Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Re:It shouldn't be a suprise. on Defeating XP SP2 Heap Protection · · Score: 2, Insightful

    Well that's fine if people who really know what they are doing do the redesign and rewrite.

    If it's the same people who didn't spot the serious bug that affects the _whole_ design, the odds are much worse that starting again would actually help much.

    Ask a crappy team to redesign and rewrite and they'll just come up with more crap. Let's be nice and say the team is good only the politics/process is broken, whatever, you still end up with more crap.

    So far the evidence is that more often than not the same people who wrote insecure software will still _rewrite_ insecure software even if they start anew. Go look at Bugtraq over the years.

    It's hard for most programmers to write secure software in certain programming languages - C being the most infamous example. Trouble is most still keep doing so for various reasons.

  2. Re:than they had better mend their ways on Microsoft's Longhorn Faces Antitrust Scrutiny · · Score: 1

    Strange... My USD16 USB thumbdrive works on my SuSE 9.1 and it's a 2.6 kernel...

    You looking in the right directory? e.g. /media ?

    You have to have the hotplug stuff on in order to automount the stuff etc.

  3. Norway??? on MS To Limit Security Fixes to Legal Copies of Windows · · Score: 1

    The Reuters article mentions Norway: "Microsoft is also targeting software piracy in China, Norway and the Czech Republic, where the use of pirated software is more widespread, by offering discounts to users of pirated copies of Windows"

    That's a surprise to me. What are the laws in Norway? Perhaps the copies are illegal in Microsoft-land... But are those copies really illegal in Norway?

    I see:
    "Sec. 19. When a copy of a work has been sold with the consent of the author, the copy may be further distributed amongst the public. The same shall apply to copies of issued works, and any copy of a work of art or photographic work which the author has assigned in any other way.
    The provisions of the first paragraph shall not confer a rental right, except in respect of buildings and works of applied art. Nor do the provisions confer a lending right in respect of machine-readable copies of computer programs. Exchanges that are carried out as an organized activity shall be considered on a par with rental"

  4. Re:heheh.. on Confessions of an Ultima Online Gold Farmer · · Score: 2, Interesting

    AFAIK, in most of these online games you are playing _with_ other people. There are cultural and social norms. So it's not a case of "the game engine lets me do it so its fine" - that's fine if you are playing alone, or if everyone agrees that's the rules to play by.

    If you break the "norms/cultural rules" too much, you might end up playing alone.

    It's not that much fun playing _alone_ even if you've worked out how manipulate the system to make yourself "so powerful".

    Of course in the commercial games, if a behaviour causes tons more customers to go away than sign up, there's a high chance of them taking action...

  5. Re:Latency on Rambus Takes Another Shot At High-End Memory · · Score: 1

    DRAM slowness doesn't bother me as much as HDD slowness.

    Decades later and we still have access times in the order of 10ms... That really really sucks.

    DRAM isn't that bad because the SRAM caches work pretty well in many cases - e.g. you have a loop zooming along at near CPU speed (in SRAM), reading and writing processed data out at DRAM speed. That's fine because the loop often isn't fast enough to move data in and out at SRAM speed.

    You are more likely to hit the HDD speed limits first (or run out of DRAM space - but that's another matter). Then you need big disk arrays...

  6. Uh. on Rambus Takes Another Shot At High-End Memory · · Score: 1

    You already have tight CPU-SRAM memory integration. It's called CPU cache.

    As for 128MB level 3 cache, some servers do have that.

    If it's worth it, they often do put the stuff in.

    It's just like battery backed RAM HDDs. If DRAM was cheap enough more of us would be using that instead of klunky spinning discs. As it is, it's cheaper for most people to buy GBs of RAM and use that as disk cache AND space to _execute_ programs, rather than buy the niche RAM-HDD product and not be able to execute programs directly off it.

    Having the SRAM as cache makes things more flexible.

  7. FYI on Rambus Takes Another Shot At High-End Memory · · Score: 1

    PCI-express != PCI-X

  8. Re:Sorry... on Rambus Takes Another Shot At High-End Memory · · Score: 1

    Uh isn't it already interleaved on some modern systems?

