Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Re:Not PEBKAC on Malware Threat To GNOME and KDE · · Score: 1

    You appear to not have read or understood my post.

    Nags? See 2b). If you have to evaluate and install 100 different programs a day, you will get 100 extra dialogs and make 100 extra decisions, but with my proposed system you are more likely to still have an unpwned computer by the end of the week.

    The malware can only mimic this type of protection AFTER it is allowed to run and has been given the necessary permissions to mimic it.

  2. Re:Not PEBKAC on Malware Threat To GNOME and KDE · · Score: 1

    Right, but it is a simpler problem than figuring out whether a program is safe to run before running it -without knowing all of it's possible inputs. The typical user is also usually unable to understand the true description of it - the object code.

    My suggestion is analogous to a "halting problem" program telling the user (and O/S) in advance that it wants to run for a max of "a short while" (in human terms). And so the O/S limits it to 30 seconds, and if the program tries to run for longer, the O/S kills it.

    Whereas if a "halting problem" program that is expected to run for a "short while" by the user, told the user that it wants to run "forever", the user might get suspicious and refuse.

    It would be easier to train users to refuse "forever" requests - and/or contact an expert for advice.

  3. Re:Virus? on Malware Threat To GNOME and KDE · · Score: 2, Insightful

    Since we're talking about desktop computers, who in their right mind cares about "installs"?

    I care more about user data.

    I can get "install" data from the DVD/CD and Distro update service.

    But I cannot always retrieve the most recent user data from backups.

    Losing a day's work or even an hour's work can be more pain than having to reinstall the OS.

    Of course it's different if you are one of those users that installs an operating system just for the purpose of playing with themes, etc but not doing any significant work.

  4. Re:Not PEBKAC on Malware Threat To GNOME and KDE · · Score: 2, Insightful

    While Vista does sandboxing AFAIK it doesn't have templates for sandboxing (which to me are an important part for making them user manageable).

    Does it provide the user with an accurate concise idea of what the program's required privileges are?
    Does it allow the user to save the decision preferences for an app+template pair?

    Vista's UAC as implemented seems more like a way for Microsoft to shift blame to the user for security problems.

  5. Re:Doesn't this sound like... on Hacking With Synthetic Biology · · Score: 1

    But think of what will happen if the barrier to entry gets lower.

    For some people deadly = useful.

    In case you haven't noticed, suicide bombers often kill themselves and a lot of people.

    Will the human world be ready for the time when almost everyone can afford the equivalent of a Big Red "Kill Everyone" Button?

    People say tech progress is inevitable, but:

    1) not all paths have to be taken NOW
    2) not all paths can be taken at the same time since we do have resource constraints.
    3) many paths cannot be "untaken" once taken.

    So I argue that it might be better to do some things later, and more resources allocated to figuring out what those might be.

  6. Re:awww poor casinos on Casinos Warn iPhone Card-Counting App is Illegal · · Score: 1

    Sounds like a crappy and stupid casino then. Any hints on which one? :)

    It should be pretty obvious to everyone else at the table that he was dealt good hands.

    So if you come down with two bouncers and drag him off, that just ruins the mood for the recreational gamblers - those who are there to spend money, dream about winning and have a good time.

    You want those "losers" to hang around at your casino and not the one next door.

  7. Re:awww poor casinos on Casinos Warn iPhone Card-Counting App is Illegal · · Score: 1

    The tables?

    I'm sure the dancers will still manage as long as you provide them a suitable pole...

  8. Re:You're looking at this wrong on Repairing / Establishing Online Reputation? · · Score: 1

    And in those places your career and salary trajectory might also be strongly influenced by some HR drone right?

  9. Not PEBKAC on Malware Threat To GNOME and KDE · · Score: 4, Interesting

    A lot of people claim it's a PEBKAC problem, but I STRONGLY disagree.

    If you expect people to figure out whether a file is safe before "launching/opening" it, then you are expecting people to solve something arguably harder than the "halting problem" (which I hear is very hard, but still easier in comparison since you are given both the description of the program AND the finite input!).

    I propose that:
    1) Compliant programs be allowed to _request_ what they want to be able to do (by either using a finite and manageable set of standard sandbox templates, or in special cases a custom sandbox template - which can be audited and digitally signed by 3rd parties).
    AND THEN
    2a) The user be asked whether the request seems reasonable e.g. Fun Screensaver requests "Standard Screen Saver" privileges vs WARNING!! Fun Screensaver is requesting "Full System" privileges!
    AND THEN
    3) If approved, the operating system then enforces the requested template, so the program can only do whatever possible within the template sandbox.

    Do note there's also:
    2b) The request is silently approved if the OS has been told to remember the user's prior approval of the program and template (and the alt/whatever key was not held down while launching).
    2c) The request is silently approved if the program and requested template is signed by trusted parties (e.g. OS vendor), and the alt/whatever key was not held down while launching.

