Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. I can't tell from the write up. on Live spam-catching contest at CEAS · · Score: 1

    But I doubt that they have a hundred thousand systems that they'll be using to send the test spam.

    A big part of the system I use at work is based upon IP addresses and rDNS. I block a HUGE amount of spam just by rejecting all connections from Comcast that aren't from their SMTP servers.

    I know, some people want to run SMTP servers at home. But so far none of them have attempted to send email to my system.

    So it really depends upon how they configure the test spam servers. Personally, I don't see this as being a very useful competition. But I may be wrong.

  2. That would be better, but still too big. on Faster P2P By Matching Similiar Files? · · Score: 1

    For single songs (mp3's or even flac) the time spent hunting down other bits doesn't seem like it would be any better than just downloading that song from one person.

    And things like md5 are useful because there is such a low probability of collisions (two different files having the same md5 checksum).

    And by that same token, the likelihood that two different songs would have blocks of the exact same bits in a block is practically zero.

    Their system WOULD work for movies IF they had previously incorporated the changes I mentioned (split the video from the audio from the sub-titles from the ...) but not in any other circumstances.

    And as I also had mentioned, this would do nothing more than suck up ALL your bandwidth as people who aren't even searching for songs you've listed as "sharable" are hitting your machine in the hopes of finding a packet with a specific md5 checksum.

    So I'm downloading a Debian iso and I'm hitting your mp3 collection looking for blocks that match. Nope. Bad idea.

  3. That depends upon the method used. on Live spam-catching contest at CEAS · · Score: 1

    Pure content scanning would probably trigger those ... unless you had previously manually approved similar messages.

    Other approaches use multiple tests such as checking whether the sending server's IP address is on a blacklist or whether any of the links in the message (should it contain links) were on blacklists.

  4. Think about how that would be accomplished. on Faster P2P By Matching Similiar Files? · · Score: 1

    Pretend that you're part of a swarm.

    Your computer would then go through ALL YOUR FILES and advertise the md5 checksums to everyone.

    Normally, you just advertise the blocks for the file that you're downloading.

    So, I'm downloading a Debian iso ... and you're downloading a movie. Why am I (and a million others like me) going to be connecting to your box, asking your processor whether you have a file with checksum ghskldkjasa198d.a8.3ep ?

    Normally, I would not even be talking to your box.

    Suddenly, your bandwidth is gone from a million requests that have nothing to do with your download.

  5. It gets worse. on Faster P2P By Matching Similiar Files? · · Score: 2

    Taking advantage of those similarities could speed downloads considerably. If a U.S. computer user wanted to download a German-language version of a popular movie, for instance, existing systems would probably download most of the movie from sources in Germany. But if the user could download from similar files, the user could retrieve most of the video from English versions readily available from U.S. sources, and download only the audio portion of the movie from the German sources.

    To paraphrase Morbo: "DOWNLOADS DO NOT WORK LIKE THAT!"

    Now it would be GREAT if someone did manage to do that. Split the video from the audio (and from the sub-titles). And maybe create a meta-package.

    And maybe if those researchers focus on that, this will be a better idea.

    But that would ONLY work for material that could be split like that. If it's a song, what are you going to split? An ISO image? Same question.
  6. There is no SINGLE cause of extremism. on Revolution, Flashmobs and Brain Implants in 2035 · · Score: 5, Interesting

    In your comment, both sides tend to view the "problem" through their political / economic / religious filters.

    Then they discard any examples that doesn't match their model while over emphasizing the ones that match.

    A rich guy can turn extremists because he sees how poor people he identifies with are.

    The models you describe do not account for empathy or other forms of social awareness. They are purely mercenary.

    Terrorism is linked to extremism. You cannot eliminate extremism so you cannot eliminate terrorism. But you can can reduce the appeal of extremism by increasing the accessibility of political and economic power.

    One nut case is just one nut case. If there isn't a ready pool of converts, that nut case will eventually take care of himself. The problem is when that nut case finds a pool of potential converts and those converts usually do result from political / economic / family / religious inequalities.

  7. I think the Chinese are smarter than that. on Revolution, Flashmobs and Brain Implants in 2035 · · Score: 4, Insightful

    If the US is a state of 'infidels', then China is far more so, from a fundamentalist Islam point of view.

