Let's see some other custom pages for HTTP errors. I think designers could really have some fun with 410 (Gone), 401 (Unauthorized), 403 (Forbidden), and 418 (I'm a teapot).
Plus, if they actually get the television and Blu-ray player connected to the Internet, that's a step or two beyond what most consumers would do.
(Of course, being on./, I'd save my $150.)
2010, the year of that win you First National Lottery of Nigeria, headquartered in an English-speaking embassy for purposes translation. To claim the money, please use our secure website [paypal.com] with your name, address, bank account information, and Social Security number to claim you're prize.
That makes things hard to troubleshoot. Try naming everything after the currently-logged on user. Try looking at IP addresses to track down John Smith's computer.
My old university/job used a three letter department code, and then the last six digits of the asset tag. You'd get systems like ITS-26301 and MTH-31415.
This is pretty solid, especially because:
Machines rarely if ever change departments. Even the laptops. Entire departments can change buildings without issue; sociology moved across campus, and we were like, "Wait, when did you guys get the fuck over here?"
The first four digits of any asset tag (in the foreseeable future) are fixed, so just prefix it with 7802 and look it up in the online database (or Mac OS X dashboard widget made by yours truly, for the two other people in IT who have and use Macs) for more information than one cares to know.
In the interest of asking, though, what about a server-side solution? One could use HTTP Accept headers and content negotiation in the HTTP server, if you'll excuse the slight dip in performance. For example:
Browser requests/path/to/video.
The browser sends the Accept header (or X-HTML5-Video-Accept header, if you want it that way), which contains video/mp4;q=0.9; video/ogg;q=0.8.
The server sends/path/to/video.mp4.
Likewise:
Browser requests/path/to/video.
The browser sends the Accept header (or X-HTML5-Video-Accept header, if you want it that way), which contains video/ogg,*;q=0.1.
The server sends/path/to/video.ogg.
Something like that, at least. In fact, were browsers to add video MIME types to their Accept headers, one could implement this yesterday. This solves the issue of codecs, as long as content providers make it available in as many formats as possible.
Possible solution: when one posts the ad, the site (e.g., craigslist) usually sends a confirmation email, with a link to accept, edit, or delete the posting. Well, encrypt that message with the poster's PGP key, and let them decrypt that link. Assuming the private key is not compromised, it's bulletproof (if it is, then online posers are the least of your worries).
Seriously though, PGP could be the closest thing we have to an OPIN, as the parent suggested. It's just a keypair (username) and passphrase -- not a big departure from the popular username/password combo. All we need is some sort of wrapper to get the washed masses to use it without causing a brain embolism.
Gmail Labs, are you listening? You're Google; figure this shit out.
If His Holiness doesn't mind waiting until the summer, Mac OS X 10.6 ("Snow Leopard") is rumored to include a full implementation of ASLR.
I can't find any other details beyond that, so we'll have to wait and see what that means.
In fact it's probably much less secure than windows, since it doesn't deploy counter-measure such as non-exec stacks, address randomization and the like.
Wrong. Mac OS X has supported non-executable stacks on PowerPC and Intel; in fact, it can't be turned off like it can on Windows. ASLR is also supported as of Mac OS X 10.5. Other security features include signed applications and downloads, as well as sandboxing of core system services (and you can sandbox your own applications, too).
Regardless, most of the exploits made on Mac OS X have been through the Flash plugin. Whichever operating system you choose, you may want to disable Flash.
Bonjour (aka, Zeroconf) is a zero-configuration link-local protocol that you may find suitable. The protocol is built into Mac OS X and Linux (as Avahi); Windows XP just requires Apple's port of Bonjour to be installed. Once that's set up, you can tell Pidgin, iChat, Adium, Kopete, etc. to announce your presence. Just type in your name, and your Buddy List will instantly populate with all of the Bonjour chatters on your LAN.
It's not as manageable as Jabber or SILC, but from a technical perspective, you can get the entire office chatting in minutes. In my opinion, it's definitely worth a look.
Pluses:
Practically zero configuration -- punch in your name and go.
Totally decentralized -- no server needed. Much less to buy and maintain compared to Jabber.
Buddy Lists are automatically populated -- no need to add anyone.
Bonjour is not available outside of the LAN.
Compatible with IPv4 and IPv6.
Pitfalls:
Pidgin, iChat, etc. all support other externally-available services. (Can the client's preferences be locked? Or use a firewall/proxy to block all outgoing IM services.)
Anyone with Avahi/Bonjour, Pidgin/iChat/Adium/etc., and a LAN connection can just open up their laptop and join in the chatting fracas. (Secure your network -- WPA2 is fine, but since HIPAA's involved, try 802.1x, EAP, RADIUS, etc.)
You can only chat with users on your subnet. (Do a site survey before deploying.)
