Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. Another vote for Runequest. on Dungeons & Dragons 4th Edition Announced · · Score: 1

    Runequest - where you can play a duck.

    Forget the ducks. You can play a baboon.

    Don't forget the "cults". When choosing a religion MEANS something to your character.

    Yep. When Avalon Hill got it, they ruined it. Particularly if you've ever read the errata for their stuff. Lunar sorcery beats everything.

    Battle magic was the best idea ever. And their hit chart was great, too. Lose a leg in combat? Well you're out of the fight (unless you're a scorpion man). But if your teammates surrender soon enough (and the enemy accepts surrender), you can be healed. Finally a combat system that doesn't encourage "fight to our last breath" scenes.

  2. This may be a "grey" area ... on How Pirated Software Impacts Free Software · · Score: 2, Interesting

    But there are many websites out there that will tell you the TWO changes you need to make to just about any WinXP CD so you can burn one that will be anything you need.

    Start with a retail version and build an OEM version that will accept your OEM license key.

    Is it "piracy" then?

    I've done this when I want a completely clean install at work. None of the OEM crap. Just vanilla WinXP.

    The only downside is having to hunt through the vendor's website looking for drivers for all the hardware. And you don't get the vendor specific apps.

  3. What "expertise"? on Cross-Platform Microsoft · · Score: 1

    Perhaps its because they realize that the expertise already exists with the mono team and therefore have chosen to leverage them instead of any internal resources?

    Really?

    So Microsoft doesn't have a Linux Lab?

    So Microsoft hasn't already dug through the source code to find what patents Linux is "violating"?

    Seems a bit contradictory to me.
  4. Looks like the MS fanbois got mod points. on Cross-Platform Microsoft · · Score: 4, Insightful

    Deal with it.

    Ballmer talks about how the GPL is a "cancer". Yet you hang out on /. hoping to get mod points so you can bury comments you don't like.

    That doesn't change the facts.

    Microsoft can put Microsoft coders to work releasing Microsoft products on Linux.
    Microsoft can license those products under whatever license Microsoft wants.
    And no one could complain.

    But when Microsoft talks about "working with" non-Microsoft coders to get Microsoft products on Linux, there's too much of a risk of Microsoft's "Intellectual Property" being "improperly" incorporated into such projects.

    Everyone who isn't a Microsoft fanboi needs to ask themselves WHY Microsoft wouldn't handle such project itself, with its own people, if it saw the need for such on Linux.

  5. What the ...? on Cross-Platform Microsoft · · Score: 3, Insightful

    No. The "primary fear" is and has always been that Microsoft will get some "Intellectual Property" into a Linux project in such a way that it will allow Microsoft to sue the developers/users of that project.

    If Microsoft wants to port something to Linux, that's their option. They have the people and they can download all of the source code.

    And they can license their product any way they want to.

    The only problems arise when Linux developers (as opposed to Microsoft developers porting something to Linux) have access to Microsoft "Intellectual Property" and may become "tainted" by it.

  6. Why is that +5 Insightful? on Novell Proclaims 'We're Not SCO' and We Won't Sue · · Score: 4, Insightful

    If the Novell/MS deal gave Novell an edge than its because Linux IS infringing. If Linux isn't infringing, then their deal was nothing more than my promising not to sue you for using city roads, a meaningless offer. The attacks on them seemed unfair.
    ...compare to...

    Their "deal" with Microsoft was an attempt to offer their customers something unique, the indemnification/license to protect them from Microsoft.

    So Novell tried to offer something that they felt would distinguish their product from others ... even though doing so would kind of admit that Linux was violating Microsoft's patents.

    Novell has shown themselves consistently to try to do the right thing 1) for their customers, 2) for open source in general, and 3) for their shareholders.

    But if Linux does NOT violate Microsoft's patents ... then Novell is marketing something that is not needed by their customers.

    Yeah, that's doing "the right thing" for "their customers".

    That seems contradictory to me. Why sign a deal with Microsoft if there isn't any violation?

    Why not simply state that Novell offers "indemnification" for any and all violations of their products? Because Novell believes Linux is clean and Free. No deal needed with Microsoft.

    And if Novell is so noble, why did they immediately start pushing their "protection" as something NEEDED by Linux users and ONLY available from Novell?
  7. Did they file bug reports? on Ubuntu Servers Hacked · · Score: 1

    Okay, maybe Canonical gave them hardware that was not ... or ... was ... okay, this is just difficult to conceptualize.