    I have proposed this concept before to Ubuntu and Suse, see:
    https://bugs.launchpad.net/ubuntu/+bug/156693
    (FWIW I've actually also suggested this to apple).

    It'll be hard to implement, but I suspect it's easier than getting "Joe Sixpack" to reliably solve something harder than the "halting problem".

    Lastly, much windows malware REQUIRE a brain to participate in order to spread. It's often harder to write malware that does not require a brain to spread. Many here think they're so smart, but would they really know what a devious binary or perl script actually does? Have they ever looked at the Underhanded C entries?

  10. Re:Linux Users Don't Backup?!? on Malware Threat To GNOME and KDE · · Score: 1

    How about secrets like passwords?

    The other issue is that your computer can be turned into one of those "zombies", just like the thousands of windows machines out there.

    Desktop Linux is just as vulnerable as Windows. The security model is similar if not less secure - by default any program that > 90% of the Linux users out there run, can do whatever that user's account can do.

    Given the same sort of users, the same sort of marketshare, there'd be tons of trojans, rootkits, zombies everywhere. If not more so!

    After all, stuff like python and perl are typically bundled, and with them you can probably write malware faster than the AV people can keep up with, and with all sorts of features.

    I doubt you really need to do that curl/wget thing in the article, I'm sure someone can figure out perl or python one liners to do the whole malware thing while skipping that extra step of fetching the main code from a site that can be easily taken down. What's the line length limit for those desktop files?

    For bonus points get it to periodically use search engines to look for new malware code, then fetch and test it for fitness, and run it as a separate instance :).

  11. Re:No... on Student Satirist Gets 3 Months; the Judge, Likely More · · Score: 1

    Seems the normal ratio was 10:100 (10 to detention out of 100 defendants), he sent 25:100, so that's 3000 extra juveniles?

    Imagine 3000 youths (and their friends, parents, relatives) feeling like this:

    "I felt like I had been thrown into some surreal sort of nightmare," said Hillary, 17, who was sentenced in 2007. "All I wanted to know was how this could be fair and why the judge would do such a thing."

    Y'know the "child abuse"/"protect the children" card is popular nowadays, if he really wrongly sent juveniles to prison, then he's practically a serial child abuser.

  12. Re:Badly B0rken on Drug Deletes Fearful Memories · · Score: 1

    Yep that's the important bit: "long-term memories -- once thought to be fairly stable -- can be more easily meddled with".

    We already know that memories are unreliable. Now here we have a way to make them even more unreliable.

    If you delete memories, it makes it easier to replace them with new fake ones (which is probably the intended usage).

    If you do things wrong, you can traumatize someone, over and over again. And they might think the new traumatic memories are real and sue the wrong person for the wrong thing.

  13. Re:No it wouldn't on Draconian DRM Revealed In Windows 7 · · Score: 4, Insightful

    Yeah. I don't see that much in terms of actual proof, details of tests conducted or reports of people reproducing the findings and/or adding more details.

    I mostly see lots of hysterical screaming, and people going off tangent.

    As you say the DLL thing is probably another "protect the user" feature.

    But I'm definitely interested on the degradation of audio part.

    Say if I am recording sound at an event, but I also want to use the same computer to play out some sounds/music while doing so, does that mean the audio will be degraded if I use Windows 7? If that really is true, then Windows 7 will be totally unacceptable to many people who do audio stuff.

  14. Re:Team sports on Jet Pack Runs For Hours On Water · · Score: 1

    One dangerous bit I see is if two people get their hoses tangled together, or tangled with a fixed object.

    You might not react quickly enough to cut the power, so you zoom round and round, and bad stuff happens.

  15. Re:youtube comment on Jet Pack Runs For Hours On Water · · Score: 1

    "its amazing what sorts of crap people can write with a keyboard. my head will implode if i read another line like this"

    lol omg i wana watch ur hd impld soooo badly hp sum1 puts it on youtube an ima get to see it lol.

  16. Re:That's 1 Power6 Core vs Multi-Core on A Brief History of Chip Hype and Flops · · Score: 2, Interesting

    OK. Seems my assumption that the CFP2006 benchmarks are single threaded was wrong (it can be multithreaded and use multiple cores if "auto parallel"=yes).

    Even so, the POWER6 still doesn't seem that much faster - certainly not 100% faster.

    Back in 2007, the 2400MHz Intel Xeon 3060 still got a score of about 15 with only 1 core enabled. The 4.7GHz POWER6 score of 18.7 is not 50% or 100% more/faster than 15.

