Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. The PAPER is the VOTE. on NYT Says Paperless Voting A Serious Problem · · Score: 5, Informative

    The voter does NOT take the paper with him.

    The paper is so the voter can verify who the machine says he voted for.

    Then the paper vote is dropped in a sealed box.

    If there is any question about anything, the paper ballots in the box are compared to the electronic record of the machine.

    The voter does NOT take the paper with him.

  2. And the final post. on Security Patch Creation at Microsoft · · Score: 1

    #1. "I THINK: Single Window, Sort bookmarks, close tab on double click, last tab. I believe that's the list."

    I'm not going to waste my time on each of those. Here's the URL for "close tab on double click".
    https://addons.mozilla.org/extensions/showlist.php ?application=firefox&category=Tabbed%20Browsing
    Search for the phrase "Tab Clicking Options supersedes Close Tab On Double Click".

    So, when the functionality provided by an extension is provided by FireFox in a later version, and the coder maintaining that extension posts that, you feel that there is a "problem" when that extension no longer works on the newer version of FireFox.

    Hey, lots of luck getting IE7 to work on Win2K.

    2. "FIREFOX of course."
    Hey, don't blame me if your writing isn't clear. So, sometimes FireFox freezes when you launch it.
    Sometimes a reboot fixes that freeze ...
    Sometimes it doesn't ...
    Which means that, sometimes, FireFox freezes and not even a reboot will get it unfrozen ... yet you still seem to be using FireFox ... even though it is frozen.

    Right. Whatever. Good luck with that.

    3. "New version != security patch."
    Ummmm, yes it does. The installation might not be as easy as you'd like, but it is still a security patch.

    Anyway, lots of luck with your Microsoft experiment. I'm sure my firewall will be blocking the loads of spam that your pwn'ed machine will be spewing.

    Buh bye now.

  3. And now I will clarify that. on Security Patch Creation at Microsoft · · Score: 0, Troll

    #1. "Some extensions don't work (I've since forgotten which ones)"

    Sorry, that isn't "specific". That is vague and unhelpful. Disregarded.

    #2. "When I start up the app, sometimes the "update" icon is right next to the "help" menu item (not where it should be).. and the app is completely frozen. Only restarting FF fixes this (and it sometimes does not)"

    What app? Again, "specific". Not general. Disregarded.

    #3. "The fact that they don't release patches (critical security updates, at least!) is a major downfall for FF."

    They DO release patches and critical security updates. They just release them as a completely new build. Disregarded.

    So, all of your complaints are of the type most often seen on /., vague, undefined and some of them you just don't even remember.

    Great.

    In the meantime, I'm running 1.0.4 without any problems and the auto-update feature of the extension system just told me that there's a new version of ie-view available. It's already installed and all I have to do is re-start FireFox.

  4. No, I'm not seeing that. on Debian Upgrade May Cause Serious Breakage · · Score: 1
    It's under the dinner table, that's why is so hard to switch disks...

    And what is it about the dinner table that makes it so difficult to move the box and swap the disks?

    Is there a particular reason why you're running it without floppies or CD?

    I haven't been to your place. Telling me that it is "under the dinner table" is not giving me any information.

  5. It is still simple. on Debian Upgrade May Cause Serious Breakage · · Score: 1
    You take the drives out and you use a different machine to clone them. A machine with a floppy or CDROM.
    If I break anything it will be a pain in the ass to open it to reinstall the OS, or switch hard drives.

    Huh? How hard is it to switch hard drives? Is there some particular reason you don't have floppy or CD capabilities?
  6. What's your setup? Can you test it? on Debian Upgrade May Cause Serious Breakage · · Score: 2, Informative

    If your setup is simple enough, just clone your drives and test the upgrade process on the clones.

    If anything goes wrong, you can just drop the originals back in and everything will be back to the way you started.

    You should always test new deployments before putting them into production.

  7. I've upgraded 6 boxes without problems. on Debian Upgrade May Cause Serious Breakage · · Score: 4, Informative

    What, specifically, are the apps that will cause the problems and how does he determine that 30% of the boxes out there will have those apps?

    I've upgrade 6 boxes and have not had a single problem on any of them. They run a combination of Apache, perl, python, mySQL, php, bind9, DHCP, etc.

