"in Slashcode, you'll notice that it contains a hand-written port scanner/proxy checker built in Perl. Slashdot uses this to aggressively port scan and service map any IP address that tries to post anonymously, and saves the result in the DB"
1. Environmental regulations preventing the building of new refineries.
2. Environmental regulations forcing specialized, region-specific formulations across the country.
3. Environmental regulations stopping that nuclear power station from being destroyed in an earthquake, when they had to improve on the original design
Re:In the land of empty tanks
on
Out of Gas
·
· Score: 1
"The manufacturing facilities that make your bike frame, gears, grips, as well as the lubrication for the bearings all requires oil."
Okay, we'll oil my bike-chain then, and you can put the same amount of oil in your car, and we'll see which one gets further...
"Maybe I'm a dick, but I think they should spend their money on their own people before spending it on the moon."
Well technically, all the people working on the space-science projects are "their own people", and paying them to build rockets (or write software, or fabricate aluminium, or build launch towers, etc.) probably counts as helping them financially.
"assume small.1% success rate and you get 100,000 orders"
Such goes the imagination of a spammer.
You know how many emails I auto-deleted today? 200. So that's 0 in 200 response. To get a 0.1% response rate with that many emails to each person, you'd need 1 in 5 people to respond.
"It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected"
Maybe you could use the default hardware firewall during that time? (The one that gets activated by wrapping the ethernet cable around the user instead of plugging it into the wall.)
"A D-Link port-80-only firewall can be had at any number of electronics stores for $79. If the author is unaware of this, just how seriously can we take the rest of his essay?"
So we should add $79 to the cost of acquiring WindowsXP when people ask how much it costs?
And more to the point, assuming an equal level of interest in different types of code. A cracker could concentrate their resources in one area, while cisco would have to dedicate their time to all areas.
Re:This is a Good Thing(R)
on
Hardened PHP
·
· Score: 1
"Well believe it or not, in a lot of cases, PHP code just cannot be trusted"
It would be nice to specify what you think a script's priviledges should be.
"The problem is that, with 800 MB of code it's virtually impossible to be sure that there are no serious bugs somewhere."
Well, let's say that cisco has allocated x people for code-auditing, and that they've had y years to do so (something like 15 and 15, probably?) And because their products need to be secure, they fixed anything those people found wrong.
Surely that means that to find a vulnerability, any would-be cracker would have to spend at least as long on auditing as cisco did themselves unless they happen to be very lucky, or unless there are problems easily-visible in the source-code that cisco haven't fixed. So we wouldn't expect any exploit to be seen in the near future?
"They do not allow you to download music in an MP3 format for convenient dumping into your Kazaa directory"
Of course, that must have been the reason I wanted MP3 songs. Not because every music-player device I own requires MP3 format to work, oh no. It must be because I intend to publish the files.
I don't have a Kazaa directory. Kazaa isn't even available for my computer, and I rather resent the implication that requiring the music I purchase to be in a standard format implies that it will be used illegally.
"Downloading music via Kazaa in lieu of buying it is not exercising my rights as a consumer."
Excuse me, you're now equating people who don't buy CDs because they don't work to people who make illegal copies of music. That's not just stupid, that's ridiculous. Stay on-topic please.
"The UK government is trying to introduce ID Cards that sound similar to this."
You mean, David Blunkett wants to introduce ID cards. Nobody else does.
"I'd be interested to know if the Americans have taken on board problems that the UK trial encountered early on. These included contact lenses, I believe, as well as long fringes disrupting measurements between significant facial features."
The UK problems are deeper than that, and not merely related to biometric technicalities (you know how many million people have the same fingerprints as you?)
Their ID-card problems are more related to the fact that they're fundamentally guaranteed to reduce security, increase identity theft, enable the cheap, detailed surveillance of individuals, and generally, have no benefits to anyone with more IQ than a racist who thinks that tagging asylum-seekers with barcodes on their forehead will make Britain better and safer.
"This isn't that complicated but nobody on/. understands it and they all bitch about things that understanding it would resolve and I am sick of it."
Okay, well let's imagine for a moment that we don't think anyone involved in the implementation of smartcards understands these ideas either.
It's not that strange. After all, secure voting protocols exist, but they're completely unknown amongst the people who build voting machines for government use. Why should we imagine that smartcard contractors are any less ignorant of secure protocols?
Slashdot Mirror
"NYT claims the Google PC search competes with Microsoft's"
The more important question: can it compete with grep?
"Also why should Verisign have the right to steal page view from Microsoft?"
And could they please pay the 36-to-power-80 * $10 for all the domain-names they gave themselves? And then pay tax on that purchase.
"All of the defense's evidence is preceded by the phrase: 'I am not a lawyer.'"
From the country where it's easier to identify the people who aren't lawyers. IANAL.
"I think google has more servers than they tould us, or a very good compression algorithm :)"
I think most messages compress neatly to:
"[spam]"
"Honestly, what use does one have for such a large mailbox?"
Coming soon... GMail2, with a 640KB mailbox
"I am not sure about the dead pixel."
Maybe they turned a few pixels off so that people will pay more for screens with no dead pixels?
"in Slashcode, you'll notice that it contains a hand-written port scanner/proxy checker built in Perl. Slashdot uses this to aggressively port scan and service map any IP address that tries to post anonymously, and saves the result in the DB"
Port-knocking proxies it is then...?
