I recently saw a LONG list of prominent Republicans throughout the country who were in past years officially charged with various forms of paedophilia...
Do you have a link, or are we supposed to take your word for it? I'd be very interested in seeing the list and related court records. If you say "Google for it", I'm just going to assume you made it up.
I have a 1-year old iPod mini with a dead battery. Now I heard Apple lost the law suit and began a reimbursement program for customers who are willing to go thru the hassle. I say fuck it.
Good thing you said "fuck-it", since gen-4 iPods (including the mini) aren't covered in the settlement.
Never really thought about it, but wouldn't a signal amplifier into a video-in (say a capture card) work? I think Macrovision on VHS has to do with signal strength. Can anyone verify (or at least give a correct answer)?
But it must think passwords are limited to a few characters.
I got tired of having to scroll through the text box.
I don't know if you're using the same program, because I have no idea what you're talking about. I use passwordsafe on Win and MyPasswordSafe (compatable data formates) on Linux, and have some monster passwords/passphrases (about half of them are 40+ character passphrases). If it weren't for passwordsafe and MyPasswordSafe, I would either use weaker phrases or go insane.
I don't recall any "scroll box". Unless you mean the main window. That I do have to scroll, becasue between work and home I have about 75 different systems I log onto. Now most of them are the same uid and passphrase, but we have a bunch of different enviroments and directories, and some of them won't talk to each other. Everything is subject to drift so I make sure each one has its own entry.
Or maybe the "notes" field attached to the record. Other than that, I don't know what you mean by "scroll box"
Unless you're changing the password, you should never need to see it anyway. Just click on an entry and it's in your clip board. Paste it, and password safe flushes the clipboard. Works with X-windows (only know for sure about Gnome/KDE), Windows, Windows command console, and xterm. I love it.
Actually, I just read some of the other posts and I think my test may have been invalid. I don't remember, but I must have turned the volume down without the phones which in turn would have affected the drain.
Why would the type of headphones attached change the drain on the battery?
I think this was added so Apple couldn't weasel out of some people's claims. It takes some power to drive the earbuds and that will hasten the drain from the battery. Apple could test it without the earphones and claim the battery is not defective.
I tested mine when I first got it (4th gen unfortunately - I get no love). Without the phones attached, I got about 10 or so hours of "playback." Well about that, I checked it every couple hours and the 10 hr mark was the last when I saw it was still playing. When I did the same thing with headphones at mid-level volume, It was still going at 8 hours but the next check showed it to be drained.
I'd been following the different threads in this and in just about every one, you take a conversation about simple ethics and introduce the concepts of "wrong" and "morality". What does that have to do with ethics? Morality is not the same as ethics.
Is you[r] system even rationally based, or is it just something you hobbled together from junk lying around?
Ad hominems like that just make me tend to disregard anything someone says. It indicitive of sloppy thinking and really harms rather than bolsters any argument you may make.
C: You are sharing the pipe at your ISP with all the other Yoyo's trying to download it.
Those pipes are getting pretty damn big, however. With Suse 9.3 I downloaded a KNOPPIX iso and averaged 450KB (that bytes) per second. Of course under XP, I can only get to about 280KB/s. This is direct download through Firefox, not BT.
The BSOD, download the screensaver from sysinternals it'll bring back that sick to the pit of your stomach feeling.
Man, I love that screensaver! I have it on my workstation here at work. It's freaked the hell out of some of the help-desk people, and it always gets a double-take when people walk by:)
It does seem to disable the power-save on my monitor, however. If I log on as another user (or the machine is sitting at the logon screen), power-save works fine.
Instead it would be better to have the same wrong answers always appear with the right answer.
To defeat a frequency analysis, yes. But then we're back to the 1 in 8 (to use my original example) chance of a correct guess. Or just an 8 iteration process of elimination. You fix one problem, and another weakness creeps in. The "none-of-the-above" response is kind of intriguing, but the frequencies would need to be serioulsy tweaked. When all is said and done it's still a hack (not that that's a bad thing - except you don't hack together a secure authentication system). This is kind of like 1.5 factor authentication - what-you-know with what-you-know. Where as true 2 factor is usually what-you-know with what-you-have.
My job is primarily authentication systems (that and cryptographic systems). We have looked at every possible way to tighten security using 1-factor, and nothing really works to improve on password/passphrase. No real defense at all against keylogging.
