Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. Cap'n Crunch. on 10 Best S/F Films That Never Existed · · Score: 4, Insightful
    Imagine turning the Cap'n Crunch seen in Cryptonomicon into a movie -- Randy Waterhouse eats a bowl of cereal in a Manila hotel room. Woohoo!
    Yes, imagine it. Imagine trying to convey the sense that this guy has some serious issues using only his cereal ritual.

    I'd film it by putting a digital clock on the table. Hook the clock to a sensor pad. The clock starts when he puts the milk on it. Focus on how he keeps his eyes on the clock while eating.

    Then, have the phone ring. He turns to the phone and drops his spoon. He reaches down to get the spoon, gets a bit frantic when he can't grab it, then grabs it and comes up. He stares at the timer.

    "Fuck....."

    Then he gets up, washes out the bowl, focus on all the cereal in the sink's drain. He dries the bowl. He dries the spoon. Then he takes them over to the table again.

    He fills the bowl with cereal, re-sets the timer, looks up, goes to the phone and carefully unplugs it and wraps the cord around the receive. Then he goes back to the table and reaches for the milk ...

    Don't focus on eating the cereal. Focus on the person who has a ritual that complicated just for eating cereal. Focus on the effects that interupting that ritual has on that person.
  2. I think it comes down to communication. on Shuttleworth on Open Source Development · · Score: 1

    I think it comes down to understanding the unstated requirements and assumptions and being able to communicate those to everyone.

    If you can get past that, then management is very simple.

    The *business* has a goal of shipping product X on date Y to make profit Z.
    Unstated is the requirement that it doesn't have to be perfect. Just "good enough". And, exactly, what "good enough" means in this situation.

    I can ship any product on any deadline provided that there are only 2 requirements:
    #1. It doesn't have to work.
    #2. I don't have to maintain it.

    Now, the great manager will also be able to communicate the unstated requirements and assumptions of the programmers to the business people. AND get them to UNDERSTAND them.

    So the programmer wants more time to write cleaner code. This is good in that it means the maintenance will be less costly. If you plan on supporting this product or shipping v2.0, then you want cleaner code at the beginning.

    If there's no plans to support it or ship a new version, then tell the programmers that.

    Once the programmers and the business people clearly understand the real issues, then management is easy.

  3. Nice story and I gotta say it again ... on Phishing Site Using Valid SSL Certificates · · Score: 3, Insightful
    Finally, banks and credit unions that send out email with clickable links teach their customers incredibly dangerous habits. Financial institutions that use multiple domain names are setting their customers up for disaster. And, of course, any financial institution that isn't checking their referrer logs for odd and unknown sites is a time bomb waiting to explode.
    All any bank would have to do to end phishing is to PUBLICLY state that they will NEVER use email to communicate with ANY of their clients.

    They have your phone number.
    They have your address.

    They can send you a letter, they can call your phone. And their phishing rate would drop to almost zero.
  4. Spam spam spam spam spam and eggs. on Circumventing CAN-SPAM · · Score: 1
    Spam is often referred to as UCE "Unsolicited Commercial Email", which his emails were not.
    Yes, some people call it that.

    But it is important to remember the origin of the term "spam" in this context. It refers to posting/sending the same (or almost the same) thing over and over and over ...

    So, it is possible to "spam" a USENET discussion board with non-commercial postings.

    So his emails are "spam" ... but may not meet the criteria for that specific sub-category of spam known as "UCE".

    All UCE is spam ...
    Not all spam is UCE
  5. Slight variation. on Ask OSDL CEO Stu Cohen About Linux TCO Studies · · Score: 2, Insightful
    Why would you expect that the answers of someone "dedicated to accelerating the growth and adoption of Linux in the enterprise" would be more objective, in any way, than any of the reports created by pro-MS companies?
    Since it all comes down to what you choose to measure and how you measure it ... I'd rephrase your question as:

    Why would anyone expect that the criteria of someone "dedicated to accelerating the growth and adoption of Linux in the enterprise" would be more objective or that the measurements would be more accurate than any of the "studies" done by pro-Microsoft companies?

    I've seen pro-Microsoft studies that "extrapolate" data out for 5 years to get their "TCO" figures.

