Slashdot Mirror


User: Animats

Animats's activity in the archive.

Stories
0
Comments
14,273
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,273

  1. Re:Code, meet data on No JavaScript Needed For New Adobe Exploits · · Score: 3, Interesting

    Because some genius thought that it was a great idea to put a launch command in the PDF spec.

    Yes. That should formally be removed from the ISO standard.

    I tried the proof of concept code in SumatraPDF, and it didn't work. But may be a bug in SumatraPDF; there's an error message about a sync file failure.

  2. Re:How long will this video last? on Wikileaks Releases Video of Journalist Killings · · Score: 1

    Al Jazeera just picked it up.

  3. Re:How long will this video last? on Wikileaks Releases Video of Journalist Killings · · Score: 1

    The mainstream press has been slow picking this up. It hit the Huffington Post earlier today, and the BBC about 10 minutes ago. As yet, no mainstream US news source has picked it up.

  4. Re:My View as a former Bradley gunner and Infantry on Wikileaks Releases Video of Journalist Killings · · Score: 4, Interesting

    Firing on the van completely blew my mind.

    Yeah. The van was recovering the wounded on the ground. They were unarmed and presented no threat. The air element was clear on this; they clearly identified the van as recovering wounded, requested permission to engage, got it, and fired. It wasn't a mistake. That's a court-martial offense.

  5. Re:Steves coolaid on Microsoft and Apple Rumble Into Middle Age · · Score: 1

    You hype systems (like Windows and Linux) which, although open, force users into the role of system administrator all too often and deliver inconsistent user experiences.

    Yes. Linux and UNIX have suffered from a "system administrator mentality" for decades. The Linux crowd just doesn't get it. Using text files for configuration at this late date is just embarrassing.

    I don't want to do system administration on little machines. I know how, but it's obsolete. Much system administration is required because something is broken at the design level.

  6. Re:Too expensive, and impractical on Tsunami Warning From Space? · · Score: 1

    Good old fashioned air raid sirens would be much cheaper and a hell of a lot more effective at getting the information to the people most likely to be in harm's way during a tsunami.

    Which, in fact, is what's used in some areas. Sirens today are usually loudspeakers, so they can broadcast messages too. Here's a test.

    There is one deployed laser beam warning system. This is deployed around Washington, and aims laser at intruding aircraft, flashing red-red-green. This is intended to warn off lost VFR pilots, after two incidents where the Capitol was evacuated because someone in a light plane wandered into the Washington area. It won't work through clouds, but it's the VFR pilots on clear days who create these problems. IFR pilots are in contact with air traffic control at all times, have better nav gear, and tend not to wander into restricted airspace.

  7. It's like ex-fighter pilots on Astronaut Careers May Stall Without the Shuttle · · Score: 4, Interesting

    It's like being an ex-fighter pilot. If you've worked in aerospace, you've probably met plenty of former fighter pilots. They're a fun crowd, and they do OK after giving up the cockpit.

    Being an astronaut hasn't been glamorous for a long time. Those guys spend far more time doing "Lunch with an Astronaut" than they do flying.

  8. Re:No Way on Talk of an Apple Search Engine To Thwart Google · · Score: 1

    Did Bing really fail?

    Interesting question. The original XBox was a financial disaster for Microsoft. A decade later, Microsoft's gaming operation is modestly profitable, but I don't think that they've yet covered all their early losses. Microsoft has enough money and patience to stay with Bing until it takes over.

    Remember when Microsoft introduced Internet Explorer, and put Netscape out of business?

  9. Re:Other Important Uses on Chicago Debates Merits of ShotSpotter Technology · · Score: 2, Interesting

    East Palo Alto was the first city to have complete coverage. They say it has helped reduce shootings.

    Shootings are way down in East Palo Alto, which used to be "Murder City, USA". But not because they have a ShotSpotter system. The highest crime area, Whiskey Gulch, was where the liquor stores were concentrated. It's the only place I've ever seen a fully bulletproofed fried chicken outlet, with food delivered through an armored turntable.