    Also, on Opterons (and some Athlon64s) support dual channel RAM. That comes to the same thing...

  9. Mushrooms? on Plants for Cubicles? · · Score: 1

    If you're not picky on the exact sort of mushrooms you get then all you need is moisture, not too cold temperatures and some compost. In one of my previous offices we had some mushrooms growing out of the edge of the sink in the pantry...

    If you're picky on the sort of mushrooms you want then it's hard...

    Hint: don't eat them.

  10. Mod parent up! on Custom Software vs. COTS Products · · Score: 1

    A building typically gets screwed up not because you buy bricks off the shelf or you make them yourself.

    Often the actual need for such big projects is to help a big bunch of people keep their jobs and/or make a big pile of money because "something needs to be done". Even if that "need" has some real basis, the usual main consideration is how that bunch of people can keep their jobs and/or make a big pile of money.

    BTW, take a look at the Iraq project... Whether it's COTS or custom, doesn't make much of a difference to the people who are getting screwed/killed.

    It could make a difference on who's getting the money though. And that's probably the only difference between COTS or custom that counts for the decision makers...

  11. Re:Sad :-( on The Forgotten Huygens Experiment · · Score: 1

    When you have a billion things to do, you split it into smaller lists and pass those lists to others.

    Then those others split the lists to even smaller lists and pass them to others.

    That increases the number of ways things could go wrong. Even if you have list items on some lists to check that other people are doing stuff on their lists, stuff happens...

  12. Re:Fiberoptic communication on Scientific American on Quantum Encryption · · Score: 1

    yeah, but if the sender doesn't realize it in time and/or doesn't have appropriate countermeasures, you might get enough of a message.

  13. Re:Spin doctor fails proficiency check on HP to Region-code Cartridges · · Score: 1

    It's a bit premature to rate the spin doctor's proficiency.

    You'll have to see the response of the general public first.

    The general public could fail their proficiency check...

  14. Re:My Next Printer Won't Be HP on HP to Region-code Cartridges · · Score: 1

    Using a Konica Minolta laser printer at home. Not too bad for < USD100 new! With a free mouse too. Seems better than the Samsung printers I've used at work before.

  15. Re:Mod the parent... on HP to Region-code Cartridges · · Score: 1

    Where's the 2. ???? :)

  16. Re:Modern USA on HP to Region-code Cartridges · · Score: 1

    Hey where are the "In Modern USA" jokes?

    In Modern USA, products use YOU!

  17. Re:Contact Info on HP to Region-code Cartridges · · Score: 1

    "Perhaps you can let her know as well?"

    Nah. At this point it might actually be good if HP implodes. Might as well get over it as soon as possible.

    I doubt Carly will care anyway. The sooner HP goes under, the sooner she'll get her golden handshake, fat bonuses etc and go find some other company for "slash and burn cultivation".

  18. Re:MySQL and Postgres on PostgreSQL 8.0 Released · · Score: 1

    http://www.postgresql.org/docs/current/static/kern el-resources.html

    Sure you may not have to recompile the kernel, but I actually find kernel recompiling and installing on a modern FreeBSD system a lot easier and _usually_ less problematic than say building/installing a new Linux kernel on RH/Suse Distros.

    e.g.
    backup the old kernel...
    Edit the relevant kernel config file.
    make buildkernel kernconf=KERNELNAME
    make installkernel kernconf=KERNELNAME.
    reboot.

    I've had more probs with updating the kernel on Suse 9.1 (for dunno what reason) and RH Linux (esp back in the stupid lilo days - oops forgot to run lilo, oops forgot to ensure that stuff in /boot is fine)..

    Sure you can do stuff with the loader in FreeBSD, but you still need to reboot, so I figure I might as well recompile with the necessary options. The main ickiness to me is the need to reboot.

  19. Javascript. on 'Evil Twin' Threat to Wireless Security · · Score: 1

    There's are a few problems though.

    Internet Explorer (one of the most popular browsers) treats the option to "warn when going to a secure site" as the same as "warn when leaving a secure site".

    How many people have disabled the warnings?

    Worse: could a hijacker/phisher create a non-secure page and use javascript to overlay the "secure lock" logo on the relevant parts of the browser window? And erm, draw the necessary "windows/dialogs" to help the user check the certs?

