×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

65,000 Complaints Later, Microsoft Files Suit Against Tech Support Scammers

arth1 Re:25-30 computers (189 comments)

They tried to get around that one by saying that the computer was the one on 192.168.0.something.
Which presumably fools a lot of people, because so many home NAT devices are set to use that IP range on the LAN side, and that they got the first three numbers right might just convince the less savvy.

One even asked me for my IP address so he could check it out better. Sure - it is fda7:60a9:2fd3:3::57 - hope that helps!

These days, I tell them to e-mail you the contact information and you'll get back to them. If they're insistent, I insist on them sending a W-9 too, as I cannot do business with them without it.

12 hours ago
top

At 40, a person is ...

arth1 Re:"Still a youngster" is an invalid option. (163 comments)

A woman that hits menopause and doesn't have children is a dead end from an evolutionary perspective. What potential there was for propagating her genes is gone.
Men have a much larger window, and can produce offspring at any age from the first pre-teen ejaculation until death.

Back to the poll, it means that there isn't a single good answer for what 40 means. If you're a childless woman who feels the imperative drive to reproduce, it might mean you're way past middle age and really need to hurry. But if you're a free man, you might still have a good part of your reproductive years ahead of you.
And if you have children, regardless of gender, whether it's middle aged or old might depend on how old those children are.
There is no good answer, but I think overall, chances are that a woman will feel older at 40 than a man does. And even more so at 50.

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

arth1 Re:Sly (391 comments)

Sorry, no, won't work. See, in order to get a valid SSL cert installed, it has to match the FQDN, or you still get warnings. Which means the embedded device suddenly needs writable storage and routines for uploading said cert, which is a much bigger security risk than someone setting up a man-in-the-middle attack inside your home between you and your DVR.

There are thousands of different web-enabed devices on networks, accessible through unencrypted methods. Because most of them they don't need it. I don't need a certificate on my printer any more than I need auto-locking doors everywhere in my house.
It's only adding overhead, and not giving any tangible benefits.

SSL isn't a silver bullet. It's mostly theater, giving the unwashed masses a feeling of security. It's not implemented in a secure way, but relies on distributed trust - a system that doesn't work.
You have to be horribly ignorant to trust that none of the CAs in your browser's or OS' key store have been compromised, or handed out to someone. Do you verify that the certificate for "secure" sites you visit actually are from the signing authority the web site is expected to use? No? Then how can you possibly trust it?

It's worse than nothing in that it makes you feel warm and cozy and safe, and lulls you into a false sense of security, much like AV software does.

Security is a state of mind. Not a technical piece of shit you can force on everything and say "look, it's secure now!"

2 days ago
top

Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

arth1 Re:Land of the free (571 comments)

Norway hasn't had any school shootings that I know of, except one where a girl got shot in the arse with an airsoft gun about 20 years ago.

If you mean the UtÃya massacre, that wasn't a school shooting, but a right wing nutter first bombing a government building and then impersonating a policeman and shooting indiscriminately at a political youth camp.

Citizens being allowed to carry guns would have stopped neither.

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

arth1 Re:Sly (391 comments)

And pray tell how, exactly, I install a certificate on a DVR on my home LAN (or switch it to using https for that matter)?
These are embedded devices.

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

arth1 Re:Sly (391 comments)

That you can get free certs doesn't mean it's easy or in some cases even possible to install them. These days, you find web servers in lots of embedded devices. Should i have to click by a warning every time I want to access my DVR on my LAN?

Encryption is useful when it serves a purpose. It doesn't always, and then it's just a waste at best and a false sense of security at worst.
SSL is inherently a weak solution - it is never any stronger than the least strong of the enormous list of CAs built into every browser. If just one of them is compromised (or have handed over the keys to a three letter agency), visitors lose the protection against MITM attacks and similar.

Self-signed certs are actually far safer, if done right, where the user has to actually validate the cert the first time. But those gets warned against.

2 days ago
top

Google Proposes To Warn People About Non-SSL Web Sites

arth1 Re: So perhaps /. will finally fix its shit (391 comments)

Make no mistake, Google doesn't do this because they have our best interest in mind, but because caching means they can't always tell exactly how many and who saw a particular page or ad. They hate caching unless it's them doing it. Going https instead of http defeats most caching, at the expense of the web sites easily having to serve twice as much data to serve the same number of visitors - some of that from the overhead of https, and some of that because of less caching.

Again, follow the money trail, and you'll get the answer for why Google wants to push everyone to https.
The guys over at squid-cache.org are not amused.

2 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

arth1 Re:But but but (322 comments)

oh tahnk goodnes you saved us all. what elsee is in ur crystal ball.

What kind of idiot modded this drunken drivel insightful? A sock puppet account?
Look at the GP post - the guy didn't predict anything. He correctly used the present tense for describing timeline events, and drew no conclusions. If you drew your own conclusion and then knock it down, that is not insightful, nor any skin off his back.

