Slashdot Mirror


User: IntlHarvester

IntlHarvester's activity in the archive.

Stories
0
Comments
4,228
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,228

  1. Re:I'm glad on Win2k Security holes found · · Score: 1


    Yes Microsoft has come a long way. For example, they now have a page and patches specifically dedicated to security issues (rather than sneaking undocumented fixes into the next release or just not doing anything), and they now pay someone to answer security-related e-mail (rather than sending messages to the recycle bin).

    Furthermore, they've actually taken default permissions somewhat seriously under Win2000, rather than letting every br0ken Windows 95 application run as they did with previous versions of NT.

    However when you say Microsoft "has come a long way", remember that 2 years ago they were completely unconscious of security issues, so anywhere is a long way.
    --

  2. Re:ArcServe sucks on Netware, too on CA Announces Program Ports to Linux · · Score: 1

    It's a shame -- ArcServe/NetWare used to be a rock solid product, back in the day.

    (Well, the Win16 client always crashed, and don't get me started about the BTrieve database... But the backups were always good.)

    BTW, the errors you describe seem symptomatic of bad SCSI cables or termination.
    --

  3. Re:OT: "white hat" hacker training material? on L0pht Gives FAQ of @Stake Merger · · Score: 1

    I'd much rather that you go for #1 too, but what if you'd rather go for #2?

    Not much I can say about it -- which is the crux of the NTBugTraq problem -- they can't make you disclose anymore than you want to.

    (For the record, I'm not advocating partial disclosure by any means, just casting doubt on if NTBugTraq is really responsible for white hats that prefer partial disclosure. It seems to me that folks in single vendor cultures [MS, IBM] tend to "give the vendor a chance to fix it" policy, while the "open systems" [Unix] folks seem to prefer the full review policy, preferably with source code at their disposal. Just something to chew over.)
    --

  4. Re:Not only is MIPS not dead, neither is Irix on SGI Gives Open Source some OpenGL Love · · Score: 1

    The funny thing is, SGI is smart. They know that if they help drive the Linux application market, they will reap the benefits: "Hey applications maker, let us help you port your Linux application to Irix."

    This is actually a very insightful take on SGI's current strategy. By promoting Linux as "Irix Jr.", they keep some of the mindshare away from NT, and towards the traditional Unix vendors (which SGI knows how to compete with).

    The question is: are people really moving towards NT because of hardware costs? Or is because NT is seen to integrate easier into a "regular" corporate network with "regular" support personnel? (I know that is one main reason Macs are on the out on most corporate networks.) Sure, the smart strategy is to be "developer-centric", but in the real world there are many pennywise-poundfoolish situations.
    --

  5. Re:OT: "white hat" hacker training material? on L0pht Gives FAQ of @Stake Merger · · Score: 1

    You have to send posts through him before they hit the list. He has in the past held onto a bug while waiting for a vendor to make a patch.

    And he got ripped for it. Thus the policy documented you linked to, where he pretty much leaves the disclosure policy up to the poster.

    I'm not sure how BugTraq works. Would they reject a post that read "I discovered a serious problem with MS XYZ, disable PDQ until MS produces a fix. If they don't have a fix out in 60 days, I'm going public."? As far as day-to-day administration goes, I'd rather have that information (even inaccurate) than nothing. (Or is that enough info to give the black hats a clue, and not enough to really kick the vendor in the butt?)
    --

  6. Re:Good article, a few problems on Mac OS X Desktop and GUI Design · · Score: 1

    I read about Command+Drag and Option+Close in the Macintosh Plus manual -- however with over 10 years of using the Mac, I can probably count on one hand the number of times I've used these functions.

    (The one exception being Cmd+Option+Sumthin+W which closes all Finder windows. I added this command to a menu using some INIT I found.)

