Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - aldra

Pages: [1]
1
Technophiliacs & Technophiles / Novel Website Access Control
« on: November 20, 2014, 02:59:47 AM »
I'm currently writing up a small security module to keep people out of my web apps, and I've been thinking about unusual ways of doing so.

For example, there's basic stuff like ip filtering or the password screen, which can be hardcoded, saved/hashed in database, processed via ldap etc, but that's boring.

I've been playing around with the idea of using custom HTTP headers to authenticate - for example, you can only view secret.php if you have the HTTP header 'x-secret-allowed YES'.

Another example would be captchas - captchas are boring, but I've seen a few interesting takes on it like randomly loading pictures from the RSPCA website and saying SELECT THE CAT!


anyway, I'll post source soon, anyone got other interesting ideas? They don't need to be super secure.

3
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/26/the-phone-of-choice-for-the-pedophile/

actual police quote on Apple/Google's new default device encryption standards. Outstanding.

Better article on the matter:

https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html

basically Google is enabling local encryption options by default in Android, and Apple is doing the same in iOS, along with disabling their previous remote data retrieval tools... likely to shed themselves of responsibility if more accounts/devices are tampered with like the celebrity iCloud dump.

I understand this is a little late and not all that consequential, considering most people who feel they need to have their devices encrypted anyway, but I can't get over the ridiculousness of that quote.

4
I don't know why. I don't even remember writing most of this last week; my friend forwarded it to me today and asked if I'd received a response (no) and whether I was on drugs when I wrote it (most likely).

Quote
That's excellent news!

Having read my CV, I imagine I don't need to tell you that I was previously Chief Semen Collector at Taronga Zoo, and as such an integral part of the artificial insemination/endangered species reproduction program. I worked diligently for four years, feeling that I was serving a truly noble cause, and every day arrived with a smile on my face, purpose in my heart and vaseline in the fist of my shoulder-length glove. You may be wondering why I'm recalling this - one fateful day, the constant exposure to animal fluids and genitalia hit me like a freight train. I was collecting a semen sample from an elephant when it happened; I simply blacked out and woke up in hospital shortly after.

I had apparently screamed "no more!" and punched the elephant on the tip of his penis. The enraged elephant reared up and stomped me, crushing my left shoulder before my associates could help distract the elephant and drag me away.

The reason I bring this terrifying anecdote up is thus: you haven't specified the specific nature of this role. Before committing, I need further information:

1. Does it involve animal genitalia? I've been diagnosed with post-traumatic stress and have been prescribed amphetamine and zolpidem to manage it. Even with the medication, though, I can't guarantee seeing an animal penis will not trigger my psychosis, even if it is just a framed photo on the wall.
2. Does it involve arm strength? My right arm is adequately strong for most manual labour, but my smashed left shoulder will never fully recover and as such, the weight I can carry with it is very limited.
3. Due to my medication, I can become highly unpredictable at night - sort of like a vampire, but insane. I once went to sleep in my bed and woke up in a bathtub full of orange juice. I have discussed this with my doctor, and he tells me it's a known side effect and completely normal.

Thank you! I look forward to hearing more about this exciting employment opportunity.


________________________________________
From: spammer
Sent: Friday, 3 October 2014 6:53 AM
To: me
Subject: response

Good day!

We considered your CV to be very attractive and we thought the vacant position in our company could be interesting for you.

Our firm specializes in consultation services in the matter of book-keeping and business administration.
We cooperate with different countries and currently we have many clients in Australia.
Due to this fact, we need to increase the number of our destination representatives' regular staff.

In their duties will be included the document and payment control of our clients.
Part-time and full-time employment are both currently important.
We offer a flat wage from $500 up to $3500 per month.

If you are interested in our offer, mail to us your answer on <email address> and we will send you an extensive information as soon as possible.

Respectively submitted
Personnel department


5
Help & Suggestions / Disable Auto-Email on Subscribed Thread Activity
« on: October 01, 2014, 02:34:30 AM »
Not disable it entirely, just by default.

I've personally been rather lazy and just now got around to disabling it and clearing notifications from my email, and I imagine I'm not the only one.

This is not really a complaint per se; like I said it was my own laziness that let it go on so long - but I imagine the majority of users with it switched on don't even use the feature, and that volume of mailouts adds unnecessary load to the server.

6
Network (in)Security / Novel Encrypted OS Ideas
« on: September 19, 2014, 04:37:07 AM »
I haven't bothered encrypting my OS lately since the only important stuff is stored in encrypted password containers anyway, but I was thinking of setting it up again just because.

Anyway, I started by reading this article: http://madduck.net/docs/cryptdisk/ - a basic tutorial on setting up dm-crypt/LUKS to boot Debian and preload multiple encrypted volumes by way of a stored keychain. All well and good, but something I found interesting was near the bottom, it indicated you could save the bootloader to a USB device and boot from there, so there'd be no clear /boot partition on the drive. I'd find it rather useful to have the bootloader on a mini USB stick so the system simply would not boot (even to ask for a key) if it was removed - but taking it a step further, we could potentially load the bootstrap via PXE, meaning that the bootloader could be housed on a networked device so it'd only boot if it was connected.

the actual interesting part - Coreboot (http://www.coreboot.org) writes open source BIOS, and includes a module (with very limited support) that allows you to boot PXE over a WLAN connection. Ideally what I'd want to do is create an encrypted DM/LUKS system and save the bootloader as a PXE image - move the PXE image to your phone handset, set it up as a PXE host (ie. https://play.google.com/store/apps/details?id=com.bukerservebeer.bukerpxelite&hl=en), set a boot script on Coreboot to boot from your set APN and path... if all goe to plan, your computer will only ever boot when your phone is nearby with wireless switched on. Because it's the bootloader, you can turn wireless off once the system has started and will only need to turn it back on again if you reboot.

7
Help & Suggestions / First Login Always Fails
« on: September 19, 2014, 02:14:08 AM »
Does anyone else get this? If you log in using the box in the upper left, it always fails the first time and takes you to the main login page, which succeeds.

It could just as well be the way my browser is configured, but I haven't had it with other sites and I'm curious if I'm the only one.

8
Help & Suggestions / Disabling Signatures
« on: September 10, 2014, 03:19:22 AM »
Most bbs systems have an option for a user to choose not to display peoples' signatures and/or avatars, but I can't find anything of the sort in profile settings. If it exists, are you guys able to enable the option?

9
laptop speakers tend to be shit, and mine are about the worst available. unfortunately due to size constraints, there's not really a drop-in solution, so I was thinking I'd instead remove them, and use the free space for an inline headphone amp. I could potentially make my own amp (there are plenty of plans around, and components aren't all that expensive), or buy a decent low-end amp/dac like the Fiio E11, strip it and mount it in the case...

unfortunately I might not have enough space for even a custom amp unless I make the pcb a very specific size, but I figured it was an interesting idea. any thoughts?

Pages: [1]