Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Google Working On Password Generator For Chrome

Zarel Re:xkcd (175 comments)

Really, Slashdot? 4, Insightful for a comment that has no idea what it's talking about? All you need to do is read the Wikipedia article you link to:

Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.

Emphasis mine.

A dictionary attack is a fast way to crack a password consisting of a single word. The conventional wisdom of how to thwart a dictionary attack is to replace letters with symbols and append a few more symbols to the end. Randall's comic is intended to establish that simply using more than one word will thwart a dictionary attack much more effectively.

His comic does this by calculating entropy. His estimates of "3 days" and "550 years" are the theoretical best time to crack the password, and already take into account that English words have lower entropy than their constituent characters. Actual attacks such as dictionary attacks are slower than these theoretical best estimates.

more than 2 years ago
top

Facebook, Twitter, and Myspace To Google: Don't Be Evil

Zarel Re:Don't Be Evil (208 comments)

default opt-out

The word you're looking for is "opt-in". ;)

more than 2 years ago
top

SOPA and PIPA So Far

Zarel Re:Missing the point AND arrogant. Nice twofer. (273 comments)

And Fark, Reddit, and Wired are for digital neophytes who aren't well informed about the topic?

Surprising as it may be, Fark, Reddit, and Wired are for people less technical than your average Slashdotter. I mean, it's certainly plausible that your average Reddit user who goes on /r/f7u12 for "meme pics" might be unaware of it. Slashdot, on the other hand, has little to offer people who aren't technically-minded. Even Wired tends to be pretty "casual"; I doubt they have articles on the latest releases of the Linux kernel.

more than 2 years ago
top

Xbox Live Enforcement — No Swastika Logo

Zarel Re:Hmmm, don't really like the guys tone (473 comments)

Yes, I agree with everything you said, and with your original post as well. I just wanted to reply because you asked "When's the last time you saw a swastika?" and the last time I had seen a swastika, it had nothing to do with Nazi Germany.

And also because I, too, would love to see the swastika reclaimed to its original meaning of good fortune in the West, and educating users on Slashdot is certainly a valid avenue. :D

more than 3 years ago
top

Xbox Live Enforcement — No Swastika Logo

Zarel Re:Hmmm, don't really like the guys tone (473 comments)

There are many replies making this point, so I'll just reply to this one.

The swastika was indeed associated with good luck in the West as well, which is why I said "didn't have as much meaning" rather than "had no meaning". The idea I was trying to get across was that the association was much weaker, though. The swastika in the East is a religious symbol with thousands of years of history. In the West, it was much more minor.

It's like the Christian cross. The Crusades and the Spanish Inquisition used that symbol and killed tons of people, but the cross has not lost its meaning. If the Spanish Inquisition had used, say, four-leaf clovers, instead, though, modern St. Patrick's Day would probably not use that motif.

more than 3 years ago
top

Xbox Live Enforcement — No Swastika Logo

Zarel Re:Hmmm, don't really like the guys tone (473 comments)

Sorry, I should have been more clear. The local flea markets and local temple were local to my home back in China, before I moved to the US.

However, I find your tone a bit unnerving. I did say "I'm not saying that banning swastikas in Xbox Live was a bad decision. It was probably the correct decision, especially if the majority of the Xbox Live users in question are American - though I agree with metrix007 that this guy could have had a better tone about it."

Again, I was disagreeing with the guy acting like the swastika-Nazism association was universal. I had nothing wrong with the premise of TFA.

more than 3 years ago
top

Xbox Live Enforcement — No Swastika Logo

Zarel Re:Hmmm, don't really like the guys tone (473 comments)

When's the last time you saw a swastika in a movie or a flier or a tattoo or a T-shirt, and it wasn't this bad boy or a reference to it?

The last time I saw a swastika, it looked something like this: http://www.religionfacts.com/buddhism/images/symbols/swastika-chinese-amulet-cc-rubicon-200.jpg

Let me try to list all the recent times I've seen swastikas:

- once, in a screenshot of 4chan trying to be funny
- three times, in a world history textbook, talking about the Third Reich
- at least fifty times, at the local Buddhist temple
- at least thirty times, in various good-luck charms sold at local flea markets
- once before every important exam I take in school, in a good-luck charm passed down to me from my mother (it looks a lot like the one I linked to)
- at least twice, in friends' houses, where they are said to bring good luck

Perhaps, wherever you live, swastikas aren't commonly used, and perhaps you have no interest in other cultures. There's nothing wrong with that. But to assume that your experience holds true for the entire world - and that the swastika universally no longer holds any meaning besides that which was ascribed to it by Nazi Germany - is laughable.

In Western Europe and North America, the swastika didn't have very much meaning before World War II, so after World War II, it became strongly associated with Nazism. But in Southeast Asia, the swastika has been a symbol of good fortune for thousands of years, and a fleeting decade-long regime in some far-off country did very little to change that.

