f*******5
发帖数: 10321 | 1 这个link不错,看来主要还是审查界面的东西,还算合理。
sandbox还是需要的。这两天就有关于iphone的private info access和root cert
vulnerability的新闻。
erroneous, |
|
a***y
发帖数: 19743 | 2 感觉Safari 5.1.2终于fix了不少sandbox的问题和内存泄漏问题。 |
|
p*****i
发帖数: 1281 | 3 就那么几个包子,送完为止。。。
Tue Jan 11 16:22:12 2011
panic(cpu 0 caller 0x2aab55): Kernel trap at 0x0049a20e, type 14=page fault,
registers:
CR0: 0x8001003b, CR2: 0x5ef72bf0, CR3: 0x00100000, CR4: 0x00000660
EAX: 0x0f088b7c, EBX: 0x5ef72bbc, ECX: 0x021f0000, EDX: 0x0ee7fe80
CR2: 0x5ef72bf0, EBP: 0x83b2be78, ESI: 0x00000000, EDI: 0x12605b58
EFL: 0x00010202, EIP: 0x0049a20e, CS: 0x00000008, DS: 0x0d0f0010
Error code: 0x00000000
Backtrace (CPU 0), Frame : Return Address (4 potential args on stack)
0x83b2bc48... 阅读全帖 |
|
l*******r
发帖数: 623 | 4 I guess the idea is trying to babysit each app in its own sandbox such that
it would hurt the whole system when something goes wrong. Communication
between apps so far is limited but I believe apple will open more doors to
3rd party developers.
iOS 5 is close to perfect in my opinion, if there were fewer bugs...
是G
twitter |
|
a***y
发帖数: 19743 | 5 ☆─────────────────────────────────────☆
wy (bcburg) 于 (Fri Jun 11 00:01:57 2010, 美东) 提到:
经常crash,决定改用chrome看看
☆─────────────────────────────────────☆
lopt (运去英雄不自由) 于 (Fri Jun 11 00:05:32 2010, 美东) 提到:
safari 5还不错啊。我用了几天了。
☆─────────────────────────────────────☆
tenniswu (家家) 于 (Fri Jun 11 00:39:24 2010, 美东) 提到:
chrome还不如, 什么插件都不支持
☆─────────────────────────────────────☆
eefree (eefree) 于 (Fri Jun 11 01:25:19 2010, 美东) 提到:
用mac的人崇尚极简,不用插件。
☆──────────────────────────────────... 阅读全帖 |
|
a***y
发帖数: 19743 | 6 ☆─────────────────────────────────────☆
GavinZy (Nothing Else Matters) 于 (Sun Aug 28 20:12:13 2011, 美东) 提到:
我是IOS用户,用iphone4和ipad2,我承认apple在app的的各种过场动画(各种细节)
和电力续航的软硬结合上仍然独步武林。
但是,IOS还是落后了… …
从IOS赤裸裸抄袭Android的notification center上就初见倪端了。智能手机作为未来
的云端,必须是信息流的操作方式。举个例子:我点亮手机屏幕,就可以被动的接受到
天气预报;我打开一张图片,就可以考虑是编辑这张图片,还是post在Twitter上还是G
+还是facebook还是同步所有SNS,这些在IOS设备上都无法实现。在IOS里,我在相册里
看到一张图,想编辑它,必须在众多app里找到相应的软件,编辑完保存,再找twitter
的app发布,再找facebook app发布,沮丧至极…
IOS这种杯具就源自其everything app-based…想要有所改观很难,尽最大... 阅读全帖 |
|
|
|
g***i
发帖数: 4272 | 9 系统自带:OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
最新版openssh是:
OpenSSH_6.6p1, OpenSSL 1.0.1i 6 Aug 2014
用brew更新后,客户端就是最新的了。(把/usr/local/bin放到$PATH最前边)
更新的目的是为了sshd的安全。但通过telnet localhost 22会发现,sshd依然是老版
本。
修改一下/System/Library/LaunchDaemon/ssh.plist:
把里边的/usr/libexec/sshd-keygen-wrapper以及/usr/sbin/sshd 都更改为 /usr/
sbin/sshd就可以了。(/usr/local/sbin/sshd可能需要自己link)
然后重启sshd服务。(launchctl或者系统分享设置)
最后更改一下/usr/local/etc/ssh/sshd_config
把UsePrivilegeSeparation的值从sandbox改为yes |
|
q***n
发帖数: 3594 | 10 跟udp punching应该没关系.server是我自己设在amazon cloud上的。
root cause是ios的sandbox mechanism,但是我不知道怎么绕过这个限制,除了
jailbreak。。 |
|
M****r
发帖数: 359 | 11 iOS的sandboxing太严重,这个还真未必是Google的问题。 |
|
E***r
发帖数: 1037 | 12 还是那么感性,那么有煽动力
那遣词造句,诗一样
(空洞无物)
郎咸平说过,广告的本质
不是打公司和产品的知名度
打的是产品精神
果子做到了
http://www.apple.com/iphone/why-theres-iphone/
Every iPhone we’ve made — and we mean every single one — was built on the
same belief. That a phone should be more than a collection of features.
