"...Parrots are doing no more than repeating what they've learned to do via positive re-inforcement. It doesn't take too many tries to find out that if you are told 'blue metal' and you pick up the metal key (being that the only item on the table that is blue is also the only item that is metal) -- you get a treat. This seems like nothing more than conditioning to me."
"The sets of objects need not be familiar, nor need they be placed in any particular pattern, such as a square or triangle. Furthermore, if presented with a heterogeneous collection -- of X's and Y's -- he can respond appropriately to questions of either 'How many X?' or 'How many Y?' (62.5%, all trials; 70.0%, first trials).27 Our work with heterogeneous collections has suggested even more advanced skills. Alex can be shown a 'confounded number set' (collections of four groups of items that vary in two colors and two object categories -- e.g., blue and red keys and cars) and be asked to label the number of items uniquely defined by the combination of one color and one object category (e.g., 'How many blue key?').39 His accuracy (83.3%) replicates that of humans in a comparable study performed by Trick and Pylyshyn.38 Although we cannot claim that the mechanisms that Alex uses are identical to those of humans, the data suggest that a non-human, nonprimate, nonmammalian subject has a level of competence that, in a chimpanzee, would be taken to indicate a human level of intelligence.2,27"
2. Pepperberg, I.M.: An investigation into the cognitive capacities of an African Grey parrot (Psittacus erithacus). In Advances in the Study of Behavior. Edited by P.J.B. Slater, J.R. Rosenblatt, and C. Beer. New York, Academic Press, 1990.
27. Pepperberg, I.M.: Evidence for conceptual quantitative abilities in the African Grey parrot: Labeling of cardinal sets. Ethology 75:37-61, 1987.
38. Trick, L., & Pylyshyn, Z. Subitizing and the FNST spatial index model. University of Ontario, COGMEM#44 (Based on a paper presented at the 30th Psychonomic Society Mtg, Atlanta, GA, November, 1989).
39. Pepperberg, I.M. Numerical competence in an African Grey parrot (Psittacus erithacus). J. Comp. Psych., 108:36-44, 1994.
Irene Pepperberg's work has been published not just in popular press like Scientific American but in peer-reviewed journals such as those in the footnotes above, so I have to assume it has met their standards for scientific work. She and her team have clearly addressed the concerns you raise, and others besides.
"...NOT the same as Slashdot deleting all references to kuro5hin. It might be analagous to slashdot not posting any stories about kuro5hin, which, to the best of my knowledge, is actually the case."
Four of our stories reference kuro5hin in April/May, including this one where I wrote: "I need to start reading kuro5hin more often."
I even bought myself a kuro5hin T-shirt for chrissakes. It's ReallyCool(tm) and ILikeItALot® and EveryoneShouldBuyOne(tm). Maybe if I get a kuro5hin tattoo on my ass, people will stop accusing Slashdot of bias. Maybe.
"The/. 1-pixel image is a weird one. It's right at the top of the page, in a 2-pixel wide table to the left of the banner ad (from doubleclick.net BTW). There are two single-pixel images in that table; one's the off-site "bug" and the other is images.slashdot.org/pagecount which you'd think would have a valid purpose."
As I wrote in another comment to this story, the "off-site" graphic traceroutes through dn.net via exodus.net. Both sites (Digital Nation and Exodus) are sites that Andover uses to host some of its services. In other words, the "off-site" graphic probably isn't off-site at all.
I'll ask the slash development team what the deal is. If more than 3 or 4 people care (feel free to email me), maybe I can get Timothy to drop the results in the next Slashback or something. But I'll bet you dollars to donuts they're all page-counters.
But what are they used for? I'm not sure. But look at the source code of almost any page here, and you'll see them: <IMG SRC='http://209.207.224.245/Slashdot/pc.gif?/comme nts.pl,962468080410' WIDTH=1 HEIGHT=1> <IMG SRC='http://images.slashdot.org/pagecount.gif?/com ments.pl,962468080410' WIDTH=1 HEIGHT=1> <IMG SRC='http://images.slashdot.org/banner/gate5002en. gif?962468081680' WIDTH=1 HEIGHT=1 BORDER=0>
Maybe one of the slashdot staffers could answer this.
The first one is a page-counter graphic that's apparently on a machine at Slashdot's old hosting location, Digital Nation (since the traceroute to it goes through dn.net). I'm not that familiar with the technical end of Slashdot and so I can't speculate why it's loaded from dn.net instead of from our main servers.
