Slashdot Mirror


User: Animats

Animats's activity in the archive.

Stories
0
Comments
14,273
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,273

  1. Security granularity too big on Virtualization Decreases Security · · Score: 2, Interesting

    I'm always amazed that virtualization on x86 works at all. The architecture didn't support it, and VMware dealt with that by dynamic code patching. Then Intel and AMD both added some hardware support, but 1) incompatible between Intel and AMD, and 2) single-layer (you can't run a VM on a VM on a VM, unlike IBM mainframes, where that works quite nicely. And then there's the issue that you now have two levels of scheduler, which may or may not play well together.

    But those aren't the real problems. From a security standpoint, a VM running a whole operating system is an overly large security domain. It doesn't even contain, say, exploitable PHP scripts on a server, let alone a rootkit. In fact, almost any exploit that will work on a standalone server will work on the same server inside a VM, and can cause just as much trouble on the net. Now you can have multiple corrupted VM partitions!

    What we're really seeing is that server virtualization is a way to unload security worries from the server farm operator (be it a hosting company or an in-house operation) onto the user. If the server operator just gives the user an empty partition and takes no responsibility for maintaining it, it's cheaper to be a server operator. Server management is easier. But it's no more secure from the standpoint of network, user, or data protection. Too much code in one security box.

  2. Didn't we see this article a few weeks ago? on ARPANet Co-Founder Predicts An Internet Crisis · · Score: 1

    I think this is a dup. This is the virtual circuit guy again, isn't it?

  3. ICANN needs to put registrars out of speculation on ICANN Investigates Insider Domain Name Snatching · · Score: 4, Informative

    One of the provisions of the ICANN Registrar Agreement is this:

    • 3.7.9 Registrar shall abide by any ICANN adopted specifications or policies prohibiting or restricting warehousing of or speculation in domain names by registrars.

    So ICANN has the authority to insist that registrars get out of the domain speculation business. They don't have to ask the registrars; they can simply order it.

    Currently, most of the "registrars" are fronts for domain speculators. Take a look at the list. There are whole families of phony registrars (Enom1, Inc., Enom2, Inc., Enom3, Inc., ... Enom371, Inc., ... Enom469, Inc.) There are ones who admit they're domain speculators (NameJumper.com, Inc., "!!BBB Bulk Inc"). There are ones that are fronts for "Club Drop".

    Most of these "registrars" are so phony they don't even have a business address.

    This registrar information is useful for filtering junk sites. If a site is registered with one of the bogus registrars, it's probably desirable to block its e-mail (which is probably spam), and throw it out of search engines.

  4. Verizon had to stop disconnecting customers on NY Wrests $1 Million From Verizon Wireless · · Score: 1

    The key point, from the AG's press release, is "Since April of 2007, Verizon Wireless has voluntarily ceased cutting off customers based on their data usage and no longer prohibits common internet uses." So they do have to provide "unlimited" service. The "voluntary" part means "did it before the state got a court order".

    Disclaimers, by the way, don't help. It's a false advertising lawsuit. The big print said "unlimited", and if the small print disagrees, that's false advertising.

  5. Wow on Microsoft to Pay $240 Million for Stake in Facebook · · Score: 1

    Wow.

    Facebook is tiny. It's this one little building on Hamilton in Palo Alto, next to the nail salon and the foam store. The servers are in some colo elsewhere.

    "Web 2.0" is starting to look way overvalued. Companies are buying "clicks" and "eyeballs", not revenue. Remember what happened last time.

  6. "Americans have fat fingers" on The Best Tech You Can't Get in the US · · Score: 1

    Tiny laptops have never caught on in the US, although they've been around for years. "Americans have fat fingers". You can certainly get one in the US if you want one, but they're don't sell well. The Via Nanobook is a reasonable choice, and Sony has a whole range of them. Then there are the UMPC machines, which are little laptops partially usable without a keyboard.

    Designers are still struggling in the "too big for a phone, too small for a laptop" niche. There's a long history of duds in that space. Remember the Nokia N-Gage? (Nokia's relaunching that brand next month, with a new form factor.)

    Incidentally, the One Laptop Per Child machine is in mini-laptop scale. It fits kid-sized hands. This isn't obvious from most of the publicity pictures.

  7. There are only about 26,000 real CS jobs in the US on Gen Y Tech Savvy, But Not Interested in a Career · · Score: 2, Interesting

    The Bureau of Labor Statistics says there are only about 26,000 "computer science" jobs in the United States. Not "information technology", not system administration, not tech support, but the jobs where people actually research and develop new technology.

    If you're really good, there are openings in the operating systems groups for the iPhone and the Palm. There's good technical work to be done there, the pay is OK but not spectacular, you will have no life, you get no respect, and few will ever understand what you did. (If you take the iPhone job, you get to meet Steve Jobs and have him scream at you.)

