Slashdot Mirror


User: amicusNYCL

amicusNYCL's activity in the archive.

Stories
0
Comments
6,246
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,246

  1. Re:Norman? Norton! on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results · · Score: 2
  2. Re:Russions on China's Nuclear Rover Will Sample the Moon · · Score: 1

    What the hell is a "Russion"?

  3. Re:Java Sandbox Exploit, Not Java Exploit on Another Java Exploit For Sale · · Score: 0

    This is not a bug in Java. It is a bug in the Java browser plugin, called a sandbox exploit.

    While that distinction is important to the people exploiting the bugs and the people fixing or mitigating them, to consumers it doesn't matter. It doesn't matter if the bug is in "Java Plug-In", or "Java(tm) Plug-In SSV Helper", or "Java(tm) Plug-In 2 SSV Helper" or "Deployment Toolkit". What matters is that they got attacked because of a bug somewhere inside the Java Platform. If most people who don't care about the distinction between the various components also have no use for Java outside of the browser, then to those people attacking the browser components is attacking Java, and removing Java removes the threat.

  4. Re:D'uh on The Empire Writes Back About the Failed Death Star Petition · · Score: 1

    What are the key differences between Bush, Obama and Palpatine?

    One of them is fictional.

  5. Re:Closed Room + Faraday Cage on How Do You Detect Cheating In Chess? Watch the Computer · · Score: 1

    It's not as if having a "spectator" make barely-perceptible signalling in order to communicate information to a player is a new way of cheating.

    That's not a new way of cheating, which is why they have people watching for it. There are a list of incidents here which specifically involve using technology to win, the FIDE Olympiad in 2010 is interesting because of how the moves were communicated to the player. TFA also has a quote from "The Arbiter's Song" which has lyrics that refer to actual incidents of cheating:

    If you’re thinking of the kind of things
                  that we’ve seen in the past:
      Chanting gurus, walkie-talkies, walkouts, hypnotists,
                  tempers, fists—
      Not so fast.

  6. Re:Closed Room + Faraday Cage on How Do You Detect Cheating In Chess? Watch the Computer · · Score: 4, Insightful

    The man suspected of cheating in the article was relying on analysis being performed somewhere outside of the tournament hall, which was then broadcast to him.

    While that's a fine assumption, there's not a single bit of physical proof to back that up. That's the basis of this whole "conundrum". The entire body of evidence they have against the guy is purely statistical. It would be interesting to sponsor a challenge or competition to try and reproduce how he would have done this, starting with the participants being searched. Even so, without any proof we can't really accuse him of cheating. He can always just use the "put up or shut up" defense.

  7. Re:Much hyperbole about nothing on Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch · · Score: 1

    I commend your grasp of the English language. When someone makes a claim saying that "Java is vulnerable", or that "Java contains a vulnerability", or that "people are exploiting security holes in Java", are you able to use your highly-tuned knowledge of English to infer from the context that they are referring to Java the language, or Java the platform? When someone describes "the version of Java that runs in a browser", are you correctly able to deduce that they are referring to a version or component of the platform, as opposed to the actual language? Apparently no, you're not.

    Don't worry though, not all of us have a perfect grasp of what everyone else means all the time. For example, I'm not a lawyer and don't work in any law-related field, nor do I want to. I'm also working under the assumption, however incorrect it may be, that your body actually does radiate some amount of heat apart from what comes out of your mouth in a metaphorical sense.

  8. Re:Much hyperbole about nothing on Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch · · Score: 1

    It's not a version of Java! Java is a fscking programming language.

    It's also a platform, which does have individual versions and components.

  9. Re:Much hyperbole about nothing on Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch · · Score: 1

    That being said, I didn't know who he was,

    I guess I can understand that, it's not like his name and title were right next to his quote.

  10. Re:Browser Plugins are Always Vulnerable on Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch · · Score: 1

    Good idea. Don't use Opera because version 9.02 had an exploit that was fixed in version 9.10, while the current version is 12.12.

  11. Re:Much hyperbole about nothing on Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch · · Score: 1, Insightful

    You think the chief security officer of Rapid7 doesn't understand the nature of Java, huh? It's not that he's trying to use language that most people would understand, but that he actually does not know that Java is a programming language and what the JVM actually is. That's some stunning logic you've got there. He sounds like he probably knows his stuff.

