Slashdot Mirror


User: idontgno

idontgno's activity in the archive.

Stories
0
Comments
4,819
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,819

  1. Re:This isn't true on Sophisticated, Targeted Breakins Uncovered · · Score: 2, Funny

    cat /dev/zero | gzip -c | mail -s "Unpack this, beeotch" fulcrum@evil.org
  2. Favorite (and most telling) quote: on Sophisticated, Targeted Breakins Uncovered · · Score: 1

    "Internet security firms began to release patches to fight the malicious software on Monday night."

    "Hey, dammit, don't close that barn door now, we're trying to put the horses away!"

  3. I am not a topologist on Möbius Strip Riddle Solved · · Score: 2, Informative

    but the energy they speak of might be related to Willmore energy. I gather from the Wiki writeup and assorted Google-gleanings that Willmore energy is a mathematical expression of what we consider in the real world as distortion tension. The more you have to bend a shape the more localized Willmore energy density you have. A good clue to me is the line in the Wiki article: "A sphere has zero Willmore energy." The curvature of a sphere is constant, with no localized puckers or distortion. Hence, zero Willmore energy. An untwisted flat strip would also have zero Willmore energy, but twist it and curve around to join up into a Mobius, and it gains significant distortion; hence, increased energy.

  4. Re:Sit on it... on Microsoft .NET Patch May Make PCs Go "Haywire" · · Score: 3, Funny
    So go ahead, upgrade your boxes on patch tuesday. I've just had way to many experiences where that has caused me serious grief.

    I'm picturing the classic "Far Side" cartoon depicting the herd of lemmings (herd? is that what they group in?) rushing down the beach and into the sea with singleminded determination, except for one smartass lemming wearing an inner tube flotation thingie and smiling knowingly at the viewer.

    Of course, I did the singleminded-lemming thing Tuesday at home, and nothing's puking visibly yet. But on the gripping hand, the military network environment I work with tends to very carefully evaluate these Microsoft patches before letting them loose on their systems. I guess the network admins want to be the sole authority on unplanned outages, rather than outsourcing to the vendor.

  5. Re:This is not EFF -vs- AT&T on Court Orders Dismissal of US Wiretapping Lawsuit · · Score: 1

    Better yet, contact your congressman (of any Party, they all want to be re-elected) and tell them why this issue is important to you and how this will affect your vote in 2008.

    Your congresscritter will know better. There's no absentee voting in Gitmo.

  6. Insect swarms are smarter than insects on Swarm Theory Makes National Geographic · · Score: 5, Informative

    Aunt Hillary would agree.

    To the confused, Aunt Hillary is an ant hill, a character in Douglas Hofstadter's Gödel, Escher,Bach; an Eternal Golden Braid. The chapter she's featured in is subtitled "...Ant Fugue". (Which is the chapter following one subtitled "Prelude...")

  7. Re:URL referrer on Major Flaw Found In Security Products · · Score: 1

    In the context I'm talking about, the browser has no control over the referrer.

    Review TFA and read the pretty-good Wikipedia article about Cross-Site Request Forgery.

    Then imagine a Javascript program, uploaded to a victim's browser by your hypothetical shadyhackerswebsite. (The victim's looking for instructions for how to cut down the size of his window shades and got fooled by a seeded Google response, let's say.)

    The Javascript takes advantage of the breach in document security which is the subject of TFA: if the brower the Javascript is running in has another window or tab open, and that tab (for instance) is authenticated into a trusted web-form-based site (like online banking), the Javascript can take advantage of the authenticated state of the other session to submit a form URL to the target website.

    So, you say that referrer checking should safeguard that, because the white-hat browser session (doing real e-banking business, for instance) would have a valid referrer URL in the form submission but the black-hat Javascript can't.

    This latter assertion (the Javascript can't synthesize the referrer) is wrong. Read http://www.cgisecurity.com/lib/XmlHTTPRequest.shtm l to see how to spoof a referrer string in a Javascript-based GET or POST.

    Now, are you arguing that maybe the browser's HTTP interface should be intervening by validating any outbound referrer? That isn't happening. I don't know the mechanics of Javascript implementations in browsers, particularly in reference to the HTTP interface of the browser engine itself, but I'm guessing that they're independent and the browser has very little supervisory control over what Javascript is doing with the XmlHTTPRequest method. In other words, the browser will play by the referrer rules, but Javascript isn't obligated to.

    By the way, to some extent I'm simply speculating, but the experts have already spoken. Read http://www.cgisecurity.com/articles/csrf-faq.shtml , and note well the following question/answer:

    Can CSRF be prevented by implementing referrer checking?
    No. Referer headers can be spoofed using XMLHTTP and by using flash as demonstrated by Amit Klein and rapid7 and therefore cannot be trusted.

    And yes, it's a bug. The real bug is the stupid conceit that HTTP can be stateful, first and foremost. You can hack at it and create state with cookies and the like, but if browser software can send valid information then crafted mobile malware can send invalid information and break state and get away with it.

  8. Re:URL referrer on Major Flaw Found In Security Products · · Score: 1

    Oh, I don't know. If an attacker is going to research the target form page well enough to generate convincing POST content, I would hope he or she would go a little further and research the referrer URL pattern and synthesize that as well.

  9. Re:Am I the only one... on Theo de Raadt Details Intel Core 2 Bugs · · Score: 1

    ...wondering WTF an invalid temperature is?

    Something like -423.745i

    Measured in grams.

  10. "Linux fodder"? on Giant Penguins Once Roamed Peru · · Score: 1

    SOYLENT LINUX IS GIANT PENGUINS!

    lameness filter etc. leave it to slashcode to ruin a perfectly cromulent jokememe.