    That entire area was "redeveloped" around 2000. It was levelled, and replaced with a Four Seasons Hotel and an office building full of lawyers. The area nearby, across the freeway, with a low-end motel and some housing, was also levelled and replaced by a large mall and an Ikea store.

    Then real estate prices in the area went up, many of the poor people were forced out, and the crime rate went down.

  10. Tax interest paid by corporations on What the Top US Companies Pay In Taxes · · Score: 2, Interesting

    A good first step would be to make interest paid by corporations non tax deductible.

    There are three ways a company can pay for its capital. It can pay out dividends, borrow and pay interest, or buy back its own stock. All should get equivalent tax treatment.

    This would make leveraged buyouts and private equity transactions much rarer, because those are basically equity-to-debt conversions. If the tax advantage of debt payments over dividends went away, we'd see less dept-heavy corporate structures and more dividends. This leads to sounder companies more able to weather bad times.

  11. Pay, pay, pay. And don't skip the ads on iPad Launches, FCC Teardown Leaked · · Score: 5, Insightful

    Most of the people here are missing the point. The iPad is all about paying for content. And the content isn't cheap. The Wall Street Journal costs more on the iPad than on paper. $5 a month seems to be a typical price for online magazines. The iPad creates a direct connection between content providers and your wallet.

    And there's no ad-blocking. You will will watch the ads. The "app" concept means that the program, not the user, has control. If the program wants you to look at the ad for 10 seconds, you will look at the ad for 10 seconds.

  12. Lemmings on The Struggle To Keep Java Relevant · · Score: 5, Insightful

    I was just by the Apple Store in Palo Alto, CA. There are people lined up for the iPad launch, some sleeping in tents. Three TV stations are covering the waiting line. Reminds me of Apple's "Lemmings' video.

    Actually, the state of the art in programming languages still sucks. The mindset that "it has to be unsafe to go fast" is so deeply entrenched in the C/C++ community that fixable problems aren't fixed, and as a result, millions of programs still crash every day. The "virtual machine" thing has resulted in ".NET", a virtual machine for x86 only. The "scripting language" approach is useful, but fanatical late-binding coupled with naive interpreters makes for very slow execution, as with Python. Few mainstream languages do concurrency well; the notion that concurrency is the operating system's problem results in pain for all concerned.

    Looked at that way, Java isn't bad. Memory safety is good. There are efficient compilers. There's some language support for concurrency. It's not too weird, and not too theoretical. Java is mediocre, but better than most of the alternatives when you need to get large amounts of work done.

  13. Re:More deaths on White House Issues New Gas Mileage Standards · · Score: 1

    For survivability you don't want "sturdyness", you want the car to be crumply.

    It's striking how well that works. It's common to see wrecked cars where everything in front of the passenger compartment is crushed, but the windshield is unbroken and the passenger compartment is completely intact.

  14. Why not? on Finland To Try Scanning Snail Mail · · Score: 1

    Why not? What comes in by snail mail today?

    1. Bills from companies that don't handle online billing.
    2. Junk mail.

    And they're filtering out the junk mail!

  15. The iPad is really about ads and paid content on How the iPad Is Already Reshaping the Internet (Sans Flash) · · Score: 1

    There is no AdBlock for the iPad. When the user runs an "app", the app has full control of the user experience. If the app wants to run an ad that can't be skipped, it can. The advertising community has been excited about this for months.

    It's noteworthy that the Wall Street Journal charges more for their iPad version than for their print version. (It may have more features; most of the stock tables have disappeared from the print version, since everybody serious gets that info in real time. The iPad version might bring back stock info.) Dow Jones and Company has always been in the forefront of timely online delivery. Their original business was delivering stock quotations, and they used to own and operate a huge network of stock and news tickers, which started up in 1897. Their "online business" is still bigger than their print business.

    We control the horizontal. We control the vertical. ...

