Slashdot Mirror


User: thogard

thogard's activity in the archive.

Stories
0
Comments
3,911
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,911

  1. More IE bugs? on Windows 98, Me, NT4, 2000 and XP SSL Flawed · · Score: 2

    I run an apache server with mod_ssl. About two weeks ago we started geting complaints from mac people that they were getting encryption error. Last week the problem started with IE on win2k. Yesterday I downloaded the latest IE and run it on winNT and it worked fine. One the "security update" was applied, it started having problems with ssl connections to apache servers (but not IIS servers)

    So there are more bugs out there and this one is going to make the Apache crowd look bad.

  2. why are smart cards considered secure? on A Look Into National ID Cards · · Score: 2

    Smartcards get cracked all the time. Just ask a cable TV company. Smart card fruad numbers have been exceeding mag stripe fraud for years and one figure I saw set the ratio of about 10 to 1.

  3. Re:I have an idea on A Look Into National ID Cards · · Score: 4, Interesting

    I remember the brian washing that went along with the "duck and cover" program that was going on until the early '70s in southern Florida. One of the reasons that the Russians were so evil was they convinced kids to turn in their parents. A line in a move made about that time (The Presidents Analyst) had a line from a Russian spy to the American spy "Ever year you become more like us, every year we become more like you. Soon there will be no difference". This is a very good movie and I expect anyone that is reading this topic is likely to enjoy it.

  4. Re:Actual Destinations? on HyShot Scramjet Test Declared a Success · · Score: 1

    The problem with scram jets is you have to be moving very fast before they start working at all. That speed just happens to be about mach 7. These types of engines might be able to get up to about mach 15 before you run out of air. To escape velocity is about mach 33. If you could keep the thing in the high atmosphere at the point were you have enough air to keep accelerating but not too much that you burn up. The idea of these is to gain enough speed to put something in orbit whithout hauling around all that O2. When you consider that the upper atmosphere isn't all that well understood as thundersorms can double the air density 200,000 ft above the storms and that would be like hitting a wall at mach 15.

  5. Re:Encryption and Authorization are not the only w on Security In Voice Over IP Converged Networks · · Score: 2

    I've got a 3com nbx phone system at work. I also have cisco switches and routers. I can take a phone call and copy the data anywhere I want to send it all transparently anywhere I want. I know this because I do it all the time in an attempt to figure out their unpublised protocol.

    MAC address lock down can be broken on many switches. The common trick is overfill the MAC tables with fake addresses until it dumps the locked down one.

  6. Re:Who really gives a shit! on Security In Voice Over IP Converged Networks · · Score: 2

    In a security course (both in college, and later in a Cisco class) we heard that the risk is equal to the value divided by the effort required to get at that value.

    Maybe you should find better instructors. If the value of the cracking a system exceeds its costs then there are a different set of people that will be tring to crack the system. Most web site cracks have no value (money wise) to the cracker.

  7. Re:My School's IP Phone Fiasco on Security In Voice Over IP Converged Networks · · Score: 1

    Many (most?) cheap NIC's have the non-used lines connected to ground. Can you say ground loop?

  8. Re:My School's IP Phone Fiasco on Security In Voice Over IP Converged Networks · · Score: 2

    A UPS will give you a few minutes. We have a UPS that we built to run our gear over the summer rolling blackouts. Its got 16 12V deep cycle batteries and it will run most of our computer gear for 4 hours and the critical systems for 8 if some things get shut down. Do you have room for several car batteries every where you've got a switch? VoIP systems tend to have very messy power requirements.

    Ever look at how much power these phones take? Cisco uses 48V (which means you need an over priced regulator circut to drop it to 3.3v inside the phone) and 3Com use 24V which means they can use a lower cost regulator but the current is higer. You end up with serveral watts of lost in each wire. Real phones don't seem to have either of these problems.

  9. Re:Apache and security on Apache 2.0.40 Released · · Score: 1

    I used to run a web server for very well known company that ran a large number of TV ads to get people to hit the server. There were never any preformance problems and it was just apache running on a an ultrasparc box. Most of the content was static or small SSI and a handfull of cgi's. What are people doing where they are complaing about the slow apache is?

  10. How about a deposit on a house? on Diamonds - Are They Really Worth the Cost? · · Score: 2

    If you take the two to 8 grand that some of my friends paid for rings and put it towards their houses instead the would have been much better off in the long run. How much? something like $50,000 or so at the end of the home loan.

  11. NeWS is back? on A PostScript-like API for the X Render Extension · · Score: 2

    Great! now that I've got enough hardware to run postscript in real time, maybe its time to do this. Anyone else remember how slow a sparc station 1 was doing postscript? At least you had thouse cool round buttons. Too bad postscript has a real problem doing the shaded bar things that seem to be everywhere now.

  12. Its been going that way for decades. on Will CGI Collapse the Hollywood Economy? · · Score: 3, Interesting

    Step 1: CGI gets cheap
    Step 2: Popular sitcoms start using more CGI
    Step 3: someone figures out how to do the actors in CGI
    Step 4: Actors get fired
    Step 5: All the jobs move off to Delhi

    What will the MPAA say then? What % of the biggest movies in the last year were made in the US? LotR wasn't. Harry Potter wasn't. Major parts of Star Wars weren't. Sydney is beccomming a hot spot to film major action films.

    Bab 5 was using virtaul sets back in its 1st season. Trek has been using computer animated "actors". How long ago did the Simpsons production move off shore? This isn't new.

