This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:
http(s)://username:password@server/resource.ext
Unfortunatly this isn't fixed as it should be, ie you're shown the entire link in the address bar and maybe even given a warning when you go to the site. Instead they fixed this by not allowing the '@' character in addresses as was suggested they might here. Hadn't they been saying previously that problem this was unfixable presumably the reason for disallowing the '@' alltogether rather than a real fix. I have two questions, first what kind of codebase do they have that they can't make a real fix?!? Sure it might be a bit of a pain but it's obviously possible since no other browser is affected (heck I even tried IE for mac yesterday and it handled it perfectly!). They obviously handle the url properly at some point since you visit the proper site, they should be able to display the url properly! Next, what is the effect of them deprecating the '@' tag? I don't recall ever seeing this in the wild and can't really see a lot of use in microsoft.com@slashdot.org, of course the example they give is username:password but I can't see any real site displaying the password in plaintext in the url, does anyone have an example of where this is used and what the effects will be?
I was surprised as well, the reason that it stayed so fresh is that it had such lasting implications so we keep hearing about it and it stays fresh in our memory. To contrast I remember that at the same time as Columbia there was an avalanche that killed several fifteen year olds and I just saw a story about the anniversary of that tragedy as well. That one I heard nothing after about a week and had nearly forgotten about it, as a result when I saw the story today I was surprised that it was only a year ago.
What leads you to believe this is someone from the Linux community?
Doesn't matter, unless they catch the writer and prove it to be something else. As you showed with the SCO conspiracy theory it's the Linux community that is going to catch the flack.
The economist just added a Starbuck's tall latte index (a purchasing-power parity test) similar to their Big Mac Index. How long will it be until they add an "mp3 index"?
Both the tall latte index and the Big Mac index show that the Canadian dollar is undervalued compared to the US dollar (which means that we get things cheaper here!). Sweet.
Note that both those products you're paying mostly for service. We earn similar pay as in the US except the dollars we earn are worth less, as a result when we pay for something that can be sold on either side of the border (like a computer) than we pay more of our dollars than americans, if on the other hand we are paying for something that requires local service (like a Big Mac) we pay about the same number of dollars because the workers are being paid in the same CADs that we are paying.
So we don't really get things cheaper up here, we make less and occasionally pay less.
Since geeks motivated enough to get a new account just so they can make that joke because their old account has a sub six digit UID are also experienced enough to have learned more about digital photography.
Not only is that analogy inaccurate but it would be more accurate if it were reversed! Try this for example.
SCO: We own all you source code!
Slashdotters: How so? We wrote it!
SCO: We just do!
Compared to: Squatter: I own that domain!
JRR Tolkien Estates: Why should you? You chose the name of the domain specifically because it is the name of the author whom we represent. You are seeking to profit from the fame of his name which he gained through writing some amazing works of literature, the site which you put up doesn't even have anything to do with him!
Squatter: Well I wants it!
Yes it is sleazy and I don't see any reason why this company should be allowed to do it. They have provided no service and have deliberatly mislead people to their site suing the fruits of someones elses labour.
Title of the post comes from one of Feinman's books. God you must be such a geek to have read those.:-)
You have apparently read the books which means you're a big geek, but you're also an AC who doesn't know how to spell Feynman which throws doubt upon that theory, I am much confused.
For all those that are undoubtely going to post something about how America and President Bush in particular are evil for doing something like this here's a little factoid:
Europe did it first to Spain for it's SUPPORT of the Iraq war. If you don't believe me here's a link (NYT -registration required etc..):
I've read this a few times in the discussion and I do see your point though you need to admit that the circumstances have some important differences. On one hand the US is trying to punish a country for not falling in line with their war which most of the world viewed as unnecessary and was highly against (including the population of the country in question). The EU on the other hand is going against a country which joined in a war which was AGAINST both the wishes of the international community and against the wishes of its own public! They chanted "Aznar resign!" in protest at Prime Minister Jose Maria Aznar's support for the American line on Iraq despite its rejection by the vast majority of the Spanish public.
