Forgot your password?

Comment: Changes to the protocol? (Score 1) 73

by brokenin2 (#47566823) Attached to: Black Hat Researchers Actively Trying To Deanonymize Tor Users

I wonder how feasible it would be to modify tor, or maybe make a tor version 2 protocol so that the onion layers are determined packet by packet, instead of by the stream.

I'm not all that knowledgeable when it comes to the tor protocol, but it sounds like each stream is bounced off a series of relays.. If you could change that to each packet, or split the stream into a few other streams that took different routes (and let the stream get reassembled from packets from multiple streams at the destination), then it seems like you could make this sort of attack a lot harder..

I'm not sure about people trying to discover the location of the tor hidden service, but it seems like it would help protect the client -> server integrity quite a bit..

Comment: Re:um yea... (Score 2) 488

by brokenin2 (#47562207) Attached to: 35% of American Adults Have Debt 'In Collections'

I haven't had a credit card in over 10 years, and my credit is fantastic. Of course, I've had a couple of car loans, and a home loan... all in good standing and/or paid off, but I never had a credit card when I got any of those loans either, so it certainly wasn't required for good credit.

The only thing I even ponder having a credit card for is for emergency purposes only. I'd consider something with no fees (unless used) for a rainy day backup, but instead of doing that, we've chosen to just have our own rainy day fund.

I am very thankful for the credit card companies though. I don't think that I could heat our home for free without their contribution to our junk mail pile. The rest of the junk mail on it's own just wouldn't be enough..

Comment: Past due not reported by companies (Score 5, Insightful) 488

by brokenin2 (#47561721) Attached to: 35% of American Adults Have Debt 'In Collections'

One reason that I'm sure is a factor in the difference, is that companies are less inclined to bother reporting the "past due" status. It's overhead for them to do it, and there's not really any benefit, but when someone hits the collections threshold, they'll go ahead and take the time to report it.

Comment: Re:PHP is a very solid choice (Score 1) 536

He was asking about languages and frameworks and developing their web application for the future.

If they're redeveloping from scratch in order to future proof things, it's unlikely that they're going to be wanting to produce the exact same HTML that they always have. A framework to help you develop better HTML easier is something they should be considering at the same time.

It would really suck to rebuild your application, get to the end, and then decide it's time to make it more mobile friendly, at which point they realize they have to do another redesign because they didn't think about how their user interfaces were going to break down.

If they need to ask which server side language they should use, then they almost certainly need to have these things pointed out to them as well. If it turns out that they didn't need any of that pointed out to them, then they can easily disregard the extra information.

Comment: Re:PHP is a very solid choice (Score 1) 536

Globals have been disabled by default in PHP for a very long time.

"register globals" which allowed post and get parameters to be automatically registered in the global scope was defaulted off a long time ago, and in newer versions of php (5.4+) is not even an option any more. This is historically the feature that got a lot of bad programmers in trouble.

Almost every language has a way for functions to access global scope variables, and PHP is not exception, but to do so now, you have to specify exactly what you're going to access by doing it through _GLOBALS or by calling "global " inside your function.

The default scope for variables is to have no globals, and to direct you toward a more OO programming style. You can still shoot yourself in the foot, just like every other programming language, but you have to at least try a little to do it.

Comment: PHP is a very solid choice (Score 1) 536

PHP of old used to make it very easy to write applications with large security holes, but newer versions do a much better job of preventing developer's tendancies to shoot themselves in the foot.

I think it will be a very viable choice for web applications for the next 10 years or more.

There are a number of frameworks written in PHP that are pretty good as well. For my current project though, I've chosen to write a framework that is geared toward exactly what that project needed. I did choose to use an HTML framework to aid in the UI creation and standardization. For my project I chose "Foundation", but there are a lot of other good ones as well.. If your application has a requirement of being mobile device friendly (is there anything that doesn't?) then I would highly recommend a 12 column HTML framework.. If you don't know why a 12 column framework is the way to go, Google it, there are plenty of write ups.

Comment: Same thing happened to a school near me (Score 1) 564

About two years ago, a community college near me had the exact same thing happen. I don't know the excruciating details, but the basics were the same SCCM wiped out all of the servers that it was used to manage..

I didn't work for the college then (I do now), but I did know a few people that did at the time. The person that triggered it is still there. From what I understand what he was doing and the way he went about it, although in hindsight was dangerous, wasn't a really reckless thing.

Our campus is less than 30 minutes drive to Microsoft's main campus, and there was a lot of pressure for us to use their systems. I think the college paid the price for caving to that pressure. Sure, there are other factors involved here as well... A careless employee, an unintuitive result from an interface/script, poor safety mechanisms in both policy and the product, poor design by both the vendor and the college..

From what I understand, one of the most devastating aspects when it came to recovery, was that the server that held backups (Microsoft's data protection manager of course) was wiped out as well.. I think in this particular incident, only system drives were annihilated, so if a server had a "D" drive or other volumes, it was still there, it was just a useless lump sitting on a server with no OS for a while at first.

Having never heard a similar story with any other software product, I'm left believing that SCCM and it's deficiencies are at least partially to blame, and given what I know about the person that caused it here, I'd say that it's a pretty respectable bit of the blame that should be left on SCCM.

Someone realized pretty quickly what was going on (not the person that caused it), and pulled the plug on the process somehow or our college would have been even more devastated. As it stood, it was still pretty bad.. Probably only about 25% of the full destructive power of the mess as averted.

Comment: Re:Is Access actually better for them anyways? (Score 1) 281

Google docs will let you connect multiple people to the same spreadsheet at the same time..

It works pretty well too... as long as the slightly chaotic editing that this creates is OK (like you don't need multi-cell/multi-sheet locking to keep people out of each other's business)..

Comment: Re:Commodore Amiga 3000T (Score 4, Interesting) 702

by brokenin2 (#46789575) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

I used to work there (on that line for a while), and one of the jobs was to beat them up a bit before they went out the door, just to make sure they could take it.. (We were careful not to scuff them up, but did need to subject them to a couple of impacts in each direction as part of the final testing).

Note, when he took it apart in the video, he very likely *did* make it go out of spec at that point.. It's normally just the high voltage that goes out of spec, but would normally only mean that you got a reading of 1007 VAC instead of 1000 VAC.. Still somewhat close..

He should send it back for recalibration after his adventure..

Comment: Re:Lost coins (Score 3, Informative) 390

by brokenin2 (#46422571) Attached to: Bitcoin Inventor Satoshi Nakamoto Outed By Newsweek

about 100,000 individual someones, each of whom mined (on average) 10 or so coins?

OK, first, you *can not* mine 10 or so bitcoins. There were no mining pools at first, and that is the only way people mine fewer coins.. And that's not really even correct.. Mining pools mine 25 bitcoins these days, and then share them with their members.. What we're talking about is directly mining coins here, which got mine 50 coins at a time for the first four years or so.

Also, IIRC, most of these coins are held by just a few addresses, not spread among 100,000. The entire population of the bitcoin community was probably less than a few thousand people during the first year.. During the first months it was more like 20 or 30.... maybe less..

Never test for an error condition you don't know how to handle. -- Steinbach