Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Re:Not so great an idea. Don't follow Phillip. on Slashback: Nigritude, Indignation, Artifacts · · Score: 1

    The wiki stuff is nice and all that. But what if people subtly alter stuff (e.g. history). Would people notice errors? It's just like the patent office problem - they let through almost any crap nowadays that looks half intelligent to the examiner.

    Would really attacking wikis be worth it? (This nigritude stuff is nothing). Maybe not at the moment so at least some wikis are safe. And maybe just captchas and similar stuff will keep most (not all) wikis safe from automated spamming whilst not requiring the use of user accounts.

    But if a wiki becomes really popular it may be worth it for a spammer/worm to keep altering at least the main entry pages (this can be done despite captchas). So such wikis may require accounts for more critical sections.

    AFAIK the nigritude spam just touched sandboxes. So just tell google not to index your sandbox. In a way wiki owners are spamming google's index by letting it index their sandboxes and the nonsense that they let people write in it.

  2. Re:Reality check on Who's Blocking Verified E-Voting? · · Score: 1

    What are the odds of a McFinger scenario happening in the US?

    So what if he threatens to break your legs? Don't you have cops? And it's the US. Just buy a gun, a clip or two, "forget your receipt" and have a nice civil discussion with McFingers on why he shouldn't break your legs.

    The Diebold scenario is real, and you guys are scared of imaginary shit.

    The real experts have already put out various proposals. So enough of saying blahblah can't work. Just pick one of those, I bet any of them are provably better than Diebold's. Any fool here on Slashdot can make one better than Diebold's (just add checks for negative votes and more than 100% votes and you'd be better already).

    Just pick one:
    http://www.openvotingconsortium.org/
    http:/ /theory.csail.mit.edu/~rivest/voting/

    The ship is provably sinking and you guys are busy discussing which lifeboat to use. Sure it's important to pick a decent lifeboat, but I find it hard to understand why it's taking so long - so much so there's a real danger you may go down with the existing ship before you make your choice. What's wrong with all of you????

    Spend 10% less on picking Iraq's gov, and use that 10% on picking your gov for your sake and the rest of the world's sake.

  3. Re:What?? on Who's Blocking Verified E-Voting? · · Score: 1

    Look, a smart cryptographer has already come up with a pretty good system that is anonymous. There are plenty of systems better than Diebold's. The US has plenty of smart people who can figure things out. But no you guys have to go get the corrupt and dumb ones to do it.

    The US picks Diebold just because they are so "scared of anonymous votes". With Diebold of course they are anonymous - you don't know which computer voted, and it sure wasn't your vote, even if you knew ;).

    The US is willing to spend billions picking the gov in Iraq... But back home in the US the US has election results with _negative_ totals, more votes than voters and other stupid crap. More unbelievable results than those of a banana republic, or even Iraq's elections - heck it's nearly believable that everyone did vote for Saddam coz they were scared or something. But they sure didn't have more votes than voters, 90+% voter turnout if I recall correctly, not more than 100%.

    But I suppose the present gov likes it just the way it is eh?

    The US citizens should get their priorities right. The gov officials who passed the Diebold machines should be tried for _treason_. Diebold and other makers of crappy election machines should be tried for treason as well.

    Heck use India's system if you can't think of anything - they have 1 billion people, and they recently successfully held their elections, and so far nobody really disputes the results of their election at all - I daresay if anybody thought there was widespread cheating, heads would literally roll or be blown apart.

    Heck, imagine what would have happened if there were US-style results (130% votes or negative votes)in India. Those involved would get lynched or worse.

  4. Re:Social Gaming? on 'Cut and Paste' Is Out, 'Pick and Drop' Is In · · Score: 3, Interesting

    How about this scenario:

    Using my wearable server, I manually (eye/hand gestures etc) or mentally (remember that mind reading thing?) send a URL to my friend (think instant messaging). The URL could point to an object on my wearable server (or some other server).

    Voila instant telepathy.

    My friend receives the URL on his/her wearable server, (IM) and proceeds to download/view the object/content. Then my friend could also "click" on a URL that changes the music a jukebox plays. Similar for setting the airconditioning temperature and lighting of a room.

    Each wearable server could run a browser like app that helps make this possible - view streaming media, easily click on stuff given limited manual input, (select items from predictable lists of lists of lists etc). It will also run a webserver and web application that makes objects accessible, and a server that streams input video/audio.

    Think super wearable PDA. No need to retype data. Look at the left top corner, press a button or make a gesture(hand/eye/mind), look at the right bottom corner and press a button/make gesture. You then select a rectangular clip out of the video you can see. The rectangular clip could be stored raw and/or automatically processed - e.g. OCR. Then you can just send the object to your colleague or friends or object database at home.

