Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. More like "embrace, extend, extinguish". on Microsoft Calls for Truce With GPL and Linux? · · Score: 4, Insightful

    This is the way Microsoft fights.

    Look for proprietary Microsoft "extensions" in the near future. All for the sake of "user friendly" and "customer needs".

  2. Depending upon the system, that's sufficient. on Password Complexity in the Enterprise? · · Score: 5, Informative

    The key is not how complex you can make a password.

    The key is how will an attacker defeat it.

    So, a simple password is sufficient if the attacker will not have enough chances (statistically) to defeat it. This is easy to accomplish by having a time delay between authentication attempts or a lock-out period. But this is only sufficient if you have a person actively monitoring the authentication logs.

    Example: Suppose you have a list of 10,000 common words. You take a random word, a digit (0-9) and another word, that will give you 10,000 x 10 x 10,000 possible combinations (1,000,000,000 or "one billion"). So, if you get 3 guesses before you're locked out for 15 minutes, then you can guess 12 passwords an hour ... 288 a day ... 864 over a 3 day weekend. Round that up to a thousand and it's still a "one chance in a million" to guess the password over 3 days of trying.

    As long as there is someone reviewing the logs, the attempts will be noticed and actions can be taken before there is any real chance of your password being cracked.

    And WordNumberWord is not that difficult to remember.

    Now, this is NOT a good practice for passwords for encrypted files or anything else that can be cracked off-line.

  3. They already pay their "fair share". on Net Neutrality or Not? · · Score: 5, Insightful

    Google pays for the bandwidth it uses.

    I pay for the bandwidth I use.

  4. Interesting ... on Dvorak Admits To Trolling Mac Users · · Score: 3, Insightful
    Others might call it trolling but if you call it "catering to your market" it's a great way to make moniey.
    Interesting. You know another way to make "moniey"? Have sex with strangers who will pay you.

    Now ... if only there was a word for the kind of person who does that.
  5. Most emergency services also have radio. on Policy Wonk Castigates Net Neutrality · · Score: 1

    Which leaves the problems at the "last mile". But that's why you have staff 24/7/52 to fix those "last mile" problems.

  6. Please mod parent up. on Flying Faster Without ID · · Score: 1, Troll

    This isn't about "terrorism".

    This is about demonizing a group so that the rest of society can "unify" to "defeat" the "bad guys".

    And as for the "more harm than good", you just have to read the papers.

  7. Here's a scenario to show that you're wrong. on Flying Faster Without ID · · Score: 2, Insightful
    Yes, we know most Muslims are not terrorists, most scorn the violence (evangelism via force) that Mohammed embraced for a short time in his life, but the fact is that most of the terrorists are Arabs, so it only makes sense to focus scruitiny there.
    Bullshit.

    So, if I'm a terrorist ... and I look like I'm a terrorist ... I just find a white girl-friend who is the opposite of your "profile" and I pack her carry-on baggage with my weapons. Without her knowledge.

    I get massive sympathy from her because I always get searched and "harrassed" by the "authorities".

    Once we're in the air, I have access to her carry-on.

    Any "profile" you setup can be defeated.
  8. I'll disagree, even more. on Google Committed to Chinese Business · · Score: 1
    You are right regarding core morals and ethics. Once you've hit the bone, you can't cut any further. That doesn't mean that principles you are flexible on are not part of your ethical or moral structure.
    There is an old joke that illustrates how you are wrong on that.

    Guy: Would you sleep with me for a million dollars?
    Woman: Yes.
    Guy: Would you sleep with me for a dollar?
    Woman: No! What kind of woman do you think I am?
    Guy: We've already established that. Now we're negotiating price.

    The moral of that story is: You may be a high priced whore, but you are still a whore. Your ethics and morals are those of a whore.

    Are you expendable? That's possible.
    There is no "possible" to it. If you do not deliver, you will be replaced by someone who does deliver.

    Again, reference the whore joke. Once you've sold yourself, it's over. You have no bargaining position other than how much money you want.

    But i'll put it to you again (and again this requires some trust in Google), is it not better to know for yourself what China is doing? Again, if there's no way for them to be stopped? Disengagement is not an effective solution. It's true in politics, it's true in business, it's true in society, and i'd say it holds true here too.
    How do you define "better"?

    Is it "better" for Google if China can jail more "subversives"?
    Is it "worse" for Google if China can jail more "subversives" ... but Google makes more money?

    You ask whether it is "better" to know what China is doing. What interest ,aside from the money, does Google have in China? Google is not our government. Google is not anyone's government. If the money wasn't there, Google wouldn't be there.

    "Disengagement" is an "effective solution" ... if the alternative is compromising your morals/ethics. Again, back to the whore joke. If you don't "disengage" and keep negotiating price until you both agree ... you're still a whore and you're a whore who's getting fucked for money.