    Basically, obscure keyboard shortcuts are as good as no keyboard short cuts. I'd prefer if Apple adopted the IBM/Microsoft/CDE method of ALT key sequences -- much easier to use for the person not dedicated to memorizing help files.
    --

  7. Re:Tog's questionable judgment on Mac OS X Desktop and GUI Design · · Score: 2

    Tognazzini calls it "inexplicable" that VBScript is not cross-browser and cross-platform, and seems to imply that this is due to engineers' habits of "enforced illogic" (which leads engineers to hate BASIC)

    Without directly addressing Microsoft's motivation for VBScript, I would just like to vote for an "ActiveScript"-like interface in Mozilla that would allow developers to add additional scripting languages via plug-ins.

    I've yet to see a real argument that JavaScript is the One True Language for web scripting, it would seem that Microsoft's approach of supporting an extendable script architecture is probably the right idea. After all, you can now write IE-specific script in PERLScript, not that you would, and it would be nice to see other alternatives like AppleScript or PascalScript (for the Borland folk) supported in a cross-platform manner. (At least when you can afford to stop supporting Netscape 4.x.)

    --

  8. Re:OT: "white hat" hacker training material? on L0pht Gives FAQ of @Stake Merger · · Score: 1

    I don't know if that's Russ Cooper's policy -- I think he leaves it up to the person posting the security hole. From the document you link to:

    2.B.I If they insist on it going out immediately, it gets sent to the list. My moderating policy ends here.

    Whether or not it's a good thing is debatable. It does allow security people to threaten the vendor with disclosure without having to post the full exploit details.

    For example, someone can post "I discovered a serious problem with MS XYZ, disable PDQ until MS produces a fix. If they don't have a fix out in 60 days, I'm going public." Now of course, the person could be lying -- perhaps there isn't really an exploit in MS XYZ PDQ, but that's up to the reader to judge.
    --

  9. Re:Switch to SCSI first on Building an Upgradable Dual Processor System · · Score: 1

    Or, just invest the money in memory and minimize the swapping bottleneck all together.

    He didn't say what OS he was using, but Windows2000 looks like it will be comfy with 128MB, minimum, and would probably be happier at 256MB (especially if you are doing light web serving, etc.). Flame on, but the memory is going to you a lot more good even under Linux than a second CPU.
    --

  10. Re:the really longterm usefulness of DOS on Interview: Learn About the FreeDOS Project · · Score: 1

    Actually, with economies of scale being how they are, I would imagine that a new 286/386 computer would cost almost as much as a low-end Celeron.

    Unless, of course, you stumble upon a secret cache of 540MB disks and 386 motherboards.
    --

  11. Re:dos kernel? on Interview: Learn About the FreeDOS Project · · Score: 1

    What? The only device driver stuff in Doom/Quake-DOS was for sound and joysticks. Even the video was through VESA (TSR or BIOS), and the networking through Novell drivers.

    Besides, most people consider an "OS" as something that loads programs. But then again, most people wouldn't reply to some AC who would compare the compexity of Doom to that of Windows.

    --

  12. Re:Clean Room Reversing on Interview: Learn About the FreeDOS Project · · Score: 1

    Can't say much except I had an opposite experience with DRDOS on a i586 EISA/PCI machine.
    --

  13. Re:Some OS'es are more immune than others on Linux Virii On Their Way? · · Score: 1

    Now I haven't heard anyone say "Linux is immune from virii,"

    I've seen those exact words posted to Slashdot far too many times...
    --

  14. Re:Permissions don't necessarily help on Linux Virii On Their Way? · · Score: 1

    Actually, any platform that combines integrated scripting with some form of Internet access is susceptible to Melissa-style viruses.

    Lotus Notes solves this problem by requiring all code to be signed, and allowing administrators and users to sandbox code based on the signature. (Netscape may have such a feature when using the Netscape server products.)

    Not a perfect solution, because it requires a Big Brother certificate authority, but it prevents they type of corporate havoc MS Outlook allows.
    --

  15. Re:pretty safe on Linux Virii On Their Way? · · Score: 1

    So, according to your logic, the "Melissa" virus isn't really a problem on a network of locked-down NT machines? After all, the damage is compartmentalized.

    There's plenty of damage a infected mere user can do, especially with poorly designed applications at his/her disposal. (Send mail, ping flood, crash machine, etc.) Not to mention variations of viruses targeted for industrial espionage.