  11. Re:It was real drama on Babylon 5 - The Lost Tales Trailer Posted · · Score: 1

    It oughta also be +1 insightful. What ol' Zathras said is absolutely true; it is easier to get things done when everyone else's forgotten about you.

    I always like Zathras. But even more than that, I liked his younger brother Zathras, who reminded me of myself. I just wish I could get the hang of the pronounciation differences among the Zathras brothers' names.

  12. Re:Gates onto something?? on Crackers Cause Pentagon to Put Computers Offline · · Score: 5, Informative

    In the classified processing facilities I've seen, the PCs have no writeable removable media (CD-ROM drive only, no floppy drive, etc.) and the USB, Firewire, and unused I/O ports are filled with epoxy. And the cases are locked shut with the tamper-detection switch active. And reporting to something like Tivoli or HP OpenView.

    Did I mention the network switches also administratively disable any network port that shows a significant interruption in ethernet link status (or change in attached MAC address)? So don't bother trying to switch out PCs either.

    Ultimately, I'm sure it can be worked around. Just not very easily, and failing means an espionage trial and a few months or years in federal pound-you-in-the... well, you know.

  13. Re:It's free hosting. What do you expect? on SourceForge's Hottest Five Apps · · Score: 1

    Hmmm. Maybe our little town could have avoided annexation by the big city next door if we could have counted the inhabitants of the local graveyards in our population.

    C'mon, SF, get it together. Dead is DEAD. A project with no activity and no ability to contact the principals needs to AT LEAST get "archived".

    Geesh. That's why I never search SF itself for anything; I take pointers from external sources like recent mail-list traffic. That way you know the project mentioned isn't merely dust and a bad smell.

  14. Zeno of Elea... on Black Hole Information Loss Paradox Solution Proposed · · Score: 2, Interesting
  15. Re:Real Estate on Vertical Farming · · Score: 1

    People/businesses could go there and buy the food directly. 0 transportation cost.

    For very large values of "0", I guess.

    Again: People/businesses could go there...

    Which is the textbook definition of "transportation".

    Let's not oversell this. Unless we're discussing a true Soleri arcology, consumers will not be within "0-transportation" range of producers. The big win sounds like reduced production and transport impacts from mega-farm equipment and bulk transportation of products from field to market to table, but this all seems counterintuitive to the presumed economies of scale of modern industrial agriculture.

  16. See also on The Psychology of Fanboys · · Score: 2, Funny

    Amiga Persecution Complex

    Signed,
    idontgno
    former Amiga fanboi

  17. Re:But we CAN do better! on Can Statistics Predict the Outcome of a War? · · Score: 1

    But then James T. Kirk comes along and blows up your computers.

  18. I wanna see this technology at the network layer.. on Far-Fetched Time Travel Concept Receives Private Funds · · Score: 1

    myserver:/home/idontgno > ping science.slashdot.org
    PING science.slashdot.org (66.35.250.150): 56 data bytes
    64 bytes from 192.168.65.24: icmp_seq=0 ttl=255 time=-23.45 ms
    64 bytes from 192.168.65.24: icmp_seq=1 ttl=255 time=-20.84 ms
    64 bytes from 192.168.65.24: icmp_seq=2 ttl=255 time=-21.33 ms
    64 bytes from 192.168.65.24: icmp_seq=3 ttl=255 time=-19.43 ms

    ----science.slashdot.org PING Statistics----
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max = -23.45/-21.26/-19.43 ms
  19. One quote stands out... on Marriott IT Exec Shares Network Horror Story · · Score: 1

    I can take 100,000 customers a night on that infrastructure and we actually have less incidents of harm than we do on our corporate back-office infrastructure.'"

    That says less about the robustness of the hospitality net and more about the poor planning and administration of the enterprise intranet.

  20. ObParaphrase on Laws Threaten Web Security Researchers · · Score: 1

    When exploits are outlawed, only outlaws will have exploits.

  21. Re:So now we're afraid of swearing on the internet on FCC Indecency Ruling Struck Down · · Score: 1

    No kidding, I was gonna mod him up +1 Magicbane

    (Yah, I know you're not supposed to enchant it all, but what good is a +0 moderation?)

  22. Re:Stairway on Guitartabs.com Suspends Under Legal Pressure · · Score: 1

    Thanks for explaining that.

    I remembered the movie scene in question, but "PbZ" was only registering as "Peanut Butter and Zinc".

    Which would be the weirdest name for a Led Zeppelin tribute band EVAR.

    Hey, zero Google hits! That must be worth something.

  23. Hey, they forgot on Top 10 Dead (or Dying) Computer Skills · · Score: 1

    Microsoft Certified <foo>

    Seriously

  24. Re:Administratively impossible? on Microsoft Too Busy To Name Linux Patents? · · Score: 2, Insightful
    Odd. My Oracle instance is complaining that ID is an unknown identifier.

    Now, if you know the table structure, and ID is a valid column name... OK, I buy it. But this is Microsoft! "count(*)" works even if you have no idea of the row structure, which is precisely where Microsoft is.

  25. Re:Fine: Define email on Senator Warns of Email Tax This Fall · · Score: 3, Informative

    You really didn't read TFA, did you? Understandable, really, /. being what it is.

    The last two paragraphs were, quite specifically, about taxing e-mail.

    The upshot? Federal tax agencies express no interest in an e-mail tax, but if the internet service tax moratorium expires you can count on at least a few lesser jurisdictions (states, municipalities, etc.) to attempt to impose come crack-brained e-mail tax (or something similar). I'd expect in that case they'd just levy a flat or proportionate fee and call it a message communication tax or something. (Rather than try to define e-mail in some measurable and definite sense and then monitor your traffic to count the number of times you do measured and defined thing X.)