    Meanwhile, if you "disengage" at the beginning, you are not a whore.

    Being a tool of an oppressive regime means that you are a tool of that regime.

    If you're paid well, that makes you a highly paid tool of an oppressive regime.

    If you're paid badly, that means you are a bargain for that oppressive regime.
  9. I'll disagree. on Google Committed to Chinese Business · · Score: 1
    I think the ambivelence that Google displays is a reasonable response to a complicated issue.

    I'll disagree. I don't see it as complicated at all.

    Which do you value more?
    #1. Money
    #2. Your claimed morals and ethics?
    I don't think it's an unreasonable position to say you will cooperate with someone who is doing something that you dislike, because not cooperating is not going to stop them, and at least if you're the one cooperating, you know what's going on, and you can shape the process.
    That is based upon the unstated assumption that you will have any influence in what they're planning on doing.

    And once you've sold your ethics and morals, you really don't have any position to bargain from. At that point, it's all about money. If you don't agree, then they'll dump you and bring in someone else ... and you'll have been complicit in all their actions up to that point.

    Most people do not understand that morals and ethics are not "fuzzy". If there are "questions", it just means that you haven't hit your core morals/ethics yet.
  10. You have to hack the USB drive itself. on Social Engineering Using USB Drives · · Score: 5, Informative

    The hardware itself reports whether it is removable or not.

    If you flip one of the bits, then it will auto-play just like a CD.

    http://en.wikipedia.org/wiki/SCSI_Inquiry_Command

    It's the "removable medium" setting.

  11. I've always thought it was credible. on Apache down, IIS up · · Score: 1

    And I will continue to believe it.

    All this shows is that Microsoft also reads it and has decided to make the biggest change in those statistics with the smallest effort.

    Last month, there was a 40% difference in marketshare between Apache and IIS.
    This month, the difference is 30%.
    And it only took half a dozen companies migrating to make that big of a difference.

    But that seems to be it. Those were the big players. They've been converted. That's the best Microsoft can do. We'll see how the numbers play out over the next 6 months. Will Microsoft target the more numerous smaller players?

  12. Demand more from the IT press. on Can the Malware Industry be Trusted? · · Score: 1

    The issue is not whether Joe Sixpack believes what he reads ... it's whether the IT "journalist" merely repeated the claims of a company with a financial interest in fostering a certain perception.

    Joe Barr admitted that he had done that with the claims about Apple, but he then spent time doing the research.

    And the "journalists" that "report" on the IT industry have a long and colourful history of bias and willful ignorance. There is no excuse for that. And it is those reports by those "journalists" that keep Joe Sixpack so ignorant of the real facts.

  13. The real problem is the interface. on System Integration Leads to MegaFunction Gadgets · · Score: 3, Insightful

    If they can make the guts of a phone so small that they can put 10 of them inside a case that is just big enough for me to comfortably dial, that's great.

    The real problem is that there isn't room for different interfaces on that box.

    The interface for a phone is different than the interface on your iPod. So even though you can cram the guts from both of them in the same physical box, you cannot do so while maintaining the interface of each.

    The same with adding a camera to them. The same with adding a PDA. The same with adding a game machine. It's really all about the interface (once you've solve the reliability issues). And right now, there isn't any way to get different physical interfaces on the device.

  14. I can upgrade SSH via an SSH connection. on Windows Servers Beat Linux Servers · · Score: 1
    When you're talking about uptime of a server or service at the enterprise level, it's not just time between reboots. If it's a DNS server, and it's not responding to DNS queries, it's down. If it's a mail server that's sending out 500 errors because the spool disk is full, that's downtime.
    That's accurate. But again, my server has been up for more than 365 days, continuous, without any interruption in service.
    However, dpkg might kill the running service while preparing to upgrade, install the new files, update config files if necessary, and finally restart the service. If you're updating multiple packages, those steps are done by preparing all packages, upgrading all packages, and running the postinstall for all packages (restarting the service). That can take some time, which using a sane definition qualifies as downtime for the server.
    No. And as a demonstration, I can upgrade the ssh daemon on a Linux box, while connected to it via an SSH session, and NEVER lose connectivity.

    The same with restarting the network services. In fact, I can upgrade both the ssh daemon and the networking services and even the shell I'm using, remotely, via an SSH connection and never lose my connection.

    There is no downtime. None. All the active connections are maintained and all new connections get connected. There is not a single second during which the connections are dropped or refused.

    Downtime just does not exist unless:

    #1. I am physically moving the machine.

    #2. I am loading a new kernel.

    #3. I have a hardware failure.
  15. What you want is "deborphan" and "debfoster". on Windows Servers Beat Linux Servers · · Score: 3, Informative
    Probably better in mst cases to do a fresh install, though. At least you'll get the opportunity to weed out the redundancies in your files.
    Ah, I can see that you haven't experienced the Love of Debian yet.