    Perhaps some day you will be standing in front of a VP, and have to explain that despite the fact all of his files were deleted, he needs to consider it "safe" because it didn't affect the "proper functioning of the machine as a whole". Guess what -- in the VP's mind the function of the machine was to store is files safely.

    --

  16. Re:Clean Room Reversing on Interview: Learn About the FreeDOS Project · · Score: 1

    Why would you bother reverse engineering DR-DOS? It's only 95% PC/MS DOS compatible, and has all sorts of bothersome hardware and sofware incompatibilities.

    I know that people on /, like to think of Caldera as good guys, but I've played with DR-DOS, and it sucks -- the task switcher is so broken to be useless (The Quarterdeck thing was much better, and actually worked), and 'Personal Netware' was always a piece of sheet rock. Even Caldera's DOS WWW browser works better on MS-DOS than DR-DOS. I don't know why anyone would put themselves through the pain required to run a defective version of DOS, especially since virtually ever PC made ships with a MS-DOS 7 licence whether you like it or not. (Although, perhaps CPM-86 compatibility is a must for some people.)

    Go for the real thing and reverse-engineer IBM PC DOS v7. It's 100% MS-DOS compatible and runs on more hardware (MCA, ThinkPads) to boot.
    --

  17. Re:the really longterm usefulness of DOS on Interview: Learn About the FreeDOS Project · · Score: 1

    Not just games. Young'uns forget that there were some very advanced application software packages available for DOS. Quite a few people still use WordPerfect, WordStar, Lotus 1-2-3, and Paradox and DBaseIII apps. Why not? You would be hard pressed to argue that these packages are that much less functional than modern versions (except for printing, which sucked under DOS).

    Just because the OS is uninteresting, it would be a shame to toss out a ton of interesting applications. (Of course, Games are interesting too!)
    --

  18. Re:You're ignorant... on Interview: Learn About the FreeDOS Project · · Score: 1

    So, either 1 of 2 things are happening. ... Somehow, I'm betting on the first theory to be more correct.

    Actually both things can happen. By default, your first theory is how it works -- Windows just unloads, leaving you with the original version of DOS that loaded into conventional memory on boot. (Of course, this doesn't prove that Windows 9x isn't an operating system, just that it bootstraps from DOS. But any idjot could have told you that.)

    However, you can also configure it to behave like theory #2 -- just customize the DOSMODE.PIF file, and Windows will reboot into "DOS Mode" (err, actually DOS) with your custom config.sys/autoexec.bat. Typing EXIT reboots the computer back into Windows. This feature is there to allow easier access to apps that won't run under Windows but require special drivers.
    --

  19. Re:basicaly on Interview: Learn About the FreeDOS Project · · Score: 1

    Yes, 'beside' is a good way to think about it.

    On one hand you have Windows calling unmasked DOS and BIOS functions -- On the other hand DOS functions in the Win DOS box are actually calling Windows VXD drivers for most functionality.

    In Undocumented Windows 95, the author makes the point that this is actually how Windows 3.1 worked too, although Microsoft and 3rd parties neglected to ship VXD/386 drivers for most devices, relying instead on DOS drivers. (The notible exceptions were WfW networking and some sound card stuff.)

    In this light, Windows 9x is actually a kinda neat kludge that preserves 95% backward compatibility, even on the driver level, while providing the same API services as the "real" OS (NT). Unfortunately, Microsoft has put so much investment into the DOS/Win platform (USB, DirectX, etc), that many Win folk are running it even thought they wouldn't have any backward-compatibility issues with NT. (And on top of that memory requirements are now basically the same for both 98 and NT, eliminating another reason for the existance of Windows 9x.)
    --

  20. Re:dos kernel? on Interview: Learn About the FreeDOS Project · · Score: 1

    In the book "Undocumented Windows 95", all of this is explained very clearly.

    The posters here are only partially correct. Win9x boots from DOS and (natively) uses one or two DOS functions (for setting/reading the system clock, for example). You can also use DOS drivers under Windows 9x, for things like networking or SCSI, and it works.

