Skip navigation
Help

HTTP

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

An anonymous reader writes "There is a growing interest in who tracks us, and many folks are restricting the use of web cookies and Flash to cut down how advertisers (and others) can track them. Those things are fine as far as they go, but some sites are using the ETag header as an identifier: Attentive readers might have noticed already how you can use this to track people: the browser sends the information back to the server that it previously received (the ETag). That sounds an awful lot like cookies, doesn't it? The server can simply give each browser an unique ETag, and when they connect again it can look it up in its database. Neither JavaScript, nor any other plugin, has to be enabled for this to work either, and changing your IP is useless as well. The only usable workaround seems to be clearing one's cache, or using private browsing with HTTPS on sites where you don't want to be tracked. The Firefox add-on SecretAgent also does ETag overwriting."

0
Your rating: None

Werwin15

Researchers have devised two new attacks on the Transport Layer Security and Secure Sockets Layer protocols, the widely used encryption schemes used to secure e-commerce transactions and other sensitive traffic on the Internet.

The pair of exploits—one presented at the just-convened 20th International Workshop on Fast Software Encryption and the other scheduled to be unveiled on Thursday at the Black Hat security conference in Amsterdam—don't pose an immediate threat to the millions of people who rely on the Web-encryption standards. Still, they're part of a growing constellation of attacks with names including BEAST, CRIME, and Lucky 13 that allow determined hackers to silently decrypt protected browser cookies used to log in to websites. Together, they underscore the fragility of the aging standards as they face an arsenal of increasingly sophisticated exploits.

"It illustrates how serious this is that there are so many attacks going on involving a protocol that's been around for years and that's so widely trusted and used," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, told Ars. "The fact that you now have CRIME, BEAST, Lucky 13, and these new two attacks within the same week really illustrates what a problem we're facing."

Read 14 remaining paragraphs | Comments

0
Your rating: None

How to create a global brain in only a few lines of code

This is where my research was going years ago and I found so many interesting things that I forgot that's why I was doing it. Here's the summary of the plan:

User Interface can be anything which is statistically balanced and has continuous input and output of at least 1 dimension between each person and their computer. A simple example is the speed they are moving the mouse, if its increasing or decreasing at the time, and an output could be some music which is playing becomes a little slower or faster at the time. It could be more complex things like realtime video, evolved audio, Nintendo Wii controllers, Kinect, Emotiv Epoc or OpenEEG mind reading game controllers, or many other things. The User Interface is a stream of vectors in and vectors out, of at least 1 dimension, through any devices. If there is any audio or video, that is part of the User Interface. The core idea is a kind of math and is calculated independently of any game content which players create while in the game.

N people play the game at once, streaming data to eachother's computer through the Internet as it was all 1 system with many inputs and outputs as paths of information flow between the players.

The output to each player is a prediction of the next input of that player. The player must hear/see/experience the output in some way so it affects their state of mind.

The combined inputs of all players are used to predict the combined outputs of all players. This can be done many ways. A bayesian network should work well for this since it calculates using the math of conditional-probability and scales up efficiently.

Here's what makes it work extremely more than the intelligence of the AI or any 1 player:
Since the bayesian network calculates relevance of inputs and outputs to its prediction accuracy, whichever inputs of other people are most useful (combined in some statistical way) to predict the next few inputs of this local person, will gradually be given more influence here, and because of that this local person, who "must hear/see/experience the output in some way", will tend to become more statistically relevant for the AI to use their inputs to predict the other peoples' next few inputs, and the feedback loop is complete and amplifies peoples' ability to play the game in a way that helps the AI use people to predict other people.

In this feedback loop of N people, without needing conscious knowledge or intent of it, people will unavoidably be influenced toward flowing their thoughts together because the set of all possibilities where that does not happen is partially cancelled-out by the bayesian network.

Depnding on the accuracy of whatever kind of AI does these predictions and is the "glue code" for networking our minds together, and how skilled people become at the game, a superintelligence is somewhere along this research path and it will be made of the minds of billions of people and computers flowing thoughts together at the subconscious psychology level.

This is the simplest way to build a superintelligence. My research years ago took a different direction in finding User Interfaces, like Audivolv, BayesianCortex, and Physicsmata (all open source), and now I have a good idea of how to put it all together. We can proceed with these experiments toward thinking more like a global brain.

Does anyone have idea on what kind of game it should be? The research path leaves many possibilities.

0
Your rating: None

Image: HolySkittles/Flickr.

