This only works if you can garuntee that the code that is obscure is also good. The only way that you can prove this is if the code that is good is not obscure (and hence, can be read and judged 'good').
If there was some mechanism in place to ensure beyond a shadow of a doubt that the code is good and also allows it to stay obscure, then yes, "security through obscurity and good coding" is probably better than "security though good coding" alone, but such a mechanism is well nigh impossible to achieve.
Hmmmmm... so why not do a bunch of operations on client machines that would be useless to the client? Like calculate line of sight on client A for client B?
I realise that a distributed model would suck up a significant bit of bandwidth, but it would work reasonably well with a few optimisations (i.e. only users from the same geographic area process each others data, etc.; and there'd have to be some way to deal with faster and slower machines and connections)
Then my apologies - I was responding to the general 'american kids don't care' sentiment then specifically your post - maybe I should have checked.
And I must say that outside Europe there is very little Tintin to be seen unfortunatley.
(Incidentally, I'm living in sunny Wollongong, and theres a bookclub specialising in Tintin and other, similar comics here thats pretty active; maybe Tintin only appeals to a really thin section of the population)
... Not only do the youth culture of today (and lets face it, its the kids buying tickets that make the box-office money) have no idea who Cuthbert Calculus is, let alone Tintin...
The hell is this?
My youngest brother (14) knows who Tintin is. He borrowed them religiously from the school library until he had read every single one. His friends have read Tintin (he lent out his copies).
In fact, just a minute ago he was really excited because I just told him that/. had a story saying there'd be a Tintin movie.
Maybe, just maybe, American children don't know who Tintin is. Maybe hes big in Europe (where we bought a half dozen Tintin books for the first time). Maybe Tintin isn't an American thing, so perhaps you've just got yourself a terribly narrow outlook on the world. Maybe.
Computers can already prcess data much faster than you or I (or you and I) can follow
Maybe. But all the cron jobs in the background would bring any computer to its knees, not to mention the contants interrupts, constant polling of millions of sensors and the total inability of any computer to hold its own at kickboxing.
Try it with all the switches set (volume label, etc.)
I seem to remember it *was* at least possible with MS-DOS 5.0, because I wrote a batch file that would format a HDD, then copy a new install of a bunch of things onto it - and it would do it with one command and no user input
Well how much of what is secure? It seems to me that MOST of the security bugs one associates with Microsoft are problems with two programs in particular--IIS and Outlook (Express version only).
Or, y'know, the version of Outlook that was spreading all those nasty worms.... it probably had some holes too.
Just be afraid when a bill is passed to push that national ID card as an injectable tag behind your neck. That's when you will find FAQ's on the internet how to build tin foil hats.
Just a note: It really isn't that hard to design a site from the ground up to be 100% compliant - all you need to remember is that form goes in the.css and function in the.html
Anything you can do with non-compliant code, you can do with compliant code.
Alright, so maybe theres problems with caching the sites.
But has anyone thought of maybe a slashproxy? The proxy would grab the story links from the main page and store them, and just push all other data through (without storing it).
Dunno just how workable it'd be - but I'd subscribe for it.
If you've got the right analog equipment, an SB Live! Platinum is actually rather good for what you're after.
The Live! is very well supported in Linux as far as my experience goes, and its analog inputs are pretty good. I don't have any hard figures, but going from my old vinyl to 192kbit MP3 (through LAME) compares *very* favorably to going from CD to same quality MP3 (Perl Jam - Vitalogy on vinyl and CD)
Also, the original Live! Platinum is available for around US$50 if you shop around.
(of course, all this is useless if you're looking for archive quality recording, but moving from your 'El-Cheapo Pretends-To-Be-Soundblaster-Compatible' it'd be an order of magnitde better)
Hit 'Ctrl-Shift-Esc' under processes, look for IEXPLORE.EXE, look in the User Name column. If it lists it as LOCAL SERVICE or SYSTEM (or Administrator, but I doubt that'd show up), then it has permissions (well, it has the potential to have the permissions) over your entire system.
But by default, IE doesn't have any more privelege then explorer.exe, which is run by the current user. So unless you've changed stuff, you ought to be safe.
