| |
|
Acidus and The Absurdity of Cookie Storage |
|
|
|---|
| Topic: Society |
10:37 pm EDT, Jun 6, 2007 |
This is brilliant. Read on: The follow is an excerpt from the upcoming Ajax Security book. It discusses a downside of using HTTP cookies as a persistent client-side storage system: they get appended to every appropriate HTTP request. To illustrate this more clearly, think of cookie storage like having to remember an errand to do after work by shouting it at the end of every sentence you say. It would sound something like this: Bryan: Hello Billy, what’s Shaking? Billy: Hey Bryan. Just finishing this chapter on offline Ajax. Pick up Red Bull On the Way Home! Bryan: ... ... Uhhhhh, Ok. Why are you shouting that at me instead of writing it down? Billy: Because I choose a poor client-side storage methodology. Pick up Red Bull On The Way Home! Bryan: ... ... Ok, this is just weird. I’m leaving. Billy: You should be glad I can only store 4K of data this way. Pick Up Red Bull On The Way Home!
Thats right, No silly appendices full of ASCII tables and RFCs. We replaced that crap with comedy. Extremely poor comedy :-) All writing and no play makes billy a dulllllllllllllllllllll boyyyyyyyyyyyyyyyyyyyyyyy. [sleeps]
I would be shouting something about cigarettes or coffee probably. Acidus and The Absurdity of Cookie Storage |
|
|
|---|
| Topic: Society |
6:44 pm EST, Jan 18, 2007 |
Edge Designs is an all-women run company that designs interior office space. They had a recent opportunity to do an office project in NYC. The client allowed the women of this company a free hand in all design aspects. The client was a company that was also run by all women execs. The result, well, we all know that men never talk, never look at each other, and never laugh much in the restroom. The men's room is a serious and quiet place, but now, with the addition of one mural on the wall......lets just say the men's restroom is a place of laughter and smiles.
Men's Room Mural |
|
Christopher Soghoian is no longer under investigation |
|
|
|---|
| Topic: Society |
8:12 am EST, Nov 29, 2006 |
The short version of things, is that they've stopped the investigation, due to a lack of evidence of criminal intent on my part. They've given me back my passports, my computers, and I'll be getting the rest of my stuff back shortly. Essentially, I'm a free man - with no charges filed.
This story has a happy ending. Well, mostly happy. There are still major problems with airport security. Click through for the full story. This quote from Chris in Wired 's coverage strikes a common meme: "The message it sends to the community is that if you do security research, someday the FBI will come knock on your door."
Brian Krebs at the Washington Post's Security Fix blog is also covering Chris Soghoian breaking his silence. Christopher Soghoian is no longer under investigation |
|
Schneier on Security: Forge Your Own Boarding Pass |
|
|
|---|
| Topic: Society |
3:49 am EST, Nov 3, 2006 |
Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don't think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who describes it is ignored? Or, even worse, the organization that causes it is ignored? Why are we shooting the messenger instead of discussing the problem? The way to fix it is equally obvious: Verify the accuracy of the boarding passes at the security checkpoints. If passengers had to scan their boarding passes as they went through screening, the computer could verify that the boarding pass already matched to the photo ID also matched the data in the computer. Close the authentication triangle and the vulnerability disappears. The problem is real, and the Department of Homeland Security and TSA should either fix the security or scrap the system. What we've got now is the worst security system of all: one that annoys everyone who is innocent while failing to catch the guilty.
Bruce Schneier has chimed in on TSAGATE. This essay can be found on his weblog or published in Wired. The message coming out of the security community seems to unanimously contain the same basic ideas: The TSA needs to fix the problem and not shoot the messenger. Schneier on Security: Forge Your Own Boarding Pass |
|
George Orwell: Notes on Nationalism |
|
|
|---|
| Topic: Society |
6:39 pm EDT, Aug 3, 2004 |
] By "nationalism" I mean first of all the habit of
] assuming that human beings can be classified like insects
] and that whole blocks of millions or tens of millions of
] people can be confidently labelled "good" or "bad." But
] secondly -- and this is much more important -- I mean the
] habit of identifying oneself with a single nation or
] other unit, placing it beyond good and evil and
] recognizing no other duty than that of advancing its
] interests. Nationalism is not to be confused with
] patriotism. Both words are normally used in so vague a
] way that any definition is liable to be challenged, but
] one must draw a distinction between them, since two
] different and even opposing ideas are involved. By
] "patriotism" I mean devotion to a particular place and a
] particular way of life, which one believes to be the best
] in the world but has no wish to force on other people.
] Patriotism is of its nature defensive, both militarily
] and culturally. Nationalism, on the other hand, is
] inseperable from the desire for power. The abiding
] purpose of every nationalist is to secure more power and
] more prestige, not for himself but for the nation or
] other unit in which he has chosen to sink his own
] individuality George Orwell: Notes on Nationalism |
|
The Hello World Project 2/3 |
|
|
|---|
| Topic: Society |
10:20 am EST, Dec 10, 2003 |
the geneva laser is on right now and the Rio and New York ones open in an hour (it's 3:20 pm est)... SMS the world, or use the link to send one online. The Hello World Project 2/3 |
|
