Implement something similar to a captcha: Ask questions only people from your neighborhood can answer. Make sure the answers are not too easily found by using google.
It does show that I'm at slashdut.com, and as I don't want to be there, I'll leave that site and head for slashdot.org, instead.
Of course, I could miss that little difference in the domain names. But that's not solved by high-security-certificates, either, as slashdut.com may actually be registered by a corrupt company with that name and may have bought a matching high-security-certificate.
Together with my 'lock current key to current site'-idea, this could be solved by making the browser bar green only if I'm currently surfing a website using a key which I have approved myself in the past. This would be a much better indicator of a valid site than a certificate by some random company.
Instead of relying on the trustworthiness of third parties issuing the certificates, one could easily verify the key fingerprints directly.
Unfortunately, browsers make this unnecessarily difficult, and few sites (even online banking sites) publish their fingerprints offline. Wouldn't it be easy for a bank to print the fingerprints in a letter sent to the customer, possibly together with his credit card etc.? If then there were an easy way to show this fingerprint in a web browser, without clicking through several layers of complicated 'key details' pages, people could actually be sure to connect to the correct site.
Additionally, I miss a feature to lock a site to a given key. Say, I'm regularly connecting to the same site, like slashdot. I don't care if the slashdot site is actually related to some company with the same name, or whatever CAs try to tell me with their certificates. All I want to know is if the site I'm sending my password to is really the one I have been visiting since several years, or a fake one trying to steal my password. So all I need is a big warning whenever the site key changes.
Both are not too difficult to implement, I guess, but users need a little more training than just telling them 'a green browser bar means secure'.
With the range of a typical wifi access point, you probably drove circles around the AP to try that out. And if you drive circles around the antenna, doppler effect doesn't cause any problems.
I could just throw away every message containing an image, and the false positive rate would still be pretty low. And while doing that, throwing away every executable would be useful as well, to discard most of these stupid worms.
What kind of facts do you expect from an article which contains units like kilowatt/hour, instead of kilowatt x hour? That really looks like the author was only interested in economics, not in scientific facts.
Calculate the exact URLs
on
Sober Code Cracked
·
· Score: 5, Interesting
"According to F-Secure, it can now calculate the exact URLs the worm would check on a particular day." - wouldn't that be possible by just running the worm in a sandboxed computer, with the computer's clock set to some future date? Of course, understanding the code may reveal other hidden features, but if you only want to know what the worm will do tomorrow, you can just try it out.
Hey, why so negative? I'd agree with you if this guy just took knoppix or whatever and gave it to people without any modification.
But if he adds a nice background picture, starts xsnow by default, and perhaps includes some nice xmas song as startup music (if there is something free to use, of course), then I'd say it's a nice idea.
A little bit geeky, of course, but his friends probably already know he's a geek and won't be offended by that. And it's more creative than just buying an xmas card.
Just don't expect people to switch to linux because of that. They won't. But perhaps, one day, they are fed up with windows, and then they remember: Hey, there was this nice xmas cd, with... how was it called? linux? let's try that! *g*
This is not true, at least for this kind of optical switch. In the article, the authors state that it takes 0.15pJ to generate the free carriers. This sets a single switch to 'on', a single time, for about 500ps. If you assume that a switch is turned on, on average, 50% of the time, a single switch would consume 0.15mW. An optical CPU with one million switches would therefore need 150W, at 2 GHz. If you want a faster switch, you must reduce the carrier lifetime. Therefore you need more pump power to keep the switch turned on. So power consumption would increase linearly with clock speed. And these numbers do not include any other losses, and assume that you can recover all the pump light which is not absorbed in the ring. If you don't recover that pump light, power consumption goes up by a factor of 166. (So you'd need 25kW for the 2GHz CPU with 10^6 switches...)
The 'switch', as presented in the article, is far from useable in real applications, especially for fast optical computing. If you look at Fig. 3, you see that it switches on very quickly (a few ps), but switching off, again, is relatively slow. It takes on the order of 500ps, so switching speed is limited to ~2GHz. (Probably lower, because after 500ps, only half of the free carriers recombined)
But they also noticed that faster carrier recombination could be reached by surface modifications, or ion implantation.
As far as I can see, the bug was known and a fix was available, but it was not clearly announced that this is a security problem.
I don't know if it was simply unknown that this bug could have security implications, or if it was kept secret on purpose.
But even after reading the 2.4.23 changelog, I wouldn't have assumed that there is a security problem.
Re:Will receive email for work.
on
Replacing SMTP?
·
· Score: 1
There are algorithms where calculating a value is difficult, but verfiying a value is easy.
And the list of 'every possible work unit' is easily prevented by just making the number of possible work units very huge.
But the problem, again, are legitimate mass mailers like mailing lists. How could a huge mailing list deliver mails to thousands of recipients if it took a few seconds for each message?
I don't think hp4600 cartridges are so expensive if you see the cost per page. It's still cheaper than inkjet color prints.