    See:
    http://www.spec.org/cpu2006/results/res2007q2/cpu2006-20070329-00693.html
    http://www.spec.org/cpu2006/results/res2007q2/cpu2006-20070611-01218.html

    You have to understand it's a bit hard to do apples to apples comparisons because:

    1) Though IBM did post a 5GHz POWER6 score of 20.1 last year (2008), I don't see "cores=1" submissions for Intel chips last year.
    2) There are no cores > 1 scores for POWER6.

    As it is, I'm inclined to think that the x86 has caught up with the POWER6's CFP2006 performance, if not surpassed it already.

    My reasoning is the POWER6 has not got much faster since 2007 (4.7GHz -> 5GHz, with no change in architecture).

    Whereas the 3733MHz Intel Core i7-965 Extreme Edition is definitely a lot faster than the 2400MHz Intel Xeon 3060 - (which got a score of 15 with one core).

    The i7 is a new architecture with maybe 10-15% faster per clock, and 3733MHz is a fair bit faster than 2400MHz (BTW the performance/watt is very competitive too).

    So it's near certain that a 3.733GHz i7 would beat a 5GHz POWER6 in single core performance in both CFP2006 and CINT2006.

    It's impressive how fast the x86 can go :p.

    I don't think it's going to be easy for the POWER/SPARC/Itanium teams to beat the x86 in performance, or even performance/watt (for high performance computing).

  17. Re:Hi again on How Many Open Source Licenses Do You Need? · · Score: 1

    "try showing how those licenses don't satisfy a particular business purpose "

    Doesn't help justify some lawyer's existence ;).

  18. POWER6 vs x86 on A Brief History of Chip Hype and Flops · · Score: 1

    Go to: http://www.spec.org/cgi-bin/osgresults?conf=cpu2006;op=form

    Change Processor from SKIP to Display.

    Order by published asc, baseline desc, result desc.

    Submit the form.

    Look for the CFP2006 benchmarks.

    Then look from then on.

    You will see that the POWER6 or Itanium 2 lead over the x86 at any time was rather low.

    In Aug 2007, the Intel Core 2 Duo E6850 was about even with the POWER6.
    By Oct 2007 the x86 Intel Xeon X7350 was leading.

    AFAIK the CFP2006 benchmarks are single threaded performance tests, and the "CFP2006 Rates" are for multithreaded tests.

    The x86 may be an ugly pig, but it now has a huge jetpack strapped on.
    So the "elegant" eagles that want to be as fast now also have to wear huge and ugly jetpacks.

    From a distance they now look about the same and run about as hot :).

  19. Re:Itanium not superior technology at all on A Brief History of Chip Hype and Flops · · Score: 1

    OK to back up my claims.

    From the published SPEC CFP2000 results:

    The first Itanium was blah even in SPEC FPU compared to x86 (P4, Opteron).

    June 2001:
    Itanium = 715
    Alpha 21264B = 784
    1.7GHz Intel Xeon = 609

    Soon after the POWER4 came out and hit 1169.
    Then the Intel P4 Xeons started hitting 734.
    And by year end 2001 even the UltraSPARC 3 was hitting 731.

    Then in July 2002 the Itanium 2 came out with 1305.
    But the POWER4 was already 1266 in May 2002.
    (the P4s were only at 900 around that time).

    The Alphas then got to 1365 in Nov 2002, the Itaniums snuck past them in Dec 2002 with 1431.
    Then in Jan 2003 the Alphas retook the lead with 1482.

    In May 2003 the POWER4+ passed them all with 1699.
    At that time the 3GHz Intel P4 and 1.8GHz Opterons were hitting 1200+.

    The Itanium 2 made a comeback in July 2003 with 2119, and it held the lead for 12 months till July 2004 when POWER5 came out and blew everyone away with 2702.

    Do note that during that 12 month period the x86 went from 1285 (P4) to 1691 (Opteron).

    At Nov 2004:
    POWER5 = 2733
    Itanium 2 = 2712
    AMD = 1878

    After that it was basically IBM POWER:
    Oct 2005, POWER5+ = 3030
    March 2006, POWER5+ = 3513.

    In June 2006, the Itanium struggled and hit 3017, in that same month the Intel Xeon 5160 hit 3049.

    In July 2006 the Opteron 856 hit 3538.
    In August 2006 IBM POWER5+ replied with 4051

    So the Itanium indeed had 12 month period where it was leading.

    Before that it was Alpha vs POWER vs Itanium. After it was POWER, with x86 in second place.

    Don't forget, for much of this time the x86 was crushing everyone in the CINT2000 benchmarks. Only in July 2003 did Itanium lead briefly, with x86 matching in August 2003, and retaking the lead in September 2003.

    After that the AMD and Intel x86 chips gradually pulled away from everyone else in CINT2000 performance, leaving everyone far behind in the dust.