  13. Another thing they didn't factor in on Study: Jet Exhaust Affects Weather · · Score: 3, Interesting

    The US was at a stand still thoes three days. Auto trafic was much lower as was industrial output (as well as industrial pollution) was down for those three days.

    Maybe they didn't measures what they thought they were.

  14. How does the xbox boot? on Linux on Xbox One Step Closer? · · Score: 2

    If I remember right, the xbox boots off of the deep layer on the dvd and this was done because you can't write the deep layer on any dvd writer. The question then becomes can you create a cd-w that has a standard boot loader that tells the thing to boot off of cd-w data?

  15. Re:Uhm...EXCUSE ME!!! on Congress to Ashcroft: Go After Song Swappers · · Score: 2

    This will become leading news because its pushed by the higest levels of the goverment and its an issue the media compaines like. The result is that pesky nonsense about all that big business fraud will get bumped out of the 15 minute evening news spot because its just after the soon to be war news and theres not enough time. Its not jsut US medai that has been playing the spin doctor games either. The BBC just ran a big story about a new secret US AF base in Qatar. So why the spin on that? Nice pictures of C-130 and a C-5 and lots of hardware on a brand new base. There is a reason this was on the front page of the BBC web site.

    Of course the FBI will look at P2P investigations like they look into spaming or cracking a US govt computer. They won't do any thing unless they have other objectives.

  16. Re:One time e-mail addresses on Some Spammer Has a Crush on You · · Score: 2

    14,000 accounts and only 12,000 spams a day? I've got 46 users in my passwd file and about 10 real users and my filters have killed 4660 spams since the start of the month.

    Of course I've been using the same userid online since 95 and its in every spamer database in the world but I've also have a few thousand fake address that are out there just to slow down the spamers.

  17. Rethink the button. on A Humanitarian Engineering Problem · · Score: 2

    A cheap battery operated door bell will be battery operated. If its one of the cheap RF operated ones, the puhsbutton can be replaced by just about any two bits of metal that can be forced to touch each other. All it takes is two strips of metal and if its done right it will take less energy than some of the touch swtiches need.

  18. Oh No! on Some Spammer Has a Crush on You · · Score: 3, Funny

    I just checked my logs and it appears that my antispam software just deleted a message about someone who likes me without me getting a chance to read it. Maybe its time to go back to the old method of just hitting delete now that the carpal tunnel syndrome is almost gone on the finger I use on the delete key.

  19. Its a real man's language on Is FORTRAN Still Kicking? · · Score: 2

    Your not going to learn about the computed goto? how many other languages allow you to use an expression to evaluate to a three way branch?

    How about redimensioning an array? Or even redimensioning the middle of the array away so you can use its memory for some other bit of code you need to run? Many programs would set up a huge array and then repartition it latter depending on what they were doing and it was common to load compiled code into an unused section of memory and then call it.

    How about vector calculations?

    The fastest machines in the world still use Fortran and ist mostly because there are standard ways of telling fortran to do vector arithmetic while newer languages depend on add on libraries.

    Fortran's history is relected in most languages today as well as the archetecture of the CPUs.

    A language that doesn't affect the way you think about programming, is not worth knowing. --Alan J. Perlis
    Fortran offers new ways to wrap your head around some problems. That makes it worth learning.

  20. Re:We already knew that... on Turns out, Primes are in P · · Score: 2

    All primes above some low number of digits are pseudo-primes. Pseudo-primes aren't proven prime by attempting to factor all numbers smaller than it, but are proven by a number of tests that seem to indicate that the number is prime.

    For testing why things break because you can factor a supposedly prime number, an even number will work as well as any other and its sure speeds up the factoring if you have to do it by hand.

    Knuth has some interesting bits on this in his books.

  21. Re:Quick and Simple on Meet the Spammers · · Score: 2

    don't run the spamassassin in local delivery mode. It will mark a message as spam but it forgets to put the newlineFrom between messages so it merges messages together. oppps major bug for a mail program.

  22. Re:Basic math on Meet the Spammers · · Score: 1

    how much more would it cost this guy if we all added a sleep(1) after the accept() in sendmail/postfix/whatever

  23. Re:We already knew that... on Turns out, Primes are in P · · Score: 2

    When you build a key with from two primes you have two keys that work, one is private and one is public.

    When you build a key with three primes you have one public key, one private key and two that will work for the hackers.

    When you build a key out of four primes you end up with the two keys you expect and 6 or 9 others.

    You can do this by building your own RSA like system with 32 bit keys and plug in some small random even "prime" and see how many other keys work.

    Not all keys work but some of the combos will.

  24. Re:Spam techniques on 80% Of Incoming E-mail At Hotmail Is Spam · · Score: 2

    with only a few million domains, how do you think they came up with 150 million email addresses? They will try the 4000 or so most popular user ids with every domain name.

    I've set up wildcard dns and I only allow email for very specifc domains. I also am filtering at the sendmail level so I can say "sorry, their mailbox is full, try again" since I figure the server isn't going to be doing anything most of the time anyway, whats a simple database lookup and a few packets if it can get a spamer to reque a message. What I want is a way to get MTU discovery on their link to decide their outbound routers likes an MTU of about 52 bytes.

  25. Re:Bill Gates - I have the answer! on 80% Of Incoming E-mail At Hotmail Is Spam · · Score: 3, Informative

    spamassin has a bug that sometimes it decides things are in mbox format but it drops the empty line before the ^From\ line. This can be very bad if the 1st message is spam and the second one isn't. When I tried to report this, bugzilla was having a bad week.

    Spamassin also is very bad at deciding attachments are spam because any large image will have enough 4 letter regex hiding that it hits. I figure it false positives at least 5% of time.