You are here

*FYI* FireFox 3.0 Code Vulnerability!

20 posts / 0 new
Last post
wsm23
Offline
Last seen: 12 years 1 month ago
Joined: 2006-01-09 22:05
*FYI* FireFox 3.0 Code Vulnerability!

I am still using it but there is already a patch in the works.

http://news.cnet.com/8301-10789_3-9972207-57.html?tag=blgs

Shawn Faucher
Shawn Faucher's picture
Offline
Last seen: 14 years 7 months ago
Developer
Joined: 2007-10-23 22:14
Great timing...

Lovely how FF3 has been in release candidates for months now and yet security companies wait until the day of release to spring this on mozilla...

formerly rayven01

Simeon
Simeon's picture
Offline
Last seen: 9 years 5 months ago
DeveloperTranslator
Joined: 2006-09-25 15:15
yes

definitively!

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
Not quite

It's not the security companies doing this. It's "researchers". See

http://blogs.zdnet.com/security/?p=1288

Too bad the open source community didn't look for this problem. Sad

How will the fix be implimented in the PortableApp version? Whole new download or just the patch?

Ed

Tim Clark
Tim Clark's picture
Offline
Last seen: 12 years 11 months ago
Joined: 2006-06-18 13:55
Mozilla

Mozilla will release
FF3.0.0.1 and FF2.0.0.15
and we will release
FFP3.0.0.1 and FFP2.0.0.15

Tim

Things have got to get better, they can't get worse, or can they?

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
Oh!!

I thought the plan was to allow the PortableApp version to apply Mozilla updates directly with the new release. That there was going to be a means to prevent/circumvent the Registry update performed by older releases.

Ed

John T. Haller
John T. Haller's picture
Online
Last seen: 10 min 56 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Yes

[sarcasm]No one at all in the open source community was looking for this problem. We were all purposely ignoring it.[/sarcasm]

It's someone greedy who found it and, rather than submitting it as a bug during the beta or release candidate process, sold it right after the release. Basically, someone who thinks their right to get a few thousand dollars trumps inconveniencing millions of other people.

Sometimes, the impossible can become possible, if you're awesome!

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
May be

No one at all in the open source community was looking for this problem. We were all purposely ignoring it.
Must be, else this guy is the smartest human on the planet and deserves the reward since he found it and no one else did.

Basically I think the OS community consists of 5 or 6 people who actually write code and 10,000,000 people who simply want something for nothing.

(BTW everyone knows that this board doesn't use web standard [] tags John. You need to conform to the board's tag format. <LOL>)

Ed

John T. Haller
John T. Haller's picture
Online
Last seen: 10 min 56 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Standard

You mean that oddball BB code stuff that only experienced forum folks know but the far greater community that uses standard HTML doesn't (but does know how to use on this board)?

Sometimes, the impossible can become possible, if you're awesome!

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
No way!!

You can't be referring to the old standard html tags that everyone knows and loves. They don't work here! The user friendly <b> for bold rather than the more time consuming to write <strong>, <i> rather than <em> and etc. The old codes that every browser to date including FF 3 supports? Are those the html tags you are referencing? I didn't think you acknowledged anything on the web created before Tuesday. <LOL>

Personally I think your forum should support both standards. Whether [b] or <b> I don't care. Certainly you could edit/translate whatever tag the user inputs to whatever standard you want the board to use. Not everyone is a member of the Youtube and Blog world, some actually are the ones that helped create the web we know today.

Ed

John T. Haller
John T. Haller's picture
Online
Last seen: 10 min 56 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Bold

You mean the B tag that for most uses users should have switched to the STRONG tag back in 1997 when the spec said "The following HTML elements specify font information. Although they are not all deprecated, their use is discouraged in favor of style sheets"?

BB code is kinda cheesy and seems to be implemented differently on different boards... especially links. It was really only invented for older forum software that couldn't handle filtering HTML directly (it's certainly no easier to use BBcode than HTML). And it would mean another filtering module to add on to the CMS to handle. HTML works and anyone that knows BB code knows HTML.

To make things easier on users who don't know HTML, I kinda wish Markdown caught on.

Sometimes, the impossible can become possible, if you're awesome!

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
That's the one

You mean the B tag that for most uses users should have switched to the STRONG tag back in 1997 when the spec said "The following HTML elements specify font information. Although they are not all deprecated, their use is discouraged in favor of style sheets"?

