Slashdot Mirror


User: mcrbids

mcrbids's activity in the archive.

Stories
0
Comments
4,341
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,341

  1. Why not USB? on Standard Brewing For PC Card Replacement 'Newcard' · · Score: 1

    PC-Cards really should be put on the USB bus, with a special (flat) connector.

    Really, is there any reason *NOT* to do this? That way, PC-Cards can be slid in and out "hot", just like USB stuff can be. This also reduces R&D, cost to delivery, and the USB standard is already well supported, allowing manufacturers of existing USB stuff to come out with "card" versions of their stuff.

    Can anybody think of a reason why this wouldn't work?

  2. Re:Depressing thoughts on RPC DCOM Cleanup Worm Appears · · Score: 1

    Governments need to sit up and take notice, this is serious stuff.

    This is one of those things where we can thank human nature. We're stupid, but we're not typically malicious.

    As a programmer, I have the skills to, in a small amount of time, destroy a significant part of the Internet and cause billions of dollars of costs to be incurred worldwide.

    Yet I don't. Why?

    I can sit and diagram the worst of the warhole worm, building a virus with abstractable infection systems (so that the same virus can be used to cover multiple vulnerabilities based on the host type) and so on.

    But even though I've actually taken the time to do this, you'll never find anything public that I'll ever show to anybody that could be used to do this. Why?

    I'm a good guy. I can make good money doing my programming stuff that allows hundreds of California teachers and salespeople everywhere to do their jobs easier and faster, thanks to my software.

    Really. The guys with the skills tend to get paid more to create than to destroy. The Internet is a giant experiment in social trust. And while it has its problems, it's been a very successful experiment.

    The only reason it doesn't come crashing down is that so many people work so hard to keep it up and working.

    Some bastard started spamming one of the mailservers I administer with a carefully crafted attack. It was quite well designed to get past the numerous anti-spam measures to disseminate the Nigeria scam.

    I was on vacation. I took my time, ignoring the load alerts for a while before deciding to delve in and find the problem.

    140,000 spams were found on the server. Pure crap. All deleted. Over 5 hours of time. Spammer's server now on the permanent "block" list - not a single packet will ever be honored from that address again in the near future.

    So the white wins out over the black once again.

    Destruction is easy, but the rewards are small. Construction is hard, but the rewards can be great.

    Isn't human nature wonderful?

  3. PHP-GTK on GUI Toolkits for the X Window System · · Score: 2, Interesting

    Officially, PHP-GTK is at version 0.5.2 - "alpha".

    I've written a 20,000 line software package in PHP-GTK and I can say that while GTK 1.2 is a bit funky, it's quite powerful and very stable.

    Binding Gtk with the power and rapid development speed of PHP, using an IDE such as Dev-PHP results in an environment that's blissful, stable, and cross-platform.

    The aforementioned application is currently in the midst of a very successful Beta on Windows, and once released, will be shortly released for Linux and Macintosh. To "compile" the software we used the Ioncube Encoder.

    Gotta love it, eh?

  4. It happened to me on Disclosure of Major Software Exploits by Students? · · Score: 2, Interesting

    Well, mostly.

    I was working on a site for a client, and discovered a vulnerability that was easily exploitable in a Credit Card interface for a large, well-known company.

    I sent details of the exploit, complete with working code samples to the company in a carefully written, detailed, email.

    About 2 weeks later, I got a phone call from a *very* agitated man who kept saying over and over: "it's not really a problem". I simply listened; I had nothing to say since it'd already been said. I didn't say anything, and he eventually hung up on one of the weirdest phone calls I've ever had.

    The vulnerability allows me to buy anything I want from any client site of said large, well-known company.

    So, speak your piece. Send the details to the company/vendor, along with full details, exploit code, everything you know. Make it clear that you are not going to publish it, or at least make clear the conditions that would make you feel it necessary to publish, and put the onus on them.

    I did, and I have a clear conscience.