But with the hp4600, people start printing nice looking pages with white letters on a dark-blue background and similar toner-wasting things. With an inkjet, they wouldn't have done this because it just takes too long to print.
So the real cost increase is caused by the users, not by the printer.
Does anybody have an idea how to fight this? Perhaps some print filter (we use a linux print server) that measures the amount of toner used for a page and charges the user based on that?
I really don't see why this law could be a bad thing. After all, it just states what I'd consider a matter of courtesy - if I criticise somebody, I'll give him the opportunity to defend himself.
Of course, this can be a burden on small site operators. But I still prefer an email asking me to post some reply on my website instead of a cease-and-desist letter from some lawyer....
I am not a lawyer:-), but afaik, german law contains a section dedicated to such questions, since long before computers where invented. It's called 'Geschäftsführung ohne Auftrag' (benevolent intervention in another's affairs, 'Negotiorum gestio') Other countries have such laws as well, but I don't know any details.
Summarized, this law says that you are allowed to handle someone elses affairs (here: kill a malicious process), if you assume that the owner wants it to be done and can't do it himself for some reason.
But doing so, you need to take special care not to do any damage, else you are responsible to compensate the owner for any damages.
Additionally, you must inform the owner as soon as possible, and give him the chance to do the job himself, if possible. So if you kill a process on someone elses machine, you must take any reasonable measure to find out who is responsible for that machine, and inform him about your actions.
This posting describes my unprofessional understanding of german law - I probably got some details wrong, but I think I got the point. See this page, subchapter 11, for a translation of that law.
The version number of a new debian release is assigned by the Release Manager. In this case, Anthony Towns, the Release Manager for woody, announced that woody would be Debian 3.0 in an email to a mailing list on Jul 1, 2001. In this mail, he wrote:
"As you've noticed by a careful analysis of the subject line, the woody
release will be numbered Debian 3.0, in recognition of the large number
of changes made since potato. This is, to put it mildly, a somewhat
controversial decision, but it's one I get to make."
So, while the change from 2.2 to 3.0 indeed indicates that this release includes major changes, this is may not be the opinion of a majority of all debian developers.
Personally, I think that many things have been changed since potato, and it's appropriate to call the new version 3.0. And I agree with Anthony in the following sentence: I think by the time
it's released it'll easily live up to that number -- and by that I mean the "3", not the ".0".
Every morning, I first click on the mozilla icon, then start to read my mail, and when I have read all the important stuff, mozilla finally apears on the screen.;)
Slashdot Mirror
Implement something similar to a captcha: Ask questions only people from your neighborhood can answer. Make sure the answers are not too easily found by using google.
It does show that I'm at slashdut.com, and as I don't want to be there, I'll leave that site and head for slashdot.org, instead.
Of course, I could miss that little difference in the domain names. But that's not solved by high-security-certificates, either, as slashdut.com may actually be registered by a corrupt company with that name and may have bought a matching high-security-certificate.
Together with my 'lock current key to current site'-idea, this could be solved by making the browser bar green only if I'm currently surfing a website using a key which I have approved myself in the past. This would be a much better indicator of a valid site than a certificate by some random company.
Instead of relying on the trustworthiness of third parties issuing the certificates, one could easily verify the key fingerprints directly.
Unfortunately, browsers make this unnecessarily difficult, and few sites (even online banking sites) publish their fingerprints offline. Wouldn't it be easy for a bank to print the fingerprints in a letter sent to the customer, possibly together with his credit card etc.? If then there were an easy way to show this fingerprint in a web browser, without clicking through several layers of complicated 'key details' pages, people could actually be sure to connect to the correct site.
Additionally, I miss a feature to lock a site to a given key. Say, I'm regularly connecting to the same site, like slashdot. I don't care if the slashdot site is actually related to some company with the same name, or whatever CAs try to tell me with their certificates. All I want to know is if the site I'm sending my password to is really the one I have been visiting since several years, or a fake one trying to steal my password. So all I need is a big warning whenever the site key changes.
Both are not too difficult to implement, I guess, but users need a little more training than just telling them 'a green browser bar means secure'.
With the range of a typical wifi access point, you probably drove circles around the AP to try that out. And if you drive circles around the antenna, doppler effect doesn't cause any problems.
I could just throw away every message containing an image, and the false positive rate would still be pretty low. And while doing that, throwing away every executable would be useful as well, to discard most of these stupid worms.
What kind of facts do you expect from an article which contains units like kilowatt/hour, instead of kilowatt x hour? That really looks like the author was only interested in economics, not in scientific facts.
<office:document-content xmlns:office="urn:oasis:names:tc:opendocument:xml
"According to F-Secure, it can now calculate the exact URLs the worm would check on a particular day." - wouldn't that be possible by just running the worm in a sandboxed computer, with the computer's clock set to some future date? Of course, understanding the code may reveal other hidden features, but if you only want to know what the worm will do tomorrow, you can just try it out.