    The trouble is, if you're smart enough to do those jobs, you can probably do better doing something else. Two smart young people I know, with Stanford CS degrees, are running hedge funds.

    And that's the top of the field. Further down, it's much worse, endlessly fixing systems that could have been designed not to fail, but for which the costs to do that would have been higher than fixing them.

    I'm not complaining personally; I've done very well in computer science. But I can't recommend it as a career choice today.

  8. Filtering out bogus domains - one approach on Verisign To Sell DNS Root Server Lookup Data? · · Score: 2, Interesting

    Does anyone actually buy anything from those bogus domains, or are they all making their money by what is essentially click fraud? Most of them seem to just deliver ads from the usual ad services.

    We've been demoing our filter for bogus on-line businesses, SiteTruth, for a while now. Remember "on the Internet, no one knows if you're a dog?" SiteTruth can usually kick the dogs out.

    The basic concept is to try to find the business behind the domain. If the web site isn't selling anything and isn't running ads, it's not rated. If it's selling something, there needs to be a business address on the site, preferably one that matches up with business records. So we look through the site for addresses, check SSL certs, look at business directories, do some crunching, and come up with a rating automatically. This is effective against link farms, spam blogs, landing pages, and most of the other trash on the Web.

    We use the ratings to reorder search results. We don't block suspicious sites; they just move down in search results. It's a clue stick to apply to suspicious sites - be clear about who's behind the site, or be ignored.

    This is an alpha test demo, set up as a search engine web site. The real version will be a browser plug-in. Meanwhile, feel free to try out SiteTruth and complain where appropriate; that's why we're in test. There's a link to the SiteTruth blog on the site if you want to comment. The most interesting searches to try are for heavily spammed keywords, like "herbal viagra" or "london hotels". If your own domains get low ratings, click on the rating icons to find out why. If you're legit, it's usually because the web site has some easy to fix problem.

    We've been hearing some grumbling from a few domain owners about this, which indicates we're on the right track. They usually have some long, whiny explanation of why they shouldn't have to disclose the address of their "online business". Tough.

  9. Code randomization a bad idea on A Closer Look At Apple Leopard Security · · Score: 1

    "Code randomization" is a terrible idea. Virus writers will write something that searches around for the right place to patch. Developers will think buffer overflows are now OK, and write worse code. Worst of all, bugs become nonrepeatable and harder to debug. (Great for tech support. Much harder to pin blame on the vendor now.)

  10. Microsoft's vision of the future on Driver Update Can Cause Vista Deactivation · · Score: 1

    If you want a vision of the future, imagine a boot stamping on a human face - forever. - George Orwell

  11. Re:GDC is not E3-part 2 on E For All Attendance Lackluster · · Score: 1

    If I see cosplay people at the next GDC I'm getting my bat...

    I once took an animator friend to GDC, dressed as a game warrior, with boots, short skirt, tank top, equipment belt, and fingerless gloves. She's from SF, where that's ordinary clubwear. She was an early Maya user, and stopped by the Maya booth to find out if some critical bugs were being fixed in the next release. The Maya people had real trouble dealing with a woman who looked like a booth babe but actually understood the product.

    (This was back when Alias/Wavefront, out of Toronto, had Maya. They were somewhat conservative.)

  12. Everybody serious goes to GDC on E For All Attendance Lackluster · · Score: 1

    The trade convention is now the Game Developers' Conference. That's where both the technical people and executives now go. Sessions like "Know Your Players: An In-Depth Look at Player Behavior and Consumer Demographics" and "10 Steps to Success in Outsourcing Contracts" are attended by suits and management level technical people. "Meeting Players Halfway: Using Adaptive Systems to Prevent Player Frustration" gets game designers. The more theoretical game programmers go to talks like "Skinning with Dual Quaternions".

    GDC has replaced E3 as the working convention for the game industry. That's where you make deals. It's all pros, no fanboys.

    There's also the Hollywood Games Summit, where the game industry suits meet the film industry suits. Sponsored by AFTRA, Sony, ILM, IBM, ILM, Paramount, TBS, WB, NBC, FOX... That costs $800 to attend, but they throw in subscriptions to both Game Developer and the Hollywood Reporter. Plus you get to go to the "Deal Makers Martini Reception".

    So that's what really replaced E3.

  13. New York Sun has good coverage. on FBI Coerced Confession Deemed "Classified" · · Score: 1

    Good coverage in the New York Sun, the leading New York tabloid.

  14. Re:Consider on Very High Tech - Elevator Garages in an NYC Hi-Rise · · Score: 1

    You've clearly never looked at real estate prices in NYC, lived/worked in NYC, and might very well be delusional.