There was another comment in this thread about using a password safe. I personally use Password Safe - it's portable between Win and Linux (using MyPasswordSafe). It seems like a good idea also, but here's the problem: The keylogger. You need to type a password in to open the safe. Now if I'm an attacker and I see my log reading a username - [ctrlV] (or if it's a real sophisticated one username-[mouse event])then I know my target is using a password safe. Espically if I see what can only be a password in the logger before these events. Most of them use a standardized safe name or extension. Since I know I can at this point gain access to the machine, I send a small seek-and-send virus to get the password safe (for instance, in the case of Password Safe - I grab all the *.dat files I come across). Now I have the safe, the safe master password, and all the usernames and password and notes in it.
Again, 2-facter seems to be the only solution. I like the Digital ID the best from a usability standpoint. It's completely transparent to the end-user. They just need to make sure it's plugged in the USB port. It's as portable as a token and you can only read it with a special driver or kernel module. There's alot more to it than that, but I would be extremely surprised if it was vulnerable to the same attack vector as installing keyloggers (something to start looking at - you guys got the juices flowing).
When using online banking (or anything online really), once you have entered your login correctly, the site displays a graphical challenge derived from one of your personal details, such as address, phone, birthday etc., and you use your mouse to choose the correct one and proceed.
I work for a large European bank (I work in the US, however) in IT security - specifically with authentication systems. On the surface that seems like a decent idea - but it's flawed. Let's say you present 8 images of birthdates (1 real - the rest bogus info) randomly placed each time. Someone trying to break in (who has the username/password) now has only a 1 in 8 chance of brute-forcing the second challenge. Also, if you randomly change the false images, you can do a frequency analysis because the right answer always has to be presented. If you present more images to muddy the waters, you make it more difficult and annoying for the customer (hell 8 images might do that).
If the account has a lock-out policy, it may take a couple days for the attacker to get in this way (because he keeps locking it and you keep unlocking it), but so what? I'd be willing to spend a couple minutes a day over a week to get potential access to a couple thousand dollars. Plus if you get suspicious about the fact your account keeps locking and change the password, it doesn't matter - he has a keylogger remember?
Really, the only real way (other than having a pristine and secure home system) to avoid this is to have the banking/financial sites use two factor authentication. Either a OTP token, a challenge response token or a USB Smart Card with a bank issued x.509v3 certificate on it. Europe uses these methods (at least our European customers do). The only reason the USA banks don't is becuase of the "convienience" factor the customers expect. They'd leave the bank in droves if you "complicated" personal banking (we already use two-factor for wholesale/corporate banking)
It varies from state to state. In some states only one party need be informed of that recording is happening (usually the one doing the recording). Other states all parties need to be informed. Businesses hedge by informing that recording may happen so both parties are aware. If you don't want to be recorded, you say so to the first real person you talk to or you hang up. By continuing the call, you are seen as accepting the fact you may be recorded.
Well, to be fair the giant magnets were added. Although I have to say it was a pretty sloppy job on the photoshopping (or was it GIMPing?). The connector spheres' reflections are all wrong. It kinda jumped out at me. I think they were a little too ambitious on this one. The other catalog entries at least looked plausable...
Assuming these people are fraudsters, would they even be mailing you the tickets?;)
Did you RTFA? They were not fraudsters. They were conducting a study (however limited the sample size was) to show how easy it would be for someone to commit a fraud of this nature. In it they state that they actually did hold a ticket drawing and that there were three winners. Afterward they detroyed all the information collected.
IANAL, but I think if you state that someone is eligible for a chance at theater tickets if they fulfill some requirement, you have to have some sort of lottery or give them tickets or whatever the terms you stated are. If they fulfill the requirement, you have to come through on your end. Otherwise it's just fraud. And yes I realize they were researching fraud, but that doesn't mean they legally commit fraud.
Slashdot Mirror
I recently saw a LONG list of prominent Republicans throughout the country who were in past years officially charged with various forms of paedophilia... Do you have a link, or are we supposed to take your word for it? I'd be very interested in seeing the list and related court records. If you say "Google for it", I'm just going to assume you made it up.
I have a 1-year old iPod mini with a dead battery. Now I heard Apple lost the law suit and began a reimbursement program for customers who are willing to go thru the hassle. I say fuck it.
Good thing you said "fuck-it", since gen-4 iPods (including the mini) aren't covered in the settlement.
...how to demacrovision a video signal...
Never really thought about it, but wouldn't a signal amplifier into a video-in (say a capture card) work? I think Macrovision on VHS has to do with signal strength. Can anyone verify (or at least give a correct answer)?