Even in the West, such as in the United States, there are many immigrants from Asian countries. I am one of those people, and if someone showed me a swastika (and it wasn't enclosed in a white circle on a background of red), I would think "good luck" before I thought "Nazis", and I bet a significant number of other people in Western countries would, as well.

I'm not saying that banning swastikas in Xbox Live was a bad decision. It was probably the correct decision, especially if the majority of the Xbox Live users in question are American - though I agree with metrix007 that this guy could have had a better tone about it. I am, however, saying that the association between the swastika and nothing but Nazi Germany is far from universal.

more than 3 years ago
top

Spammers Using Soft Hyphen To Hide Malicious URLs

Zarel Re:SpamAssassin is not vulnerable to this (162 comments)

Erm, I don't think you know what "properly extracted" means.

exa­mple.com doesn't lead to example.com, it leads to xn--example-nka.com, so if you extract the former instead of the latter, you're doing it wrong.

more than 3 years ago
top

Windows 7 vs. Ubuntu 10.04

Zarel Re:Window decorations (702 comments)

Chrome 6+ adapts to Ubuntu 10.04+'s close/maximize/minimize button positions; Chrome 5 doesn't. I'm guessing they were using Chrome 5, and you were using Chrome 6/7.

more than 3 years ago
top

Mozilla Unleashes the Kraken

Zarel Re:Javascript (363 comments)

Chrome Developer Tools.

Opera Dragonfly.

Firebug.

Internet Explorer Developer Tools.

Safari Developer Tools.

Every single modern browser comes with a JavaScript debugger with the ability to set breakpoints, inspect variables, and single-step through code (except Firefox, which requires an extension to do it).

(Sadly, most developers are only aware of Firebug, and say things like "Firebug can inspect elements" and "Firebug can set breakpoints just by clicking on the line number" as if it weren't true that every other browser can do the same thing without having to install an extension.)

more than 3 years ago
top

Facebook To Add Remote Logout

Zarel Re:Stating the obvious... (145 comments)

I said "given the option to prevent the change", not "ratify the change". There is no such thing as ratifying changes. It would work something like this:

1. Spambot adds the email address of one of the botmaster minions.
2. You receive an e-mail notifying you that you added a new e-mail address to your old e-mail address, with a link to reverse the change.
3. Spambot changes the account password.
4. You receive another e-mail notifying you changed your password, with a link to reverse the change.
5. You click either link. Facebook makes you reset your password (no need to know the spambot's changed password), and the new e-mail address is removed.

more than 3 years ago
top

Facebook To Add Remote Logout

Zarel Re:Stating the obvious... (145 comments)

1. adjust the account email address to something at your choice. Potentially, follow this by a change of the password for that account.

You know, this can't actually result in an account takeover. Facebook implements a reasonably secure e-mail address change feature - all your existing e-mail addresses are notified and given the option to prevent the change.

more than 3 years ago
top

Google Engineer Decries Complexity of Java, C++

Zarel Re:Maybe because programmers like to be clear (878 comments)

Should have RTFA I guess, I now realize Mr Pike just talks in circles and really didn't have anything of value to say other than 'programming is hard'.

No, he doesn't. TFA-writer Joab Jackson talks in circles and doesn't have anything of value to say. Mr. Pike, on the other hand, appears to be saying that Google Go fixes a lot of unnecessary complexity in Java and C++.

His keynote isn't linked from either the Slashdot summary or TFA, but can be seen here: http://www.youtube.com/watch?v=5kj5ApnhPAE

about 4 years ago
top

Google Chrome Now Has Resource-Blocking Adblock

Zarel Re:Still not as good as what Firefox has (335 comments)

It doesn't catch every single resource -- ad blocking plugins for Chrome admit that it won't catch everything and still has to just hide some ads.

It looks like the resource blocking not working in some cases is an accepted bug, and thus will be fixed soon.

And it's not nearly powerful enough for NoScript to work.

Chrome has that built-in. Go to "Preferences" -> "Under the Hood" -> "Content Settings" -> "JavaScript" -> "Block all". You can also manage per-site blocking from that screen. On websites that use JavaScript, a "JavaScript blocked" icon will appear in the toolbar, and you can click on it and click "Allow JavaScript on this site".

about 4 years ago
top

Adding CSS3 Support To IE 6, 7 and 8 With CSS3 Pie

Zarel Forget CSS3, work on CSS2 (142 comments)

A lot of CSS2 features don't even work correctly in IE6 and IE7: http://en.wikipedia.org/wiki/Comparison_of_layout_engines_(Cascading_Style_Sheets)

A lot of the really useful selectors, for instance, aren't available in IE6. Not to mention min-width/max-width, and white-space:pre. And using left and right in the same rule makes IE6/IE7 ignore right. In IE6/IE7, there's plenty that goes unimplemented, like :active and :before and outline and display:table; and border-style:dotted; and vertical-align:middle; and background-position:fixed;.