3 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

arth1 Re:And on the plus side... (322 comments)

There are in fact huge forests around me. And this is where the drought has been severe and has caused a lot of forest fires.

Good. There are supposed to be droughts and forest fires. That's why the tall conifers were everywhere in California - trees evolved to survive droughts and fires.

Those not willing to live with the natural climate of the land they have settled on better be prepared to pay high and continuing costs for fighting nature.

3 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

arth1 Re:But but but (322 comments)

Sure, over-use is a problem, but there's also less precipitation than is normal.

That there will be years and even decades of less precipitation than normal is normal. Droughts happen. Floods happen. Hurricanes happen.
People planning for what's out of the ordinary happens less often. It's much easier to pretend it won't happen and then find someone or something to blame.

3 days ago
top

How Identifiable Are You On the Web?

arth1 Re:AdBlock can't do as much as hosts can (159 comments)

Please explain how hosts entries would block:

- Any host on the 123.64.0.0/11 network.
- Any host that ends with .2o7.net regardless of hostname[*].
- Requests that embed a hostname or IP address in the URL

[*]: You are aware that some trackers use pseudo-random hostnames that are resolved through wildcard DNS entries, right? That way they can track exactly where you came from too, because the hostname will be unique for just you.

All you have to do is give examples that do the above. It's you who claim hosts files are the panacea - the burden of proof is on you, not others.
Put up or shut up.

4 days ago
top

How Identifiable Are You On the Web?

arth1 Re:Privoxy iirc, & the rest of your "points"? (159 comments)

No, Privoxy won't help if you have to go through an external proxy. You know, one that you don't have control over, but where work can log who visited what pages. Work, like what you don't have because you're a kook and unemployable.

With a remote proxy, no local resolving takes place at all (other than the address of the proxy server). No matter what hosts tables you have set up on your local machine doesn't matter because the resolving doesn't happen on your machine at all.

Adblock works great, because it filters before you send a request. Neither the resolving nor the request goes anywhere.
Of course, it can filter IPs and wildcards too, unlike a dumb hosts table.

4 days ago
top

How Identifiable Are You On the Web?

arth1 Re:Why don't browsers clean it up? (159 comments)

No, I don't think he did. He was suggesting that browsers truly act on that option selection in a useful way. You misunderstood his post.

The Do Not Track option is defined in the RFC draft as not doing anything except sending the DNT: 1 header to a remote server. Having it do more goes against the specification.
Of course, browsers can implement other functionality to thwart tracking, but not as part of Do Not Track, which has a very specific meaning.

5 days ago
top

How Identifiable Are You On the Web?

arth1 Re:AdBlock's useless (159 comments)

Pray tell us how to use hosts files through a proxy server.
It's the proxy server that looks up the host names, not your local resolver.

Also, how well does it work with wildcards? There are ad companies that use thousands of random hosts, of the form 47db.adcompany.com, 1a74.adcompany.com, 357f.adcompany.com. With a hosts file, you have to fill out every single possible entry ahead of time, because it doesn't take a wildcard like *.adcompany.com.

Nor does it block IP addresses. How would you use a hosts file to block http://61.174.51.194/ ?

Never mind that big hosts files slow down the system, because it is traversed linearly, not through a hash like better resolve (and blocking) mechanisms.

Using hosts files was viable up until the late 80s, but now it is a joke.

5 days ago
top

Time To Remove 'Philosophical' Exemption From Vaccine Requirements?

arth1 Re:Fuck You (1050 comments)

Humanity is as successful as it is today because we take care of our weak, not because we destroy them. You are confusing evolution through natural selection with eugenics...

This deserves its own reply. No, it's you who are confusing the two.

Eugenics is when people choose who should live and who should die. This is abhorrent, for a variety of good reasons. It's not only morally repugnant, but from an objective point of view, it is detrimental to the species because when you kill those who are different from you, you also kill the good mutations, i.e. those who are fitter than you.

Natural selection is when those who survive due to their own abilities have more viable offspring, causing a propagation of successful genes and mutations, not selected genes.

If anything, vaccination is more like eugenics than anti-vaccination is. Money and culture controls who gets vaccinated and who doesn't, and most people want their own children to have an advantage, even if unfair.

5 days ago
top

Time To Remove 'Philosophical' Exemption From Vaccine Requirements?

arth1 Re:Fuck You (1050 comments)

There is no reason to belive that Stephen Hawking would not have made it into adulthood. ALS isn't a disease that decreases resistances in any great way, and it is also a progressive disease, and most of his childhood he was doing pretty well.

But even if some of the brightest would not have made it, those would be compensated for by the increased number of children born to replace those who didn't make it. By chopping off the tail on the left hand side and increasing the magnitude of the Gauss curve, you cause an increase in the long tail on the right hand side.

