Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:Note to Editors on Botnet on Botnet Action · · Score: 1
    Not at all. Sick people can be sick, it happens. But we're not talking about "ordinary sick." We're talking about bleeding-from-the-eyeballs-ebola sick. The kind of sick that makes other people sick simply through casual contact. And most importantly, we're talking the kind of sick a reasonably prudent person can keep at bay with vaccinations and regular doctor visits.

    If you actually saw a sick person wandering down the street, bleeding from his eyes and coughing ebola viruses on everyone he passed, (and yes, you could somehow easily determine they were ebola viruses,) and you could see bloody-eyed victims wandering around in his wake coughing on their neighbors, what would you really do? Honestly, I'd run fast and far in the opposite direction seeking shelter, or I'd shut my car doors and roll up the windows and drive off. And as soon as I was out of immediate danger I'd get on my cell phone and call 911, and I'd be demanding police, ambulances, fire trucks, the National Guard, the Department of Homeland Security, and a couple of exorcists just in case, and I'd be demanding them right fracking now.

    But this is the internet, and we don't have police, ambulances, or fire trucks. We have CERT. And if I had a dollar for every time I heard the phrase, "Thank God we're saved, CERT is here!", I'd be a nullionaire.

    So given the current lack of law enforcement on the net, if my choices are to either wait eleven months for CERT to get Interpol to arrest the sick guy, or wait 30 seconds for Shaun of the Dead to smack the sick guy down with a shovel and inject him with something that may or may not cure him, I'd say Shaun is my hero.

  2. Re:Note to Editors on Botnet on Botnet Action · · Score: 1
    Hey, if you're running an unpatched server that's been taken over by a bot, and now your zombie is trying to corrupt my server, I don't care who you are or what you think of the trespass laws. If some vigilante botnet comes around and cleans up your machine, you should be out there kissing their asses in thanks and writing them donation checks, not whining "You COMMITTED A CRIME." Because if a vigilante group can do their cleanup work on your equipment, YOU are the criminal. You are criminally negligent in letting your machine deteriorate to the point where it can be corrupted and used to attack others, and you are demonstrably doing nothing about it.

    Basically if your machine is so crappy that a group of vigilantes can board it and clean it up, you have demonstrated enough negligence to accept whatever it is they do to you. I don't even care if they install their own trojan from which to launch future cleanup attempts. If you were a competent machine owner, you'd be running a secure system instead of crying about legal issues.

  3. Re:Note to Editors on Botnet on Botnet Action · · Score: 1
    Oh, I know the analogy is weak. A better analogy would have been a virus, something transmissible to other people. At that point there *is* a public health reason to take action, either "enforce a cure", or at the very least to do what you suggest: quarantine.

    As we both acknowledged, there is no governing body, which is why I don't think vigilantes are unjustified in their actions. In order to accomplish what you suggest, each and every ISP would have to agree to participate, or giant chunks of the internet would become balkanized. Perhaps new network protocols would be developed to exchange quarantine information, or new routers would have to be deployed to provide the isolation. Whatever, it's a lot of work that is not happening today, much to the advantage of the bad guys.

    So today our current responses are utterly pathetic. This officially how botnets are addressed today: volunteers with honeypots spend months gathering data, they report to CERT, CERT calls the FBI, the FBI calls Interpol, Interpol calls the Estonian police, and since it's the brother-in-law of the burgomaster's kid, the hacker gets a tip and isn't home when the cops show up. Or even if nobody tips them off, the Macedonian police have the following choices to make: hunt down thieves, thugs, rapists, murderers, and the Russian mafia; or some kid in a coffee shop with a laptop. Guess which gets priority. Nothing continues to happen for months and months under the current system.

    As long as nothing happens to the bad guys, why should anything happen to the good guys?

  4. Re:Note to Editors on Botnet on Botnet Action · · Score: 4, Interesting
    I'm not so sure about this. Why does good have to be diligent and honest? Why can't this be done by vigilante groups who are not officially sanctioned, but nobody complains about them?

    The internet is still pretty much wide open, with no single governing body. A vigilante group could operate out of any number of less-than-cooperative countries. And this vigilante group does NOT have to be 100% good or careful. These zombies exist because their owners don't know or care enough to keep their machines safe, and now they're out attacking the rest of us. I have about zero tolerance for dangerously ignorant people or their hardware when it's threatening mine.