Frankly I wouldn't want to stick a Fusion reactor in a country which has just shown itself to ignore both the international community and it's own people to support the american war effort. France of the other hand, like most of Europe, actually listened to its populace and didn't go to war and I don't see why they, or any nation that did the same, should suffer any negative consequences because of that.
1. The Softwood lumber dispute (I found a link to an american organization but one that is against the tarrifs because is raises lumber prices), which is doing severe damage to our lumber industry.
2. Kyoto I just threw out as something that came to mind, not all Canadian provinces like it either and a lit of US states have actually implemented their own rules that are even more stringent but it was an another international agreement that the US backed out of.
3. The landmine treaty pretty much everyone but the US signed, a notable exception, I remember hearing some speculation about them going to use some in Afghanistan but couldn't find anything in a quick google. Still it's important to note that this was in Clintons era so isn't exactly Bush's fault.
4. Here's a though piece on US violations with regards to treatment of war prisoners in Afghanistan.
5. Hostility doesn't always have to be military, the US has arguably been very hostile to the entire international community with the huge distain it showed for the UN and any country that opposed it's plans to go into Iraq or even countries that didn't offer military support (with us or against us anyone?). Yes there has been some hostility shown to the US but that's inevitable with a superpower and a crutial difference is that when the US is hostile towards another nation is any capacity it causes economic hardship and can be a threat to the nations very existance(what if GW decides to go to Iran or North Korea). As to the moron comment that was just an overheard remark (an accurate one I might add;), the bastard comment likewise was just a mistake from frustration, frankly I couldn't believe the amount of fuss that was made in the US over either comment. For example look back to the campaign when Bush didn't even appear to know who our PM's name was!! The only real reaction here was some jokes.
6. As to divisions bringing them into the open can the way the US does is more akin to aggrivating them. I'm too lazy at this point to google for info on what was going on between the Korea's at the time but I recall hearing on the media several months before about how the countries were starting to get closer together then Bush decided to through North Korea in on the axis of evil and all that went to waste.
Well I'm a Canadian for one thing, I've had to deal with the fallout of protectionist trade policies (unjustified lumber tarrifs specifically), backing out of the Kyoto agreement, ignoring the landmines treaties that the rest of the world is trying to follow, violating the Geneva convention in Afghanistan, a lot of hostility from the US government over not falling in line with them over Iraq, and the general division of Bush of the world into with us or against us, I remember just as North and South Korea were starting to become friendly again North Korea suddenly become part of an axis of evil.
This is just a few of the things that came to mind in the last couple minutes, I'm also just talking as an outsider which is why I didn't mention any of the human rights stuff that's going on internally, basically this is just a short summary of why I'm terrified that Bush might be around for another 4 years.
Capturing Saddam is a good thing. He's a Very Bad Man(tm). ... Bush &c. will get an approval bump out of this, right up until the next terrorist attack, when it is plainly shown that the whole Iraq boondoggle was an expensive distraction so that W could feel like a man, and so that people wouldn't ask questions about the actual problem.
Possibly, but there havn't been any terrorist attacks in the US which is really the only thing that will trouble the american public, and if there is a terrorist attack I fear the media will circle the wagons so quickly that Bush will never leave.
As to Saddams capture I'm a little conflicted, Saddam was a horrible dictator and it's a good thing that he's no longer on the loose. On the other hand I can't see a scenerio where he could of ever regained power, really the only practical way I can see his capture helping is to maybe diffuse some tensions in Iraq, helping to bring some peace, and maybe serving as a deterrent to other dictators (though realistically all they would have to do is play nice to the US). On the other hand I'm terrified that this might give GW the boost he needs to get re-elected and if the past 3 years have shown anything I think that scenerio is far worse than any damage Saadam could of done in his current condition if he remained hiding in some hole.
Nice idea and it could do some good but I don't think it will work in the long run. Spam is becoming an industry and as that article mentions "It's the big guy squeezing the little guy out." This may help against the small timers but the big guys who are the real problem will likely have the knowhow to keep any software they use licsenced or use free software if they realize BSA is a risk. This is assumnig that the BSA does decide to fight against spam which is a long shot and even if they do, spammers would likely realize that the BSA relies on people not knowing their rights and could defend against it.