    However as soon as Win.com throws the machine into 32-bit mode, 99% of the OS functions (depending on how many DOS drivers are loaded) are handled by the Win9x kernel. At this point a copy of DOS is kept in memory and used to fork a "DOS Window". So you are correct that Windows9x does not run on a DOS kernel, but incorrect to say that does not contain real old fashion MS-DOS.

    (Windows NT emulates DOS in a simlar way to Linux. I wouldn't be shocked if the implementation was better on Linux.)

    --

  21. Re:The whole area needs a rethink on Simple Comprehensive Config Tools? · · Score: 1

    What I would prefer to see is this db exported to something akin to /proc - a virtual filesystem containing textual representations of the db contents, and editable with a text editor or a GUI tool.

    My understanding is that the Apple/NeXT NetInfo system does something like this -- the primary storage is a database, but the DB can be exported/imported to/from standard Unix text config files. NetInfo is under Apple's open source licence.


    --

  22. Re:Cheap Laser Printer on Budget Laser Printers? · · Score: 1

    In ye olden days, I recall waiting up to 30-40 minutes for a LW II-NT to print a photoshop file.

    I don't know if this was a MacOS (or LocalTalk) issue, or it it was the printer, but it's something to chew over. Don't forget that the II-NTX was the first PostScript 2 printer ever made. These things are OLD! (But should be just fine for text printing without too many fonts.)
    --

  23. Re:I think he's right about one thing on B. Gates Rants About Software Copyrights - in 1980 · · Score: 1

    The GNU project might have existed, but it if it was, it was rooted in academic, mainframe computing culture.

    I had a TRS Model I, Apple II, etc, and there was lots of code you could get, gratis from the hobbying culture or in books/magazines, etc. There was also tons of commercial software.

    There certainly weren't any "Open Source" advocates, and the GNU project certainly wasn't doing anything to solve my Personal Computer probems (like by writing a better version of BASIC, say). It took Linux, and it's focus on common hardware to wake up most of these big iron elitists -- without Linux, GNU HURD would probably still be targeting some strange $20,000 MIPS computer.
    --

  24. Re:Software and Support on B. Gates Rants About Software Copyrights - in 1980 · · Score: 1

    Well, Gates says All that stuff be documented? I mean, they bought the box for one function, and the price was set to support them , and what he's really talking about is that the 'personal computer' business model was designed to work very differently than the classic minicomputer/mainframe model.

    Specifically, microcomputer software is generally designed to perform certain functions easily, and ignore or make difficult other functions, and to meet a specificly low price point. This has been clear for me since I tried to hack MS Basic to do database-like functions, and it's clear to a modern MS Word user who might try to create a 600 page type-set ready document.

    Gates' point is very clear -- If Radio Shack (not MS) wanted to document the ROM routines and provide high level support, the cost of the Trash-80 Model I (my first computer, I do remember it well) this could be reflected in support costs. (Gates was talking about end-users, but the concept is probably more akin to what is now called "developer relations".)

    Until recently, Microsoft has always had the worst support and the most limited software, but always were the cheapest. They bet that price was a more imporant selling point than features, and if anything, their market capitalization proves them right. The revolution (in those days) is that you as a private individual could even have a computer, not that you could get documentation and source code and IBM-levels of support.

    However, despite MS's various crimes, I think the reporter put Gates in a hotseat that he didn't deserve to be in. Microsoft was pretty much a hired gun in those days -- they could give a crap what the vendor did with the software they licenced from MS. Both Apple chose to publish the full source of the ROM and MS Basic. Radio Shack didn't. Both Apple and IBM are still big names in the personal computer industry. Radio Shack isn't.

    (And of course, Linux smashes the successful Microsoft price-over-features business model. However, the kind of "features" included are very important to the end user, and it remains an open question if the traditional Unix features are enough to be convincing to the general populace.)
    --

  25. Re:AOL 5.0 Versus Windows 2000 In A Steel Cage! on AOL's Upgrade of Death · · Score: 1

    Yeah, it's Microsoft's biggest product release in 5 years, and the geniuses blow it by distributing betas of a similarly named, but completely different product.

    And these guys supposedly got where they are through marketing...
    --