Chats are not encrypted in transit. (You may wish to encrypt with OTR or PGP.)
Other applications can use Bonjour to advertise services -- some VNC clients, for example, will advertise that the computer is running VNC. (Security through obscurity shouldn't be your only line of defense.)
Close. Not everyone is interested in programming, and some people simply can't grasp concepts of functions, pointers, array numbering⦠sad but true.
However, teaching kids ABOUT computers is a great idea. Computer history, drivers, networkingâ¦Âyes, very yes. How to format a hard drive, how to make a PowerPoint presentation⦠no.
Don't teach the steps, teach the concepts. Teach them about networking, not how to configure TCP/IPv4 in Windows XP. Teach them about how hard drives work, not about how to format C: on the school computers. Sure, our children may have to call the IT guy, but at least they'll know that the Internet isn't made of tubes.
Agreed. My PowerBook G3 lasted for about eight years, too (even living to see Tiger with a gig of RAM), until the processor card finally failed.
I disagree on your disagreement. Proper handling never hurts.
I see my roommate's three-month-old iPod covered in scratches like it was tied to his bumper, and he argues, "Well, you shouldn't have to spend extra for a case after you buy the damned thing!"
Mac users argue that Mac OS X is easier to use, cite a recent magazine article or sales figures, and make fun of Vista, drivers, or blue screens of death.
Windows users argue that the Mac OS is silly and expensive, mention something about market share, games, and single-button mice.
Linux users just don't care, though are quite proud of Wal-Mart's PC and the Linux netbooks. Though the GNOME and KDE war rages on, thanks to people like Mark Shuttleworth and Canonical, Linux (well, the people-friendly distros) as a whole is coming closer to a unified platform.
Sure, it's basically just a popularity contest, but at the end of the day, each operating system makes strides in usability. It's not about insecurity -- it's about making sure that even computer-illiterate people like Grandma Plumber can check her email or (gasp!) install a program without someone else's hand on the mouse, no matter what kind of computer her son Joe buys for her.
Actually, they don't even have to press enter. Spotlight searches as you type.
Shuttleworth's point here is that while we Slashdotters have slocate, find, grep, etc., what do the grandmothers and Microsoft expatriates have?
The museum had a policy of no photographs. This is hardly uncommon: not only do many people find it annoying to stumble over photographers and deal with flashes while they're trying to look at art, but repeated exposure to light flashes can damage art.
This is true. I fully respect the rules about no flash photography. That doesn't stop me from pitching a tripod and taking a shot with a slow shutter, though.
Actually, on my car (a 1997 Pontiac), the so-called "chip" in the key is actually a dumb resistor. I don't know if the "chips" in car keys have improved since then, though.
This technology is VATS (marketing name PASSKey II). The resistor in the key has one of fifteen possible resistances. Each ignition only accepts one and only one certain resistance; if the resistance through the "chip" is not the correct one, the ignition will order the starter and fuel pump to shut down for three or four minutes.
It means anyone attempting to steal those GM vehicles with VATS need to carry fifteen different keys, and have (at most) and hour to spend trying keys. Simple, but effective enough to satisfy most people.
True, but you'd have the sender's and recipient's data in the headers. For example, I've culled these headers from one of Slashdot's email notifications. Every SMTP server between the sender and the receiver would have to be encrypted and/or removing some of these headers:
Received: by 10.141.26.16 with SMTP id d16cs144104rvj;
Sun, 3 Aug 2008 12:05:06 -0700 (PDT)
Received: by 10.65.242.7 with SMTP id u7mr980867qbr.41.1217790306248;
Sun, 03 Aug 2008 12:05:06 -0700 (PDT)
Return-Path: <slashdot@slashdot.org>
Received: from ck4jzd1.ch3.sourceforge.com (slashdot.org [216.34.181.45])
by mx.google.com with ESMTP id p31si10509010qbp.18.2008.08.03.12.05.05;
Sun, 03 Aug 2008 12:05:06 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of slashdot@slashdot.org designates 216.34.181.45 as permitted sender) client-ip=216.34.181.45;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of slashdot@slashdot.org designates 216.34.181.45 as permitted sender) smtp.mail=slashdot@slashdot.org
Received: from localhost ([127.0.0.1] helo=ck4jzd1.ch3.sourceforge.com)
by ck4jzd1.ch3.sourceforge.com with smtp (Exim 4.63)
(envelope-from <slashdot@slashdot.org>)
id 1KPit7-0008FV-Hu
for [lol, my email address]; Sun, 03 Aug 2008 19:05:05 +0000
Subject: [Slashdot] Reply to "Re:this has been the case all along" by AmiMoJo
In doing so, you would lose a vital piece of anti-spam and anti-phishing technology. Although privacy is nice, some of these headers more than likely aren't going anywhere soon.
