He should be sent to jail in the fantasy world, surely?
Assuming that the game has a rule saying 'if you steal things you will be imprisoned'. If there is no such law in the game, then he didn't break it, obviously.
Netscape 4 is positively svelte compared to Firefox. Firefox is much more bloated than anything that came out of Netscape before they went free-software back in 1998. Your machine is faster, that's all.
If you're thinking about getting a silent (ie fanless) power supply, consider whether your PC has a separate case fan. If it doesn't, the fan on the PSU may be needed to circulate a little air through the rest of the case. I replaced my PSU with a fanless one and in very hot (for London) weather the PC started overheating - there was no air circulating inside the case. I had to take the lid off and underclock the processor to 500MHz or something to stop it randomly crashing. (Since then I've put the lid back but kept the underclocking, since for most things you don't really notice.)
Yes, although the Radio Times site is part of BBC Worldwide, which is the evil money-grubbing part of the BBC, they've been very enlightened and generous about providing access to listings in XML format. I think they realize it's better this way than having a thousand hacked-up perl scripts trying to fetch web pages and parse them. Not that there's anything wrong with that...
Yes, I mentioned that the server would need to have a copy of your password in plaintext. Whereas if you send your password in plaintext, the server only needs to store a hash! Perhaps cryptographers have invented a more complex scheme that means you need only store a hash at the server and send a hash - or perhaps someone has proven that this is impossible.
On the question of Javascript, I suppose that the contents of a 'secure hashed password' field could be hidden from any Javascript query, and similarly logging keystokes would be disabled when the focus is on such a box.
If the scam site asks for your password, and you enter it, it's too late for any hashing/whatever.
If the scam site uses the password entry form, then it can never see your password - only a hash.
If it doesn't use the password entry form then your web browser would flag this up - hey, are you sure you want to enter your password and send it visible to the other site? The most obvious way to do this would be to reserve the 'asterisked out' text entry field for secure password entry, and show all the others in plain text. I'd be surprised to see my password displayed as I typed, and I'd question what was going on.
I'm not so concerned with sniffing - more with preventing the server on the other end from seeing the password. So it can _verify_ that you know the password, but it can't find out the password if it didn't know it. However, this method does protect against sniffing too.
The point is to make it harder for a scam site to find out your password. The password is never sent to the server (encrypted or not); only a hash is sent. The web browser's ordinary password entry box would need to be this secure-hash kind, so that if a user is asked to type his password into another kind of field, sending it directly to the server, he will become suspicious.
HTTP 'digest' authentication works this way doesn't it? It is a real shame that so many sites insist on reinventing the wheel rather than using the HTTP authentication built into every browser.
I thought the periodic table had already been rearranged once, and that the one you see on classroom walls (with the long, thin stretch of transition metals in the middle and two lines of heavy and maybe-radioactive metals off at the bottom) was the revised version. The previous arrangement had a lot more special cases and odd bits. I don't have the details but I'm sure I saw an Open University programme about this long long ago.
This business with the 2nd and 6th characters is because of the lack of support in web browsers for a real 'password proof' entry box.
An HTML form could have a special control for password entry. Rather than sending the whole password to the server when the form is submitted, the browser generates a random salt and makes a hash of password+salt+current time. Then it sends the hash, the salt chosen and the current time to the server, which can verify that the password was correct. (This does however require the password to be kept in plain text on the server.)
I am not a cryptographer so there may be some horrible flaw in the above scheme, but I know there are ways to do this without sending your password to the server, so you cannot accidentally give away your password to a phishing site. It seems like the sort of basic and obvious thing that web browsers should support to improve security.
There were four seasons made; apparently Fox messed them around and created a fifth season from parts of the third and fourth. 'Parasites Lost' is an episode from the third season, and I agree, it's a great episode.
There were good episodes in the fourth season, but too many bad ones (eg Kif Gets Knocked Up A Notch) where the plot was thin and the humour seemed wooden.