    The NIC's worked fine with version A.

    The NIC's did not work with version B. Where's the bug report?

    Breezy - this is where they stopped.
    + 6 months - Dapper - LTS, where is the bug report?
    + 12 months - Edgy - a bug report?
    + 18 months - Feisty - a bug report?

    If you just CANNOT apply a patch then you HAVE TO make sure that EVERYTHING else is locked down AND INCREASE YOUR MONITORING OF THAT SYSTEM.

    It looks like the admins made too many mistakes. I can fault Canonical IF there was a bug report filed and pursued.

    Everything else is the admins' fault. No matter how stable and secure a system is, and by default Ubuntu ships with no open ports, a bad admin can break it.

  8. Revealed next week... on See Who Is Whitewashing Wikipedia · · Score: 1

    A tool that allows you to edit from work ... but uses your home (probably dynamic) IP address.

    Yeah, yeah, yeah. I know it's easy. :)

    And that's the point. The smarter groups have probably already taken steps to hide their edits.

  9. Here's the part that doesn't work for me on that. on Investors Bailing On SCO Stock, SCOX Plummets · · Score: 1

    For people who don't know what a "short" is, it's where you borrow stock from the real holder, then sell it right away. Some time later, you buy it back at the new market price, and return it to its owner. The difference in what you sold the original stock and what you re-purchased it for is your profit. If the stock price rises, you lose money. If it drops, you make money.

    Which depends upon SOMEONE having the stock who is willing to let you do this ... who isn't going to sell it himself ...

    Where's his incentive to allow you to "borrow" his property?

    Well, normally it is a brokerage firm. But that means that people working for the brokerage firms have been holding onto at least 6 million shares of SCO stock ...

    Despite the Baystar debacle.
    Despite SCO's financials.
    Despite the beating SCO has been taking in court (even before Friday).

    Your theory depends too much on too many people being far, Far, FAR, FAR more intelligent than the supposed experts at the brokerage firms. Despite all the warning signs.

    And we're talking about MILLIONS of dollars in loss on this one stock in one day.
  10. Someone bought those shares today. on Investors Bailing On SCO Stock, SCOX Plummets · · Score: 5, Interesting

    If I'm reading Google's finance page correctly, almost 6 million shares changed hands today.

    http://finance.google.com/finance?q=scox

    Stock cannot sell if someone isn't buying. Who's buying?

    Now I know about "short" and "long". But that's more easily described as a bet where you bet the stock will go one way and someone else bets the stock will go the opposite way. I understand about people having to buy stock to cover a mistake in a short/long. But that's an awful lot of shares being purchased.

    I don't believe that there were than many people betting that it would go up again. Not with the approximately $9 million dollars it would take to have that stock last Friday.

    Who's buying the stock and why are they buying it?

    I can understand everyone wanting to sell it. I don't understand anyone buying almost 6 millions shares of it today.

    Unless it's another scan by SCO to buy stock options from their executives. Trying to empty the company's coffers before Novell gets its cut or IBM beats them.

  11. Mod parent up! on Open Source Community's Double Standard · · Score: 2, Insightful

    Companies that are moving towards being more Open are praised.

    Companies that are moving towards being more Closed are denigrated.

    Where's the problem?

  12. This is the last time I'm explaining it to you. on Hardening Linux · · Score: 4, Informative

    Running nmap on those two IP addresses yields different results.

    Maybe it does. Maybe it does not. But that is immaterial. This is about what an attacker would see. Not what your machine can see from itself.

    It is possible to set up a system that allows access to those services from eth0 & localhost, but not from any other addresses.

    You are not concerned about what you can see from your machine. You are concerned about what an attacker can see. They are NOT the same.

    The latter will show exactly what an attacker would see.

    NO it will NOT.

    Your statement is only accurate for the condition in which NO ports are open. That is a single scenario and does NOT account for the various possibilities. Therefore the ONLY way to know what an attacker would see is to scan the way the attacker would.

    When a service is bound to an IP on a machine, it has a choice of which IP to bind to. Services accessible by the connection on her eth0 network device (or any other device, for that matter) can be viewed by nmapping the network IP associated with that device.

    No. Again, the system can be set up so that the ports are visible from localhost and eth0. The only way to know EXACTLY what the attacker can see (other than in the specific scenario of all ports being closed) is to scan the way the attacker would.

