article has a point. For a look just exactly how weak the Supreme Court thinks that the 8th amendment is, check out Lockyer v. Andrade. On November 4, 1995, Andrade stole five videotapes from a K-Mart store in Ontario, California. Two weeks later, he stole four videotapes from a different K-Mart store in Montclair, California. As a result of his prior convictions, Andrade was sentenced to two consecutive terms of 25 years to life in prison. "Andrade, like the defendant in Solem, was a repeat offender who committed theft of trifling value, some $150, and their criminal records are comparable, including burglary (though Andrade's were residential), with no violent crimes or crimes against the person." Because Andrade was 37 at the time of the offenses in this case, the 50-years-to-life sentence was effectively life without parole...
This is the sort of thing that people in the future will look back upon and remark about how barbaric and primitive we are. Will File-Sharing Case Spawn a Copyright Reform Movement? | Threat Level | Wired.com |
|
Idea for a Bumper Sticker |
|
|
|---|
Earlier on IRC today someone mentioned that they had bought some SQL Injection Bumper Stickers. This led me to the the idea for the following. I think I'll have to get some made up and hand out at PN. My child is an '; update GradeBook set Grade=A where
StudentID=423867; Idea for a Bumper Sticker |
|
RE: Google parsing document.write()'s? |
|
|
|---|
Hijexx wrote: Acidus wrote:
This could be interesting...
Looks like putting munging logic in a separate .js is a workaround... for now.
Email munging failing is only a mildly cool side effect of a much more fundamental issue. If this is true (and it might not be), its a sign that Google is toying with JavaScript execution, most likely in an effort to crawler the deeper, JavaScript-focus web apps of today. As someone who has spend 4 years or so writing tokenizers, parsers, interpreters, machine controlled dynamic execution logic, and static analysis frameworks for JavaScript, this is extremely interesting. There's an enormous amount of IP in that space, things that all fall in that stuff I love but cannot chat about box. I'd like to see how the PhD stud field that is Google R&D tackled some of these issues. RE: Google parsing document.write()'s? |
|
msdevdays.pdf (application/pdf Object) |
|
|
|---|
Some interesting graphs in here about IE adoption. IE 8 is gaining at the expense of IE 7, not IE6. IE6 and IE8 now have a larger market share than IE7. This is mainly due to corporation intranet apps that require IE6. msdevdays.pdf (application/pdf Object) |
|
|
|---|
default:
throw new Exception("Oops! I tried to process but got a " + this.Kind + " . I don't like that :-(");
Funniest exception I've seen all month. |
|
Technology Review: Privacy Requires Security, Not Abstinence |
|
|
|---|
Gold Star! Don't be put off by the first page as the rants of a paranoid, technical Luddite. This is a well written examination of American privacy and the laws and regulations attempting to protect it. From the creation of companies like Equifax (in 1899 to help grocery stores in Atlanta track who paid their bills and who didn't) to the 4 four distinct kinds of invasion and the legal safeguards around each (embodied today in regulations like HIPAA), to the digitization of records in the 1960s and the Fair Credit Reporting Act of 1970, to the effects of 9/11 and beyond. An excellent read to privacy advocates and the lay-person alike. Technology Review: Privacy Requires Security, Not Abstinence |
|
RE: Google parsing document.write()'s? |
|
|
|---|
Acidus wrote:
This could be interesting...
Looks like putting munging logic in a separate .js is a workaround... for now. RE: Google parsing document.write()'s? |
|
