For some reason I can't recall why I got married with this beautiful blonde, and why I keep dreaming about going to Mars with a brunette. Or am I just going crazy?
If they give priority to their sponsors instead of their viewers, it just means that the viewers aren't seen as CUSTOMERS, but as potential income. Excuse me, sir, but I have no dollar sign printed on my forehead.
Farewell. I'm going with your competition. (translation: Screw you!)
How about common sense instead? How about thinking with your head instead?
We already know that people lack common sense (and what happens to them), but the only way to give common sense to dumb people is through EDUCATION. If people had common sense about online safety, would there be a NEED to educate them in the first place?
You can't fight an enemy you don't know. Someone said that any technology sophisticated enough is virtually indistinguishable from magic. So people need to know how computer security works (and how it DOESN'T work).
here's an example of what can happen to you if you don't know how security works (taken from bash.org - please DON'T mod funny):
#117002 <YuFFie> SO U HACKING ME THEN HUH <YuFFie> WElL I GOT NEWS FOR U MISTER I GOT MORE FIREWALL POWERS NOW SO IM SECURE AND IM USING WINDOWS 98 SO IM REALLY SECURE FROM HACKERS LIKE YOU SO YOU BETTA JUST GIVE UP CUZ U GOT NO HOPE MISTER. * YuFFie (~mirc@3B942731.dsl.stlsmo.swbell.net) Quit (Quit: Owned.) * YuFFie (~mirc@3B942731.dsl.stlsmo.swbell.net) has joined # <YuFFie> HELP MY MOUSE IS MOVING BY IT SELF
What's the lesson here? The victim thought that a firewall was enough to protect him from hackers, when the real problem was a vulnerability in his mirc software (most probably a buffer overflow vulnerability), where communications were not protected by any firewall.
Did the victim have common sense? Probably. Did he lack important information? YES! Had he known about buffer overflow vulnerabilities, he wouldn't have dared the hacker to hack into his computer. We know how human nature can be - the victim was overconfident in his computer's security.
In the same way, people need to learn about social engineering, how spam and phishing fools you, how e-mail From: headers can be faked, how files extensions can be faked in Windows (.gif.exe anyone?), and all that stuff that may look like common sense to you, but might be not so obvious to others.
The govt has educated people about sex (i.e. to bash the common myth that the first time you do it there's no pregnancy), why would online safety be any different, as the internet becomes more important for people's lives each day?
... to get rid of the Microsoft monopoly, and happen to be proficient at C programming: you could cooperate with the ReactOS project (a windows compatible OS) and lend them a hand or two.
I'd love to help them, but I have little spare time and I'm not very good with C - just C++.
Locking to IP address is a non-starter because there are ISPs who will rotate their visible IP range dynamically
AOL doesn't count:-P
Anyway, an option would be that at login, the user has the option to set a flag like "my ISP changes my IP randomly" (something like the login screens with the option "This is a shared computer"). Best of both worlds:)
For intranet sites inside a company, this is a non-issue, since all computers have a fixed IP.
I saw the vulnerability page. They don't have access restriction to subdirectories.
Here's how I've solved this problem:
1) Modify the htaccess (or even better, the httpd.conf) files, so that ANY access to any of the subdirectories of the main app is forbidden. The only exceptions are: a) submodule directories, whose php files do a login check, or b) common images (i.e. logos)/CSS/XSLT/javascript dirs.
2) The only way to view your files is through the web application's PHP file lister and downloader. This should be child's play for anyone with PHP knowledge: PHP has the fpassthru function, or if you're memory-savvy, use standard fopen. Make sure the lister doesn't accept directories above the ones you want to list, and for the files use the basename() function to strip them from subdirectories.
3) Any file in the PHP application MUST include() your security file (which checks if the user has logged in and redirects them to the login page otherwise). For publicly-available pages, add an anonymous user by default.
4) For log in (if not for the whole app), require https.
4a) If you can't implement https, use a salt-based login, with SHA-256 or at least MD5 for the password encryption.
5) Put the client's IP in the session variables, so that any access to the session from a different IP gets redirected to the login page (with a different session id, of course).
6) After log in, regenerate the session id.
7) Put ALL the session variables in the SESSION array, don't use cookies for ANYTHING ELSE.
I consider these measures to be the minimum standard for web applications. It shocks me that commonly used apps still fail to implement them properly.
If the Novell/MS deal gave Novell an edge than its because Linux IS infringing.
I assume you're talking about the 235 patents, right? No, it isn't. The deal gave Novell an edge because Microsoft's FUD has drawn everyone to believe it is.
