Displaying comments 1 to 50 of 53
MeFi post:
WhoTubes?
The real question is if Google is breaking Canadian law by giving this data to Viacom in violation of PIPEDA.
Perhaps I'll lodge a complaint.
posted to MetaFilter by mock
at 12:44 AM on July 4, 2008
MeFi post:
LOLMusicFans
So... in alcohol terms, they did the equivalent of forcing someone with no previous drinking experience to down a bottle of whiskey, and strangely enough found that it causes brain damage... Is anyone surprised? (those dosages are rather high for an animal with no previous tolerance to the drug)
I'm not going to pretend that ecstasy is good for you, it probably isn't. But neither is binge drinking, or smoking cigarettes. And like the latter two, lots of people do it... [more]
posted to MetaFilter by mock
at 8:32 PM on April 26, 2008
MeFi post:
business card designs
There are some good reasons to give every employee business cards. First of all, it can be important for morale. It sends the message that management values its technical staff as much as it values sales and marketing (sounds silly, but at least some people will be offended or feel left out if you don't). As well, having your technical staff hand out cards is good for marketing. Technical staff might not interact with people outside your company day to day, but they probably will at... [more]
posted to MetaFilter by mock
at 4:21 PM on April 24, 2008
MeFi post:
iPhone SDK details
I occasionally write little apps for my Nokia Symbian based phone. I use python, because it's a good RAD language, it's free, and I already know it. If I had to use the C SDK, I wouldn't bother - it's just too much effort. Writing phone apps isn't my job, it's just something I do to make my life and my friends lives a bit easier. I've been holding off on getting an iPhone until I could see what the SDK was like, and so far it doesn't look like a pleasant platform to code for. So I guess I... [more]
posted to MetaFilter by mock
at 3:07 PM on March 7, 2008
The $100 is no big deal. Limiting development to a single language/IDE toolchain is. It's exactly as you say, competition for my non-work hours is what is at issue. I may change my mind somewhere down the road, but right now Xcode and Objective C don't look like much fun to code in.
posted to MetaFilter by mock
at 3:29 PM on March 7, 2008
MeFi post:
Riding the Waves
I use Catalyst at work, and for most of my side projects. Mostly it replicates the functionality of the ad-hoc framework I'd been using before, but in a smarter tighter package, so I get code that's a little easier to understand and maintain. When I hand the project off to someone else to work on, the fact that I use a bunch of standard concepts (patterns even) makes it easy for them to understand why I've made the implementation decisions that I did (I know, you're all shocked that a perl... [more]
posted to MetaFilter by mock
at 3:51 PM on February 29, 2008
MeFi post:
20 years of line noise and here's to 20 more
Perl's fine for big jobs too. You just need the right tools for the job and a bit of discipline. 20 years make for a fair bit of optimization as well, which is handy if you'd actually like to scale that application some day.
PS: You really should be using the right tool for the... [more]
posted to MetaFilter by mock
at 2:18 PM on December 18, 2007
yes
posted to MetaFilter by mock
at 2:57 PM on December 18, 2007
You could always try to help. A new version of parrot was released today as well as perl 5.10.
posted to MetaFilter by mock
at 3:33 PM on December 18, 2007
I smell an Ada programmer
posted to MetaFilter by mock
at 3:50 PM on December 18, 2007
MeFi post:
The Best Laid Plans
As much as I love Hanlon's razor, I think a different principle is in play here:
Sufficiently advanced incompetence is indistinguishable from malice.
posted to MetaFilter by mock
at 10:07 AM on June 28, 2007
MeFi post:
The Record Industry's Decline
I don't really listen to recorded music any more. I go to a few live shows, and I noodle about with a few instruments, but for the most part I had no dog in this fight.
Except I work in the software industry, and every time I pay more for blank CDs to make backups, or have to worry about the DMCA, or have some stupid bullshit DRM foisted on me, or have to wade through the morass of stupid IP law bullshit with a machete and a lawyer in tow, I think to myself - fuck you... [more]
posted to MetaFilter by mock
at 7:31 PM on June 26, 2007
MeFi post:
How hackers make money.
Featuring quotes and a picture of MeFi's own Dan Kaminsky.
posted to MetaFilter by mock
at 5:28 PM on February 12, 2007
This is also a neat scam in wide use in Europe, relying on a bunch of work originally done by Trifinite.
As well, Thorsten Holz has done a lot of research in this area, especially with tracking stock spam. His blog is good reading material if you're interested in this topic. In fact any of the honeynet people are good for further reading.... [more]
posted to MetaFilter by mock
at 5:39 PM on February 12, 2007
MeFi post:
Prison Rape
So, let me get this straight. If I break a law, and face going to prison, the odds are that I'm going to be raped and possibly die of AIDS.