  5. Re:QANTAS, Linux, Sun, Oracle and MS on Oracle's Infrastructure Now Fully Linux-ized · · Score: 1

    If we switch over to Linux here, we'll be doing Sun out of business, and Microsoft is unscathed. How is that good for the world?

    It's not about "Us vs. Microsoft", it's about "Us vs. Proprietary Software".

    Some things are services - such as TurboTax. It's software, but it's really an accountant's knowledge of the tax laws for that year embedded in software, and is more of a service than a good.

    Others are goods, and are increasingly, commodity goods. An example is the Operating System - rapidly being commoditized by Linux. In a commodity environment, volume is high and margins are low.

    Linux is really the market recognizing the commodity nature of things like the Operating System and things like Word Processing. There will always be plenty of service-related niches for things like regulatory compliance (see TurboTax reference above) and various other offerings.

    How is switching from expensive, proprietary, commodity items (Solaris) to cheap, open, commodity items (Linux) *not* a good thing?

  6. Barnes and Nobles or the local thriftstore on Science and Math For Adults? · · Score: 1

    I've long had a simple, surprisingly effective method of evaluating whether or not a particular book is going to be easily comprehended...

    I pick up the book, open it somewheres around 1/2 way in, and start reading. If I haven't more or less figured out what's going on in 2 pages or so, I pick up another book and do the same.

    You'd think that since subjects like math are typically studied linearly, building on previous concepts, that this would certainly not work.

    But I've found this to NOT be the case at all!

    Barnes and Nobles, the local Tower bookstore, or even the local thriftstore are goldmines of incredibly valuable information, and I've had great luck with the above method.

    If the subject of study is fairly static (english, mathematics) your local thriftstore will often have used school textbooks for $0.50.

  7. Re:As long as there is C... on Analyzing Binaries For Security Problems · · Score: 1

    What does this have to do with open source vs. closed? Sure, in theory, every single person who downloads an open source program will review the code themselves to make sure there are no buffer overruns. If they find any, they will of course report them back to the maintainer, who will then fix the bug.

    In practice, this doesn't really happen.


    But it's not required to happen for OSS to work. Somebody who "downloads and installs and that's it" factors in as a zero into the matrix of development efforts.

    The point of OSS is that *more* people actually *do* look at the source than with a closed environment, not that *everybody* does.

    Additionally, with OSS, developers are more likely to be careful because they know that at any time somebody could check out "their stuff".

    But people who, (like anybody, most of the time) simply d/l, compile, install, and use said application really don't matter for the developers.

    As long as people are using C, there will always be buffer overruns.

    C is the "old" high-level language. Remember Assembler? Now we're talking HIGH level languages like c#, PHP, perl, and Java. These really don't compare directly with C, other than the fact that they "get the job done".

    A tight, clean assembler program will kill the performance of any C or Java program. But it will take forever to build and will be tied to the hardware.

    C is an abstraction of assembler, PHP/Perl/Java is a further abstraction based on C.

    It won't be long (10 years?) before we move to a another level of "high level languages".

  8. Re:OSS/FS community should do the same on Microsoft Deploys Linux, Open Software in Test Lab · · Score: 3, Insightful

    I don't think most OSS developers are out to kill M$. They have an itch that needs scratching.

    Hear here! I don't write code thinking: "This will get 'em!". I write thinking "Gee, wouldn't it be nice if...?".

    Act as though Microsoft isn't really the point, and it won't be.

  9. Not until cryptography has caught up... on Hardly Anyone Cares About Computer Voting Problems · · Score: 0

    When they engineer a system that:

    1) Encrypts my vote so that nobody else can see what I personally voted on,

    2) Allows every vote to be independently verified,

    3) Mathematically guarantees that, without breaking the privacy of any vote, counts all the ballots in such a way as each independent vote must be part of the aggregate number,

    4) Does all the above on an open, independently verifiable platform that can be easily tested for accuracy, (OSS)

    I won't trust e-voting. Even with the above, I'd be suspicious. I don't trust our paper-ballot system, but I trust e-voting even less.

