Slashdot Mirror


User: jonwil

jonwil's activity in the archive.

Stories
0
Comments
5,010
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,010

  1. Re:Google vulnerable? on Cross Site Scripting Discovered in Google · · Score: 1

    This is not the only place Internet Explorer does something different to what HTTP says.

    As far as I know, HTTP says that if the HTTP headers have a content-type header, the browser should treat the data as though it was that content type regardless of the actual contents. But IE does not do this. IE will use the content-type header, the file extention AND the contents of the file to decide what to do with it. This means that even though the web server sent the file as text/plain, IE may not render it as plain text (for example, sending HTML as text/plain wont work since IE will render the HTML anyway).

    Mozilla and Firefox get it right and treats the content-type as authoratitive (although I think there is an exception when loading an image for an IMG tag)

    Interpreting the file type based on the contents or extention should only be done if the server does not send a content-type header.

  2. Re:I think I know why. on PC Gaming Declared Not Dead Again · · Score: 1

    If the PC publishers would stop shipping games in bug huge boxes and move to shipping in, say, DVD or PS2 or XBOX sized plastic cases (which can still hold a couple of CDs and a reasonable manual and would be great for storage too), then they would be able to fit more PC games in the same space (or the same amount of PC games in less space)

  3. Re:spf? Why can't big ISPs do the right thing? on Evolving Phishing Attacks Using Web Vulnerabilities? · · Score: 1

    Companies like ebay, paypal and citibank need to be sure that if someone sends a legitimate email, it goes through even if IT forgot to add a new mail server to the SPF record (or whatever it might be). That email might be something from paypal telling you that they have frozen your account and that it is now in the red and that if you dont pay up right now, they will send debt collectors after you. Or something else important.

  4. Re:It's Not For The Big Guys on Analog Hole Legislation Formally Introduced · · Score: 1

    It is also designed so that anyone who wants to get their content "authorised" to play on the next generation media has to go through the **AA and/or manufacturers (which will require sufficiant per-unit royalties on each disk or cassette or whatever that it forces the little guy out of the market)

  5. Re:Why are people worried? on Analog Hole Legislation Formally Introduced · · Score: 1

    What I want to know is, how come the farmers are big enough to lobby the government not to end farm protection but the factory workers etc being replaced by chinese and indian and asian workers cant band together to do the same?

  6. Re:As an eBay employee I can tell you... on eBay Slammed Over Levels of Fraud · · Score: 1

    I dont know where you come from but here in australia (and probobly in america too) you need a licence in order to legally sell guns.
    Because of how ebay works, its not fesable (especially given the costs it would take to verify all this stuff) for ebay to ensure that when someone sells a gun to someone else, all the right licences are there for the transaction and it doesnt violate the law in either the country where the buyer is or where the seller is.

  7. Re:There's little hope as long as DNS is broken on Korean Banks Forced to Compensate Hacking Victims · · Score: 1

    Here is a possible solution.
    The bank would give you a little thing thats like a calculator.
    When you do a funds transfer, the bank outputs a random number.
    You then input the number along with the amount being transfered into the calculator which makes a hash of them and a secret number stored in the device.
    This number is input back into the bank system before the transaction goes through. If the hash computed by the bank doesnt match what the user entered, no transfer would take place.

    Unless the hacker can convince you to somehow press "funds transfer" "$" into your calculator thingo, all they would be able to get is whatever the user is transfering in the first place.

    Although I am sure there are usability issues with this system.

  8. how to implement a good DRM system... on Xbox 360 File System Decoded · · Score: 1

    Basicly, you make it so that every machine instruction is decrypted as it is executed by the CPU (I know it has been done in the past for a number of arcade machines, some of which have been cracked because they used weak encryption and some of which have never been cracked)

    If decrypting every instruction as it gets executed is too slow or otherwise unfesable(which I suspect to be the case), another answer is to encrypt the executable files on disk and decrypt them when they get read into main RAM. In this case, you could probobly use a public key algorithim like RSA. This would mean that unless the secret key (which only the manufacturer would have) is cracked, it would be pretty much impossible to write & run new code on retail boxes that hasnt been signed by the manufacturer.
    If fesable, the decryption would be handled by a seperate CPU or ASIC containing the public key embedded in it. (making it much harder for anyone to obtain it and use that to decrypt executables themselves). Also, in order to prevent someone just disabling the encryption chips somehow and running code, part of the non-replacable firmware would also be encrypted and then it gets decrypted into RAM after an executable has been loaded (e.g. this would be some parts of the kernel and essential system calls that the games make)

  9. Re:Does this mean Vivendi are good or bad now? on King's Quest 9 Lives! · · Score: 1

    Actually, the official bnetd distribution did not support Warcraft III (or the beta).

    A modified version was created by a third party that supported the Warcraft III beta.

  10. Does this mean Vivendi are good or bad now? on King's Quest 9 Lives! · · Score: 1

    They did shut down bnetd and freecraft.
    But now they are giving the OK to KQ9...