The second one is a page-counter graphic (obviously) on our main servers.
The third one I'm not sure about. Like I say, I know little about the tech end of Slashdot and even less about the ad system.
In short, these guys are harmless. "Web bugs" allow a site other than the one you're currently reading to check up on your behavior. Obviously you're leaving footprints all over slashdot.org's logs every time you load our homepage!
Like, if I request a URL from www.flibbertygibbit.com, can't the browser be smart enough not to request further resources from, say, ad.doubleclick.net (but be smart enough to request resources from pix.flibbertygibbit.com)?
Yes; the trouble is that many sites have offsite images load from a perfectly normal and harmless third-party server. Akamai is the best example; companies from Altavista to Apple to Andover store their graphics on Akamai's distributed servers for faster load times. If you prohibit all third-party graphics, you prevent these graphics from loading, thus breaking many pages.
Wasn't this capability in Mozilla until recently? How hard is it to put back in?
Yes, it was; see this older slashdot story for details. The good news is that Mozilla retains the capability to block off-site cookies, which doesn't totally eliminate the web bug problem but does take a huge bite out of it (along with the whole DoubleClick-privacy problem in general).
Personally I suspect that the offsite image problem could be 99% solved with a little special-casing and some creative DNS work. But I don't know that for certain.
The bottom line is that, because of this one incredibly simple feature, Mozilla is currently the most privacy-friendly off-the-shelf browser that I know of. Of course, if you are really concerned about privacy, you could try add-ons like Junkbusters or IDcide.
A company has managed to take out patents on all glass, plastic and metal containers and is demanding that breweries throughout the country pay it 0.5 percent royalties on every bottle or can they sell.
Intellect, a company specializing in legal advice on industrial property rights, secured the patents from state patent agency Rospatent and has sent letters to breweries offering a license so brewers can continue to use bottles and cans.
Interfax reported Vladimir Shishin, head of the Brewers Association, as saying Friday that Intellect's demands could cost beer makers 200 million rubles ($7 million) a year.
[...]
The Encyclopedia Britannica says the Egyptians were producing glass bottles before 1500 B.C. But that didn't stop Rospatent from issuing the patent Oct. 20. It is now in the middle of an internal investigation into whether it should have done so.
[...]
Critics say the patent application was written in complicated language and pertained to a feature inherent in all bottles.
Public-key cryptography is certainly one of the most significant information-technology discoveries of this century. It's been described as the most significant breakthrough in codemaking and -breaking of the past 2000 years.
But I'm guessing it's not on the list because it's not an algorithm. It's a lack of an algorithm. It's simple enough to multiply two large primes together. The reason public-key crypto works is that there is no known algorithm to turn the product back into its constituent primes in reasonable time.
Maybe that missing algorithm should have been listed as #0...
Are you browsing through comments.pl? I do, and I see lots of dissaperaing posts. Sometimes they get marked with "don't post" before they get removed. And I've been getting "Invalid Form Key" errors on one of my accounts as well. Also note articles in comments.pl that are forward-posted in time
As you've probably already guessed, these are bugs in the code. You shouldn't be seeing some of what you are, and you shouldn't be getting the "invalid form key" errors. Fixes have been written and are being tested for both these problems.
If you can make a bug reproducible, please feel free to submit a detailed report to SourceForge. This helps us a lot. Thanks.
I wasn't aware of that domain dispute; its submission(s) presumably were rejected by someone else. (Readers often don't realize that Slashdot has something like a half-dozen editors and that any of us can reject a submission...so randomness does play a large factor.)
I ran this Barbie story partly because Sunday is a slow news day and partly because I'm hoping someone really will have started an FAQ on domain-name disputes, or will be motivated to start one. The net could use one.
For each of the disputes you name, there are many others we haven't run a story on. They're too numerous to list, which is part of the problem: the degree to which corporate trademark infringes on personal expression is being decided at this very moment by dozens of separate cases, and we nonlawyers are too disorganized to make a difference.
What are the chances of getting some editorial accountability around this place?
Comments like yours are our editorial accountability:-)
Jamie, before you go stating that "OSS != Security," please consider:
Bugs in crypto systems are extraordinarily difficult to hunt down and squish. Read Applied Cryptography if you feel like getting your brain around why. A bug of this magnitude in a product with source code not available would probably never have been discovered.
Many crypto bugs are hard to find. This bug should not have been. Passing in a pointer to a buffer and then assigning the function result to that same buffer? I bet there exists an automated tool which understands the parameters to read() and would find that error.