  5. Re:Tom!!! on 'Cut and Paste' Is Out, 'Pick and Drop' Is In · · Score: 1

    Actually some people may be able to find stuff through all that "clutter", until the Missus thinks is a big unsightly mess and organizes stuff neatly.

  6. Coz x86 will live. on CEO of Centaur Discusses x86 Strategy and Linux · · Score: 1

    Hey eventually DNA code will die out too and those who are left will all speak Esperanto.

    Sure there's always something better, but it may only be better for _now_. Meanwhile there's something that works well enough and has a proven track record. BTW if Centaur vanishes, one could resort to AMD or Intel, without too much pain.

    So far, most of the RISCs and other "elegant" CPUs have ended up embedded or buried. You have Sun, which is having obvious trouble with SPARC. So it's either x86 or IBM's POWER which isn't really RISC, more a RISC-like CISC or a CISC like RISC whatever ;). Or Itanium, which isn't RISC nor that elegant either.

    High end CISC performs better in many real world cases, coz memory, buses, disks etc are slower than modern CPUs. Treat CISC as compressed RISC. Given that hardware is so fast, might as well "compress/decompress" your RISC instructions on the fly. Which is kind of what happens with say AMD, or even IBM's POWER chips.

    The popular embedded CPUs (ARMs etc) aren't that fast. And the stuff Centuar is adding to their chips may make the makers of network appliance equipment (VPNs/firewalls/content filters/IPS) quite interested.

    Now if/when they do 3DES fast too, things will get interesting. Coz normally at a product/buyer level, hardware VPN accelerators are typically a few thousand USD or something like that. With a Centaur chip - the new products may be using a cheaper CPU, and still have VPN/SSL acceleration... Wonder if some will get tempted to just have VPN acceleration "license keys" and profit even more ;).

    Intel has been trying to get rid of the x86 too, but...

  7. Re:Not so great an idea. Don't follow Phillip. on Slashback: Nigritude, Indignation, Artifacts · · Score: 1

    It's a sandbox. It's there so that people can experiment there instead of messing up the other sections. Did he use up inordinate amounts of bandwidth? Did he use up tons of CPU? I doubt it - they weren't even complaining about that.

    If you say "Please test here", heck why complain if people actually do so?

    Based on the complaints by Wiki owners it's a fact that at either Wiki software is not up to handle these things or Wiki owners aren't.

    If people bring to attention flaws in code (in this case inadvertently too), they're not necessarily expected to fix it. And don't shoot the messenger.

    Some ppl on Slashdot recently tried to convince me that the Wiki was spammer proof and said a research mentioned on IBM's site stated that most vandalized wikis were corrected in a short space of time.

    I gave email spam as an example and said that wikis won't be safe if they were really popular, but they insisted that Wikis were up to it, blah blah blah. Naive, I let them live in their illusory world of sugar and spice, let someone else break the bad news. Now it looks like someone inadvertently woke em up.

    If some guy messing about with _sandboxes_ can annoy so many wiki owners, are they really prepared? I doubt it.

    If some idiot worm writer writes a mass worm that spreads or exchanges messages using wikis they're in for big trouble.

    The Wiki owners/creators are the ones not getting it. Wikis should at least phase in captchas and similar defenses if thresholds are hit.

  8. Re:Once again, I'll have to disagree with this. on Infected Windows PCs Now Source Of 80% Of Spam · · Score: 1

    "I don't think that's a good generalization to make. I used to not patch my windows machine because something annoying ended up breaking after the update"

    OK so I wasn't as precise with my words, but the fact you 1) actually tried to patch your windows machine and 2) noticed you failed puts you in a different category from the group I'm talking about.

    If it were a bit like cars where it's common for people to send their PCs for maintenance by pros every 3-6 months then those spammers might start sweating a bit. Yeah even 6 months helps. The old worms from years back are still cluttering up the Internet.

  9. Re:Once again, I'll have to disagree with this. on Infected Windows PCs Now Source Of 80% Of Spam · · Score: 4, Interesting

    "In order for Linux to have the same infection rate as Windows, Linux would have to have the same (or similar) flaws. "

    If 80% of the users had Red Hat 9 installed, they'd be sending out 80% or more of the spam. RH9's sshd is exploitable out of the box. Heck many distros CDs come with exploitable sshds and often sshd is the service that gets started by default.

    The same people who don't patch their windows machines won't patch their linux machines.

    In some stupid hacking contest half a year back, there were silly people who picked RH as their O/S, didn't know how to secure it and kept getting rooted. Either they didn't patch sshd or didn't patch OpenSSL.

    The spammers won't really care whether there are 100 vulns or 1 vuln in one machine. All they care is how many vulnerable machines there are.

    Heck, from my webserver logs I see that at least some spammers are trying to get apache's mod_proxy to send email. They are succeeding for some configs.

