Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. I bid $10 for "eat out of a dumpster". on Tech Companies Draw on 'Wisdom of the Crowds' · · Score: 3, Insightful

    Damn, it looks like I lost again. Well, looks like everyone else is paying for my lunch again.

    Yes, it is an extreme example, but it shows how you can "game" that system. Not a good idea.

  2. How would "Real ID" stop fraud? on Homeland Security Director Defends Real ID · · Score: 3, Insightful
    Now that I'm older and I've been damaged by identity theft ($1k and counting, not to mention the credit damage and IRS audit)
    I can't wait.

    How would "Real ID" stop "identity theft"? Particularly since "identity theft" is basically fraud.

    If anything, it will make it more difficult to "prove" that you did not apply for those loans, run up those credit cards, etc.

    Nothing will stop fraud until the banks start having to pay for it instead of dumping the expense on their clients.

    And the more a single piece of ID is accepted as "proof" of identity, the more valuable it becomes and the more people will try to forge it. Or just get a job in the office issuing them.
  3. They got it, but they don't know how to handle it. on New Animated Star Trek In The Works · · Score: 5, Interesting
    From TFA:
    Rounding out the 'big 3 will be Lt. Kaylen Donal, a tough-as-nails security chief whose team of red shirts are all linked with Borg technology implants called 'Biomechanical Utility Grafts or 'BUGs'. The Zero Room team want to see this security squad kick some butt and not just be cannon fodder.

    What the fuck? They have an entire section going trans-human with Borg technology ... VOLUNTARILY any they still miss the implications?

    Instead ...
    "Although the show is set in the future the designs are founded in TOS, it is a throwback that is also looking forward," explains Rossi.

    That makes no sense what-so-ever.

    And ...
    "The Captain is more forward thinking and wants to go out and do some exploring but half the crew will be against that and want to just protect the border," says Rossi.

    Captain's Log, Stardate 2528 point 4. I have beamed half the crew into space during a mutiny. They had forgotten that this was a Star Fleet vessel and not a Democracy. I will ... miss them.
  4. Even easier. on Online Store to Sue Blogger Over Google Ranking? · · Score: 5, Insightful

    Put a little link at the top of his site saying "If you're looking for Texas lawyer .... click here (link)".

    What's next? Students sued because they're more popular than the unpopular students? "Sally only won home coming queen because she's a cheerleader and promiscuous! It's UNFAIR!"

    TV ad - Was your child devastated when she wasn't voted home coming queen? The law offices of Dewey Cheatum can help. We also provide Google ranking services.

  5. Don't forget this part ... on A Press Junket To Redmond · · Score: 4, Insightful
    Yes, Microsoft does have a security program manager. His name is Michael Howard. ... Howard claimed IIS is now more secure than Apache (as witnessed by number of patches, a measure with which many might quarrel) and Vista is the most secure version of Windows ever, so secure that you may not even need antivirus software for it.

    When one of the top "security" guys at a company doesn't even know the basics of security, how can their products be "more secure"?

    It isn't how many patches are released. It is never about how many patches are released.

    It is about the severity of the vulnerabilities.

    One remote root vulnerability is worth 1,000+ local app crashing vulnerabilities.
  6. How do you know they "protect" me? on Novell and Microsoft Claim Customer Support · · Score: 4, Insightful
    So Novell enter an agreement that protects you from being sued by Microsoft, and as a result you'd recommend not using their products in future? What's your business case for that?

    Since the actual wording of their agreement is still a secret, how do you know that they're providing any "protection" at all?

    Since they've both stated that this agreement will expire in 5 years, why would I want to risk their products 6 years from now? Migrations are expensive.

    When was the last time an end-user (not a distributor/vendor) was sued for patent infringement?

    Statistically, if an end-user is being sued by Microsoft, that end-user already has a license agreement with Microsoft.

    Microsoft does that all the time. Many of those stories are posted on /. (particularly the ones about schools being sued).

    One of the PRIMARY advantages of Open Source for the end-user is the absence of license requirements. I have to spend time/effort/money making sure that the copies of MS-Office we use are licensed and that I have proof of those licenses. And that proof is acceptable to Microsoft should they ever audit us.

    Yet I can deploy Linux without any CAL's or anything. And OpenOffice.org without any per seat requirements. And so on.

    So, the "business case" is savings TODAY versus a nebulous threat that has never been exercised against any end-user in the past ... combined with the very real and previously documented threat of license audits and lawsuits.
  7. But some of us are. on Novell and Microsoft Claim Customer Support · · Score: 4, Informative

    I'm running NetWare 6.5, GroupWise 7.01 and ZENworks 6.0 and I am not happy with this "deal".

    Nor will I ever recommend Novell products until Novell changes their attitude.

  8. Far, far less. on UCLA Hacked, 800,000 Identities Exposed · · Score: 1
    If all else failed, they figured that a $15 million down payment would swig a leveraged buyout of Verisign.
    ...and...

    It would be easy for them. How much does a "market research" firm cost to buy outright? How much money could a big crime syndicate muster?

    Why spend that much money on something you can get for a few thousand in gambling debt or drugs?

    You don't have to own the company if you can pwn an employee with the right kind of access.

    And the payoff would be millions of times greater than that "investment".

    And it wouldn't even have to be a single employee at a single company. Just build the databases based on the SSN's and cross-reference/add whatever you can get from other employees at other companies. Pretty soon you'll have enough specifics on individuals to start checking their credit ratings and taking out loans/cards in their names.

    And the "best" part is that no single person would be committing the really "bad" crime. What's the sentence for downloading 800,000 names and SSN's such as in the story? I don't know. But it certainly would not be in the range I'd want for the financial damages those people would be facing.

    We're seeing organized crime in the spam zombie business now. Because it is lucrative. Identity theft is a million times more lucrative.
  9. It's difficult because it is "virtual". on UCLA Hacked, 800,000 Identities Exposed · · Score: 1
    Security is hard to get right because you have to get *everything* right.

    Sort of. The problem with getting everything right is that you're dealing with non-physical concepts. If people were dealing with a physical structure it would be easier for them to understand and get it "right". Or at least closer to "right" than we currently see.

    For example, important physical records are kept in a safe. The safe is in someone's office. The office is locked. If someone sees someone else going through the safe, most of the time they'll recognize whether that person should or should not be in that office, going through that safe.

    But when we're talking about virtual systems, very few people can see who is accessing the data. Or what data is being accessed. And many will not even know what data is kept where. Or care (before the crack succeeds) about whether anyone would be interested in it.

    The focus is not on security. It is on automation and work-force reduction. Letting the machines have access to EVERYTHING so that the machines can run the processes and send the results to other machines.

    The only response we have as individuals is to keep our details as secret as possible.

    That's not going to work. It's too brittle. Once any of the sites with your data are compromised, your data is compromised.

    Eventually, the criminals are going to wake up and really discover the power of the "database".

    Imagine organized crime with a database on you similar to what the major credit tracking sites have. And it is almost as easy for them to collect it. "Identity theft" will take on a whole new dimension.

    For the average person to understand it, virtual security needs to appear more like physical security.
  10. That's a discussion we need to have. on Outsourcing Growing Beyond India · · Score: 4, Insightful

    How can you structure a CEO's (or other CxO's) salary/bonus plan so that their incentive is to keep the company productive and viable instead of "shedding" all the "unprofitable" sections (such as IT) and outsourcing them to raise short term revenues, cash in the bonus and leave for another company?

    It is far more profitable for a CEO to wreck and sell the company than it is for him/her to actually spend time running the company.

  11. We've had this discussion before. on Outsourcing Growing Beyond India · · Score: 4, Insightful

    So you see high staff turn-over in India. The "solution"? Move the project to a different country.

    But why would that country's people be any different?

    The fact is, once the outsourcing staff has the knowledge and experience that was previously YOUR expertise, there is no reason for them to keep working for you. Eventually, they start their own companies in your market and replace you.

    Don't focus on short term profits at the expense of long term survivability.

  12. Again, what the ... ? on New Developments From Microsoft Research · · Score: 1
    Not lost on the server, but lost on the way of sending it... SMTP is a weird protocol, which allows for temporary storage on unrelated servers on the process of transfering the message.

    Yes, that was how it was designed.

    If the remote server accepts mail, but never actually forwards it (deleting it instead), the source will believe that the mail was correctly delivered.

    And how will Microsoft know that ... without running software on my server/workstations?

    Isn't there already a protocol for receiving notification when the recipient receives the message? But no one uses it because it would just make the spammers' lives too easy.

    I keep all our email logs. I can tell you exactly what messages were sent and whether the receiving machine accepted it and when. If there's a problem beyond that point, it is either the server (fix the server) or the admin (why is the admin deleting email) or the user claiming that "I never got it".

    Again, since I keep the logs of every transaction, I don't see that "I never got it" very often.
  13. Because if you fix the problem, you've fixed it. on New Developments From Microsoft Research · · Score: 2, Insightful
    Why not do both?

    If you fix the problem of "lost" emails, then why run a system to find alert people to email that is not lost any more?

    If your system is unreliable, adding complexity usually does not make it more reliable. You need to fix the problem at the lowest level possible.

    Since this is Microsoft, they're probably referring to Exchange/Outlook. Exchange is mostly database driven now. If you're losing messages in your database, having someone re-send them is NOT the approach you want to take.

    You have what is known as "database corruption" and that does NOT spontaneously solve itself. You have a serious problem.
  14. Why wait? Get Snort today. on New Developments From Microsoft Research · · Score: 3, Informative

    Microsoft is re-inventing "intrusion detection" and "packet analysis". Save yourself some stress and deploy Snort today.
    http://www.snort.org/

  15. What the ... ? Lost email? on New Developments From Microsoft Research · · Score: 5, Insightful
    SureMail Microsoft researchers Sharad Agarwal and Venkat Padmanabhan determined that about 1% of all e-mails get lost in e-mail systems. SureMail is a proposed system in which the e-mail client detects when an e-mail has been sent to a recipient's account and alerts that recipient when an e-mail fails to make it to his or her in-box. SureMail would indicate the e-mail's sender but not disclose the missing message's contents.

    How the fuck does email get "lost"? How could that happen? Even a server crash should not cause that.

    Why not, instead, spend the time and money finding the real problem in your email system and fixing that? I handle about 1,500 in-bound messages a day. By their calculations, I should be losing 15 or so, every day. Yet that does not seem to be happening.
  16. Didn't Judith Miller work for the NY Times? on The Future of Journalism Online · · Score: 1
    Nationally, the NY Times and other papers of similar weight remain bastions of actual reporting.

    That's possible. But they also have people like Judith Miller working for them.

    Sorry, I'll take The Daily Show over her "reporting" any day.
  17. You don't need to. on The Future of Journalism Online · · Score: 2, Insightful
    Nope, didn't read tfa.

    You don't need to. It's no different from the thousand other stories just like this.

    And the answer hasn't changed yet. The newspapers are losing their readers because the newspapers are abandoning their readers. Real journalism is dying at the newspapers. It's dying on the television news programs. The only show that still has some in depth and insightful research is The Daily Show. How pathetic is that?

    This isn't about getting on the web with video clips.

    This is about digging for the facts and presenting them in context. If you have to offend some government official, so be it. We'll respect you more for that than if you just regurgitate their press releases. The concept of being paid for "work" involves you doing some actual "work". When some part time policy hobbyist knows more than your political reporters, you have a problem.
  18. Not exactly. on 'Killer' Network Card Actually Reduces Latency · · Score: 5, Informative
    Look at it this way, a 500 dollar pair of running shoes really isn't going to help the average person much compared to a 50 dollar pair. However, a professional runner is going to benefit.

    The $500 shoes worn by the professional will not be the same as the $500 shoes purchased by the average person. For one thing, the professional is paying for the technology and customization. The average person is paying for the marketing and endorsements.

    That being said, the professional would NOT compare two shoes provided by a shoe company and "tested" on their own track.

    S/He would compare them to his/her CURRENT favourite shoes on his/her current training track.

    And that is where every single one of these KillerNIC "reviews" fails. It is not that difficult to swap a NIC. Yet the "testing machines" are always different. And none of the "reviewers" seem to be able to script a game. Or setup a test network with a test game server.

    The "professional" in this case would setup a test network, with a test game server and a sniffer to see what is happening "on the wire" and script the game on his/her favourite machine with his/her current NIC.

    Then the "professional" would swap the NIC's and re-set everything and run the script to see what difference/improvements there were.

    It's not that difficult and it's not that expensive and yet not a single "review" of this "KillerNIC" seems to be able to do that.

    Sure, you can pay $500 for shoes that were hand stitched by virgins under the light of a full moon with thread blessed by the Pope. And they may perform better than this other pair of shoes I'll give you to run in.

    But in the end, you'd still be paying for the marketing of un-tested technology.
  19. Check their home machines. on 'Killer' Network Card Actually Reduces Latency · · Score: 4, Insightful
    These kinds of "professional" gamers could use a fancy NIC with lower times.

    In all the "reviews" of this that get posted here, I notice a few recurring items.

    One of the most interesting to me is that they want the "gamers" to test the NIC as part of their entire box. But the real gamers would already have a box built to their specs that they were familiar with ... their home gaming machine.

    Yet the "gamers" never seem to insist that they be allowed to compare the KillerNIC in their own box, against their existing NIC. And if they're serious gamers, they've already spent money replacing the on-board NIC if their motherboard came with it.

    Kind of like if a tire company wants you to like new tires, but they won't let you drive them on your own car. You have to use their car. And you have to compare it to a different car that they have without the tires. And people accept that.

    Under those conditions, I can show you improved ping times using nothing more than cool stickers for your case.
  20. Mod parent up! on 'Killer' Network Card Actually Reduces Latency · · Score: 4, Insightful
    And what is this about PLAYING the games? You don't fucking PLAY them! You SCRIPT them so you have as close to the exact same environment as you can get.

    From TFA:
    We watched the engineers as they played through a Counter Strike deathmatch round.

    That is just idiotic.

    While this is not the most scientific way to gather data, it certainly did a good job to reflect what would happen in real world gaming situations.

    If you aren't going to do it right, then you are doing it WRONG. So it did NOT "reflect what would happen in real world gaming situations".

    Bigfoot allowed us to barge into their offices on a beautiful Saturday morning with real gamers in tow.

    Again, you script it. You do not play it.

    Taking all of our testers one at a time, we allowed them about 45 minutes of gameplay in their chosen title. Our testers were given time to setup their own keyboards, mice, and needed add-on software so that they had a system close to what they were used to using at home.

    I'll give the KillerNIC people this, they certainly know how to pick their suckers.

    Seriously. They didn't even bring their own PC's? They used the "testing machines" provided for them. And they think this has anything to do with "real world" performance?

    From there, the gameplay was divide in half. One half of the online play used the Killer, the other half used the motherboard's onboard NIC.

    A far, far better test, even under these biased conditions, would have been for them to use their own PC's. It cannot be that difficult to swap a NIC, can it?

    In a blind taste test, more people preferred Coke over the Pepsi that I had previously pissed in.

    For some strange reason, all I ever see in these "reviews" are the KillerNIC people insisting that the games be run on THEIR machines. And people who are "reviewing" it accepting this strange requirement. And not even scripting it so that they can compare it with their home machines.
  21. And don't forget the network as a whole. on Vista's 'Next Gen' TCP/IP Stack · · Score: 5, Insightful

    The network has different characteristics depending upon what point you are at on it.

    The WAN routers see the low bandwidth, higher latency serial links and such.

    The servers/workstations see the high bandwidth, low latency ethernet links.

    Do you really want your server(s) calculating its(their) window(s) based upon whether the request is originating across the WAN or next to it on the LAN?

    This sounds like a good idea when you're talking about a single workstation, at home, connected to a cable connection or xDSL or whatever. But it sounds like soooooo many problems in the corporate environment.

    Right now it is easy to find the server/workstation that is flooding the network. It's going to be very difficult when you have hundreds(thousands?) of machines that are ALL trying to maximize their bandwidth usage.

    Personally, I'd prefer the ability to set the LAN parameters for the machines ... and then put a shaping router on the WAN links.

  22. That's the way it goes. on Spam Doubles, Finding New Ways to Deliver Itself · · Score: 1
    Just shove me back to the days of dial-up when every time I changed my ISP, I had to alert all of my contacts, web groups, list subscriptions, etc. to my new email address.

    Ummmm, yes. If you choose that method.

    Or you can use one of the available web-based services.

    Or you can pay for your own domain name and move that around.

    Each method has its advantages and disadvantages. You just choose the method that works for you and the people you want to contact.

    I actually have my own domain with email hosting through the same provider as my web host, who is NOT my ISP. I actually use POP to access, receive AND send, my gmail accounts.

    Okay ...

    So, from your business perspective, you don't mind blackholing my emails?

    I don't think you understand.

    As long as the person/company/whatever that is hosting your domain is competent enough to setup DNS, rDNS and your MX records correctly, and is not hosted off of someone's home Comcast link, there wouldn't be any problem with your email being received here.

    Fine. I didn't want to do business with you anyway. I'm sure your competitor wants my money.
    :) I'm sure they'll have no trouble finding your email amongst the thousands and thousands of spam messages they'll be receiving since they don't use some form of blocking.
  23. You don't use authentication? on Spam Doubles, Finding New Ways to Deliver Itself · · Score: 3, Insightful

    We have people who work from home. But I've set them up with email authentication. They can send anything, from anywhere, to anyone, providing that they have signed on with their username and password.

    You do it differently?

  24. Think about it for a minute. on Spam Doubles, Finding New Ways to Deliver Itself · · Score: 1
    Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine.

    Unless your ISP is blocking outgoing connections to port 25, sure you can. It's up to the recipient whether they want to accept that connection or not.

    It's not enough that I now have to have reverse DNS otherwise my e-mail gets rejected.

    Again, that's a choice made by the recipient.

    It's not enough that e-mails that aren't SPAM get dropped/flagged.

    Again, that's a choice made by the recipient.

    It's not enough that many e-mail providers drop useful attachments and scan so intrusively into them that I need to encrypt them if I want the e-mail delivered.

    Huh?

    Let's take away yet more functionality due to spam!

    None of the functionality is gone. It's, as always, up to the recipient to determine what characteristics s/he will reject on.

    Seriously, I hate SPAM but the zeal to stop it has ruined many useful features of SMTP.

    I see it differently. I see over a million spam zombies out there and a few people who don't understand the view from my position. From a business standpoint, the likelyhood of someone that looks like 99.9% of the spam zombies out sending me something important is less than 0.01%.

    And if it is important, that person will most likely call when his/her email is rejected.

    So for the cost of one phone call, we avoid over 1,000 spam messages. The reality is far better. I reject hundreds of thousands of connections a month. Yet I average less than one real problem a month. (I'm not counting the people who simply cannot spell someone's name which accounts for about 90% of the "errors" I see.)
  25. Drop messages from home ISP's w/*.gif in them. on Spam Doubles, Finding New Ways to Deliver Itself · · Score: 1

    Why even bother delivering the junk text?

    If the message comes from a home ISP block, but not from that ISP's mail server(s), and contains a *.gif, then drop it.

    The real home users will be using the ISP's server to send their email. There may be some exceptions to this, but it shouldn't be too difficult to deal with those on a case by case basis.

    Of course, this is from a business perspective. We don't seem to receive a lot of legitimate business email *.gif's from home ISP blocks.