The other added benefit is that I would be responsible for phone traffic, also, in that it would be routed through the normal network. More job security...heh.
Even better, no more calls during the middle of weekend when the network goes down!
'Low-skill jobs like coding are moving offshore and what's left in their place are more advanced project management jobs.'
So North American's are the only ones with any skills? The coding jobs aren't low skill, they're pure skill, which is precisely the reason they're being outsourced. They don't require presonal connections, expensive hardware (relative to other professions), locality, even communication is significantly less than in many other professions. The reason that in the past low skill = offshore, is because high skill = expensive equipment, which is easier to produce and maintain in western nations. But now the skills in IT jobs are much closer to theory than labour and they don't require a lot of expensive hardwar. All they need is the skills, a computer, and the specs and they're set.
That's nice, but what we really need are tips on how to set these scams up.
It's actually not that difficult. In my experience Social Engineering turns out to be the most effective approach. It has a significantly higher return than other methods and requires much less effort. The only real downside is they can have a slightly higher risk threshold due to the personal contact involved but this can be negated in many ways, among them completing transactions online where it is easier to protect your identity. If fact I believe I can give you a simple demonstration on how it works, all you need to do is give me your name, SIN, PIN, and credit card number and I can give you first hand experience in how social engineering scams work!
The problem with this sugestion is that those who put up real atms and modify them are going to come back as trusted until they rip you off..
The bank will supply the key themselves for the ABMs, not the manufacturer. The only way for the criminals to be able to get a real key would be an insider job, corporations already have lots of practice protecting keys, decrypting the key yourself, well it should be easy enough to make a key that can't be decrypted within a few thousand years, or probably the easiest, steal an ABM or atleast the chip that can do the decrypting and use it yourself, The first two shouldn't be big problems, for the final the only thing I can think of is to put the ABMs on some sort of secure encrypted network and have the info decrypted at some central facility, if a machine is believed to be comprimised it's thrown out of the loop. This stops the bad guys from ever getting something that can consistently steal PINS on a large scale. It's possible that every once in a while they may be able to comprimise a specific machine in secret so that it isn't thrown out of the loop and get PINS from there but the moment they start using the numbers the banks should find out and this shouldn't be common enough to ever be a real problem.
Re:I try to avoid them altogether.
on
Fake ATM Fraud Expose
·
· Score: 5, Interesting
If they integrated some other forms of identification that couldn't be forged, such as biometrics or retinal scans, perhaps I'd be a bit less worried. But as things stand now credit cards are a better way to go if you're worried about recovering losses from fraud.
Or a public/private key system. Say when you get your card there is some randomish value on some part of the strip that when it is decryped against the key that the ABM/ATM has they will report a value that the bank gave you when you got your card, say "BLUE" (easy enough to remember). Now when ever you use an ABM/ATM you can know it will be authentic because it will say BLUE, if an ABM says your card is RED then you call the bank to report the erroneous machine which may mean an untrustmorthy machine or the bank has changed the key. The key is changed if some crackers ever find it out then the banks will have to go to all the machines and put in a new key, they'll also have to tell everyone what their new colour is which will be a hassle but hopefully shouldn't happen with any kind of frequency if they choose a good key and have good security procedures.
Yes -- Russia, and you must have suspected I would have known the virus's origin, so I can clearly not choose the name in front of me.
This Internet Explorer cumulative update also includes a change to the functionality of a Basic Authentication feature in Internet Explorer. The update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update:
http(s)://username:password@server/resource.ext
Unfortunatly this isn't fixed as it should be, ie you're shown the entire link in the address bar and maybe even given a warning when you go to the site. Instead they fixed this by not allowing the '@' character in addresses as was suggested they might here. Hadn't they been saying previously that problem this was unfixable presumably the reason for disallowing the '@' alltogether rather than a real fix. I have two questions, first what kind of codebase do they have that they can't make a real fix?!? Sure it might be a bit of a pain but it's obviously possible since no other browser is affected (heck I even tried IE for mac yesterday and it handled it perfectly!). They obviously handle the url properly at some point since you visit the proper site, they should be able to display the url properly!
