Slashdot Mirror

← Back to Users

User: DrSkwid

DrSkwid's activity in the archive.

Stories
0
Comments
6,376
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,376

  1. Re:what happened to xhtml? on Finally We Get New Elements In HTML 5 · · Score: 2, Interesting

    W3 decided just to bring what-wg HTML5 into the fold, not give up on xhtml.
    The browsers relative level of eventual support will declare the winner after buch blood sweat and tears.

  2. Re:Perhaps ran into one of these on Social Networking Sites Full of Security Holes · · Score: 1

    The widespread use of http only cookies is coming upon us

    http://msdn2.microsoft.com/en-us/library/ms533046. aspx

    http://www.petefreitag.com/item/644.cfm

    of course, new rushed in features open nice juicy vectors :
    http://ha.ckers.org/blog/20070719/firefox-implemen ts-httponly-and-is-vulnerable-to-xmlhttprequest/

  3. Re:There are far easier ways to exploit people on DNS Rebinding Attacks, Multi-Pin Variant · · Score: 1

    bah slashcode ate my comment, I'll do it in BBCode seeing as that's usually the place to exploit it

    [img]vbscript:msgbox("xss js 0wns j00")[/img]

    use the vbscript of your choice, I'd pop an XMLHttpRequest out, eval the returned javascript and off you go

  4. Re:There are far easier ways to exploit people on DNS Rebinding Attacks, Multi-Pin Variant · · Score: 1

    Not if you use an XSS vulnerability. I already know 1 popular site I could use.
    HINT: XSS filters sometimes don't check for just the javascript: version.

    I think https would sort most of this problem out. Cheap certs really are a must !

  5. caching no problem : on DNS Rebinding Attacks, Multi-Pin Variant · · Score: 2, Insightful

    1) run your own nameserver
    2) use a new subdomain for every request
    3) ???
    4) profit

  6. Re:The best defense: on DNS Rebinding Attacks, Multi-Pin Variant · · Score: 1

    Slashdot has javascript?
    Can't say I've noticed any loss of functionality, but then I wouldn't, would I.
    I run in LightHTML mode with Web Developer's "Disable Page Colours" enabled.

    Black & White for me baby!

  7. Re:We are now checking your browser... on DNS Rebinding Attacks, Multi-Pin Variant · · Score: 1

    > This runs counter to what Tim Berners Lee intended

    He never thought of the Host: header either, perhaps we should go back to 1 IP per domain.

  8. Re:How Medeco locks work on The Study of Physical Hacks at DefCon · · Score: 1

    What is this '3"' of which you speak?

  9. Re:...hack... on The Study of Physical Hacks at DefCon · · Score: 1

    It's ok so long as one wears one's hacking jacket.

  10. Re:Anybody else notice its .php files that get ... on MSN Censors Your IM · · Score: 1

    Also the php files are in the document_root directory (or whatever you want to call it). Write access to document_root should be off but it usually isn't.

    Perl and other CGI stuff is usually script aliased out of document_root and run from there /www/public_html # document root /www/public_html/index.php # shitty PHP script /www/cgi-bin /www/cgi-bin/dirty_perl.pl # Long tooth Larry's stuff

    And pl files also need chmod +x ing whereas php files will just run.

    Those crazy "easy to set up" routes get you owned, but they always want to learn the hard way.

  11. Re:Fantastic!! on SOE Unveils In-Game EverQuest TCG · · Score: 1

    EQ already has an in-game mini-game but single player

  12. Yes it does on Supercomputer On the Cheap · · Score: 1

    and Eric's been running Plan 9 From Bell Labs and Inferno on the one he has access to at IBM.

    http://graverobbers.blogspot.com/

  13. Re:Article is misleading on The Completely Fair Scheduler's Impact On Games · · Score: 1

    Average is an almost useless figure.

    This may help Programmers Need To Learn Statistics Or I Will Kill Them All.

  14. Re:task based then thread based on Intel Releases Threading Library Under GPL 2 · · Score: 1

    That is, indeed, one form of binary encoding. There are more.

    Try it with the columns having 5,3,1,1 as their values instead of 8,4,2,1

  15. Re:9p is all you need, it's only 15 y.o. on Cross-OS File System That Sucks Less? · · Score: 1

    Plan 9 from User Space (aka plan9port) is a port of many Plan 9 programs from their native Plan 9 environment to Unix-like operating systems.
    supported systems

            Linux (x86, x86-64, PowerPC, and ARM), FreeBSD (x86), Mac OS X (x86 and Power PC), NetBSD (x86 and PowerPC), OpenBSD (x86 and PowerPC), SunOS (Sparc).

    http://swtch.com/plan9port/

  16. Re:I keep reading about these. on RansomWare Disassembly Reveals Evolutionary Path · · Score: 1

    If you used a proper OS with incremental backup, you'd have the peace of mind that files never die.

  17. 9p is all you need, it's only 15 y.o. on Cross-OS File System That Sucks Less? · · Score: 1



    it's in the Linux kernel : v9fs
    it's in Plan 9 From Bell labs (obviously)
    it's in Unix clone userlands : plan9ports
    it's in Inferno
    it's in wmii

  18. Re:I keep reading about these. on RansomWare Disassembly Reveals Evolutionary Path · · Score: 1

    That "only from people you know" is bollocks. Your bozo friends are likely to get infected and the result of the infection is sending you infected files.

    Who's going to suspect a PDF from their friend contains an unscanned virus payload.

    Javascript in PDF, great idea!

  19. Re:I want one for my home! on New Ethernet Standard — Both 40 and 100 Gbps · · Score: 1

    If only my turds were made of paper, I could write on them.

  20. Re:OT: Close to 2,000,000 posts! on New Ethernet Standard — Both 40 and 100 Gbps · · Score: 1

    curl 'http://slashdot.org/comments.pl?sid=25[595-611][1 -9]&cid=20000000' -o 'sd#1_#2.html
    each one contains :
    We can't find a comment with that ID (20000000)

    i'm too lazy to keep looking

  21. Re:Looks like on New Ethernet Standard — Both 40 and 100 Gbps · · Score: 1

    IBM's Blue Gene still uses Ethernet. Eric's added Jumbo Frame support to Plan 9 From Bell Labs which boots on the cpu and I/O nodes now.

    In that case the network has it's own dedicated nodes, so yes, the network is the computer!

  22. Re:In other news on New Ethernet Standard — Both 40 and 100 Gbps · · Score: 1

    ntl: got 128k officially recognised as broadband for advertising purposes here in the uk.

  23. Re:old news on BusinessWeek Advocates Microsoft Piracy · · Score: 1

    Nah, drug dealers face stiff competition these days. Witness the street prices of most drugs falling dramatically the last 10 years or so.

  24. You're almost right on Firefox and IE Still Not Getting Along · · Score: 1

    RTFM losers :

    http://msdn2.microsoft.com/en-us/library/aa767914. aspx

    Security Alert
    Applications handling URL protocols must be robust in the face of malicious data. Because handler applications receive data from untrusted sources, the URL and other parameter values passed to the application may contain malicious data attempting to exploit the handling application. For this reason, handling applications that could initiate unwanted actions based on external data must first confirm those actions with the user.
    Note In addition, handling applications should robustly handle URLs that are overly long or contain unexpected (or undesirable) character sequences. For more information, please see Writing Secure Code World Wide Web link.

  25. Re:interesting angle on BusinessWeek Advocates Microsoft Piracy · · Score: 1

    Yeah, I think I remember reading it the last time I was reading "The Laws of The People's Republic Of China" in Mandarin in the coffee shop.