Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. The people with the filters don't buy the spam. on Gates' Resolve in Bringing Spammers to Justice · · Score: 1
    Spam persists because people read it and respond to it. If you can get people to stop reading, the spam count should start falling. That's the theory at least.
    But the people most likely to use filters are also the people least likely to buy from spam ads.

    So unless the ISP's start filtering, nothing will stop the spam from getting to the people who will buy from it.
  2. The article says that 51%+ ARE on time (approx). on 95% of IT Projects Not Delivered On Time · · Score: 3, Insightful
    Well, more specifically ...
    First, before anybody runs away with the idea that the failure of IT projects is rampant, it's necessary to look further into the study's findings. In a later section of the report, Info-Tech admits the majority of IT projects are in fact delivered on time, on budget and do meet expectations. So what's eating the executives?
    And "majority", in this instance, would mean 51% or more.

    So, 51% or more of the projects are delivered on time and on spec.

    BUT if you've EVER missed a deadline or been off-spec, then you get counted as bad.

    If you deliver 99 projects on time and on spec, but fail on 1 project, you're counted the same as if you failed on 100 projects.
    Well, some projects inevitably fail to measure up, and getting good results most of the time isn't good enough, it seems. Failure is failure, and the infrequent missteps are tarnishing the reputation of IT groups in the eyes of business executives, the researchers say.
    Right.... that tells me that the "answer" to this "problem" isn't technology. The "answer" is to have the IT managers take a few marketing classes and spread the bullshit to the "business executives".
    "Only 5 per cent of enterprises told us they were always on time," the report states. "This indicates that 95 per cent of IT shops are not delivering some number of projects on time or to the full satisfaction of the business executive. This is a major contributor to a misalignment of business and IT."
    Again, all it takes is 1 failure to be lumped in that group. No matter how many successes you've had.

    "So, you've solved world hunger, the arms race, poverty, racism, nationalism and have single handedly established a viable human colony on Mars. But we're really concerned about that jay-walking ticket from last year. Let's focus on what you can do to prevent such a failure in the future, okay?"
  3. /. is overrun with Microsofties. on Microsoft Releases Windows Server 2003 SP1 · · Score: 0, Offtopic
    Yeah, this post will get mod'ed down too, but so what.

    At 8:01am the parent post mod'ed as such:

    Update regarding Win2K3SP1 (Score:1, Flamebait)
    Flamebait?

    Yeah, it MIGHT get mod'ed back up later, but right now, the Microsofties are trying to mod it down. I'm guessing in an attempt to hide it.
  4. Look at the WHOLE picture. on Brazil: Free Software's Biggest and Best Friend · · Score: 1
    For instance, if the money is spent locally instead of sent out of the country to a foreign company the government can easily be better off even if more resources need to be spent to support that software.
    Look at the licensing fees paid for proprietary software. For most countries, we're talking millions of DOLLARS (at the moment, still more expensive than their local unit of exchange).
    And one of the elements of the freedom of open source is that you can hire someone to make improvements if the gap to properitary alternatives are small enough.
    And those millions of DOLLARS will pay for a LOT of local programmers making a LOT of improvements\bug fixes.

    And then, YOU OWN IT! You can install it on whatever machine you want and never pay another license fee.
    So any discussion about the merits of open source alternatives without proprietary alternatives needs to take into account whether any deficiencies of current open source alternatives could be fixed and still bring the project in at a competitive price compared to the proprietary software, where "competitive" doesn't necessarily mean "less than" depending on the weight you add to other qualities of the open source solution (such as no "forced" upgrades to keep getting support and no problem with proprietary data formats, etc.)
    Exactly. EXCEPT, the person making that suggest will be under fire from opponents who have an easy target about "government waste" and how they can do the "same" job for "less" by going with Microsoft.