  16. 88? Not that lucky. on Ed Roberts, Personal Computer Pioneer, 1941-2010 · · Score: 4, Informative

    2010 - 1941 = 69

  17. Adobe misfeature on New Method Could Hide Malware In PDFs, No Further Exploits Needed · · Score: 2, Informative

    Explaination

    Video

    Demo PDF file (as .zip)

    PDF apparently has (stupidly) a capability to launch an executable program which is run when the PDF file is opened. There's a warning message. All the exploit does is put in some text like "To view the encrypted message in this PDF document, select "Do not show this message again" and click the Open button." into the warning dialog box.

    Incidentally, SumatraPDF doesn't do this, but that seems to be a bug; the test file produces "Synchronization file cannot be opened".

  18. No database copyright on Facebook Kills Dataset of Crawled Public Profiles · · Score: 1

    Finding something on the web does not give you the legal authority to publish and redistribute it.

    The US doesn't have "database copyright". The US has Feist vs. Rural Telephone, which says that "facts" can't be copyrighted. It's legal to scan in a phone book and load the address info into a database. You just can't reproduce the page layout; that's covered by copyright. That decision created the third-party phone book industry and began the era of widespread data mining.

    The EULA issue is harder. If you're going to mine Facebook, you probably shouldn't have a Facebook account.

    I'm surprised, though, that Facebook doesn't have systems which prevent programs from accessing pages in bulk.

  19. MIT needs to get their PR department under control on MIT Finds 'Grand Unified Theory of AI' · · Score: 5, Insightful

    This is embarrassing. MIT needs to get their PR department under control. They're inflating small advances into major breakthroughs. That's bad for MIT's reputation. When a real breakthrough does come from MIT, which happens now and then, they won't have credibility.

    Stanford and CMU seem to generate more results and less hype.

  20. Japan does the opposite on How To Build Roads To Control How Fast You Drive · · Score: 1

    Japan does exactly the opposite. It's common in Japan to have barriers between heavily traveled urban roads and sidewalks. On the other hand, Japan has speed limits well below what US drivers would consider "normal". The general urban speed limit in Japan is 25MPH (40Km/h)

    A basic truth about highway design is that capacity of a lane is maximized around 35MPH. Above that, the increased spacing between cars brings the vehicles-per-minute figure down. On-ramp metering systems work to that number, limiting cars entering freeways to keep speed around 35MPH at peak periods.

  21. What if General Motors did this? on "Install Other OS" Feature Removed From the PS3 · · Score: 3, Insightful

    There would be an uproar heard in Congress if General Motors used their OnStar download links to remove a feature. Suppose GM did something so that third-party audio players like the iPod couldn't use the car's speakers. This isn't totally unreasonable. GM's onboard entertainment system has a port for connecting a CD changer. If you didn't buy the CD changer option, that port is unused. There are third-party non-GM adapter kits for connecting an iPod to that port. The dashboard CD changer controls then control the iPod.

    GM could probably download an update to change the interface so that this would no longer work. GM would prefer that customers buy a GM audio source; they remarket XM Radio. Arguably, the iPod is a device for pirating music, and removing that capability would enhance the security of the system. It would also eliminate the possibility of unauthorized iPod software interfering with the car's networks, and perhaps the OnStar system.

    So why shouldn't GM do that?

  22. Too much functionality on Security Holes Found In "Smart" Meters · · Score: 3, Insightful

    The trouble with "smart meters" and the "smart grid" is that it's too easy to put in excess functionality that can cause trouble. The ability to do remote firmware upgrades is an example. The ability of meters to communicate with each other is another.

    The "smart grid" has way too much centralized control in it. All that's really needed is remote meter reading, plus some broadcast signals to indicate how scarce power is at the moment. The customer should have read-only access to their meter from their side of the meter. High-current appliances should be able to query the meter to find out if it's OK to draw heavy power right now. The power company should have no data path to appliances.

    Incidentally, some "smart meters" support pre-paid service, where customers have to pay in advance and are turned off automatically when their pre-payment runs out. There's also wattage-limited service, where the power turns off if a maximum load is exceeded. This can be used for collection purposes; if you get behind on your electric bill, your consumption is limited. There's a whole new range of ways for screwing poor people going in. It's like "check cashing" stores.

