Domain: zonnet.nl
Stories and comments across the archive that link to zonnet.nl.
Comments · 14
-
Erica Hill
She's so fucking cute and sweet. I'd treat her to some fancy restaurant, then take a long romantic walk with her, holding hands and talking about philosophy, art and dreams. Then I'd invite her to my home and ravage her hot ass for hours, and forcing my cock down her throat so she choked on both the throbbing cock and her own rectal juice. I'd then proceed to cum on her cute innocent face. Then, as the ultimate love gift, I'd carry her in my arms to the tub and let my piss wash away the semen and last dignity from her. I'd whisper "I love you" and give her a tender smile, and cut her throat from ear to ear with a knife. Covered in her own warm blood, she'd look straight into my very soul, forgiving, understanding. A bubble from blood and saliva would burst between her lips, then she'd die. After some additional lovemaking, I'd stuff her in a bin bag. Three Weeks later, some playing children will find her mutilated and desecrated body in the forest. They will be scarred for life.
-
Problems with OpenIdI've expounded on why OpenID is insecure and I believe it is unnecessarily complicated.
Problems with OpenIDI put off reading the OpenID spec because I though it was probably flawed. Now I just feel applying my head to my desk.
OpenID is led by with this philosophy:The point of OpenID is to be dead simple, short-comings and all, so it's actually adopted.
The above is taken from a discussion of vulnerabilities. The problem with this lowest common denominator approach is that it's horribly broken. OpenID is currently no better than just giving the URL of your blog.
The number one problem is the complete lack of integrity checking. Everything in OpenID seems to be perfectly happy to let their requests be modified in transit. I think the problem with this are pretty damn obvious: nothing can be trusted. Fortunately, fixing this is pretty simple: use TLS. In today's shared hosting environment, you probably want to require support for server name indication.
Another brilliant idea: transmit the key that you'll use for signing later in plaintext.Yes, you can ask for DH-SHA1 encryption and get back a plaintext secret. If this troubles you, don't use the handle and instead use dumb mode with that server. (and if somebody sniffed the plaintext secret, it won't matter, since you'll never accept queries using that assoc_handle). If the server can't do DH, it's probably limited in some way, but using dumb mode is still safe, if not a little slower.
I believe "limited in some way" means "completely insecure." "Dumb mode" is not safe because there's no key associated with the server, so there's no way to ensure you're talking to the same one or that someone isn't tampering.
I also don't see much point in using a symmetric key for speed and security when you're just encrypting a short string. It's so tiny that both improvements are similarly small.
Perhaps the biggest problem with OpenID is it's reliance on sending a user to another page to login. It's just too easy to spoof a page and fool most people. Even better, you can open a window using Javascript and hide the location bar. Even if you normally use TLS, most people probably won't notice if it's missing or the certificate is different. Also, most sites (including LiveJournal) include a completely insecure assurance that you're secure. For example, LiveJournal says "LiveJournal Secure Site "
A simpler and more secure alternativeThe only way to fix this is (gasp) get users to carry their own keys. If you stored your key in a bookmarklet or extension, you could sign something with it. This is completely feasible because Javascript cryptography implementation is done. You could submit your public key with the signed comment. If you wanted to associate yourself with a URL, all you need to do is link to a page with the public key. If the same public key can be used for the signature.. That's right, no special identity server is needed. The public key could be submitted directly or it can be linked to. It might be a pain to write out the entire URL to the key, so perhaps autodiscovery-from-HTML should be supported:
<link rel="openpgp.key" href="http://www.livejournal.com/pubkey.bml?user=a trustheotaku" />
Note that no TLS is needed. The signature is secure in and of itself. If you want to support all the fanciness (e.g. revocation) of OpenPGP (spec), then you just need the -
Re:.txt
Probably you are confused between
.txt and .tex. You can use just notepad or wordpad for the first. Only the second one refers usually to LaTeX. But even for that second one you can try, for example, the nice (and free) LyX (there is a standalone version for windows) and there are much other for windows (of course for the free operating systems there are much many). -
Re:No thanks
"Hunt and peck" typists? You mean like this?
-
Re:No Free Windows Version
Actually there is a version of the GPL QT ported to Win32. In fact its been out for quite a while.
The Windows version of the ultra excellent lyx editor used it for their windows port in fact. See: http://www.home.zonnet.nl/rareitsma/lyx/
Here is the home for the Win32 port of the GPL QT:
http://kde-cygwin.sourceforge.net/qt3-win32/compil e-mingw.php
Its part of the cygwin project, BUT they have instructions for doing a native compile with other native Windows compilers such as Borland, Microsoft C++ etc.. -
In Europe...
We have *free* broadband
:D
(eg here) -
Saddam Picture archive
I'm making an archive of all the amusing Saddam Hussein photos relating to this capture here: http://www.home.zonnet.nl/saddamhussein/. If you see any that aren't there, feel free to submit them.
-
One way I like to celebrate victory over spam:
Before you can prepare musubi, you must first harvest using Hormel's new PCMCIA adapter.
-
Re:Let's not get crazy...
Sorry, I don't have any software for doing it, I simply presented that as an option.
Looking around, I found a few options quickly though: Several for Linux are listed here. This page lists a ton for DivX movies: here
As for obtaining scripts and stuff, I am not sure where you would go about finding scripts in Spanish. If you or someone else is good at English->Spanish translation, you may be able to find a script at Script Club but you'll need to register for access, and many of the scripts there are either for older and lesser known titles or for the most popular recent shows, very little in the middle.
I would suggest asking on a forum like at AnimeSuki where an actual subtitler might see you. -
A little fun
I made this page for fun more than a year ago: http://home.zonnet.nl/dropdotnet/
-
Philips DVD players aint so secure neither
This is hilarious, because I've had a Philips DVD711 for about the past year and a half. For about the past year and four months, it's been region/code free, done completely without ever even opening up the dang thing.
Check out this site to see how you can make your Philips DVD player region free. -
I get the feeling that it's the ditro.If it was a hardware issue, it would happen on only one system or the other.
You might run RAM diagnostics and if it does come up with some thing, you can patch the kernel with this.
I'm also working under the assumption that you've checked out SUSE's web site for bug reports, and done other basic research before posting here.
-
More information on bad ram modules
You can find more information here: http://www.home.zonnet.nl/vanrein/badra m
. -
Not a good thing
They tried the same thing in a limited sense in several cities in the Netherlands, a few years back. These ISP's - called "digitale stad" (digital cities) - were usually sponsored by private companies, such as IBM and SUN as well as the local authorities. (See: Amsterdam, Eindhoven, Leiden, Groningen, etc)
Huge amounts subsidies (tax money) went into these so-called non-profit organizations blocking independant commercial initiatives. Back then, the monopolitized phone company earned lot's of money, as will the one in Hamburg. Meanwhile, Hamburgers will have no alternative, since THERE SHALL BE ONLY ONE.
In the Netherlands phone bills are slighly lower due to privatization (and new legislation with respect to telecommunications). Only recently, when legislation allowed ISP's to get a percentage of the customer's phone bill, commercial ISPs (such as: Zon, Wanadoo and Het Net) started to provide their services for free. If it would not have been for the digital cities, these services would have been provided by a free market much earlier...
Tune
-- The More You Drink, The W.C.