    That's a bit much. There are thousands of people who have apartments in Manhattan but don't live there. They're in the city enough to need a reliable place to stay, but live elsewhere. It beats staying in a hotel, and, more important, you know it's available. NYC occasionally hits 100% hotel utilization, which can be inconvenient if you have an important meeting the next morning and are stuck in a motel in Fort Lee.

    Some people rent out their city apartments when they're out of town. I've rented a very nice apartment in Southwark (London), near the London Eye, when staying there. Belonged to some minor movie producer.

  15. It's been done on Very High Tech - Elevator Garages in an NYC Hi-Rise · · Score: 3, Informative

    This isn't the first. There's at least one apartment building in Dubai with a similar setup. There's CarLoft in Germany. There's one on Charlotte, NC. It's even been done in New York before; there was a writeup in Elevator World.

  16. Consider the benefits of fractional jet ownership on United Makes Plans to Drop 'Baggage Neutrality' · · Score: 1

    So, after reading this, I pick up the latest copy of the Economist. There's a full page ad for NetJets and the Boeing Business Jet (really a 737 variant), with a picture of Bill Gates and Warren Buffett. sitting in one of the things.

    Then there's a two page ad for Emirates Suite Service. Emirates is offering "private suites" on an Airbus 340. New York to Dubai for only $10,558.87, one way. Meals included.

    Air travel is better than ever!

  17. Abagnale has some good points. on Famous Criminal Opines that Technology Breeds Crime · · Score: 4, Insightful

    Abagnale has some good points. Forgery is much easier than it used to be. Printing and paper quality are no guarantee of anything.

    A point Abagnale didn't make to the interviewer is that social engineering is easier, too, because people are more used to remote requests for information. Many of Abagnale's scams required him to physically go someplace and deceive someone. Most people can't act well enough to pull off a con like that. Now, much more can be done remotely. "Identity theft" barely existed before the Internet; a few times a year somebody might pull something off, but it wasn't widespread.

  18. Salon was the wrong outlet for this article. on EFF Interviewed About Their Case Against AT&T · · Score: 5, Interesting

    Accessing the article, all I get is: Salon cannot set a cookie on your browser. This for an article on protecting privacy.

  19. You can do more, but have to know more on Woz Still Misses Homebrew Computer Club and Apple · · Score: 4, Insightful

    It's actually possible to do far more with electronics at home today than in the 1970s. But the amount of information you need to do it is much greater.

    If you want to play with microcontrollers at the bare machine level, you can get something modern, like an ATMega 128. The entire tool chain, which is gcc plus a rather nice interactive development environment from Atmel, is all free. Development boards with lights, buttons, and a little LCD display are about $55. The only extras you need are a 12VDC power supply and a JTAG to serial converter.

    If you want to have PC boards made, it costs about $50 to $75 to have a small one made. Free design software is available. This is all much easier than it used to be; no more mailing transparent films around. You just upload the files. They even drill the holes and plate them through.

    Soldering, though, is much harder than it used to be. Soldering fine-pitch surface mount parts requires special tools, which aren't cheap, and much skill. And there are harder parts, like ball grid arrays. Worse, soldering is going lead-free. This is good for health, but means a narrower temperature range between the temperatures for successful soldering and part damage. Soldering is now a temperature and time controlled process. It can be done by hand, and there are hobbyists who do it, but it takes practice, skill, good vision, and good fine motor coordination.

    Getting parts is far easier. Everybody serious uses Digi-Key. They have data sheets on line for most of the parts they sell, reliably ship within hours of ordering, and will let you order one each of fifty different small parts. But if you don't know much about electronics, the Digi-Key web site and catalog will be very intimidating.

    The real problem with hobbyist electronics today is that expectations are so high. In the 1970s, you could build stuff cooler than other people could buy. Today, consumer electronics is so sophisticated that there's little hope of beating what somebody can buy at Best Buy. The payoff isn't there.

  20. Who is this bozo? on Adobe Intends To Move All of Its Applications Online · · Score: 2, Insightful

    Adobe has real problems, then. Here's the bio of their CEO, Bruce Chizen. Mattel Electronics merchandising. Microsoft eastern region sales manager. VP sales of Claris (remember Claris?). Zero background in any industry that uses Adobe graphics products.

    He's identified the marketing problem: "These products are designed to appeal to a younger generation of Internet users for whom paying $400 for a packaged software product is a thing of the past." That's reasonable enough. The going rate for a photo editing program is somewhere below $99. Adobe Photoshop Elements is at $99, it does most of what most people want to do, and people buy it at retail. Adobe's problem there was that they thought they could raise the price of Photoshop from year to year, and that didn't work. The price trend for software is down, not up.

