Microsoft Issuing Unusual Out-of-Band Security Update
Just to make it clear - this affects a whole lot of systems and is based on a flaw in the design of hash-tables:
Basically you can pre-calculate a huge set of POST parameter names which will all be hashed to the same value. Since these are stored in a hash-map by most web-frameworks - this will lead to a o(n) lookup time instead of a o(1) lookup time, when testing the hash-map for a given parameter name.
This will max out your cpu quite quickly depending on how many lookups you perform per request.
Since the attack has "script kiddie" difficulty, this needs to be patched ASAP by all vendors ... or we will see a lot a downtime on many public servers.
HTML 5 As a Viable Alternative To Flash?
i wonder that nobody yet pointed to this webpage: http://ishtml5readyyet.com/ ...
in this way flash is a lot like google gears. We get the features of tomorrow delivered today (or even earlier considering the age of flash)... and in the case of flash on 97% of browsers with the small cost of being a plugin.
So all the flash bashing folks should think a second about the bad plugin management of todays browsers. maybe html 5 should also define a better way to handle browser and plugin interaction. this would make copy+paste/drag and drop from plugin to html content much easier.
Google Lively To Be an Online Gaming Platform
I read about lively quite a time ago ... but tried it just now to see how it feels.
And i must say ... it sucks ... big time!
If they do really want to make anything fun of it ... it looks like starting from scratch would be a good idea.
- Its slow (on a dual core system that runs cyrsis just fine)
- Loading takes ages
- Controll via point and click not well done
- Camera controll annoying
- Overall usability far away from google standards
Windows 7 Trades Email and Photo Apps For Downloadable Ones
I can already see Windows7 being shipped without all that useless bloatware ...
... and having it all installed again after selecting all "important" "security" updates ...
Mozilla Nixes Firefox EULA Requirement
As far as i remember, Debian kicked Firefox because its logo is non-free. So i guess it is not affected by these EULA changes.