    If her cable modem filtered traffic or ports, the list given by nmap would still be accurate, as any filtered ports would come back either as filtered or closed.

    No, the list given by nmap would not be accurate. Because the list given by nmap would show ports open (and therefore vulnerable) when there would be no way for an attacker to see those ports.

    Again, the only time your statement would be accurate is the single case of all ports being closed.

    If you run it on the IP of the interface an attacker will access, you will see what the attacker sees.

    I've given multiple, specific examples where such would not be the case. I've shown where your statement is correct ONLY FOR A SINGLE SCENARIO where all the ports are closed.

    As such, going to a different machine is still superfluous. You're giving misinformation by trying to say it's not.

    Again, I've provided specific examples that illustrate where the information gained by scanning from an attacker's position would be different than scanning from the machine itself.

    You can claim that such is impossible all you want.

    But the facts contradict you.

    You are taking a single case and claiming that it is the same for ALL the possible configurations. It is not. The only way to know what an attacker will see is to perform the scan as an attacker would.
  13. Maybe. on Hardening Linux · · Score: 1

    I think you missed my point -- you can see what an attacker would see from the local machine, by nmapping the network IP. Going to a different machine is superfluous.

    I set up a VPN connection for a co-worker last week. She was directly connected to the Internet through her ISP supplied cable modem.

    Except that that particular cable modem automatically filtered the inbound connections. Checking her machine showed that everything was okay ... but checking from outside showed that everything was not okay.

    Rather than waste time trying to determine all the possible combinations that COULD cause something ... just scan the same way a would-be-attacker would. It may be "superfluous", but it will give you the EXACT view that the attacker will be seeing. Through external firewalls, software firewalls, etc.
  14. That's a good point. Thanks. on Hardening Linux · · Score: 4, Interesting

    It is often useful to run it locally, anyway, so that you can compare the output of `nmap localhost` and `nmap 0.0.0.0`, as often a machine will have services running that are only accessible locally.

    Yep. That's why I prefer hitting it from a different machine. Multiple machines if possible. One on the same LAN segment and one from somewhere on the Internet.

    That way you'll see what a would-be-attacker will see.

    Sure, I might be running SMTP on port 25, but bound to 127.0.0.1 instead of eth0. An attacker would have to FIRST gain access to my machine through some other means to be able to attack my SMTP service.

    Sure, that first hurdle might be set very, Very, VERY, VERY high, but if someone can get over it ... that's why patching is still important. But that's also why patching cannot be your only "defense". You will not know what vulnerabilities the bad guys have found that are not patched yet. Defense in depth.

    And that's what "security" is all about to me. It's the PROCESS of evaluating threats and reducing their effectiveness.
  15. A default Ubuntu box has them all closed. on Hardening Linux · · Score: 3, Informative

    I'm running Ubuntu, and I was under the impression that the default installation doesn't leave any ports open.

    That is correct. By default, they are all closed.

    But you may have changed that. If you've installed any P2P or such apps, you may have open ports from that.

    As the other poster suggested, use nmap to determine what your outward profile looks like. Even better, have a friend scan your address from their location. That will tell you what your machine looks like from the Internet.

    xxxxxx@xxxxxxx:~$ sudo nmap -p0-65535 10.31.198.130

    Starting Nmap 4.20 ( http://insecure.org/ ) at 2007-08-12 07:54 PDT
    All 65536 scanned ports on 10.31.198.130 are closed
    MAC Address: 00:11:D8:E1:9F:A9 (Asustek Computer)

    Nmap finished: 1 IP address (1 host up) scanned in 16.486 seconds

    That's without a firewall.
  16. Dude, that article sucked. on Hardening Linux · · Score: 4, Insightful

    Did you see where it mentioned nmap? No? Because it didn't. Wouldn't you expect it to tell you to run nmap from a different machine to you can what your outside profile looks like?

    It reads more like someone who's just discovered Bastille and now considers himself "informed" on "security issues".

    Step #1. Limit the avenues of attack. This is where you'd use nmap.

    Step #2. Remove anything you don't absolutely need. Come on, most people out there will be running some distribution now. At least he could have covered dpkg, rpm, etc.

    What's this with the "Enter kill -9 xxx where xxx is the PID."? How about just /etc/init.d/service_name stop? Just use the package manager to remove it.

    And editing xinetd.conf / inetd.conf? Again, just use the package manager to remove it.