It's not like read() is an obscure system call. Using it improperly like this is practically criminal.
And I never said "OSS != Security," in fact, I explicitly said the two were not necessarily equal, "emphasis on necessarily."
PGP's license has never met the Open Source Definition (it's free to use only under certain circumstances).
OK, you got me there - Dan Kaminsky also wrote in to mention that its license prohibits commercial use, adding "many of the eyes that would have otherwise been directed at the PGP codebase wouldn't touch the product."
I'm not entirely sure that's true. PGP should naturally attract a lot of eyes by virtue of being high-profile. Many of the people who would be or should be looking for bugs like this one are up-and-coming cryptographers, for whom finding a bug in PGP would garner street cred. They wouldn't care whether they could use the code commercially.
Still, point taken. Let me talk to a friend who knows PGP better than I do, and I'll look into revising the headline and/or updating the story in the next few hours.
Despite this technicality, your headline is stupidly sensational and self-defeating. Wouldn't it have been much better to title it "Key Generation Bug Found in PGP 5"?
When we get two submissions that are both important, and related, it makes for a more interesting discussion to link them together. Unfortunately I think many readers are only reading the PGP story, and skipping John Viega's excellent article - or at least there hasn't been much discussion of it, which is a shame.
"Open-Source != Security; PGP Provides Example" is going a little too far.
Well, we only get so many characters in the title. I already had to use a C operator to replace three English words. I was a little squeezed for space.
"...it isn't that hard to look through the archives and find CT saying 'oops... our server died/crashed/whatever.' That kind of honesty and straightforwardness is what made/. a community first and a news site second."
What the hell could we possibly say that would be so terribly interesting?
Yes, Slashdot got hit by a denial of service attack. Yes, it's still having problems and has been up and down intermittently for various technical reasons. Yes, the network staff at Andover is working on it. Duh!
The only interesting thing about the last few annoying days would be if we knew who launched the DoS attack. We don't (AFAIK). So there's nothing worth posting about it.
Or do you really need want us to state the obvious?
Cassini was the probe carrying plutonium RTGs which caused a furor among some misguided activists, a few years back.
The only way that the amount of plutonium on Cassini could be dangerous to large numbers of people is if it were dispersed in a fine dust. That is simply impossible - or, to be scientifically precise, is so improbable as to be unworthy of consideration.
The plutonium stored in RTGs is mixed into a hard ceramic which is designed to crack into large pieces. The ceramic is encased in such a way that it is designed to survive re-entry.
The most dangerous thing that would happen from Cassini, or any other RTG-powered spacecraft, smashing into the earth, would be that it would land on someone's head.
The next most dangerous unplanned-reentry scenario, and the most likely scenario for plutonium poisoning of anyone, is that chunks of solid ceramic with plutonium oxide in them would smack small craters in the ground, and that some exceptionally stupid person would walk up to the craters and decide to devour the hot smoking projectiles buried in the craters. That's really the only (statistically feasible) way the plutonium could be ingested by anyone. Of course, eating the stuff probably wouldn't kill you anyway because you'd excrete it all in a day or two.
Indeed, the anti-Cassini activists even admitted that the most dangerous period was during launch - and during launch, the forces involved are simply not enough to disperse the plutonium in a dangerous manner. Worse-case scenario is a launch explosion which would scatter big ceramic chunks around the area - where they would sit and do no harm. A launch explosion simply cannot vaporize these things, they're very solidly built.
I worked out the odds a few years back when Cassini launched. The total statistical danger to human life posed by Cassini between its launch and its flyby turned out to be far smaller (by several orders of magnitude) than the danger, during the same period of time, that an unrecognized near-earth asteroid would smack the planet hard enough to cause mass extinction. If people are concerned about death from above, they should put their activist effort into programs to identify near-earth asteroids.
...UNIX has been pretty good for me in terms of "stability" and "predictability".
QNX's literature describes their products being used as the OS and GUI for software environments like nuclear reactors, hospitals, and (IIRC) the Space Shuttle. (Not flight control, but some other system, I forget what exactly.)
I think Linux is great too, orders of magnitude more stable than many other operating systems. But QNX's microkernel hasn't had a system call or a feature added for many years. Last I heard, it's all hand-tuned assembler that has been tested and checked over and over, for a decade or more.
