Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Re:Parents choose their baby's name on Designer Babies · · Score: 1

    Ethel Booba seems to have no trouble getting the boys to flock around. Maybe it's because of her last name?

    Don't worry. There'll be enough shallow guys like me who would overlook deep stuff like names ;).

  2. Re:Parents choose their baby's name on Designer Babies · · Score: 1

    > We should name all of the military babies "Kaaaaahn!!!!"

    In Pakistan and Afghanistan very many babies are named Khan. A fair number in India and Bangladesh as well.

  3. Re:The 99% Solution on Designer Babies · · Score: 3, Interesting

    Well what might happen before that is some of the female babies might start looking so cute (and behaving soooo adorably) that the parents decide to keep them anyway.

    You might also end up with female babies that tend to not cry and wake up their parents in the middle of the night.

  4. Re:Natural selection on Crocodiles With Frickin' Magnets Attached to Their Heads · · Score: 5, Funny

    "why not just shoot them?"

    Because most people don't like handbags with bullet holes in them. Same goes for wallets.

    As for belts, it's hard to get the holes consistently in the right places.

  5. Re:Methanol is toxic and reacts with metals... on Sony To Unveil New Fuel-Cell Prototype · · Score: 1

    "Ethanol based fuel cells don't. I'm working on it, but it'll be a while "

    How do you guys work on such stuff?

    Is it based on "hunches" that certain materials might work in some scenarios, and then you go through the combinations?

    While you're at it, how about a fuelcell that runs on hydrocarbons? After all, an efficient way to store hydrogen is around carbon chains :).

  6. Re:I don't see anything special on Superguns Helped Defeat the Spanish Armada · · Score: 3, Insightful

    Almost everyone seems to be making stuff to such standards nowadays.

  7. Re:DNSSEC is a good subsitute for paid-for CERTs on Working Around Slow US Gov. On DNS Security · · Score: 1

    OK if that's the case how does this sidestep fees (see what I'm replying to)?

    Are you so sure it's all going to be done for free?

    Isn't this more likely to happen:

    . (root) signs .org and .com etc and charges them $$$$$$$/year .com charges $$/year per domain to sign cnn.com, ebay.com, google.com .org charges $$/year per domain to sign slashdot.org, kernel.org etc

    The DNSCurve isn't as amenable to "toll/fee extraction" as DNSSEC is.

    See: http://www.dnssec-deployment.org/documents/03-03-Mohan_GTLD_PLANS.ppt

    "Current thought process is to not charge a fee"

    That proves my point that with the DNSSEC design "collecting a fee" to sign _subordinate_ certs is pretty obvious option, just in 2005 they think it's better not to charge.

    If "." starts charging .org $$$$$$$ to sign .org, .org might have to start charging $$ per domain just to recoup the costs. Not going to happen? Maybe not, but it's not "far out".

    In contrast, with dnscurve, the design is different, so "collecting a fee" to sign and create a shared secret key for _mutual_ communications is not an option that sticks out as much.

  8. Re:A Hard Lesson Learned on Supreme Court Sides With Rambus Over FTC · · Score: 1

    I think they got punished for price fixing though.

  9. Re:"HP's Linux" on 1 of 3 Dell Inspiron Mini Netbooks Sold With Linux · · Score: 2, Insightful

    If that's true, that's the sort of thing I'd want regulators to stomp on, not that "don't bundle IE" silliness.

    Forcing Microsoft to bundle something other than IE in their own O/S is daft.

    Much better to force Microsoft to not "encourage" companies like Dell to artificially cripple/hobble/handicap Microsoft's competitors. Or to do stuff like "Hey if you sell stuff with Linux, we'll charge you more for Microsoft Windows or Microsoft Office".

  10. Re:The GeoCities of China? on The Chinese (Web Servers) Are Coming · · Score: 1

    My verdict is a modified version of thttpd, see the error message:

    telnet qzone.qq.com 80
    Trying 58.251.60.181...
    Connected to qzone.qq.com.
    Escape character is '^]'.
    GET - HTTP/1.0

    HTTP/1.1 400 Bad Request
    Server: qhttpd
    Connection: close
    Content-Type: text/html
    Content-Length: 235

    <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H2>400 Bad Request</H2>Your request has bad syntax or is inherently impossible to satisfy.<HR><ADDRESS><A HREF="http://www.tencent.com/">qhttpd Server</A></ADDRESS></BODY></HTML>
    Connection closed by foreign host.