Assuming that Apple has no problem with the GPL, then I suppose the Mac users of the world should submit feedback. Thunderbird users can leave feedback here. Hell, leave feedback for both. Widespread adoption of GPG can't hurt anyone.
And you're right, GPG doesn't encrypt headers. If we did encrypt headers, we'd have to find a replacement for SMTP⦠SMTPSEC? Given the popularity of DNSSEC compared to DNS, I don't see that happening.
Slashdot Mirror
Let's see some other custom pages for HTTP errors. I think designers could really have some fun with 410 (Gone), 401 (Unauthorized), 403 (Forbidden), and 418 (I'm a teapot).
Looks like the MobileMe logo went up for auction and Best Buy won it. I wonder if Apple cares enough to bother sending out a lawyer or two.
Plus, if they actually get the television and Blu-ray player connected to the Internet, that's a step or two beyond what most consumers would do. (Of course, being on ./, I'd save my $150.)
2010, the year of that win you First National Lottery of Nigeria, headquartered in an English-speaking embassy for purposes translation. To claim the money, please use our secure website [paypal.com] with your name, address, bank account information, and Social Security number to claim you're prize.
That makes things hard to troubleshoot. Try naming everything after the currently-logged on user. Try looking at IP addresses to track down John Smith's computer.
My old university/job used a three letter department code, and then the last six digits of the asset tag. You'd get systems like ITS-26301 and MTH-31415.
This is pretty solid, especially because:
Your mileage may vary.
We already have a pi number, though. It's a little more than three.
[...] ATM machines [...]
I knew someone would do this. You bring up ATM machines, PIN numbers, and the HIV virus, and acronyms get no respect.
That's an excellent client-side solution.
In the interest of asking, though, what about a server-side solution? One could use HTTP Accept headers and content negotiation in the HTTP server, if you'll excuse the slight dip in performance. For example:
Likewise:
Something like that, at least. In fact, were browsers to add video MIME types to their Accept headers, one could implement this yesterday. This solves the issue of codecs, as long as content providers make it available in as many formats as possible.
Exactly. Man, I've got to scroll down before I went about PGP.
Possible solution: when one posts the ad, the site (e.g., craigslist) usually sends a confirmation email, with a link to accept, edit, or delete the posting. Well, encrypt that message with the poster's PGP key, and let them decrypt that link. Assuming the private key is not compromised, it's bulletproof (if it is, then online posers are the least of your worries).
Seriously though, PGP could be the closest thing we have to an OPIN, as the parent suggested. It's just a keypair (username) and passphrase -- not a big departure from the popular username/password combo. All we need is some sort of wrapper to get the washed masses to use it without causing a brain embolism.
Gmail Labs, are you listening? You're Google; figure this shit out.
If His Holiness doesn't mind waiting until the summer, Mac OS X 10.6 ("Snow Leopard") is rumored to include a full implementation of ASLR. I can't find any other details beyond that, so we'll have to wait and see what that means.
In fact it's probably much less secure than windows, since it doesn't deploy counter-measure such as non-exec stacks, address randomization and the like.
Wrong. Mac OS X has supported non-executable stacks on PowerPC and Intel; in fact, it can't be turned off like it can on Windows. ASLR is also supported as of Mac OS X 10.5. Other security features include signed applications and downloads, as well as sandboxing of core system services (and you can sandbox your own applications, too).
Regardless, most of the exploits made on Mac OS X have been through the Flash plugin. Whichever operating system you choose, you may want to disable Flash.
Bonjour (aka, Zeroconf) is a zero-configuration link-local protocol that you may find suitable. The protocol is built into Mac OS X and Linux (as Avahi); Windows XP just requires Apple's port of Bonjour to be installed. Once that's set up, you can tell Pidgin, iChat, Adium, Kopete, etc. to announce your presence. Just type in your name, and your Buddy List will instantly populate with all of the Bonjour chatters on your LAN.
It's not as manageable as Jabber or SILC, but from a technical perspective, you can get the entire office chatting in minutes. In my opinion, it's definitely worth a look.
Pluses:
Pitfalls:
Close. Not everyone is interested in programming, and some people simply can't grasp concepts of functions, pointers, array numbering⦠sad but true.
However, teaching kids ABOUT computers is a great idea. Computer history, drivers, networkingâ¦Âyes, very yes. How to format a hard drive, how to make a PowerPoint presentation⦠no.
Don't teach the steps, teach the concepts. Teach them about networking, not how to configure TCP/IPv4 in Windows XP. Teach them about how hard drives work, not about how to format C: on the school computers. Sure, our children may have to call the IT guy, but at least they'll know that the Internet isn't made of tubes.
Damn, and I was hoping to get my girlfriend some mod points for Christmas.
