Slashdot Mirror


User: girlintraining

girlintraining's activity in the archive.

Stories
0
Comments
5,834
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,834

  1. Re:Sh! on Steve Bourne Talks About the History of Sh · · Score: 1

    In other words, you have the whole shebang?

    The whole #!/bin/sh , actually. Pretty sure that's not a party invite. ;)

  2. Re:Uh, WordPerfect and Novell? on Utah Trying To Restrict Keyword Advertising ... Again · · Score: 1

    Actually, if someone lives and is born of a particular culture, and produces something extraordinary, it does validate that culture, yes. And similarly, if that culture doesn't produce people that do anything useful, then, it really says something about that culture too. If you can't see that, you're kinda dense.

    I guess I'd better flee the country then, because hell if I want american culture validated by anything I do. O_o

    Of course, it could be that remarkable people just happen to be in the right place, at the right time, and have the right blend of talent and dedication to pull off something extraordinary, a set of circumstances that operates completely and totally independent of "culture" and has more to do with the local environment they were raised in, which might say a lot more about the town they grew up in than the country. But of course, people have been using coincidence to validate their crackpot theories (religious significance in particular) since the dawn of time. Who am I to try to convince you otherwise? I'll just go die over here in a corner now that my nefarious scheme to make a funny has been revealed by your obviously superior intelligence.

  3. Re:Real history. on Steve Bourne Talks About the History of Sh · · Score: 5, Funny

    tcsh, tcsh, tcsh. -Mom

  4. Re:Uh, WordPerfect and Novell? on Utah Trying To Restrict Keyword Advertising ... Again · · Score: 2, Funny

    You mean, like, when the mormons invented WordPerfect, one of the first great Word Processors, or pioneered networking with Novell, the first great networking company?

    Whoah. Hey, did you, like, know Robert Oppenheimer worked on the Manhattan Project and studied Hinduism? So, like, the entire religion of Hinduism can claim it invented the nuke! That's, like, totally and completely awesome! Dude!!!!!! -_- /Sarcasm.

  5. Real history. on Steve Bourne Talks About the History of Sh · · Score: 5, Funny

    The history of "Sh" started when the first kid was born, and it has continued to this day. Later forked versions include "Shh!" and "STFU".

  6. Re:Utah? on Utah Trying To Restrict Keyword Advertising ... Again · · Score: 1

    Wow, we should both totally AND completely ignore them? That's a pretty extreme position. I would have just said completely ignored them.

    I was hedging my bets. Someone might be able to provide an argument against totally, if only because of it's ties to surfer culture in the 90s, and completely on its own could have one of its alternate meanings applied, which is to "make perfect". Clearly the situation has not been made perfect, so by combining both totally and completely, I would posit that the sentence is much less ambiguous than before. ^_^ In other news, it's not yet noon, so cut me some friggin' mutter, mutter slack... brraaaaiinnss.... caffeine needed.

  7. Utah? on Utah Trying To Restrict Keyword Advertising ... Again · · Score: 4, Funny

    This is a state where 58% of its inhabitants claim membership in a single religion, and the overwhelming majority of the legislature comes from this demographic. They're not exactly known for their progressive views on technology. Might I suggest we kindly totally and completely ignore this state? They're clearly out of touch with not just reality, but the rest of the country as well. At worst, Utah-nians just won't be able to go online, and golly gee what a shame that would be. -_- Now go ahead and mod me to hell for stating the obvious. Or can we at least re-classify this under "It's funny, laugh." ?

  8. Apparently we're not immune. on Firefox Beta Touts Advanced Engine, Solves 8 Flaws · · Score: 1

    We've changed this user's browser from Mozilla Select Grain to Microsoft Premium Blend, let's see if he notices;

    Microsoft may be this year's winner in the 'browser battles' as they ready the next beta version of their tour-de-force, Internet Explorer 8. Microsoft is resolving eight critical vulnerabilities found in the current version of IE -- a move sure to garner applause from devoted IE users. As this year's crop of new browsers emerges, enhanced features are becoming secondary to one thing: speed. Microsoft is nearly ready to release the next beta version of IE to the public for testing, and insiders predict that it will outpace even Safari 4, which has been the fastest browser in wide release since its beta began last week."

