Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Re:No, because ... on Myspace to Sell MP3s From Unsigned Bands · · Score: 1

    I suggest you come up with a trademark/brand. Then you start a website, wade through loads of crap bands and "certify" bands that you think are worth listening to, add some google ads etc to your site .

    As for the bands you think are unpolished gems - maybe you can help them with the polishing.

  2. Did you also propose solutions/steps? on Information Security and Ignorant Management? · · Score: 5, Insightful

    Because many bosses don't like being posed problems if there aren't convenient options provided at the same time.

    Or the options proposed are just unacceptable.

    e.g. instead of banning laptops on the field- have encryption for the laptops, and regular backup plans.

    As for the cisco IOS firewall. I don't think it is really that bad - it just depends on what rules you have. Expensive firewalls aren't so important if you're not dependent on a GUI and don't have very complex requirements.

    What you need to do is secure and patch the exposed services - web, mail, app servers etc.

    If you have proposed steps and options, and they choose to ignore you, then that's their decision.

    But I would recommend that you prioritize on having decent backups.

  3. Poor bandwidth control methods on ISPs Fight Against Encrypted BitTorrent Downloads · · Score: 1

    The problem with bittorrent is only if bandwidth is shared on a per connection basis. Then users who make just a few connections get "squeezed out" by those with 50 active connections.

    If an ISP is going to shape traffic, it should all be based on per IP shaping.

    If bandwidth is shared on a per IP basis then it really doesn't matter so much what users run. If the torrent users get X bandwidth max, the other users will get X bandwidth max too. Fair. Of course if X turns out to be low, then the ISP has oversubscribed. Simple.

    The assumption of course is one ISP customer per IP, and customers with more than one IP have paid more, so if they get more bandwidth that's still fair.

    BTW here's where Linux is crap, it has this overcomplicated thing called "tc" and all that complexity doesn't make it easy for you to share out bandwidth on a per IP basis. You have to precreate a separate entry for each IP, and doing that is pretty unwieldy if you have lots of users.

  4. Re:As I recall this is a flipped segment on Humanity Gene Found? · · Score: 1

    "the variation among us homo sapiens is greater than the difference between homo sapiens and a chimp."

    If you're talking about genetically, I doubt that is correct.

    That said, I do believe there are significant genetic differences amongst the different race (breeds) of humans. Not as different as the various dog breeds of course.

    In many things (not all) the top 1% candidates make the difference, so those "tiny" differences count for a lot. However in other cases the average/median "expression" counts for more (kindness, honesty, loyalty etc).

  5. Re:Corruption on Not As Wiki As It Used To Be · · Score: 1

    What happens to the history if the article is deleted?

  6. Not really a good sign on More Wiki Than Ever · · Score: 1

    "version-flagged: where anyone can make a modification, but only non-new users can "bless" the page to make it public."

    Whether it really is more wiki in practice depends on:

    1) how many pages end up version flagged
    2) who are regarded as non-new users

    Given the way they've tried to spin it as "definitely more wiki", I think soon we'll have "all are equal but some are more equal than others".

    If Wikipedia was a humour/satire site then that's probably fine, but it seems it is supposed to be a site about truths.

    And if the people at the top don't think the truth is that important or don't even have a good sense of what is true, then it's just a matter of how rapid the decay ends up being.

    So the political/PR style talk isn't encouraging at all.

  7. Re:Judgments of Wikipedia on More Wiki Than Ever · · Score: 1

    Because it's a site where stuff like "we are at war with oceania" can be continuously redefined and changed.

    You can claim there's a history of changes etc but I say that's not true because stuff can be deleted and does get deleted. And it seems pretty arbitrary what ends up being deleted and what doesn't.

    If more people start depending on it then that sort of thing becomes important.

  8. Re:Darwin All Over Again on Single-Celled Species' Genome As Complex As Ours? · · Score: 1

    "We have one of the most adaptable digestive systems on the planet."

    While that was true in the past, we've evolved and specialised to eating petroleum in the recent 100 years or so.

    No petroleum for modern humans is like no bamboo for pandas - only a few will survive.