    In medical terms, these zombies would be defined as malignant cancerous cells, and botnets as tumors. And to carry the medical analogy further, the treatment is to kill the rogue cells. We don't contact them, and ask "hey, Mr. Cancerous cell, you're hurting the rest of us, would you please stop?" No, we use chemo and radiation and surgery and remove and destroy the tumors so they don't spread further.

    I really don't see why a vigilante group can't send out "good-faith" efforts to patch bad machines. If those machines die as a result of a bad patch, well, perhaps its because they deserved to die. I certainly wouldn't complain if someone started actively dismantling these networks.

  5. Re:The fat years are over on Botnet on Botnet Action · · Score: 2, Interesting

    And if you use your bot to retrieve a competing bot, you can reverse engineer your opponent's command and control structure. Why fight for one advantage at a time when you can 0wn his entire botnet? Game, set and match.

  6. Re:So Possibly... on Botnet on Botnet Action · · Score: 5, Insightful

    I don't report zombies on Comcast addresses probing my home web server to Comcast because I'm afraid they'll just get all pissy about my running a web server. It's strictly a "personal use" server, and it doesn't see a megabyte of traffic a day, but you never know what's going to tweak the wrong person. I figure it's better to stay below the radar, keep the patches current, keep watching the logs and put up with the probes.

  7. Re:First Post! on Legislation To Overhaul US Patent System · · Score: 4, Insightful

    You should read the actual bill before concluding that it makes any problems worse.

    I have two arguments against your statement, and I'm only half joking.

    First, the bill is backed by every large technology corporation. The only bills large corporations ever approve of are ones that increase their profits, usually at the expense of smaller companies or individuals. And if both Microsoft and IBM agree to it, this trips all my warning alarms and signals about "bad ideas".

    The other argument is that Congress is horribly, horribly broken, and I simply do not trust them to pass good or useful legislation. This country needs fewer laws, not more laws. In general, if they're passing a piece of legislation, it's going to be bad for us regardless of the topic.

    That said, I'm actually looking forward to reading the bill. I mean the USPTO is already pretty screwed up, so this offers the faint glimmer of hope that it really will reform them. But I'm also prepared to be severely disappointed.

  8. Re:That's nice but... on The World's Longest Tunnel · · Score: 1
    Yes. TFA says they've budgeted $62 billion dollars for the whole project, $10-$12 billion of which is dedicated to the tunnel.

    In addition to pipes, power, and a highway TFA also says it's going to carry a rail line, but they haven't announced which gauge of track the tunnel would use: American or Russian. Either way, the trains are going to have to be stopped and cargo transferred to cars running on the other's gauge at some point.

  9. Re:Here's Why... on Louisiana to Pay $92,000 After Game Law Fight · · Score: 2, Insightful
    That's why I want a "three strikes" constitutional amendment added to the executive branch of government. If you sign into law three different bills that contain any components that are struck down as unconstitutional, you are maliciously derelict in your duty as the defender of your constitution, and should face a 20 year felony for the violation of your citizen's civil rights. Removal from office is not enough, otherwise the cowards would simply sit on every bill until they become a lame duck, and then pass the most odious crap.

    Congress' job is to pass laws that are requested by the constituents. But they need the freedom to tinker, to think of alternatives that might fix or address an odd situation. But the executive's job is to defend the constitution, and that includes attacks from within -- the U-SAP-AT-RIOT act, Louisiana's game law, etc. The CEO should be putting his or her own ass on the line every time they sign a bill into law. They should be damned afraid to sign virtually every piece of legislation they see, which is how government should work -- be in fear of its populace, not the other way around.

  10. Re:Turbotax Issues on Turbo Tax Melts Down on Tax Day · · Score: 1

    Then again, there are penalties imposed if you fix your W-4 (and other forms) so that they don't withhold anything and you have to pay all your tax once a year.

    IANATA, but if you're that concerned you can file estimated taxes on a quarterly basis without penalty. At least that way you have up to three months of earning power with your money before you hand it over.

    Because someone has to say it:

    Ahh, but you're not looking at the big picture. I wouldn't berate anyone for a $100 refund. I'd congratulate him on good planning, because he really didn't overpay by too much. The lost opportunity cost of his $100 over an entire year (to be generous, let's say $10.00) is definitely not worth the headache of setting up anything more complex.

