Lisa Westveld’s Techdirt Profile


About Lisa Westveld

My friends call me Lisa. My enemies can refer to me as the Dutch Ice Princess from Hell. Fortunately, I have no enemies. :-)
Yeah, Dutch, female, young, intelligent and I have a girlfriend, which makes me a Le..ia. and proud of it!

Lisa Westveld’s Comments comment rss

  • Feb 18th, 2016 @ 1:01am

    Has anyone even looked at this site?

    Come on, guys! They don't want it off the Google-index because it's all secret but worse: it's butt-ugly! You need Internet Explorer to correctly see the page, else things look a bit weird. And it has been developed in an Ancient .NET version in a pretty bad way. And it would not surprise me if a hacker gets inside within 15 minutes of experimenting.
    But the page... And the Code... Oh, it hurts my eyes so badly! Quick! Close it, forget it, BURN IT DOWN! I agree with them and this should be DMCA'd because no one should be able to see such ugliness...
    It's Geocities all over again...

  • Feb 11th, 2016 @ 2:19am

    Double standard at Facebook

    It might be interesting to know that there are groups on Facebook that discuss all kinds of erotic things and even contain erotic images without Facebook responding to them. One of them would be which happens to exist for a long time already and often shares nudity and mild pornography. (It's a closed group, though.) And I know that some people have tried to report the group, but it just continues to exist. Facebook does not take any action against it. And the banned picture is quite tame compared with the contents of this group.
    So, Facebook has no problem with porn, as long as it happens in closed groups...

  • Dec 1st, 2015 @ 12:47pm


    Well, the rhyming could have been better. Let's make a contest of this, trying to see who can ridicule this guy the best with rhymes! :D

  • Dec 1st, 2015 @ 12:44pm

    (untitled comment)

    Let's rhyme if I mat be blunt,
    This Milorad Trkulja is totally a c**t!
    Trying to get Techdirt plucked
    but Milorad Trkulja is totally f***ed.

    Well, just sharing my opinion here. A guy who makes these kinds of threats isn't a gangster anyways. He's just a pathetic moron. If he gets shot in the back again, no one would cry about it, I think.

  • Nov 3rd, 2015 @ 4:27am

    (untitled comment)

    Abe List isn't out of the Woods yet. :)
    Sorry, had to say that. I'll powder my nose now. Woods, wanna join? :P

  • Sep 25th, 2015 @ 4:03am

    (untitled comment)

    Quote: "dead celebrities that had lived in the state at the time of their death."
    Huh? What? How can they live in a state when they're dead? Don't you just mean celebrities who died in that state? :)

  • Sep 8th, 2015 @ 10:34am

    (untitled comment)

    I think Getty actually wanted all this media attention. Once in a while they have to display some of their power again to make the people who pay them a bit happier.

  • Jul 28th, 2015 @ 6:43am

    (untitled comment)

    So? Now what? Will they have to pay it all back now? To whom would they have to pay it all back anyways?
    I think they'll just pay a big fine and be done with it. The CEO and other directors should just end up in jail in my opinion and this company should be forced to close its doors because of this fraudulent actions but it probably just ends with a large, tax-deductible fine. Big deal...

  • Jul 27th, 2015 @ 7:58am


    Actually, back in the time when the whole area was called the USSR, a lot of people were forced to move to other locations in the whole USSR. Especially the Russian citizens were moved to all of these "foreign" location, turning them into an invasive, legal aliens.
    Then the USSR fell apart, those Russians just stayed where they were, demanding they would become basically dual-citizens. A large population of the Ukraine and especially the Krim las a lot of Russian people.
    There are also plenty of Ukrainian people in Russia, though. The forced migrations worked in two ways and was meant to make everyone equal to one another.
    But now Russian and Ukrainian Nationalists are calling for a forced separation. And that's basically what started the whole conflict.
    Yeap, Putin is Evil, but Putin isn't Russia!

  • Jul 27th, 2015 @ 5:05am

    Re: Re:

    Rhe Russian Intelligence or the American Intelligence? They both seem to lack the Intelligence... :)

  • Jul 27th, 2015 @ 4:28am

    (untitled comment)

    But what if the USA did create those weapons and misspelled it on purpose so everyone would think they're fake while they're really the real deal?
    And what if Russians are claiming these typo's were done on purpose by the USA because of the above logic, while it's not true?
    And what if the USA is claiming the Russians are lying when the Russians claim that the USA delivered these weapons including this typo to make it seem they did not send them?
    And what if the Russians... Oh, well... You get my line of thinking by now. The truth? We'll never know it...

  • May 18th, 2015 @ 10:47am

    Re: Re: Re: Re: Re: Re: Troublesome certificates...

    They might risk it if they can somehow get away with it and if risking it would increase their profits. In the end, Verizon just wants to make profits so if listening in on HTTPS traffic provides additional revenue, they will certainly look at the risks involved.
    If they risk compromising their root CA then they could just make use of a different root CA by someone else. Or they will limit it to specific areas, countries or perhaps even their free WiFi, if they offer that somewhere.
    Revoking a root CA isn't something Google or Mozilla will do that easily, since Verizon is big and powerful. The legal consequences might result in just a warning from Google and Mozilla and Verizon will reverse their changes.
    Providers in other countries might even have it easier. The Iranian or Chinese government could force all computer users to install a government-issued certificate that they can use to listen in on all traffic. The providers would then route all traffic through this system and the people might complain, but can't do much about it. That's the power of a monopoly.

  • May 18th, 2015 @ 5:03am

    Re: Re: And held for "moderation"

    He meant the other Brian... :)

  • May 17th, 2015 @ 10:42am

    Re: Re: Re: Re: Troublesome certificates...