Next, what is the effect of them deprecating the '@' tag? I don't recall ever seeing this in the wild and can't really see a lot of use in microsoft.com@slashdot.org, of course the example they give is username:password but I can't see any real site displaying the password in plaintext in the url, does anyone have an example of where this is used and what the effects will be?
I was surprised as well, the reason that it stayed so fresh is that it had such lasting implications so we keep hearing about it and it stays fresh in our memory. To contrast I remember that at the same time as Columbia there was an avalanche that killed several fifteen year olds and I just saw a story about the anniversary of that tragedy as well. That one I heard nothing after about a week and had nearly forgotten about it, as a result when I saw the story today I was surprised that it was only a year ago.
http://support.microsoft.com/default.aspx?scid=kb; %5Bln%5D;833786
Need I say more?
What leads you to believe this is someone from the Linux community?
Doesn't matter, unless they catch the writer and prove it to be something else. As you showed with the SCO conspiracy theory it's the Linux community that is going to catch the flack.
Update: 01/21 21:58 GMT by T: Errr, Robyn's a He, not a She -- many apologies. That hasn't happened in years!
You know I don't think that's something you should be talking about on a major website.
The economist just added a Starbuck's tall latte index (a purchasing-power parity test) similar to their Big Mac Index. How long will it be until they add an "mp3 index"?
Both the tall latte index and the Big Mac index show that the Canadian dollar is undervalued compared to the US dollar (which means that we get things cheaper here!). Sweet.
Note that both those products you're paying mostly for service. We earn similar pay as in the US except the dollars we earn are worth less, as a result when we pay for something that can be sold on either side of the border (like a computer) than we pay more of our dollars than americans, if on the other hand we are paying for something that requires local service (like a Big Mac) we pay about the same number of dollars because the workers are being paid in the same CADs that we are paying.
So we don't really get things cheaper up here, we make less and occasionally pay less.
Since geeks motivated enough to get a new account just so they can make that joke because their old account has a sub six digit UID are also experienced enough to have learned more about digital photography.
Not only is that analogy inaccurate but it would be more accurate if it were reversed!
Try this for example.
SCO: We own all you source code!
Slashdotters: How so? We wrote it!
SCO: We just do!
Compared to:
Squatter: I own that domain!
JRR Tolkien Estates: Why should you? You chose the name of the domain specifically because it is the name of the author whom we represent. You are seeking to profit from the fame of his name which he gained through writing some amazing works of literature, the site which you put up doesn't even have anything to do with him!
Squatter: Well I wants it!
Yes it is sleazy and I don't see any reason why this company should be allowed to do it. They have provided no service and have deliberatly mislead people to their site suing the fruits of someones elses labour.
Title of the post comes from one of Feinman's books. God you must be such a geek to have read those. :-)
You have apparently read the books which means you're a big geek, but you're also an AC who doesn't know how to spell Feynman which throws doubt upon that theory, I am much confused.
I took a glance at that article and found a little bit of perl that takes the time in seconds and gives you the date so
$ perl -MPOSIX -le 'print ctime(1073741824)'
Sat Jan 10 06:37:04 2004
then I got a little curious and added an extra digit
$ perl -MPOSIX -le 'print ctime(11073741824)'
Fri Dec 13 13:12:00 1901
well that is interesting isn't it...
For all those that are undoubtely going to post something about how America and President Bush in particular are evil for doing something like this here's a little factoid:
Europe did it first to Spain for it's SUPPORT of the Iraq war. If you don't believe me here's a link (NYT -registration required etc..):
I've read this a few times in the discussion and I do see your point though you need to admit that the circumstances have some important differences. On one hand the US is trying to punish a country for not falling in line with their war which most of the world viewed as unnecessary and was highly against (including the population of the country in question). The EU on the other hand is going against a country which joined in a war which was AGAINST both the wishes of the international community and against the wishes of its own public!