    The problem is getting more people to believe that proprietary data formats mean more expenses in the future. Either staying on their upgrade cycle or converting even more data from their proprietary formats in the future.
  5. Not really. on Brazil: Free Software's Biggest and Best Friend · · Score: 4, Insightful

    -All gov't employees (users) have to learn to use a new desktop. For some people that aren't really computer literate, it already took years to be functionnal and learn to do the basic stuff. Take that away from them? You'll decrease productivity by a LOT, and you'll have a lot of training costs.

    Nope. The desktops can be configured to appear almost identical to the Windows desktop.

    The switch to Linux would be easier than the switch from Win2K to WinXP's layout.

    All gov't employees in the IT support field would need to be retrained for this new OS (can't just fire them or replace them, doesn't work like that). That alone could cost WAY more than licensing fees. Salaries might go up over time too...

    Yep. They'd have to be re-trained. But salaries wouldn't need to go up. It takes less time to manage Linux systems than it does to manage Windows systems.

    -All the in house applications. Just about every desktop (or employee) makes use of in-house software, and a lot of our corporate apps runs only in windows. Port all our in-house built apps? Replace all them big corporate apps? That's far too time/money consuming to even be considered. Best case scenario, users would have to login to remote servers (citrix or such) or something along those lines. 99%+ of our intranet is ASP/ASP.Net pages too (using SQL server too)... This alone is a good reason to stick to windows.

    The Windows-only apps are the only real block to migrations. But, if you have a migration plan, you can deal with these apps over time, before you actually move off of Windows. Simply start porting your apps to an Open Source database and scripting language now and don't do any new development in ASP/ASP.Net.

    Open Source is a strategy, not a drop in replacement.

    -Management. I'm no linux guru, so there might be (very good) alternatives to do this with linux, but I'm not 100% sure. Everything across country is monitored by a central NOC 24/7 easily. We have Active Directory, SMS, VBScript/WMI and a whole lot of other mangement/scripting/automation/(...) options. Again, not too sure of what linux has to offer here... Sure thing is, you just can't take away all our tools, you'd definately have to have equivalents.

    Linux easily beats Windows here. Linux's scripting ability (from shell scripts on up) is beyond anything you've seen in Windows (unless you're running perl on Windows).

    The only thing Linux doesn't have is the group policies capability of AD. But if you're deploying Linux, you don't really need those. Everything is locked down already.

    -Exchange-like calendaring and everything else (shared mailboxes, boardroom booking, ... the whole 9 yards). AFAIK, there is no real replacement (I very well may be wrong).

    There are a few Open Source projects, but nothing that is a drop in replacement for Exchange. That still needs work.

    Add to that the tons of ms office (proprietary) format documents... Using an office suite that may open most of your word & excel files isn't good enough here, you pretty much need 100% support.

    You can't even get 100% compatibility when using MSOffice. My HR department has tons of trouble with resumes that come in, in .doc format, that just don't print correctly. There are too many variations between printers and fonts and so forth and those all get included in the documents.

    BUT from a GOVERNMENTAL standpoint, they SHOULD be demanding plain text files. Having your data in a proprietary format (which may not be supported in future releases) means that you can lose those documents and the data contained within them. That is unacceptable.

    There's even more reasons, but I think this helps to show why windows may not be so much of a bad choice after all.

  6. That's a common misunderstanding. on Brazil: Free Software's Biggest and Best Friend · · Score: 3, Insightful
    Virus writers have been steering clear of Linux because it's such a low ROI. Linux may be better but you're a fool to declare it is immune.
    It doesn't have to be "immune". A virus is a failure in the security model/implementation.

    All Linux needs is for the infection rate to be lower than the identification/repair rate.

    If the viruses cannot spread faster than they are identified and dealt with, then they will "die" and Linux will be "immune" as a whole.

    But that doesn't include trojans. Trojans will be with us forever. They use social engineering, not flaws in the OS. Most of the email "viruses" that you see on Windows are actually trojans.

    But trojans can be dealt with much more efficiently on Linux than on Windows. See the next section.
    Peer Pressure: FOSS will be pulled into some really stupid directions because of really stupid user pressures to do really stupid things. For example, "I want to install anything I want without being root all the time!" and "why can't you do (all the stupid crap) that Microsoft does (which makes them fundamentally insecure)?".
    That's mostly solved already. Look at Ubuntu. Anyone can install anything. But the system will ask you for the root password.