  11. the one price per song model is good on Digital Music Stock Market? · · Score: 1

    It means that price is not being used as a marketing tool by the RIAA.
    Everything costs the same price so people will not make purchasing decisions based on price.

  12. Hopefully we see more sci-fi on this service on Apple Adds New TV Shows To iTunes · · Score: 1

    Battlestar Galactica is a good start but more would be nice :)

  13. DMCA exemptions I want to see on Researchers Want Right to Bypass Protected Spyware · · Score: 1

    1.It should not be a DMCA violation to break protection if you have permission from the copyright holder of the work to copy the work (this would, for example, not make it a violation to break any protection on digital camera photos that you took yourself)

    2.It should not be a DMCA violation to break protection if breaking the protection is necessary to enable its use by someone with a disabillity (e.g. to run it through a screen-reader or braile device for the blind or to add subtitles for the deaf)

    3.It should not be a DMCA violation to break protection if the protection is being broken in the course of removing a program, driver, library or other software item that cannot be removed any other way (this would make it ok to break the DMCA to remove viruses or worms or sony rootkits or spyware or other such items). This exemption would only cover acts taken in the course of removing the program and not any acts taken otherwise (e.g. to copy the program or to make it run when it refuses to run)

    and 4.It should not be a DMCA violation to break protection in order to create a 3rd party clone of a hardware device or component which is used up or wears out and, in the course of normal operation acording to the manufacturers specs, would need to be replaced. (this would mean it wouldnt be a DMCA violation to create 3rd party printer cartridges, car parts and so on)

  14. Re:Too bad... on Adobe Acquiring Macromedia on December 3, 2005 · · Score: 0

    Why cant someone come up with a web design tool that has the pro features people use Dreamweaver (and Frontpage) for and does the things those programs do but produces NICE HTML at the end of it all that doesnt require browser specific tricks and hacks?

  15. Re:Needs more .exe! on GMail Adds Virus Protection · · Score: 1

    I have found that if you rename the zip file to .zi, it gets through.

  16. Does this mean that... on Lockheed Martin Selects Linux for Missile Defense · · Score: 4, Funny

    You are entitled to the source code to the missiles that just landed on your head under the terms of the GPL?

  17. The better answer... on Ports for Porn - Using Firewalls to Block Porn · · Score: 4, Funny

    Is to implement a special top-level-domain for porn, something like the .xxx domain that was proposed (and rejected IIRC).

    That would have almost no technical issues and be just as easy to block as this braindead proposal.

  18. Big deal, kazza sucks anyway on Kazaa Forced To Modify Search Engine · · Score: 1

    Why doesnt someone invent a P2P network that combines the best elements of networks/clients like kazza/fasttrack (back when it didnt suck) with the best elements of open source clients like emule.

    If the RIAA wants to attack an open source client with copies of the source code on websites all over the world and a licence that lets anyone make any changes they like and redistrubute, good for them.

  19. Re:Half-Binary on Building Distributable Linux Binaries? · · Score: 1

    I think the OP was refering to the fact that there were kernel modules that tried to be "open" by having all the OS calls abstracted away but in fact still made OS calls from the "closed" part.

  20. Re:Half-Binary on Building Distributable Linux Binaries? · · Score: 3, Informative

    Even that doesnt necessarily work if C++ is involved and the system its built on and the one its run on have different GCC & libstdc++ versions with different incompatible ABIs...

  21. Re:big deal... on Microsoft to Open up Office Formats · · Score: 1

    Also term 7 of the open source definition:
    7. Distribution of License

    The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.

    No microsoft licence I have seen (except for a few things like WiX and WTL and such) meets this clause.

  22. big deal... on Microsoft to Open up Office Formats · · Score: 1

    Unless the licence microsoft uses is "compatible" in its terms with the OSI Open Source definition, this means nothing.

    Specifically term 3:
    3. Derived Works

    The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

    If the microsoft licence does not permit someone who has aggreed to it to relicence the information to anyone else under the same terms, its useless and a trick by microsoft to make everyone think they are "open" when they really are not.

  23. What about CPUID? on Remarked Celerons Sold As P4s · · Score: 1

    I would love to see how they can change the internals of a Celeron 1.7GHz to make the CPUID instruction return the ID of a Pentium 4 at 3.6GHz...

    Unless there is something I am not following, CPUID is executed entirely inside the processor and is impossible to fake.

  24. Re:Kill A Watt on Curbing Energy Use In Appliances That Are Off · · Score: 1

    Does anyone know of a device similar to the Kill A Watt but with australian plugs/voltage on it?
    I would love to find out just how much juce my computer actually uses.

  25. Re:No Rest for the Wicked... on Curbing Energy Use In Appliances That Are Off · · Score: 1

    We have Foxtel (australian Sattelite TV) and the box does have an "off" mode but that just shuts off the outputs.

    The box itself is always on so it can recieve firmware downloads and encryption keys for the channels you are subscribed to. And so it can phone home to tell the central server how much to bill you for when you use PPV stuff.