    If there is a circular dependency problem on an app, but no one uses that app, then there won't be any problem upgrading.

  8. Specifics. on Security Patch Creation at Microsoft · · Score: 1

    What are the specific problems you have with FireFox updates?

    The only ones I've seen are that (on Windows) it doesn't clean out the old entry in the add/remove listing so you end up with listings for it from 0.8 up to 1.0.4. But that doesn't cause anything to break.

    They also don't release "patches" to a version. You get the whole new version and it does a complete install. But that doesn't cause anything to break.

    I'm still looking for the specific problems that people are having with FireFox but all I'm getting are generalities about how it "broke" or it isn't as good as IE.

  9. It's called "testing". on Security Patch Creation at Microsoft · · Score: -1, Troll
    I do run a business, in fact.

    And you read /. so you must be one of them "informed" businessmen.

    With most applications, TCO is already down the toilet just with the time it would take to *find* somebody who could do it, never mind actually paying the person.

    Huh? I do testing all the time, every day, for dozens of apps.
    Case in point... the last Firefox upgrade broke all of our machines (Firefox quit working on all of my machines... I hope that was all that was effected).

    You didn't do ANY testing? None at all? What's up with THAT? You didn't even do a staggered roll-out?

    Guess you don't qualify for the "informed" businessman tag.
    Insignficiant program, true, but what am I supposed to do... hire somebody to review each of Firefox's releases to tell me whether or not they'll work?

    Well, you could phrase it in that manner. I'd just say "include FireFox in our list of approved and tested apps" and have the person who is already testing apps and patches do FireFox also.
    Am I supposed to spend, what, $10-20K to have a Unix programmer come in to analyze the latest Firefox build and tell me where the problem is?

    No, why would you? Testing a new release of FireFox shouldn't take more than 15 - 30 minutes. I'm sure your IT people can manage that before telling you it is safe to roll it out.
    That's insane.

    Hey, you're the one that said it, no one else.
    Instead, we simply removed Firefox from all of our machines, and went with IE, which was already properly tested before being pushed out to users.

    So your IT people test IE, but don't test FireFox and you blame FireFox for that? Huh?
    Much cheaper. Much simpler. Much quicker time for me to get back to the core of my business (which trying to get broken web browsers to work).

    And still you're posting on /.? But you think that spending 15-30 minutes to test a new release is too much? WTF? Hold it, your website references a pet supply store. HOW MANY COMPUTERS DO YOU HAVE? Or are YOU pretending to be the IT staff as well as the manager? That would explain the "problems" you've encountered. By "all of our machines" you mean "BOTH of our machines", don't you?
  10. It's not about security, only the perception of it on Computer Security Lacking at Homeland Security · · Score: 4, Insightful
    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us.
    Hey, I agree with you on that.
    We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
    Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.

    Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.

    And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.

    It's all about the public perception of the issue.

    The same as it is in all aspects of politics.

    As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.

    If there is a power outage, then it comes down to whom they can blame.

    It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.

    Which is why security is NOT something that ANYONE should allow a politician to be involved in.
  11. No, calculators are different. on Calculator Flaw Forces Recall in Virginia · · Score: 4, Insightful

    The problem is what you consider 'real skills' In a certain sense, you could just give a kid lists of expressions, such as 23X4, to solve, or lists or figures to identify. it would not be necessary to give them any room to show work, as if they really had the skills, namely doing math in their head, they will just be able to write down the answer.

    That depends upon what you're testing.

    If it was basic multiplication, that would be fine. Once you can multiple 2x3 on paper, you can multiply everything from 1x1 to 9x9. The technique does not change at all.

    The same goes for 12x11 and 36x156. Once the initial concept is understood all further applications can be reduced to that basic concept.

    The same with fractions and decimals.

    But when you allow a calculator, you are NOT testing their knowledge of the basic techniques. Multiplying 99x2314 means learning a more advanced technique with paper and pencil.

    With a calculator, it is the same as 2x3.

    But this is called regurgitation, and it is a very low level of thinking.

    No, "regurgitation" is the memorization of items. If someone can memorize the multiplication tables up to quadruple digits, there isn't much you can do to "teach" that person.

