Comments for It Is A Mystery...

Comment on Quantifying cwm Variables… by Henry Story

Henry Story — Thu, 03 Dec 2009 18:18:58 +0000

Hi, your N3 code has shows a lot of smileys in my browser (Firefox 3.5).
Happy code, but perhaps that was not your intention.

Comment on Plenty of Things to Discuss… by kidalana

kidalana — Mon, 03 Nov 2008 23:42:57 +0000

Emiri Kimidori; if you didn’t learn by now.

Comment on Issues with a FOAF-based Authentication System by Henry Story

Henry Story — Sat, 06 Sep 2008 06:18:33 +0000

Find me a protocol that is not open to user stupidity? Have you ever tried to doing internet transactions? They ask you for the number on a credit card. Something the credit vendor could then just reuse and make a sale elsewhere… So my point is that in so far as your problem is real, it applies to all protocols.

Comment on Issues with a FOAF-based Authentication System by Pipian

Pipian — Fri, 05 Sep 2008 21:53:12 +0000

You’re absolutely right that this is a social problem, but many individuals may be leaving the keys in the hands of some ‘trustworthy company,’ not unlike how we trust the credit card companies, merchant services, vendors, and banks to all keep the keys locked up tight so that the other four don’t end up losing money due to fraud. The problem isn’t necessarily that users aren’t secure as opposed to not necessarily having the option to BE secure for various reasons (say, LiveJournal users using their FOAF export). Furthermore, unlike the key examples, this isn’t a threat to just the client, but also to the server relying on the correct individual at the other end. If Bob has been granted wide-access on a service by a company, and his web host of choice gets hacked with a zero-day exploit, it may actually put the company at risk as much as Bob, even though Bob took proper precautions.

Granted, a private key can assist this, but the fact remains that FOAF+SSL requires the FOAF file to have the correct signature. Just because Bob uses a USB key doesn’t mean that someone can’t hack the FOAF file to point to their OWN key’s signature, so as to gain access to Bob’s account.

Comment on Issues with a FOAF-based Authentication System by Henry Story

Henry Story — Fri, 05 Sep 2008 18:05:51 +0000

Well of course if you leave the keys to your house under the door mat, anyone can come in and answer your telephone calls. Clearly this is not a problem with the key, this is a problem with how people make use of the key. Similarly if you have an army to protect your country, but they don’t guard the frontier, then people can invade easily. That’s not a problem with the army, but with how they are trained. Similarly in this case. If people don’t protect their passwords giving access to their web server, then that does not say anything about the protocol, just that people are ignorant of security. This problem can’t be solved by changing the protocol therefore, but has to be changed in other ways, either by education, or by making it very difficult for people to loose their information.

You can improve the security of a web server dramatically by only allowing access via SSL, and having SSL get its key from a USB key containing an impossible to remove private key that would encrypt the communication. This costs hardly anything nowadays. If someone looses their key, they would notice it and be able to call the alarm. You can make things more secure still quite easily. It is just a matter for these services to be rolled out. Furthermore that could be the same key your browser uses to encrypt the foaf+ssl connection in that protocol.

In the case of OpenId, which is more complicated, there are more places of failure, and so more ways for things to go wrong. That is a problem for it. But you also have to see how things stand at present, with people giving out their passwords to gmail to facebook in order to export easily their social network. And as far as that goes, openid is already a big improovement.

Comment on Musings from the Apple Store by what

what — Fri, 13 Jun 2008 11:04:58 +0000

PDFS that you read in Safari or download in general?

Comment on Hiding in the Air! by Jo

Jo — Sat, 12 Apr 2008 11:12:37 +0000

Hi! I used to absolutely adore Party Shuffle, listened to it every night, all that good stuff.
I’m wondering if you still have the old podcasts somewhere, as I downloaded them once before and forgot to back up my hard drive before reformatting, which makes me both stupid and Party Shuffle-less.
If you do happen to have them, I’d love to be able to listen to them again.

On a side note, I sent you a David the Gnome drawing (he held a sniper rifle of course) once and it was apparently never delivered. Shall I send another for nostalgia’s sake?

Comment on Super Mario Galaxy: A Review by Pipian

Pipian — Sat, 24 Nov 2007 16:15:40 +0000

One more level. There are 241 stars in the game. And the best powerup in the game is a much needed improvement to the Wing Cap. At least it’s not bound by the level you started flying at

Comment on Super Mario Galaxy: A Review by Saki-chan

Saki-chan — Sat, 24 Nov 2007 12:38:31 +0000

You’ve mentioned this “best powerup in the game” twice now and still haven’t said what it is. ^^; What is it? XD

Also, just to make sure I’ve got this straight.. you get to 120 stars and you get to play Luigi, right? And then your stars go back to zero and you do it over again? o.o; In that case, what do you get at 240? ^^;;

Comment on Playing with Lilina… by Pipian

Pipian — Fri, 23 Nov 2007 16:24:27 +0000

Not a problem. I do think it’s closest to the best option I can use right now. I’ve been using it rather casually since I installed it so…