  9. Re:assuming the web was the cause... on Dell Battery Recall- Win for the Web · · Score: 1

    Sure, but what happens if Sony doesn't think there should be a recall even if Dell thinks there should be one?

    I doubt Sony will accept a contract where just because one notebook has a problem, and Dell gets nervous and recalls the whole batch AND Sony has to pay for the recall.

    Often _perception_ of the problem (risk * impact * fear) can be a decider.

  10. Re:obligatory reference on Dell Battery Recall- Win for the Web · · Score: 1

    Yeah, but Dell being able to convince/have Sony to pay for the recall sure changes the cost of a recall from Dell's POV.

    I'm sure all the web stuff gave Dell enough ammo to convince Sony, if Sony weren't convinced by then.

  11. Re:assuming the web was the cause... on Dell Battery Recall- Win for the Web · · Score: 2, Interesting

    We may never know.

    But it could have initially been: Dell going to Sony saying: "We have a problem", and Sony saying "Oops! OK we've changed stuff, should be fine now, we pay for whatever blows up ok?". At this point if Dell wants to recall, Dell has to pay a fair bit - since not enough people are convinced it's a big enough problem, and Sony only commits to paying for what blows up.

    Then when stuff hits the fan (theinquirer, etc), Dell goes to Sony and says: "Look, all bets are off, it's your frigging fault and you know it, if people sue us, we're gonna sue you, so fix it". By this time Apple (and maybe other manufacturers) probably saying to Sony- hey you know that "Dell problem"...

    So Sony pays.

    In my opinion Sony has fallen to great depths. Wonder if they've taken the worst of the Japan and USA cultures rather than the best ;). They might be adding the worst of the Chinese corporate cultures too...

  12. IMO 1GB is too much. on How Much Virtual Memory is Enough? · · Score: 2, Informative

    I think most people who think that swap should be in terms of multiples of physical RAM are missing the point.

    How much swap you have should be related to the longest you are willing to wait for stuff to be swapped in and out.

    Adjust your swap so that your computer is as slow as you can tolerate when it runs out of memory.

    For example: if you have a typical ATA drive, random read transfers would be about 10-15MB/sec. So if you ever need to swap in 400MB of stuff, you'd have to wait about 30-40 seconds before all of it is read in.

    What complicates things is there are some applications/programs that allocate memory that they will practically never use, so you'd may want to add swap for that.

    So the swap amount would be something like: total swap = "permanently swapped out unused stuff" + (seconds willing to wait * random read speed).

    Of course virtual mem doesn't really behave exactly like that - when you are low on RAM the computer will be continously reading the program it needs in, while writing the stuff it thinks it is less important out, but basically you're kind of reliving the old days of "drum/disk memory" - where you running stuff from drum or disk. And that's really slow.

    The problem with running out of memory is that under some conditions some operating systems (e.g. Linux) can mess up and kill the wrong process to free memory. I think this has improved somewhat - but Linux used to be pretty stupid and kill pretty important stuff...

    This is mainly because of the default overcommitting of memory. With overcommit, the O/S can say "fine" even if there really isn't enough memory, but when it turns out you really do need it all, the O/S goes around looking for stuff to kill...

    If you turn off overcommit things can become safer, but you'll need enough memory to hold all allocated memory even if unused.

  13. Send the machines back - they are faulty on Solutions to the Frustrations of Video? · · Score: 3, Insightful

    Any DVD recorder that can't write stuff that can be played back well with normal working players is faulty.

    Whatever they tell you, it is faulty. Send it back and get a refund or working replacement.

    Given you are likely to know many friendly lawyers, maybe you could hint that various sorts of unpleasant legal action might be taken if they don't do the right thing...

  14. Re:Superiority of the Free Market. on Internet Connectivity Outside of the United States · · Score: 4, Interesting

    Are street lights really efficient? Even if they are, why would a private company actually want to provide street lighting for free?

    I suggest that most countries and their citizens do benefit from street lights.

    To the free market worshippers: the free market only works when not all people choose to be totally selfish and greedy. Once there are too few of those "salt of the earth" types, the whole thing starts falling apart.

    No matter what system you have, if you want something good from it, you will need good people.