Yup, the one that was supposedly going to go away and here it is 11 years later and still supported by browsers. Certainly the html generators like FrontPage have all been converted to the spec but for hand writing code the B is a faster tag to write. I think for the sake of user convenience the old tags should be supported in the forums, they are simply quicker to enter.

And the forum doesn't seem to support the ability of users adding their own CSS code so they can't follow the spec's recommendation even if they wanted to. In fact, since it's a binary world, the forums should either support the spec fully and allow for user CSS code or support the old tags like all the browsers do. Supporting half of a spec isn't fair.

(And what tag supports the underline function??)

Ed

John T. Haller
John T. Haller's picture
Online
Last seen: 10 min 56 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
No

The syntactically correct way of doing it is STRONG. B is supported by browsers for backwards compatibility reasons, not because people should be creating new pages with it. The only new page that should be using a B is something with math entities. In your above post, for instance, you're emphasizing the words "11 years", so, in terms of syntax, these would either be strong or said with emphasis... <strong> or <em>. This makes more logical sense for non-visual things like screen readers. We don't support outdated tags just because it's easier to type.

This is the way it is by default on all Drupal sites and it makes logical sense to do it that way. Away with the kludgey, old, non-standard BB code that was slightly different in each forum package. Away with old depracated tags that some people misuse because they're too lazy to type 5 more characters. And, hello, nice easy standards-based, updated, consistent HTML. Smile

Sometimes, the impossible can become possible, if you're awesome!

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
Wrong priority

The purpose of a forum is to make it easy for people to communicate, not force them to learn half of an HTML code standard. In case you haven't noticed, not everyone who uses PortableApps is a techie.

I agree that BB codes are inconsistent across forums but unfortunately the approach you're using isn't much better.

Ed

John T. Haller
John T. Haller's picture
Online
Last seen: 10 min 56 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Nope. Right Priority.

A non-techie isn't gonna know [b]bb-code bold[/b] or <b>out-dated HTML bold</b> anymore than they're gonna know <strong>strong</strong>, so your point is moot. Far far far more people know HTML than know BB code. And the ones who know BB code know HTML because BB code is just a bastardization of HTML. So, this is the best solution. Real, modern HTML which everyone who knows BB code knows and everyone who knows HTML knows. So, yes, that makes it the easiest for EVERYONE to communicate within a text edit box for now.

Any forum that uses BB code is FORCING a user to learn a new, strange, non-standard, inconsistant markup that ONLY works for forums... nowhere else. That's about as unfriendly as you can get since you're shutting out all the millions that already know how to markup text.

Later on, we'll be doing a WYSIWYG editor for comments with just options for bold, italics, etc, which renders ALL of this moot (no oddball BB code, no techie HTML) and automatically converts it into the real, syntactically correct HTML we use now... but it's a bit buggy at the moment.

Sometimes, the impossible can become possible, if you're awesome!

KickButts
KickButts's picture
Offline
Last seen: 13 years 9 months ago
Joined: 2008-03-13 09:58
I think I never see a

I think I never see a pointless discussion like that on this BB before, lol.
Get back to the topic, shall we? Wink

Alive and kicking!
"If you were a robot, and I knew but you didn't, would you want me to tell you?"

Ed_P
Offline
Last seen: 5 years 5 months ago
Joined: 2007-02-19 09:09
Far far far more people know

Far far far more people know HTML than know BB code.
Unsupported conjecture.

What percentage of PortableApp users do you think know HTML code? I suspect less than 10%. And of those that do what percentage do you think care whether they write their posts in half an HTML code standard or simply something easy to use? In that you say you're developing a WYSIWYG interface you obviously realize the percentage is small.

Good luck with the new interface.

Nice talking with you John.

Ed

haustin
Offline
Last seen: 12 years 7 months ago
Joined: 2007-09-19 17:59
I'll have to side with...

John and KickButts on this one.  Smile

-hea

bluebell_rose
Offline
Last seen: 9 years 1 month ago
Joined: 2007-11-27 20:53
lold

nah, I've only been on forums for a year and I'm already a old pro at bb code.

Bahamut
Bahamut's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-04-07 08:44
I hope 3.0.0.1 will compile

I hope 3.0.0.1 will compile for PPC.... I'm stuck with RC3.

BBCode is only a very small subset of bastardized HTML. To say that anyone who knows BBCode knows HTML is absurd.

Vintage!

Log in or register to post comments