    The extra steps that people would have to go through (assuming no Outlook-type email app becomes popular that runs installs from email attachments) will cut down on the number of email trojans that get installed on Linux.

    The more work the trojan writers have to expend
    +
    The more work the end user has to expend to get it installed
    ==
    Fewer trojans installed on Linux.

    Spyware crap that the user installs himself is a different category (Bonzai Buddy).
  7. You left one off. on Followup on MS and Brazil in NY Times · · Score: 2, Insightful

    The government should also be focused on developing their infrastructure and that includes getting their citizens into the software industry as coders rather than point-and-click morons.

    It will be far better for them, as a country, if their people start learning how to fix bugs / add functionality in Linux (kernel/desktops/apps) than if they just build database apps in Access.

    Ideally, it will only take a few years for them to bring a bunch of people up to speed and then those people can start expanding/enhancing Linux to meet whatever needs the government/people have.

    Rather than waiting until the next release of Windows which will require even faster processors / more RAM / better video.

  8. The key is having a PERSON monitor the logs. on How the Secret Service Cracks Encrypted Evidence · · Score: 1

    You are completely correct about the limitations of most people's memory.

    So, the solution is to have all the login attempts LOGGED (and from where) and that a PERSON read those logs on a regular basis.

    Also, limit the number of unsuccessful attempts per time period. Example, after 3 unsuccessful attempts, your account will refuse any more login attempts for 15 minutes.

    That's 12 attempts per hour.
    288 attempts per day.

    As long as your password can withstand that until a person can review the log, you'll be fine. The attack will be noted and handled.

    Of course, this will do NOTHING for the case where your equipment has been taken and the attackers can bypass the delays.

    Your only real hope in that case is to physically destroy the hard drive.

    Passwords are INEFFECTIVE if they are not CHANGED REGULARLY.

  9. That's a nice idea. on How the Secret Service Cracks Encrypted Evidence · · Score: 1

    So, someone will memorize 5 random words and that will give them approximately 64bit security.

    But 64 bit was cracked by distributed.net a few years ago. And the machine are only getting faster.

    It isn't whether you can put the randomness into a form that could be memorized. It's whether people can memorize it, without writing it down.

    People still cannot remember the bad passwords they use after they've been on vacation a week. That's why everyone knows to look under the keyboard for someone's password.

    For 99% of the people, if you give them 6 words from there to memorize and don't ask them what they are for a month, they'll have forgotten them.

    They'll have forgotten them in 2 weeks.

    They'll have forgotten them in 1 week.

    They'll have forgotten them in 24 hours.

    Unless they use them multiple times, every day.

    And you'll still find them on sticky notes under the keyboards.

  10. Still won't work. on How the Secret Service Cracks Encrypted Evidence · · Score: 2, Informative
    The average person has a vocabulary of only about 25,000 words.

    Even allowing for a 10 character word length and 4 randomizations per word (letters, numbers, spaces) that's still under a million variations.

    From the article:
    Each computer in the DNA network contributes a sliver of its processing power to the effort, allowing the entire system to continuously hammer away at numerous encryption keys at a rate of more than a million password combinations per second.
    So that's less than 25,000 seconds to crack your password.

    416 minutes

    approximately 7 hours

    People just cannot memorize enough randomness to defeat that kind of attack.
  11. Not impossible, very very simple. on William Shatner Pitches 'Starfleet Academy' Show · · Score: 3, Insightful

    The only issue is that it has to be story with a clear beginning and a clear end. Just like a novel.

    The problem is that Hollywood isn't interested in that format for TV. They want it episodic so there's always room to wiggle and try to squeeze more money out of it.

    Think of it as filming a movie, in 26 blocks.

  12. We already do that in Windows. on AutoPackaging for Linux · · Score: 1

    You update the OS/Office from Microsoft's web site.