    Here's a victim:
    http://forums.devshed.com/archive/t-99035
    Here's another incident
    http://cert.uni-stuttgart.de/archive/bug traq/2003/ 07/msg00277.html

  10. Re:Kinda cool on Quake III Gets Real Time Ray-Tracing Treatment · · Score: 1

    You want to calculate stuff fast? Maybe you should ask google.

    Perhaps Google will have a Google free day, where for the whole day their 100K computers do Folding@HOME or something else other than google search. :).

  11. If I were Google and bad on Google's Ph.D. Advantage · · Score: 1

    If tons of people use my search engine, it might be possible to run the search terms through a few smart programs written by smart people and:

    1) Make money in the stock market coz you may have a good idea what people are about to buy/sell before they buy/sell it. OKOK, not easy to tell if buy or sell. But is it a hard problem?

    2) Go figure the other related stuff yourselves ;).

    Set cookies and do some weightings and you might be able to group and weight the searchers/searches accordingly.

    But Google says they're the good guys right? :). I wonder what Microsoft would do.

    But hey I'm no PhD.

  12. Re:Fine No Execute on Red Hat Introduces NX Software Support For Linux · · Score: 1

    Well having a separate address stack may make it easier for the CPU to figure out program flow. So the performance hit might not be that bad.

    As for the other stuff, I think just a single general parameter stack may be good enough - let the programmers figure out what they want to pass to routines and how they want to do it.

    Shouldn't be too difficult to detect if the stacks collide. Start and current pointers for each of the two stacks, or something similar. Load in the pointers for each context switch.

    This way you can make it very very hard to screw up the address stack and return to a /bin/sh call or something silly (Linus's example). The NX bit doesn't stop that sort of attack. Without separating the stacks you'd probably need to do stuff like canaries/checksums to detect stack corruption.

    I doubt this separate stack stuff will get into any x86 tho ;).

  13. Re:bernstein on BIND Is Most Popular DNS Server · · Score: 1

    "software they have no intention of using anyway "

    Uh in my experience the "users" aren't the ones who try to find exploits. Joe average is unlikely to ever create an exploit for anything unless it involves beer.

    I'm talking about a different group of people here. Just look at the various sites dealing with security vulns and exploits. I've seen at least one or two exploit writers who insult Theo[1] of OpenBSD whenever they get a chance to release an exploit. Which is not that often.

    Who would care? The IT security community would care. A number of large sites use qmail. Yahoo used to use it - now it seems to use something similar- maybe modified qmail.

    [1] Someone should arrange another Theo vs DJB when things get boring ;).

  14. Re:Fine No Execute on Red Hat Introduces NX Software Support For Linux · · Score: 1

    Well the gentoo guys probably won't mind recompiling everything ;).

    As for FORTH - I heard it's still vulnerable to buffer overflows.

    Plus if you're not careful the fact that typically code=data in FORTH just creates the same problem in the next level. Joe Programmer may not know to use different "dictionaries" or whatever they call those, to isolate things.

    A while back I crashed a forth webserver on my first try (zhttp). Sent a single quote to a http basic-auth password prompt... It really crashed too. Doh.

  15. Re:Nice. on Mandatory Banknote Detection Code? · · Score: 1

    That'll probably get you fired or something.

    I wonder if the stuff will still lock up if you use tiled banknote images as a faded background watermark for some of your printed documents or webpages... Especially for things that are not supposed to be copied.

    Use your imagination for more other fun stuff.

    Bwahahaha!

  16. Doh. on Mandatory Banknote Detection Code? · · Score: 1

    Next some bright spark will patent a way to stop webpages and other documents from being printed on such printers...

    Try using a faded out image of currency as a background watermark on some of your printed documents ;).

    The US notes are the same size, similar colours for different denominations. That's dumb. Should change that one fine day...

    How much damage have counterfeiters really done? How much will these countermeasures cost in time and resources for the benefit they actually will accrue? Despite what the crooks at the top think, most people aren't amoral greedy looting bastards like them. So it's the mass counterfeiters you worry about, and this stuff just won't stop them.

    I really wonder if it's worth it economically (rather than politically etc).

    BTW the US Gov has done more to ruin the value of the dollar than any counterfeiter ;).

  17. Re:The goal on Mandatory Banknote Detection Code? · · Score: 1

    "Your neighbor and the other countless casual criminals will not know how to remove it."

    I recommend you move to a different neighbourhood :).

  18. Re:Wait, why not email servers? on Distributive Worm Blocking · · Score: 1

    One rule for the big guys and one rule for the little guys :).

  19. It's a scam in most places. on 80,012 Text Messages In One Month · · Score: 1

    It's a bigger scam than that. 80K messages at 160 characters only works out to 12MB.