  15. Re:Ethical issues? on Cloned Beef Coming Soon? · · Score: 1

    I dunno, I hear one often starts getting attached to them after a while - give them pet names etc.

  16. Re:Panic! on Cloned Beef Coming Soon? · · Score: 1

    Whatever infectious diseases or parasites a human can get, I am likely to be able to get those too.

    You think the food industry will maintain high enough standards?

    So no thanks.

  17. Re:Ethical issues? on Cloned Beef Coming Soon? · · Score: 1

    Could I have one of the pretty females? Live of course.

    Free range chicks... Mmmmm.

  18. Re:Just you wait.... on Cloned Beef Coming Soon? · · Score: 1

    Well the US-style "long pig" would be a bit different from the traditional "long pig".

    Wouldn't really call it "long", it has a lot more erm "body". Too much high fructose corn syrup and "Super Size" feeds I guess.

    But hey, it's mostly white meat, and that's supposed to be more popular right? ;).

  19. Re:Great... on 11-year-old Proves Locks Not So Secure · · Score: 1

    If you can work out a way to accurate simulate the only 128 bit key that opens a lock within say 1 year, without already having access to the original key, then I think you have something there.

    Otherwise, you're wrong. Lockpicking will not always work.

    There are plenty of ways to build decent mechanical locks (not even electromechanical). Just most lock makers are using primitive insecure designs that can be picked or "bumped". Abloy and a few others have shown that not all locks need to be crappy.

  20. Re:Locks are meaningless for average people on 11-year-old Proves Locks Not So Secure · · Score: 1

    Where I live most houses built by housing developers have brick walls.

    While a sledgehammer still works, I think the easiest way in is usually through the roof.

    Not sure why wooden or similar walls are so popular in the USA.

  21. Re:Great... on 11-year-old Proves Locks Not So Secure · · Score: 1

    My house uses these solex locks which I think aren't vulnerable to bumpkeys by design: http://www.solex.com.my/padlocks.html

    They seem similar to abloys in the way they work (not sure if they are as secure) but the solex keys have 2 fold rotational symmetry whereas the abloy ones I've seen don't.

    Personally I think most of those "high security" locks are crap - the fact that stuff like bumpkeys and lock picking still work is ridiculous.

    But thing is, they don't really have to that good - since most thieves will just smash their way through.

    And if all locks are so good, your check-in luggage would always either get delayed or go missing - since they'll never be able to pick open your bag and check through it in time.

  22. Re:Virus model (motivations) on Windows vs Mac Security · · Score: 1

    Of course the distribution of vulns is not constant over O/Ses. I never said it was. I'd say that OSX and Windows aren't really that different from the security design and exploitability point of view.

    I'll only claim that the lack of infections is not primarily due to lack of vulnerability and it is more due to lack of motivation - and that is related to marketshare.

    Firefox has had plenty of vulnerabilities (and I'm willing to bet it has plenty more unreported ones)- why haven't the baddies bothered installing their malware using them? Those vulnerabilities are definitely exploitable.

    Why? I say it's because the malware people can't achieve what they want - lots of infections.

    Why? The overall market share is lower and the sub-monoculture shares are even lower.

    What I mean by sub-monoculture shares are machines that can be exploited by the same binary/exploit. An exploit on windows tends to work across many versions of Windows. Whereas an exploit on say one linux distro might not work on other distros.

    If OSX actually got really popular, things could change significantly - since it is likely that an exploit could work across multiple versions of OSX, and OSX has lots of preinstalled software that an infector could use (applescript, perl etc).

    The sort of hackers who are not interested in lots of infections and are interested in just taking over specific machines are more likely to be the sort to take it over _unnoticed_ - go in, get what they want, get out (often all in a few seconds).

    The sort who are interested in fame just have announce OSX vulnerabilities from time to time and they do, but they don't have to release an _exploit_ to get their fame. They could write an actual exploit, but they don't have to release it to get their fame or bother infecting a single machine in the wild. All they need to do is publish and show up here:

    http://www.securityfocus.com/cgi-bin/index.cgi?o=0 &l=30&c=12&op=display_list&vendor=Apple

    Go look, plenty of exploitable bugs. Be glad there's that avenue for such people.