  9. Re:Disable IE? on Windows 7 Lets You Uninstall IE8 · · Score: 5, Insightful

    Me installing firefox does NOT mean I want IE disabled.

    Ah, you may like it to be there. Not everyone does. And that's the crux of the matter... Having the freedom to choose. Which of course nobody cares about when they choose to go with the majority. Fortunately, the EU understands that the rights of minorities are more important.

  10. Re:Ick. Ugh. on Google's Struggle To Reach Authors — of Every Book Ever Written · · Score: 1

    There are times when I wish I could sacrifice mod points to my own comments to give them to a far better post. Yours is such a post. Thank you for your insightful commentary; I wasn't aware of any of that.

  11. Re:Waves? on Gravitational Waves May Have Been Detected In 1987 · · Score: 5, Funny

    And here I was always convinced they were Gravity Particles.

    The lawyers for the Standard Model called. They mentioned something about a Cease and Desist Order: You're not allowed to discuss gravity around anyone schooled in quantum mechanics-- It apparently causes emotional duress.

  12. Ick. Ugh. on Google's Struggle To Reach Authors — of Every Book Ever Written · · Score: 3, Insightful

    Hopefully Google will realize that most everything published had, as a condition of publication, the loss of the author's rights to that work either temporarily or permanently. If Google really wants to digitize books en masse, why not start by killing the concept of the exclusive contract and the equally nefarious "work for hire" clauses that are cropping up around the world... Meaning that NO MATTER WHAT an author retains the right to his/her own work. Call it the "It's Mine, Dammit" Doctrine. Because I think it's easier to convince an individual author of the social benefits of digitization than it is to convince some f*ck in a suit. If you want an example of this -- find some work that's totally void of any social benefit -- say a coupon booklet or one of those pamplets sitting in waiting rooms around the world. Now, try and get permission to reproduce it... understanding you've picked the most useless thing you could find to duplicate.

    Better yet, let's just tell governments around the world to go to hell, and start digitizing this stuff on our own and making it available for free, and on page one, write "In Memory of Corporate F*cktards Everywhere". But that would be too inflammatory, so someone with slightly more tact should write that page. ;)

  13. and why do we care? on Smart Immigrants Going Home · · Score: 4, Interesting

    Our educational system has become so damned expensive that only people who don't live here can seemingly afford it. So it makes sense... As to why the visa system is clogged... Maybe the economic hard times have hit government offices partially responsible for it as well? Oh, what sweet revenge. -_- More seriously though, what difference does it make how well we educate people (either people who stay or leave?) if the environmental conditions necessary for real progress are absent? Our intellectual property system has gutted any hopes of "desirable individuals" doing much of anything besides occupying a desk. The medical field is screwed because people are too afraid of litigation to actually practice medicine at less than a 6000% markup on procedures, which is literally killing people who can't afford it anymore. The lawyers are the only ones in this country that are well-off anymore.

    It's no wonder people are jumping ship... Some people looked down the length of the bow and see a giant iceberg in front of the USS Our Future. An iceberg made almost totally of greed, because we couldn't look farther than the end of our damn noses as the social problems we're facing. And leaving is the smart thing -- how long until Canada starts patrolling its borders to keep illegal immigrants from the United States out? Probably not long.

  14. Re:Duh? on MediaSentry & RIAA Expert Under Attack · · Score: 5, Insightful

    I'm not fan of the tactics of the RIAA, but posts like yours drive me insane. Why do computer geeks seemingly have so much trouble with the concept of "guilty beyond a *reasonable* doubt?" The quote is NOT "guilty beyond all doubt".

