Slashdot Mirror


User: LiquidCoooled

LiquidCoooled's activity in the archive.

Stories
0
Comments
4,752
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,752

  1. Re:Marked confidential? on Mozilla UI Spoofing Vulnerability · · Score: 1

    Thanks, it shows then that this is as much a bug as writing a valid executable and running it.

    Perhaps they should add an isEvilIntent property and pray people use it ;)

  2. Re:Marked confidential? on Mozilla UI Spoofing Vulnerability · · Score: 1

    What I am asking is why should a user browsable page be allowed to access the chrome library?
    I understand the chrome is XML based, and this makes great sense, but it is the reasoning required to make it available in userspace. This is equivilent to allowing (for instance) full file access within the Java sandbox.

    I just cannot see a valid reason for it being there.

  3. Re:Marked confidential? on Mozilla UI Spoofing Vulnerability · · Score: 1

    I don't think this is an isolated case.

    This isn't actually a coding error, it is an interface exploit that lets somebody display a semi fake page.

    Out of interest, does anyone know why IS the chrome rendering support available to the inner html?

    Makes you wonder what *other* bugs/exploits are locked away in their "confidential" list...

  4. Re:Why does Apple have a problem with this? on Real Responds to Apple's Hacking Claims · · Score: 1

    From what I read, Apple makes more profit by selling the iPod than the iTMS.

    If the unprofitable(ok, not very profitable) side is the iTMS, then why are they worried about Real?

    Greater availability of Fairplay encoded tracks REQUIRING an iPod means more people getting iPods which means more profit?

  5. Re:BP and pulse are issues on Living Without a Pulse · · Score: 1

    the best way to do this is to fit the turbine with inlet and discharge pressure sensors, and a flow meter

    Can I have mine with a funky neon light and crisscross clear tubing?

    And whilst your fitting all this, could you upgrade my cpu?

  6. Re:BP and pulse are issues on Living Without a Pulse · · Score: 1

    the best way to do this is to fit the turbine with inlet and discharge pressure sensors, and a flow meter

    Can I have mine with a neon light and criss cross clear cables?

  7. Re:Firefox on Microsoft to Issue Out-of-Cycle Patch for IE · · Score: 1

    if you have a proxy html filter (proximatron or similar) thats removing certain parts of the markup, then its possible that this occurs because your removing a bit more than you thought.

    Since the adverts are on a randomish cycle, that could explain the 2 or 3 refresh thing.

    tis a possibility :)

  8. Re:Using EAN and RFID to shop ethically on RFID More Hackable Than Retailers Think? · · Score: 1

    Readerware has obtained a limited quantity of CueCat barcode readers. While supplies last you can get a FREE barcode reader when you order a Readerware bundle on CD. USB and PS/2 barcode readers are available, your choice.

    And this isn't the cuecat, but:

    http://www.idautomation.com/wands/w3usb.html

    The W3USB wand connects via a USB port, perfect for laptops and PDA devices. It contains its own built-in decoder so information scanned appears as if it had been typed from the keyboard. ...

  9. Re:Using EAN and RFID to shop ethically on RFID More Hackable Than Retailers Think? · · Score: 1

    cuecat = usb if I remember rightly, and dont the majority of pda's have usb?

    It would be easier to create a small lookup program based upon the actual barcode input than trying to get a puny little phone to do ocr.

    You could even store the information in a few bloom filters and have it entirely on the device as you say - one filter per category type.

  10. Re:Using EAN and RFID to shop ethically on RFID More Hackable Than Retailers Think? · · Score: 1

    Forget about photographing it.

    Use a cuecat!!!!

    In the asda stores here in england, we have barcode scanners where we can check prices along certain shelves, and in the music area, we can scan a cd on the demo unit and hear tracks from it!

    Take your own scanner in and do exactly as you suggest.

    its a wonderful idea :)

  11. Re:Serious computer abuse ... on Abused, But Working Hardware Stories? · · Score: 1

    This is what I love about slash.

    Your absolutely right about the pentium bug of course and when I just read up about it, they certainly found some novel ways around it!

    This problem with spirit does seem a little more than a single bug however, the equations and calculations used to autonomously drive around the surface need major rewiring to continue sucessfully.

    Just because spirit will be travelling backwards, its not just a case of inverting all the normal answers either, the wheel causes a variable amount of drag which must be corrected - this drag factor will change depending upon the ground conditions.

    There may well be other examples of earth based inginuity like you already described, but none as inaccessible as space based repairs, the worst thing on earth is a fried server and a day of downtime (for each effected machine). On Mars, we can't just switch the box out.