    Since they acquired Macromedia, the Macromedia products have gone downhill. Dreamweaver 8 and later are horrid; Adobe can't get FTP to work reliably, create HTML that will pass validation, or make the view in Dreamweaver match the view in the browser. The newer versions are notably worse than the old ones. I just hope they don't break the Flash player engine, which is an elegant and delicate little piece of software. That thing does more in 2MB of code than most programs today do in 200MB.

    On the video side, Adobe's problem is that the low end has been taken over by tools that come free with Macs and cameras, while the high end has been taken over by tools from high-end players like Avid. Premiere was once considered a high-end tool; now it's a low end tool with a high end price. Not good.

    Open source isn't helping that much here. There's still no good open source replacement for Dreamweaver. Nvu, which had real promise, was abandoned by Linspire back in 2005. There's a fork, called Kompozer, but even its authors just call it "Nvu's unofficial bug-fix release". The Gimp has its enthusiasts, but it's not really targeted at graphic artists. Look at its web site. Would you get a graphics tool from those people?

  21. African Defense Systems, the system integrator. on Robotic Cannon Loses Control, Kills 9 · · Score: 1

    African Defense Systems, a subsidiary of the Thales Group, was apparently the system integrator on this gun control system. Their all-Flash web site is worth a look.

  22. Save in native formats on Do OpenOffice Users Save In Microsoft Format? · · Score: 1

    Save in OpenOffice formats, usually export to PDF, sometimes export to .DOC.

    I have a fully licensed copy of Word 97, but haven't bought a Microsoft Office product since then.

  23. No problem. Read the ISO manual on Format Standards Committee "Grinds To a Halt" · · Score: 5, Informative

    The "article" is just some blogger blithering. If you read the actual ISO rules, it's clear they can deal with this easily enough.

    • 1.7.4 A technical committee or subcommittee secretariat shall notify the Chief Executive Officer if a P-member of that technical committee or subcommittee has been persistently inactive and has failed to make a contribution to 2 consecutive meetings, either by direct participation or by correspondence, or has failed to vote on questions submitted for voting within the technical committee or subcommittee (such as new work item proposals).

      Upon receipt of such a notification, the Chief Executive Officer shall remind the national body of its obligation to take an active part in the work of the technical committee or subcommittee. In the absence of a satisfactory response to this reminder, the national body shall automatically have its status changed to that of O-member. A national body having its status so changed may, after a period of 12 months, indicate to the Chief Executive Officer that it wishes to regain P-membership of the committee, in which case this shall be granted.

    • 1.7.5 If a P-member of a technical committee or subcommittee fails to vote on an enquiry draft or final draft International Standard prepared by the respective committee, the Chief Executive Officer shall remind the national body of its obligation to vote. In the absence of a satisfactory response to this reminder, the national body shall automatically have its status changed to that of O-member. A national body having its status so changed may, after a period of twelve months, indicate to the Chief Executive Officer that it wishes to regain P membership of the committee, in which case this shall be granted.

    The "plaintive notes" the blogger writes about are the "reminder" mentioned above. This is just the step before the automatic status change to O (observer) member. Notice that once reduced to observer status, there's a delay of 12 months before a national standards body can reapply for P (principal) status.

    So there's no problem.

  24. "Naked came the Stranger" - 24 writers on Using Social Networking Tools to Write a Book · · Score: 1

    "Naked Came the Stranger", by "Penelope Ashe" was published in 1969. It was actually written by 24 writers, five women and nineteen men, mostly newspaper reporters. It was an effort "to collaborate on a sexually explicit novel with no literary or social value whatsoever."

    Huge commercial success. Made the New York Times best seller list.

  25. Wiring corrosion? on Why ISS Computers Failed · · Score: 4, Insightful

    I'm surprised that connector corrosion would be a problem. Aviation has a long history of wire problems, but gold-plating connectors seems to be a stable solution to that problem. The ISS uses Kapton wire, which was popular in the 1980s and is lightweight and tough. But that material is hygroscopic and now banned by the USAF, US Navy, Boeing, etc. "Susceptible to aging in that it dries out forming hairline cracks which can lead to micro current leakage (i.e. electrical 'ticking' faults)"

    There are ways to do corrosion-resistant contacts without precious metals; the automotive industry has solved this problem. The alloys aren't simple; here's one used for under-hood automotive connectors. Copper, iron, magnesium, and phosphorus, with upper limits on tin, zinc, nickel, lead, and manganese. But avionics connectors are usually gold plated; it doesn't add that much cost. And Russia is a major exporter of gold.

    The article doesn't go far enough. OK, the connectors corroded. Why? Wrong alloy? Plating failure? Wear from too many connector insertions? Was the spec wrong, or were the cables not made to spec?