    If it's 40 characters on average that's only 3MB.

    How much are most telco's charging for SMS?

    Talk about profiteering.

    Compare with 9600bps voice = about 70KB/minute. 170 minutes of talk time = 12MB.
    42 minutes of talk time = 3MB.

    (OK not full duplex - but hey they don't have to transmit silent pauses - and I'm not even sure they always support full duplex voice).

    Futhermore text messages can be delayed by the telco till when its convenient/cheaper to send - fill out the unused bandwidth.

    In some countries (e.g. Philippines) text messaging is free.

  20. Re:Fine No Execute on Red Hat Introduces NX Software Support For Linux · · Score: 1

    The pushing parameters onto stack before calling a function sounded rather kludgy to me when I first learnt about it years ago.

    Why don't people use different stacks for return addresses and parameters/variables?

    That way one reduces the chances of "running arbitrary code of the attacker's choice". In event of a bug the attacker is more likely to only easily "overwrite/specify arbitrary paremeters/variables for existing functions". Which seems magnitudes safer.

  21. Once had a related idea. on Theaters vs. Camcorders, Round 27 · · Score: 1

    I thought of a way to make it harder for paparazzi to take photos of stars etc. The stars wear a device around their neck, which flashes like a camera flash whenever it detects a flash from cameras. That could screw up the exposure of conventional film cameras.

    But with the advances of digital photography tech pretty soon (even now) flash use could be optional under normal lighting - flash only used if you want/like the effect.

  22. Re:Good! on Theaters vs. Camcorders, Round 27 · · Score: 1

    Bingo. You hit the nail on the head.

    Over here there are plenty of pirated movies available. But for the recent LoTR, the theatres were filled for _months_. There were queues even two months after I watched it - a colleague made a mistake of trying to go watch it without booking and - no tickets.

    Even if you think LoTR isn't that good, it's good enough to fill the seats, and so it's good enough.

    But why doesn't Hollywood just make movies which fill the seats? Why do they even do crap like Kevin Costner stuff[1]?

    Pixar manages to fill the seats. Plenty of people went to watch Finding Nemo. AFAIK all their movies have done well (even here).

    I mean it's not like Hollywood does arty-farty stuff well, so why bother. Just stop pumping out stuff which doesn't sell. And stick to the stuff which does - heroes vs villains - save the world, girl meets guy, quests etc.

    If Hollywood loses money it's not because of pirates. It's because they are so out of touch with their customers. Probably because most of the directors, producers, actors, writers etc live in the Hollywood world, which is very unlike the world everyone else lives in, different moralities, different priorities. Look at Bollywood - they know their audience.

    Same goes for the music industry. Love songs sell. Sure the cynical amoral music producer may find it sickeningly boring, but hey in the old days I bet they were just as cynical, but they were cynical enough to just keep churning that stuff out, and made big bucks doing so.

    Maybe they're trying to make the rest of the world into cynical amoral wretches like themselves. And they're willing to lose money doing so. And someone just has to take the blame for it.

    My personal preference: if I'm going to watch something on the big screen, I'd prefer a big story, larger than life or different. Not something similar to watching the neighbours or my colleagues ;). Bad guys winning, pointless violence? Heck there's plenty of that in the real world so there better be good reasons to spend 2 hours and _pay_ to see that on screen.

    [1] Even Dances with Wolves was crap. It probably sold in the US because of the guilt trip factor.

  23. Re:This won't help... on Theaters vs. Camcorders, Round 27 · · Score: 1

    "The picture is far better on a movie screen than it is on your TV"

    Yah, but I hardly watch TV anyway.

    Nowadays most PCs can easily manage games and other stuff at 1024x768 85Hz.

    While the movie rez is better, the 24 fps rate really sucks. Especially the pan shots, it looks like the picture is rippling down. For some reason it's not quite like a game which dropping frames - the image really does seem like it's "rippling/tearing".

    I suppose dropping frames at 85hz means the picture is still drawn pretty fast, but the time between new pictures is longer. Whereas the 24fps film mechanism has its own quirks.

  24. Re:Yes it should be locked on Should Hardware Drivers be Region/Language Locked? · · Score: 1

    He a bit paranoid? There's medication for that ;).

  25. Re:Simple Solution on Should Hardware Drivers be Region/Language Locked? · · Score: 3, Insightful

    Well it's more than one dude.

    There aren't many good reasons to buy Sony stuff. Unless you like aibos that much...

    They're fond of having their own type of batteries, memory, etc.

    Their optical disc drives/players typically have poorer media compatibility than even the taiwanese brands (they're probably all made in China, which makes it even more puzzling why they're more sucky).

    You often pay a premium for Sony stuff (except for cdrom drives for some reason ;) ). Don't see what you get for the premium.