Clearly we can see that criminals are not responding rationally to the threat of incarceration. The claim has always been, that harsher punishments deter crime. At this point any punishment you get is equivalent to the death penalty, or at least a death penalty lottery. So given the above, it seems obvious to... [more]
posted to MetaFilter by mock
at 2:09 AM on February 12, 2007
Except of course, if you're opposed to the death penalty for the usual reasons of the falibility of the courts , you should probably be opposed to castrating people for much the same reasons.
Plus there's the additional argument, that if rapists know they're going to get castrated if caught, they have a fair bit of incentive to commit murder to avoid it.
posted to MetaFilter by mock
at 3:50 AM on February 12, 2007
Uh huh... and I suppose some women were "asking for it" too
BULLSHIT
If someone says they were raped, I'm kinda inclined to believe them. While I grant you, there might be some few individuals who go around making up crazy wild accusations - most people, would never admit to being raped unless it actually happened.
That goes double for convicts. It's like sticking a sign on your back saying... [more]
posted to MetaFilter by mock
at 6:01 AM on February 12, 2007
No no no! I'm seeing the ultimate public/private partnership. Government Porn! If we get those coming of jizzus people to do it we can even fund it as a faith based initiative. We'll let the magic of the invisible hand sort it all out!
posted to MetaFilter by mock
at 6:49 AM on February 12, 2007
MeFi post:
Shouldn't he have eaten a placenta by now?
I found it interesting because it is either a brilliant bit of propaganda, or an interesting take on what these people actually believe. They don't come across as any loonier than most religious people, and perhaps even less loony than some. Admittedly, he's dealing with the hippy-dippy wing of the church, not the mainstream orthodox version, so perhaps this makes them appear more sympathetic than they otherwise would. Either way it's a good look inside their heads that they're usually too... [more]
posted to MetaFilter by mock
at 5:07 AM on February 11, 2007
As the original poster let me clarify something about the whole cult/religion thing. I used the word "cultists" because they are obviously nutters.
Scientology as an organization has a giant stick up its ass in regards to being seen as a "legitimate" religion. Refusing to give them that legitimacy seems to me to be the easiest way to make it clear to everyone that I'm not buying into any of the crazy they're selling. If I were posting a... [more]
posted to MetaFilter by mock
at 5:50 PM on February 11, 2007
I'm not sure the term papist really twists the knife in the way I'd like. Presumably catholics are cool with having a pope (plus his hat is possibly the best hat EVAR). I prefer the term "God Botherer" when I'm making reference to the group psychosis that is christianity. If you think papist would work, I'm happy to switch.
Which brings me to my point. Some groups of people are bothered by being called cultists, others are not. This is a very objective... [more]
posted to MetaFilter by mock
at 6:44 PM on February 11, 2007
Out of curiosity, how many of you people blowing their tops and writing posts laden with insult are atheist?
Not me, I'm a sophist.
posted to MetaFilter by mock
at 4:45 AM on February 12, 2007
MeFi post:
The coming of Jizzus
And if you happen to be in Vancouver, there's a meetup tonight.
posted to MetaFilter by mock
at 4:41 PM on January 31, 2007
I believe his contact details are posted. Maybe you can hire him for your own production.
posted to MetaFilter by mock
at 5:57 PM on January 31, 2007
MeFi post:
Want another ID?
Adam is a really interesting guy, he did an excellent talk at my conference on magstripe security this past spring, and I think we're gonna convince him to talk about his RFIDIOt stuff used in the article in london.
posted to MetaFilter by mock
at 4:15 AM on November 17, 2006
I swear, people see the word encryption, their brain goes into idiot mode, and they start babbling all sorts of bullshit about algorithms and key size and shit.
Ultimately the insecurity of this comes down to the following:
1) You can read the data remotely
2) The key to decrypt that data is not random
What people always forget is that as soon as you allow remote electronic access, sybil attacks become trivial.... [more]
posted to MetaFilter by mock
at 7:27 AM on November 17, 2006
It's an international standard, so presumably the US passports are the same. Fuck, I bet someone could make a mint selling a package that set off a blasting cap when countrycode = USA.
posted to MetaFilter by mock
at 7:43 AM on November 17, 2006
As I was saying idiot mode goes on.
Right then, please read this before making further comments informed only by your own ignorance filtered through the ignorance of a reporter. Don't be afraid to click on some of the links and look at the code and standards documents involved.
Next most awesome use for this - autodetecting trannies/jailbait in the bar.
posted to MetaFilter by mock
at 7:58 AM on November 17, 2006
List of evil things I can do with this:
1) automate cloning passports of people who look like me
2) country code detonatable explosives
3) remote detection of age and sex - awesome for stalking
4) credit checks on customers as soon as they enter the store
4) track people as they walk around - great for police states
5) auto retrieve girls' names... [more]
posted to MetaFilter by mock
at 8:27 AM on November 17, 2006
Just in case there is any doubt about this being remotely brute forceable.
