118 posts • joined 19 Aug 2010
Re: Financial Damage
So what happens when details of their activities escape and the world at large then loses faith in the products and services their country provides, and stops buying.
Do they then have to spy on themselves?
Re: Wrong inference?
Yes, good point. My mistake.
Anyway, it sounds like the behaviour needs to be better defined.
Although section 6.3 of RFC 2109 (written in 1997) is talking about the client-side, I think it's not unfair to infer that a server should be able to support requests with at least 300 x 4kb cookies.
In his test, Bogdan Calin uses 100 x 3k cookies.
6.3 Implementation Limits
Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:
- at least 300 cookies
- at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
- at least 20 cookies per unique host or domain name
6.3.1 Denial of Service Attacks
User agents may choose to set an upper bound on the number of cookies to be stored from a given host or domain name or on the size of the cookie information. Otherwise a malicious server could attempt to flood a user agent with many cookies, or large cookies, on successive responses, which would force out cookies the user agent had received from other servers. However, the minima specified above should still be supported.
Why is the reason a craft is in the air important to the FAA? I.e. Why do they care if the nature is commercial or not? Genuinely interested.
> The only way the government could stop this traffic would be to block all encrypted traffic
Shhh! Don't go putting ideas in their heads!
360,000 lines of code to count votes?
Perhaps I'm being naive, but this seems grossly over the top. No doubt it had a commensurate price tag too.
I estimate that...
...sending 20kg by Falcon-9 to low Earth orbit (where the ISS resides) comes to about $80,000.
I also estimate that the cost of an espresso from that machine would be comparable to London prices.
> There's little evidence Rex Mundi's victims have paid up.
well, there wouldn't be. For all we know, a lot of people have paid up.
@ Lee D
I'm not quite sure what your point is here. You just seem to be indiscriminately pouring scorn on all aspects of the AI field.
Sure, it's proved to be a lot more difficult that anyone expected; it may not even be possible! But what would you have us do? Just give up?
Your bit about "every AI project I've seen tends to be a year or two old at the most - usually just long enough to write a paper, get your doctorate and then flee before someone asks you to do any more on it", is grossly disingenuous. You seem to be implying that the sum total of activity in the field of AI amounts to a handful of pre-doc students taking random pot-shots at the problem?!
Re: Marketing bollocks
> what's it doing new that Flickr doesn't?
Not fucking up and alienating vast swathes of users?
Just read the support forums to get a taste of what's wrong with Flickr.
I'll do it for free
def is_tweet_significant( text )
A few media outlets seem to be implying that 12,000 is a large number. I suspect Google get an order of magnitude greater sign ups per day.
Re: This app will self destruct in 5 seconds...
Uh... what if the script is installed on the truecrypt volume that it unmounts, or the fully encrypted disk the OS is installed on?
If he's into self-flagellation
...someone should point him towards LaTeX
How much does it cost to get a patent?
I'm going to patent "A method of applying for beyond-trivial, and/or blatantly common sense ideas, concepts and processes".
Then sue all the trolls.
Re: Embeded Flash YouTube
I missed your response, but I didn't miss a whole bunch of videos suddenly being visible in recent articles. Thanks!
Incidentally, I'm still being asked to install Adobe Flash Player on every page, but I believe that is due to the current set of adverts.
Embeded Flash YouTube
Not really a bug, but I don't have Flash installed which means none of the embeded youtube videos work because you're using the flash player.
I wouldn't mention it, except for the fact that I know you could use an HTML5 player.
For example, in the recent article on the PiPhone , I just see a big grey "plugin missing" box, but if I navigate to the source article  (where they are using the HTML5 player), it plays perfectly well.
Also, If I remember correctly, you're using some weird overlay which obscures the 'youtube' logo bottom right, thus making it impossible to click through to the video's page on youtube.
Re: And if you don't have flash installed... re. ABC News 24
I haven't watched it enough to form an opinion, but I have it on good authority that it's basically the Australian equivalent of BBC news. Make of that what you will.
And if you don't have flash installed...
Here are the direct links:
Someone with more spare time than me should do a statistical analysis of voting practices in Google Play to identify vote rigging. It's painfully obvious when it happens, and it seems to happen a lot.
With all their experience of battling spam, I don't see why Google seem to be turning a blind eye to this problem.
Re: Occam's Razor
This seems far more likely. "New Error Photography" more like.
Either way, I'm curious to see the footage.
If these secret US agencies are perfectly happy to violate their own Constitution and then lie about it, what hope is there for this scrap of paper?
Cue millions of websites (hacked or otherwise) becoming host to embedded bitcoin miners.
Perhaps not, but I do wonder how many zero-day hacks lie in wait for us.
Did anyone think WhatsApp was secure?!
They have a notoriously bad track record. Prior to August 2012, messages weren't even encrypted!