And I have never said anything about it being the strongest that survive - of course it is the fittest. Those who are less fit get reaped by predation in species that maintain a healthy base. Whether it's because they can't see the predators coming, can't run away, don't have a immune system fighting off diseases, or otherwise. Those with detrimental mutations are less fit than average, and thus less likely to live to propagate their detrimental mutations, and the culling of the herd leads to the average herd member being fitter than otherwise, especially over multiple generations.

5 days ago
top

How Identifiable Are You On the Web?

arth1 Re:Why don't browsers clean it up? (159 comments)

Especially if "Do Not Track" is set to on - why don't they limit the data to send back?

You have misunderstood what "Do Not Track" means.

It turns on a flag always telling remote websites "this user does not want to be tracked". It has nothing to do with telling your browser to change its behavior, it gives remote sites a piece of information about your wishes.

Whoever came up with the idea was a dumb shit, and whoever let it become implemented as a browser option was even dumber - it was blindingly obvious from the star that in real life, it's just sending the remote site one more bit of information they can use to track users with.

Even worse was the idiot who decided to make it default in some browsers. That changes the request from "This user has chosen to ask you to please do not track him", which conceivably a few sites might choose to honor, to "This user has not changed his defaults for this setting", which pretty much ensures that it won't be honored. As it is, it's a waste of a few bytes of transmission.

5 days ago
top

How Identifiable Are You On the Web?

arth1 Re:Not impressed (159 comments)

The only thing I found interesting was this:

Use of AdBlock 49.28%

But that probably says more about the people who would visit the site than it does of AdBlock users.
Especially with the sample size so small at is is. https://panopticlick.eff.org/ has a much much higher sample base.

Other things that could be checked but which aren't include whether the browser allows SSL2, SSL3, TLS1.0, TLS1.1, and what kind of encryption.
Also, the ballpark speed at which it evaluates Javascript.

5 days ago
top

How Identifiable Are You On the Web?

arth1 Re:I'm a special snowflake apparently. (159 comments)

Fonts seems to be what does it. With many programs coming with extra/special fonts, it quickly narrows the users down based on what they have installed.

Of course, for fonts that only come as part of a software package but install fonts as system fonts (why?), it also tells remote sites what you have installed, which is an additional privacy concern.

5 days ago

Submissions

top

Blog pioneer WELL close to closing

arth1 arth1 writes  |  more than 2 years ago

arth1 (260657) writes "One of the first Internet communities outside Usenet, The WELL (Whole Earth 'Lectronic Link) is in dire waters. The owners, Salon, have laid off the entire staff, and are looking for buyers.

The WELL started out as a BBS-like entity, and proceeded through telnet to also support web and e-mail. Its web interface may seem dated by today's standards, but it works quite WELL, and was an influence on many later online communities, including Slashdot.

Subscribers received an e-mail from Salon Media Group's CEO Cindy Jeffers, stating:
"[....]as part of the company’s review of its strategic objectives, we have determined that The WELL no longer aligns with our business plans and accordingly we are exploring transferring The WELL to new management."

This came as a surprise to the employees. Gail Williams, one of the (former) employees wrote in a newsletter:

"On May 30, 2012, the community department at Salon was disbanded, and the three employees who had been working from 30% to 100% on running The WELL were laid off. We were shocked, of course."

Now is the time to make an offer to save this historic landmark on the Internet."

Link to Original Source
top

arth1 arth1 writes  |  about 8 years ago

arth1 (260657) writes "From the Bay City news wire:

"A friend of Nina Reiser, an Oakland woman police believe was murdered, has helped set up an education fund for her two young children.

Ellen Doren said people who want to contribute to the fund should make out checks to "Education Fund for Rory and Nio Reiser" and send them to Education Fund for Rory and Nio Reiser, 6114 LaSalle Ave #127,Oakland, CA 94611."


Sounds like a good idea; orphan kids are stuff that matter."

Journals

top

Letter frequencies in URLs

arth1 arth1 writes  |  about a year and a half ago

Doing some maintenance on a few squid cache servers, I decided to look into the letter frequency distributions for URLs, and how it matches normal written text.
Four caches were scanned for the URLs of currently cached content only, constituting around 1.5 million URLs.

In short, the results have some of the same characteristics as normal text, but with notable exceptions. You don't get an etaoin shrdlu; there are a lot of h, t, p, colons and slashes in URLs which skew the results. I'm also surprised that w scored so low, given all the URLs that start with www.

If anyone else finds a use for this, here is the data. Each character in the URL is followed by the number of times it was used in each cache, plus the total for all four caches.