"How would you react if gas went from $5.50 a gallon to $10.00 a gallon over the course of a year?"
$3.50 per gallon more to spend on railways...?
(hint: increasing oil price from $1 to $2 won't double the price of petrol in the UK)
1. Environmental regulations preventing the building of new refineries.
2. Environmental regulations forcing specialized, region-specific formulations across the country.
3. Environmental regulations stopping that nuclear power station from being destroyed in an earthquake, when they had to improve on the original design
"The manufacturing facilities that make your bike frame, gears, grips, as well as the lubrication for the bearings all requires oil."
Okay, we'll oil my bike-chain then, and you can put the same amount of oil in your car, and we'll see which one gets further...
"Maybe I'm a dick, but I think they should spend their money on their own people before spending it on the moon."
Well technically, all the people working on the space-science projects are "their own people", and paying them to build rockets (or write software, or fabricate aluminium, or build launch towers, etc.) probably counts as helping them financially.
"Here in the UK you can't put a pump on automatic fill. You need to hold the trigger whilst all the time."
Maybe it was an american car? Open the fuel-cap, start pumping, go for a cup of coffee and a bagel, come back and the tank is nearly full...
"assume small .1% success rate and you get 100,000 orders"
Such goes the imagination of a spammer.
You know how many emails I auto-deleted today? 200. So that's 0 in 200 response. To get a 0.1% response rate with that many emails to each person, you'd need 1 in 5 people to respond.
"It even got to the point that the WinXP "firewall" wasn't good enough, since it loaded *last* in the startup sequence, and there was a good 20 seconds to 2 minutes (depending on the speed of the machine) when the machine was on the net and unprotected"
Maybe you could use the default hardware firewall during that time? (The one that gets activated by wrapping the ethernet cable around the user instead of plugging it into the wall.)
"A D-Link port-80-only firewall can be had at any number of electronics stores for $79. If the author is unaware of this, just how seriously can we take the rest of his essay?"
So we should add $79 to the cost of acquiring WindowsXP when people ask how much it costs?
"You're assuming that code is static."
And more to the point, assuming an equal level of interest in different types of code. A cracker could concentrate their resources in one area, while cisco would have to dedicate their time to all areas.
"Well believe it or not, in a lot of cases, PHP code just cannot be trusted"
It would be nice to specify what you think a script's priviledges should be.
htpriviledges:
<Files *.php>
Database: Deny
Filesytem: allow
RemoteFiles: allow
Input-Cookies: deny
Input-Post: allow
</Files>
"The problem is that, with 800 MB of code it's virtually impossible to be sure that there are no serious bugs somewhere."
Well, let's say that cisco has allocated x people for code-auditing, and that they've had y years to do so (something like 15 and 15, probably?) And because their products need to be secure, they fixed anything those people found wrong.
Surely that means that to find a vulnerability, any would-be cracker would have to spend at least as long on auditing as cisco did themselves unless they happen to be very lucky, or unless there are problems easily-visible in the source-code that cisco haven't fixed. So we wouldn't expect any exploit to be seen in the near future?
"Herflich, prepare the fake banknotes to pay for the painting of the madonna with the big boobies"
"4/15 connects to 21/15 which connects to 19/22 which connects to 1/22 which connects to 22/13"
Add those all up and subtract 666 to get 9/11, which obviously implies that Steve Gibson was responsible for the flooding of the nile.
"It's clear, then. We must immediately ban all seemingly innocent objects."
Indeed
"They do not allow you to download music in an MP3 format for convenient dumping into your Kazaa directory"
Of course, that must have been the reason I wanted MP3 songs. Not because every music-player device I own requires MP3 format to work, oh no. It must be because I intend to publish the files.
I don't have a Kazaa directory. Kazaa isn't even available for my computer, and I rather resent the implication that requiring the music I purchase to be in a standard format implies that it will be used illegally.
"Downloading music via Kazaa in lieu of buying it is not exercising my rights as a consumer."
Excuse me, you're now equating people who don't buy CDs because they don't work to people who make illegal copies of music. That's not just stupid, that's ridiculous. Stay on-topic please.
"The UK government is trying to introduce ID Cards that sound similar to this."
You mean, David Blunkett wants to introduce ID cards. Nobody else does.
"I'd be interested to know if the Americans have taken on board problems that the UK trial encountered early on. These included contact lenses, I believe, as well as long fringes disrupting measurements between significant facial features."
The UK problems are deeper than that, and not merely related to biometric technicalities (you know how many million people have the same fingerprints as you?)
Their ID-card problems are more related to the fact that they're fundamentally guaranteed to reduce security, increase identity theft, enable the cheap, detailed surveillance of individuals, and generally, have no benefits to anyone with more IQ than a racist who thinks that tagging asylum-seekers with barcodes on their forehead will make Britain better and safer.
"This isn't that complicated but nobody on /. understands it and they all bitch about things that understanding it would resolve and I am sick of it."
Okay, well let's imagine for a moment that we don't think anyone involved in the implementation of smartcards understands these ideas either.
It's not that strange. After all, secure voting protocols exist, but they're completely unknown amongst the people who build voting machines for government use. Why should we imagine that smartcard contractors are any less ignorant of secure protocols?