I agree with the OP. The fourth season was noticeably worse than the previous three, as if all the good writers had suddenly left. As an example take the scene when Bender is pouring toxic waste into the sewers. This dialogue is from memory, but it goes something like
Leela: Bender, stop pouring that waste into the sewers. Bender: Why not? Leela: First, it'll piss off the mutants. Second, everything else that's wrong with what you're doing.
Thud. For me this ranks up there with 'do you know what happens to a toad that gets struck by lightning'. And the fourth season is full of jokes that fall flat like this. For most of the episodes I sat uncomfortably waiting for the funny bit to start. There were a couple of good episodes but on the whole I would rate the fourth season well behind the other three.
The head honcho of Lindows made a good point in an interview a while back. What practical security advantages are there for the average desktop user - who is the only person using his PC - to run as his own user account instead of root? If the user account is exploited by a trojan or whatever, isn't that almost as bad as rooting the whole box? Can't a cracked user account still be used to send spam, or DDOS attacks, or get the user's credit card information? All the traditional things that are restricted to root, like running services on ports 1024 or accessing another user's files, are pretty much irrelevant in the world of the single-user desktop.
I think it is a mistake to assume that 'decent security' means 'not running as root'. Even as an ordinary user account you still have a great deal of power and access to sensitive files (namely, your own personal data). Running with true least-privilege-necessary would involve a lot more than a user account; for example, I'd like to see all applications start up in a chroot jail by default, with access only to files from their own package and those the user has chosen to load into that application. (The GUI shell would need to run with more permissions than the applications, and take care of starting an app and arranging its access to certain files.)
The main reason to restrict user's access to non-root accounts is administrative. You can stop them breaking their own machine. On a corporate network you certainly want to control the configuration, and you may have inherently insecure network services like NFS which depend on trusting the client.
I found 2M and 2MGUI diskettes to be pretty reliable... but I think floppy drive hardware has deteriorated over the past ten years. In the good old days a floppy drive cost $50 and you got what you paid for.
What you mention about dd is quite true, however, if you can write directly to the device with dd you can also create a filesystem on it with fdformat, and then mount that filesystem. After all, dd is still going through the kernel to write to the disk, it doesn't really write 'directly' to the floppy. Only bizarre DOS programs like 2MGUI do that:-p.
And all this is needed for... what exactly? To make a kewl-looking user interface that is inconsistent with all the other programs on the user's system and with other websites?
A BIOS setting won't do any good if your floppy controller can't generate the higher frequencies needed for quad density. And a floppy controller won't do any good if you don't have the right disk drive. I suspect that clone motherboards nowadays can drive quad-density floppies (in the same way that even a dirt cheap graphics card can do a 200MHz pixel clock which was once shit-hot graphics workstation kind of speed) but as you say, getting hold of the drive will be tricky.
Only the second-generation PS/2s (95xx model numbers) included quad-density drives. The earlier ones (85xx) were 1.44Mbyte. It's possible the 286 models (Model 30-286, 50Z, 60, maybe a couple of others) were an exception here but I doubt it. I think you would need a newer PS/2 to use these disks, and those machines are 386 at least.
The article claims that a 3.5inch floppy holds only 1.44 megabytes of data. That's true only if you format them in the standard MS-DOS format (and we'll ignore the rather weird definition of 'megabyte' used to quote the size). But the physical limit of the diskette is two megabytes - that's why they are sometimes called '2MB (Unformatted)' - and with better software you can get closer to this.
You can increase the number of tracks (concentric circles) on the disk, or the number of sectors per track (reducing the gap between each sector). Floppy drives are rated for 80 tracks but can usually manage a few more. There is the 1.72 megabyte or so format used by Microsoft for installation floppies, which is readable by standard DOS and Windows with no problems. Although DOS supports it, the 'format' program doesn't, so you will need to get fdformat or 2MDOS (see below).
A step further is to install a driver like 2M (search for it on Simtel's MS-DOS archive) which lets you format floppies up to 1.92 megs or so. I think some of these formats are understood by Linux but I'm not sure. Sadly, since 2M is a DOS driver it won't work with newer Windows versions. The included 2MDOS driver patches MS-DOS's format program to let you format floppies in 1.72 megs and other reasonably-large sizes, which are then readable by all DOS and Windows versions without the need for extra drivers.
