Actually, if I am understanding these informative slashdotposts correctly, the attacking person does not have to be within range of a cluebat to exploit this flaw.
The remote/local designation refers to whether the attacker already has a valid username/password on your vulnerable system. It does not refer to the physical location of the attacker.
One thing I try to keep in mind is that the main purpose of my resume is to get me an interview.
Bearing that in mind, one tactic would be to put on the resume something general about contributing to FOSS. Then, they have to actually contact you to find out the specifics. This also helps keep the resume brief, which is a good thing.
The moral of the story? I suppose it's just this:
the "many eyeballs" theory quickly breaks down in the face of esoteric algorithms.
The follow-on to this story is that Schneier developed blowfish for just this reason, as he talks about here:
Use a design that is simple to understand. This will facilitate analysis and increase the confidence in the algorithm. In practice, this means that the algorithm will be a Feistel iterated block cipher.
I am writing a simple app at home using blowfish to brush up on my C++ skills, and I am just a lowly mechanical-engineer-turned-programmer.
This is some seriously funny stuff. Take this for example:
Putting the Fun in Fund Raising: 500 Ways to Raise Money for Charity
by Phillip T Drotning
As treasurer of a small obesity support group with charitable status I am always looking for ways to raise funds, and at times it's a real drag. But this book really does put the "fun" back into fund raising. Financially we're having the best year ever, and that's not even
counting this Autumn's Butter-Chug, which should be good for £1000 after expenses.
Almost 300 anti-Ralsky posts were
made on the Slashdot.org Web site, where the plan was hatched
after spam haters posted his address, even an aerial view of his
neighborhood.
I have searched the original article, and I can't find anything mentioning an aerial view of his neighborhood. Is there something I am missing?
According to a post by krow which might be this one, and definately can be found as a link here (if you can ever get the server to respond- I can't), mod points, karma, and presumably meta-mods, will not carry over to the "real" slashdot.
This makes for a kind of free-for-all. Mod points distributed in blocks of 30 and trolls given the +1 bonus also makes for more traffic.
Well, I am not an electrician, but if your system is currently working, or you can borrow a power supply, try to simultaneously max out all components in your system. When you think you're drawing the most power you ever will, measure the amps going in to your power supply and the voltage across the two AC legs of the power going in to the power supply. Then, think back to high school physics and remember the power equation (I forget the name):
Power (Watts) = Current (Amps) * Voltage (Volts)
Add in some appropriate safety margin, and, if you like, a margin for future expansion, and you have your actual power draw.
"We're doing many things, including the settlement program, to make our protected intellectual property widely accessible and available under very reasonable terms," Desler said.
"If there are issues we're in constant dialogue with these government agencies as well."
That last part sounds more like a threat than anything reassuring.
Aren't things like this generally cheaper to mass-produce. Why didn't the guys make a few rocket belts and avoid this problem altogether? If it was made by "machinists and engineers" then a large portion of the costs are setup costs, R&D, and other one-time costs.
Today, with the GNU Hurd working, it would not make sense to [adopt Linux as the GNU kernel]. We don't want to release a
GNU/Linux system as "GNU", because we are getting ready to package and release the real GNU system.
Valid for definitions of "getty ready to package and release" up to and including six years of prep work.
Leaving us slashdot readers to create our own subversive techniques is more effective than the editors foisting their version of subversion on us. Personally, I use a login I found at Nifty News and Decent Deals because it probably hits the NYT database a few dozen times each article.
I did this because the logins I used to pull from Slashdot articles never lasted longer than a couple days before NYT disabled them. They probably got more NYT attention, hitting the DB a few thousand times.
Of course, they can probably tell some important data by taking my login, combining it with my IP, and querying some huge online advertising database. But I am making a statement.
For Safeway, if I leave my card in the glove box, I just give them the phone number of someone else who I have found (through trial and error) has a Safeway card.
I just told them that I had moved since I filled out the form and did not remember the old number very well. They let me try a few out and when they got a hit in their DB, I just said "yeah, that's it."
He is not stealing. Copyrighted materials are allowed to be reproduced as part of a critique of the material. He is obviously not trying to gain from the endeavor, but to critique the copyrighted works.
In the past, I have been the less-productive person on the team. Back before I started programming, I was working as a Mechanical Engineer. I was a perfectionist doing custom engineering work where, in the words of the engineering manager:
"The design is 80% done when it goes out to the machine shop to be created. The machinists and other production people fill in the other 10% and the final 10% is luck."