    To set up a quarterly filing structure and calculate everything to the gnat's eyelash would cost me many hundreds of dollars worth of my time (or hundreds of dollars worth of accounting expense.) To me, it's simply not economical to be that accurate. Plus, if I structure my filing to pay right on the very edge to squeeze out those last pennies of profit, I run the very real risk of running short and incurring a penalty, perhaps due to circumstances beyond my control (witness this very story.) But any penalty for any reason will more than offset any gains I may have made by reinvesting the overage.

    And don't forget that investment is not without cost, such as transaction fees. Not that I'd call my broker and ask him to buy $100 worth of stock and to take the $9.00 transaction fee out of the $100, but I do have to figure the cost of the transaction into the amount of profit any trade will make.

  11. Re:same as in real life on Turbo Tax Melts Down on Tax Day · · Score: 1
    The big central post office in our downtown stays open past midnight with postal workers collecting refunds from a long stream of past-last-minute filers. They play the stupid stopped-clock game, claiming as long as you were in line before midnight they'll postmark it on the proper day.

    I'd rather they just empty the mailbox at midnight. They should post a sign saying, "It's after 12:00. You are too late. I hope your penalty from this year reminds you to file on time next year."

  12. Re:Only Fools Wait Until The Last Minute on Turbo Tax Melts Down on Tax Day · · Score: 0, Offtopic

    It's human nature to put off something so disagreeable. Ask yourself when was the last time you went to the dentist.

    Dude, you need a better dentist. Seriously. I mean how hard is it to go in every six months for a cleaning?

  13. Re:You could always try private sector... on Spam-Bot Intrusion Caught — Now What? · · Score: 1
    Shadowserver is a group of security researchers that study malware. They actually encourage people to report new incidences of malware to their anti-virus vendors. I don't know if they accept direct submissions of malware, they're kind of a low-profile group. I think if they took submissions directly in any way, the botherders would probably flood them big time. But I don't know, you can try.

    Note that they don't actually "do anything" to the botnets. They study them and gather information, but they leave the actual response to law enforcement.

  14. Ode to Google on Schmidt Says YouTube 'Very Close' to Filtering System · · Score: 2, Insightful
    Google, google, what are we to think of you?

    Once upon a time, you were the One True Search Engine. You wormed your way into our hearts with your blessed neutrality. You created cool toys, and you arbitrarily stood up for our rights when it suited your bottom line. You epitomized the .com boom. You were like the Switzerland of the internet.

    Whereas Doubleclick stood for all that was wrong with making money, you stood as the shining beacon of how to do it with class.

    And now? Forget it. Screw this whole "Don't be evil" thing, where the hell is the next paycheck coming from?

    I wonder if AltaVista is still a decent search engine...

  15. Re:no speakers on $90,000 103in HDTV · · Score: 1

    I hope you pointed out the difference between analogue and digital signals to him.

    I tried! But the Monster sales reps appear to have their hooks deep into the flesh of the Best Buy floor sales people. Perhaps it has a lot to do with their commissions, but this guy didn't want to hear about digital vs analog, he just wanted to sell me 2 meters of wire for 160 frackin' dollars. Seriously, I was considering buying one of their closeout HDMI DVD players for $80, taking the cheap Taiwanese HDMI cable out of the box, and asking the sales guy to throw the DVD player away for me. In the end, I bought a $40 Rat Hut cable on sale for $30.

    Of course, now that Rat Hut is carrying Monster, finding a local alternative to their pointlessly expensive stuff is that much harder.

  16. Re:no speakers on $90,000 103in HDTV · · Score: 1
    Actually, the TV is only $30,000.

    The rest of the $60,000 went for Monster Cables.

    I can hear the Best Buy salesman now: "If you're spending that much on a TV, don't you want the best cables? Y'know, the reds are a lot crisper with good cables." (The sales creature actually said that to me to try to get me to spend $160 on an HDMI cable when I bought my plasma. Because apparently it's the red bits that degrade if they're not happy with the quality of the cable.)

  17. Re:Nice, just wish I could afford the equipment... on Getting High-Quality Audio From a PC · · Score: 1
    Hey, these are the same people who were selling shielded fiber optic cable a year or two ago. That's right, shielded optical cable. It was supposed to eliminate cross talk or interference or some made up crap.

