| |
| "The future masters of technology will have to be lighthearted and intelligent. The machine easily masters the grim and the dumb." -- Marshall McLuhan, 1969 |
|
Acidus and The Absurdity of Cookie Storage |
|
|
|---|
| Topic: Media |
3:15 am EDT, Jun 6, 2007 |
This is brilliant. Read on: The follow is an excerpt from the upcoming Ajax Security book. It discusses a downside of using HTTP cookies as a persistent client-side storage system: they get appended to every appropriate HTTP request. To illustrate this more clearly, think of cookie storage like having to remember an errand to do after work by shouting it at the end of every sentence you say. It would sound something like this: Bryan: Hello Billy, what’s Shaking? Billy: Hey Bryan. Just finishing this chapter on offline Ajax. Pick up Red Bull On the Way Home! Bryan: ... ... Uhhhhh, Ok. Why are you shouting that at me instead of writing it down? Billy: Because I choose a poor client-side storage methodology. Pick up Red Bull On The Way Home! Bryan: ... ... Ok, this is just weird. I’m leaving. Billy: You should be glad I can only store 4K of data this way. Pick Up Red Bull On The Way Home!
Thats right, No silly appendices full of ASCII tables and RFCs. We replaced that crap with comedy. Extremely poor comedy :-) All writing and no play makes billy a dulllllllllllllllllllll boyyyyyyyyyyyyyyyyyyyyyyy. [sleeps]
I would be shouting something about cigarettes or coffee probably. Acidus and The Absurdity of Cookie Storage |
|
'The Most Beautifil Destruction...' | Optyx and The Cray-2 |
|
|
|---|
| Topic: Technology |
1:21 pm EDT, Jun 4, 2007 |
Billy relays a great story... (Update: This has piqued a number of people's interest. Updates are being appended to this post.) (Update2: Great story, but it looks bunked. Pictures and details contained within...) Optyx is in Atlanta for the week and we got some drinks with John Terrill last night. A good time was had by all talking about crypto, web apps, the homies on #vax, brushes with the law, security charlatans, and new opportunities. The night was finished with a stumbling tour of Pat and my old stomping grounds: Georgia Tech. If you don't know Optyx, he's forgotten more hacker stories then I'll ever have. The following is, as best as the beers will let me remember, the story of the Cray-2. I've tried to tell the story as close to the way Pat did. Any errors are the fault of Guinness So I was living in San Francisco working at a web hosting startup. A friend of mine at Lawrence Livermore National Laboratory gives me a heads up, saying they were decommissioning their Cray-2 super computer. I decided to buy it but the regulations said the lab had to hold a public auction to sell it. However, it didn’t say how far in advanced the time or place of the auction had to be published. Through some help from my friends at the lab an auction got setup where I was the only bidder. The auctioneer wasn’t in on the scheme and he opened the bidding at $2000. I looked around, saw I was the only guy, and said “$1000.” They sold me the Cray-2 for a grand and I took back to my house on Treasure Island in the back of a U-haul. A Cray-2 weights more than a ton so this was not an easy task. The big problem I had was how to power the thing. I hacked together a power converter and ran it off the 3 phase power outlet for the clothes dryer. But I had this girl roommate who used to complain about not being able to dry her clothes when she wanted because the computer was on. So the uptime of the super computer was dependent on the laundry habits of a roommate! After the first month, I got the power bill. It was $2200. I decided it was time to sell the Cray. Through a mutual friend, I found some .com yuppie who wanted to buy the Cray and use it as a couch. I sold it for around $3500 to recoup the cost of the machine and the power bill. I visited his house which was on the side of a hill in SF. You’d park in a 1 car garage underneath the house and used stairs to go up into it. It was like a big loft space on the 1st floor and that is where he decided to put the Cra... [ Read More (0.7k in body) ] 'The Most Beautifil Destruction...' | Optyx and The Cray-2
|
|
Daniel J. Levitin - It Was 40 Years Ago Today - washingtonpost.com |
|
|
|---|
| Topic: Music |
6:23 pm EDT, Jun 3, 2007 |