    -Ben

  10. Re:skewed statistics. on Gates Provides Windows Crash Statistic · · Score: 1

    Yah, helps me find the errant "" tag...

  11. Re:skewed statistics. on Gates Provides Windows Crash Statistic · · Score: 1

    I think the Windows error reporting service can only handle application errors and non-fatal system errors.

    Which would be pure crap.

    I've developed applications for workflow automation, and during the beta period, I've developed a rather extensive error logging/reporting system that lets me know exactly what was going on in the program at the time it crashed, as well as a large amount of information about the operation of the program just prior to the crash.

    With this, it's almost like having the program in front of me - with perfectly acceptable performance degredation.

    If the program crashes, next time you run it, if it's on the 'net, it asks you for what you were doing at the time it crashed in order to help debug what the problem was.

    Why can't 'doze do this?

  12. Re:Just tell them you're outsourcing to India... on Why Outsource When Workers are Willing to Telecommute? · · Score: 2, Informative

    The "mythical man month" comes to mind here...

    I've had two experiences with Indian outsourcing...

    In the first, I've recently been bidding (as an indie consultant) against a company in India that works for "$12 US per hour".

    Yet, when I assess the actual deliverables, I'm delivering every feature for about the same price as their bid, at $65 per hour! I'm pretty confident that I'll get the project.

    In the second, an Indian company was hired to perform a core deliverable for a venture company. I got in around halfway through, and to be frank, was not involved directly in this project.

    But the things I heard coming out of that development effort were simply hideous

    - URLs in the web parts that were absolute, instead of relative, requiring a recoding of every page in the site to take from Dev -> Live,

    - Filling out a page with information from a database, by issuing a seperate SQL query for each *field* on the page thru a function call, making for upwards of 100 database queries to fill out what a single DB query/Join could have achieved

    - Numerous serious security flaws - such as using the public IP address of a database server for DB connections rather than a local socket file, and hardcoding that address in, requiring *another* recoding effort to go from dev -> live.

    Just remember, it's only cheaper if it works...

  13. Re:It's not poetry on Darwinian Poetry: From Bad to Verse · · Score: 3, Interesting

    I remember reading a few years ago about a pogram that was written to randomly write music in the style of certain composers (in this case, Bach and Mozart)....

    It's a noble experiment, I think, and not something that should be immediatly shunned just because it wasn't written by humans.


    Oh, but it was written by humans! Just not directly. A human had to take the time, and develop some sort of algorithm for determining what comprises a "Bach" piece of literature.

    Humans then had to encode this - had to develop the intimate understanding of what it means to be "Bach" and then write the software that conforms to this vague, entirely subjective concept of "Bach".

    The program, once written, wasn't acting on its own. It's clearly acting in accordance with explicit and careful instruction on the part of the programmer(s) who put it together.

    Just because we can make a machine that can do X, that machines do X and aren't somehow human - they are as human as their creator.

  14. Re:Color Laser Printeres on Color Printing Without the Inkjet Mess? · · Score: 1

    Don't you mean an extra couple thousand bucks?

    A "buck" can refer to a thousand - Ergo, a "Buck and a quarter" can refer to $1,250.00.

    I don't know if it's regional, or what, but here in Northern CA most of my friends would realize that if I bought a car for 2 bucks, it's 2 thousand.

  15. Re:The scary thing on SCO Awarded UNIX Copyright Regs, McBride Interview · · Score: 1

    That isnt how copyright works, even in copyrights current fucked up state.

    The copyright is not particularly screwed up, except for the duration of copyrights. Other than the fact that a copyright can always outlive you, I think the current system of copyrights to be quite effective and sane.

    What's really messed up is the Patent system.