They chanted "Aznar resign!" in protest at Prime Minister Jose Maria Aznar's support for the American line on Iraq despite its rejection by the vast majority of the Spanish public.
Frankly I wouldn't want to stick a Fusion reactor in a country which has just shown itself to ignore both the international community and it's own people to support the american war effort. France of the other hand, like most of Europe, actually listened to its populace and didn't go to war and I don't see why they, or any nation that did the same, should suffer any negative consequences because of that.
Here it is:
:)
* Change version number from 4.1 to 4.2
* ????
* Profit!!!
Unfortunatly that plan doesn't work so well with freeware
1. The Softwood lumber dispute (I found a link to an american organization but one that is against the tarrifs because is raises lumber prices), which is doing severe damage to our lumber industry.
2. Kyoto I just threw out as something that came to mind, not all Canadian provinces like it either and a lit of US states have actually implemented their own rules that are even more stringent but it was an another international agreement that the US backed out of.
3. The landmine treaty pretty much everyone but the US signed, a notable exception, I remember hearing some speculation about them going to use some in Afghanistan but couldn't find anything in a quick google. Still it's important to note that this was in Clintons era so isn't exactly Bush's fault.
4. Here's a though piece on US violations with regards to treatment of war prisoners in Afghanistan.
5. Hostility doesn't always have to be military, the US has arguably been very hostile to the entire international community with the huge distain it showed for the UN and any country that opposed it's plans to go into Iraq or even countries that didn't offer military support (with us or against us anyone?). Yes there has been some hostility shown to the US but that's inevitable with a superpower and a crutial difference is that when the US is hostile towards another nation is any capacity it causes economic hardship and can be a threat to the nations very existance(what if GW decides to go to Iran or North Korea). As to the moron comment that was just an overheard remark (an accurate one I might add;), the bastard comment likewise was just a mistake from frustration, frankly I couldn't believe the amount of fuss that was made in the US over either comment. For example look back to the campaign when Bush didn't even appear to know who our PM's name was!! The only real reaction here was some jokes.
6. As to divisions bringing them into the open can the way the US does is more akin to aggrivating them. I'm too lazy at this point to google for info on what was going on between the Korea's at the time but I recall hearing on the media several months before about how the countries were starting to get closer together then Bush decided to through North Korea in on the axis of evil and all that went to waste.
Well I'm a Canadian for one thing, I've had to deal with the fallout of protectionist trade policies (unjustified lumber tarrifs specifically), backing out of the Kyoto agreement, ignoring the landmines treaties that the rest of the world is trying to follow, violating the Geneva convention in Afghanistan, a lot of hostility from the US government over not falling in line with them over Iraq, and the general division of Bush of the world into with us or against us, I remember just as North and South Korea were starting to become friendly again North Korea suddenly become part of an axis of evil.
This is just a few of the things that came to mind in the last couple minutes, I'm also just talking as an outsider which is why I didn't mention any of the human rights stuff that's going on internally, basically this is just a short summary of why I'm terrified that Bush might be around for another 4 years.
Capturing Saddam is a good thing. He's a Very Bad Man(tm).
...
Bush &c. will get an approval bump out of this, right up until the next terrorist attack, when it is plainly shown that the whole Iraq boondoggle was an expensive distraction so that W could feel like a man, and so that people wouldn't ask questions about the actual problem.
Possibly, but there havn't been any terrorist attacks in the US which is really the only thing that will trouble the american public, and if there is a terrorist attack I fear the media will circle the wagons so quickly that Bush will never leave.
As to Saddams capture I'm a little conflicted, Saddam was a horrible dictator and it's a good thing that he's no longer on the loose. On the other hand I can't see a scenerio where he could of ever regained power, really the only practical way I can see his capture helping is to maybe diffuse some tensions in Iraq, helping to bring some peace, and maybe serving as a deterrent to other dictators (though realistically all they would have to do is play nice to the US). On the other hand I'm terrified that this might give GW the boost he needs to get re-elected and if the past 3 years have shown anything I think that scenerio is far worse than any damage Saadam could of done in his current condition if he remained hiding in some hole.