    You check other sites for any other updates.

    With Debian, a vendor would simply add his website to the sources.list and apt-get update would check for updates to that vendor's product.

    The distribution should have a pool of servers for the software included with that distribution. There's no reason why other ISV's would have to use those servers.

  13. We have that already. on AutoPackaging for Linux · · Score: 1
    Most layusers will want some easy installation like this instead of using something like Yum (even if it is a GUI front-end to yum like GYUM).
    Why do they want that instead of GYUM?
    This is one giant step towards a viable desktop linux - and I believe that it isn't a replacement for apt/yum/[INSERT YOUR FLAVOR HERE] but uses them under the hood.
    No. The problem is that it BREAKS the package management of those systems.

    So now I'd have to use TWO methods of updating my system. Great. Just what I was looking for.
    Before everyone starts bashing it and says that apt or emerge or whatever they use is the way to go, seriously think about it - one click installation, from a FRIENDLY user-interface, and easy to manage system for installing and uninstalling programs.
    Synaptic. Already there.
    Now if this were part of the base install on many distributions and some sort of standard was established (seriously, we need standards) I can probably convince my scared-of-Linux-because-it-is-hardcore friends to actually try Linux out.
    Who is "scared of Linux" because Synaptic is too hard?

    There's a LOT more to package management than just getting software onto your system.

    Is the user it runs under setup correctly (what? you plan to run everything as "root"?)

    Has it been suid correctly?

    And so forth.
  14. That's right. apt-get works. on AutoPackaging for Linux · · Score: 1
    Yes, I did read your FAQ. Are you going to answer EVERY question with
    Please read our FAQ.
    Here's the line from the FAQ you keep telling people to read:
    If I install an autopackage, RPM won't know about it!

    As of 1.0, correct. For applications this isn't a big deal. The biggest advantages of having RPM know about an application installed via autopackage are that you can query file ownership, and if you upgrade to a newer version in RPM form (for instance, your distribution installs it automatically), things will work cleanly. Neither of these are huge problems.
    Hey, it's not a "huge problem" for you, but I think I'll avoid something that will BREAK the WORKING system I use right now.
  15. Bad definitions. on Has Mass-Mailed Malware Peaked? · · Score: 1

    Yep, you're right.

    A worm does not require human intervention to run, infect or replicate itself. Worms are most commonly seen infecting vulnerable services via open ports and then automatically scanning for more machines to infect. Again, worms do not require human intervention.

    The email "worms" or "viruses" are actually trojans.

    People think the trojan is a screensaver or picture or whatever, they click on it and it installs itself, then it sends copies of itself to other machines.

    A virus resides in memory and attaches itself to other files so that when other machines use those files, they will also be infected. The original file is not destroyed and should still function correctly.

    Trojans will be around forever. They are social engineering attacks.

    Old worms should slowly die as the machines they've infected are upgraded, patched or fail. As more and more machines are shipped with firewalls, the new worms will dwindle, also.

    Viruses are failures of the security model of the system. That's why Linux doesn't have any viruses "in the wild".

  16. That was the goal. on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 1

    Look at their "report".

    Their sole criteria (days between public announcement and patch release) is specifically designed to fault any system with an Open discussion of security and/or code.

    They are faulting Linux for being Open Source and, as a result, attempting to show that the Open Source development process is less "secure" than the closed model.

    We've seen this argument many times over the years. It's usually presented along with ...

    "if they can see the code, they can find exploits"
    and
    "bad people can put exploits in the code".

    While I can acknowledge the validity of those 3 points ... in theory, the REALITY is that, from a security standpoint, the Open Source model works as well or better than the closed model for 99% of the software out there.

    This "report" is nothing more than a Microsoft funded attack on the Open Source software development model.

  17. That's the 2nd "suicide" in 4 months. on SCO Website Using Groklaw's Content · · Score: 5, Interesting

    1 in December.
    1 in March.
    Both people involved in Canopy.

    Nothing strange or unusual about that. No sir.