  23. Re:why? on Security Holes Found In "Smart" Meters · · Score: 1

    why is it physically possible for anyone to remotely turn power on and off?

    To make customers pay their bill.

    (Remember Mr. Burns doing this on the Simpsons? Now it's real. Excellent!)

  24. No, it's not the "long tail" on Microsoft Lost Search War By Ignoring the Long Tail · · Score: 4, Informative

    Remember Cuil? They were originally talking about the "long tail"; they wanted to have a bigger index than Google. Cuil is mostly ex-Google people, and they thought they could re-do Google at lower cost.

    Didn't help Cuil.

    There's ongoing effort in search engine development. Unless you pay close attention, though, it's invisible. A few years ago, around 2007, Yahoo introduced about fifty specialized search sub-engines. These understood weather, stocks, sports, celebrities, movies, and similar popular search topics. They focused on areas that have a strong structure, and need a lookup engine that understands that structure. For about six months, Yahoo was way ahead of Google on such searches.

    Didn't help Yahoo. Google implemented something similar and caught up. Now everybody does that.

    It's not clear that the Twitter search is a win. Bing announced they were going to do Twitter and Facebook searches, and a day later, Google announced they'd do that too. Google implemented Twitter search, and apparently Bing didn't. Twitter search just seems to clutter up Google results.

    In the last year, Google has become much more aggressive about interpreting queries. Google tries hard to infer from the query words what the user is really looking for. This tends to work for popular queries (since it's based on statistics from other queries) and doesn't work too well for unusual queries. For hard queries, you need to use explicit operators ('+' and '"') with Google more than you did a year ago.

    The big search engines are still doing badly at de-rating sites which are basically link farms. When you're searching for a product, and you get a hit that's just some site with ad links to other sites, that's a fail. Search for auto parts, and you're likely to get "parts.com", "thepartsbin.com" and "who-sells-it.com", which are just "portals". They don't even return pages that are actually about the part in question. ("thepartsbin.com" pages are all essentially the same, except for keywords inserted for SEO purposes.) Search engines need to look at the business behind the web site. If a business has a million commercial-looking web pages, and a total business volume of a few million dollars, they're probably bogus. That's a part of the "long tail" you don't need to visit.

  25. Remote management security not good. on Remote Malware Injection Via Flaw In Network Card · · Score: 2, Informative

    IPMI remote management security is worrisome.

    There are Linux utilities for IPMI. It's definitely worthwhile running "ipmiutil discover" on any LAN you control, to find out if anything out there speaks IPMI. It's also worthwhile monitoring your data center's networks for anything happening on UDP ports 663 and 664. If you're not using IPMI, make sure no one else is.

    A big problem with IPMI is that the shipped hardware defaults really matter. If someone ships you a NIC card with IPMI enabled and the password known, you are 0wned at a very low level. IPMI boards offer various levels of authentication, some of which offer good cryptographic security. But one of the options is "no authentication".

    A deeper problem is the possibility that NIC chips might have a default backdoor password built in. Many NIC chips now are designed in China.

    Understand how much you can do via IPMI. You can turn the machine on and off remotely. You can force a reboot. You can change the boot settings. You can change the MAC address. You can override the front panel power and reset switches.(!) You can lock out the keyboard, blank the screen, set up a connection which the computer sees as a hard-wired keyboard, and boot from the LAN. The operating system isn't involved in any of this; it's taking place at a level below that of the main CPU.

    Dell's guidance on IPMI is terrifying. See Figure 3, where IPMI over LAN is being enabled with username "root", no password. This sort of thing is common. The default password on Dell PowerEdge servers is "calvin", on Sun Fire servers its "changeme", in both cases the user is "root"."

    If you try to do it right, turning on all the crypto and using unique random keys for each chassis, someone has to manually type in the encryption key in hex on each new server. Then you need a remote management program which securely holds all the keys. How many shops really do that?