  11. Might be a version of thttpd instead on The Chinese (Web Servers) Are Coming · · Score: 5, Insightful

    I think it's more likely to be a version of thttpd because of an error message I got:

    telnet qzone.qq.com 80
    Trying 58.251.60.181...
    Connected to qzone.qq.com.
    Escape character is '^]'.
    GET - HTTP/1.0

    HTTP/1.1 400 Bad Request
    Server: qhttpd
    Connection: close
    Content-Type: text/html
    Content-Length: 235

    <HTML><HEAD><TITLE>400 Bad Request</TITLE></HEAD><BODY><H2>400 Bad Request</H2>Your request has bad syntax or is inherently impossible to satisfy.<HR><ADDRESS><A HREF="http://www.tencent.com/">qhttpd Server</A></ADDRESS></BODY></HTML>

    Compare that message with:
    thttpd-2.25b
    libhttpd.c: "Your request has bad syntax or is inherently impossible to satisfy.\n";

  12. Re:Independent journalism?? on AP Considers Making Content Require Payment · · Score: 1

    Well I remember BBC HARDtalk. Tim Sebastian sure grilled some people on high :).

  13. Re:Use DNSCurve on Working Around Slow US Gov. On DNS Security · · Score: 1

    So "only" the people with .com domains will have to depend on the .com authority to sign their domains?
    And "only" the people with .org domains will have to depend on the .org authority?

    Is that really such a big improvement in practice compared to one root authority?

    How much do you think they will charge to sign .com domains?

    If the technology is really independent from all that "trusted authority signing" stuff, then it will necessarily also be vulnerable to MITM (and spoofing) attacks, unless the client has got the key via other means. Because the attacker can then supply his alternatives and the client can't tell.

    Say you really care about security and so use https/ipsec, if someone spoofs DNS responses to you and you connect to the wrong IP, you will get an error or a warning. You don't need DNSSEC to protect you in that case.

    If you don't care that much about security, you might as well use dnscurve since it has lower overheads.

  14. Re:DNSSEC is a good subsitute for paid-for CERTs on Working Around Slow US Gov. On DNS Security · · Score: 1

    "This theoretically enables the domain owner to publish his SSL certificate as a DNS record, sidestepping the whole SSL certificate authority hierarchy and the associated fees"

    In that case if someone does an MITM (or other) attack, how do you know the published SSL cert in a DNS record is really the genuine cert?

    After all during the attack, the attacker could publish his own SSL cert as a DNS record. The attacker can pretend to be the dns server as well as the webserver or other server the victim is going to connect to.

    If you already know what cert you are expecting and thus won't be fooled by the attacker's cert, there is little/zero need for DNSSEC. Since even if the attacker gives you a false DNS reply, your client software will notice that the cert is different.

  15. Re:DNSSEC overrated on Working Around Slow US Gov. On DNS Security · · Score: 1

    "That's how DNSSEC works. The root cert is used only to validate the keys for .com, .gov, .pl, .uk ... Then, the key for .org will sign slashdot.org, without the root cert having anything to say."

    OK let's assume the root cert doesn't have anything to say.

    But you should go to the next obvious step/question: How much will the entities holding the .com and .org keys charge for signing cnn.com, slashdot.org and so on?

    Free? Really?

    As I've said, DNSSEC is not about security it's about creating a way to collect money for little/no added value.

    Why do I say no added value?

    1) If you are using https/ssh/ipsec/openvpn properly, and someone spoofs your dns so you attempt to connect to the wrong server, you will get a warning/error. So what is DNSSEC's added value here?

    2) If you don't use SSL or other encryption and someone gets in between you and your server, it really doesn't matter that DNSSEC is giving you the right IP address for your DNS requests.

    3) If you don't care that much about security, but you just want to make it harder for remote attackers to spoof DNS responses (while not being "in the middle"), DNSSEC might work but you are better off using dnscurve which has lower overhead and arguably less vulnerable to DoS attacks from those attackers.

    So someone tell me, what real value does DNSSEC add? For the case of 3) it is an inferior technology.

  16. DNSSEC overrated on Working Around Slow US Gov. On DNS Security · · Score: 3, Insightful

    DNSSEC is overrated.

    It's not about security, it's just another way to collect toll on the information superhighway.

    I'm sure the CAs are rubbing their hands in glee.