  18. Imagine what would have happened if they did. on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 2, Funny

    If they did reveal their funding during the RSA presentation .......

    http://seattlepi.nwsource.com/business/212384_msft linux17.html

    Linux vs Windows Security
    (a Microsoft production)

    Thompson and Ford walk on onto the stage.

    Thompson: "My name is Thompson and I love Microsoft."

    Ford: "My name is Ford and I love Linux. Hey Thompson, how many Microsoft programmers does it take to change a light bulb?"

    T: "I don't know, Ford. How many Microsoft programmers DOES it take to change a light bulb?"

    F: "None. They just declare dark to be the new standard. Ha ha!"

    T: "Ha .... How about we do some of our 'research' to find out who has better security then?"

    F: "Sure. I am sure that Linux will have better security than Windows, after all, I am Ford and I love Linux."

    T: "Because we are security professionals, we will choose only the default settings of both systems. Is that okay with you my fellow security expert?"

    F: "Yes, we should only choose the default settings because we are security experts."

    T: "And then we should count how many security patches were released and how long it took to release them (after the public announcement)."

    F: "That sounds like a very reasonable and fair way to determine who has better security. We should only count the days and number of vulnerabilities. We should under no circumstances do any comparision of vulnerabilities or determination of actual attack vulnerability. That would be very difficult and I'm only a Ph.D."

    T: "Yes, that would be very difficult for I also am only a Ph.D. But even this limited scope will be expensive. In only we had someone willing to fund our 'research'."

    Bill Gates walks on stage with a huge cardboard check.

    BG: "Hi! I heard about your 'independant' 'research' project and I thought I'd give you some money to fund it. But please do not feel that this in any way obligates you to find that Windows is superior in every way to Linux. byacceptingthischeckyouagreethatallfindingswillber estrictedtomicrosoftsapprovalandallfindingswillreq uiremicrosoftsapprovalbeforebeingpublished"

    F: "What was that last part?"

    T: "Never mind. It can't be that important if he said it so fast. How about we make a small wager on the outcome of this Microsoft funded research program concerning Linux vs Windows security?"

    F: "Of course. I will bet $20 that Linux is more secure than Windows. After all, I hardly see how Linux can lose a security comparision in a Microsoft funded 'research' program." winks at audience.

    T: "I agree. This 'research' will be completely independant and verifiable."

    F: "On with the counting!"

    Both of them pull out calculators and furiously punch buttons.

    F: "Oh the shame! How could I ever be so WRONG?!?"

    T: "It does seem that our Microsoft funded 'research' has determined that Win2003 is more secure than Linux."

    F: "Yes, the fact that Red Hat took longer to release patches for publicly known vulnerabilities in software included in our default installations does show that I was wrong about Linux being superior to Win2003."

    T: "Once again, when you ... Get The Facts ... you find that Windows isn't as bad as the urban myths would have you believe. It's actually more secure than Linux." smiles at audience.

    This has been a dramatization of an actual event.

    We would like to thank Microsoft and Bill Gates for their generous contribution without which this "research" could not have been possible (it costs a lot of money looking up vulnerabilities on a website).

  19. They should be the experts. on Large Prize Offered For Writing Mac Virus · · Score: 4, Interesting
    3) I'm so sure it's worth $50,000 for Symantec to finally put that "Antivirus companies don't write viruses" myth to bed.
    Their people should be among the best qualified to show how easy it is to infect a Mac.

    Would you accept the word of a locksmith telling you that your current locks aren't sufficient and that you should give him lots more money to put new locks on your house if he cannot SHOW you how easy it is for him to pick your current locks?

    It's time for Symantec to put up or shut up. Either Macs do need their software AND they can prove it or they're just pushing their software with lies.
    1) If a virus has spread over every Mac on the Internet, then it's harmful.
    That's an awful big "if".
    4) We're going to use antivirus software to determine if we've been infected... which will only catch previously known viruses.
    That's a real problem. Either the virus writer has to modify an existing virus so that its signature is picked up, or send the virus software companies a copy of his virus so they can update their signature files.
    5) Hey you guy that wrote the virus that spread to every Mac on the Internet: just identify yourself afterwards, and we'll pay you.
    That's about how it will go.