    Not to mention that "TCO" figures are meaningless when compared between different companies. There are too many variations between the tech staff, the users, the apps, the hardware, remote vs local users, and so forth.
  6. Yep. on Botnet Attack Shuts Down Hospital Network · · Score: 1

    You can build a Linux-based router (xBSD-based or whatever).

    You can buy a Cisco router (or any other brand).

    You can implement VLAN's.

    You can buy more switches/hubs and physically separate the networks.

    There are so many different options that it isn't really worth it to list them all. Just choose one and do it. But do NOT allow your critical machines to access the Internet or any machine that has accessed the Internet.

  7. If it is that critical, it is not on the Internet. on Botnet Attack Shuts Down Hospital Network · · Score: 1

    Yes, there are far more steps to change software on medical equipment than on the average workstation ...

    So the answer is to NEVER allow INCOMING connections to that network. It must be 100% isolated from any incoming, outside connections.

    This requires far more attention be given to designing the network and such. But when lives are on the line, you just do it.

  8. Here's one scenario: on Botnet Attack Shuts Down Hospital Network · · Score: 1
    What the fuck their keycard access system was doing on the same network as some of the infected computers is a complete mystery to me though.
    Considering that the various entry points need to communicate back to the central server ... and there's already all this cat5 cable run for the network ...

    Some "genius" decides to save money (always a good plan) and use the existing cable system to enable communication between the entry points and the security computer.

    You can laugh all you want, but my boss right now would take the savings and rely upon me to make sure that everything else was fully patched, anti-virused, locked down, etc.

    After all, I'm salaried and hardware / cable installation costs real money.
  9. The 6 degrees of Kevin Bacon. on Limited Email Surveillance Approved · · Score: 2, Interesting
    Encryption will block them knowing the dirty joke you just told your friends, but it won't stop them from knowing WHO your friends are!
    So, you sent and email to Mr. A.

    Who sends email to Mr. B.

    Who sends email to Mrs. C.

    Yeah, you see where this is going. Just about anyone can be connected to anyone else with enough hops.

    And the government would be "justified" in collecting the information on each of the people in those hops because those people are "connected" to someone under investigation.
  10. Don't worry. on Limited Email Surveillance Approved · · Score: 2, Informative

    You only lose any Rights you haven't used within the last 90 days.

    Now, you have to prove to the government that you're actually using any Rights you want to hang on to.

    I recommend calling and sending real letters to your CongressCritters.

  11. There is a reason they are not listening to you. on Dealing with Corporate FUD About Linux? · · Score: 2, Insightful

    There are many reasons, but the one I've encountered most often is fear.

    Upper management, usually, did not get there by taking big risks. They don't want to lead the herd.

    They will take any excuse to avoid Linux until enough other companies and people they know are openly using it AND saving money.

    Until then, no matter what you say, they will focus on whatever "facts" and opinions "justify" their fear.

  12. Nope. on Yahoo Allegedly Sells Reporter Out to Chinese Authorities · · Score: 1
    Incorrect. It is not them. It is their shareholders. If Yahoo would have decided to miss this business opportunity on moral grounds it would have been eaten alive by the shareholders.
    Like I said, the people running the company have morals/ethics.

    That includes the shareholders.

    If the shareholders value money over everything else, that is their moral/ethical decision.

    If they choose to litigate, then they are acting on those morals/ethics.
  13. It's not the same. on Yahoo Allegedly Sells Reporter Out to Chinese Authorities · · Score: 1
    From my point of view, Yahoo is not doing wrong as it surely is complying with petitions that the Chinese government asks.
    That depends upon your personal moral code. And different people have different moral/ethical codes.
    A lot of people in slashdot think that just because they *believe* the type of Government China has is unfair then it is wrong and unfair.
    If they *believe* that the actions are wrong, then according to their moral/ethical code, those actions are wrong.
    But companies working over there MUST comply with current legislation.
    That does not mean that the actions are not wrong. Again, based upon each individual's moral/ethical code.

    Companies are not people and do not have moral/ethical codes.

    But the people running the companies do.
    Yahoo MUST comply with local laws if they want to make buisness there, there is no other choice, comply or go, and while China keeps giving good revenue, they will continue.
    What you are saying is that morals/ethics don't matter when it comes to money.

    That is incorrect.

    The people in charge at Yahoo! make the moral/ethical decisions and they've chosen profit.