    They're not only going to collect money for SSL certs for www.yourdomain.com. Now they get to collect money to sign the "yourdomain.com" DNS entry as well.

    And Verisign gets to triple dip if not more.

  17. Content on Game Technology To Watch In 2009 · · Score: 1

    Usually it's artwork that takes the bulk of the space.

    How many artists and designers and how much time would you need to create 50GB of artwork/maps/levels? If you could programmatically create it quickly, you are unlikely to need all that capacity right?

    The more artists and designers, or time taken (render time etc), the higher the costs of producing the game.

    Whereas most game rules (and game play) seem to fit well within a few megabytes, if not just a single MB.

    For example the quake executable itself is less than a megabyte in size. The textures, maps and other stuff use up most of the space.

    After a while, the game looks good enough. I think we're hitting diminishing returns already. After all many PC games already have higher res and framerate than a DVD movie.

    Some even have better plots and acting but let's not go there for now :p.

  18. That's why "world" should be moderated on The Art of The Farewell Email · · Score: 1

    That's why email to "world" or whatever it is that's supposed to get to "everybody" should be moderated. And by someone who is responsible, has integrity and is level headed.

    There are some people who have tried to send "MLM" messages to everybody. Either they don't seem to understand that "everybody in the organization" usually includes the bosses, or they seem to think their bosses might be happy to be their "downline" or would want to buy their stuff.

    Anyway, if he was a reasonably good worker, you'd have lost someone that you wouldn't necessarily have lost given the right precautions.

  19. Re:Let them. on AP Considers Making Content Require Payment · · Score: 1

    I don't recall most of the US media standing guard over Washington on the "WMD in Iraq" issue.

    They've stopped providing most of the "value" already, but you're still paying them. They want you to continue paying even though they are working on reducing value (like relying mainly on AP and "friends").

    Speaking of reducing value - remember that stupid New York Post chimp cartoon? If you haven't been paying them money, you'll be glad that you haven't been sponsoring a company full of such bankrupt ideas.

    If you don't like corrupt crooks holding office, maybe you can start by voting for someone else, or even being a candidate?

    From what I see, for some reason, most US voters prefer to vote for the politicians who receive the most money. Go figure what they end up with then.

    Nobody is holding a gun to their head forcing them to vote for people they don't want to.

    Then again, maybe I've got the cause and effect wrong and companies just like to sponsor winners. And for some reason they seem to consistently manage to pick and sponsor candidates who get lots of votes :).

    BTW, if the 77 million voters who didn't bother to vote actually voted for someone, that someone would have won. If they had voted for a bunch of different people, I bet there would be some changes.

    As it is, the people who hold office every day are there because either the voters put them there or they don't really care. Maybe the winners are the best people for the job despite all their flaws.

    In 2008, less than 2% voted for the other 4 possible Presidential candidates. The people have spoken and that's what they want.

    The existing media and journalists that you want people to keep paying for every day, were amongst those who helped inform the voters.

    Maybe we should put money into education, instead of propping up the media?

  20. Re:Independent journalism?? on AP Considers Making Content Require Payment · · Score: 2, Insightful

    Same like the one where that the media went on and on claiming that Michael Reiss (the Royal Society's ex-Director of Education ) said that Creationism should be taught in science classes, and thus eventually Professor Reiss had to resign from his post.

    When in fact he didn't say such a thing at all. What he said was very reasonable:

    http://www.guardian.co.uk/science/blog/2008/sep/11/michael.reiss.creationism

    (Ignore the title and blurb which was probably supplied by Guardian - who were part of the problem)

    You will see he said:

    Creationism can profitably be seen not as a simple misconception that careful science teaching can correct. Rather, a student who believes in creationism has a non-scientific way of seeing the world, and one very rarely changes one's world view as a result of a 50-minute lesson, however well taught.

    As it is, his voice of reason was silenced.

    If you google the rest of the media headlines about the "incident" you'll also see the fanatical atheists baying for his blood. It's ironic how so many atheists claim that without religion, you wouldn't have all the bad stuff like wars and persecution - when they are working hard on disproving it.

    It might be a good thing if newspapers and journalists like that go bust. At the rate they're going they won't be a net positive to the world, so it'll be fair if they are not net positive in their bank accounts.

  21. Re:Stupid and pointless on EU Says MS Must Offer Other Browsers; Now What? · · Score: 4, Interesting

    Yeah I agree it's stupid and pointless. There are tons of browsers out there. Bundle all? That's crazy.