If I'm living next to the nuclear reactor, or if I'm the one suited up to fly the Shuttle, that's the kind of code I want:-)
There have been a lot of suggestions that students "poison the well" by turning in random classmates.
Once WAVE becomes reality, I think there's a great story waiting to be written by a high-school student who makes the anonymous phone call to turn in himself or herself for being violent, destructive, and potentially murderous.
Make up all the accusations out of thin air as if you were an angry fellow classmate. Make the call from a pay phone, noting the exact time and writing down what you say. Don't tell anyone (even your parents) what you're doing. And document everything that happens.
The story of the falsely-accused, from the inside, would be a fascinating read.
Mattel is planning to sell it's software company, Learning Co., which is the maker of Cyber Patrol. [...] I tried to submit the story but it got rejected
We didn't reject it. We ran it. (And someone else submitted it before you - sorry.)
Most of our YRO stories run on the slashdot homepage, but not all of them.
Click on the YRO section box on the left side of every Slashdot page to see all the stories, including the ones that weren't important enough for the main homepage.
And/or, go to your user preferences, scroll down to "Customized Slashboxes," check all the boldfaced sections, and then check "Your Rights Online" and any other slashboxes that strike your fancy. That'll keep a list of YRO stories handy.
When the techie-type who accepted the award for The Matrix gave out its URL at the end of his speech, I figured I'd see what the slashdot effect was like for the old media.
I couldn't get through to its webserver for almost an hour. It responded to pings but the HTTP port was completely overloaded. I don't know what this guy expected (unless he just did it so he could laugh at the outrageous web logs the next morning). If only 1% of the audience tried the site, that was still as many as a million people typing in the URL at the same time, every hour, as the show crawled into new timezones.
I think this was the first time that a domain name was mentioned in an acceptance speech. I'm sure it won't be the last.
No. Read the article I wrote last October. The problem is that you can be viewing a page on Site X with a gif from Site DC. The gif gets its own cookie.
It's good you bring this up. The language:
"Only accept cookies from the site being viewed"
is misleading and wrong. That's why it was changed to "accept only cookies that get sent back to the originating server" in the latest Netscape. More techically accurate. Doesn't solve the problem.
"Mr Haselton's publication of the encrypted contents along with an analysis of the contents..."
Haselton didn't publish the encrypted data, nor the decrypted data apart from the 50 URLs he analyzed. He published the code to a decryption program, and a link to Symantec's website to obtain the encrypted data. (Symantec quickly removed the data at the other end of that link - security through obscurity after the horse is gone, to mix metaphors.)
Again - the only thing he published on his own site was the code to do the decryption, and the 50 URLs which he analyzed.
Slashdot Mirror
As long as I can use this quote in my promotional literature:
Jamie McCarthy
Not so. http://www.mecca.org/~rporter/PA RROTS/grey_al.html:
Irene Pepperberg's work has been published not just in popular press like Scientific American but in peer-reviewed journals such as those in the footnotes above, so I have to assume it has met their standards for scientific work. She and her team have clearly addressed the concerns you raise, and others besides.
Jamie McCarthy
Four of our stories reference kuro5hin in April/May, including this one where I wrote: "I need to start reading kuro5hin more often."
I even bought myself a kuro5hin T-shirt for chrissakes. It's ReallyCool(tm) and ILikeItALot® and EveryoneShouldBuyOne(tm). Maybe if I get a kuro5hin tattoo on my ass, people will stop accusing Slashdot of bias. Maybe.
Jamie McCarthy
I could have sworn Andover used Akamai, but we don't. Never mind. Altavista and Apple is enough alliteration for one day.
Jamie McCarthy
As I wrote in another comment to this story, the "off-site" graphic traceroutes through dn.net via exodus.net. Both sites (Digital Nation and Exodus) are sites that Andover uses to host some of its services. In other words, the "off-site" graphic probably isn't off-site at all.
I'll ask the slash development team what the deal is. If more than 3 or 4 people care (feel free to email me), maybe I can get Timothy to drop the results in the next Slashback or something. But I'll bet you dollars to donuts they're all page-counters.
Jamie McCarthy
The first one is a page-counter graphic that's apparently on a machine at Slashdot's old hosting location, Digital Nation (since the traceroute to it goes through dn.net). I'm not that familiar with the technical end of Slashdot and so I can't speculate why it's loaded from dn.net instead of from our main servers.
The second one is a page-counter graphic (obviously) on our main servers.
The third one I'm not sure about. Like I say, I know little about the tech end of Slashdot and even less about the ad system.