    Either someone has to show how it can be done, or Symantec needs to shutup about how vulnerable Macs are.

    Personally, I don't see much of a problem there.

    Worms attack through ports.

    Viruses load themselves into memory and infect other files.

    Trojans only run when you launch them.

    From the article, it looks as if they're hunting for worms or exploitable holes in apps. But the most common Windows-side issues now are trojans emailing themselves to everyone.
  20. I see a lot of "if" in there. on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 4, Insightful
    If a program is crashing due to a buffer overflow

    and [if] someone can get data into the buffer

    it may be exploitable.
    The question is HOW will the attacker get that data into that buffer? It's all about limiting the avenues of attack. That's why you have to use so many "if"s.
    If certain data crashes Mozilla or OpenOffice.org, specially crafted data could exploit the crash bug to inject executable code unless the crash is due to a NULL pointer.
    Again, you're using a lot of "if"s in there.

    If magical elves decided to hide bad code in Linux and if they had CVS access and if they wrote it right and if no one noticed ...

    HOW is someone going to get that data into my OO.o document? Hmmmmmm?

    Magic? I don't think so.

    Why don't you skip the "if"s and start focusing on the "How"s?

    Security doesn't rely upon "if". It relies upon "how".

  21. Have you READ their study? on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 3, Informative
    Here it is: http://www.securityinnovation.com/pdf/windows_linu x_final_study.pdf
    So has anyone allready taken this to the test ?
    What "test"? The whole point is how their "methods" are flawed.
    As long as there is no counterevidence (besides the obvious evidence from everyday use of both OS's), why allready pass a judgement? (Ok, this -is- Slashdot, I'm not -too- new here)
    Here's the "counterevidence":

    Scenario: You are running a web site on Linux. All ports are blocked by the default firewall except port 80.
    Is a local exploit in a .pdf reader that is not remotely accessible, but that goes unpatched for a year worse (in your opinion) than ... ... a remote httpd exploit that gives you root access but which has the patch released with the vulnerability announcement on a public mailing list but you don't deploy it for 1 week while Red Hat packages it and tests it?

    By their "methods", the .pdf reader is far, Far, FAR, FAR worse than the httpd one.
    Allthough I find it dubious, to say the least, to have MS funding this research ; I still think that they should at least try to reproduce the results , and investigate what might have been left out (on purpose) to skew the outcome.
    Read the study. They did NOTHING that just about any 5th grade student couldn't do.

    They counted the vulnerabilities (X).

    They added together all the days between announcement of vulnerability and Red Hat releasing a patch (Y).

    They divided Y by X to find the average time between vulnerability announcement and Red Hat releasing a patch.

    They did the same for Win2003.

    Then they announced that Win2003 was more secure because it had let time between public announcement and public patch.

    That is all they based this "report" on.

    Their methodology is fundamentally flawed. You can do the same arithmetic they did and get the same results, but that does not mean that their findings are valid.













  22. It's worse than that... on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 5, Insightful

    #1. They didn't even evaluate the risk of each item they were counting AS IT PERTAINED TO THEIR DEFAUL INSTALL.

    #2. They ONLY counted the days until Red Hat had a fix ... NOT the days until a fix was publicly available.

    So, a local exploit in a .pdf reader that goes unpatched for a year (after being posted on public mailing list) is (by their calculations) WORSE than a remote root attack against the web server that is open on port 80 but which has a patch from Red Hat within a week (and a publicly available patch posted with the vulnerability announcment).

    WTF?!?

    Or, rather, Microsoft can SIT on a vulnerability notification for YEARS and release the patch the SAME DAY they publicly admit the vulnerability and they will STILL get a better rating than the Apache vulnerability in the previous example.

    There was NO research done for this "study". It is pure bullshit. Counting patches is MEANINGLESS when it comes to security.