    What they should be clamping down on are the "forced bundling strategies". Where Microsoft coerces manufacturers to NOT supply competing O/S on their computer hardware - by having preferential pricing if they don't.

    After all it's software. Whether it's 1000 or 100 copies, no big diff in cost to Microsoft. All it affects is their long term strategic stuff.

    Basically if Windows-only OEM PC Maker gets charged price X for windows per laptop, the rest should get the same price, and not higher just because they also have Linux/BSD/FreeDOS options. Same goes for Microsoft Works, Office etc.

    No funny games like that, and it stays that way till Microsoft no longer has "monopoly" status.

    If Microsoft wants to supply stuff for free that's fine, but then they have to offer that option to all in the same category (I say "same category" because I haven't considered the ramifications of a "if you offer it free to any one except charities, it has to be free to all others too" policy).

  22. Re:The real problem. on SSLStrip Now In the Wild · · Score: 1

    0) I don't have 36 online banks. And see 2)

    1) If the browser makers actually bothered about security, things could be much better than just the simple stuff I mentioned as an example. They could warn if the cert is changing rather early - without there being a revocation. They could warn that the new cert's CA has changed from the old one. But no they don't do any of that. There's plenty they could do, but it's a waste of time. I've already suggested other security improvements to Mozilla/Netscape and the W3M before and they're either not interested or "code it yourself".

    Nobody really cares about security, not the users, not the browser people, nor the website (otherwise most banks would tell users to use https://mybank.com/ and not http://mybank.com/ as a starting point).

    2) For the users who care: since nobody is doing 1), if you only care a lot about a few SSL sites, you can use a different browser or browser profile, delete/disable most of the CA certs, if not all. Then visiting https://secure.theevilbank.com/ would pop up a warning whereas visiting the secure site would be fine.

    When the bank really has to change the cert they could announce it, or if the warning pops up, you don't log in and you do more extensive checking (get independent confirmation of the new cert fingerprints).

    3) Also tell me how much less secure stuff would be if certs didn't expire so often? You could still revoke them when necessary. So why should certs be expiring so often?

    Basically the CA system as implemented is not about security, it's about a way to collect toll in the internet.

    It's all about "Pay me if you don't want users to get warnings when they visit your website".

    Go count how many CAs you have in your browser. Would people delete all of those you don't/can't trust? Can you really trust Verisign? Go look at their track record.

    Does the browser make it easy to manage them? Firefox doesn't even make it easy for you to tell whether a CA's cert has been deleted/disabled - try deleting a CA cert from firefox, reopen the relevant UI window and then tell me how do you find out if an update has reenabled CA certs that you have disabled without you having to re-editing each and every single CA cert one by one to look at the checkboxes?

  23. Re:Browser for banking on SSLStrip Now In the Wild · · Score: 1

    Thanks. Didn't know about the -no-remote option.

    How'd you do the equivalent of IE's security zones?

    Would be nice also if one could turn off images, javascript and stuff for non desired sites.

    I suppose some messing about with noscript could do the javascript stuff.

  24. Browser for banking on SSLStrip Now In the Wild · · Score: 1

    You can use a separate browser to do your banking with more secure settings, so even if it is not really more secure software-wise, it can be more secure in configuration. I do that actually.

    If you're using windows use "run as".

    e.g.
    Say you have an account called vellmont.
    Create an account called _www_vellmont and make its home directory fully accessible by your vellmont account.
    Then in your vellmont account, create a shortcut:

    C:\WINDOWS\system32\runas.exe /profile /user:COMPUTERNAME\_www_vellmont "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

    After that you can lock it down a bit more, so that only the bank site works and nasties on other sites might not work - if you are using IE on windows you can put all sites except the bank site on "High Security" settings - so that javascript, downloads etc are disabled on nonbank sites. Unfortunately I don't think you can have separate CA certs on a per user account basis on IE.

    Not sure if you can do that for firefox either, but the trouble with firefox is it's hard to run multiple instances of firefox on windows at the same time - even with the "run as" stuff.

    If you could change the theme used by that browser so you can tell the difference between the bank browser windows and the other windows that would help.

  25. Re:Karma on Microsoft Asks For a Refund From Laid-Off Workers [updated] · · Score: 1

    A little pat of butter doesn't go very far.

    But a few billions here and there, and it starts to add up to real money.