  12. Re:Hypocritical on Apple and Mozilla Block Vulnerable Java Plug-ins · · Score: 1

    This issue is specific to the browser plug-in and it is due to a separate Security Manager in the com.sun.SunToolkit used by the JRE plug-in for browsers, ONLY.

    I hear the same thing every time any serious Java vulnerability is discovered. "But, it's not the whole thing, it's just this one part that causes ransomware to get installed and all of your files get encrypted and you have to pay some sleazy asshole to get them decrypted! It's just this one little obscure part that does that!" That's great, and I hope you take solace in the fact that, as far as you know, there aren't massive security vulnerabilities also present in the JRE or anywhere else. However, if you follow the link about Java being the #1 infection vector, you'll see the list of vulnerabilities includes the JRE, deployment toolkit, and browser plugins. Those are vulnerabilities that are (or were) actively being exploited specifically to install malware. You can whine about which of the Java components are at fault all you want, but at the end of the day it's still a fact in reality that most infections happen because of Java.

    JNLP has been around since 2008, barely 4 years

    That's good, it only takes them 4 years to come up with a piece of software that shovels malware onto your machine. Well done.

    So Java as a platform used in other areas and in desktop is just fine.

    That's going a little far. It may not be as easy to exploit if you don't have the browser plugins and deployment toolkit installed, but that doesn't mean it's "just fine".

    Heck, look back at your article and its statistics: IE, yes, Microsft's own software written in C++ is the number one infestor of Windows, not JRE.

    How can you misread that? Attacking IE itself is only responsible for 10% of the infections seen. Java is at 37%. Acrobat is at 32%. That means if you remove Java and Acrobat, you're no longer vulnerable to 69% of the infections that report saw. If you don't use IE in addition, you're not vulnerable to 79%. The other three major causes are Flash player, Windows help files, and Quicktime. Flash is the only thing on that list I'm unwilling to go completely without right now, mostly because of online media. So, no, Java is still #1! Go Java!

    If you failed with Java

    I didn't fail with Java, Java failed me.

    Oh look, this same conversation happened last year too. Well, at least it was the fault of one minor component and not the whole stinking thing.

    See you in 6 months when we have this conversation again. You can point out which obscure part of Java is responsible for the newest exploits then.

  13. Re:Burned on Oracle Knew of Latest Java 0-Day Security Hole In August · · Score: 1

    It amazes me how many people confuses the java runtime, sdk and the java pluging

    Really? Even now in 2013 I see posts from people who are trying to learn programming for web pages who don't know the difference between Java and Javascript, and you think it's weird that people don't distinguish between the myriad components of the Java environment? To me it doesn't even matter, I uninstall the whole thing. There have been several major vulnerabilities in the runtime, several in the plugins, and there's no reason I need the SDK. There's no reason I need any of it, really. Because of the quality of Oracle's efforts, I lump the entire thing into the same bucket. Oracle hasn't shown a reason to do anything else.

  14. Re:Hypocritical on Apple and Mozilla Block Vulnerable Java Plug-ins · · Score: 3, Informative

    While Java applets are very rare

    Let's keep that in mind for the rest of this discussion. Java is in no way, shape, or form a necessity for the vast majority of users. It is, however, a huge risk.

    How is anyone supposed to ever use it if web browsers start disabling it for every 0-day vulnerability that pops up.

    First, Java has been available for web use since 1994. It's nearly 20 years old. It's not like it hasn't had a chance to take hold. There are plenty of reasons people choose not to use it. It's been an option for several projects I've been involved in, and we've never chosen it. Second, that "every 0-day vulnerability" part.. well, that's part of the problem with it. It has a lot of vulnerabilities, and a lot of them take a while to get fixed. So to answer your question, if browsers keep rightfully disabling a vulnerable POS software then people will not use it. Hopefully it will just go away.

    It's not like Firefox and Safari don't also have 0-day vulnerabilities

    Actually, it sort of is like that. Mozilla is pretty good about fixing bugs. If you don't believe me, here's their list of vulnerabilities. Go ahead and find the section on that page which lists the unfixed vulnerabilities. Here is the vulnerability page for Firefox 18 on Secunia. Take a look at the stats on the right side to see how many vulnerabilities it is currently affected by, as well as the percentage of unpatched. Here is the same Secunia page for Java JRE 1.7, go ahead and compare that to Firefox 18.