    I honestly can't tell if they're a joke site, or if they actually sell any of these products. I do know that either way, I'm damn well not giving them my name and address! I mean I'd pay serious amounts of money to get a mailing list full of people both stupid enough and rich enough to spend $485 on a wooden volume control knob! I'd label two-foot scraps of Romex stuffed inside 1/2" copper pipe as "RF absorbers designed for in-wall installation" and sell them for $359 each.

  18. Re:Screw game AI on Most Impressive Game AI? · · Score: 1

    Thanks! Your posting just created a new game that a friend and I are now playing: find the Google maps longest route to cover the shortest great circle distance.

  19. Re:Like always in Russia on Kremlin Seeks to Control Online Media · · Score: 1

    I thought the USA had "the worlds most dangerous nuclear arsenal". Or did I not get the memo?

    I think you quoted, but did not get, the point.

  20. Re:Mine on What's Your Site Rotation? · · Score: 1

    OK, thank you VERY MUCH for that link to Questionable Content. I've been reading his strips for hours and hours now, and he's got a lot more.

  21. Re:The CAPTCHA solution on Google Pushes Open Source OCR · · Score: 1
    I was chatting with a webmaster who did a lot of work with this kind of system. Basically, he automated the spotting of spam, but he didn't immediately delete it because that led to the "l33t c1@L1$" variants. Instead, everyone who posted spam had their IP address added to a "fake" list. Anyone on the fake list got to see all the spam and thought they were posting publicly, but all the "non-fake" users (especially Google) had it filtered and they never saw it. He planned to extend the idea to CAPTCHAs -- anyone trying to hack the CAPTCHA with a script would end up on the fake list.

    He then put together a script to purge the databases of "fake" postings that were over a month old, just to keep them clean. Far as I know, his system is still working fine because the spammers haven't figured it out yet.

    I still think stealth-segregation is a damn clever idea, as long as you can absorb their traffic. If you don't give the spammers the feedback that you're on to them, they won't know when you can spot their tactics automatically. And they won't retaliate the way that some of the really evil bot herders do.

  22. Re:Well... on Google Pushes Open Source OCR · · Score: 1

    I get absolute shitloads of russian spam.

    That's funny, I get sh!tloads of Italian spam, but the only Italian I know is from restaurant menus and the Pidgin Italian I occasionally hear on the Sopranos. It must have something to do with whoever harvests our addresses, and to which lists we were sold.

    Long before I had Bayesian filters, I wrote a rule that said "if the sender's domain ends in .it, silently trash it." I then added .ru and .kr to the list. And then the spammers won. :-(

    Lately it's not been too bad, but I'm really parsimonious with doling out my address. Sneakemail has been a big help in that respect, allowing me to shut down the few spammy websites I failed to recognize up front (and tipped me off that the spammers have harvested Sourceforge more than once.)

  23. Re:Unclean Hands on EFF Jumps in Against RIAA for Copyright Misuse · · Score: 1

    The only way to really kill the RIAA is to break through its corporate veil and nail its members.

    ...with a wooden stake. Don't forget the wooden stake. That's the most important part, because they'll just rise from the grave if you don't. Although maybe exposure in full sunshine will do them in too, I never remember which remedy works best on which kind of monster.

  24. Re:funny on The Real Reasons Phones Are Kept Off Planes · · Score: 1
    Thanks! Your explanation makes perfect sense.

    And all these people said I was just wasting time on /. when here I am, receiving an education in radio wave propagation :-)

  25. Re:funny on The Real Reasons Phones Are Kept Off Planes · · Score: 1
    Oops, thanks for correcting my math.

    As far as the fuselage acting as a waveguide, wouldn't it have to be close to (or narrower than) a wavelength in diameter to be effective? If my math is right (and you've already proven it's questionable :-) cell phones have a wavelength of about a third of a meter. I'd think the radiation would be so scattered in such a large tube that the fuselage would have little effect on funneling the signals to the cockpit.

    Of course, all this incorrectly presumes the important avionics are only located in the cockpit. In reality, there could be receiving antennas or other affected circuitry in the wings, tail, above or below the passenger cabin. All that aside, I still don't believe that even a dirty 600 milliwatt 928MHz transmitter is likely to screw up every redundant system in a plane simultaneously.