Couldn't this have affected people in the UK wanting to reach sites hosted in the middle east? The internet works both ways, you know!
mendel
@mendel
Best posts made by mendel
-
RE: Offline Feedback Form
Latest posts made by mendel
-
RE: Zebra stripes evolved
One would assume that if the CMS is homegrown that whatever creates the list can add class="odd" or class="even" to those tags.
And the subject might be a misnomer, because it wouldn't generate zebra stripes unless the indents were strictly alternating, like this:
- light
- dark
- light
- dark
or like this
- light
- dark
- light
- dark
If it was a straight list, and a greenbar-like striping had been intended, and if you did not have control over the HTML generation, you could use CSS2 with an "adjacent sibling" + selector, such as
li.topic, li.topic + li.topic + li.topic { background: #546A94; }
li.topic + li.topic, li.topic + li.topic + li.topic + li.topic { background: #558; }
CSS specificity rules should ensure that the line with the most matching li.topic in it (i.e the one that fits best) is used for display. The advantage over a scripted solution is that it works even when scriptingis turned off in the browser (but would the CMS work at all then?).
-
RE: User Oblivion
And you complain when people take you seriously when you speak in jest? ;-)
-
RE: User Oblivion
Look up "PC Speaker Driver". I'm not sure if Microsoft updated it for this millenium, but it used to be possible on Windows (and indeed I installed this driver for Windows 3.1 once) and, as far as I can gather, is still possible for Linux etc. Said driver plays wave audio through the PC speaker; the results are not great, but sufficient for speech.
However, I have no clue how the 403 page would install this driver ...
-
RE: User Oblivion
"If the problem persists, call IT at 7456." Have that setup for an automated message that repeats what you wrote, giving your real phone number. MIght just work because it saves the usershaving to look up your phone number, which means they might just read that part. ;-) Unless, of course, they have IT on speed-dial.
-
RE: Random Stupidity
@swordfishBob said:
@Aaron said:
If it's not possible for an outside observer to predict the next number in the sequence simply by studying the past numbers, then it's random enough for just about any practical purpose.
Do you mean a specific outside observer, or a random outside observer? Or how random should the outside observer be?Well, obviously you need to do a test run with a ROG. The ROG output should be uniformly distributed across all possible birthdates, gaussian with regard to IQ and statistically representative regarding education. You offer each random observer a prize (one cool million dollars should suffice) for predicting the next number in the sequence. This is called the Monte Carlo method. If you can predict which random observer is going to win the price obviously your ROG is flawed. (That's the case in James Bond movies). If you can prove that no RO will win the price, you might think that then of course the ROG would not be needed; but philosophically you have merely substituted the ROG test run with a test of one nonrandom observer, namely yourself; and since you didn't get one cool million for your effort, your result is going to be seriously in doubt. Some people think that India is stepping up its RO output, with its population growing at twice the rate of the US and most European countries, taking the lead in ROG technology; however, looking at the figures, Liberia's RO output seems even higher, leading outside observers to speculate that terrorists are preparing an attack on Western RNGs from Liberian soil. The UN should immediately send inspectors to Liberia to determine if WMOs are being produced in that country, and destroy any Weapons of Mass Observation it can find, preferably by blowing them sky-high.
This random post was brought to you by RANDOM: Republicans Against National Defense Observation Mathematics.
-
RE: Random Stupidity
@pscs said:
@mendel said:
Using the system time as random seed (...) For security, this is worse than a 4-letter password.
That's why he said you'd only use that for something that didn't have to be secure. Please read what he said.Aaron mentioned fudge-factoring, and I honestly can't say (even after looking up "fudge-factor" and "fudge-factoring" - it doesn't help that this thread is the second google result for that) that I understand exactly what he means by that. The system time "solution" only works when you need a different random number run each time your program is run and you're 100% certain there exists no step two in the sequence of
- determine/predict random number sequence
- ????
- Profit!
-
RE: Random Stupidity
@MarcB said:
That's why it's listed as a "fudge-factor" in the choices. If you're dealing with a system/process where there is "an attacker", malicious or not, then you use the crypto library option as the only possible choice.
I had mentioned Hot Bits earlier. Where does the crypto library get its seed from?
@MarcB said:
@mendel said:
an attacker only has to try at most 8 million possibilities before he finds the correct sequence. For security, this is worse than a 4-letter password.
bzzt. 4-letter password loses, by ever so slight a margin, if you're allowing mixed-case passwords. 52**4 = 7,311,616. Close, but not quite 1:8,000,000I was allowing numbers as well, and some symbols people like to use (maybe - and .) for an even 64, which nets me 16M. It's a seat-of-pants estimate anyway (as if being less secure than a 5-letter password was better....), given that often you can determine the system time closer than that and that I don't really know how long a clock tick is.
For your continued entertainment, one could derive a random seed from the Time Stamp Counter. (Virtualdub.org : "The time stamp counter is a 64-bit counter that was added to most x86 CPUs starting around the Pentium era, and which counts up at the clock rate of the CPU. The TSC is generally readable via the RDTSC instruction from user mode, making it the fastest, easiest, and most precise time base available on modern machine.") Assuming that the TSC counts at 2 GHz and also assuming that many users start the program within 20 minutes of booting their computer, we're getting 7-letter-password security here (41 bit or thereabouts).
If you do this on a server, it's uptime becomes a security-critical piece of data....
-
RE: Random Stupidity
Sorry to revive this thread, but here's a nice WTF:
@Aaron said:
Why do you need a "true" RNG?
- For encryption? Any decent crypto library can give you cryptographically secure randomness.
- For statistical simulations? No need, the pseudo-random sequences will give the same distribution as "true" randomness, that's the whole point.
- For fudge-factoring? Using the system time as your random seed is fine for this.Have you spotted the WTF?
Using the system time as random seed means that if you know the day the random generator was run and the system time is accurate to 1/100 of a second, an attacker only has to try at most 8 million possibilities before he finds the correct sequence. For security, this is worse than a 4-letter password.
-
RE: Zune Marketing
@Outlaw Programmer said:
I get the sharing thing...but...why the penis "metaphore?"
RIAA sponsored subtext: sharing files is like sharing STDs, you might catch a virus thorugh sharing if you're not careful, even though the experience is joyful.