    By their "logic", MS-DOS 6.2 is even more secure than Win2003.

  23. Have you read the "study"? Here it is! on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 1
    http://www.securityinnovation.com/pdf/windows_linu x_final_study.pdf

    Read it. Look at how they took the "default" settings EXCEPT where those settings would make Microsoft look too bad (firewall disabled by default).

    Read it all. Then look at what they REALLY based their "finding on".

    Nothing more than some other site's listing of security announcements/bug fixes.
    Unless you can find fault with the study itself, there is nothing wrong with Microsoft financing studies which show Microsoft in a favorable way as long as the study itelf was legitimate.
    That's nice, in theory. But just read the "report".
    ...to consider the possibility that if the study was unfavorable to Microsoft's position they would simply have pulled the plug and thrown away the results?
    That's a given. That is why Microsoft provides the financing to these "independant" "studies" by these "independant" "researchers".
    I realize this may be a difficult concept for many /.'ers to grasp but give it a shot.
    Hey, here's the REAL information hidden in that report...

    Look at how many security violations these to "Ph.D.'s" had to perform just to get Win2003 on par with Linux ...

    Then look at the "research" these two "security experts" did that could have been done by any 5th grade student who can add and divide.

    These "security experts" are prostituting their "Ph.D.'s" in support of a "study" that is beyond fundamentally flawed just so Microsoft will approve of it and give them paychecks.
  24. How do you define "security"? on Microsoft Silently Backs Favorable Presentation at RSA · · Score: 5, Insightful
    That said, Linux Distros aren't really that secure - esp the desktop configurations - once all the typical desktop stuff is installed.
    Here, let me give you a basic lesson in "security".

    It's all about limiting the avenues of attack.

    I run Ubuntu, you cannot crack my machine with any worm because it does not have any ports open to you.

    I can put that machine on a DSL connection and read /. all day and never be cracked.
    I doubt Mozilla is secure - it's just not been as targetted. Mozilla regularly crashes and exits on me for no apparent reason.
    Ah, I see you are from the "security == marketshare" School of "security experts".

    You believe that no matter how much care is put into designing an app, security holes will magically appear once enough people start using it.
    If you can get a C/C++ program to crash, an attacker can usually get it to run arbitrary code of the attacker's choice.
    Nope. That's usually a sign of a "buffer overflow".
    Same with OpenOffice. Not very stable even with just normal usage. Microsoft Word hardly crashes in comparison.
    Nice. You keep confusing software that crashes with security holes.

    Whatever.
    However for some reason, the latest fully patched IE seems to crash repeateably on some sites when I drag a link in a browser window and let go within the same window (needs javascript enabled - I only enable javascript for a few sites). I don't recall it doing that before.
    And no mention of Browser Helper Objects of how IE runs with unreasonably high access rights.
    The Linux kernel has had a fair number of bugs just this year too.

    So they're all crap ;).
    Well, you certainly can't argue with that "logic".

    All I can do is to point out that all security issues are not the same.

    #1. Remote exploit that gives root/admin rights.

    #2. Remote exploit that gives non-root access.

    #3. Local exploit that gives root/admin rights. ...

    Way way way down the list is "Exploit that crashes the app". The worst you can get from that is a DoS attack.

    But to you, all issues are the same. If FireFox crashes, that's just as bad as the sasser worm on Windows.

    Sure, it may be impossible TODAY for someone to crack my Ubuntu desktop ... but when enough people use it, an exploit will magically appear and no amount of planning and coding will stop that.
  25. Re:Heh on Enterprise Finale Synopsis Released · · Score: 1

    You would have thought one of them would have seen it. ba-dum-ba!

    --------

    The Ferenghi tells the Romulan "no, you were just renting it". ba-dum-ba!

    --------

    The borg says "It's removable. *click* See." ba-dum-ba!

    --------

    The bartender say "We don't get many Romulans in here."

    The Romulan says "That's what you think."

    -------

    Don't forget to tip your waitresses! I'm here all week.