However, Windows does wierd things with requests to other services. For example, explorer.exe can make a call to svchost.exe, which can cause system-wide damage. Possible, but rare.
MS needs to review their policy, as so many agree. With a scenario like this, where no hard details are given beyond a general overview and theory, we've eliminated a vast majority of copy&paste script kiddies and other clueless individuals.
And even if a reasonably skilled individual came across something like this, they'd still have to put in a reasonable amount of effort to figure it out for themselves, and really, how many skilled hackers are going to devote their time to writing viruses and such.
I realise there are exceptions, but surely this is better then the fabled 'security through obscurity' approach.
Re:Subscriptions should add value
on
Slashdot Updates
·
· Score: 1
I actually really like this idea - it means I can block Anonymous Cowards and other people I don't want showing up - It'll also mean I can do decent searches and filtering of posts.
But how would we work it so that only registered users get to post? Maybe we'd be required to add a password to each and every post (the password would have to be filtered out server-side). Otherwise someone could just set their address to that of a/. member and post away... (just plain e-mail verification won't work for some users, like me, who have a different e-mail address at work and home and read Slashdot at both...)
Yeah, price is the issue here - I have no idea how much it should cost.
As for extra perks - I like the idea of voting on the submission queue and why don't you give paying members a +2 bonus or something? That would eliminate problems you'd get from buying moderator points, and still keep paying customers happy:)
Why not give those who pay real $$$ access to the archives? Or why not give a small discount at ThinkGeek or something (although this may defeat the purpose of making money:)?
As for cost - maybe we should take a look at Ars for inspiration? Although/. may not be able to provide so many different services...
Slashdot Mirror
This only works if you can garuntee that the code that is obscure is also good. The only way that you can prove this is if the code that is good is not obscure (and hence, can be read and judged 'good').
If there was some mechanism in place to ensure beyond a shadow of a doubt that the code is good and also allows it to stay obscure, then yes, "security through obscurity and good coding" is probably better than "security though good coding" alone, but such a mechanism is well nigh impossible to achieve.
Porn? Naked people?
Must be some sort of new 'bathing-suit' porn
Can someone point me to some info about this self cleaning glass stuff?
Hmmmmm... so why not do a bunch of operations on client machines that would be useless to the client? Like calculate line of sight on client A for client B?
I realise that a distributed model would suck up a significant bit of bandwidth, but it would work reasonably well with a few optimisations (i.e. only users from the same geographic area process each others data, etc.; and there'd have to be some way to deal with faster and slower machines and connections)
Then my apologies - I was responding to the general 'american kids don't care' sentiment then specifically your post - maybe I should have checked.
And I must say that outside Europe there is very little Tintin to be seen unfortunatley.
(Incidentally, I'm living in sunny Wollongong, and theres a bookclub specialising in Tintin and other, similar comics here thats pretty active; maybe Tintin only appeals to a really thin section of the population)
... Not only do the youth culture of today (and lets face it, its the kids buying tickets that make the box-office money) have no idea who Cuthbert Calculus is, let alone Tintin...
/. had a story saying there'd be a Tintin movie.
The hell is this?
My youngest brother (14) knows who Tintin is. He borrowed them religiously from the school library until he had read every single one. His friends have read Tintin (he lent out his copies).
In fact, just a minute ago he was really excited because I just told him that
Maybe, just maybe, American children don't know who Tintin is. Maybe hes big in Europe (where we bought a half dozen Tintin books for the first time). Maybe Tintin isn't an American thing, so perhaps you've just got yourself a terribly narrow outlook on the world. Maybe.
Like Wing Commander III?
Under a killing moon?
Computers can already prcess data much faster than you or I (or you and I) can follow
Maybe. But all the cron jobs in the background would bring any computer to its knees, not to mention the contants interrupts, constant polling of millions of sensors and the total inability of any computer to hold its own at kickboxing.
Or, pour orange juice on this new brain sized computer thingy - watch as it slowly gets up and beats you senseless.
Its really simple - we use the same units, you just have to multiply by 32 for anyone outside the US...
(Oh dear, now I'm gonna die.)
Try it with all the switches set (volume label, etc.)