Agreed. My PowerBook G3 lasted for about eight years, too (even living to see Tiger with a gig of RAM), until the processor card finally failed.
I disagree on your disagreement. Proper handling never hurts.
I see my roommate's three-month-old iPod covered in scratches like it was tied to his bumper, and he argues, "Well, you shouldn't have to spend extra for a case after you buy the damned thing!"
I don't mind the Awesomebar, but those are just my two cents. Then again, I'm still with Safari, holding out for a Mac version of Chrome.
Mac users argue that Mac OS X is easier to use, cite a recent magazine article or sales figures, and make fun of Vista, drivers, or blue screens of death.
Windows users argue that the Mac OS is silly and expensive, mention something about market share, games, and single-button mice.
Linux users just don't care, though are quite proud of Wal-Mart's PC and the Linux netbooks. Though the GNOME and KDE war rages on, thanks to people like Mark Shuttleworth and Canonical, Linux (well, the people-friendly distros) as a whole is coming closer to a unified platform.
Sure, it's basically just a popularity contest, but at the end of the day, each operating system makes strides in usability. It's not about insecurity -- it's about making sure that even computer-illiterate people like Grandma Plumber can check her email or (gasp!) install a program without someone else's hand on the mouse, no matter what kind of computer her son Joe buys for her.
Actually, they don't even have to press enter. Spotlight searches as you type. Shuttleworth's point here is that while we Slashdotters have slocate, find, grep, etc., what do the grandmothers and Microsoft expatriates have?
For the record, I've only used the tripod once or twice, when I needed a really high-quality. I do bring my camera, but rarely take pictures anyway.
And yes, I fully respect life's tacit "don't be a jerk" policy. Do you think I got this good karma by swinging tripods around?
The museum had a policy of no photographs. This is hardly uncommon: not only do many people find it annoying to stumble over photographers and deal with flashes while they're trying to look at art, but repeated exposure to light flashes can damage art.
This is true. I fully respect the rules about no flash photography. That doesn't stop me from pitching a tripod and taking a shot with a slow shutter, though.
Actually, on my car (a 1997 Pontiac), the so-called "chip" in the key is actually a dumb resistor. I don't know if the "chips" in car keys have improved since then, though.
This technology is VATS (marketing name PASSKey II). The resistor in the key has one of fifteen possible resistances. Each ignition only accepts one and only one certain resistance; if the resistance through the "chip" is not the correct one, the ignition will order the starter and fuel pump to shut down for three or four minutes.
It means anyone attempting to steal those GM vehicles with VATS need to carry fifteen different keys, and have (at most) and hour to spend trying keys. Simple, but effective enough to satisfy most people.
Received: by 10.141.26.16 with SMTP id d16cs144104rvj;
Sun, 3 Aug 2008 12:05:06 -0700 (PDT)
Received: by 10.65.242.7 with SMTP id u7mr980867qbr.41.1217790306248;
Sun, 03 Aug 2008 12:05:06 -0700 (PDT)
Return-Path: <slashdot@slashdot.org>
Received: from ck4jzd1.ch3.sourceforge.com (slashdot.org [216.34.181.45])
by mx.google.com with ESMTP id p31si10509010qbp.18.2008.08.03.12.05.05;
Sun, 03 Aug 2008 12:05:06 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of slashdot@slashdot.org designates 216.34.181.45 as permitted sender) client-ip=216.34.181.45;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of slashdot@slashdot.org designates 216.34.181.45 as permitted sender) smtp.mail=slashdot@slashdot.org
Received: from localhost ([127.0.0.1] helo=ck4jzd1.ch3.sourceforge.com)
by ck4jzd1.ch3.sourceforge.com with smtp (Exim 4.63)
(envelope-from <slashdot@slashdot.org>)
id 1KPit7-0008FV-Hu
for [lol, my email address]; Sun, 03 Aug 2008 19:05:05 +0000
Subject: [Slashdot] Reply to "Re:this has been the case all along" by AmiMoJo
Date: Sun, 3 Aug 2008 19:05:05 +0000
Message-Id: <1217790305.540059-31690-slash-ck4jzd1.ch3.sourceforge.com@slashdot.org>
From: slashdot@slashdot.org
In doing so, you would lose a vital piece of anti-spam and anti-phishing technology. Although privacy is nice, some of these headers more than likely aren't going anywhere soon.
Assuming that Apple has no problem with the GPL, then I suppose the Mac users of the world should submit feedback. Thunderbird users can leave feedback here. Hell, leave feedback for both. Widespread adoption of GPG can't hurt anyone.
And you're right, GPG doesn't encrypt headers. If we did encrypt headers, we'd have to find a replacement for SMTP⦠SMTPSEC? Given the popularity of DNSSEC compared to DNS, I don't see that happening.