    If you are going to say the vulns are not in the OSX kernel, well there haven't been that many bugs in the Windows kernel either - the hackers you should be worried about aren't going to bother debating which is Apple code and which is not, to them what's important is what runs/exists on all their targets.

    Lastly, OSX is definitely safer to use than Windows. But the sort of safety is "living in a safer neighborhood" safety. Not living in a fortress safety.

  23. Re:I don't understand on Diebold Flops in Alaska · · Score: 2, Insightful

    Yeah, seems funny to me too and I'm in some 3rd world country.

    If all that "Democracy" and "US Constitution" stuff the US likes to boast about isn't just bullshit talk, then all the Diebold people involved and their bosses AND the people who approved the machines should be lined up and charged for _treason_.

    Tell me why making crappy voting machines AND approving them shouldn't be regarded as treason.

  24. Re:UNIX and viruses on Windows vs Mac Security · · Score: 1

    It'll probably be a dream for malware authors if all the "run anything" users switch to OSX.

    Plenty of really useful stuff (to malware people) preinstalled like perl, applescript, maybe even xgrid :). Python is preinstalled on recent versions of OSX - I believe python packaging is much better than perl.

    Polymorphic binaries? How about polymorphic perl or lisp or forth? Whoopee. I really wonder how the AV people would cope with such stuff.

    What I feel is needed are "privilege templates". Then users can run stuff restricted to the appropriate template- the app would ask for "flash game" privileges which would be just sound, windowed graphics, keyboard and mouse I/O, no network access, very limited read access, zero or very limited write access (temporary?).

    If you have a "cool applet game" that requests "permanent system install (unsafe!)" privileges, users would really be shooting themselves in their feet a few times if they click past the extra warning messages...

    You might even limit web browsers to "web browser" privileges - sure you can still have a trojan which DoS websites but that's about it (well I suppose in theory the OS could also limit/warn about excessive concurrent outbound tcp connections and connection closes per second, but that starts getting a bit harder - not that hard I guess).

    TPM and DRM are overrated, they can be useful, but guess who ends up with the power? Who controls what can run and what can't? Not the users. Those who control the certs and those who can exploit trusted signed binaries get the power.

  25. Re:UNIX and viruses on Windows vs Mac Security · · Score: 1

    Uh which year are you in? 2001? Reasonably recent IIS versions have had far fewer exploitable bugs than reasonably recent apache versions. IIS4 was really crap, but stuff after that got immensely better. If you look at the recent 2006 vulnerability, it really isn't a big deal. There are so many conditions for it before it can be exploitable and even classed as a problem (requires attacker to have valid logon credentials etc etc).

    ( BTW if you add PHP (the popular "ASP" equivalent ) to apache, you end up in swiss cheese land... )

    Just because there have been no viruses etc in the wild does not mean that OSX is more secure (from the software quality POV - it's _safer_ in _practice_ for now of course).

    For example: there have been plenty of exploitable firefox bugs[1], why hasn't anybody bothered installing spyware etc using them? Yeah, why?

    I suggest that if a homogeneous firefox share approaches or goes past 50% you'll start to see malware being installed using firefox exploits. By homogeneous I mean - same exploit will work on that entire "share" (think monoculture).

    An IE sploit is likely to easily work across multiple windows versions, but an exploit that works on Firefox on Ubuntu Hoary might not work on Firefox on SuSE 9.1, heck even an exploit that works on SuSE 9.1 might not work on SuSE 10.1 - same reason why you're more likely to have more problems running the same binaries on different Linux distros, than the same thing with Windows.

    Remember also desktop market share is very different from server market share. Desktop usage and users are very different from server usage and admins.

    Desktop users don't even need IE or Firefox bugs to install trojans - many seem to actually manually install them.

    Once you start to have enough of those "shoot both feet" users in OSX land, I think the spyware/zombieware etc people are going to do a few of those in python/perl too. It doesn't matter if the AV people can detect them - because (I believe) one can write such malware really fast and test them against the AV software faster than the AV people can figure out ways of detecting them without too many false positives. Might even be able to semi-automate the process...

    [1] If you don't believe me go look for firefox vulnerabilities here: http://www.securityfocus.com/vulnerabilities