    Cases based largely if not entirely on circumstantial evidence (which is what data remotely gathered is), do not rise to "beyond a reasonable doubt". I'd go as far as to say -- why the hell does this get before a judge and not get thrown out? Because the judge doesn't understand that all the crap that RIAA puts in front of him/her is circumstantial. And then they sign a bunch of warrants and set everything in motion -- which thanks to recent supreme court rulings, can be admissible even if the original reasons were complete bunk. So in short, RIAA is playing on the technical ignorance of judges to advance these cases, hoping that their circumstantial evidence leads to admissible evidence at trial.

    And THAT is the abuse of the system, and posts like yours "drive me insane" because posters like you fail to see the larger issue because you're hyper-focused on the little tiny things like whether a certain word was stressed or not.

  15. Re:sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 1

    Err thats why youre a semi-anonymous poster on a web board known for its biases and natalie portman jokes and not in law enforcement.

    Actually, it's mostly populated by computer geeks, and every group is well-known for its biases, that's how a group defines itself. It's not well known for it's natalie portman jokes--well, I haven't seen any, at any rate, and if there are jokes about that actor, it's purely a community thing, not what slashdot is known for -- which is having a large base of computer geeks and posting on topics that interest them. And geeks (strangely enough!) tend to have interests in all things technical, medical, or just plain complicated. And the smarter and more experienced geeks tend to have interests outside their primary interest about which they are more than merely informed on.

    Unlike Americans, Russians and Chinese hackers speak and read more than one language. The idea that this must be a white guy in the suburbs who was just laid off is naive.

    Yeah, but how did those hackers learn the internal workings of those financial service providers? And the question is also raised -- why just those providers? They're all US-based, and in english. Are you telling me those are the only financial targets worth hitting? Why not institutions in Europe? All of the providers are in the United States -- that implies a geographical bias. The simplest explanation is because they are geographically or culturally "local" to the attacker(s) -- they are familiar icons. That's a reasonable beginning assumption in any investigation.

    The possibilities are pretty huge. Not to mention the historic arrests for this kind of thing turns out to be non-americans.

    "this kind of thing"? "Non-americans"? The United States practically pioneered financial fraud, which logically follows since we have the most developed economy in the world, and other countries come here to learn how to structure their financial institutions, not the other way around.

    Anything is possible but if you profiled me, accused me of this, and had me questioned by police, embarassed me, or cost me my reupation because of your CSI-like hunch, well, youd be getting fucked by my lawyer right now.

    I would say you self-selected off the list -- any programmer worth his salt would have better punctuation and spelling than you. Debugging is such a pain. Also, unless your lawyer is attractive, female, and gay, they would not sexually excite me. :P

  16. Duh? on MediaSentry & RIAA Expert Under Attack · · Score: 5, Insightful

    Yeah, digital evidence can be such a bitch, especially when you gather it remotely. You have no idea if the client (remote end) is telling the truth or not, let alone if it was tampered in transit or not, and even if none of that is true, there's still no way to link what a computer does definitively to what a person designated as the primary user of that system, simply because that system could have been previously compromised via a litany of vectors. In short, why this ever got this far is beyond me... The standards of evidence have slipped quite a bit. These days, you yell "computer!" in a crowded court room and bring in an "expert" in a suit, and the judge and jury will believe just about anything. IP addresses and hashes as "digital fingerprints"? a smack of MP3s on a hard-drive is "evidence"? If I rip a CD I legally purchased, encode it into MP3, and then the CD is damaged and thrown away, or stolen, does that make my digital copy illegal? Apparently. things that are perfectly legal to do to their physical counterparts become illegal to do when a computer becomes involved, simply because someone yelled "computer!" in a crowded court room.

    Please god, send us a lawyer worthy of Mordor.

  17. Re:sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 1

    Well then thank goodness you're not investigating. Crap like this is the exact reason many of us were outraged at the Patriot Act and similar legislation; back in 2001-2 we argued that such legislation would become an easy way for investigators to ignore the Constitution for a host of other crimes. There's been plenty of evidence of that happening already, but it's rare to see someone openly advocate such an abuse of law -- usually, in fact, conservatives defended these laws by saying they would never be used against anyone but the most dangerous international terrorists.