Yes, but what license shall they choose? BSD? GPL?
Let's assume they release it under GPL. What happens with the BSD-like OS's (including Mac OS X and beyond)? Will they have to adopt GPL, too? For this we would have to find out if they are indeed Unix derivative works and not just clean room implementations, and well, we really don't want to get into that, do we? So, I would choose to re-release Unix under the BSD license.
with "soft" i mean that the keys don't sound like a piano key, but more like a flute that becomes a piano after a tenth of second. I've played real pianos, and the difference with mp3's is indeed noticeable.
I did an mp3 compression experiment with Coldplay "clocks". When compressed via mp3 to 128kbps, it sounds awful. Very noisy, and the note beginnings aren't clear. They sound TOO SOFT. Instead, when compressed to 320kbps, it sounds MUCH, MUCH better, and the "ding" effect when each note is hit, is heard much more clearly. The explanation is that a piano note contains a lot of high freq. harmonics (even if it's not a high note), and these are lost in the mp3 compression. Now, most MP3 music found on the internet is 192kbps, and the last time i checked, a lot of it was encoded at 128.
And that's WITHOUT taking into account the dynamic range loss in modern music (eew).
In short: Yes, the quality loss can be recognized by a human - specially one with music training. Of course, if you're the type of person who plays his iPod too loud with his earbuds, then your ear is already damaged enough so you won't be able to tell any difference. Too bad for you.
it's time to move forward in video compression. There's so much that can be done, and so little that has been done.
Nine visual profiles have been defined in MPEG-4 Visual Version 1 [MPEG4-2]: Simple, Simple Scalable, Core, Main, N-bit, Scaleable Texture, Simple Face Animation, Basic Animated Texture, and Hybrid.
DivX uses the Advanced Simple profile (which would fall in the first of the above list). And yet MPEG-4 can be expanded to use sprites/panorama, animated textures, 2-D animated meshes, 3d-Meshes, natural sound... and you thought DivX was state-of-the-art. <nelson>ha hah!</nelson>
Slashdot Mirror
I couldn't get anything to rhyme with "RIAA"
Tanya battles RIAA's maniac liar giant mafia.
For some reason I can't recall why I got married with this beautiful blonde, and why I keep dreaming about going to Mars with a brunette. Or am I just going crazy?
- Douglas Quaid.
If they give priority to their sponsors instead of their viewers, it just means that the viewers aren't seen as CUSTOMERS, but as potential income. Excuse me, sir, but I have no dollar sign printed on my forehead.
Farewell. I'm going with your competition. (translation: Screw you!)
We already know that people lack common sense (and what happens to them), but the only way to give common sense to dumb people is through EDUCATION. If people had common sense about online safety, would there be a NEED to educate them in the first place?
You can't fight an enemy you don't know. Someone said that any technology sophisticated enough is virtually indistinguishable from magic. So people need to know how computer security works (and how it DOESN'T work).
here's an example of what can happen to you if you don't know how security works (taken from bash.org - please DON'T mod funny)
What's the lesson here? The victim thought that a firewall was enough to protect him from hackers, when the real problem was a vulnerability in his mirc software (most probably a buffer overflow vulnerability), where communications were not protected by any firewall.
Did the victim have common sense? Probably. Did he lack important information? YES! Had he known about buffer overflow vulnerabilities, he wouldn't have dared the hacker to hack into his computer. We know how human nature can be - the victim was overconfident in his computer's security.
In the same way, people need to learn about social engineering, how spam and phishing fools you, how e-mail From: headers can be faked, how files extensions can be faked in Windows (.gif.exe anyone?), and all that stuff that may look like common sense to you, but might be not so obvious to others.
The govt has educated people about sex (i.e. to bash the common myth that the first time you do it there's no pregnancy), why would online safety be any different, as the internet becomes more important for people's lives each day?
Most of us don't that soap exists
Or there's thing dictionary, neither.
I'm an undercover agent working for the FB... oh, it was a joke. Nevermind I posted this. In fact, I didn't log in today.
*dammit, I blew my cover*
p.s. I updated my journal. Here's the php security mistakes entry.
Mind if I linked to your journal entry next time I need to write something about security?
sure, Opportunist. (pun intended)
Good thing I use Firefox and not that "URI browser". I feel safe.
... to get rid of the Microsoft monopoly, and happen to be proficient at C programming:
you could cooperate with the ReactOS project (a windows compatible OS) and lend them a hand or two.