    The problem with Intel bugs are to do with the sheer numbers of machines rather than severity of a single exploitable bug.

  12. Re:Serious computer abuse ... on Abused, But Working Hardware Stories? · · Score: 2, Interesting

    They are at it again!

    Spirit's right hand side front wheel is damaged (drawing about 2-3 times more power than all the others - they think its a problem with particles in the gear chain).

    Those incredible folks over at Nasa are currently looking at how to carry on without it (it can still operate but only when absolutely necessary).

    They have been practicing driving in reverse and dragging the limp wheel along.
    This in itself wouldn't be a major issue if the machine were under direct human control, but they are currently rewriting the operating commands for its autonomous driving mode - hazard avoidance etc.

    How many others go to the trouble of rewriting the OS to work around a hardware disability?

    Heres a link: http://marsrovers.jpl.nasa.gov/spotlight/20040716. html

  13. Re:Positive compunded interest on Slate On Worms That Plug Security Holes · · Score: 1

    good on ya then :)

    I've seen too many people spending inordinate amounts of time running checks and scanners and the like - I suppose its the same mentality as running benchmarks all the time instead of playing the games.

    I'd actually forgotten about scheduling the checker - mine does in fact run once a week whilst I'm at work, but the only thing I use it for is a complete file count (460,000ish in 220gb) when I get home.

  14. Re:Positive compunded interest on Slate On Worms That Plug Security Holes · · Score: 1

    The principle would still work on a LAN - just direct most of its packets there. I used the ISP as an example because thats how most users in need of some friendly bacteria will be configured (direct access via (cable)modem with ip assigned by the ISP's servers).

    Since you appear to have your head screwed on, and have taken the largest security holes out of the equation, can I ask why you are still over paranoid about security?

    I generally run spyware scanners after installing anything, and have norton running, but don't as a rule go OTT with security.

    I'd rather spend my time using my computer than scanning for things which i'm confident arent there.

    I havent (touch wood) been caught by any virus since my amiga days (REAL virii work in 1024 bytes ;) ), and don't indend getting any.

  15. Re:The Big Picture on Slate On Worms That Plug Security Holes · · Score: 1

    Hello,

    this is your friendly neighborhood good virus, it looks like your computer is vulnerable to a nasty microsoft RPC bug, would you like us to patch this up for you?"

    [X] Send this "repair tool" to all my friends.

    [X] Notify me of further problems

    [X] Automated Fraud checker.
    Please enter Credit card number to test:

    [________________] ( )Visa ( )Mastercard
    Remember to ask your parents permission.

    [OK] [CANCEL]

  16. Re:Positive compunded interest on Slate On Worms That Plug Security Holes · · Score: 1

    Without a central DB/list storing the IPs of every "infected" or tested machines, the virus won't know what other machines have been scanned - sure it can trace its own geneology, but that only prevents backwards propogation, it does nothing about overlap.

    Unfortunately, it seems that the best method for propagation is random distribution, however I would prefer weighing this to keep 80-90% of pings within the ip range of the ISP.

    An alternative means to the end would have the virus automatically throttle itself back and slow down if it detects a large number of scans from other viral instances.
    As the number of infected machines on a subnet increases, the chances of being retested increase greatly, and as a result, the virus knows its done it job and slows right down.

  17. Re:1GB = 1024MB so... on Kevin Rose Load Tests Gmail · · Score: 1

    The RIAA don't seem to think its wrong.
    from yesterday:

    RIAA Continues Distributing Dud CDs to Satisfy Settlement

    *shudder*

  18. Re:My Doom? Oh My on Latest MyDoom Variant Gives Google Problems · · Score: 1

    Its more likely all the people in the world saying:

    "omg googles gone down.....look see *clicky* i cant search for anything"

    I mentioned this effect the other day in another of my postings.

    http://slashdot.org/comments.pl?sid=115270&cid=976 7977

  19. Re:What kind of digitized photos does this work on on Detecting Faked Photographs Gets Easier · · Score: 2, Interesting

    The easy answer to that lies in the original compression artifacts remaining - any new fragment/change will not keep these in a statistically similar fashion, and thats what my understanding of this software is.

    Smudging a part of an image would remove these artifacts, and would be near impossible to reproduce - like the paper grain on a canvass oil painting.

  20. Resolving power on SETI Predicts We'll Find ETs by 2020 · · Score: 1

    How can we expect to detect radio transmissions from another planet when we cannot even truly detect the planet itself.