2M also includes 2MGUI, short for '2M-Guiness', which claims to hold the world record for fitting the most onto a floppy. It will format ordinary quad-density floppies nearly two megabytes. (Bizarrely, it also manages to get about 1.1 megs on a double-density floppy, which is more than the theoretical limit.)
Note also that later model IBM PS/2s included an octuple-density floppy drive, giving 2.88 megs with vanilla DOS or OS/2 and nearly 4 megs with clever format programs, but this more expensive hardware never caught on. Perhaps the floppy controller in your clone PC nowadays can handle an octuple-density disk drive, I'm not sure.
or do running programs cache the old library, and therefore need a restart?
This is a damn good point. The same applies to replacing some executable - if the old version is still running then you're still vulnerable. Or a data file; because of Unix filesystem semantics you can have the old version open, it gets unlinked and replaced, but a process can have an open filehandle to the old version. In fact, anything loaded into memory from disk is a place for old copies to lurk.
And yet aren't these the advantages of Unix-like systems over Windows? That you don't have to reboot after every update, that you can gracefully restart services?
Maybe the only way to _really_ fix the problem is to go to a managed code system (Java, or.net, or some Lisp edifice) which can dynamically load and unload bits of code, and guarantee that the old version is no longer running.
And why does Apple need to switch from plain-Jane ARM processors to Intel's greased-lightning XScale? What do they need that extra power for? Why, to bring back the Newton, of course!
And this, my friends, is why 'dependency hell' is a good thing. A flaw is found in zlib - no trouble, just run the normal update program that comes with your distribution, 'yum update' or whatever, the centrally installed zlib library will be updated, and all applications will start using it.
The trouble comes with those software authors that wanted to be clever and to 'cut down on dependencies' and included a whole copy of zlib statically linked into their application. Now you have to replace the whole app to remove the zlib security hole. The dependency on zlib is still there, just better hidden, and in a way that makes upgrading a lot harder.
If Microsoft had any sense, a zlib.dll would be bundled with Windows and then Office (and many other apps) could use it. But they wouldn't want to do that, partly because it would involve admitting that they use such third-party libraries.
Slashdot Mirror
He should be sent to jail in the fantasy world, surely?
Assuming that the game has a rule saying 'if you steal things you will be imprisoned'. If there is no such law in the game, then he didn't break it, obviously.
Netscape 4 is positively svelte compared to Firefox. Firefox is much more bloated than anything that came out of Netscape before they went free-software back in 1998. Your machine is faster, that's all.
If you're thinking about getting a silent (ie fanless) power supply, consider whether your PC has a separate case fan. If it doesn't, the fan on the PSU may be needed to circulate a little air through the rest of the case. I replaced my PSU with a fanless one and in very hot (for London) weather the PC started overheating - there was no air circulating inside the case. I had to take the lid off and underclock the processor to 500MHz or something to stop it randomly crashing. (Since then I've put the lid back but kept the underclocking, since for most things you don't really notice.)
Yes, although the Radio Times site is part of BBC Worldwide, which is the evil money-grubbing part of the BBC, they've been very enlightened and generous about providing access to listings in XML format. I think they realize it's better this way than having a thousand hacked-up perl scripts trying to fetch web pages and parse them. Not that there's anything wrong with that...
Yes, I mentioned that the server would need to have a copy of your password in plaintext. Whereas if you send your password in plaintext, the server only needs to store a hash! Perhaps cryptographers have invented a more complex scheme that means you need only store a hash at the server and send a hash - or perhaps someone has proven that this is impossible.
On the question of Javascript, I suppose that the contents of a 'secure hashed password' field could be hidden from any Javascript query, and similarly logging keystokes would be disabled when the focus is on such a box.
If it doesn't use the password entry form then your web browser would flag this up - hey, are you sure you want to enter your password and send it visible to the other site? The most obvious way to do this would be to reserve the 'asterisked out' text entry field for secure password entry, and show all the others in plain text. I'd be surprised to see my password displayed as I typed, and I'd question what was going on.