    Not really. Remember that religion is the excuse, not the reason. The reason is power.

    There are only four paths to power:
    #1. Political
    #2. Economic
    #3. Family/Tribal
    #4. Religion

    As long as there is flexibility in those, only the hard-core nut cases will become extremists. Once you start blocking access to any of them, you start creating more extremists.

    Islamic fundamentalists currently fume against the shower of western culture entering their lands - TV, movies, etc., and the presence of US soldiers.

    And look at that. The goods represent economic issues. The soldiers represent political issues (political power flows from the barrel of a gun). Crack those and the fundamentalists become just more street lunatics who don't bathe regularly.

    Perhaps this will not be of critical impact until Chinese soldiers are stationed outside of China, but that too may occur, as China becomes the main consumer of middle-eastern oil and other resources, prompting it to secure those resources, if only by token military presences in various locations.

    This is where I believe the Chinese will learn from our mistakes.

    DO NOT make your presence visible in the volatile areas. Have them travel to see you.

    DO NOT make your economic advantage visible in the volatile areas. Adopt their appearance.

    Work with their family/tribal structures.

    Keep your religious practices subdued. We have a big problem because of the Crusades. China doesn't have that issue.
  8. The problems with "probability" in this case... on Revolution, Flashmobs and Brain Implants in 2035 · · Score: 3, Insightful
    They have absolutely NOTHING to base these predictions upon. Probability is based upon either analysis of the possible options (how many cards in the deck) or analysis of past events with similar features (45% chance of rain tomorrow).

    The events they're commenting upon have not happened in the past (45% chance of rain) and are just one possible option of an effectively unlimited number of options (how many cards in the deck). And many of them seem self-contradictory.

    An increased trend towards moral relativism and pragmatic values will encourage people to seek the "sanctuary provided by more rigid belief systems, including religious orthodoxy and doctrinaire political ideologies, such as popularism and Marxism".

    So we see more extremism. But ...

    Iran will steadily grow in economic and demographic strength and its energy reserves and geographic location will give it substantial strategic leverage. However, its government could be transformed. "From the middle of the period," says the report, "the country, especially its high proportion of younger people, will want to benefit from increased access to globalisation and diversity, and it may be that Iran progressively, but unevenly, transforms...into a vibrant democracy."

    So the democracies become extremists and the extremists become democracies.

    What the fuck ... ?
  9. It's just an ad pretending to be an article. on Dealing With Venom on the Web · · Score: 4, Interesting
    From TFA:

    "The CEOs of the largest 50 companies in the world are practically hiding under their desks in terror about Internet rumors," says top crisis manager Eric Dezenhall, author of the upcoming book Damage Control.

    An author over-hyping a situation for his new book. How ... common.

    In the beginning, the idea of this new conversation seemed so benign. Radical transparency: the new public-relations nirvana!

    If you've ever worked for or with a PR company, you'll know how wrong that is. "Transparency" is exactly what they do NOT want.

    And so on. This is nothing more than an ad piece.
  10. Ummm, it is not "unlimited". on Cable Packet Shaping Causing Slowdowns · · Score: 5, Informative

    The reason for this is because they want to sell an "unlimited" package to people who will only use 2GB/month.


    No. They want to ADVERTISE an "unlimited" package so that people will leave their graduated plans and come over to the "unlimited" provider.

    Whereupon the "unlimited" provider throttles encrypted communications. And whatever else for someone going over the maximum of the "unlimited" plan.

    [i]Most people want to have unlimited traffic even if they have no concept of the amount of traffic they need.[/i]

    Not really. Most people would rather save a bit of money. So the companies use deceptive advertising.

    I'm saying that we need to force them to get rid of the deceptive advertising. There's no TECHNOLOGICAL reason for it.

    They can sell "unlimited standard usage" packages that throttle connections after 2GB/month.

    They can sell "unlimited gamer" packages that throttle connections after 5GB/month.

    They can sell "unlimited pro" packages that throttle connections after 10GB/month.

    The reason that they don't is that they can save MONEY by being STUPID and selling a single "unlimited" package and fucking with the connections so that things such as encrypted sessions are dead slow. It's about them being lazy. That is it.
  11. Why aren't the companies smarter? on Cable Packet Shaping Causing Slowdowns · · Score: 5, Informative

    Okay, I can see (from their perspective) how you wouldn't want someone who is paying the same as your other customers using 500x the bandwidth that they use. After all, you're paying for the bandwidth.

    So why not simply SEGMENT your network and put those heavy users on their own block? If you're that worried about P2P crap, they're probably sharing amongst themselves anyway. This would make it easier for you.

    So why not offer GRADUATED pricing levels? 2 GB/month for $x. 5 GB/month for $2x. 10 GB/month for $10x. You could even break it down to traffic that stays on your own network and traffic that reaches the Internet.

    The whole thing about the opposition to "Net Neutrality" is about extracting the MAXIMUM profit from the existing infrastructure with the minimum of technological advancement. Fuck that. We have the technology right now to make this a non-issue in almost every case. They just don't want to use it because there is a chance they can make more money by crippling the system.

  12. Bullshit. on Record Store Owners Blame RIAA For Destroying Music Industry · · Score: 4, Insightful

    "to all the people that download music, if you think you are only hurting big companies you are wrong. There are two working people with families who no longer have jobs because of music piracy."

    Bullshit.

    I do not own an iPod. I buy CD's. I rip the CD's and listen to them on my computer.

    But I rarely buy any newer artists. And as was mentioned in the article, I don't buy ANOTHER "greatest hits" collection CD. If I buy something now, it is probably directly from the artist or at a used CD store.

    There is too much crap and not enough substance coming from the RIAA now. They've done this to themselves. And it is the RIAA that is killing the smaller stores.
  13. Would this cause any problems with the jet stream? on Harvesting Energy in the Sky · · Score: 4, Interesting

    If we take the kinetic energy out of the wind and transform it into electrical energy, will this cause any problems? If we do so on a major scale?

    Is it even possible for us to tap enough power from the jet stream (or other high altitude winds) to cause problems?

  14. That's a manufacturing "problem". on Death of the Button? Analog vs. Digital · · Score: 4, Insightful

    The problem with analog controls is that you can't add/remove them easily once a device is made.

    That's a manufacturing "problem".

    Consumers are concerned with control.

    Making it easy for the manufacturer to crank out more units or less expensive units or whatever isn't important when the consumer has more difficulty USING those devices.

    Apple did great with the iPod. Most companies aren't as focused on the customers.
  15. That's inbound. I'm talking outbound. on Fortune 1000 Companies Sending Spam, Phishing · · Score: 4, Informative

    You are correct. All of those paths could lead to a workstation on your network being compromised. And you have great suggestions on how to protect them.

    But I wasn't originally talking about inbound connections. Blocking the outbound connections would cut off the spam coming from your network.

    How those machines got infected in the first place is a whole other series of discussions. And one that we really should have sometime. Preferably involving Linux and Free software at the critical points (allowing for Windows workstations).

  16. They have usernames/passwords, right? on Fortune 1000 Companies Sending Spam, Phishing · · Score: 5, Insightful

    Port 25 is usually for server to server SMTP transmissions.

    If you're an end user, you should have a username/password and be using port 465 or 587 (or whatever your email admin setup).

    That is why companies should block outgoing port 25 connections from everything except there own mail servers.

  17. Defense in depth. on Fortune 1000 Companies Sending Spam, Phishing · · Score: 2, Insightful

    Those are the biggest companies that should be able to afford the best security measures.

    You know what? With a couple of old boxes and Linux you could setup a smaller company so that this would never happen.

    Use Linux as your firewall and restrict any outbound SMTP connections to your email server.

    Use Linux and Snort to monitor crap on your network.

    Use Linux as your DHCP/DNS server and lock down the IP addresses by the MAC addresses. Yes, this is labour intensive. But it will allow you to keep all your regular machines on one sub-net and all other machines (laptops and such) on a different sub-net. That way you can put a few more restrictions on those machines. And a bit more monitoring.

    That way you have multiple points at which you can become aware of a problem. And multiple points where an attack will fail.

  18. Companies can restrict outbound port 25 connects. on Fortune 1000 Companies Sending Spam, Phishing · · Score: 3, Insightful

    Yeah, home users aren't the whole problem.

    But why aren't these companies correctly firewalled? Why do they allow machines other than their email servers to make outbound port 25 connections?

    Why aren't their logs monitored? Wouldn't this be easy to spot?

    Even with the resources of the biggest companies, their people cannot keep their machines clean or even stop them from sending spam. Who knows what else. A spam zombie can just as easily log network traffic, passwords and anything else on their wires.

  19. #1. Define your requirements. on PayPal Asks E-mail Services to Block Messages · · Score: 1

    but this is more than just one specific case.

    Not really. It's "fraud". That's all.

    even if paypal insituted a never-use-email policy, it wouldnt stop the phishing.

    Correction: It would not stop the phishing attempts. It could stop the fraud from occurring. And that is the goal, is it not?

    even if every financial institution used this policy, it would take a while before the public really understood that they should never trust an email from a financial institution.

    Let me give you an example of how to end the fraud without worrying about the SMTP protocol.

    A customer setups up an account with a financial institution (FI). The customer provides information such as a phone number.

    For any online transaction to be completed, the FI will call that number and ask the person to approve the transaction amount. Failure to approve the amount will result in the transaction being denied.

    It's as simple as that.

    in the time it would take, we could probably develop a new SMTP that would stop the phishing and the spamming.

    Possibly. But without defining the requirements you're pretty sure not to hit them.

    SMTP works and is widely deployed. You'd have to replace a LOT of infrastructure ... just to POSSIBLY prevent fraud that is more easily preventable in other ways.
  20. Nope. SMTP works fine. on PayPal Asks E-mail Services to Block Messages · · Score: 1

    It's just that email is NOT a good method to distribute ALL information.

    Rather than re-working an existing system so it is more "effective" in handling a specific case, why not look at how best to handle that specific case?

    We've been over this before with regular banks. You need two different channels to confirm a transaction to make it "safe" enough for the average person. Web and phone is good combination.

  21. Mod parent up! on De Icaza Pleads For Mono/.Net Cooperation · · Score: 5, Insightful

    Not to mention that ALL the source code for Linux is Freely available online. If there's any "interoperability" issues, Microsoft has access to ALL the Windows code and ALL the Linux code.

    They only reason there are "interoperability" issues today is because Microsoft wants there to be.

  22. I'm more worried ... on Scientists Create Sheep That Are 15 Percent Human · · Score: 4, Funny

    about its effects on the international haggis market.

  23. The first 3 rules of computer security. on AV Software Isn't Dead, But It's Not Healthy · · Score: 4, Insightful

    #1. There is no security without physical security.

    #2. Run only what you absolutely need.

    #3. Run it with the minimum rights possible.

    The reason that Trend Micro's "new" approach will fail is ... rather long. Follow along for a moment.

    a. Vulnerability is found and exploit is written.
    b. Exploit needs to be distributed.
    c. Exploit is distributed via a quick spam flood - they have no protection against this.
    d. Exploit is posted on a web site - how do the bad people drive traffic to that site?
    e. They use a compromised site. They hide the exploit in a directory that robots.txt says not to scan. Either Trend Micro violated robots.txt or it cannot find the exploit.
    f. So Trend Micro will have to violate robots.txt and that behaviour should be noticeable. So the bad guys would hide that file from something that looks like a webcrawler that doesn't respect robots.txt.

    And we're back at the beginning.

  24. By their standards, you are an extremist. on Widespread Spying Preceded '04 GOP Convention · · Score: 1

    The real question is whether you'd be consider an "extremist" by Washington, Jefferson or Franklin.

    Sheep cannot form a Democracy. That requires informed, active participation by its citizens.

  25. Start by forming your own voting bloc. on Widespread Spying Preceded '04 GOP Convention · · Score: 1

    Fuck letters to the editor. Power only respects power.

    Get your friends together and get yourselves registered to vote. Agree on how you'll vote on what issues.

    Then get in touch with your elected representatives (and people hoping to run for office) and make it clear that you represent X voters who WILL be voting in the next election. And tell them what you want to see changed.

    Then carry through and VOTE.

    If you want it to happen faster, volunteer to work on the campaigns of people who are willing to vote for what you believe.

    Change happens when people get out and get involved.

    Sure, you'll end up with a record at Homeland Security, but anyone who doesn't have one in these times isn't much of a patriot.