    With Debian, grab deborphan and debfoster and you can weed out un-needed packages quickly and easily.

    "deborphan" compares the dependencies of each package so you can see packages that are installed that nothing else needs. Delete the ones that you don't need.

    "debfoster" shows what all the dependencies are for a particular app. For example, Apache can have all kinds of packages it is dependent upon. If you want to get rid of that app, you can also quickly purge all the packages that were installed as dependencies for that app.

    Once you've got the machine stripped down to the basics, just check all the files in the non-home/non-data/non-log directories to make sure that they each belong to a package. Or that you know why you put them there.

    It runs sweet.
    It runs clean.
    It runs exactly what you want.
    Nothing more/nothing less.

    Which makes patching the box soooooooooo much easier. And it means that you have fewer potential security holes because you're running fewer apps.
  16. Obligatory Debian post. on Windows Servers Beat Linux Servers · · Score: 3, Informative
    I just switched a box from fedora core 4 to core 5 and was real pleased nobody had bothered to document the changes to the default install of Apache. I also can't count the times I have looked for things on the LDP or the HOWTO's and found yes this is a very good howto but the distribution is entirely freaking different.
    100% agreement. Which is why I prefer Debian (although I'm migrating to Ubuntu).

    I can easily clone a production server and walk it through the upgrade process ... over and over and over and over ... and submit bug reports for any and all problems. All during the "beta" phase of the next distribution. I did that prior to migrating my servers to Sarge last year.

    apt-get dist-upgrade

    It is truly awesome. You can test and re-test the entire process every time they release a bug fix for any of the packages you'll be using. (Yeah, you can do it with gentoo, also.)
  17. They cannot beat my uptime. on Windows Servers Beat Linux Servers · · Score: 1

    09:18:29 up 487 days, 22:39, 1 user, load average: 0.65, 0.48, 0.29

    And that server is handling DNS/DHCP/RADIUS/NTP etc for the entire company.

    Go ahead. Tell me that Windows can get more uptime than that server had in the past 365 days.

    At this point in time there should not be any discussion of availablity. In 2006 it is just unreasonable to have a production server crash due to anything other than hardware failure.

    My Linux boxes are rebooted ONLY when I upgrade the kernel or physically move them.

  18. Did you see where they put the TV? on Cleopatra the Electronic Home Attendant · · Score: 1
    I'm sorry, but a house with a 42" plasma screen in an utterly wasted position does not deserve the "Electronic House Home of the Year grand prize winner?"
    It's not just a "wasted position", it's about 10 feet up. You have to look up to see the "assistant". At least turn it sideways to it doesn't look like a TV talking-head.

    http://www.electronichouse.com/asset/3297.jpg

    And it is dependent upon RFID chips on their house key "fobs" and other personal items?

    Great. Now your family/house has something in common with razor-blades/Safeway.
  19. Not exactly. on Dvorak on Our Modern World · · Score: 3, Informative
    Cell phones, probably. But not necessarily by people from different races mixing in public. It did happen in Northern cities, particularly in places like public transport, which was too crowded to allow for separate sections.
    I said that they would be shocked by them eating side-by-side. In the 1920's, segregation laws were very common. You often saw signs saying "No coloreds allowed" in restaurant windows.

    Yes, they "mixed" in public. But they ate in different restaurants, used different water fountains and had different public restrooms.
    I don't know what a "chippie" is, but skirt hems did reach at least the bottom of the knee in the later '20s.
    "Chippy" is 1920's slang for "hooker". And while the hems did reach the bottom of the knee in the later 1920's, it would be a shock to see:

    #1. A woman working as something other than a typist or secretary.
    #2. Said woman's dress reaching above her knee.

    The women going to work wore VERY conservative dresses. They might have worn a dress that touched their knee at night in a speakeasy, but not to the office.

    Remember, this was when the Women's Temperance League was gaining political power and pushed Prohibition (Jan 1920).
  20. The "hilarious" is what he missed. on Dvorak on Our Modern World · · Score: 5, Insightful

    Yeah, someone from the 1920's would be amazed at the people walking around while talking on their cell phones ... and by seeing people of color eating side by side with white folk.

    Women in the workforce? Dressed like chippies? With skirts above the knee?

    Kids with metal stuck through their skin?

    Dude! A magic talking box would be the LEAST of the shocks that person would have.

  21. How will you know? on Keeping an Eye on Government Snooping · · Score: 2, Insightful
    Personally, I'd compromise a lot on Privacy if the government would back off their conservative...
    ...and...
    It's when they use the information to put average Joe in jail who isn't hurting anyone, while a terrorist blows up 3000 people, that I'd rather see my tax dollars spent on something else.
    And how will you know the difference?
    Ask a parent who's been searching for their kid for ten years how they would feel if the investigator could use cell phone records to help find their child.
    Your example is about a situation that has already occured.