    Increasing what the schools are trying to teach are problems solving techniques and critical thinking.

    What "critical thinking" is there in accepting what a machine tells you?

    It is hard because most students would rather just write answers down to a hundred questions that to have to use tools to solve problems.

    But the calculator only gives them answers. Most students would rather use a calculator to "just write answers down to a hundred questions".

    Which is my point. Using a calculator at that grade is NOT testing their knowledge of the material.

    For instance, it is important in math for the student to have the tool of pencil and paper so they may underline the important words in a question, draw pictures, map the solution, and check the answer.

    Yep, and the pencil and paper will NOT provided ANY information that is not already in the kid's head.

    These tools allow the questions to be on higher order than the 2+2.

    Not if the kid does NOT know the technique for adding 2+2.

    Yet with a calculator, it is possible to get the answer and still NOT know the technique.

    Likewise, the calculator is a tool that allows us to raise the bar.

    No, that is called "lowering the bar".

    Two kids...
    one how understands the concepts and techniques
    and
    one who does not.

    Both sit down, with calculators and complete 100 multiplication problems.

    Both score the same.

    Both get 100% correct.

    THAT is the problem.

    The calculator might allow the student to independently develop ideas through a discovery activity.

    It might. But more likely, it will be used to mask a core problem.

    All the calculator does, like pencil and paper, is amplify the students ability.

    Which, in more sensible terms means "masks the kid's failure to grasp the concepts".

    Which was the point I made above.

    Sure, the calculator will allow a kid who does not know how to do basic math to score a perfect grade on a test covering basic math ...

    If the student misuses the calculator, more than likely he or she would just use the pencil to copy answers, so little is lost.

    Okay, now you're completely off it.

    Likewise misdirected teaching is probably not significantly changed. Teachers who did not appropriately utilize the tools of the

  12. 45 seconds works for me. on I am the Most Spammed Person in the World · · Score: 1

    Less than that and spam leaks through. Greater than that and I don't see any difference.

    The problem with having such a short delay is that it negates the secondary benefit of greylisting ... rbl's.

    If it takes an hour for a message to be accepted, that's an hour in which that address could be added to an rbl.

    In order to facilitate speedy email reception, we'd have to fall back on the "two factor" method of authentication.

    Of course, your email server is going to check my DNS and SPF info and greylist attempts from my server and mine will do the same with your's.

    So, the solution I see is for you to call me or whatever and have me send an email to you. My server should see the OUTBOUND attempt and then whitelist your INBOUND attempt (as long as it happens within an hour or so).

    In other words, someone behind the server has to perform some action that will tell the server that the other server is, temporarily, cleared to send email.

    Yes, I know this sort of defeats the purpose of email. Email is still very useful once the relationship has been established. It's just the initial establishment of the trust that is more complex.

    I believe that we'll be looking at something similar to that anyway, eventually. The financial dynamics of email (near zero cost to send, all the expense on the receiver) make it too profitable when abused (and it is very easily abused).

    Eventually the spammer's zombies will be re-built to re-send the spam after they've completed their initial runs. In which case, greylisting won't stop the spam from coming in.

    At that point, we'll have to rely upon the RBL's or some other methods (such as the two factor approach I mentioned).

    The only other approach would depend upon the various ISP's getting their act together and implementing technological solutions. But that's just not going to happen unless there is a law with heavy fines (more than the cost of doing it right) to force them to.

    And we're not going to see a law like that as long as we have the mass marketing lobby spending money in D.C.

  13. So they're testing on calculator knowledge. on Calculator Flaw Forces Recall in Virginia · · Score: 3, Insightful

    Why do they even allow the use of electronics on those tests? Dump the electronics and focus on testing the real skills.

    If you have the skills, then using a calculator makes you faster.

    If all you have is the knowledge of where the key to press is, then you won't be able to check your work.

  14. Running greylistd + exim4 + rbl's on I am the Most Spammed Person in the World · · Score: 1

    Before implementing that, for every 1,000 emails we'd get, 800 of them would be spam.

    Now, for every 1,000 emails we get, about 60 of them are spam.

    I like greylisting. There are a few ISP's out there with fsck'ed mail servers, but the majority seem to be operating just fine.