    The tools are there. You're naive if you think they won't be used. I'm not here to discuss the morality of such actions, and your moral outrage will be confined to a website far from anyone making the decisions, which makes it a political act of utter insignificance. Sorry if this is an unpopular statement to make, but I'm not interested in gaining popularity. Save that for someone who needs to get elected, or win an argument on an obscure electronic forum.

    The truth is something that only people of a certain moral flexibility are good at uncovering.

  18. Re:sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 3, Interesting

    I don't know em personally either, but I've got enough experience with DSM and psychological profiling to call shenanigans on your assessment.

    And yet you don't state your qualifications. Well, here's mine: I have been in information technology for eleven years, have done network and system administration at the enterprise level, and have assisted investigators tracking down so-called "hackers". I also have about four years of programming experience, mostly to support the aforementioned. I also have spent a significant portion of my professional time learning digital forensics, taking apart malware kits, and have friends that do skip-tracing professionally (they track people down, and I know people who do civil and criminal). I have also worked on classified government systems (can't say which, obviously), and busted two people on-site who attempted to access information without authorization on those systems (the men with shotguns came and took them away). I do know what to look for, and I have caught people who thought they were so very much smarter than we were. Repeatedly, and sometimes in the flesh.

    You're right, I have no idea who this person or people are. That said, if this guy was working with a herder or someone with access, the vector would have been found by now. It hasn't, which means they're not using an established botnet for deployment. Not only that, but while some of the programmic methods may be similar, that alone shouldn't make an investigator jump to the conclusion the two are in contact with one another. Especially not with the volumes of security research on how these networks operate available to the public. Even slashdot has published links to the aforementioned! All this said, again, you're also right that I don't have a degree in psychology, or criminal profiling, etc. -- I just deal with these people on the front line and I'm going by what my gut and my experience tells me should be there. A real profiler would start with known facts, which I don't have, and have a support team to get definitive answers, which I also don't have. It's still a lot better of an educated guess than most people here could make.

  19. Re:sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 1

    Someone likes their CSI

    Someone worked for one of the few fortune 500 companies with not one, but two digital forensics laboratories.

  20. Re:sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 1

    They use the hijacked accounts to purchase large quantities of a low-volume penny stock. The attacker, or the group he works for, already have a large position in that stock. The huge increase in demand pushes the price for the stock up. This causes all kinds of people to sell--including the attacker. And they make a tidy profit, while the victims are left with a large quantity of over-priced stock.

    Okay, sounds like your classic pump-and-dump, but let's ignore that for a minute.

    Whether he's working alone or in concert with a group of criminals, first. The probability of success is an inverse of the number of people involved in criminal enterprise. That is to say, the more people there are;
    (a) the more likely mistakes are made that can expose the individual and/or group,
    (b) the more likely for political issues to form within the group that tear it apart (and raising the chance of someone coming forward),
    (c) the less profit for each player, and
    (d) the more communication is needed between members.
    Implicit to this is trust -- whomever each player works with, they have to trust all the other members. For these reasons, it's very likely they met incidentally in real life, built a relationship from this, and there is some paper trail linking them all together. So bust one, you bust them all even if they don't talk -- It's actually advantageous to an investigator to have groups of criminals as opposed to individuals -- because it's easier to play them off each other and the communications between them are far, far, more likely to be over channels which can be monitored. So, in summary -- Groups are good for our team.

    Now, that said, let's talk about the pump-and-dump. You are correct that these schemas are difficult by simply viewing trading transactions, because the missing piece of the puzzle is communication between the participating parties, directly or otherwise. But here's the fun part -- we'll find out who the victims are because of fraud reports that will trickle in, and a pattern will emerge telling us what stocks are involved. The many to one relationship means we can eliminate small purchases of the useless stock, and at some point near where the stock price crests, we have a list of who the sellers are. Very likely these won't be short trades either, but trades in quantity -- because it's easier to do it in one go or a couple than a few hundred, and the rate of return is far greater. They will focus their efforts too, because of simple statistics. A quarter million machines are infected, but this worm has a very specific kind of user and application -- so only a small fraction of those machines will actually be useful to the conspirator(s). This necessitates a more focused effort -- fewer trades, at larger amounts.