I'd love to help them, but I have little spare time and I'm not very good with C - just C++.
Locking to IP address is a non-starter because there are ISPs who will rotate their visible IP range dynamically
:-P
:)
AOL doesn't count
Anyway, an option would be that at login, the user has the option to set a flag like "my ISP changes my IP randomly" (something like the login screens with the option "This is a shared computer"). Best of both worlds
For intranet sites inside a company, this is a non-issue, since all computers have a fixed IP.
I saw the vulnerability page. They don't have access restriction to subdirectories.
/CSS/XSLT/javascript dirs.
Here's how I've solved this problem:
1) Modify the htaccess (or even better, the httpd.conf) files, so that ANY access to any of the subdirectories of the main app is forbidden. The only exceptions are: a) submodule directories, whose php files do a login check, or b) common images (i.e. logos)
2) The only way to view your files is through the web application's PHP file lister and downloader. This should be child's play for anyone with PHP knowledge: PHP has the fpassthru function, or if you're memory-savvy, use standard fopen. Make sure the lister doesn't accept directories above the ones you want to list, and for the files use the basename() function to strip them from subdirectories.
3) Any file in the PHP application MUST include() your security file (which checks if the user has logged in and redirects them to the login page otherwise). For publicly-available pages, add an anonymous user by default.
4) For log in (if not for the whole app), require https.
4a) If you can't implement https, use a salt-based login, with SHA-256 or at least MD5 for the password encryption.
5) Put the client's IP in the session variables, so that any access to the session from a different IP gets redirected to the login page (with a different session id, of course).
6) After log in, regenerate the session id.
7) Put ALL the session variables in the SESSION array, don't use cookies for ANYTHING ELSE.
I consider these measures to be the minimum standard for web applications. It shocks me that commonly used apps still fail to implement them properly.
If the Novell/MS deal gave Novell an edge than its because Linux IS infringing.
I assume you're talking about the 235 patents, right?
No, it isn't. The deal gave Novell an edge because Microsoft's FUD has drawn everyone to believe it is.
Yes, but what license shall they choose? BSD? GPL?
Let's assume they release it under GPL. What happens with the BSD-like OS's (including Mac OS X and beyond)? Will they have to adopt GPL, too? For this we would have to find out if they are indeed Unix derivative works and not just clean room implementations, and well, we really don't want to get into that, do we? So, I would choose to re-release Unix under the BSD license.
No one will remember Red vs. Blue;
Gee, I wonder then why we still remember the Colossal Cave Adventure!
I thought it was Escherichia coli.
Gesundheit!
with "soft" i mean that the keys don't sound like a piano key, but more like a flute that becomes a piano after a tenth of second. I've played real pianos, and the difference with mp3's is indeed noticeable.
After doing a second comparison, 320kbps still sounds WAY TOO LOW quality for piano music. ...guess nothing beats the real thing, eh?
I did an mp3 compression experiment with Coldplay "clocks". When compressed via mp3 to 128kbps, it sounds awful. Very noisy, and the note beginnings aren't clear. They sound TOO SOFT. Instead, when compressed to 320kbps, it sounds MUCH, MUCH better, and the "ding" effect when each note is hit, is heard much more clearly. The explanation is that a piano note contains a lot of high freq. harmonics (even if it's not a high note), and these are lost in the mp3 compression. Now, most MP3 music found on the internet is 192kbps, and the last time i checked, a lot of it was encoded at 128.
And that's WITHOUT taking into account the dynamic range loss in modern music (eew).
In short: Yes, the quality loss can be recognized by a human - specially one with music training. Of course, if you're the type of person who plays his iPod too loud with his earbuds, then your ear is already damaged enough so you won't be able to tell any difference. Too bad for you.
What if they're of the stealth kills in Manhunt?
You haven't played Silent Hill before bedtime, have you?
We need more people to tag this with the "fatality" tag :)
Ebay has a whole section dedicated to just meteorites.
Thank you for your information. I'm just buying them all.
Regards,
Lex Luthor
how will they manage to prevent EVIL hackers in germany from downloading their evil hacker tools from https://someip.org/hackertools/ ?
They won't even notice the URL. It'll be encrypted under SSL.
DivX uses the Advanced Simple profile (which would fall in the first of the above list). And yet MPEG-4 can be expanded to use sprites/panorama, animated textures, 2-D animated meshes, 3d-Meshes, natural sound... and you thought DivX was state-of-the-art. <nelson>ha hah!</nelson>
STFU.
:)
There.