That, above all, a phone should be absolutely simple, beautiful, and magical
to use.
It should have hardware and software that were designed to work with each
other. And enhance each other. By people who frequently see each other. That
’... 阅读全帖 |
|
|
h********o
发帖数: 2316 | 14 这个网站是自己写code建起来的,从来没见过和mitbbs差不多架构的论坛
老邢这点还是很了不起
可是更新网站难道不能放到sandbox里先做好了再更新吗,上传一下怎么也用不了3天吧
。 |
|
t***o
发帖数: 16 | 15 ======================================
#!/usr/bin/python
import paypalrestsdk
paypalrestsdk.configure({
"mode": "live",
"client_id": "...",
"client_secret": "..." })
payment_history = paypalrestsdk.Payment.all({"count": 10})
print payment_history.payments
======================================
$ ./paypal.py
Traceback (most recent call last):
File "./paypal.py", line 22, in
payment_history = paypalrestsdk.Payment.all({"count": 10})
File "build/bdist.linux-x86_64/egg/paypalr... 阅读全帖 |
|
h****n
发帖数: 45 | 16 Is UNM's a top one?
For application security, i.e, confinement, sandboxing, intrusion detection
etc., which groups are must-sees?
Thanks |
|
h****n
发帖数: 45 | 17 u of new mexcico. I read a couple of their paper published in CCS, which look
quite interesting. I am not familiar with the security.
Back to the main question: "For application security, i.e, confinement,
sandboxing, intrusion detection etc., which groups are must-sees?"
I understand Jail in BSD, chroot are product level techniques for confinement.
Anything similar? thanks a lot.
detection |
|
a***c
发帖数: 315 | 18 两手抓,两手都要硬。哈哈。不过语言不用每个都懂。能够把一两个搞的
精通就够了。精通不是指编程应用,而是语言内部原理。 动手能力强的软工
还是很强手的。比如偶认识一个家伙,Java大拿(不是指编程),很短时间
就能根据客户要求,把Java port到一个全新的平台上,而且footprint很小。
偶现在做的工作就需要一个安全的ruby sandbox。可是根本找不到。感觉工业界
和学校脱节很大。一边很多有用的研究工作没人做,一边是一群人闭门造车,狠劲灌水。
不过只想灌水发文章的化,的确不需要写程序。说到底,还是楼主到底想干啥的问题。
灌水发文章其实是欺骗自己的做法。是涂糜自己的智力。但然,如果没有比灌水发文章
更有意义的事做,还是灌水发文章吧。 哈哈 |
|
w*******g
发帖数: 9932 | 19 这个ruby sandbox要是没有研究的意义,估计没有学校里的人愿意作
水。 |
|
w****2
发帖数: 12072 | 20 Stevey's Google Platforms Rant
I was at Amazon for about six and a half years, and now I've been at Google
for that long. One thing that struck me immediately about the two companies
-- an impression that has been reinforced almost daily -- is that Amazon
does everything wrong, and Google does everything right. Sure, it's a
sweeping generalization, but a surprisingly accurate one. It's pretty crazy.
There are probably a hundred or even two hundred different ways you can
compare the two companies... 阅读全帖 |
|
s**********o
发帖数: 14359 | 21 最近新来的几个PROGRAMMERS被老板边缘化了,基本上是不闻不问,只有分配活的时候
问,要多少时间啊。分析了一下大概这样几个原因,
1.刚来的时候大家都很有热情,四处去搜集信息,乱问乱叫,可能得罪了其他TEAM的领
导,估计老板被人质问了,而且有可能反映到上头去了。
2.没经过大部门领导批准,私自跟IT要了VM装了个SANDBOX,老板没反对,后来有人追
问,你们的SERVER从哪里来的,怎么没告诉我,公司批准了吗?最近只好MIGRATION到
正式DEV SERVER,可能老板被人指责了。
3.经常对软件的FUNCTION和USER STORIES提出质疑,不质疑根本就没发开发,老板觉得
我们就是问题多,只会抱怨。
4.给领导做DEMO的时候我们做的活都被最小化了,基本看不到我们的工作,各级领导都
不问我们新来的任何问题,都是几个老的左一句右一句。
5.可能是我们发EMAIL不注意,HURT好多人的FEELINGS,老PROGRAMMER和TEAM LEADER明
显地不愿意跟我们交流,有事就找他们老熟人去做。
6.新来的同事要求加班完成任务,结果TEAM LEADER说这个周末... 阅读全帖 |
|
|
L*******r
发帖数: 1011 | 23 My words: I have tested what the paper said with my own programs. It is true
that simple WinForms will const you more than 10M. And when you start two
instances of a same program, it will cost double memory, which is 20M.