    As a CA, Verizon can create it's own certificate and use it to sign a specific domain like Google or TechDirt. The certificate would appear to be legitimate for the browser since it is signed by an official CA and mentions the right domain. The fact that Verizon created it on the fly doesn't really matter since it will look quite official. (Including any details found in the original public certificate!)
    To check it, you would need to check the certification path, which would differ from the original certificate. Without access to the original certificate to compare, you can't know if you have the real certificate or a proxy version created by your provider.
    But if your browser or App has the original certificate included in the executable, it should be able to validate the certificate with whatever the site provides.
    Which only works as long as your browser or app gets updated when the certificate changes...

  • May 17th, 2015 @ 8:20am

    Re: Re: Re: Re: Troublesome certificates...

    Actually, some ISP have more or less made this happen already, but mostly to provide a better user experience for mobile phones. They would intercept all HTTP and HTTPS traffic and they would cache all large images on those sites to replace them with smaller versions for customers using their mobile phone to browse. This would reduce the amount of traffic but with HTTPS, they would have to become an in-between proxy and sign the traffic between proxy and user with their own certificate.
    ISPs have played with this option, noticed it "broke" the Internet and stopped doing it again. Nowadays, this is still possible as a special proxy so your mobile bandwidth is reduced.
    Since your provider is a trusted CA they could easily create their own certificates to use for this proxy and thus still capture all HTTPS traffic. Law Enforcement actually has the same option! And to protect yourself against it, you will have to check each certificate carefully before continuing browsing the specific webpage. That is, if you're really paranoid.
    There are additional securities, though. The Chrome browser knows the public certificates for Google and other popular sites so it can validate against those. And it should be possible to have browser extensions that can do the same checks for you. It is also a good reminder for App builders to include their public key inside the app so they don't need to ask for it from the web service. There are plenty of ways to detect these attacks and if Verizon would do something like this, like here on TechDirt.
    It is more secure than regular HTTP. But still, every security measure can fail and has weaknesses that can be exploited by parties willing to do so. With more and more sites moving towards HTTPS, it becomes more interesting to e.g. hack those certificates and recalculate the private key for all those public keys that are out there. It requires a lot of processing powers but it is not impossible. It is why we continuously have to find new and better encryption methods, simply because the old ones become too weak at some point in time.

  • May 16th, 2015 @ 12:06pm

    Re: Re: Troublesome certificates...

    Verizon does not need the private key since they can use their own private key to encrypt everything again. The only way that you'll notice this is when you check that public key that you've received. To prevent this, you would have to disable any Verizon certificate that's on your own system so the browser will warn you. Basically, Verizon would use a proxy server and as administrator they can tell you that the proxy certificate is the valid one.
    You try to connect to a HTTPS site through the proxy. The proxy detects this and Connects to the HTTPS server by itself, thus receiving the public key that it needs for the communication between proxy and site. And Verizon would use its own certificate to sign the connection between user and proxy. And as a result, your browser will think it has a valid public key, which is true. The Verizon certificate is probably already in your store. But if you check the certificate, you'll see it's the wrong one!
    There is a solution, though, which I think is done by Google. In Chrome a few public keys are stored in the browser executable instead of retrieved over the Internet. Thus, the Chrome browser will know if it is talking to the true Google server or not over a secure connection. If the certificate it receives differs from the one it already stored, alarmbells will go off.
    And then the user clicks them away because users are generally not that smart...

  • May 16th, 2015 @ 2:32am

    Troublesome certificates...

    Sure, HTTPS is better but it requires certificates to be linked to your domain. As a result, hosting multiple domains becomes more troublesome since every domain needs its own certificate. It becomes even more troublesome when you also need SSL for your subdomains.
    It adds a lot of maintenance for the webmaster who hosts multiple domains. You need to renew the certificates and you need to know what SSL is and how to use it. And how to debug any SSL-related problems. It is generally a huge pain in the donkey. (Well, other word for donkey, that is.) And you have to consider if it really makes customers happy.
    Client-side, same problem. When you create an app for the iPad and/or Android then using SSL requires a little more coding action. A little more knowledge that most seem to be missing.
    The biggest problem is that the lack of knowledge about HTTPS and SSL will increase the vulnerability of specific systems, not decrease them. Certificates get lost or fall into the wrong hands. And it still doesn't protect you that well against a man-in-the-middle attack. Verizon could easily just intercept the HTTPS traffic, decrypt it and re-encrypt it with their own SSL certificate you your browser would not know about the "attack". Actually, they can encrypt it and just send a copy of the unencrypted data to the user, so they will analyze the content that the user was looking for. It makes tracking a bit harder but they still know whatever person at address finds interesting.
    So, I think HTTPS just gives a fake sense of security. And Verizon including their own headers in the HTTP traffic should be a criminal offense. They're violating Net Neutrality.

  • Apr 20th, 2015 @ 3:50pm

    Re: Re:

    I'm not taking it seriously. :-) But my head gets confused by all the styling issues in the code, so it doesn't compile in my head.
    Besides, it would not be a big problem to make the other strings to link to some page, thus making them the same style. :-)

  • Apr 20th, 2015 @ 2:19pm

    (untitled comment)

    They fixed it. :-)
    Semicolons are optional in Python. Either your style is to always use them or never use them, not some mix-and-match. :-)
    The preferred style is to not use them.

    Also, you're not supposed to underline some of the strings. Either use underline for all string constants or no string constants. This doesn't read properly. :)

  • Apr 20th, 2015 @ 1:06pm

    (untitled comment)

    You're missing some semi-colons so it doesn't compute. Sorry. :-)

More comments from Lisa Westveld >>