These aren't obscure features no one uses, these are all features I've wanted to use while designing my webpages that are supported by every other browser that IE6 and IE7 don't support.

We should really be looking to fix those, first.

about 4 years ago
top

Some Google Searches Now Blocked In China

Zarel Re:it makes me wonder (84 comments)

What are my obligations as a human being to run an open proxy for IP addresses that come from China? (i.e. drop the rest of the IPs to keep freeloaders out); I am torn between the trouble *I* can get in for blindly proxying traffic, versus the feel good vibe from letting someone get onto the unfiltered net. Thoughts?

Well, let me tell you a story.

Way back in 2006 or so, I went on a trip to China. This was back when the Great Firewall blocked Wikipedia, and a few weeks in, I was suffering from Wikipedia-withdrawal. So I called one of my friends, who was a coder for an online MUD, and got him to set up a web proxy on the MUD's website.

I even made an edit on that proxy: http://en.wikipedia.org/w/index.php?title=Business_Professionals_of_America&diff=prev&oldid=68970071 - that's how I discovered their server had mod_rewrite on, and the proxy software didn't have a workaround for that. Had to get my friend to fix the quote escaping.

Anyway, three days later, the site was blocked. Nothing else happened. I mentioned it to my mom, and she said that's usually how it goes. The government passively adds blocks and deletes messages you make that it disapproves of, but it doesn't actively seek you out and tell you to stop, or otherwise punish you.

I suspect that's how it'll go if you set up a proxy. It gets blocked quickly, nothing else happens.

more than 4 years ago
top

Google Builds a Native PDF Reader Into Chrome

Zarel Re:You did not RTFA either (285 comments)

because TFA doesn't explain that google wrote it themselves. Heck, even the google blog announcement doesn't explain that google wrote it themselves. Guess what, it turns out google did not write it themselves, they're using libpdf.so which is libpdf

I was referring to the Google blog post, which is linked from the Slashdot summary and thus counts as "TFA".

It says "Currently, we do not support 100% of the advanced PDF features found in Adobe Reader, such as certain types of embedded media" and "We would also like to work with the Adobe Reader team to bring the full PDF feature set to Chrome using the same next generation browser plug-in API", which I took to mean that:

1. it clearly isn't being written by Adobe, and
2. even if Google didn't write it, they are maintaining and improving it, so they "wrote it" in the same sense that Apple "wrote" WebKit.

As for the "libpdf.so", part, I assume you're looking at the part of the code that says

#if defined(OS_WIN)
            cur = cur.Append(FILE_PATH_LITERAL("pdf.dll"));
#elif defined(OS_MACOSX)
            cur = cur.Append(FILE_PATH_LITERAL("PDF.plugin"));
#else // Linux and Chrome OS
            cur = cur.Append(FILE_PATH_LITERAL("libpdf.so"));
#endif

Which means that they're using a file called libpdf.so on Linux. As another one of your replies points out, this is doubtful to be the 9-year-old unmaintained incomplete C library you link to, and judging from the Windows and Mac filenames, this is nearly definitely a library written (or at least maintained) by Google.

more than 4 years ago
top

Google Builds a Native PDF Reader Into Chrome

Zarel Re:Chrome, you're losing me! (285 comments)

Why should they be inconsistent? Why should HTTP be hidden but HTTPS and FTP and other protocols be shown?

I've never found the protocol being displayed in my browser to somehow "distract" me or reduce my productivity. Is this seriously a concern?

It reduces your productivity because there's more to read. Instead of being able to look to the leftmost side of the address bar to see the domain, you have to look to the leftmost side, then scan right until you find the domain. It's really minor, but it's there.

I also like to resize browser windows sometimes. Especially since Chrome makes it easy to drag tabs into new windows, I often drag a tab out, and then resize it into a narrow sidebar I can refer to while doing something else. In cases like that, I'd much rather see "google..." than "http://g..."

The inconsistency of still showing "https://" is actually helpful. It's a lot easier to see the difference between nothing and "https://" than between "http://" and "https://". Since http is most common, it makes sense that a departure from that protocol should be easily visible.

And there's also the "Why not?" I haven't really heard any reasons why http should be kept.

more than 4 years ago
top

Google Builds a Native PDF Reader Into Chrome

Zarel Re:Chrome, you're losing me! (285 comments)

From a security point of view, I'd feel better if Google wrote their own PDF implementation. Far be it for me to read TFA, but I get the impression that this code comes from Adobe, whose software generally makes me nervous.

I've read it for you. The code doesn't come from Adobe, Google wrote it themselves. It also uses Google's new sandboxed plugin API, so it would be less of a security concern even if it did.

(I'm surprised you got two replies who also didn't RTFA.)

more than 4 years ago

Submissions

Journals

Zarel has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>