    And he doesn't even go into how each distribution handles package updates? What the fuck? Nothing about "apt-get update"? No "apt-get upgrade"?

    No, this article is about someone's discovery of Bastille and how it helps an old, stock installation of Red Hat.

  17. I won't even say "nice try". on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 1

    Congratulations! You've just been pwned. You've just used a compromised copy of dpkg to verify that all the package-installed executables on your system are clean.

    I'm booting from a Live CD. Did you miss that part? Or is it that you don't know what "chroot" is?

    You cannot tell me how you would boot into a Windows command prompt after the Registry is destroyed ... yet you believe that I cannot run dpkg from a Live CD?

    Even if you hadn't made the elemental mistake of running compromised software from a known-clean session, this particular worm is living in the executable, modifiable, uncheckable configuration files in /etc/default/* (with some backup copies in ~/.login and ~/.bashrc just for amusement value).

    A quick check on my /etc directory indicates only 258 such files (not counting links or directories).

    Of which, 257 were validated by dpkg.

    Leaving ... the 1 file that I know I put in /etc/cron.d

    And if it were in "~/.login and ~/.bashrc" then it would only have the rights that that user has.

    To put it in very simple terms for you, the SYSTEM would not have been compromised, just that USER's account. And since the SYSTEM was not compromised, then validating the files in that USER's account would not even require me booting from a Live CD.

    Now, I've been able to address each of your claims, with specificity, while you've been unable to address any of mine except with claims that you saw someone else do it sometime in the past.

    I've demonstrated my knowledge. You've demonstrated your's. Feel free to continue this conversation without me.
  18. Show me you can, don't tell me you can. on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 1

    ...and you can boot a Windows machine without one (to a command line).

    So you claim. So it should be easy for you to tell me how to do that on a machine on which I have over-written the Registry. Go ahead, explain how.

    Neat trick, given that Gutsy isn't even out yet...

    Did you see the word "ALPHA"? Do you KNOW what "alpha" means? It means I'm running the ALPHA release of Gutsy Gibbon on this machine, right now. No, it's not much of a "trick". It's easy. Lots of people are doing it.

    alt-f2
    sudo update-manager -c

    It's that easy.

    What I said was that it's frequently not worth the bother.

    "not worth the bother". It's more of a "bother" to backup the package that broke than it is to re-image the entire box? What are you talking about?

    Why should I spend two days figuring out which file's been corrupted so I can fix it when I can archive of all my data and reinstall in an hour?

    Because it doesn't take "two days". Whatever you just installed, you back out.

    dpkg --remove package-name

    It's that easy.

    You use platform-specific knowledge, you numbskull. I can't do it because I haven't had the training, but I know people who can and have.

    Ahhhhhh, so this is another one of those.

    Excuse me for misunderstanding your claims that you knew what you were talking about.

    And I would use a Knoppix CD, how, to fix a virus/rootkit on a Linux machine? Be specific.

    Boot the Live CD.
    Chroot the local hard drive.
    Use the package manager to validate the files in the directories. Any that you cannot validate, you move to a safe location. If necessary, re-install the package that owns those files.

    It's that easy.

    Actually, I suspect that you just install the binary blobs and trust them. A packaging system has absolutely nothing to do with 'validating' the operating system (whatever that means).

    You don't know what it means ... but you know that the process I've described won't achieve it.

    Yeah, you go with that.
  19. You must not use Linux. on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 2, Informative

    gconf is, basically, a registry. Yes, a better one, but it's still doing the same job in much the same way.

    It is A registry. But I can boot a Linux box WITHOUT it. And one I can boot it, I can fix it.

    This applies to Linux, as well; cruft builds up in the corners, configurations get slightly broken, and after a while it's frequently easier to reinstall than to clean it out.

    BULLSHIT. I'm typing this on a machine that's been upgraded, online, to Gutsy Gibbon all the way from Hoary Hedgehog. (Hoary - Breezy - Dapper - Edgy - Feisty - Gutsy)

    And I've upgraded during the ALPHA portions of those releases. And I still don't have problems.

    It's called "Computer SCIENCE" for a reason. It's not magic. If something breaks, it can be backed out.

    Windows Live CD.

    And I would use that, how, to fix virus/rootkit on a Windows machine? Be specific.

    I'll give you that one.