Great songs seem as though they've always existed, that they weren't written by anyone. Figuring out why some songs and not others stick in our heads, and why we can enjoy certain songs across a lifetime, is the work not just of composers but also of psychologists and neuroscientists. Every culture has its own music, every music its own set of rules. Great songs activate deep-rooted neural networks in our brains that encode the rules and syntax of our culture's music. Through a lifetime of listening, we learn what is essentially a complex calculation of statistical probabilities (instantiated as neural firings) of what chord is likely to follow what chord and how melodies are formed. Skillful composers play with these expectations, alternately meeting and violating them in interesting ways. In my laboratory, we've found that listening to a familiar song that you like activates the same parts of the brain as eating chocolate, having sex or taking opiates. There really is a sex, drugs and rock-and-roll part of the brain: a network of neural structures including the nucleus accumbens and the amygdala. But no one song does this for everyone, and musical taste is both variable and subjective. To a neuroscientist, the longevity of the Beatles can be explained by the fact that their music created subtle and rewarding schematic violations of popular musical forms, causing a symphony of neural firings from the cerebellum to the prefrontal cortex, joined by a chorus of the limbic system and an ostinato from the brainstem. To a musician, each hearing showcases nuances not heard before, details of arrangement and intricacy that reveal themselves across hundreds or thousands of performances and listenings. The act we've known for all these years is still in style, guaranteed to raise a smile, one hopes for generations to come. I have to admit, it's getting better all the time.
Daniel J. Levitin - It Was 40 Years Ago Today - washingtonpost.com |
|
Slashdot | Online Reputation Is Hard To Do |
|
|
|---|
| Topic: Society |
5:55 pm EDT, Jun 3, 2007 |
Slashdot has links to two articles worth reading in Information Week about reputation and identity on the Internet."The idea of a transferable, semantic reputation is identity nirvana," says Fred Stutzman, co-founder of ClaimID, one of the many startups trying to help Web users create more complete and flexible online profiles.
Slashdot | Online Reputation Is Hard To Do |
|
Denying Genocide in Darfur, and Americans Their Coca-Cola |
|
|
|---|
| Topic: International Relations |
5:29 pm EDT, Jun 1, 2007 |
"I want you to know that the gum arabic which runs all the soft drinks all over the world, including the United States, mainly 80 percent is imported from my country," the ambassador said after raising a bottle of Coca-Cola. A reporter asked if Sudan was threatening to "stop the export of gum arabic and bring down the Western world." "I can stop that gum arabic and all of us will have lost this," Khartoum Karl warned anew, beckoning to the Coke bottle. "But I don't want to go that way." As diplomatic threats go, that one gets high points for creativity: Try to stop the killings in Darfur, and we'll take away your Coca-Cola.
Truly amazing.. Denying Genocide in Darfur, and Americans Their Coca-Cola |
|
Gogle and the different types of privacy... |
|
|
|---|
| Topic: Politics and Law |
2:10 am EDT, May 31, 2007 |
Decius wrote this: This is at the crux of present privacy battles. Yes, if you walk out of a strip club and your girlfriend is driving by, its not like she was doing anything wrong. She didn't violate your privacy. But if everything you ever do outside is always recorded all of the time, then in a very real sense you've lost something, even though you can't put a finger on the quantum recordings as being inappropriate, or the access to the quantum recordings as being inappropriate. Its the same thing in numerous contexts. You've no 4th amendment right to privacy in regard to the phone numbers you've dialed, because the phone company presumptively knows them, and you have to presume that they might tell the police. However, generally you wouldn't. Generally you'd think the phone company wouldn't tell the police who you are calling unless they suspected you of something. Its possible that the phone companies have been providing every number that everyone ever dials to the NSA. There is a difference. We better get good at recognizing it.
Ahh.. The good old reasonable expectation of privacy... Let me drill up one of my old points, just to have it in this discussion.... Eskimos have five different words for types of fallen snow. Snow is pretty important to Eskimos. If privacy is important to us, we need to do a better job at how we define different types of privacy, so we can safeguard them in different ways. How do we start defining the different types of privacy, and getting people to accept those semantic distinctions? That would be a a good first step. Then we can get a dialog going about how to protect them... Gogle and the different types of privacy... |
|
|
|---|
| Topic: Computer Security |
5:21 pm EDT, May 30, 2007 |
More from Acidus: Based on methodology from the JavaScript vulnerability scanner Jikto, we will also demonstrate DOMinatrix, a JavaScript payload using SQL Injection to extract information from a website's database.