I seem to remember it *was* at least possible with MS-DOS 5.0, because I wrote a batch file that would format a HDD, then copy a new install of a bunch of things onto it - and it would do it with one command and no user input
Well how much of what is secure? It seems to me that MOST of the security bugs one associates with Microsoft are problems with two programs in particular--IIS and Outlook (Express version only).
Or, y'know, the version of Outlook that was spreading all those nasty worms.... it probably had some holes too.
Just be afraid when a bill is passed to push that national ID card as an injectable tag behind your neck. That's when you will find FAQ's on the internet how to build tin foil hats.
Like this one? Now where do I have to go to get tagged?
MailWasher is another one, I've been using it a month or so now, and its quite good.
It checks messages against a set of rules then allows you to bounce them, delete them, etc. before you download them off your mailserver.
Its good for people who get a low-med amount of spam (15-20 per day)
A while back a friend of mine linked /dev/random to /home/gnutella/TheMatrix.avi, shared it with LimeWire.
:)
35 people downloaded over 800meg
Just a note: It really isn't that hard to design a site from the ground up to be 100% compliant - all you need to remember is that form goes in the .css and function in the .html
Anything you can do with non-compliant code, you can do with compliant code.
Alright, so maybe theres problems with caching the sites.
But has anyone thought of maybe a slashproxy? The proxy would grab the story links from the main page and store them, and just push all other data through (without storing it).
Dunno just how workable it'd be - but I'd subscribe for it.
If you've got the right analog equipment, an SB Live! Platinum is actually rather good for what you're after.
The Live! is very well supported in Linux as far as my experience goes, and its analog inputs are pretty good. I don't have any hard figures, but going from my old vinyl to 192kbit MP3 (through LAME) compares *very* favorably to going from CD to same quality MP3 (Perl Jam - Vitalogy on vinyl and CD)
Also, the original Live! Platinum is available for around US$50 if you shop around.
(of course, all this is useless if you're looking for archive quality recording, but moving from your 'El-Cheapo Pretends-To-Be-Soundblaster-Compatible' it'd be an order of magnitde better)
Trillian runs fine under wine, albiet without *any* alpha blending (not sure tho, it may work on a version of X that supports transparency)
(Just realised I'm using WineX 2.2 - may make a difference, but it works for me)
Works for the RIAA
Then all is lost :)
Hit 'Ctrl-Shift-Esc' under processes, look for IEXPLORE.EXE, look in the User Name column. If it lists it as LOCAL SERVICE or SYSTEM (or Administrator, but I doubt that'd show up), then it has permissions (well, it has the potential to have the permissions) over your entire system.
But by default, IE doesn't have any more privelege then explorer.exe, which is run by the current user. So unless you've changed stuff, you ought to be safe.
However, Windows does wierd things with requests to other services. For example, explorer.exe can make a call to svchost.exe, which can cause system-wide damage. Possible, but rare.
MS needs to review their policy, as so many agree. With a scenario like this, where no hard details are given beyond a general overview and theory, we've eliminated a vast majority of copy&paste script kiddies and other clueless individuals.
And even if a reasonably skilled individual came across something like this, they'd still have to put in a reasonable amount of effort to figure it out for themselves, and really, how many skilled hackers are going to devote their time to writing viruses and such.
I realise there are exceptions, but surely this is better then the fabled 'security through obscurity' approach.
I actually really like this idea - it means I can block Anonymous Cowards and other people I don't want showing up - It'll also mean I can do decent searches and filtering of posts.
/. member and post away... (just plain e-mail verification won't work for some users, like me, who have a different e-mail address at work and home and read Slashdot at both...)
But how would we work it so that only registered users get to post? Maybe we'd be required to add a password to each and every post (the password would have to be filtered out server-side). Otherwise someone could just set their address to that of a
Yeah, price is the issue here - I have no idea how much it should cost.
:)
:)?
/. may not be able to provide so many different services...
As for extra perks - I like the idea of voting on the submission queue and why don't you give paying members a +2 bonus or something? That would eliminate problems you'd get from buying moderator points, and still keep paying customers happy
Why not give those who pay real $$$ access to the archives? Or why not give a small discount at ThinkGeek or something (although this may defeat the purpose of making money
As for cost - maybe we should take a look at Ars for inspiration? Although