    When a child is missing, it is easy to see that the child is missing.

    When the government tells you that persons X, Y and Z were planning on doing something, how do you know if what you are being told is factual?

    And without any privacy, how do you stop the government from claiming that you are a "terrorist" when you start investigating their claims about the other "terrorists"?

    After all, they'll have all your phone calls and emails and such.
  22. Whoops! Sorry! on Why Web 2.0 Will End Your Privacy · · Score: 1

    I didn't mean to say that you did. Sorry about that.

    I've just seen that "definition" in other posts and articles and since this is /. and all, I decided that it would make a good example.

    Yep, the websites that are the most popular are the ones where users can contribute/comment. And this works with newspapers and magazines as well. You're right that the users can find more content than any single site maintainer can. And it goes even further than that. The more people commenting, the more depth and variety there is.

  23. Let's look at /. back in 1999. on Why Web 2.0 Will End Your Privacy · · Score: 2, Informative
    Part of the definition of Web 2.0 is traditionally, "social networking, user-contributed content, etc". Building your sites not to run off YOUR content, but building it to run off user-submitted content, and user-created connections.
    And back in 1999 ... slashdot.org was acquired by Andover.net

    http://slashdot.org/articles/99/06/29/137212.shtml

    And /. pretty well fits the "definition" of "social networking, user-contributed content, etc".

    So SEVEN YEARS AGO, this very site met the "Web 2.0" criteria that is the next wave ... and was purchased ... just as MySpace and such are being purchased now.

    No, seriously, this is just like it was back in 1999. By definition, in fact.
  24. Let's take it by the numbers: on Why Web 2.0 Will End Your Privacy · · Score: 5, Funny

    Title: Why Web 2.0 will end your privacy

    Paragraph #1: MySpace, Digg, Flickr ... no real content.

    #2: One sentence stating what he believes. Then a lead in to ...

    #3: A "definition". No explanation that was promised in #2.

    #4: Back to Digg (see #1).

    #5: Back to MySpace (see #1).

    #6: Google has ads.

    #7: Back to MySpace, again (see #5 & #1)

    #8: Why does he belive that Gmail is anything near Outlook in functionality?

    #9: Yeah, "neat". Whatever.

    #10: Websites don't make money. Welcome to 1999. Don't forget to party.

    #11: Companies pay lots of money for popular websites ... even when those websites don't make money. Welcome to 1999 already!

    #12: YouTube. See #11 and #10.

    #13: Back to the top of the page. Again, they don't make money. 1999.

    #14: Why do companies want to pay so much money for websites that aren't making money? It's like it's 1999 all over again.

    #15: The companies paying the money want data.

    #16: Even he sees that it's 1999.

    #17: Well, it is 1999. But he'll call it "Web 2.0".

    #18: All those companies are compiling data on the the people who post pictures of their cats.

    #19: Yahoo! knows nothing about me except the news groups I subscribe to through them.

    #20: Companies will pay lots of money for "data" on "individuals" and "groups". Even if the "data" is "OMG!!1 U R A QT!!! UR cat is funee"

    #21: Web 2.0 has a "bubble" and it will burst. Yeah, whatever.

    #22: Free photo hosting.

    That's all there is. Toss in "Web 2.0" and name some popular sites and then claim that "privacy" is going away.

    Well, "privacy" does not really exist on the 'web and what you did have is vanishing ... but not because of MySpace. Because too many companies are posting your private data on the 'web and allowing anyone with the money to search through it.

  25. Assured connectivity. on Web 2.0 As A New Wave of Innovation? · · Score: 2, Insightful
    I don't see that happening. Particularly in an office environment.

    Slammer already demonstrated how you could not depend upon bandwidth on the Internet to be always available. For a business, it's critical.

    Now, the business might be moving to internal web servers and apps ... using the "Web 2.0" technologies that are being hyped. But that's nothing new. Where I work, we've been moving to web-based apps since 2001. But they're all hosted inside my network. I control the apps, the data, the servers and the network.
    Go try out some Web 2.0 tutorials(or whatever you want to call the set of technologies) to see for yourself. Despite the hype there is some serious good stuff going on.
    I'm sure there is.

    But ... is it any different from back when Sun declare that the "network is the computer" back in 2000 (or was it 1999)? No.

    The technologies are becoming more stable and ubiquitous. But they aren't "new". JavaScript is still JavaScript. Making it asynchronous is good and useful, but it isn't new and it isn't changing anything that wasn't already discussed, planned and in production.

    We're getting back to the "thin client" model that was pushed more than a decade ago.