    IMO there should be a small grace period of 1-2 weeks

    Java has had a grace period of 19 years. Under Oracle, it's been around 6 years. This shit keeps happening. There is a pattern here. There is a reason why Java is the #1 infection vector for Windows machines. The browsers are just trying to protect their users. Blocking the #1 infection vector is a pretty decent way to do that. If they also blocked the Acrobat plugin then that would be another step in the right direction.

    US CERT has the right idea:

    Due to the number and severity of this and prior Java vulnerabilities , it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client."

    (emphasis mine)

  15. Re:Tall 'U' Shaped Structure? on What Did Google Earth Spot In the Chinese Desert? · · Score: 1

    Obviously he had no idea you could roll back the clock.

    You don't really need to, all you need to do is click through the pictures in the article. I didn't even open Google Earth, I just looked at the slideshow and saw that it had the timeline up that had the date set to 6/2011.

  16. Re:Tall 'U' Shaped Structure? on What Did Google Earth Spot In the Chinese Desert? · · Score: 4, Insightful

    With all due respect, you're talking out of your ass. Look at this picture. Notice that the image shown there is from 6/21/2011. What you call the "dilapidated buildings" didn't even have graded land or foundations a year and a half ago. If you have Google Earth installed then you can turn back the clock to see what else changed in 2 years' time. Those buildings are not dilapidated or in a state of disrepair, they are under construction. Try again, comrade.

  17. Re:now they can concentrate on ignoring mentally i on Connecticut Groups Cancels Plan to Destroy Violent Games · · Score: 1

    I'm currently pissed at the NRA for pointing the finger at violent media

    I don't know, they might have a point. I'm in my 30s, I've been playing games for many years now, all kinds of games. It turns out a lot of them are violent. I'm not a violent person by nature, but I admit that after spending several hours playing Far Cry 3, now I really want to go hang gliding.

  18. Re:Trusted Foundry on US Nuclear Lab Removes Chinese Tech · · Score: 2

    "Safer" is a pretty relative term. A home user may be "safer", in the sense that their online traffic data would only go to the Chinese, who wouldn't really care about what they're doing online. For a government user, sending a copy of their traffic to China is not safer. Likewise, for a government user they don't really care if all of their traffic is being sent to the NSA, because they're the NSA. But for a home user, you probably don't want all of your traffic going to the NSA. Home users might be safer with Chinese technology (safer as in "safer from the US government"), but US government users are safer with the technology that sends everything to the NSA.

  19. Re:Wrong problem on Researcher Warns That Military Must Prepare For "Mutant" Future · · Score: 1

    War is not won by Rambos. Even special-ops types aren't built like Arnold. War is won by people who make the right decisions under pressure and have the skills and endurance to carry them out.

    Right. So what happens if you have a man who is calm and is capable of very high-quality tactical decisions while under fire, but who doesn't have the endurance or strength of the people you want him to lead? Wouldn't it be nice if you could just give him that endurance and strength, rather than try to find a way to move that tactical ability into a bigger body?

  20. Re:Be fair on Linus Chews Up Kernel Maintainer For Introducing Userspace Bug · · Score: 1

    Yes but frankly there was no call for acting like a fucking dramaqueen douchebag, he's working on an extremely complex subsystem and made a mistake.

    On the other hand, it's a pretty obvious and simple mistake. He changed the error code to one that was simply not valid and didn't make sense in context. Changing the error code that gets returned in the first place is a really bad idea as Linus pointed out, and he also pointed out that if you are ever going to change an error code that it needs to be for a very good reason and clearly explained. Mauro didn't do any of that, he just changed the return value to a value that doesn't make sense and then tried to defend that. I think him trying to defend that choice was what made Linus fly off the handle. If Mauro got the bug report and came to his senses that changing the error code was not a good idea and would clearly lead to userland problems then Linus would have stayed a little farther away from having a stroke.

    It can't be an easy task dealing with a distributed team of worldwide programmers with their individual skill levels and egos. You're trying to cut Mauro some slack for making an error on a complex system, how about cutting Linus some slack for having to manage the kernel maintainers? You want to talk about a complex system, developing and maintaining the kernel is a complex system.

  21. Re:Extra safety on How Do You Give a Ticket To a Driverless Car? · · Score: 1

    If the computer suspected everything as behaving as erratically as a human behaves, it would have to drive extremely slowly to make up for its lack of insight of which car door is likely to spontaneously open right into onflowing traffic. Even fully alert humans often find this situation unsolvable, with a collision the inevitable result.