    Sure - we can see the wobble its host sun makes as it orbits, but do we actually have the resolving power to see it - could we even detect a tiny rock like ours, or are we still limited to the super massive gas giants?

    Now, Consider the strongest signal WE could produce, how bright(radio strength) could we send a signal?

    Could we send something out SO bright that it overrides the emmissions from our own sun.

    Whilst I want it to work, I do not believe with current tech we will do so.

    Perhaps, the aliens also come to the same conclusion, and find that the only way to light a beacon across the universe is to do something BIIIIIIIIIIIIIIIIIIIIIIIIIG.

    What if some of the supernova we see are set off by intelligent life?

  21. Re:Ya think? on History of the Automatic Teller · · Score: 1

    My conclusion is lifted from the article :)

    One of the key benefits the ATM designers gave was to reduce the number of tellers and branches, this quite simply hasnt happened.

    Whilst I understand what you say about increases in opening hours etc, the need for human contact hasn't gone away as they expected.

    If an ATM can do everything a human teller can do, then why do the banks waste money employing real people and having branches?

    I don't think we can categorise the types of people who prefer to bank in the branch than use a machine, but personally, I will use an ATM for most things, and only step into the branch when I something goes wrong, and I need more info.

    Case in point:

    go to ATM machine to withdraw money, but get following response.

    AVAILABLE FUNDS: 0.00

    walking into a branch, I might get the same initial response, but I can find out WHY its like that, when I KNOW i have money there, the teller might also be able to fix the problem, or make an overdraft available.

    I like the convenience of the ATM for simple things, but not at the cost of real people.

  22. Re:Ya think? on History of the Automatic Teller · · Score: 1

    Are you sure you don't need an eye test.

    from page 3:

    The ATM clearly fell short of expectations in one area, though. It never reduced the number of tellers or filled the demand for bank branches--something the machine's pioneers had promised. According to the FDIC's count, there are close to 75,000 branches today, up from under 58,000 in 1985. Tellers number 539,000, vs. the 484,000 in 1985--though many of them now also function as retailers, cross-selling IRAs and mortgages to customers who come in with a big deposit. And that is something human beings still do better than any machine. For now.

    Usually all things being equal, replacing a manual system with an automated one means reducing the workforce. This quite clearly wasn't the case.

  23. Re:Ya think? on History of the Automatic Teller · · Score: 1

    I think what they mean is a bank will still operate as a business without a supporting ATM network, but customers appreciate the benefits they bring.

    The article said that ATMs has NOT reduced the number of branches or tellers, people do still prefer real life human contact and decision making to occur.

    In my eyes, this is a perfect use of technology - supplimenting the deficiencies with technology without replacing humans :)

  24. PLANET OF THE APES!!! on Macaque Monkey Goes Totally Bipedal · · Score: 1

    Its begun.

    Quick, everybody hide in the statue of liberty!

    Seriously, how freaky does that picture look. I don't know why but I didn't expect it to look quite so similar to ourselves - i envisaged "cheetah" from tarzan - doin a silly walkin dance, not in the slightest, I'm gonna see if I can find some video of this, I wonder if its a natural walking rythm?

  25. Re:The only way to keep private data private... on Consumer Database Company Hacked Again · · Score: 1

    I just tried to write up some additional thoughts about this whole data access problem, and I keep finding myself back at throttled/restricted access.

    To answer your query, the access token grants access to the lookup function, but does not perform the decryption.

    The encryption job could be passed to the File system itself, and let the big boss logon to the machine after every power cycle. A nice long complex logistically impractical to crack kind of password.

    Barring hackable exploits in the system, the physical data files would not even be shared (\\domain-ds\c$), leaving the thief with needing physical access to the machine.

    Even with access, cracking the password would be difficult.

    If it becomes an issue of physical theft then the security precautions already in use for valuables should be applied.

    Stripping away ALL this side of the security, allowing 1 user 1 lookup every few minutes means that instead of 8GB of data being copied, at most ~100 bank accounts can be linked by a determined individual. Unlike direct network file access, this guy would plainly not be performing his duties if he wasted his access tokens stealing account numbers leaving his real job unfinished.

    The whole point of this was to find a simple way to prevent misuse of our private data. The encryption thing has gotten in the way, but could be handled respectably.

    There is no way to completely restrict access to any information, but nothing stops us from erecting simple roadblocks and diversions along the way :)

    (Single insignificant checkbox on a field of a database marking itself as throttled access would be enough for me.)