Hopefully this doesn't end up bricking swathes of ATMs across the globe
Also, I don't see why a bunch of ideas have been ruled out because "they could be gamed". Entire websites have been (successfully) built around these ideas that can be "gamed".
I would also like to "+1" the suggestion of getting notifications when any post of mine has been responded to. It's a pain having to log in, open an article, click comments, click my posts, middle click a handful of my posts, ...and scroll.
All great apart from that!
> What, other than a channel Netflix doesn't hugely need, can Comcast offer beyond quality carriage?
Perhaps it's an exclusive deal. I.e. Netflix signed the contract with the understanding that YouTube and other video streaming services would not be offered similar deals and would continue to be throttled?
I guess it's no bad thing, raising the profile of permission overreach, but Android already presents all this information to the user when installing a new app. So I'm not sure what McAfee's proposal is bringing to the table.
Facebook finally got canned when a recent update decided that it now needed to access my text messages.
11 incidents per day?
Who has the time, perseverance, and steady hand required to cause 11 incidents a day?!
Totally, agree. This is really annoying.
Re: Rare pragmatic response
In this case, I don't think they've factored in the number of less-than-scrupulous users who will suddenly discover they have been using IE7 all this time.
Re: Bitcoins traceable for most users
I didn't say they *can* determine the source of funds, I said they *have more chance*.
> Cumbria University admitted it has no way of checking whether pupils had earned their virtual crypto currency by stealing, through botnets, by legitimate mining and trading, or via drug sales on Silk Road.
They have more chance of discovering the source of bitcoins than real money. They can trace back through every bitcoin transaction ever made. Try walking into a bank and asking where your client's payment came from.
Do universities check that traditional tuition payments haven't come from nefarious activities?
Whether or not I agree with Google's design decisions, I can usually see *why* they've done something.
I have no idea why they would do this. It seems everybody loses.
don't be [caught doing] evil
no Android version?
Nice to see Yahoo haven't lost their "unique" approach to business.
Re: Spread the cost. @AC
You're right that revisions are deleted after 30 days (and Google counts those revisions against your total storage, but Dropbox doesn't), but CryptoLocker gives you three to four days to pay the ransom before deleting your files, so if you haven't noticed after 30 days then I suggest your files can't be that important.
Re: Spread the cost. @lorisarvendu
Not true. All the major cloud backup services (Dropbox, SkyDrive, Google Drive, etc) have implemented file versioning so you'd always be able to navigate back to a previous (unencrypted) version.
Re: Techie question.... @Jamie
So if you sign your own certificate and someone navigates to your site, they'll see the usual "You're browsing on a secure connection, but we can't verify the identity of the site. Do you want to proceed?"
Someone sat between your users and your server could then strip out your SSL and re-encrypt traffic with their own self-signed certificate. You wouldn't have to dig deep to see the certificates were different, but if your end user is expecting to see that warning, then would they do that? I doubt it.
I suppose if you were able to convince a user to add you as a root certificate authority, then I guess you'd be more secure, as you suggest, but then how does your user know that initial connection hasn't been compromised and they aren't actually installing an attacker's certificate?
I don't think getting your certificate signed by a CA is detrimental to security, and only adds barriers to adversaries, especially to common or garden ones you're much more likely to encounter.
Again, correct me if I'm wrong...
Re: Techie question....
I'm not an expert, but I'm pretty sure this would make a MITM attack even easier.
A man-in-the-middle would be able to strip out your certificate and add their own, which now wouldn't even need to have a chain of trust, it could just be any old certificate.
If some adversary (criminal, governmental or other), employs this MITM technique, then the end user will still see the green padlock in their browser but if they inspect the chain of certificates, they should notice that the certificates involved are not the usual ones, no?
Are there any browser plugins that can warn about unexpected (but apparently legitimate) chains of certificates? Perhaps checking against previous experience and/or some independent database?
Re: P=Partner, not Parent.
> that strength is decreasing rapidly and they won't get taken seriously much longer.
Glad they are getting shut down
But why would anyone install a flashlight app that required the "Location" permission, (and full network access presumably)?
Fully agree with M Gales' post above.
Is this like that time President Obama said "we're not going to scramble jets to catch a thirty year old hacker", then grounded the Bolivian President's jet on the basis of a rumor?
Re: Well Well
Meanwhile, we are getting outraged and vocal about one of our diplomatic bags getting opened in Gibraltar. Hypocritical much?
Are they using automatic voice recognition, or are they doing this manually / relying on community members to flag stuff up?
Good luck to him, but does he not remember how he was dismissed from his government position as drugs policy advisor? Of all people, his "hopes the UK government can set that to rights" seem a bit optimistic.
Am I going to get hacked if I click that link?
Do you work for NSA/GCHQ?