    The question becomes ... is there any action that Yahoo! would not take, provided it was legal in that country, for a profit?
  14. To win the debate, frame the debate. on Verizon Threatens Google's 'Free Lunch' · · Score: 5, Insightful

    This isn't about a "free lunch" or "free ride" or anything like that.

    This is about Verizon realizing that providing the pipeline is a good, solid revenue stream ... but the REAL money is in controlling the bottleneck.

    So, they attempt to frame the debate as "free lunch", but the reality is that they're looking for a way to get some of Google's revenues by building a bottleneck.

  15. Push vs Pull. on AOL and Yahoo to Offer Filter Circumvention · · Score: 1
    Nobody has to use an official signer, but legitimate companies pay the fee and our users' web browsers will not warn them about unknown signers.
    With a web browser you are pulling content from a site that you have chosen to visit (in most cases).

    Email is different in that the companies (and zombies) push content to your inbox.
  16. Smart companies do not get blocked. on AOL and Yahoo to Offer Filter Circumvention · · Score: 4, Insightful
    In the UBE industry, spam is viewed differently than it is here on slashdot.
    Yep. They love it, we hate it.
    Whereas we consider Spam any unsolicited ad, spam is considered email that does not follow the rules of CANSPAM in the industry -- that is it doesn't allow opt-outs, emails come from scrapes, etc.
    Yep. Those are also included in the "spam" usage for me.

    But companies who are legit would not be doing that in the first place, right?

    If I block all zombie emailers from my users, then offer companies access to my users for a fee, as long as they don't use zombies ... there's no benefit for the legit companies.
    What this fee does is it allows companies that follow optout and other rules to get inbox delivery for a fee.
    And those companies are already the ones least likely to be blocked.
    Further, because the cost goes from about $0.00001 per message to around $0.0025-$0.01 per message for that delivery, the marketer has incentive to target his list more carefully rather than just blasting everybody in sight.
    AGAIN, the legit companies do NOT do that ALREADY.
    This also gets rid of some of the crappier ads, as the marketer is going to pass the $10,000 fee on to the advertiser.
    Nope. Because the company/person most likely to send out those crappy ads will still send them and just try to get around the filters.

    This will not cut down on the crappy ads.

    This is nothing more than the ISP's attempt to sell access to their users.

    If you're running a smart company's ads, then you already take precautions against being blocked/blacklisted.
  17. That's a result of their past decisions. on Another Look At Mozilla's BugFix Rate · · Score: 3, Insightful

    Because they chose to weld IE to the OS, they have more difficulty with patching (and the vulnerabilities become OS vulnerabilities).

    If they had maintained a rigid distinction between OS & apps, they wouldn't have those problems.

    This was predicted back when MS first "integrated" their browser.

  18. Package management includes testing. on Linux Patch Management · · Score: 4, Informative
    Then you'd have to trust that the distro doesn't self destruct by patches breaking your vital (read mission critical here) services.
    No trust allowed.

    Before anything goes into production, it goes into test.

    YOU are the one responsible if a package breaks a production server.

    You can still set a cron job to auto-magically download and install the apps, but you'd point it to your own repository where you put only the packages that have passed your testing.

    The more "mission critical" something is, the less you want to automate ANY process that changes ANYTHING on the OS or apps.

    For our critical database server, I come in on the weekend and hand apply every patch. And that is AFTER those same patches have been applied to the test server.
  19. And THAT is what is important. on UNIX Security: Don't Believe the Truth? · · Score: 1
    We do, however, justifiably claim to have a more secure out-of-the-box operating system than Microsoft and so do the Linux geeks.
    And THAT is what is important.

    Windows / Macs / Linux ... they can all be secured to about the same degree by an administrator who is sufficiently skilled / knowledgeable.

    But it is more important to have a decently secured OS right out of the box. This is because most of the average users will use it the way it is delivered to them.

    If this means turning off some "usability" features that a certain percentage of your users would like ... but those features make the OS less secure ... than turn them off.
  20. It's called "reading". on UNIX Security: Don't Believe the Truth? · · Score: 2, Insightful
    Ahh but these problems are easily solved by giving the user permission on the specific resources, such as the registry keys needed. You don't need to make them an admin.
    I had said:
    "Yep. It is possible. But it is more work than the average Windows user will want to put into it."