Hey, why so negative? I'd agree with you if this guy just took knoppix or whatever and gave it to people without any modification.
But if he adds a nice background picture, starts xsnow by default, and perhaps includes some nice xmas song as startup music (if there is something free to use, of course), then I'd say it's a nice idea.
A little bit geeky, of course, but his friends probably already know he's a geek and won't be offended by that. And it's more creative than just buying an xmas card.
Just don't expect people to switch to linux because of that. They won't. But perhaps, one day, they are fed up with windows, and then they remember: Hey, there was this nice xmas cd, with... how was it called? linux? let's try that! *g*
This is not true, at least for this kind of optical switch. In the article, the authors state that it takes 0.15pJ to generate the free carriers. This sets a single switch to 'on', a single time, for about 500ps. If you assume that a switch is turned on, on average, 50% of the time, a single switch would consume 0.15mW. An optical CPU with one million switches would therefore need 150W, at 2 GHz. If you want a faster switch, you must reduce the carrier lifetime. Therefore you need more pump power to keep the switch turned on. So power consumption would increase linearly with clock speed.
And these numbers do not include any other losses, and assume that you can recover all the pump light which is not absorbed in the ring. If you don't recover that pump light, power consumption goes up by a factor of 166. (So you'd need 25kW for the 2GHz CPU with 10^6 switches...)
The 'switch', as presented in the article, is far from useable in real applications, especially for fast optical computing. If you look at Fig. 3, you see that it switches on very quickly (a few ps), but switching off, again, is relatively slow. It takes on the order of 500ps, so switching speed is limited to ~2GHz. (Probably lower, because after 500ps, only half of the free carriers recombined)
But they also noticed that faster carrier recombination could be reached by surface modifications, or ion implantation.
You got it - they'll just post a link to the dns root servers on slashdot...
No, just make sure the key is disabled when linux is already running. After all, it's only necessary on certain other operating systems.
If this is a usb keyboard, they could include a storage device with a bootable linux preinstalled.
Then, one of the function keys could be "reboot this machine and install linux immediately".
As far as I can see, the bug was known and a fix was available, but it was not clearly announced that this is a security problem.
I don't know if it was simply unknown that this bug could have security implications, or if it was kept secret on purpose.
But even after reading the 2.4.23 changelog, I wouldn't have assumed that there is a security problem.
There are algorithms where calculating a value is difficult, but verfiying a value is easy.
And the list of 'every possible work unit' is easily prevented by just making the number of possible work units very huge.
But the problem, again, are legitimate mass mailers like mailing lists. How could a huge mailing list deliver mails to thousands of recipients if it took a few seconds for each message?
I don't think hp4600 cartridges are so expensive if you see the cost per page. It's still cheaper than inkjet color prints.
But with the hp4600, people start printing nice looking pages with white letters on a dark-blue background and similar toner-wasting things. With an inkjet, they wouldn't have done this because it just takes too long to print.
So the real cost increase is caused by the users, not by the printer.
Does anybody have an idea how to fight this? Perhaps some print filter (we use a linux print server) that measures the amount of toner used for a page and charges the user based on that?
I really don't see why this law could be a bad thing. After all, it just states what I'd consider a matter of courtesy - if I criticise somebody, I'll give him the opportunity to defend himself.
Of course, this can be a burden on small site operators. But I still prefer an email asking me to post some reply on my website instead of a cease-and-desist letter from some lawyer....
Summarized, this law says that you are allowed to handle someone elses affairs (here: kill a malicious process), if you assume that the owner wants it to be done and can't do it himself for some reason.
But doing so, you need to take special care not to do any damage, else you are responsible to compensate the owner for any damages.
Additionally, you must inform the owner as soon as possible, and give him the chance to do the job himself, if possible. So if you kill a process on someone elses machine, you must take any reasonable measure to find out who is responsible for that machine, and inform him about your actions.
This posting describes my unprofessional understanding of german law - I probably got some details wrong, but I think I got the point. See this page, subchapter 11, for a translation of that law.
Then please show me the 99 numbers between 10 and 100 :-)
How would this be compatible with the 'ND' part of RAND?
This article does contain a good overview of recent results of different neutrino measurements.
Admit it - you try to charge some money from first posters :-)
"As you've noticed by a careful analysis of the subject line, the woody release will be numbered Debian 3.0, in recognition of the large number of changes made since potato. This is, to put it mildly, a somewhat controversial decision, but it's one I get to make."
So, while the change from 2.2 to 3.0 indeed indicates that this release includes major changes, this is may not be the opinion of a majority of all debian developers.
Personally, I think that many things have been changed since potato, and it's appropriate to call the new version 3.0. And I agree with Anthony in the following sentence: I think by the time it's released it'll easily live up to that number -- and by that I mean the "3", not the ".0".
Slow? I thought it was a feature...
;)
Every morning, I first click on the mozilla icon, then start to read my mail, and when I have read all the important stuff, mozilla finally apears on the screen.