  16. Re:No Deadlines does not mean No Pressure on QA Under The Open Source Development Model · · Score: 1

    This system works great for projects that enthusiasts use -- individuals request new features, play with the product, and in return, report bugs. This does not work for companies of any size who expect software to work properly right out of the box, where the "feedback loop" of reporting bugs is a last resort.

    Most mature OSS projects have a "stable" tree, and a "development" tree. The company that wants something that "works right out of the box" uses the "stable" tree, the guy who wants new feature X uses the "development" tree.

    Pretty simple, no?

    Unless, of course, you're surfing SourceForge for a project with a number below 0.1.0....

    Some of my open-source projects are very heavily tested in high-capacity commercial environments - and are given version numbers > 1.0.

    Others never make it past 0.1 - which is what I'd call "it kinda works and demonstrates the point".

    But let me bring the point to a head:

    Can you name a single instance of software used by a company YOU have been involved in used that had bugs that caused problems?

    Tell us all about it... I'd love to hear!

  17. Re:duh on Making Freenet Find Stuff Faster · · Score: 1

    Freenet is no more trying to be Kazaa or Morpheus than a knife is trying to be a fork.

    That wasn't the point, was it?

    It's not what *FreeNet* is trying to do, it's what KaZaA/Morpheous are doing!

    FreeNet still requires geeks to run and operate. But, if I could download a FreeNet installer for my windows, double-click, and have an easy-to-use node in 10 minutes, it will *explode*.

    So long as you are

  18. Windows in VMWare more stable, too on Will Munich's Linux Desktops Be Running Windows? · · Score: 1

    I've found that Windows is more stable when run inside a VMWare virtual session than when run on "bare hardware"

    I have an Athlon 1800, ATI Radeon 8500, 160 GB 7200 RPM 8MB HD, Asus clone system running RH 7.3, and VMWare Workstation 3.2 as my primary development workstation.

    I have *never* had Windows crash unexpectedly in a VMWare session, but when run on "bare metal", even with all updates, patches, and the latest drivers installed, Windows versions of numerous flavors crash at least daily.

    I use VMWare since client side software must run in Windows - so while I develop in PHP-GTK for All desktop flavors of Windows, several Linux, and Mac OSX, VMWare allows me to test several of these simultaneously on the same machine. With 1 GB of RAM, I can run 3 guest operating systems along with the RH 7.3 host without things getting particularly slow.

    VMWare's just awesome...

  19. The next level on Making Freenet Find Stuff Faster · · Score: 3, Insightful

    FreeNet will have problems for the forseeable future because the average joe can't easily install it and make it work.

    Who will take FreeNet to the masses?

    In other words, who will make a simple, usable client/server program that works on FreeNet? (Think Napster/KaZaA/Gnucleus)

    Will it be KaZaA? BearShare? Will it be some Open Source project?

    How long until somebody with the right skill set takes this to the "next level" so that it's actually usable to people other than geeks?

  20. Transparent Society on Southeast To Start Video Monitoring Flights · · Score: 4, Interesting

    Every time I see an article like this, I'm reminded of another work I consider a landmark - The Transparent Society.

    I find it quite amazing that this work in 1996 highlighted so many issues now coming to bear - such as this one - and the article is clearly written.

    Here's the first thing I'd change - All audio and video collected by any police organization should be public record 14 days after it was first recorded.

    Access to the video in realtime as suggested by the above article (You did READ it, didn't you?) can be used to tactical advantage by criminal organizations - but the 14 day delay would have the same effect of keeping the cops honest without surrendering any meaningful tactical information.

    Then, we could expand out from there.

  21. Re:Still a good idea... on Picking Up the Pieces · · Score: 1

    So while guys like you are fighting the system by refusing to play, guys like me are figuring out how to use the system to an advantage. Think about it.

    BTW, I'm only 36.


    I bought my first house at the ripe age of 26. I still have it, and between it and another I bought at 28, when I turn 56 I'll have zero house payments.

    I've had the house just 6 years, and already my mortgage is about 50% less than the going rental prices for equivalent housing!