    Then you asked:
    Can you name any? Besides games, that is. I hear this all the time, but almost nobody can actually come up with any kind of list. If there are so many of them, why is it so hard to list them?
    So I provided you with specific links describing the specific problems and even HOW those problems arise.

    So you replied:
    Ahh but these problems are easily solved by giving the user permission on the specific resources, such as the registry keys needed. You don't need to make them an admin.
    Yeah. No one ever said that it was IMPOSSIBLE.

    What I said was that it was more work than the average Windows user was likely to put into it.

    Did you understand it that time? Do I have to repeat it again for you? I do? Okay, I will.

    Under Windows, it is far easier for the average user to just run as adminstrator than it is for them to fix the apps that don't work right as a non-administrator user.

    NOT "impossible".

    And the reason that is it far easier is because the average user must, somehow, FIRST learn why running as administrator is a BAD THING.

    Back in the old days, we had real trolls. We had trolls who knew MORE about the systems than the admins. We had trolls who could tear apart a TCP/IP packet.

    Now, all we have are these "search Google for me" trolls. It's a sad day for trolls everywhere.
  21. It's called "Google". on UNIX Security: Don't Believe the Truth? · · Score: 4, Informative
    http://www.windowsnetworking.com/articles_tutorial s/Running-Windows-Under-Non-Admin-Accounts.html

    That starts you off on shares and setting the time/date.

    Do you want to know one of the coding practices lead to this problem?
    http://blogs.msdn.com/aaron_margosis/
    A common example is when an application saves its runtime settings to a registry key under HKEY_LOCAL_MACHINE (which is read-only to LUA users), instead of to HKEY_CURRENT_USER.


    You might want to spend some time looking up Powerpoint 2003, too.
  22. Linux is only EFFECTIVELY immune. on UNIX Security: Don't Believe the Truth? · · Score: 4, Interesting
    Isn't Linux immune to viruses and what not? Isn't that what the Linux world has been telling them?
    I don't think anyone but Mac users claim that. And anyone that claims that for any processing device is lying to you. There are Linux Viruses out there, just use your favorite search engine.
    Linux is not completely immune to viruses. It is only EFFECTIVELY immune.

    Viruses only spread when their infection rate EXCEEDS the removal/immunization rate.

    When the infection rate is lower than the removal/immunization rate, the virus dies.

    With most current versions of Linux, the default security configuration means that it is very difficult to infect a machine (not impossible) and very easy to remove the infection.

    Before this "InterWeb" thingie, I was cleaning boot sector viruses from DOS machines that required someone to have booted from an infected floppy.

    Linux boxes CAN be infected, but the odds of it happening are very, very slim.
  23. Because it makes things work. on UNIX Security: Don't Believe the Truth? · · Score: 3, Interesting
    What I continually fail to understand is why everyone I know logs in as an Administrator under Windows, even after falling victim to a virus, spyware, etc. I don't necessarily mean the account with that name, having a personal user in that group amounts to the same thing.
    Because too many apps have problems when run by a non-admin.

    This isn't necessarily the fault of Windows ... although Microsoft is one of the prime offenders with IE and MSOffice and so forth.
    The same thing is of course possible under Windows: Make your main login a 'Power User', or if you feel that's not safe enough, put it in a group with the same policies as the 'Users' group and slowly increase its permissions until you can work productively.
    Yep. It is possible. But it is more work than the average Windows user will want to put into it.

    And that is only because the FIRST step is learning enough about the system to know that there is a problem. It's easy for most of us who spend time and read /., but for others, they aren't even aware that there is a problem.
  24. I've been fighting to get this done. on Open Source vs. the Database Vendors · · Score: 3, Interesting
    The user says "This is vital". IT staff start adding zeros to the price tag of the application.
    Yep. And it is up to the requesting user to justify spending that money to the CFO.

    It is not IT's job. IT just gives everyone the pricing based upon how many 9's of availablility you want and the database/server licenses.

    If the user balks at that, the database can be put on the far less expensive PostgreSQL/mySQL server.

    The downside is that the database people need to become familiar with TWO different databases (or more depending upon the other apps).

    The upside is that the company saves a LOT of money in licenses and such.
  25. Because you cannot forget it. on NIST Standards for New Biometric ID Card Published · · Score: 2, Interesting

    The only advantage biometric data has is that the user cannot lose it or forget it.

    Other than that, if someone is watching you authenticate, it might be possible for them to see you using a fake finger or something.