DOMinatrix: Spanking the DOM the way the DOM like it! I'd like to thank Dan Kaminski for the suggestion. He came up with the name and challenged me to come up with the spanking victim. You'll see it at Blackhat.
DOMinatrix... |
|
Christopher Soghoian | Remote Vulnerability in Firefox Extensions |
|
|
|---|
| Topic: Computer Security |
4:22 pm EDT, May 30, 2007 |
A vulnerability exists in the upgrade mechanism used by a number of high profile Firefox extensions. These include Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial extensions. The vulnerability is made possible through the use of a man in the middle attack, a fairly old computer security technique. Essentially, an attacker must somehow convince your machine that he is really the update server for one or more of your extensions, and then the Firefox browser will download and install the malicious update without alerting the user to the fact that anything is wrong. While Firefox does at least prompt the user when updates are available, some commercial extensions (including those made by Google) have disabled this, and thus silently update their extensions without giving the user any say in the matter.
A demo video is available. Christopher Soghoian | Remote Vulnerability in Firefox Extensions |
|
|
|---|
| Topic: Technology |
4:22 pm EDT, May 27, 2007 |
A remote user can send specially crafted data to trigger a buffer overflow in the UPnP Internet Gateway Device Standardized Device Control Protocol code and execute arbitrary code on the target system. The code will run with the privileges of the target service.
"privileges of target service" == root Apple credits Michael Lynn of Juniper Networks with reporting this vulnerability.
Mike's fuzzing DNS again which is oh so Dan Kaminski-esque. Remote root in Mac OS-X |
|
The Counterpoint to Trent Reznor's Comments in The Herald Sun |
|
|
|---|
| Topic: Music |
4:30 am EDT, May 27, 2007 |
This is all well and good because Trent is an established artist that definitely has a core audience that will purchase whatever he releases. Given the fact that his releases (upto the last two years) have had 5 year intervals, then the label is going to be even more likely to jack his retail price up. They've got to make as much hay while the sun is shining. What's missing in this story is the fact that he's gotten tremendous marketing and placement since after PHM hit platinum in 1990. Most artists don't get nearly the kind of promotion that he's gotten over his career. Let's not even talk about the fact that his debut album had two of the worlds most successful producers working on it as well, something that could've only been organized by TVT. Let's also not forget that despite being engaged in a lawsuit with Trent, TVT still promoted the hell out of Broken because it was in their best interest to do so. While Trent didn't make as much money from TVT as he might could've, he made enough to situate himself in a good place and took advantage of a great tour to up his brand with fans. If he were to have to break into today's marketplace, there's no way that he would be so cavalier about how he would distribute his work. He's forgetting that the $10M+ that he's netting after each world tour comes from the fact that he's gotten such good promotion release after release. If he was starting from scratch again, he'd still be doing the opening slot for Jesus and Mary Chain and Peter Murphy and barely able to pay for the tour. This notion of him even being ABLE to make a living using this method of distribution is insulting because it uses revisionist history as its basis. The fact is, like most established artists, his cost basis for producing further releases is much closer to zero due to his investment in millions of dollars in studio infrastructure and ability to attract top engineering talent from his brand name. Those assets came from the fact that major labels have invested in him from the beginning and he's been rewarded for generating good returns on that investment. I'm not a big fan of the major labels and their business practices. The system needs to change and the models are anachronistic at best. But they do provide a critical function in the value chain and that is promotion and marketing. It's ridiculous for an artist to say that they are completely unnecessary when they've been the benefactor of that marketing machine.
This is great commentary. This is the counterpoint. It's all valid. The space between Trent's comments and flynn23's post is the battleground in the current music marketplace. The Counterpoint to Trent Reznor's Comments in The Herald Sun |
|