In short, these guys are harmless. "Web bugs" allow a site other than the one you're currently reading to check up on your behavior. Obviously you're leaving footprints all over slashdot.org's logs every time you load our homepage!
Jamie McCarthy
Yes; the trouble is that many sites have offsite images load from a perfectly normal and harmless third-party server. Akamai is the best example; companies from Altavista to Apple to Andover store their graphics on Akamai's distributed servers for faster load times. If you prohibit all third-party graphics, you prevent these graphics from loading, thus breaking many pages.
Yes, it was; see this older slashdot story for details. The good news is that Mozilla retains the capability to block off-site cookies, which doesn't totally eliminate the web bug problem but does take a huge bite out of it (along with the whole DoubleClick-privacy problem in general).
Personally I suspect that the offsite image problem could be 99% solved with a little special-casing and some creative DNS work. But I don't know that for certain.
The bottom line is that, because of this one incredibly simple feature, Mozilla is currently the most privacy-friendly off-the-shelf browser that I know of. Of course, if you are really concerned about privacy, you could try add-ons like Junkbusters or IDcide.
Jamie McCarthy
I am not making this up...
http://www.moscowtimes.ru /24-Jun-2000/stories/story2.html
Jamie McCarthy
But I'm guessing it's not on the list because it's not an algorithm. It's a lack of an algorithm. It's simple enough to multiply two large primes together. The reason public-key crypto works is that there is no known algorithm to turn the product back into its constituent primes in reasonable time.
Maybe that missing algorithm should have been listed as #0...
Jamie McCarthy
Jamie McCarthy
As you've probably already guessed, these are bugs in the code. You shouldn't be seeing some of what you are, and you shouldn't be getting the "invalid form key" errors. Fixes have been written and are being tested for both these problems.
If you can make a bug reproducible, please feel free to submit a detailed report to SourceForge. This helps us a lot. Thanks.
Jamie McCarthy
I ran this Barbie story partly because Sunday is a slow news day and partly because I'm hoping someone really will have started an FAQ on domain-name disputes, or will be motivated to start one. The net could use one.
For each of the disputes you name, there are many others we haven't run a story on. They're too numerous to list, which is part of the problem: the degree to which corporate trademark infringes on personal expression is being decided at this very moment by dozens of separate cases, and we nonlawyers are too disorganized to make a difference.
Jamie McCarthy
Comments like yours are our editorial accountability :-)
Many crypto bugs are hard to find. This bug should not have been. Passing in a pointer to a buffer and then assigning the function result to that same buffer? I bet there exists an automated tool which understands the parameters to read() and would find that error.
It's not like read() is an obscure system call. Using it improperly like this is practically criminal.
And I never said "OSS != Security," in fact, I explicitly said the two were not necessarily equal, "emphasis on necessarily."
OK, you got me there - Dan Kaminsky also wrote in to mention that its license prohibits commercial use, adding "many of the eyes that would have otherwise been directed at the PGP codebase wouldn't touch the product."
I'm not entirely sure that's true. PGP should naturally attract a lot of eyes by virtue of being high-profile. Many of the people who would be or should be looking for bugs like this one are up-and-coming cryptographers, for whom finding a bug in PGP would garner street cred. They wouldn't care whether they could use the code commercially.
Still, point taken. Let me talk to a friend who knows PGP better than I do, and I'll look into revising the headline and/or updating the story in the next few hours.
When we get two submissions that are both important, and related, it makes for a more interesting discussion to link them together. Unfortunately I think many readers are only reading the PGP story, and skipping John Viega's excellent article - or at least there hasn't been much discussion of it, which is a shame.
Jamie McCarthy
Well, we only get so many characters in the title. I already had to use a C operator to replace three English words. I was a little squeezed for space.
I don't think you have to worry about that.
Jamie McCarthy
Thanks!
Generally, authors decide where their own posts go. I didn't think a "no cause for panic" news story was important enough for the main page.
Jamie McCarthy
What the hell could we possibly say that would be so terribly interesting?
Yes, Slashdot got hit by a denial of service attack. Yes, it's still having problems and has been up and down intermittently for various technical reasons. Yes, the network staff at Andover is working on it. Duh!
The only interesting thing about the last few annoying days would be if we knew who launched the DoS attack. We don't (AFAIK). So there's nothing worth posting about it.
Or do you really need want us to state the obvious?