  15. That's the main problem I have with Microsoft. on Microsoft's Most Successful Failure · · Score: 2, Insightful
    While their security aspect is a bad thing, they're quite useful in their own way.

    The same can be said about almost every Microsoft product/technology/implementation.

    Microsoft focuses on functionality even when it means making something completely insecure.

    So, it all comes down to which do you value more, functionality or security?
  16. Without knowing the error margin, we can't say. on Linux Growth In The Workplace Slowing · · Score: 2, Informative

    They say their survey shows reduce interest in Linux
    in North American Companies
    that have not deployed Linux.

    But they don't state their error margin.
    http://www.resolutions.co.nz/sample_sizes.htm

    So, given those numbers, unless shown otherwise, the difference between the two surveys is ... statistically zero.

    But that doesn't get the big headlines, so they play up the difference between the two surveys because people don't know enough about surveys and statistics to know that there might not be as big a difference as is claimed.

    As you noted, the REAL question is: What is the adoption rate doing? And we won't know that until a year from now. Even a 1% gain a year means that, eventually, every company except Microsoft and Sun will be running Linux.

    And even then, we'd need to know the error margin to know whether there is a statistically valid increase or decrease.

  17. I'll be a data point. on Debian 3.1 (Sarge) Released · · Score: 1

    I'm running 4 Debian boxes here (and they're all Sarge now 'cause Debian makes it so easy).

    One of them is a test box, the other three are production servers.

    =====

    At home, I'm running two of them and they've been Sarge for a long time. And Ubuntu on the desktop, but that's a different story.

    And the home boxes are running 2.6.11.11 (the only non-stock-Debian item on them).

  18. Why u wanna repeat those lies? on Linux Geeks To Take Over World · · Score: 3, Insightful
    The article tells a good story about how Linux is at the center of a massive nexus of script-kiddies who are eager to destroy anyone standing in their way.
    You got any evidence to support that statement?

    Enderle is still trying to work that meme but no one has shown it to be factual.

    The majority of zombies are WINDOWS boxes.

    None of SCO's claims of "threats" or "attacks" have been substantiated. Yet if they WERE attacked, it would be ultra-easy to post the logs showing it.

    SCO's "evidence" of the "attacks" are the same as the "millions of lines" of "stolen" code they've claimed. Non-existant.
  19. Octopi and squid. on 60% Of U.S. Believe Life Exists On Other Planets · · Score: 1

    I think they need to qualify that with "aliens who make it into space".

    There is absolutely no reason why intelligent LIFE would resemble a human. We already know that dolphins are somewhat intelligent.

    The big difference is whether you're looking at the gravity bound 2 dimensional world of the land or the 3 dimensional world of an ocean.

    Which brings me to another point, how can WE tell if THEY are intelligent unless they're doing things we already associate with "intelligence".

    And to do those things, they'd pretty much have to look like us (except they'd have ridges on their heads).

    Really, suppose there's a water planet out there with super-intelligent squids who have developed mathematics far in advance of our's, but don't build houses or space ships. How would WE be able to tell they were intelligent?

  20. You are wrong, again. on Trojan Built for Industrial Espionage · · Score: 1
    Try to maintain focus.

    #1. Because Linux no longer uses bitkeeper does not mean that it has more security problems than before. (nor less)

    #2. And, again, no one is saying that Linux has never had a security issue. Just that because of Linux's security model, those issues have been less critical and fixed faster than with Windows.

    #3. You do not see articles here very often deriding Linux about its security failures

    That was someone sniffing passwords. That isn't a Linux security issue.

    #4. You're quoting an article quoting mi2g's "research". You should do a bit more research on them before attempting to use it to support your position.
    My point here is not to argue about which OS is better, but that all OSes have huge security issues to deal with, and people in the trenches, not in the ivory tower, understand that.
    No. "All OSes" do NOT have "huge security issues to deal with".

    You are wrong. No OS is 100% secure, but that does not mean that they all have "huge security issues".

    If you need confirmation on that, just look at OpenBSD.

    Need another? Look into SELinux.
  21. I didn't say that, did I? on Trojan Built for Industrial Espionage · · Score: 1
    MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.
    I didn't say that it would IGNORE it. I said that it would not detect that it was not fully patched.

