True, but seeing:8443,:8444,:8080,:8081, etc looks a bit un-professional. My hosting service charges an extra buck or so per extra IP address. Having multiple IPs isn't a problem in most cases. However, it would be nice if they updated SSL to deal with host headers (not sure how they'd do that, since they're encrypted, but whatever.
It was easy to disprove the existence of aether with the Michelson-Morley experiment
True, but before the Michelson-Morley experiment, it was impossiblet to disprove this fact. Until someone runs the "Richardson-O'Reilly" experiment, it'll be impossible to disprove dark matter too.
IANAA, but dark-matter sounds a bit like Tachyons, Anti-Time, and other Star Trekisms. But I hope it's true, I sure as hell don't want the universe imploding back in on itself.
Maybe I'm stupid here, but a $20 router will block incoming traffic. Just make sure you're not plugging your computer directly into the cablemodem/dsl/whatever and you should be fine.
As another option, get your base O/S hardened, then run VMWare and install a dup O/S in that, run it when you want-- you can have a "P2P" O/S that you know is going to get screwed with, but it's isolated, so it's not that bad. And if you need to go back to square-1, just re-load the original image.
True, I believe Codeweavers released "Crossover Office" or something like that-- it's Wine + config scripts to help get IE, Office, etc running under Linux.
So now I can't get updates for it? Or do I have to have a throw-away Windows box to download the updates on and then transfer over?
Ok, don't kill me for this, it's just an idea... Could Orbitz claim that their URLs are their intellectual property, and forbid anyone else from using that property (unless they follow the rules)? Could you call deep-linking (or linking in general) "plagarism", since you're copying someone's location word-for-word?
I think it'd be total crap if this *could* work, but I'm just not surprised anymore about the screwed up laws concerning IP.
On the contrary, I found that my CS education (bachelors, masters [Cornell University]) was very much NOT about vocational training. In fact, I can probably count on one hand the number of times that I've needed something for my job that I learned mechanically how to do in school. Learning a programming language on your own was par for the course. Classes were about theory.
Of course, I graduated way back in 2001, so I'm sure the landscape has changed-- or maybe just in crappy cs schools.
I've been using this (stupid) trick to talk to my girlfriend (long distance):
Party A: Forward your cell phone to Party B's Land-line, then call your own cell phone FROM your own land-line. Now you're both talking on normal-size phones, and you're using cellular minutes (good for night/weekends). Sure, you're double-paying slightly, but it's definately worth the not-brain-tumors.
JNI is an absolutely necessary part of Java. How do you think System.out.println() really works? Down through the (many) layers of calls within standard Java classes, you eventually get to a JNI call. In fact, without JNI, Java wouldn't be able to access the network, files, console, etc. It's like saying the keyboard is responsible when you type format c: (or when you click-click-click for the younger generation).
I agree, the article was crap. Java can do essentially the same things by using JNI (Java Native Interface-- you call DLLs from Java). I like to bash Microsoft just as much as the next/.er, but the inclusion of the ability to execute unsafe code on.NET isn't a vulnerability, nor is it a mistake. It's a choice. If you write crappy code, don't blame the language.
I just keep a copy of the IP addresses to all of the sites that I visit on a piece of paper. Who needs DNS anyway?
Seriously though, any reason why the kernel's DNS-lookup procedure couldn't be changed to verify the IP through N servers instead of just the primary server? Of course, if one of the root dns servers go down, then that's it, but it's more likely that YOUR ISP's box will get rooted.
How often do you look at the name in the SSL certificate for each page that you're on? Do you regularly review your CA trust configuration? SSL is *very* susceptible to MITM attacks. Are you also using a local DNS server or are you asking the router for the IP of "www.capital1.com"? Are you at least resolving the IP independently and verifying?
Anyone who thinks SSL is secure needs to get their learn-on.
I accidently installed some spyware on my box a few days ago. The agreement was buried inside of a long "Click here if you agree" box that I found afterwards. Technically, it was my fault.
Even otherwise, is installing software on someone else's computer a felony? What law does that break? And technically, the end user themselves installed the software. The fact that they weren't aware of it could range from virus-style installation to "oh, i just clicked Yes"
There's absolutely no basis (at least in the article) for how this could *possibly* go for the assclowns--err, spammers. You can't be sued for libel if what you say is true.
I think this would be a great place for a counter-suit. Send a chill through the spammer community.
In related news-- I was recently approached by a spyware/spam company ("Vista") wanting me to let them place active-x ads on my sites. I wrote about it here. They offered me "a few thousand dollars". Tough to pass up...They need to litigate this.
I think the point is that the application logic will place the rel="nofollow" attribute in. I doubt that anyone will add: <a href="www.v1agr4.com" rel="nofollow">Cl1ck here</a> to their posts.
I guess that was just my bad attempt at, "oh poor us"-style/. humor. Actually, I think that's really cool, if I often go to Panera Bread or Borders to get reading/work done when I can't do it at the office. Nice music, sort of quiet, coffee, just a great environment.
Slashdot Mirror
True, but seeing :8443, :8444, :8080, :8081, etc looks a bit un-professional. My hosting service charges an extra buck or so per extra IP address. Having multiple IPs isn't a problem in most cases. However, it would be nice if they updated SSL to deal with host headers (not sure how they'd do that, since they're encrypted, but whatever.
I think they got certification from the Insensitive Clods Spyware Association
It was easy to disprove the existence of aether with the Michelson-Morley experiment
True, but before the Michelson-Morley experiment, it was impossiblet to disprove this fact. Until someone runs the "Richardson-O'Reilly" experiment, it'll be impossible to disprove dark matter too.
IANAA, but dark-matter sounds a bit like Tachyons, Anti-Time, and other Star Trekisms. But I hope it's true, I sure as hell don't want the universe imploding back in on itself.