Relevant quote (since I know nobody will actually click the damn link):
"Theoretically, after intercepting the data, the security can be broken on a PC in 2 hours. This way, access is gained to personal details such as the date of birth and the facial image. The flaw is caused by dependencies in the secret key used to protect the data communication. As a... [more]
posted to MetaFilter by mock
at 8:41 AM on November 17, 2006
aberrant: Most americans don't have passports. However the rest of the world doesn't have its head as far up its own ass and occasionally has to travel to other countries. This means carrying a passport. Many countries require you to carry your passport at all times when you visit them, so essentially this is the equivalent of wearing a nice big "I AM A FOREIGNER" armband. Now between this, and the possibility of indefinite stay in sunny Cuba, I'm beginning to think my dear cousins... [more]
posted to MetaFilter by mock
at 9:05 AM on November 17, 2006
cillit bang: I've seen this software demoed by Adam. It work as I described.
posted to MetaFilter by mock
at 9:09 AM on November 17, 2006
MeFi post:
Self Linking Considered Harmful
I'm kidding about the last sentence. IMG tags are probably an issue, and music.metafilter.com could be problematic as well.
posted to MetaFilter by mock
at 2:11 AM on October 22, 2006
The nasty thing about CSRF is that it doesn't have to be this web site that is vulnerable. A 302 redirect in another site, or an RSS feed where users from this site are expected to go (for example, an fpp) can use cached credentials (the cookie) to perform GET requests. Making POST only forms will not save you either, and neither will relying on referer, as thanks to actionscript3 and flash, pretty much the entire browser is spoofable assuming a crossdomain.xml can be put on the site. Which... [more]
posted to MetaFilter by mock
at 4:12 AM on October 22, 2006
Oh, and while I'm on the topic of evil things one could do. By putting an IMG tag in the fpp, and some creative use of 302 redirect headers one could cause every one of MeFi's users to beat some poor server to death with TCP connections. Web servers are usually resistant to this, but mail, ssh, and dns will fall over with just a few thousand simultaneous TCP connections.
posted to MetaFilter by mock
at 4:19 AM on October 22, 2006
It depends. Since it's being done by your browser, if you have your outbound firewall set to ignore stuff done by the browser process, then it should be ignored. If, on the other hand, you're watching for any network activity to ports other than 80, you might notice my above evil DDoS. However most of the time, it's just going to be yet more GET and POST traffic, which unless you make a point of watching every http connection, you probably won't.
BTW, it appears that... [more]
posted to MetaFilter by mock
at 5:22 AM on October 22, 2006
Just so folks know, the reason why music.metafilter.com might have a problem is because it allows uploading of files. It turns out that almost anything that allows uploaded files can be used as a crossdomain.xml file. For example, here's a version in a gif. This becomes a real problem for two reasons. 1) you can do anything that the browser does in actionscript, which makes nonces essentially broken, 2) Adobe added a binary socket operation to actionscript3 which means you can use flash to... [more]
posted to MetaFilter by mock
at 1:15 PM on October 22, 2006
Hmmm in retrospect, I should have given this a 'crossdomain.xml' tag. Too bad adding tags seems to be broken right now
posted to MetaFilter by mock
at 2:24 PM on October 22, 2006
Nevermind, that's probably not too safe.
posted to MetaFilter by mock
at 2:31 PM on October 22, 2006
You need to make sure that all credentials are cleared. Which means cookies and basic auth (and any client certs). 99% of most websites will let you log off, clearing the cookie's session, and if you also clear cache and history (or just close the browser and reopen) you should be fine. Sometimes a site will cache your credentials in a cookie permanently (save my login and password). In this case you need to delete the cookie yourself to be safe.
posted to MetaFilter by mock
at 3:49 PM on October 22, 2006
Also, you might want to look into noscript if you're using firefox. It will make you specifically request that malicious javascript and flash run in your browser.
posted to MetaFilter by mock
at 3:59 PM on October 22, 2006
Martin Johns, who will be speaking at pacsec (disclosure, I am a pacsec organizer) in about a month, has a paper on some mitigation techniques for CSRF on the client side which may prove useful.
posted to MetaFilter by mock
at 6:20 PM on October 22, 2006
MeFi post:
No, not because of civil liberties and protecting the pedophiles.
This was funnier when Aempire did it. Assuming you care enough to unzip the linked files, eventually you will find reference to a bit of software he came up with - 'The HoeAssassin.' Essentially the idea was to figure out who on myspace had slept with him, and who refused, and then train spamassassin to find profiles like the ones in his 'slept with' category. Finding pedos is boring, but find chicks who are likely to put out, now that's useful datamining.... [more]
posted to MetaFilter by mock
at 3:49 PM on October 16, 2006