    Both of these houses are fairly large, and property values have been skyrocketing. I figure that when I get to retirement age, I'd be able to rent out both of these 3 bedroom houses for an equivalent in today's dollars of approximately $2,200 per month, which is a better retirement income than most I know with a retirement plan from their beloved unions...

    I'm looking for a good deal on a 4-plex.

    Oh, and since you brought it up, I'm 31. Nice to be smart, eh?

  22. I've been reading too much slashdot... on Exploit Available for Cisco IOS Vulnerability · · Score: 1

    worked against my 1005.. sadly :P)

    As I first saw this, and figured you'd mis-spelled 10053, because there really SHOULD be an "e" at the end... Then realized that "loose" doesn't fit in the sentence.

    Ah well. Stupid me.

    -Ben

  23. The way it should be on Intrusion Tolerance - Security's Next Big Thing? · · Score: 4, Interesting

    Recently I upgraded and migrated to a newer, much faster server. When I moved over all my software, everything worked OK, so I switched DNS about 2 weeks ago.

    However, I got sporadic complaints about images not sizing properly, even though I initially found nothing wrong.

    However, what had happened is that a critical piece of software (ImageMagick) wasn't loaded on the new server - but since all the functions that resized images had numerous fallbacks (such as using expired, cached copies, and failover to full size display which even then didn't always cause a problem since they were frequently resized with HTML tags)

    In any event, this (I think) demonstrates the idea - there were several layers of failure that had to happen before images didn't show - and everything kept more-or-less rolling for 2 weeks.

  24. Re:Aren't there enough laws? on North Carolina Fights Back Against Lexmark · · Score: 1

    Every time I walk down the street I'm sure there are about a thousand laws governing my behaviour, most of which I'm not even aware of.

    In a society without laws, the arbitrary rule of power governs activity. Don't piss off the guy with power, and do everything you can to become the guy with power, or he'll step on you.

    Laws are designed to protect the "little people" from those with power, since the guy with the gun now has to adhere to the law rather than his/her whim.

    Add too many laws, however, and this falls back down to "might makes right". I've had a police officer shake a Vehicle Code box at me while exclaiming " I could pretty much arrest you for anything I like with this! ".

    Yes, we have lawmakers, and perhaps that's the problem. They should be lawkeepers or lawmaintainers and should be viewed as such.

    Why is there more honor in getting a law passed than in getting a law repealed?

    It's illegal to kill a mouse in the state of California without a hunting license. It's illegal to cross a street in a motorcar in Michigan without firing a rifle. It's also illegal to fire a rifle within 300 yards of a house, making truly legal motoring in Michigan a difficult venture.

    It's illegal to possess a nuclear weapon in my hometown, for example - carries a $500 fine.

    Yes, there are too many laws, and we've long ago reached a point of arbitrary enforcement - which tips the scale of justice back towards those with power.

  25. Re:Confusing article... on AOL Lays Off 50 Netscape Coders · · Score: 1

    Do you think OpenOffice would survive if Sun dropped it tomorrow? No, it has no community.

    I dunno. I mean, Sun's carrying the torch, and Open Office is really, REALLY building steam. I'm using 1.03 and it's pretty good.

    Now most of my clients have installed and are using OO in some form, and I'm finding surprisingly little resistance.

    When given the choice of upgrading MS-Office '95 for $$$ or downloading OO which does almost as good for free, it's a surprisingly easy sale, and one I've made numerous times.

    Now, these aren't *developers*, but Open Office is Sun's big stab at Microsoft, and IMHO, it's working. I think by the time everybody realizes how well it's working, it'll be too late to save the drastic drop in MS revenues.

    I'd guess this around 3-5 years out.

    Mozilla would not have matured if, at version 0.3, AOL had dropped its funding, but now it's reached that "critical mass" point where there's enough solidity and mindshare to the project to get people excited.

    Open Office will hit that point in the next year or two.