Hacker News new | past | comments | ask | show | jobs | submit | more Eiwatah4's comments login

What's stopping the attacker from reading the user's browser data and replaying it to Google?


Cookies are not arbitrarily sent to any server. If Google has a separate subdomain they use for authentication (say login.google.com), they can instruct your browser to only send the relevant cookie to that subdomain.


Good point, though it sounds like it'd very challenging to train users to notice the absence of a special image... especially when it's normal for that image to disappear whenever they use a different browser or clear cookies.


Agreed. Yahoo actually tried that for a while, but I believe they stopped using it for that very reasons: people don't notice.

http://security.yahoo.com/sign-seal-000000996.html


For some reason, the #content element is hidden with a `display: none`. Disable that and the content shows.


Either that, or a race condition.


I'm not sure that's necessarily the case. See my comment above about sequential consistency.


Aren't those undefined behavior bugs?


Imagine two threads that safely lock a resource, increment it, copy the value, and then unlock it. This is entirely defined, but also a race condition.

Race conditions are a lot like unsanitized input. They don't cause problems by themselves, but if you make incorrect assumptions it's easy to write incorrect code.


It's data races specifically that are undefined behaviour.


Gcc doesn't have such a warning. Clang has it, but it has to be explicitly enabled. (It's not even in -Wall or -Wextra.)


It appears that -Wunreachable-code was removed from gcc due to optimizer issues

http://gcc.gnu.org/ml/gcc-help/2011-05/msg00360.html


In Rust, (right now) you can choose between a 1:1 or a N:M mapping between OS threads and Rust tasks. With N:M threading, the runtime necessarily does (some of) that internally.


Incidentally, Servo uses both: we use 1:1 for the parallel layout worker threads and M:N for the script and layout tasks.


That works just fine. But if you're working on a big project, a full new download can take a while.


My experience with cgroups is that it's incredibly difficult to get them to do what you want them to do. But systemd seems to be changing that, so maybe their use will get more mainstream soon.


It is for sysadmins. And those are probably Canonical's biggest source of income.


Not really. We're mainly concerned that the interface is consistent.

service ssh restart works fine but that was fine in sysvinit as well..


for some value of fine.

  service my_service restart
required writing 100+ shell scripts, each of which was error prone and difficult.


But also 100% not my problem :)


If one of those scripts forgets to kill a process's children (because the process itself was supposed to handle that), and a server ends up with a bazillion orphaned processes, then it could well become your problem!

This happened to me once. Never again, damn it.


What stopped you from spawning the daemon in a cgroup?


I didn't know about them at the time, and I wasn't the one who wrote the script that spawned it.


> I don't know how other similar languages deal with GUI. It's always sort of hairy, obscure code when you look at it closely.

The best languages for GUIs I've seen are specialized declarative DSLs. Things like QML, XAML, JavaFX FXML, XUL, and even HTML. Anything else very much sucks, in my experience.


And Qt pre-QML. The user interface is declaratively described in XML (which can be edited visually with Qt Designer). You then use a utility (uic) to generate e.g. C++ class which you can use through composition and inheritance. UI events are wired to code through Qt's signal/slot system.


When there are too many messages, rsyslog will drop them in the default configuration, too.

http://www.rsyslog.com/tag/systemlogratelimitinterval/


Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: