Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. Sure, why not? on FBI Foils Attack by Monitoring Chat Rooms · · Score: 1
    There was another really goofy guy - Richard Reid. You may remember him from exciting life moments as "I have to take my my shoes off in the airport?!"
    I'm not 100% certain, but wasn't he on the plane at the time he was "caught"?

    Not in a chat room.
    Not living in a warehouse.
    Not making unsupported claims of how he'd wage a "ground war" against the US.

    And he's the example you want to use? Okay.
    Yet even that bumbling moron managed to aquire explosives and get them on a plane. If he managed, why not the Florida guys eventually as well? Why should we not take someone seriously when they claim they want to blow up something no matter how inept they seem? Would you leave them wandering without supervision until they did manage to succeed?
    Sure. Because it is so easy to get explosives / guns / whatever in the US that anyone who CANNOT manage to do so is, by definition, not a threat.

    Dude, fucking Wal-Mart will sell you a fucking rifle and fucking bullets.
    http://www.walmart.com/guns
    And that's fucking WAL-MART!

    If some guy cannot get a gun in the US, that guy's only option for "terrorism" is to cough on other people on at the bus station. Yeah, big threat there. Oooooh, maybe someday he'll figure out how to buy a gun! Won't you all be sorry THEN!?! You should take him seriously TODAY!

    No. The core concept of "security" is "evaluating" the theat. You're advocating treating every instance as if it were the same as every other instance.

    Instead, spend some of the money that would otherwise go to the "war" on "terrorism" and fund some mental health hospital and care centers to get these nut-jobs off the street. But caring for the mentally ill does not get votes in an election year.
  2. Yes, they can. on FBI Foils Attack by Monitoring Chat Rooms · · Score: 1
    "Wannabe terrorists" can still kill people...
    Yes, they can.

    But, 99.9% of the time, they don't. That's because they're "wannabe's", not real terrorists.

    All it takes to be a terrorist is a rifle and a political objective. Both of which are easily acquired in the US. If you cannot start there, then you aren't even a "wannabe". You're a "poser". Here's the breakdown:

    "Poser" - all talk, no action. No threat - but they make good newsprint.

    "Wannabe" - Lots of talk and has the tools needed. Lacks the guts / drive / conviction. Minor threat - usually maim/kill themselves while playing with their weapons. Sometimes killed when the ATF invades.

    "Terrorist" - No talk. Has the conviction. Has the tools or spent time training.
  3. How many months 'till th elections? on FBI Foils Attack by Monitoring Chat Rooms · · Score: 1

    So this is the second "plot" that has been "foiled" when it was still in the "discussion" phase.

    And this "plot" was to hit the Holland Tunnel and, somehow, "flood" land that is ABOVE the water line. That's almost as funny as the last "terrorists" asking "al Queda" for boots and uniforms.

    This is nothing more than a drive to crank up the fear among the centrist voters ... just in time for the elections.

  4. Doing pretty good until the end. on Microsoft to Support ODF via Plug-In · · Score: 5, Insightful
    Microsoft notes that OpenDocument still has gaps that are being worked out by OASIS, such as spreadsheet formulas, macro support and support for accessibility options. Citing Open XML's accessibility features for disabled workers, file performance and support for integrating external XML data, Microsoft says ODF "focuses on more limited requirements."
    "Accessibility options" and "disabled workers".

    That's not the responsibility of the file format.

    That's the responsibility of the app used to read/write that file format.

    And with an Open standard for file formats, there's no reason that anyone could not write an app that did direct file-to-speech with no need for a visual display (as is currently the case).
  5. Restart the vehicle, does it crash this time? on Microsoft to Supply Electronics to Formula 1 · · Score: 5, Funny

    Rotate the tires, sometimes that helps.

  6. The solution is simple. on Portrait of an Identity Thief · · Score: 3, Interesting

    Even for wire-transfers with a credit card. Simply have the bank call the phone numbers they have on record for you and have you press a button sequence to authorize the purchase or wire-transfer.

    The banks already have the systems to do automated calling.

    The banks already have your phone numbers. And your mailing address.

    Now the thief has to steal your credit card numbers ... and re-route the phone system.

    Or steal the numbers and fake your ID and go to a bank branch and change the phone numbers.

    All of that is possible for a thief to do ... but the more steps that it takes, the more likely it is that the thief will fail to complete it. And the easier it will be to track him. Although it can't get much easier than tracking this punk. He gave them his address to deliver his stolen purchases to.

    But doing that would move the risk and costs to the banks. They prefer it the way it currently is because the banks aren't losing money on these fraud cases.

  7. Congress ... maybe. Banks ... they don't care. on Portrait of an Identity Thief · · Score: 2, Interesting
    The banking industry as well as Congress and just about every commerce site out there is just drooling to get their hands on a REAL identity thief. The "example" they make of them should be grand! I can just see it....Nothing left but a smoking boot!
    The banks don't care. Really, they don't.

    They get paid no matter what.

    The only people who suffer are the retailers who sold the stuff and who now get hit with a chargeback so they're out the money AND the product ...

    And the guy who got his number stolen.

    If the banks had to pay even 10% of the annual loss due to fraud, they'd be clamping down on EVERYTHING you did with your credit cards.

    Congress will like it because it gives them something that they can claim they are doing something about. But, in the end, they'll do nothing.

    It all comes down to WHO has to pay for these crimes. And the banks have made sure that it won't be them.
  8. It's more the "false positives" than the "bogus". on NSA Had Domestic Call Monitoring Before 9/11? · · Score: 4, Informative
    Even if there was some vast terrorist conspiracy random spying wouldn't be much use anyway. Indeed it might even be counter productive, were such an entity to exist they could create floods of bogus communications.

    The naturally occuring "false positives" would eat up the budget for the program (under any sane spending plan).

    With almost 300 million people ...
    1% false positives mean 3 million people investigated (and the people they know)
    0.1% means 300,000 people investigated (and the people they know).
    0.01% means 30,000 people investigated (and the people they know).

    Now, even if you limit each investigation to just that person and the 5 closest people to him/her ... at the best you're talking about 150,000 investigations per inclusive period. If everyone in the US makes 1 call a month, that's 150,000 investigations a month. If it takes 3 months for them to make a call, that's 150,000 investigations a quarter (plus the percentage of people who make calls every month).

    Spying does not work randomly.
  9. Mathematically, it does not work. on NSA Had Domestic Call Monitoring Before 9/11? · · Score: 5, Insightful
    Yeah, because before 9-11, terrorism was completely unknown in the United States.
    Whether it was known or not is irrelevent. The question is: Will random spying prevent future attacks?

    And the answer is "no". Any system will have "false positives", "false negatives", "true positives" and "true negatives".

    The "false negatives" mean you miss a plot. As long as the false negative rate is above a certain percentage of the actual plots, it will work.

    More problematic is the "false positive" rate. This is when a non-plot is identified as a plot. Innocent people are investigated. This takes time / money / effort.

    Given that there is an upper limit on the time / money / effort available, the government will waste resources chasing false leads.

    People who do not understand that will look at the extreme rarity of "terrorist attacks" in the US (try to name 5 attacks in the US in the last 100 years without using Google) and conclude that the time / money / effort spent was successful.

    However, looking at the budget, you will see that our government is BORROWING the money.

    We are going bankrupt in an attempt to chase down a threat that kills fewer people every year than car accidents.

    And we are surrending the Rights that our forefathers were willing to give THEIR lives for.
  10. That's why you take the scientific approach. on Schneier on Economic Insights to IT Security · · Score: 4, Insightful

    Just to make this clear, "security" is not an end item. You cannot "have" security. My definition is: The process of identifying and evaluating threats and reducing their effectiveness.

    As Bruce says, when there isn't an economic incentive, that process is not maintained.

    But, suppose you are maintaining it. How do you know how good your security is?

    Bruce also wrote about "attack trees".
    http://www.schneier.com/paper-attacktrees-ddj-ft.h tml

    Identifying and evaluating the different avenues of attack is part of evaluating the threats. Once you've identified one, don't think about how you can "prove" it is "secure". Think about how you would go about showing that it is NOT secure. Make your statements about your security "falsifiable". Just like in the scientific method.

    Then experiment, on an on-going-basis, to see if you can demonstrate that your security can be broken. This takes time and effort on your part as you have to continually read about the latest advances and theories.

    Which gets back to the economic issue. If the organization does not see an economic incentive for you to perform that research/work, then you will be assigned to other tasks and the process will not be followed. If you are not following the process, there is no "security".

  11. Think about what it means if they're right. on Undetectable Rootkits Through Virtualization? · · Score: 4, Insightful

    I don't think they're right. Look at page 3 where they have their diagram showing the VMM in direct contact with the hardware.

    Here's a simple test to see if they're right.

    Put in a NIC that your host OS does not have drivers for. Your host OS will not be able to connect to the network. Now, if the virtual machine in their example can access the network, then they're correct.

    There's no end of hype for "threats" that never seem to materialize (or are vastly over-stated). If they can do what their diagrams indicate, then this would revolutionize the computer industry. I really mean that.

    For example, you would NEVER again have any problem with wireless networking under Linux. Or sound. Or any peripheral. Or hardware accelerated video. No more nVidia drivers needed! The VMM handles it for you!

    So, no, I don't believe that what they claim is actually what they can deliver.

  12. Let's make this a bit easier to understand. on Undetectable Rootkits Through Virtualization? · · Score: 5, Interesting
    I'm sure someone will correct me if I'm wrong but ...

    This is not really different from running WinXP, then installing VMWare Workstation, then installing Win2K in a virtual machine.

    The "host" OS is what gets infected. That would be WinXP. Of course nothing running in the "guest OS (Win2K) would be able to detect it. But ... so what? And that would directly contradict their claim:
    Rutkowska stressed that the Blue Pill technology does not rely on any bug of the underlying operating system.
    There are only three (3) ways for the "underlying operating system" to be infected.

    #1. Worm
    #2. Virus
    #3. Trojan

    If we aren't talking "nude pictures of celebrities", then it's either a worm or a virus and both of those are bugs in the OS.

    If it's a trojan, then WTF are you doing installing unknown apps on the host OS?

    Now, the only way this would be interesting would be if the worm / virus / trojan installed the virtualization software, moved the existing OS to a virtual machine and faked the names of all the interfaces (NIC, IDE controller, etc). If you can do that, VMWare really wants to talk to you.
  13. Too easy to defeat. on Dealing with Phishing · · Score: 1, Insightful

    To defeat this, the attacker just needs to correctly copy the bank's page (or whatever). Images, style sheets, etc.

    No matter what the user does to his/her browser, the bank's page will be displayed with the same mod's as the phishing page. If you over-mod your browser, then the bank's page will look weird anyway and this can make phishing even easier.

    She had a good idea in showing how many times you had already visited that page ... which works until there is a way to fake that display.

    The only way to really defeat phishing is to only use the web interface to start a transaction or to view information ... and require that the bank call the customer at the customer's phone number and verify that the transaction is authorized.

  14. Can you say "war dialing"? on Encrypted Ammunition? · · Score: 4, Insightful

    So, the round is no longer fired via firing pin, but instead the gunpower is ignited by a device in the round after that device receives the correct radio signal.

    So, now your ammo will have to be protected from radio waves. And the device will have to be small enough to fit into the round yet smart enough to store the signal and check incoming signals.

    Is this a joke?

  15. Why not just use USB drives? on Microsoft Ex-Chief to Launch Web-Based Software · · Score: 4, Interesting

    I agree with not wanting my data on-line.

    But with the price of USB drives so low now, why not just encrypt your important data on one of those? That's what I do.

    That way, I have a copy on my home machine and a copy with me if I need it.

  16. Yet new bands do this all the time. on Online Music Brings New Life To Old Music · · Score: 1
    Secondly, it would cost a hell of a lot to sell custom prints. You have to pay someone to burn the disks, print the insert, cut it out, fold it, take the jewel case apart, put it in correctly, address the envelope, apply postage and take it to the post office. A custom burn job like this would be very expensive compared even to the inflated cost of commercial discs.

    Yet I can go to various clubs and hear new, local bands (unsigned) who are selling their CD's for $10 each.

    And they had to pay that "very expensive" cost themselves for a short run.

    I'm not following your logic here. If a garage band can afford the expense, knowing that they might sell only a few CD's, why would a major corporation be unable to do the same?
  17. How much "demand" does it take? on Online Music Brings New Life To Old Music · · Score: 5, Interesting
    Not just that, but also 'about 2,700 albums have been brought back through the Vault, with more than 5,000 scheduled to follow' with those albums not having enough demand to justify another printing.

    Just how much "demand" does it take?

    You'd offer them for sale, on-line. There's no distribution costs.

    And you wouldn't even need to keep them in stock. Just charge enough to cover printing the inserts and burning the CD. All of the costs are passed on to the buyer. It's pure profit. The "advertising" would be done by the "blogs" mentioned.
  18. There are very few examples. on Malware Installed by LiveJournal Ad · · Score: 3, Informative

    Here is one. But because it is based upon Christ's teachings, it would be more of a Theocracy with "communism" as it's economic model.
    http://www.hutterites.org/

    As for being "moral", as long as they do follow their religious code, they are "moral" by definition.

    Now, whether the code they follow would be considered "moral" by someone following a different code, well, that's because "morality" is subjective, not objective.

  19. Only one type uses the phrase "Islamo-fascist". on U.S. Secretly Tapping Bank Databases · · Score: 1
    You keep your universities and other institutions from being petri dishes full of festering militant Islamo-fascism that occasionally ships people like Mohammad Atta (who spent his time in Europe organizing, recruiting, meeting, and arranging finances in advance of killing several thousand US citizens and no small number or Europeans) right through your own financial and legal system and straight over here, or back into the frey of proto-democracies in the middle east.
    There's only one type of person who uses the phrase "Islamo-fascism" and it ain't Democrats or Libertarians or Greens.

    It's the far Right-wing nuts. They're the only ones who cannot get it through their heads that a Theocracy is not a Fascist state. So they repeat their Limbaugh-mantra hoping to sway more intelligent people with the repetition of "fascism".

    All you're doing is displaying your political ignorance. Iran is a Theocracy. Iraq was Fascist. They were at WAR with each other.
    Out of curiosity, and do you really think the international banking operations in the EU don't monitor and report to your own law enforcement, intel, and counter-terrorism agencies on international money transfers, especially to and from known terrorist supporters?
    The issue is not whether they report on "known terrorist supporters".

    The issue is whether people who have no terrorist connections at all are being monitored.

    In the US, you might want to take a look at a small group of Quakers that, somehow, ended upon the the government's "threat" list.
    http://www.cbsnews.com/stories/2006/01/23/opinion/ main1228569.shtml

    Are you that naive? No, I didn't think so. You're just grinding the usual blunt, directionless, anti-American axe. How about we transfer $10k back and forth between us, and you can speculate on whether or not your own government will know it happened, and attempt to correlate that transaction against all of your credit card purchases and travel?
    Go for it. I bet the US government checks up on you before any European government does.
  20. And that was mod'ed +5? on U.S. Secretly Tapping Bank Databases · · Score: 5, Insightful

    Why bother watching Fox? Better perhaps to take advantage of the BBC's reporting. Take a moment and any of their coverage. It's hard not to notice the actual facts of chemical weapon use. Which, of course, rather requires the existence of the same.

    Look at the YEAR in which they were used.

    If Saddam had them 20 years ago, that does NOT make him a threat TODAY.

    No one is saying that Saddam did not have chemical weapons at any time in the past. We know he did. We were the ones who were helping him develop them for use in the Iraq/Iran war.

    And your articles are rather long on descriptions of Saddam lounging by a pool in a speedo ... and rather short on facts about chemical weapons.

    Right, there's no interest at all in avoiding another Taliban-like haven for government-sponsored terrorism, as is found in Iran.

    Dude, Iraq fought Iran.

    Iraq was a secular totalitarian state.

    There was NO danger of them changing to a Theocracy while Saddam was alive.

    So just leaving Saddam and the sanctions in place would have achieved your stated goal without the loss of a single US soldier's life.

    That sort of retrograde, destabilizing influence on the entire middle east certainly does impact oil flow (for the entire world, in case you're not paying attention), and allowing it to thrive is unacceptable on a lot of levels, not just as it relates to oil.

    If it's not about oil, then make the case without mentioning oil.

    Because you cannot do so, without fantasy scenarios that Saddam's existance would have prevented, it is/was/will be about the oil.

    And before you start mentioning Saddam as some sort of not-so-bad alternative to the extremist jihaddi types, remember that he was busy shipping (along with press releases!) cash to organizations like Hamas, Islamic Jihad, and even to individual families of suicide bombers.

    So? No one is saying he was an angel. Just that he was not a threat to the United States of America or our allies.

    Do not confuse "bad person" with "threat to the US".

    To say nothing of lobbing scud missles across borders, trying to annex Kuwait, and so on.

    Do you have some kind of calendar-phobia?

    You keep bringing up actions from years before the last invasion. What he did in 1990 has no bearing on whether we should invade in 2003. There were THIRTEEN YEARS between those two events.

    "For oil" is a tidy bit of sophistry, though, that must feel convenient.

    I don't know about "feel convenient", but it certainly fits the established facts.

    But the real issue with the oil is that it lies in a place where its value is being sought by medieval-minded theocratic crazies that use that single source of revenue to keep places like Iran running backwards from history.

    And again you support the position that it was about the oil. Or, more exactly, about who controls the oil.

    So, be as sarcastic/flippant as you want to be about it. The fact remains that you do not have a justification that does NOT involve the oil.

    Putting those oil reserves in the hands of constitutional democracies is certainly acting "for the oil," but not in the way you so cravenly describe.

    Oil does not vote. Oil does not elect representatives. There is nothing noble about going to war for oil. Therefore, saying that the war was for oil cannot be "craven".

    That's like saying that when the US marched into Germany and liberated the concentration camps, that it was for the German beer.

    Only in your mind, only in your mind.

    Germany was actively invading other countries and attacking our ally England.

    Iraq had

  21. 2nd model should be "police state". on Library Chief Criticized for Requiring Subpoena · · Score: 4, Insightful
    As noted by a previous poster, you do not know whether someone is a "criminal" until after the investigation.

    Those who advocate more authority for the police are actually advocating a "police state" as opposed to a "Free nation".

    Many rational people agree with that point of view, because they see see criminals as enemies, not members, of their community. Anything that prevents the community from defending itself is disabling.

    Yes, there is nothing irrational about the desire for a police state. Nor is there anything irrational about the desire to live in a Free society. This is not about rational/irrational.

    Fascism starts when the efficiency of the government becomes more important than the rights of the people.
  22. Mod parent up! on Broadcast Flag Sneaking in the Back Door · · Score: 5, Interesting
    As for legislation being introduced, the ruling party has no interest in introducing measures to curb it's own power, so I can't see how you'd get such a thing to pass.
    So, Party A passes a law to curb this ... and abides by that law.

    Eventually, Party B becomes the majority ... and they pass a law allowing it again.

    So ... because Party A was "good", they don't get all the benefits (attaching riders to unrelated bills to make campaign contributors happy) but they do get all the responsiblity.

    A two party system sucks. This will, eventually, always happen.
  23. "Jump the shark" applies to websites, too. on Jakob Nielsen on Design, RSS, Email, and Blogs · · Score: 1
    I seem to recall someone analysing useit.com using Nielsen's own techniques a couple of years back, and demonstrating (as conclusively as anything Nielsen himself ever published) that the quality of the site (using Nielsen's own metrics) had dropped a great deal since it was first created. :-)
    I would not be surprised at that.

    You know when TV shows "jump the shark". They've run their storylines. They've developed their characters to the maximum extent of the writer's skills. Then they ... decline.
  24. The content makes it memorable. on Jakob Nielsen on Design, RSS, Email, and Blogs · · Score: 2, Interesting
    First off, I also agree that his website looks like ass.
    I don't think he realizes that if every website stuck with a white or light background, dark or black text, blue/purple/red links, and relatively tame fonts, it would be almost impossible for web site owners to create a memorable brand.

    I don't konw about you, but for me, "memorable" comes from content. I don't care about flashy (or flash). I want content.

    The "brand" is the information and insight.
    As he has pointed out, people don't read most of what websites contain, so wowing people with great prose won't help.

    No, the problem (as I see it) is that people don't realize that there comes a point when they have made their statement and should just shut up.

    Instead of shutting up, they try to post more "content" on their site. But they've run out of interesting, insightful material so they end up posting ... crap. And who is going to wade through pages of crap on hundreds of websites?

    Focus on you point/message/concept and polish that.

    Again, look at his website. What do you get from that? 90% of the material there is crap. It's all about interviews that he has done. It's him posting about sites that are "interesting" because they've posted about him because he was "interesting" when he commented on sites that he thought were "interesting". That's just derivative. Get rid of it. If you must have the "I love me" crap, then make it a single link off of the real content of your site. But stay focused on the real content.
    I would point out that my Slashdot T-shirt says "Bathing Geeks in its Soothing Green Light since Nineteen Ninety-Seven", not "Pestering Geeks with its Super-Cool Slogan, "News for Nerds, Stuff that MAtters" since Nineteen Ninety-Seven". People remember sites visually.

    Yes, that is one of the ways that people remember sites. But that is primarily useful for "branding" something. If you're pushing your "brand".

    But you need to have some content for the branding.

    Selling empty Coke cans ... even with a widely recognized visual brand ... not a smart move. The brand is there so people can easily identify what content they wish to consume.
  25. It's time to make a list. on Microsoft Calls for Truce With GPL and Linux? · · Score: 4, Informative

    I think you're on the right track there. Since Microsoft is talking like this, how about a list of all the items that they could deliver.

    #1. Media transport protocol - specs so it can be implemented in a GPL-friendly app.

    #2. Whatever it takes to allow Linux-based workstations to authenticate via Active Directory - again, GPL-friendly.

    #3. Specs so NTFS disks can be read/write under Linux (GPL-friendly).

    What else? If they want to talk about "cooperation", then we should be able to give them a list of items that they can start "cooperating" on.