/: 83198 130244 3028097 2929538 6171077
t: 73026 99729 2727455 2641930 5542140
e: 52801 95537 1746624 1753865 3648827
.: 35317 60175 1478231 1467006 3040729
o: 40941 86873 1423124 1448453 2999391
a: 43075 72450 1408451 1384211 2908187
c: 36078 64921 1308435 1295986 2705420
s: 41946 76684 1251987 1278493 2649110
p: 28248 44907 1214805 1190698 2478658
m: 29609 45768 1168769 1195505 2439651
h: 22543 41992 1029463 1019494 2113492
i: 37846 58586 974977 994693 2066102
n: 30006 51596 815477 795344 1692423
r: 26958 53239 801514 774606 1656317
g: 23689 57734 666533 790131 1538087
d: 23304 36637 746244 697523 1503708
:: 15442 27059 639115 649013 1330629
w: 25563 41061 622672 629215 1318511
1: 9697 12580 577523 561429 1161229
l: 21855 32824 560110 542960 1157749
2: 9890 13516 492565 514385 1030356
u: 11878 15246 440808 431176 899108
0: 10333 13106 404229 445998 873666
v: 7450 8415 328991 292590 637446
b: 9980 26743 280533 285767 603023
3: 6296 6905 299391 272352 584944
f: 9866 25830 265685 266037 567418
4: 4738 5931 273161 244104 527934
k: 4202 5641 235501 230456 475800
5: 5957 6920 212941 235172 460990
7: 6497 7333 230677 200956 445463
9: 4327 5215 206613 195295 411450
8: 5363 6697 210689 178565 401314
6: 5761 6487 209092 175203 396543
x: 3853 5755 168401 144265 322274
-: 3516 11325 124398 133481 272720
y: 4348 5272 114803 96971 221394
_: 2301 2683 87749 80901 173634
j: 4436 5058 89043 72567 171104
=: 1555 1437 37342 35214 75548
q: 1494 1538 32910 37861 73803
z: 741 907 29563 30037 61248
,: 3282 2848 21099 14688 41917
&: 493 413 12558 9222 22686
%: 220 460 9640 11420 21740
;: 2878 2254 8281 8281 21694
?: 322 294 4796 9264 14676
+: 45 35 1333 1758 3171
~: 31 7 996 735 1769
$: 0 0 425 670 1095
^: 6 0 420 228 654
*: 27 10 187 188 412
!: 0 2 282 122 406
[: 0 0 292 23 315
]: 0 0 272 23 295
|: 8 8 77 167 260
@: 10 0 113 38 161
(: 0 0 75 55 130
): 0 0 69 55 124
{: 0 0 75 0 75
\: 0 0 6 4 10
': 0 0 1 1 2

Does it have any practical use?
Perhaps. In proxy.pac files, a common method of load balancing based on URLs, known as the Sharp Superproxy script, is to sum the ASCII values of the cache entries, and mod it by the number of servers, to pick a server to use. .pac files are javascript, and javascript does not have an easy method to return the ascii value for a character. So what's generally used is a function like:

function atoi(charstring) {
    if (charstring=="a") return 0x61; if (charstring=="b") return 0x62;
    if (charstring=="c") return 0x63; if (charstring=="d") return 0x64;
//.....
}

This can be speeded up by ordering the list in the order of frequency, starting with "/", "t", "e", ".", "o", "a" - just moving those few to the front, reduces the latency of the script significantly.

Also, hashing in URL history handling can be sped up if the most prevalent buckets are created. This could also be useful for other URL collections, like AV software URL matching. I am unaware of any that work directly with character based lookups, but it is certainly one way to do it.

Other uses?
In pen testing, having a frequency table like this can greatly aid in URL discovery speed.

But all in all, it was a fun exercise. Note that the variations may be great, especially for the bottom half of the list. Also note that the low count for the letter 'x' in the URLs might not match your users.

top

Slashdot clandestinely scanning its users

arth1 arth1 writes  |  more than 6 years ago

I just discovered something I'm not sure I like.

Whenever I post something to slashdot, slashdot connects back to port 80 on the machine I post from, looking for an open proxy on port 80.
This isn't behavior I really like to see. It's unsolicited, and more to the point, it takes advantage of a local firewall possibly being temporarily open for traffic FROM an address for a short while after connecting TO it.
There might be a "good cause", like collecting a list of open proxies for the poor guy behind the Great Firewall of China or something similar, but it's still unsolicted, clandestine and not documented.

Here are a couple of web log entries showing this:
216.34.181.45 - - [10/Sep/2008:15:47:47 -0400] "GET http://news.slashdot.org/ok.txt HTTP/1.0" 404 271 "-" "libwww-perl/5.812"
216.34.181.45 - - [10/Sep/2008:20:32:18 -0400] "GET http://mobile.slashdot.org/ok.txt HTTP/1.0" 404 273 "-" "libwww-perl/5.812"

Slashdot Login

Need an Account?

Forgot your password?