Jamie McCarthy
The only way that the amount of plutonium on Cassini could be dangerous to large numbers of people is if it were dispersed in a fine dust. That is simply impossible - or, to be scientifically precise, is so improbable as to be unworthy of consideration.
The plutonium stored in RTGs is mixed into a hard ceramic which is designed to crack into large pieces. The ceramic is encased in such a way that it is designed to survive re-entry.
The most dangerous thing that would happen from Cassini, or any other RTG-powered spacecraft, smashing into the earth, would be that it would land on someone's head.
The next most dangerous unplanned-reentry scenario, and the most likely scenario for plutonium poisoning of anyone, is that chunks of solid ceramic with plutonium oxide in them would smack small craters in the ground, and that some exceptionally stupid person would walk up to the craters and decide to devour the hot smoking projectiles buried in the craters. That's really the only (statistically feasible) way the plutonium could be ingested by anyone. Of course, eating the stuff probably wouldn't kill you anyway because you'd excrete it all in a day or two.
Indeed, the anti-Cassini activists even admitted that the most dangerous period was during launch - and during launch, the forces involved are simply not enough to disperse the plutonium in a dangerous manner. Worse-case scenario is a launch explosion which would scatter big ceramic chunks around the area - where they would sit and do no harm. A launch explosion simply cannot vaporize these things, they're very solidly built.
I worked out the odds a few years back when Cassini launched. The total statistical danger to human life posed by Cassini between its launch and its flyby turned out to be far smaller (by several orders of magnitude) than the danger, during the same period of time, that an unrecognized near-earth asteroid would smack the planet hard enough to cause mass extinction. If people are concerned about death from above, they should put their activist effort into programs to identify near-earth asteroids.
Jamie McCarthy
QNX's literature describes their products being used as the OS and GUI for software environments like nuclear reactors, hospitals, and (IIRC) the Space Shuttle. (Not flight control, but some other system, I forget what exactly.)
I think Linux is great too, orders of magnitude more stable than many other operating systems. But QNX's microkernel hasn't had a system call or a feature added for many years. Last I heard, it's all hand-tuned assembler that has been tested and checked over and over, for a decade or more.
If I'm living next to the nuclear reactor, or if I'm the one suited up to fly the Shuttle, that's the kind of code I want :-)
Jamie McCarthy
According to my criminal law class in high school (late 1980s), the conviction rate here in the States is about 90%.
Jamie McCarthy
Once WAVE becomes reality, I think there's a great story waiting to be written by a high-school student who makes the anonymous phone call to turn in himself or herself for being violent, destructive, and potentially murderous.
Make up all the accusations out of thin air as if you were an angry fellow classmate. Make the call from a pay phone, noting the exact time and writing down what you say. Don't tell anyone (even your parents) what you're doing. And document everything that happens.
The story of the falsely-accused, from the inside, would be a fascinating read.
Jamie McCarthy
Jamie McCarthy
We didn't reject it. We ran it. (And someone else submitted it before you - sorry.)
Most of our YRO stories run on the slashdot homepage, but not all of them.
Click on the YRO section box on the left side of every Slashdot page to see all the stories, including the ones that weren't important enough for the main homepage.
And/or, go to your user preferences, scroll down to "Customized Slashboxes," check all the boldfaced sections, and then check "Your Rights Online" and any other slashboxes that strike your fancy. That'll keep a list of YRO stories handy.
Jamie McCarthy
I couldn't get through to its webserver for almost an hour. It responded to pings but the HTTP port was completely overloaded. I don't know what this guy expected (unless he just did it so he could laugh at the outrageous web logs the next morning). If only 1% of the audience tried the site, that was still as many as a million people typing in the URL at the same time, every hour, as the show crawled into new timezones.
I think this was the first time that a domain name was mentioned in an acceptance speech. I'm sure it won't be the last.
Jamie McCarthy
It's good you bring this up. The language:
is misleading and wrong. That's why it was changed to "accept only cookies that get sent back to the originating server" in the latest Netscape. More techically accurate. Doesn't solve the problem.
Jamie McCarthy
Haselton didn't publish the encrypted data, nor the decrypted data apart from the 50 URLs he analyzed. He published the code to a decryption program, and a link to Symantec's website to obtain the encrypted data. (Symantec quickly removed the data at the other end of that link - security through obscurity after the horse is gone, to mix metaphors.)
Again - the only thing he published on his own site was the code to do the decryption, and the 50 URLs which he analyzed.
Jamie McCarthy