    Strange, because that kind of contradicts your other claims. It's the packaging system that allows me to validate the operating system and apps. Which allows me to smoothly upgrade from one release to the next. Which allows me to remove old packages or upgrade them.

    And I haven't even touched on Windows security.
  20. I'm still not understanding that. on DHS Plans Changes in Air Passenger Screening · · Score: 5, Insightful

    The "terrorist watch lists" ...

    You're too dangerous to be allowed to fly ... but not dangerous enough to be arrested ... even with the "enhanced" authority of the PATRIOT Act (I & II).

    So wouldn't any real terrorist just try to get on a plane to see if the government knows about him? If he gets on with no problem, he knows they don't suspect him. If he's turned away, he knows to drop communications with the other terrorists.

    This is just stupid. No matter how you phrase it.

  21. How much MONEY have they sunk into it? on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 3, Insightful

    Have you ever used XP or 2000? It's not "shitty".

    Yes they are. Here's why:

    #1. The registry. It's too fucking brittle AND it is constantly open by Windows AND it is not automatically replicated X times over Y days so you can recover when it does break. And it will, eventually, break.

    #2. Which is why Microsoft shops advocate the "Wipe & Reload" method of "support". It broke, don't spend time trying to fix it. Fixing it is not an option. Wipe it and reload the "base image" that your shop uses. Sure it will take 30 - 60 minutes, but even if you have to do that for a dozen machines a week, it's still faster than finding the real problems.

    #3. Viruses, trojans & worms. At least with Linux I can boot from a "Live CD" and chroot the local hard drive and check it / edit it to remove problems. WITHOUT losing all the data that the user has saved to it (see #2 above).

    #4. No packaging system (see Debian & Ubuntu). And don't start going on about how you can make a "package" in Windows. That just shows you don't know what you're talking about. In Windows ANY app can replace ANY file when you install it. Under a real package management system, each file is owned by one AND ONLY ONE package. That file is NOT replaced unless you upgrade/remove the package that owns it. (or choose "force" and know that you're probably fucking up your system)

    Some of the end-users prefer Windows. That's fine. It's personal choice. But it's still a "shitty" operating system based upon "shitty" decisions.
  22. Not just that. on Linux Foundation Calls for 'Respect for Microsoft' · · Score: 4, Insightful

    You should also respect them for publicly claiming that Linux "violates" X patents owned by Microsoft.

    And that anyone using Linux (unless specially licensed) owes Microsoft some money.

    And for Microsoft's continuing attempts to kill / marginalize the ODF standard.

    Yes, Microsoft deserves your respect and not your disgust. So says an executive from a company that has purchased a "partnership" with Microsoft.

  23. Not really. on Police Data-Mining Done Right · · Score: 4, Insightful

    Crime is best prevented by the fear of getting caught and punished.

    Not really. Jail time and such has almost no effect on changing criminal behaviour.

    Cops aren't trying to prevent crimes - they are trying to better focus their resources to catch criminals.

    Possibly. Or maybe they are trying to prevent crimes.

    The criminals are not worried about going to jail AFTER the crime is committed. But if there is a cop there at the moment they would have committed the crime, most criminals will not commit it.

    Means
    Motive
    Opportunity

    With a cop right there, the "opportunity" is removed. So no crime occurs. In general, the crime rate should go down because this isn't something that can easily be displaced. It seems to be tied to the area around a check cashing storefront. Increase the patrols in those areas and the crimes are not committed.
  24. I have to agree. on Microsoft Moves in on the Graphics Market · · Score: 4, Insightful

    What, specifically, is Bruce Chizen's plan to support non-Microsoft OS's?

    Don't bitch about how the bad monopoly is being mean to you when you aren't doing anything much to help the nascent competition.

    Paying one programmer to port and support your apps on other platforms does more than all the public whining about how Microsoft is being mean.

  25. That's what I don't understand in TFA. on Human Origins Theory Tested By Recent Findings · · Score: 3, Interesting

    It talks about "their own distinct ecological niches". Given that we are omnivores, how different could their "ecological niche" have been and still support something that was almost human?

    Humans and other primates have shared the same areas ever since there were humans. Yet we have only recently started wiping out other primates. And it isn't because we are competing with them for the food sources. We wipe out their environment, food sources and all.

    So there thing about "Eventually, one would have out-competed the other." doesn't sound right. "Eventually", maybe. But to say that any conclusions can be derived simply because it had not happened in X years ... that's dumb.