The Electronic Frontier Foundation (EFF) has released version 3.0 of its HTTPS Everywhere browser plugin, which will automatically redirect you to secure, HTTPS connections. HTTPS Everywhere 3.0 adds support for 1,500 more websites, twice as many as previous releases.

Firefox users can install HTTPS Everywhere directly from the EFF site. There’s also an alpha release available for Google’s Chrome web browser. Unfortunately, limited add-on APIs mean that HTTPS Everywhere isn’t available for other web browsers.

Once it’s installed, the HTTPS Everywhere extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the thousands of sites HTTPS Everywhere supports.

Why all the fuss about HTTPS? Well, every time you log in to a website through a plain HTTP connection, you expose your data to the world. It’s a bit like writing your username and password on a postcard and dropping it in the mailbox. Think of an HTTPS connection as an envelope to protect your postcard from prying eyes.

The problem gets a bit more complicated than just HTTPS though. Most sites already use HTTPS to handle your login info — that’s a good first step — but once you’re logged in sites often revert back to using an insecure HTTP connection.

So why doesn’t the entire web use HTTPS all the time? The answer is slightly complicated, but the primary reason is speed. HTTPS can’t be cached on CDN networks, which means pages may load slightly slower than they would over standard, insecure connections. For smaller sites the added costs involved with HTTPS certificates make HTTPS more expensive. However neither of those stumbling blocks have stopped Google, Facebook, Twitter, Wikipedia or the thousands of other sites large and small that now offer HTTPS connections.

The EFF is still a long way from its long term goal of encrypting the entire web, but with more sites supporting HTTPS connections every day the web is slowly but surely getting more secure.

0
Your rating: None

Sometime between 1498-1500, Leonardo da Vinci invented the ball bearing via detailed drawings of how it would work. It was round about the time he was working on his famous helicopter sketches (most possibly inspired by nature i.e. wind dispersal seeds or helicopter whirlybird seeds). He must have reasoned that the propeller was going to need to spin really, really fast.

He can be forgiven for not being a very good mathematician; in fact his maths was so far off on the weight-to-lift ratio, that had he known and understood the numbers involved - he probably would have never bothered with his designs.

But he understood something would have to allow the propeller to turn extremely fast without too much fiction. And so he invented the ball bearing; providing detailed drawings of how a low coefficient of resistance would work. Pure genius; I believe this to be one of the greatest inventions, and without it there would have been no industrial revolution.

A ball bearing uses balls, rollers and a lubricating substance, to significantly reduce friction and maintain separation between surfacers. As a ball turns it has a much lower coefficient of friction (drag or resistance) than two flat surfaces moving plainly against each other. The purpose of a ball bearing is to reduce the surface area and rotational friction, while efficiently supporting a load (for example: a hub, axial or shaft). The science of lubrication is complicated but basically; a lubricate thats works is a lubricate that sees to it that the two surfaces never physically touch without the microscopic amount of lubricant.

Leonardo da Vinci is revered as a genius and luminary, even though he was very unsuccessful at anything other than his painting. Almost all of his inventions where completely impractical. His flying machines never even came close to lifting off the ground, most where in fact never even made - only conceptualised. He was quiet possibly the most impracticable man to have ever lived.

0
Your rating: None

From David Dahl's weblog: "Good news! With a lot of hard work – I want to tip my hat to Ryan Sleevi at Google – the W3C Web Crypto API First Public Working Draft has been published.
If you have an interest in cryptography or DOM APIs and especially an interest in crypto-in-the-DOM, please read the draft and forward any commentary to the comments mailing list: public-webcrypto-comments@w3.org"

This should be helpful in implementing the Cryptocat vision. Features include a secure random number generator, key generation and management primitives, and cipher primitives. The use cases section suggests multi-factor auth, protected document exchange, and secure (from the) cloud storage: "When storing data with remote service providers, users may wish to protect the confidentiality of their documents and data prior to uploading them. The Web Cryptography API allows an application to have a user select a private or secret key, to either derive encryption keys from the selected key or to directly encrypt documents using this key, and then to upload the transformed/encrypted data to the service provider using existing APIs."

Update: 09/19 00:01 GMT by U L : daviddahl commented: "I have built a working extension that provides 'window.mozCrypto', which does SHA2 hash, RSA keygen, public key crypto and RSA signature/verification, see: https://addons.mozilla.org/en-US/firefox/addon/domcrypt/ and source: https://github.com/daviddahl/domcrypt I plan on updating the extension once the Draft is more settled (after a first round of commentary & iteration)"


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None