I'm not so concerned with sniffing - more with preventing the server on the other end from seeing the password. So it can _verify_ that you know the password, but it can't find out the password if it didn't know it. However, this method does protect against sniffing too.
The point is to make it harder for a scam site to find out your password. The password is never sent to the server (encrypted or not); only a hash is sent. The web browser's ordinary password entry box would need to be this secure-hash kind, so that if a user is asked to type his password into another kind of field, sending it directly to the server, he will become suspicious.
HTTP 'digest' authentication works this way doesn't it? It is a real shame that so many sites insist on reinventing the wheel rather than using the HTTP authentication built into every browser.
I thought the periodic table had already been rearranged once, and that the one you see on classroom walls (with the long, thin stretch of transition metals in the middle and two lines of heavy and maybe-radioactive metals off at the bottom) was the revised version. The previous arrangement had a lot more special cases and odd bits. I don't have the details but I'm sure I saw an Open University programme about this long long ago.
This business with the 2nd and 6th characters is because of the lack of support in web browsers for a real 'password proof' entry box.
An HTML form could have a special control for password entry. Rather than sending the whole password to the server when the form is submitted, the browser generates a random salt and makes a hash of password+salt+current time. Then it sends the hash, the salt chosen and the current time to the server, which can verify that the password was correct. (This does however require the password to be kept in plain text on the server.)
I am not a cryptographer so there may be some horrible flaw in the above scheme, but I know there are ways to do this without sending your password to the server, so you cannot accidentally give away your password to a phishing site. It seems like the sort of basic and obvious thing that web browsers should support to improve security.
Jizzle?
There were four seasons made; apparently Fox messed them around and created a fifth season from parts of the third and fourth. 'Parasites Lost' is an episode from the third season, and I agree, it's a great episode.
There were good episodes in the fourth season, but too many bad ones (eg Kif Gets Knocked Up A Notch) where the plot was thin and the humour seemed wooden.
I agree with the OP. The fourth season was noticeably worse than the previous three, as if all the good writers had suddenly left. As an example take the scene when Bender is pouring toxic waste into the sewers. This dialogue is from memory, but it goes something like
Leela: Bender, stop pouring that waste into the sewers.
Bender: Why not?
Leela: First, it'll piss off the mutants. Second, everything else that's wrong with what you're doing.
Thud. For me this ranks up there with 'do you know what happens to a toad that gets struck by lightning'. And the fourth season is full of jokes that fall flat like this. For most of the episodes I sat uncomfortably waiting for the funny bit to start. There were a couple of good episodes but on the whole I would rate the fourth season well behind the other three.
The head honcho of Lindows made a good point in an interview a while back. What practical security advantages are there for the average desktop user - who is the only person using his PC - to run as his own user account instead of root? If the user account is exploited by a trojan or whatever, isn't that almost as bad as rooting the whole box? Can't a cracked user account still be used to send spam, or DDOS attacks, or get the user's credit card information? All the traditional things that are restricted to root, like running services on ports 1024 or accessing another user's files, are pretty much irrelevant in the world of the single-user desktop.
I think it is a mistake to assume that 'decent security' means 'not running as root'. Even as an ordinary user account you still have a great deal of power and access to sensitive files (namely, your own personal data). Running with true least-privilege-necessary would involve a lot more than a user account; for example, I'd like to see all applications start up in a chroot jail by default, with access only to files from their own package and those the user has chosen to load into that application. (The GUI shell would need to run with more permissions than the applications, and take care of starting an app and arranging its access to certain files.)
The main reason to restrict user's access to non-root accounts is administrative. You can stop them breaking their own machine. On a corporate network you certainly want to control the configuration, and you may have inherently insecure network services like NFS which depend on trusting the client.
I found 2M and 2MGUI diskettes to be pretty reliable... but I think floppy drive hardware has deteriorated over the past ten years. In the good old days a floppy drive cost $50 and you got what you paid for.
