http://slashdot.org/articles/00/06/19/059246.shtml
Read the bit about the Wired expose.
As for libraries. Instead of filtering software, how about just having the libraries check up on the patrons from time to time? Filtering software is flawed, and has been found guilty of consistently blocking critical information.
I've always had enormous difficulty getting information at libraries with filtering software installed. Not just blocked links. Many of them block entire protocols. No ftp, telnet, or gopher.
I agree.
I clicked on the link, willing to be talked into blowing money on a new toy, but I was not about to update Junkbuster's cookie file just for this.
The idiots are costing themselves customers. I would understand requiring cookies in some sort of shopping cart system once I had chosen to add the item to a cart. But just to check it out?
That doesn't mean legitimate research isn't being done.
In the case of this article, the researchers said that it is to study the insect's reaction to ultra low frequencies. I would imagine the car makes the insect move in a sufficiently slow and obvious fashion for humans to observe.
Did you notice that, contrary to their expectations, the locust moved *towards* the jangling keys?
Things like that could be important, given how much of a menace locusts are in some parts of the world.
Just saying that quite a few animals seem to adapt fine to new environments. I don't think it would be necessary to replicate the Auroch environment perfectly, probably any temperate deciduous forest would do.
The could be problems, of course, but I don't see them as being guaranteed.
It doesn't say anywhere in the article that these fungus have evolved to survive in vacuum, despite/. editor claims. Why can't the cosmonauts simply slap on suits, and depressurize the station for a few hours?
Is that the encrypted string cannot be used to log in, only to try and convince it you are already logged in.
That's why using a combination of a login password and a random session id would make this completely secure, save from packet sniffing.
The reason I'm scrambling it is to so that the string people use to log in can't be used elsewhere.
This is a lot more secure then then plain text, especially if people use the same password in more then once place.
If the password database is compromised, then I would still urge people to change their passwords like Slashdot is doing, but at least people wouldn't have to worry about the actual phrase being known to others.
So the increased security is as follows:
Compromised db does not compromise password when used on other sites.
Cookie does note contain plain text password string - again, safety from other sites.
You're right, it doesn't prevent the cookie from being grabbed (which I acknowledged) or the db.
However, the use of session IDs would solve that first problem, which, like I said, I plan to implement soon.
You have to wonder if someone is using a random moderation bot.
Hm. Easy way to karma whoredom.
Make a bot that meta moderates. Give it some general rules for acceptable moderation (that won't get negative meta moderation)
Wait for the inevitable moderation points to be given it. Set it loose moderating, repeat.
At the moment I gave a random password, and urged them to change it.
I haven't implemented an automatic system, and so far people e-mail me if they forgot their password, and I e-mail them another random one.
That could easily be automated so that if you forget your password, you click on the "forgot password" link, it replaces the password with a random one, then e-mails that to the person.
Ok, it's annoying - someone who knows someone else's e-mail address and user name could keep resetting their password, but the only attacks would be on monitoring packets in and out of the site, which is at least a bit more secure.
Hm. That would (seriously) solve a lot of problems.
apache-ssl or mod ssl is free, lynx with ssl is now available, it would solve keeping track of sessions too.
Hm. Besides being annoying, slower, and kinda paranoid, that would actually work.:)
I'll admit, I'm fairly new to the writing of code for the web, but the first thing I did on taking over someone's site admin was change the passwords from plain text in the cookies and db to crypt() (didn't want to use md5 since a lot of different scripts and programs used the db - crypt is more common).
Even so, the way I have it currently set up is a problem. Someone could grab a copy of the local encrypted cookie, then use it to connect as the user from then on. The easiest way I can think of to solve this is to have the cookie be a combination of a timeout value and the encrypted pass, and store that value in the db as well ('till timeout) but even so, at least user passwords can't be read out of the database in my current setup.
Come on, this is just common sense. It wouldn't have taken 37737 knowledge of perl to have implemented that in the first version of Slashcode.
Ran ps2ascii on the pdf, showed up beee-uti-fully.
Hm. Perhaps these "cloak n dagger" type places are losing track of the technology? Could it be that their employees no longer understand the tools they are using?
Slashdot Mirror
http://slashdot.org/articles/00/06/19/059246.shtml
Read the bit about the Wired expose.
As for libraries. Instead of filtering software, how about just having the libraries check up on the patrons from time to time? Filtering software is flawed, and has been found guilty of consistently blocking critical information.
I've always had enormous difficulty getting information at libraries with filtering software installed. Not just blocked links. Many of them block entire protocols. No ftp, telnet, or gopher.
Grr. I KNOW I made that HTML formatted!
p ioneer/PNStat.html
Otherwise, the anchor text would've shown up. What, did it just get stripped out?
Let's try again.
http://spaceprojects.arc.nasa.gov/Space_Projects/
Down below it was pointed out that NASA is hoping for just that.p ioneer/PNStat.html
http://spaceprojects.arc.nasa.gov/Space_Projects/
I agree.
I clicked on the link, willing to be talked into blowing money on a new toy, but I was not about to update Junkbuster's cookie file just for this.