    You say "even fully alert humans" like someone alert is the absolute top of the ladder. A computer would smoke them. Even an alert person would have a response time of at least a second, possibly a little bit less, with time needed to assess the situation, decide on an action, make the physical movements, and then the vehicle response. The response time for the computer, replacing everything the person does except the mechanics actually responding, can be measured in milliseconds. At various speeds the difference of a second can mean tens or hundreds of feet of distance traveled. The computer would have the added bonus of also determining if it should turn at the same speed and accuracy that it determines to apply to the brakes. A few years ago my mom mentioned how a car in front of her stopped short, and her response was to just slam on the brakes and shut her eyes. A computer wouldn't panic either, it would apply the same logic and reasoning between the time it senses the input and when the situation is over. Whenever you see videos of computers reacting to high-speed stimuli, I always notice how the computer seems to react at the same speed at the event happens. The computer driving the car would start turning or braking as soon as the car door in front of you starts opening, it wouldn't wait for it to be completely open, notice it, and then react.

    That kind of thing doesn't really matter if you're moving at 60mph and someone runs out only 10 feet in front of you, but if you're a couple seconds from a collision then the response time of the computer is a major benefit.

  22. Re:Welcome to the Vault on Vivos Founder Builds an Underground City Where You Can Ride Out the Apocalypse · · Score: 1

    It's so similar that I'm actually surprised that Fallout wasn't mentioned in the article. Let's see what life is like in a vault:

    It's what he likes to call “life assurance”--mini underground cities, in effect, for people ride out the end of civilization in a community setting with good food, television, even a potential dating pool.

    Today, six underground complexes are underway in undisclosed locations around the country, including one in Nebraska, and another in the Rockies, respectively designed to accommodate 900 and 1,000 people. Another, designed to hold 2,000 people, is in the works, with “a ton of interest in Australia.” Only one, located somewhere in Western Indiana, is fully stocked and ready to go.

    Originally, the folks at Vivos thought it may be possible to build entirely new structures for their shelters. They quickly discovered that it was much cheaper and easier to appropriate one of the country’s many empty, underground shelter complexes already in existence, relics of the Cold War.

    Standard rooms in Indiana are outfitted with two bunk beds to hold four people, with access to shared bathrooms.

    From the looks of a video tour available on the group’s website, the Indiana location includes common area amenities like a home theater with leather recliners, dining rooms, multi-user kitchens, a Laundromat, and a very ominous soundtrack. (“Join us for the next Genesis,” it reads.)

    “What Vivos is, is a modern-day fortress or citadel, where our members are safe and secure, with all the supplies they need to ride it out. And we can defend the facilities. So if the rest of the world’s gone crazy, our people will at least be in a safe haven,” Vicino said. He wouldn’t elaborate on how, exactly, the fortresses were armed. But he emphasized that they're equipped for “not offensive, but defensive measures.”

      “I can tell you, you will never get into the compound. And if you do, once the shelter’s locked down, unless you’re in the military, you’re not getting through the door.”

    Yeah, that's a goddamn vault. Hell, even the second picture in the article, if you remove the guy in khakis, would look like a screenshot from Fallout.

  23. Re:What is "intelligence"? on IQ 'a Myth,' Study Says · · Score: 1

    You're trying to suggest that if the search and rescue dog stopped being useful, maybe it got sick, injured, etc, that people would just stop feeding it? That the only reason people ever feed a dog is because they can make that dog do some action that benefits them? How does that explain people who own dogs that are completely untrained?

  24. Re:What is "intelligence"? on IQ 'a Myth,' Study Says · · Score: 3, Insightful

    Dogs can be trained to do a lot of things, and therefore can be very "useful". So people feed them.

    Cats almost can't be trained, they sleep or play around the whole day. An yet people feed them as well.

    People don't feed their pet dog because it can theoretically be "useful". They feed it for the same reason they feed their cat.

  25. Re:True on IQ 'a Myth,' Study Says · · Score: 5, Funny

    by Anonymous Coward
    I have an IQ of 150, am a member of a 3 sigma IQ society. But I cannot remember names...

    -- MyLongNickName

    It's worse than you think. You also can't remember passwords for websites!