    In short, if you didn't care about x86 compatibility, there was only one 12 month period where the Itanium 2 might have made sense if you only cared about FPU performance.

    But if it cost more than 30% more you'd be better off with something else, since the sort of FPU stuff that the Itanium's EPIC architecture was good at, could be easily parallelized and done on multicomputer clusters.

    You need to be good at something that can't be done with a cheaper cluster of x86 machines.

    p.s. if you go look at the CFP2006 scores the Intel Core 2 stuff started smacking the rest down by Q3 2007, even the IBM POWER6.

  20. Re:Film at 11... on High Tech Misery In China · · Score: 1

    Another thing a factory worker is more likely to get that USD5/day than a farmer is assured of a profitable harvest.

    What next complain about the terrible working conditions the WoW gold farmers have to put up with? ;)

    Sure it's bad, but it's not like you're going to let millions of them into your country to work.

    What might help, is finding out which factories have good working conditions and then let the workers know.

    If they still prefer to work a factory with poorer working conditions, maybe because they pay higher, then that's up to them.

  21. Itanium not superior technology at all on A Brief History of Chip Hype and Flops · · Score: 5, Insightful

    The Itanium is not superior at all.

    Even before the AMD64, the Itanium was only good at mainly contrived FPU benchmarks. It was dismal in integer performance.

    When you didn't care about x86 compatibility and wanted to spend lots of money for the usual reasons, it was better to go with IBM's offerings like POWER (which is still a decent contender in performance).

    Intel couldn't offer you much else other than the CPU. They had to rely on HP, who just left their Tandem and VMS stuff to rot. Yes there were other big names pretending to do Itanium servers, but in practice it was HP.

    The Itanic was an EPIC failure.

  22. Re:RTFA on Acquired Characteristics May Be Inheritable · · Score: 1

    What I'd like to see tested is whether the mice's grandchildren inherit the improved memory.

  23. Re:No license necessary on A Software License That's Libre But Not Gratis? · · Score: 1

    "Likewise, you could re-write parts of the book to make it more to your liking "

    It does get blurry with the DMCA though...

    So far in practice it seems you're not allowed to tell others how to rewrite parts of the book to make it more to your liking - especially the parts of the book which prevent you from making your own copies of the book (not necessarily for distribution).

  24. Re:This is just a stupid arrangement on Inside Factory China · · Score: 1

    OK I've read the article and it backs up what I've been saying.

    China has $1.95 trillion in foreign reserves.

    They couldn't convert all that USD to RMB/Yuan ("sell the USD to take home Yuan/Yen/Won/Dong" is not as easy as you seem to imply). Most countries selling lots of stuff to the USA end up sitting on a huge pile of US dollars called "USD denominated foreign reserves".

    China lent the USA money using some the excess USD they got from selling the USA stuff.

    So clearly devaluation of the USD to help the USA would hurt China (and they know it), and other countries holding trillions/billions of USD.

    In short, a significant part of China is living within the USA's Zimbabwe. That's why they're making noises.

    In contrast, the massive devaluation of the Zimbabwean Dollar hardly hurt China (or most other countries) at all. They never bothered to make grumbling noises to Mugabe about devaluation.

    Also all of them seem to think that the devaluation of the USD could help the USA (and they are right - the USA taxes the rest of the world). In comparison the devaluation of the Zimbawean Dollar cannot help Zimbabwe, it just helps Mugabe and friends (Mugabe taxes the rest of Zimbabwe).

    AFAIK it's all as I've said.

    Maybe you can point out the exact bits in the article that show that I'm wrong.

  25. Re:This is just a stupid arrangement on Inside Factory China · · Score: 1

    Sure, Japan can try to sell the USD to buy back yen, but not that many countries hold that much yen. Tell me, who is going to sell yen back to Japan?

    So they use a lot of that USD "as is" to buy stuff. Loads of international suppliers sell oil, toys, nails, ceiling tiles, etc in US dollars, far fewer sell them in yen.

    They can't buy oil from Saudi Arabia in yen. So Saudi Arabia has very little yen to sell back to them.

    Another example, if Japan wants to buy widgets from China, they buy it in US Dollars. If the US dollar appreciates in value against the ringgit, the seller in China gets richer in local currency terms, if the US dollar depreciates, the seller suffers. The seller in China could try to raise prices, but if the suppliers in other countries don't raise prices it doesn't work as well, so there will be a significant time, before everyone manages to raise the US prices.

    USD inflation will hurt other countries more.

    Countries around the world hold billions of USD in reserve.

    http://en.wikipedia.org/wiki/United_States_dollar#The_dollar_as_international_reserve_currency

    The USA is currently in a position where it can tax the rest of the world (and not just its own citizens) just by "printing" more US dollars.

    Whereas if Country X printed more local Currency P, the rest of the world would hardly care (and laugh at Country X).