Looks as the the government is going to make it illegal to use caller id spoofing. Isn’t this nice, instead of the phone companies fixing a vulnerability in a system they provide, they get the US government to make it illegal. Thus stopping it from happening.

Read More

Yep thats right, looks like the iPhone won’t be able to use mp3′s as ringtones. Does anyone else find this rather crazy. You will have 4-8gigs of music, but you can’t use any of it a ringtone. I would figure that if the damn phone did one thing good, it would allow you to have any audio file as a ring tone. Engadget has a nice listing of shitty things about the iPhone. Enjoy!

Read More

Confused, yea me too!

Thinking this was hilarious I sent the link to Gomez. This was his response.

“The only thing that one has to be aware of is that the mass of the buttered toast needs to be equal to the mass of the cat. In that case, it’d be just easier to get a dumb cat that can never land on it’s feet and strap the two together… At least that’s how it works out in my head… ”

Then I found this. Yep its a car tent. The homeless should invest in some of these. Then they wouldn’t be homeless.

The other day I was listening to Security Now, a podcast about computer security, and they where talking about OpenID. I have OpenID implemented on this site in case you didn’t know. Anyway, a cool thing about OpenID is since it is open source, you can create your own way to verify yourself. So I can run an OpenID server off my web host, thus I am responsible for my own security and authentication. I like this idea, but one thing I don’t like is that most OpenID server simple use the standard user name and password for verification. This kind of sucks if my credentials get compromised, as this would open up every site I use OpenID on.

Idea for Verification
I got to thinking about this and how it can be improved. First I would only use the user name and password as a way of telling the OpenID server to start its verification processes. The next step would be to have the server use a key located somewhere to authenticate the user. This key would have to be created new after a certain amount of time. Once this key is validated then the server would know its really you. The great thing about this system is the key isn’t created by the OpenID server, it has to be created outside the OpenID server. This way if your user name and password are compromised they would only be good for a day, or less depending on how you have your key set up.

Idea for Storing the Key

• The key could be stored in a non web accessible directory on the the same web server as OpenID. This would entail logging into the server though ssh or other means and creating the key. Still pretty safe as you would need access to the server in order to change the key.
• Another way could be simply running your own OpenID server on you local machine, and storing the key only when the server is running.
• GmailFs or other remote mounting disks.
• Another site to create the key, although I don’t like this idea.
• You could even encrypt the key, before storing it somewhere.
• Many other possibilities

Last night Kim and I watched Catch and Release. It’s got Jennifer Garner, Timothy Olyphant, Kevin Smith and others in it. First I want to say Kevin Smith is a real fat ass in the movie. I swear in every shot he was cramming his mouth with some kind of food. He even stole other peoples food. Anyway, the movie was good. It was a very sappy movie, but also rather funny. One of the first scenes in the movie is of a guy banging a girl in the bathroom at a funeral, with the deceased fiancé hiding in the bathtub. So needless to say it has funny parts in it as well as being all sappy. I wouldn’t go out of my way to see it again, but never the less, if its on TV I may stop and watch it.

Rating: