Slashdot Mirror


User: fuzzyfuzzyfungus

fuzzyfuzzyfungus's activity in the archive.

Stories
0
Comments
15,204
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 15,204

  1. Re:Windows NT?? Really? It's 2012! on Vulnerable SAP Deployments Make Prime Attack Targets · · Score: 2

    I suspect that the JVM(s) involved in some of these deployments might be a bit behind the curve, as well...

  2. Re:Bad on Vulnerable SAP Deployments Make Prime Attack Targets · · Score: 2

    If I remember correctly, SAP is currently the world's most respected reference implementation of Alan Perlis' Epigram 54.

  3. Re:where can i download a trial version of SAP? on Vulnerable SAP Deployments Make Prime Attack Targets · · Score: 4, Funny

    I cant find it anywhere on the SAP site!

    If you think that a 'demo' is an executable you download, rather than something delivered by a besuited sales team, you might not be a potential customer...

  4. Re:In the mean time.... on The NTP Pool Needs More Servers — Yours, If Available · · Score: 1

    There are certainly exceptions; but most AD scenarios care about time mostly because Kerberos gets touchy if you attempt authentication between machines with excessive clock skew and users get touchy if they can't trust their system clocks to roughly match their email timestamps, their cellphones, and their boss's clock.

    If one actually does require great accuracy, there are different considerations; but mediocre accuracy and good consistency is usually what people actually need....

  5. Re:At the risk of a flame war... on Google Launches Endangered Languages Project · · Score: 2

    Eh, I'd say that linguists wanting a diverse sample pool is more like biologists wanting a diverse sample pool: being able to do comparative work between languages, or organisms, can be very helpful in elucidating their structures and functions.

    Also, while there is some money for translators, linguists in general don't really derive substantial economic benefits from obscure languages(very few obscure languages, after all, have either wealthy speakers or wealthy would-be-listeners: the money in linguistics is concentrated largely where the speakers are). Tax lawyers, by contrast, have a directly symbiotic relationship with the complexity of the local tax code.

  6. Re:Hm... on Google Launches Endangered Languages Project · · Score: 2

    I'm more than a bit skeptical myself(and, frankly, suspect some of the 'language diversity' types of basically just wanting to keep the natives from doing the same boring stuff we do so that we can continue to gawk at them); but there is also a major historical... sore point... that makes talk about not preserving languages a bit troublesome.

    Yes, there are the utopian esperantists and various outcroppings here and there of "Oh, we could have peace if only we could understand one another!" flavored optimism; but much of the highly visible work in language homogenization has been directly associated with the pointy end of various imperialist projects. If you are planning on grabbing some savage's land and de-heathenizing them for god and country, it is practically a given that you'll give wiping out their language and culture, usually with good, old-fashioned violence and brutal child abuse, a try.

    This tends to mean that, in practice, various 'save the languages!' pressure groups are, operationally, more of a 'don't allow group X to be shoved off its land for bauxite mining, impoverished, and forced to migrate to some gigantic developing world slum and become day laborers' groups, with language loss being a visible symbol of the more dramatic annihilation of people with the temerity to live on top of valuable resources(let's just say that 'property rights' seem to become steadily more...flexible... as one heads toward the bottom of the heap.)

  7. Re:why in the hell on Google Launches Endangered Languages Project · · Score: 0

    I assume that Google's computational linguists want something to chew on...

  8. At the risk of a flame war... on Google Launches Endangered Languages Project · · Score: 4, Interesting

    I can entirely understand why linguists value having as many different language samples to work with as possible, and I am similarly aware that active campaigns against various languages have usually closely accompanied active campaigns against their speakers(anything from harassment and discrimination up to and including wholesale slaughter). However, there is also a lot of language homogenization that occurs quite peacefully, with kids wanting to watch TV or speakers of some fairly obscure tongue looking for access to opportunities, culture, and company in more common languages.

    Given the value of language in communication between people, and the rather dubious history of the various things that make messy tribalism even easier than it already is, is this 'Linguistic Diversity' stuff actually a good thing(beyond the relatively narrow; although certainly important, value as a research sample for linguists and as a useful rallying point for resistance to other flavors of attack on relatively powerless groups)?

  9. Re:In the mean time.... on The NTP Pool Needs More Servers — Yours, If Available · · Score: 4, Informative

    The 'default' is what it is because it is the setting that provides the best chance of working right out of the box. Hitting a known public NTP source qualifies as a pretty sane default.

    Now, if you are going to be running a bunch of systems, it certainly is polite, as well as efficient, to run your own NTP server for your internal systems, just as you likely run your own DNS server for them. However, that isn't really something you can sensibly set as the default; because every organization's internal server will have a different address and smaller sites/single users/laptops frequently off the LAN simply won't have one.

    Not all that dissimilar from the fact that most distro's package managers default to pointing directly to the public package mirrors. That is obviously nuts from the perspective of anybody running more than a few machines, you'll waste enormous amounts of time and bandwidth if you aren't caching packages and updates; but your default can't really assume the existence of a local cache...

  10. Out of curiosity... on Google To Pay $0 To Oracle In Copyright Case · · Score: 5, Funny

    Would there be a risk of being considered in contempt of court if one were to write a gigantic novelty check for the value of $Zero, sign it with a flourish, and hand it to the opposing counsel?

  11. Re:Patent good in this case on Time Warner Cable Patents Method For Disabling Fast-Forward Function On DVRs · · Score: 3, Insightful

    Is this just an unbelievably bad idea, or do I not understand it properly?

    It would seem that, to function as a video playback device, The cable box/DVR would have to have enough data to reconstruct every frame in the program, at or before the time it needs to be displayed. Whether you only need a few frames in order to compute frame N, because of fairly frequent i-frames, or whether you need every frame before N to compute N, the DVR can still compute each frame, and so skip anywhere it wants(unless, of course, it was physically unplugged/off/not getting a usable signal, I'm sure customers with flaky reception are going to love having minutes of artifacts after every dip...

  12. Re:Ooh, you know what else they should do? on University Students Become Superheroes To Teach STEM Education · · Score: 1

    Yo, this be DJ-TAG, here to tell you that life don't come with no BSP, so I'm the one you want at your back...

  13. Re:Savvy study author ... on Belief In Hell Predicts a Country's Crime Rates Better Than Other Factors · · Score: 5, Funny

    Where can I get hired to turn our crap like this and never have to produce on solid thing that can be measured against the real world?

    Trick is, you can dig at the softness of the soft sciences all you want; but it's a knife-fight-in-a-telephone-booth to get a decent tenure track job in them. For every one who gets to bullshit in public, there are probably 20 or more grading freshman philosophy papers for $12,000/year.

    How's that for true hell? A brutal, dog-eat-dog competition, with no real world metrics against which to measure yourself? An endless, inter-subjective void, with nothing but brutal struggle for the few jobs that exist, and lots of Derrida. Flee crying back to the hard sciences while you still can, grasshopper...

  14. Re:Governments fall on Romanian Prime Minister Accused of Plagiarism · · Score: 3, Insightful

    A 'government' is a parliamentary group(sometimes a party, most typically a coalition) large enough to pass whatever the procedural cutoff is for being allowed to put your prime minister in place. It doesn't, in this context, refer to the broader framework in which this occurs.

    If the US actually had relevant 3rd parties, it'd be the rough equivalent of the Senate Majority Leader facing a scandal, and then having the alliance between the GOP and the Libertarians or the Democrats and the Greens that gave him the majority collapse, leading to a new Senate Majority Leader.

    Not a nothing event; but hardly catastrophic.

  15. Re:I wouldn't on How Would You Redesign the TLD Hierarchy? · · Score: 3, Insightful

    The trouble is(unless you abandon this 'inter-network' nonsense entirely) you can either have a single point of stupidity with URLs that are at least unique, or you can have multiple points of stupidity, with URLs that need an additional field to specify which domain name hierarchy you are speaking relative to(ie. since foo.com could resolve in multiple different ways depending on the nameserver you talk to, you'd basically have to specify "foo.com(DNS_ORG bar)" to have a meaningful URL).

    After all, there isn't anything stopping you from having your very own DNS system, on any scale(and, indeed, most decent-size internal DNS servers have a mixture of private hostnames and assorted lies about public hostnames, for various convenience and security purposes), except for the fact that being able to treat URLs as unique is pretty convenient...

    If memory serves, there were a bunch of alt-root DNS outfits during the .com days that tried to get people to install their nameservers so that they could peddle various ghastly TLDs that hadn't made it through ICANN(Now ICANN is ready to rubber-stamp those same TLDs, progress!); but they never got enough adoption to be of much use.

  16. Duh. on How Would You Redesign the TLD Hierarchy? · · Score: 4, Funny

    AOL Keywords, obviously.

  17. Re:How stupid, and useless on Google Bars Site That Converts YouTube Songs Into MP3s · · Score: 5, Insightful

    It is trivial to extract the audio from a youtube video and convert it to an mp3. There are tools on Windows, Linux, and OSX that can do that without a lot of effort. So, shutting down this site is, IMO, an exercise in futility.

    I suspect that you are underestimating the degree of laziness, technical ignorance, and futzing-with-youtube-on-computers-they-can't-install-stuff-on-because-they-are-at-work/school, at play here.

    Obviously, Google knows that you can do whatever you damn well want with the video once you've downloaded it(and, while they receive no further ad revenue, it also doesn't cost them anything further, and they have no way of going after you, so they aren't going to bother).

    I suspect, though, that Google takes a dim view of tools, usable even by morons, that eat their bandwidth, throw away any ads they serve, and quite possibly upset the RIAA and friends without any benefit to Google.

  18. I was told, once... on Young Listeners Opt For Streaming Over Owning · · Score: 5, Funny

    I once spoke to an elder, with a beard of white and an onion on his belt, who spoke of a certain 'amplitude modulation' by means of which he had 'streamed' music rather than owning it on one of the 78rpm vinyl-platter rotational media of the day....

  19. Re:well damn on US Consumer Bureau Opens Online Credit Card Complaint DB · · Score: 1

    If you think of your credit rating as a metric of your utility as a customer for credit services, rather than as a metric of how good you are at paying off debts, it sometimes makes a bit more sense.

    A level of responsibility/having-your-shit-together below a certain level is bad, because the chronically impecunious just don't have much blood to squeeze out. A level of responsibility above a certain level is also bad, because you are the credit-industry equivalent of those rational shoppers who come in, buy the loss-leader, and then leave that big-box stores loath so much...

    Flagrantly unreliable behavior tends to knock your score down; because it casts real doubt on your ability to pay within reasonable time, and the net present value of having loaned you money; but excessively virtuous behavior strongly suggests that you will just skip in and take advantage of the free loan, without ever tripping on any late fees or interest payments by which better customers pay for the service...

  20. Re:I Think You Missed the Point on Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action · · Score: 5, Interesting

    I apologize if I wasn't clear; but my point was that possessing electronic offense and improving electronic defense are directly at odds with one another(and, as you note, we are hardly the only country with a supply of adequately smart geeks.)

    If you want to use an attack, you need a vulnerability. If you want to use an attack against a really clueful adversary, you may need a really juicy vulnerability, a set of zero-days(as with Stuxnet) or that nifty code-signing trick with Flame, or the like. This is where the trouble starts:

    Your attack people now have a direct interest in keeping certain vulnerabilities unfixed. Since much of the world's software is widely used, and has a reasonably publicly visible update process, there is no viable way to sneak out some kind of 'Important vulnerability fix for Win32 systems in the US only'. Either you keep the bug secret, leaving your own people vulnerable, in the hopes that you can hit the other guy before he discovers the problem, or you protect everyone from that vulnerability by getting it fixed.

    Having US 'national security' types researching vulnerabilities is a good thing; but only if they do so with the intent of getting them fixed(US-CERT vulnerability reporting, for instance, makes us stronger.) That is how you 'get it in the open'. Things like Stuxnet and Flame were based on vulnerabilities that were kept in the dark(during which time they could have been used against us) for as long as possible.

    It's not that I advocate security through obscurity(quite the opposite, in fact), it's that in order to possess good offensive tools you must, necessarily, have knowledge of vulnerabilities that you are concealing. You had to discover them in order to build your attack system, you have to hide them in order to preserve its effectiveness. That's the problem. Possession of useful offensive capabilities implies that you are condemning everyone, your own people included, to security-by-obscurity.

  21. Nonsense! on Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action · · Score: 5, Funny

    How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?

    That's crazy talk.

  22. This would be what we call "bad". on Fujitsu Cracks Next-Gen Cryptography Standard · · Score: 1

    Given how long it takes for something to go from 'new' to 'common' and from 'common' to 'deprecated' and from 'deprecated' to 'finally dead, thank god'(and, for the spooks out there, the fact that storage is cheap and certain decade or decades-old messages may still be interesting...), the idea that anything only a few powers of ten away from trivial crackability was even being considered seems like a Very Bad Thing.

    252 cores is pretty tiny by the standards of a reasonably motivated attacker. Aside from botnets, 12 cores/1U is relatively cheap commodity gear at this point. Even without springing for the fancy high-density stuff, you could shove 3 times that, with room for switches, into a rack. Toasty, sure, but possible.

  23. Re:Zune or Xbox? on Microsoft Announces 'Surface' Tablet · · Score: 4, Interesting

    Given that the two devices shown run OSes that MS licenses to 3rd parties, I'd say that this is halfway between "Playsforsure" and "Zune" in terms of strategy...

    Like 'Playsforsure", and unlike Zune or Xbox, these are Microsoft-based; but based on exactly the same Microsoft stuff that they have been actively pushing 3rd party companies to license(just as there were at least a dozen vaguely-known 'Playsforsure' supporting device makers, plus some unknowns, and several music stores based on the technology).

    However, the fact that MS has bothered to release this at all(in contrast to their history of generally keeping it hands-off when it comes to x86 PCs, aside from spec-nudging based on labelling/driver certification pressures), is much more zune-like. Zune, with its limited set of 'flagship' devices and One Service To Rule Them All replaced 'Playsforsure' after MS became tired of the third party licensees sucking(Some just sucked, period, some built players that nominally supported WMDRM; but were only purchased instead of iPods for various other features, recording, audiophile stuff, FLAC support, etc.).

    This is not a vote of confidence in the Wintel OEMs of the world. Whether MS actually hopes to sell a bunch of these, or just hopes that HP et al. will clone the fuck out of them and sell them themselves; Microsoft has basically stepped up and informed the beige-box pushers of the world that they think that they don't have what it takes to build an iPad killer, even if Windows8 is the best thing since sliced kittens(to be fair, MS is probably right).

  24. Re:Uh... on Ask Slashdot: How To Evacuate a Network · · Score: 5, Funny

    Surely the firewall should hold out longer than that?

  25. Re:Matrox on PowerVR To Make Mobile Graphics, GPU Compute a Three-Way Race Again · · Score: 1

    Video input is certainly a whole different game; but I'd be curious to know how well Matrox is holding up in video-output land.

    Now that digital video interconnects are pretty standard outside of the cheapest seats, Matrox's historical reputation for shipping the quality DACs isn't terribly exciting, and 'mainstream' GPUs that cost essentially nothing, to the nearest thousand, seem to be sprouting additional heads faster than the Hydra.

    What is saving them from that?