The idiots are costing themselves customers. I would understand requiring cookies in some sort of shopping cart system once I had chosen to add the item to a cart. But just to check it out?
Forget it.
Or possibly your falling triggered the dream sequence, and you woke up some time later.
A mass of neutrons kept from collapsing only by neutron degeneracy? Seems pretty unlike regular matter to me.
This
link describes it in more detail.
It also lists some other exotic type matter speculated to be in neutron stars - pion condensates, lambda hyperons, delta isobars.
bose-einstein condensate
quark-gluon plasma
liquid metallic hydrogen (a superfluid sometimes counted as a seperate state)
neutronium
Of course, perhaps he is suggesting that the massive martian death-ray lasers carved the channels...
Crap all over the place.
Shed.
Die.
Devour tons of expensive food.
Visit the vet.
Refuse to learn new tricks once it gets old.
It's energy esource?
http://www.ametsoc.org/AMS/newsltr/nl_03_00.html
I've been trying to dig up an article I read about how something like this was caused to form naturally. No luck so far, but I suspect it may have been this researcher's project.
http://www.coaps.fsu.edu/~meyers/fig/vortex.html
That doesn't mean legitimate research isn't being done.
In the case of this article, the researchers said that it is to study the insect's reaction to ultra low frequencies. I would imagine the car makes the insect move in a sufficiently slow and obvious fashion for humans to observe.
Did you notice that, contrary to their expectations, the locust moved *towards* the jangling keys?
Things like that could be important, given how much of a menace locusts are in some parts of the world.
Just saying that quite a few animals seem to adapt fine to new environments. I don't think it would be necessary to replicate the Auroch environment perfectly, probably any temperate deciduous forest would do.
The could be problems, of course, but I don't see them as being guaranteed.
It doesn't say anywhere in the article that these fungus have evolved to survive in vacuum, despite /. editor claims. Why can't the cosmonauts simply slap on suits, and depressurize the station for a few hours?
Somebody wanna mod up the AC who responded to the Mac fan with a few facts?
Speaking of not doing your homework...
Because your password changing script doesn't know the password. The password was e-mailed to an address you don't have access to.
Is that the encrypted string cannot be used to log in, only to try and convince it you are already logged in.
That's why using a combination of a login password and a random session id would make this completely secure, save from packet sniffing.
The reason I'm scrambling it is to so that the string people use to log in can't be used elsewhere.
This is a lot more secure then then plain text, especially if people use the same password in more then once place.
If the password database is compromised, then I would still urge people to change their passwords like Slashdot is doing, but at least people wouldn't have to worry about the actual phrase being known to others.
So the increased security is as follows:
Compromised db does not compromise password when used on other sites.
Cookie does note contain plain text password string - again, safety from other sites.
You're right, it doesn't prevent the cookie from being grabbed (which I acknowledged) or the db.
However, the use of session IDs would solve that first problem, which, like I said, I plan to implement soon.
I think I'll put that in today!
You have to wonder if someone is using a random moderation bot.
Hm. Easy way to karma whoredom.
Make a bot that meta moderates. Give it some general rules for acceptable moderation (that won't get negative meta moderation)
Wait for the inevitable moderation points to be given it. Set it loose moderating, repeat.
At the moment I gave a random password, and urged them to change it.
I haven't implemented an automatic system, and so far people e-mail me if they forgot their password, and I e-mail them another random one.
That could easily be automated so that if you forget your password, you click on the "forgot password" link, it replaces the password with a random one, then e-mails that to the person.
Ok, it's annoying - someone who knows someone else's e-mail address and user name could keep resetting their password, but the only attacks would be on monitoring packets in and out of the site, which is at least a bit more secure.
Hm. That would (seriously) solve a lot of problems.
:)
apache-ssl or mod ssl is free, lynx with ssl is now available, it would solve keeping track of sessions too.
Hm. Besides being annoying, slower, and kinda paranoid, that would actually work.
I'll admit, I'm fairly new to the writing of code for the web, but the first thing I did on taking over someone's site admin was change the passwords from plain text in the cookies and db to crypt() (didn't want to use md5 since a lot of different scripts and programs used the db - crypt is more common).
Even so, the way I have it currently set up is a problem. Someone could grab a copy of the local encrypted cookie, then use it to connect as the user from then on. The easiest way I can think of to solve this is to have the cookie be a combination of a timeout value and the encrypted pass, and store that value in the db as well ('till timeout) but even so, at least user passwords can't be read out of the database in my current setup.
Come on, this is just common sense. It wouldn't have taken 37737 knowledge of perl to have implemented that in the first version of Slashcode.
I'm not a U.S. citizen, but I couldn't find handcock or hancock, or whatever the name was she was looking for on a list of U.S. presidents...i st.htm
http://www.fujisan.demon.co.uk/USPresidents/presl
Ran ps2ascii on the pdf, showed up beee-uti-fully.
Hm. Perhaps these "cloak n dagger" type places are losing track of the technology? Could it be that their employees no longer understand the tools they are using?
It would build the others. :)
Well, that's the plan anyway, from what I've picked up from reading discussions on the future of nanites.
I don't see how the telescope's operation would be degraded by having a transparent cover on the whole device.