I know the way to save memory for 2-instances case. Provide your own loader of
IL classes and let those two instances share libraries. This is the way I used
in Java, which will save you lots of memory. But this way sacrifice security
feature of "sandbox". So use this trick car |
|
f*****n
发帖数: 64 | 24 Which one of the following is NOT guaranteed through the use of a unique .
NET Framework application domain?
Choice 1
Static variable isolation
Choice 2
Elimination of naming conflicts
Choice 3
Elimination of versioning conflicts
Choice 4
Security sandboxing
Choice 5
Elimination of domain conflicts |
|
g*****g
发帖数: 34805 | 25 Maybe you should get yourself educated and stop being so ignorant. This is
how RIA is defined on wiki.
"A Rich Internet Application (RIA) is a Web application that has many of the
characteristics of desktop application software, typically delivered by way
of a site-specific browser, a browser plug-in, an independent sandbox,
extensive use of JavaScript, or a virtual machine."
And some technologies, like GWT, ExtJS and Vaadin are mentioned on that page
, which all render pure html/js in the brows... 阅读全帖 |
|
|
j****y
发帖数: 178 | 27 用flex做了个应用,提取mp3的id3 信息。mp3是网络上其他网站host的文件。
这个应用在本地运行没任何问题,但是,传到我的网站上再运行,就会出现安全错误提示。
Security sandbox violation Sound.id3
我goolge了一下,改了我网站上的crossdomain.xml,可还是没效果。
有达人帮忙一下么?谢谢 |
|
k***i
发帖数: 462 | 28 裸奔也不是不可以。小红伞还是不错的,就当求个心理安慰吧,关键是占资源少。
搜Avira AntiVir。WS网页上sandbox。 |
|
Z****e
发帖数: 2999 | 29 VM就是个sandbox,里面整翻天也不会影响到外面的。。。至少目前为止。。。
呢? |
|
T****n
发帖数: 6187 | 30 即便如此,也还是比其他的强啊
而且目前对普通用户没影响
DEP.
as
most |
|
|
f****p
发帖数: 18483 | 32 Chrome唯一长处就是那个sandbox,其他的就是扯淡。你下个源代码就知道了。 |
|
v***s
发帖数: 235 | 33 IE里面,当以文件方式访问的时候,我是说在本地双击
html文件,ie的安全设置是无法修改的(可能在注册表某处)
所以它肯定在sandbox中运行而导致无法读文件
所以只好放到iis上测试了
这个applet我已经运行通了 |
|
a*****i
发帖数: 4391 | 34 【 以下文字转载自 Programming 讨论区 】
【 原文由 ayanami 所发表 】
See the thing is that Sun, being the wise company it is has taken java to a
new level by adding the JSAPI (Java Sex API). Some of the new packages
include:
* javax.sex.bondage
* javax.sex.beastiality
* javax.sex.toys
* javax.sex.masturbation
Fortunately the Java sandbox makes the sex API's perfectly safe. It explicitly
blocks execution of the getPregnant() method of the Woman class which is a
definite plus. It's this sort of well th |
|
|
c*****t
发帖数: 1879 | 36 It has two things that I care about.
1. It bundles its own Bean Scripting Framework like API for
plugging in custom scripting engines. It also bundles
Rhino JavaScript engine with it. However, AFAIK, you
can't run Rhino JS engine under WebStart sandbox. I
didn't try it for 1.6 yet, but I think that would be
the same case for 1.6. So it can cause unnecessarily
problems for some people.
This change is probably more useful for server than client
since BSF has been out th |
|
r***u
发帖数: 241 | 37 如果是单个tab的任务崩溃了,主进程不会崩溃
但因为不少工作是在主进程完成,Chrome有时候也会整个崩溃,但重启的速度非常快
其实多进程隔离的好处还在于安全性,render进程是运行在sandbox里面的 |
|
a*****i
发帖数: 4391 | 38 Google has been working on a new search infrastructure and you can now test
it if you visit www2.sandbox.google.com. Don't expect new features or better
search results, but if you find something interesting, post it in the
comments.
"It's the first step in a process that will let us push the envelope on size
, indexing speed, accuracy, comprehensiveness and other dimensions. The new
infrastructure sits "under the hood" of Google's search engine, which means
that most users won't notice a differe |
|
p*****s
发帖数: 344 | 39 most people's feeling after a month of usage is I still don't get it.
no one knows where this will go. Recently google wave sandbox now opened
up federation to other server. If everything goes well, the google wave
can be like online email server, each has its own implementation, but
still can talk to each other. In that sense I can see it could be the
future of rich content email system. |
|
r****y
发帖数: 26819 | 40 那也就是说会有native的app
现在这个模型展示的都是web browser sandbox里的web app。。。 |
|