Google and Sysinternals are the only two companies that always make me feel good about being a Computer Scientist.
If I were Google, I'd buy Sysinternals and have them help build GoogleOS.
1. dir /a /s > a:\infected.txt /a /s > a:\reality.txt
2. reboot to floppy w/ NTFSDOS on it
3. dir
4. diff infected.txt reality.txt
Not a bad idea, I thought Microsoft Research did more hardcore stuff though....=
Maybe I'm stupid here, but a $20 router will block incoming traffic. Just make sure you're not plugging your computer directly into the cablemodem/dsl/whatever and you should be fine.
As another option, get your base O/S hardened, then run VMWare and install a dup O/S in that, run it when you want-- you can have a "P2P" O/S that you know is going to get screwed with, but it's isolated, so it's not that bad. And if you need to go back to square-1, just re-load the original image.
True, I believe Codeweavers released "Crossover Office" or something like that-- it's Wine + config scripts to help get IE, Office, etc running under Linux.
So now I can't get updates for it? Or do I have to have a throw-away Windows box to download the updates on and then transfer over?
When is GoogleOS coming out?
Or this one: http://cowboy-neil-for-president.slashdot.org/
Or use my fix: http://www.scovettalabs.com/advisory/SCL-2005.002. txt in corporate environments (or home use too).
"Sir, I've got bad news. You've got cancer and Alzheimer's."
--"Well at least I don't have cancer!"
Ok, don't kill me for this, it's just an idea... Could Orbitz claim that their URLs are their intellectual property, and forbid anyone else from using that property (unless they follow the rules)? Could you call deep-linking (or linking in general) "plagarism", since you're copying someone's location word-for-word?
I think it'd be total crap if this *could* work, but I'm just not surprised anymore about the screwed up laws concerning IP.
On the contrary, I found that my CS education (bachelors, masters [Cornell University]) was very much NOT about vocational training. In fact, I can probably count on one hand the number of times that I've needed something for my job that I learned mechanically how to do in school. Learning a programming language on your own was par for the course. Classes were about theory.
Of course, I graduated way back in 2001, so I'm sure the landscape has changed-- or maybe just in crappy cs schools.
I've posted an advisory/fix for this vulnerability on:5 .002. txt
http://www.scovettalabs.com/advisory/SCL-200
You can add a bit of code to the "autoconfig" script that will filter out the bad characters (actually, they'll only allow good characters).
I'm using this workaround myself, and it's pretty fast, almost un-noticeable, and should work for any sites that attempt to exploit this.
I've been using this (stupid) trick to talk to my girlfriend (long distance): Party A: Forward your cell phone to Party B's Land-line, then call your own cell phone FROM your own land-line. Now you're both talking on normal-size phones, and you're using cellular minutes (good for night/weekends). Sure, you're double-paying slightly, but it's definately worth the not-brain-tumors.
JNI is an absolutely necessary part of Java. How do you think System.out.println() really works? Down through the (many) layers of calls within standard Java classes, you eventually get to a JNI call. In fact, without JNI, Java wouldn't be able to access the network, files, console, etc. It's like saying the keyboard is responsible when you type format c: (or when you click-click-click for the younger generation).
I agree, the article was crap. Java can do essentially the same things by using JNI (Java Native Interface-- you call DLLs from Java). I like to bash Microsoft just as much as the next /.er, but the inclusion of the ability to execute unsafe code on .NET isn't a vulnerability, nor is it a mistake. It's a choice. If you write crappy code, don't blame the language.
I just keep a copy of the IP addresses to all of the sites that I visit on a piece of paper. Who needs DNS anyway?
Seriously though, any reason why the kernel's DNS-lookup procedure couldn't be changed to verify the IP through N servers instead of just the primary server? Of course, if one of the root dns servers go down, then that's it, but it's more likely that YOUR ISP's box will get rooted.
How often do you look at the name in the SSL certificate for each page that you're on? Do you regularly review your CA trust configuration? SSL is *very* susceptible to MITM attacks. Are you also using a local DNS server or are you asking the router for the IP of "www.capital1.com"? Are you at least resolving the IP independently and verifying?
Anyone who thinks SSL is secure needs to get their learn-on.
I accidently installed some spyware on my box a few days ago. The agreement was buried inside of a long "Click here if you agree" box that I found afterwards. Technically, it was my fault.
Even otherwise, is installing software on someone else's computer a felony? What law does that break? And technically, the end user themselves installed the software. The fact that they weren't aware of it could range from virus-style installation to "oh, i just clicked Yes"
Yes, but isn't "He's a criminal!" play the line between fact and opinion?
There's absolutely no basis (at least in the article) for how this could *possibly* go for the assclowns--err, spammers. You can't be sued for libel if what you say is true.
I think this would be a great place for a counter-suit. Send a chill through the spammer community.
In related news-- I was recently approached by a spyware/spam company ("Vista") wanting me to let them place active-x ads on my sites. I wrote about it here. They offered me "a few thousand dollars". Tough to pass up...They need to litigate this.
I think the point is that the application logic will place the rel="nofollow" attribute in. I doubt that anyone will add:
<a href="www.v1agr4.com" rel="nofollow">Cl1ck here</a>
to their posts.
20% of your time on creative projects? This would be great for creative, talented people. Everyone else would just be browsing /.
(ducks)
Mod Funny, not Flamebait!
I guess that was just my bad attempt at, "oh poor us"-style /. humor. Actually, I think that's really cool, if I often go to Panera Bread or Borders to get reading/work done when I can't do it at the office. Nice music, sort of quiet, coffee, just a great environment.
"We work eight hours a day."
Damn, I want their job. Only 8 hours a day? Do they mean 7 days a week?