Which is odd, since you don't need a password to send an e-mail.
:)
Some SMTP servers do require authentication. The ones I use do. Of course I simply tell Thunderbird to remember them
Note: If your SMTP does require you to authenticate, be sure to connect via SSL/TLS so you're not sending the password in the clear.
I tried it.
But it must think passwords are limited to a few characters.
I got tired of having to scroll through the text box.
I don't know if you're using the same program, because I have no idea what you're talking about. I use passwordsafe on Win and MyPasswordSafe (compatable data formates) on Linux, and have some monster passwords/passphrases (about half of them are 40+ character passphrases). If it weren't for passwordsafe and MyPasswordSafe, I would either use weaker phrases or go insane.
I don't recall any "scroll box". Unless you mean the main window. That I do have to scroll, becasue between work and home I have about 75 different systems I log onto. Now most of them are the same uid and passphrase, but we have a bunch of different enviroments and directories, and some of them won't talk to each other. Everything is subject to drift so I make sure each one has its own entry.
Or maybe the "notes" field attached to the record. Other than that, I don't know what you mean by "scroll box"
Unless you're changing the password, you should never need to see it anyway. Just click on an entry and it's in your clip board. Paste it, and password safe flushes the clipboard. Works with X-windows (only know for sure about Gnome/KDE), Windows, Windows command console, and xterm. I love it.
"I just know the aliens REALLY are building landing strips for gay martians..."
The Dead Milkmen!!! Something I thought I'd never see. It's been a while, but I beleive the song is "Stewart" from Bealzebubba.
So I guess you wouln't try to do a tracheotomy with a pen knife and a ballpoint in an emergency - better to let the poor sod die?
A lot of stuff isn't terribly complicated - mostly practice, practice, practice.
Um... You can practice on his throat. I'll just be waiting over here...
Did you hear that wooshing sound? Right over your head?
Actually, I just read some of the other posts and I think my test may have been invalid. I don't remember, but I must have turned the volume down without the phones which in turn would have affected the drain.
Why would the type of headphones attached change the drain on the battery?
I think this was added so Apple couldn't weasel out of some people's claims. It takes some power to drive the earbuds and that will hasten the drain from the battery. Apple could test it without the earphones and claim the battery is not defective.
I tested mine when I first got it (4th gen unfortunately - I get no love). Without the phones attached, I got about 10 or so hours of "playback." Well about that, I checked it every couple hours and the 10 hr mark was the last when I saw it was still playing. When I did the same thing with headphones at mid-level volume, It was still going at 8 hours but the next check showed it to be drained.
...those who forget history are doomed to repeat it...
And sometimes on the same day.
I'd been following the different threads in this and in just about every one, you take a conversation about simple ethics and introduce the concepts of "wrong" and "morality". What does that have to do with ethics? Morality is not the same as ethics.
Is you[r] system even rationally based, or is it just something you hobbled together from junk lying around?
Ad hominems like that just make me tend to disregard anything someone says. It indicitive of sloppy thinking and really harms rather than bolsters any argument you may make.
C: You are sharing the pipe at your ISP with all the other Yoyo's trying to download it.
Those pipes are getting pretty damn big, however. With Suse 9.3 I downloaded a KNOPPIX iso and averaged 450KB (that bytes) per second. Of course under XP, I can only get to about 280KB/s. This is direct download through Firefox, not BT.
Pull out the old decoder ring and look at the post again.
Damage caused on impact with a stationary object increases linearly with speed
I think you mean geometrically. F=m(v^2)
The BSOD, download the screensaver from sysinternals it'll bring back that sick to the pit of your stomach feeling.
:)
Man, I love that screensaver! I have it on my workstation here at work. It's freaked the hell out of some of the help-desk people, and it always gets a double-take when people walk by
It does seem to disable the power-save on my monitor, however. If I log on as another user (or the machine is sitting at the logon screen), power-save works fine.
Yeah, but does Jar-Jar shoot first?
Instead it would be better to have the same wrong answers always appear with the right answer.
To defeat a frequency analysis, yes. But then we're back to the 1 in 8 (to use my original example) chance of a correct guess. Or just an 8 iteration process of elimination. You fix one problem, and another weakness creeps in. The "none-of-the-above" response is kind of intriguing, but the frequencies would need to be serioulsy tweaked. When all is said and done it's still a hack (not that that's a bad thing - except you don't hack together a secure authentication system). This is kind of like 1.5 factor authentication - what-you-know with what-you-know. Where as true 2 factor is usually what-you-know with what-you-have.
