What is it with new Hollywood movies re-using the scores/themes from movies that are only a decade old?
Take Babylon AD. It uses the violin score from "Requiem for a Dream."
And The Watchmen is even more blatant. They are using Smashing Pumpkins "The Beginning is the End is the Beginning" which is off the Batman and Robin soundtrack and is a reworking of the theme song from that movie.
Don't get me wrong, I always enjoyed "The Beginning is the End..." more so than "The End is the Beginning..." but come one Hollywood, lets get original!
The only thing more painful than reading a new org chart of people 2+ levels above you, is having to attend a meeting where someone reads this org chart to you.
I read part of Kissinger's seminal work Diplomacy in college. I've been reading it recently because his freakishly dense vocabulary and odd sentence structure can really help put you to sleep, especially the parts about 16th century European military alliances. The book get much better and loses its sleep-inducing properties once it hits the Cold War, but even if the topic is interesting, Kissinger remains dry and sterile.
And so I almost missed this gem when reading tonight. Behold from chapter 28, page 708:
The assurance that America would keep its commitments was boilerplate; like professions of chastity, it has limited plausibility since its abandonment is unlikely to be announced before the event.
Freaking awesome. Henry Kissinger embedded a sexual analogy in the middle of discussing the difficulties of leaving Vietnam. How funny and inappropriate all at the same time.
I learned something new today when I took my '08 Camry Hybrid for an 5000 mile oil change. Because hybrids use regenerative braking there is a lot less wear and tear on your brake pads. Toyota recommends replacing brake pads on a stock '08 Camry every 30,000 miles. The service rep told me they are replacing brake pads on the hybrids at 60,000 - 80,000 miles.
: When websites use HTTP I can passively monitor network traffic and see your cookies. That's just Bretarded
Surf Jacking: If developers designed an SSL site poorly, by a HIJACKING A LOWER NETWORK LAYER I can actively force your browser to reveal its cookies, even if your are using SSL. Pretty cool, but limited.
So there is a design flaw in HTTP state management that some folks might not know about: Developers, not the protocol, make the decision about whether cookies should be served over both secure and insecure connections. And as we know developers typically choose poorly when it comes to security.
Crux of paper: If I hijack a lower network layer I inject HTTP responses to non-SSL requests that force the browser to send its cookies for a site over a non-SSL connection, where anyone (read me) monitoring the traffic can see the session ID.
And thats the problem. If you can hijack network sessions HTTP cookie theft is a fairly tame thing to do. For example, just MITM a victim when they first try to connect to the secure site. 99.5% of users ignore broken SSL certs anyway. And this works against site's with rotating session ids where surf jacking would not.
In short, nifty trick, but high barriers that, if passable, let you do way worse things then what this paper describes.
Forget 1 hook. Forget 2 hooks. Forget the "hooks in the front" which comes out of left field to make you look silly. Now its all about the Rubik's cube clasp.
Dyson: Hello Dyson Vacuum Support Billy: Yes, I have a DC14 Animal. The brush bar isn't moving when it's set to 'Bare Floor.'" Dyson: That would be correct sir. It only engages when set to 'Carpet.'" Billy: ... ... well ok then.