Nice idea and it could do some good but I don't think it will work in the long run. Spam is becoming an industry and as that article mentions "It's the big guy squeezing the little guy out." This may help against the small timers but the big guys who are the real problem will likely have the knowhow to keep any software they use licsenced or use free software if they realize BSA is a risk. This is assumnig that the BSA does decide to fight against spam which is a long shot and even if they do, spammers would likely realize that the BSA relies on people not knowing their rights and could defend against it.
edit your hosts file
./ed webpage reading privaleges and the happy feeling from supporting your favorite website.
127.0.0.1 ads.osdn.com
no more ads!
You still miss out on the * beside your name, the pre
The other added benefit is that I would be responsible for phone traffic, also, in that it would be routed through the normal network. More job security...heh.
Even better, no more calls during the middle of weekend when the network goes down!
Are they allowed to claim an item is on sale without actually changing the price or do they just reduce the price by 1 cent or something?
'Low-skill jobs like coding are moving offshore and what's left in their place are more advanced project management jobs.'
So North American's are the only ones with any skills? The coding jobs aren't low skill, they're pure skill, which is precisely the reason they're being outsourced. They don't require presonal connections, expensive hardware (relative to other professions), locality, even communication is significantly less than in many other professions. The reason that in the past low skill = offshore, is because high skill = expensive equipment, which is easier to produce and maintain in western nations. But now the skills in IT jobs are much closer to theory than labour and they don't require a lot of expensive hardwar. All they need is the skills, a computer, and the specs and they're set.
That's nice, but what we really need are tips on how to set these scams up.
It's actually not that difficult. In my experience Social Engineering turns out to be the most effective approach. It has a significantly higher return than other methods and requires much less effort. The only real downside is they can have a slightly higher risk threshold due to the personal contact involved but this can be negated in many ways, among them completing transactions online where it is easier to protect your identity. If fact I believe I can give you a simple demonstration on how it works, all you need to do is give me your name, SIN, PIN, and credit card number and I can give you first hand experience in how social engineering scams work!
The problem with this sugestion is that those who put up real atms and modify them are going to come back as trusted until they rip you off..
The bank will supply the key themselves for the ABMs, not the manufacturer. The only way for the criminals to be able to get a real key would be an insider job, corporations already have lots of practice protecting keys, decrypting the key yourself, well it should be easy enough to make a key that can't be decrypted within a few thousand years, or probably the easiest, steal an ABM or atleast the chip that can do the decrypting and use it yourself, The first two shouldn't be big problems, for the final the only thing I can think of is to put the ABMs on some sort of secure encrypted network and have the info decrypted at some central facility, if a machine is believed to be comprimised it's thrown out of the loop. This stops the bad guys from ever getting something that can consistently steal PINS on a large scale. It's possible that every once in a while they may be able to comprimise a specific machine in secret so that it isn't thrown out of the loop and get PINS from there but the moment they start using the numbers the banks should find out and this shouldn't be common enough to ever be a real problem.
If they integrated some other forms of identification that couldn't be forged, such as biometrics or retinal scans, perhaps I'd be a bit less worried. But as things stand now credit cards are a better way to go if you're worried about recovering losses from fraud.
Or a public/private key system. Say when you get your card there is some randomish value on some part of the strip that when it is decryped against the key that the ABM/ATM has they will report a value that the bank gave you when you got your card, say "BLUE" (easy enough to remember). Now when ever you use an ABM/ATM you can know it will be authentic because it will say BLUE, if an ABM says your card is RED then you call the bank to report the erroneous machine which may mean an untrustmorthy machine or the bank has changed the key. The key is changed if some crackers ever find it out then the banks will have to go to all the machines and put in a new key, they'll also have to tell everyone what their new colour is which will be a hassle but hopefully shouldn't happen with any kind of frequency if they choose a good key and have good security procedures.
Darwin will finally take care of SUV owners!!