My job is primarily authentication systems (that and cryptographic systems). We have looked at every possible way to tighten security using 1-factor, and nothing really works to improve on password/passphrase. No real defense at all against keylogging.
There was another comment in this thread about using a password safe. I personally use Password Safe - it's portable between Win and Linux (using MyPasswordSafe). It seems like a good idea also, but here's the problem: The keylogger. You need to type a password in to open the safe. Now if I'm an attacker and I see my log reading a username - [ctrlV] (or if it's a real sophisticated one username-[mouse event])then I know my target is using a password safe. Espically if I see what can only be a password in the logger before these events. Most of them use a standardized safe name or extension. Since I know I can at this point gain access to the machine, I send a small seek-and-send virus to get the password safe (for instance, in the case of Password Safe - I grab all the *.dat files I come across). Now I have the safe, the safe master password, and all the usernames and password and notes in it.
Again, 2-facter seems to be the only solution. I like the Digital ID the best from a usability standpoint. It's completely transparent to the end-user. They just need to make sure it's plugged in the USB port. It's as portable as a token and you can only read it with a special driver or kernel module. There's alot more to it than that, but I would be extremely surprised if it was vulnerable to the same attack vector as installing keyloggers (something to start looking at - you guys got the juices flowing).
When using online banking (or anything online really), once you have entered your login correctly, the site displays a graphical challenge derived from one of your personal details, such as address, phone, birthday etc., and you use your mouse to choose the correct one and proceed.
I work for a large European bank (I work in the US, however) in IT security - specifically with authentication systems. On the surface that seems like a decent idea - but it's flawed. Let's say you present 8 images of birthdates (1 real - the rest bogus info) randomly placed each time. Someone trying to break in (who has the username/password) now has only a 1 in 8 chance of brute-forcing the second challenge. Also, if you randomly change the false images, you can do a frequency analysis because the right answer always has to be presented. If you present more images to muddy the waters, you make it more difficult and annoying for the customer (hell 8 images might do that).
If the account has a lock-out policy, it may take a couple days for the attacker to get in this way (because he keeps locking it and you keep unlocking it), but so what? I'd be willing to spend a couple minutes a day over a week to get potential access to a couple thousand dollars. Plus if you get suspicious about the fact your account keeps locking and change the password, it doesn't matter - he has a keylogger remember?
Really, the only real way (other than having a pristine and secure home system) to avoid this is to have the banking/financial sites use two factor authentication. Either a OTP token, a challenge response token or a USB Smart Card with a bank issued x.509v3 certificate on it. Europe uses these methods (at least our European customers do). The only reason the USA banks don't is becuase of the "convienience" factor the customers expect. They'd leave the bank in droves if you "complicated" personal banking (we already use two-factor for wholesale/corporate banking)
It varies from state to state. In some states only one party need be informed of that recording is happening (usually the one doing the recording). Other states all parties need to be informed. Businesses hedge by informing that recording may happen so both parties are aware. If you don't want to be recorded, you say so to the first real person you talk to or you hang up. By continuing the call, you are seen as accepting the fact you may be recorded.
I'm reminded of Wally's comment about Dilbert trying to create an anti-porn filter for the Internet...
"So, you're pitting your programming skill against the determination of a horde of teenagers?" (or something like that)
Well, to be fair the giant magnets were added. Although I have to say it was a pretty sloppy job on the photoshopping (or was it GIMPing?). The connector spheres' reflections are all wrong. It kinda jumped out at me. I think they were a little too ambitious on this one. The other catalog entries at least looked plausable...
Got it. I misread your post as saying that they were frauds since it was a study cloaked as a giveaway.
Assuming these people are fraudsters, would they even be mailing you the tickets? ;)
Did you RTFA? They were not fraudsters. They were conducting a study (however limited the sample size was) to show how easy it would be for someone to commit a fraud of this nature. In it they state that they actually did hold a ticket drawing and that there were three winners. Afterward they detroyed all the information collected.
IANAL, but I think if you state that someone is eligible for a chance at theater tickets if they fulfill some requirement, you have to have some sort of lottery or give them tickets or whatever the terms you stated are. If they fulfill the requirement, you have to come through on your end. Otherwise it's just fraud. And yes I realize they were researching fraud, but that doesn't mean they legally commit fraud.
Why thank you, Mr. Apologist!