I was always behind and had to deal with the frustrations of my co-workers and managers. I found myself looking for work, and decided that since I had always liked computers, maybe I should look for a computer job. I am doing much better now as a programmer, where the ultimate product has to be 100% correct or it does not work properly.
It sounds like these people may just need to find their "thing," which could mean removing them from the programming dept. Regarding your current dilemna, they probably won't mind if you take over coding their parts of the project. I experienceed being removed from the engineering dept, and people taking over the parts of my project that I was behind on, and I understood why and was OK with it.
Slashdot Mirror
Can someone who has bought the ring tone wait for a mosquito to come around and then see if the tone repels said insect?
Often a simple experiment is worth more than a hundred random slashdot opinions.
Here is the actual paypal link: Paypal link.
Actually, if I am understanding these informative slashdot posts correctly, the attacking person does not have to be within range of a cluebat to exploit this flaw.
The remote/local designation refers to whether the attacker already has a valid username/password on your vulnerable system. It does not refer to the physical location of the attacker.
One thing I try to keep in mind is that the main purpose of my resume is to get me an interview.
Bearing that in mind, one tactic would be to put on the resume something general about contributing to FOSS. Then, they have to actually contact you to find out the specifics. This also helps keep the resume brief, which is a good thing.
According to this page, IBM is one of the few "Name" Brand companies that produce their own laptops.
For those of you looking for a history of OS/2 and its marketing, try this article.
Looks like we've given them a severe slashdotting in return.
Any mirrors out there?
Helllllllo Moderators-
This is some seriously funny stuff. Take this for example:
I have searched the original article, and I can't find anything mentioning an aerial view of his neighborhood. Is there something I am missing?
According to a post by krow which might be this one, and definately can be found as a link here (if you can ever get the server to respond- I can't), mod points, karma, and presumably meta-mods, will not carry over to the "real" slashdot.
This makes for a kind of free-for-all. Mod points distributed in blocks of 30 and trolls given the +1 bonus also makes for more traffic.
Please mod this down.
Power (Watts) = Current (Amps) * Voltage (Volts)
Add in some appropriate safety margin, and, if you like, a margin for future expansion, and you have your actual power draw.
It's not slashdot. Tomshardware is always that slow.
That last part sounds more like a threat than anything reassuring.
Aren't things like this generally cheaper to mass-produce. Why didn't the guys make a few rocket belts and avoid this problem altogether? If it was made by "machinists and engineers" then a large portion of the costs are setup costs, R&D, and other one-time costs.
Leaving us slashdot readers to create our own subversive techniques is more effective than the editors foisting their version of subversion on us. Personally, I use a login I found at Nifty News and Decent Deals because it probably hits the NYT database a few dozen times each article.
I did this because the logins I used to pull from Slashdot articles never lasted longer than a couple days before NYT disabled them. They probably got more NYT attention, hitting the DB a few thousand times.
Of course, they can probably tell some important data by taking my login, combining it with my IP, and querying some huge online advertising database. But I am making a statement.
Maybe even the editors are subject to the "Can't post and moderate the same story" limitation.
Nothing like teaching him a lesson with a good slashdotting!
For Safeway, if I leave my card in the glove box, I just give them the phone number of someone else who I have found (through trial and error) has a Safeway card.
I just told them that I had moved since I filled out the form and did not remember the old number very well. They let me try a few out and when they got a hit in their DB, I just said "yeah, that's it."
Works for me.
He is not stealing. Copyrighted materials are allowed to be reproduced as part of a critique of the material. He is obviously not trying to gain from the endeavor, but to critique the copyrighted works.
In the past, I have been the less-productive person on the team. Back before I started programming, I was working as a Mechanical Engineer. I was a perfectionist doing custom engineering work where, in the words of the engineering manager:
I was always behind and had to deal with the frustrations of my co-workers and managers. I found myself looking for work, and decided that since I had always liked computers, maybe I should look for a computer job. I am doing much better now as a programmer, where the ultimate product has to be 100% correct or it does not work properly.
It sounds like these people may just need to find their "thing," which could mean removing them from the programming dept. Regarding your current dilemna, they probably won't mind if you take over coding their parts of the project. I experienceed being removed from the engineering dept, and people taking over the parts of my project that I was behind on, and I understood why and was OK with it.
The google search
The top google link
Jeffrey's notes on spammers that he has toll-free numbers listed for.
You're right, I still don't see the connection. Maybe timothy is trying for a fax slashdotting.
In my opinion, the Pinto and the Yugo didn't look that bad, and I have a Colt Vista which runs just great!