    This is because Windows does not have a package management system. But it likes to pretend that it does.

    So, a service pack is applied, then you add a component that the service pack would have patched, but all the various tools do is to check whether that service pack is listed as being applied.

    The biggest annoyance I've seen with that was the Welchia worm. Even after applying their patch, your machine would still be infected.
    But I admit that I'm nitpicking a bit here as I've learned not to trust it as the only check on what a system needs.
    And that's the problem. If you cannot trust the system, you cannot trust the system.

    With Debian, it is easy for me to verify each and every file on that system. Here, I'll go through this.

    Each file either is a user data file and should only be in those directories
    -or-
    It is a file installed by a package that was installed by root.

    So, I go through each directory and verify that every file in there belongs to a package. Then I go through and verify that every file belonging to each package has the correct MD5 checksum. Then I verify those package checksums against the versions on the websites.
    I have found that Windows Update, MBSA, and even GFI's tool will disagree on what is installed or what patches are available for your system. It is a convoluted mess.
    Yep. And because it is such a mess, it is VERY difficult to verify that it is fully patched.
    I use Suse myself not Debian but the approach is basically the same. Offer updated packages that are prepatched so if you decide you need to run Apache you get the latest version not a buggy one that you have to add patches too.
    Yep. Any Linux system (or other system) that uses a package management system is FAR easier to patch, verify that it is patched and keep patched than a Windows system.
  22. You need to learn a bit more. on Trojan Built for Industrial Espionage · · Score: 1
    It is cheap to poke your security knife at microsoft. As you probably know, Linux has its own security issues
    And who says that it does not? Hmmmmm?

    The issue is not whether there ARE flaws, but how SERIOUS those flaws are, how quickly the are patches are released and how easy it is to install those patches.
    I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps.
    And walking to the corner store is "work" and running a marathon is "work". Just because they are both "work" does not mean that they are equivalent.

    Here's a good example. If you install the Windows on a box, but choose not to install all of the components, then you patch it with the latest service pack and all, it should be fully patched.

    Then you go back and install one of the components you didn't install initially.

    Is it still fully patched? Will Microsoft's BaseLine scanner find any flaws?

    No and no.

    But with a Debian system (or any derivatives), you will know that your system is fully patched because installing is done from the network.
    When you get into linux desktop users, security takes a lot of work and attention.
    It depends upon what you mean by "a lot". It takes less than 1/10th the effort of a comparable Windows installation.

    That is because it is easy to setup the users without the ability to run executables that have not been setup by the root account. Which pretty much kills the trojans and viruses.
  23. Most trojans are spread via unpatch Outlook. on Trojan Built for Industrial Espionage · · Score: 4, Funny
    Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.

    Yep. But there are ways to reduce the potential there.

    #1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.

    #2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.

    Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.

    Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.

    Now, each step that the user must perform is another chance for the trojan to fail.

    If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.

    And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.

    Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
  24. And what is being done about this? on Visual DDoS Representation and Its Ramifications · · Score: 4, Interesting
    From TFA:
    The primary attack of choice in the first half of 2005 was an advanced full connection based flood. This particular attack exposes the real IP address of the attacking bot/zombie, however, the sheer number of IP addresses that must be blacklisted places overwhelming load on mitigation hardware, ACLs, and web services farms.
    Okay, so you hve the IP address of a cracked machine ...

    From that, you can find the ISP ...

    From that, you can find the machine ...

    From that, you can put a sniffer on the line and trace the communications to find the person running the botnet.

    Yet I'm not hearing any stories about these botnets being broken by the cops. Why not?

  25. Leader, manager, tech. on Why Smart People Defend Bad Ideas · · Score: 1

    Being a great leader does not mean you're good a managing people or doing the tech work.

    Great managers aren't great leaders (or great techs).

    Great techs don't make great leaders or great managers.

    A leader has the vision and stays focused on that while overcoming or avoiding obstacles.

    A manager handles the day to day crap to support the vision.

    A tech follows the manager's schedule to produce the means to achieve the vision.

    I agree completely that leadership is difficult to quantify. Unless it is going completely wrong.