Regarding your second suggestion, how would allowing only POST requests stop this from being exploited?

POST requests aren't any more secure than GETs[0] in the context of this exploit, so surely it would make no difference if the attacker was forced to send one type instead of another?

It would also mean that the intended recipients of the Flickr invites would be unable to accept them because you can't POST via links in emails.

[0] https://stackoverflow.com/questions/198462/is-either-get-or-...

Maybe this is a repetition of that old "POST-only prevents CSRF" myth?

Allowing only POST requests can help for one simple reason - it's harder for people to share the link without knowing what they're giving away.

Of course, using POST is not the only solution here (requiring the invitation to be by the signed-in user is way better), and it can represent a UX problem (refreshing causes the dreaded "form resubmit" warning).

But it's not a no-op. It does have effect in security in practice, even if it doesn't in theory.

Have you tried using zoom, instead of changing the minimum font size? It would be reset for every different site you visit (at least on FF, not sure about other browsers) but from my experience scaling the whole site up instead of just the text doesn't break websites as much.

Hahahahaha, zoom. Since I installed the 13.04 version of ubuntu on my MBP retina, I get the pleasure of cruising the web at 200%. Half the sites out there break.

Chrome's zoom works really well, give it a shot.

I do use Chrome's. It does work way better than FF, but you'd be surprised at how much text out there is loaded with third party JS or flash and doesn't "grow" with the the zoom.

You might wanna try Opera 12. It's going the way of the dodo, but it has always had the best zoom of all browsers. In my experience there are only some few video applets that don't zoom properly because they render in exact pixels.

can you point me to a site that breaks Chrome's zooming? It rarely fails for me, and I use it quite a bit. Maybe I can figure out what's going wrong.

There is enough driver support for rMBP? What's your battery like?

Battery is great. I've actually been running this for about a year now. But I'm a hacker. Getting 13.04 to run when it was only Jan 2013 was a challenge. Also, installing Mavericks OSX on the dual boot partition fucked my ubuntu boot loader, so now I resort to booting with alt-option held down. Also, I had to rebuild gnome or something. I can't remember. It took me almost a day. Also, I don't have sound in Ubuntu, but that is a 13.04 problem since the HDMI output is on the same something something as the normal audio out.

Like I said, not for the beginner. Then again, what else am I supposed to use? Mac has by far the best hardware and OSX is a giant piece of crap for power users.

I would try mint linux, but I'm too afraid of being stuck without support.

I've thought of making a small side company that only sells rMBPs with dual boot ubuntu at a 200 dollar markup. I'd pay that, but maybe I'm not your normal computer user.

Yes, zoom is great in OS X. I admit I haven't tried it in Firefox, I will now.

Whenever I encounter a site that doesn't render properly with large fonts, I simply turn off the minimum font size in Firefox and use the OS X Accessibility keyboard shortcuts to zoom in. This works well, but it's annoying to have to keep switching around like that. E.g. it would be nice to have faster access to the Firefox submenu that controls minimum font size.

Yea, I agree with this.

I find if I'm tired, I need to increase the zoom to read text, so a quick mouse wheel while holding Ctrl and then a Ctrl-0 when finished and it's like it never happened

Works fine for me.

FF 25.0.1 on Ubuntu 13.10

Up until a couple of weeks ago I was a loyal Chrome advocate. However after the Mozilla team's recent AMA on reddit I decided to switch and since then I really haven't found Firefox inferior at all (aside from a couple of examples like this). So for anyone else looking to make the switch, go for it! The only thing I'm missing about Chrome are the excellent dev tools.

I've been quite satisfied, most of the things, it's just a matter of adaptation to a new way of doing stuff.

My only big issue is that I'm having some performance issues, and that is something I can't live with.

If you are using Windows you might want to give Pale Moon a try, on my system it is much smoother than the official Firefox/Aurora/Nightly.

Pale Moon feels as smooth as the official Firefox does under OS X, for whatever reason the official Firefox for Windows feels terrible on my system (clean profile of course).

Just out of interest, where have you found these performance issues?

The only thing I've noticed was that it really struggled to scroll down large pages whilst playing a video in another window/tab. Although that quickly fixed itself when I updated my graphics card drivers (completely forgot to do so after installing Ubuntu).

Sometimes just opening a new tab.

Facebook seems to lag my whole pc, that might be facebook's fault, but it doesn't happen in chrome.

I browse reddit quite a lot, images just seem to render slower (and the render all distorted until finished).

Youtube videos seem to go out of focus constantly.

Cold start is quite slow, though not unacceptable times, definitely slower.

When I load a big page, it seems to take much longer before I can start scrolling.

None of this are actually tested, so some may be perception, but in general terms, it actually feels quite slower, not bad, but not snappy.