:-p.
What you mention about dd is quite true, however, if you can write directly to the device with dd you can also create a filesystem on it with fdformat, and then mount that filesystem. After all, dd is still going through the kernel to write to the disk, it doesn't really write 'directly' to the floppy. Only bizarre DOS programs like 2MGUI do that
And all this is needed for... what exactly? To make a kewl-looking user interface that is inconsistent with all the other programs on the user's system and with other websites?
A BIOS setting won't do any good if your floppy controller can't generate the higher frequencies needed for quad density. And a floppy controller won't do any good if you don't have the right disk drive. I suspect that clone motherboards nowadays can drive quad-density floppies (in the same way that even a dirt cheap graphics card can do a 200MHz pixel clock which was once shit-hot graphics workstation kind of speed) but as you say, getting hold of the drive will be tricky.
Only the second-generation PS/2s (95xx model numbers) included quad-density drives. The earlier ones (85xx) were 1.44Mbyte. It's possible the 286 models (Model 30-286, 50Z, 60, maybe a couple of others) were an exception here but I doubt it. I think you would need a newer PS/2 to use these disks, and those machines are 386 at least.
The article claims that a 3.5inch floppy holds only 1.44 megabytes of data. That's true only if you format them in the standard MS-DOS format (and we'll ignore the rather weird definition of 'megabyte' used to quote the size). But the physical limit of the diskette is two megabytes - that's why they are sometimes called '2MB (Unformatted)' - and with better software you can get closer to this.
You can increase the number of tracks (concentric circles) on the disk, or the number of sectors per track (reducing the gap between each sector). Floppy drives are rated for 80 tracks but can usually manage a few more. There is the 1.72 megabyte or so format used by Microsoft for installation floppies, which is readable by standard DOS and Windows with no problems. Although DOS supports it, the 'format' program doesn't, so you will need to get fdformat or 2MDOS (see below).
A step further is to install a driver like 2M (search for it on Simtel's MS-DOS archive) which lets you format floppies up to 1.92 megs or so. I think some of these formats are understood by Linux but I'm not sure. Sadly, since 2M is a DOS driver it won't work with newer Windows versions. The included 2MDOS driver patches MS-DOS's format program to let you format floppies in 1.72 megs and other reasonably-large sizes, which are then readable by all DOS and Windows versions without the need for extra drivers.
2M also includes 2MGUI, short for '2M-Guiness', which claims to hold the world record for fitting the most onto a floppy. It will format ordinary quad-density floppies nearly two megabytes. (Bizarrely, it also manages to get about 1.1 megs on a double-density floppy, which is more than the theoretical limit.)
Note also that later model IBM PS/2s included an octuple-density floppy drive, giving 2.88 megs with vanilla DOS or OS/2 and nearly 4 megs with clever format programs, but this more expensive hardware never caught on. Perhaps the floppy controller in your clone PC nowadays can handle an octuple-density disk drive, I'm not sure.
And yet aren't these the advantages of Unix-like systems over Windows? That you don't have to reboot after every update, that you can gracefully restart services?
Maybe the only way to _really_ fix the problem is to go to a managed code system (Java, or
And why does Apple need to switch from plain-Jane ARM processors to Intel's greased-lightning XScale? What do they need that extra power for? Why, to bring back the Newton, of course!
And this, my friends, is why 'dependency hell' is a good thing. A flaw is found in zlib - no trouble, just run the normal update program that comes with your distribution, 'yum update' or whatever, the centrally installed zlib library will be updated, and all applications will start using it.
The trouble comes with those software authors that wanted to be clever and to 'cut down on dependencies' and included a whole copy of zlib statically linked into their application. Now you have to replace the whole app to remove the zlib security hole. The dependency on zlib is still there, just better hidden, and in a way that makes upgrading a lot harder.
If Microsoft had any sense, a zlib.dll would be bundled with Windows and then Office (and many other apps) could use it. But they wouldn't want to do that, partly because it would involve admitting that they use such third-party libraries.
Well, IANAL...