    And that's the crucial flaw -- they have to sell, and yes, several people will sell in the target window of opportunity -- but how many of them will sell who fit the profile of the criminal we're looking for? Not very many. And monitoring their personal finances will give us the tell-tale signs needed to gain a confession.

  21. Re:If it were me... on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 1

    You're making a critical assumption -- that this guy is financially savvy, not just technically savvy. He may understand the value of stocks, but trading stocks and making a profit at it is entirely another set of skills, and he'd need money to blow to learn that skill in the first place... Which begs the question of -- why steal illegally what you can manipulate away from someone legally? There's a threshold of knowledge here -- he knows a lot about technology (the code speaks to this), but the fact that he's targeting only a few financial systems, and the attack is highly specific, tells me he's not very good at statistics. The first thing you learn about financial systems is that they are heavily audited. Criminals hate leaving paper trails, and if there has to be one, they want somebody else's name on it. But the problem is that the criminal has to eliminate the audit trail at some point and then move the money back to himself somehow... Whether it's fenced or not, the fact remains -- how does he get paid for his work?

    That money has to come from somewhere, and there's a record of it, somewhere. It may not be practical to find it, and often times investigation is more about guessing what's there than direct evidence that a link exists. It may be a needle in a haystack, but the needle does exist.

  22. Re:sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 2, Interesting

    Agreed, let's go after the bailout recipients.

    No. It should be assumed this person has familiarity with those systems, in order to develop the code. Acting alone (highly probable), that means he likely has/had accounts with many if not all of those financial service providers. That grossly limits the number of available suspects. His industry and age also narrow the list even further. That probably leaves perhaps 10k worth of potential suspects in the pool. I'd be guessing, but he probably hopes to convert the stolen accounts stocks to cash, launder it through a third party (paypal perhaps), and then return those assets as stock purchases to avoid taxation, which means you only need the cooperation of a few of those providers and demographic data. Link it with possible terrorism to bypass the usual rules that would prevent a dragnet, and chances are good you find your man. At least, that's how I'd investigate.

  23. Re:a quarter million !!! on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 5, Funny

    I though the most wonderful thing about Tiggers was that there was only one of them

    There are many copies. And they have a plan.

  24. sourcing the problem on Tigger.A Trojan Quietly Steals Stock Traders' Data · · Score: 2, Informative

    Attacks like this, namely single vector and single target, point to a single person or small number of persons who have found some way of using the data to profit themselves. We're probably looking at someone in their late 20s, based in the United States(cursory examination -- appears the institutions are all english and based in the US), upper middle class, 5-7 years experience programming (self-explanatory), single, male, and with a history of mental health disorders along axis IV, socially under-developed, (the two are usually related, and most white-collar criminals have mental health disorders but are still highly intelligent) and likely recently became unemployed and is trying to maintain his upper-middle class income.

    Forget tracing back through the network -- find out where the money is going. You have a many-to-one relationship, it's unlikely this guy is smart enough to launder money effectively -- the entire attack scenario points to someone new and inexperienced, and is acting alone hoping this will reduce his risk exposure. The differential is the profile above -- find someone who was recently in debt, and is now very much out of debt.

    Have fun.

  25. Re:Noscript on Collaborative Map-Reduce In the Browser · · Score: 1

    Actually it was the '90s, but whatever. The thing is, non-DHTML web pages are actually pretty good for most things... what made those early '90s web pages so awful was no CSS, slow connections, and the fact that people really didn't know how to design for this new medium.

    Sure it's fine when you've got a 2GHz processor and a smack of RAM to compile and run an interpretive language -- with the sole purpose of relatively simple data manipulation, validation, and perhaps some light processing to kick a chunk of data back. But when you are talking about serious data crunching, you want code running natively, not in a locked down little box, like SETI@Home, and optimized for that architecture and platform.

    People think because you can put it on the web, you should. That is, at best naive, and at worst professionally negligent to suggest.