    Most people start with http://.../ instead of https://.../ so they won't notice.

    Could the javascript stuff also pop up a dialog saying "You are about to view pages over a secure connection."? in response to the click? Many pop up blockers don't block popups directly triggered by the user.

    I don't see why you can't do all that with javascript - after all I've seen javascript draw birds flying around the screen etc etc.

    The trouble is many of these banks/organizations are stupid (or evil) and _require_ javascript for their online applications to work. How convenient for the attacker. I have complained to some of these organizations but they don't care.

    I used to be an IT Security Consultant - but I think not enough people care about IT security... :).

    Have a nice day...

  20. Re:Happy root kit downloading on 'Evil Twin' Threat to Wireless Security · · Score: 1

    Don't forget the various gpg/pgp public keys ;).

  21. Re:Easy to fool the unsuspecting. on 'Evil Twin' Threat to Wireless Security · · Score: 1

    April 1st 2004, I added *.doubleclick.net and wildcarded a few other ad domains to the DNS server in my office.

    Pointed it to a local server, which just served up the corporate logo.

    It seems maybe only one or two people noticed... Maybe it shows how much people surf at my office or actually notice ads.

    Maybe I should have served up "Meeting at 2PM" and other announcements...

    I wonder what the legal implications are if a company voluntarily hijacks ads on it's network. Or an individual does the same on his/her own network - giving out free internet service to neighbours etc - except that you can't visit ad sites of course...

  22. Not a good idea. on 'Evil Twin' Threat to Wireless Security · · Score: 1

    This is _wireless_ stuff.

    People who live in glasshouses shouldn't throw stones (or "bad packets"). With wireless networking, it's really a glasshouse in more ways than one.

    If you depend on wireless networking that much, you definitely shouldn't be throwing bad packets around. The person you are DoSing may not need wireless networking as much as you do. An eye for an eye and the whole world goes blind and all that.

    Good luck finding proof that it's an Evil AP.

    Plus I'm not sure how clear the laws in various countries are over running tcpdump on traffic that runs through your _own_ networks. And whether if it's such a good idea for people to go to jail for running ethereal on their own machines...

    It's not exactly wiretapping... if it's wireless...

  23. Re:MySQL and Postgres on PostgreSQL 8.0 Released · · Score: 1

    In my experience going the postgresql route isn't difficult (as long as you don't want clustering - AFAIK clustering isn't that easy whether on Oracle, MySQL or Postgresql. It might on other platforms e.g. VMS or Tandem, but... :) ).

    In fact there might even be less gotchas in some situations. MySQL seems to do a few more things that are strange/icky (though the ickyness is usually well documented, often with defense of the icky behaviour from the MySQL devs ;) ).

    The issue with postgresql I can think of that could hit beginners is that you might have to recompile your kernel if you are using one of the *BSDs with too small shared mems and other stuff.

    You should be able to get help from the mailing lists if stuff is not covered by the docs already.

    MySQL does work for many people. But given that postgresql is free and not really difficult, I suggest it's worth just installing to mess around with.

    p.s. rollback a "drop table" in front of an Oracle DBA for laughs... (make sure you do a BEGIN first and autocommits are off, or the laughs on you ;) ).

  24. Re:Great move, now can we .. on Airbus Launches 800 Passenger Jumbo Jet · · Score: 1

    As long as you're willing to pay 1st class for each of your party members, I'm sure there's no problem.

    It's just a matter of money.

    Just like the fact that even though more(or even all) chickens would survive a trip to the abbatoir if they had more space in the truck, the truckers, farmers and butchers don't give a damn, coz even if some chickens die and some get frozen to the side of the unheated truck, overall it's still cheaper to pack them like erm sardines - you get more chickens per trip and transport cost to make up for the dead ones.

    Nasty but that's the economics- it's mostly what the market can bear.

  25. Re:ET, the free game platform? on Enemy Territory Fortress Mod Arrives · · Score: 1

    Uh, what's the problem with strafing and moving forward?

    BTW isn't ETF/Q3 open to hacks and cheats too? Autoaim ruins most of these games anyway - even if people don't use it to aim - they can use it to find enemies.