Slashdot Mirror


User: amicusNYCL

amicusNYCL's activity in the archive.

Stories
0
Comments
6,246
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,246

  1. Re:DIscussed the business case with media partners on Bas Lansdorp Answers Your Questions About Going to Mars · · Score: 1

    The first moon landing was watched by an estimated 600 million people.

    Right, in 1969, on their tiny little black and white sets.

    The Olympic games are watched by an estimated 3.2 billion.

    60 years later.

    Sure, a lot of people would watch the first manned Mars mission, but the case for "more people watching than watch the Olympics" is still weak

    Yeah it's week, but I imagine that half the planet would tune it at some point over a year.

  2. Re:DIscussed the business case with media partners on Bas Lansdorp Answers Your Questions About Going to Mars · · Score: 1

    To fund a continuing Mars mission, it would have to rate as well as the Olympics, month after month, year after year.

    No it wouldn't. It would have to do as well as the Olympics does over the month or so they are broadcast, but it would have a whole year to reach those numbers.

  3. Re:I have two important questions on Bas Lansdorp Answers Your Questions About Going to Mars · · Score: 1

    Does the Bible apply to people on Mars?

    What does that even mean?

    Can the entirety of the Earth's internet be cached on local Martian servers to provide entertainment equivalent to being on Earth?

    *Can* it? Of course it's technically possible. Will it? No, why bother with the massive full-time data transmission and storage requirements just for that? It would be far more efficient to mirror specific websites, like Wikipedia, that are likely to be used often. The colonists could request a particular website be mirrored if they want to browse it in "real time". That's obviously an issue with sites pulling data from other sites though, like Facebook "like" buttons or logins.

  4. Re:DIscussed the business case with media partners on Bas Lansdorp Answers Your Questions About Going to Mars · · Score: 1

    That scenario may be likely, but I seriously doubt it would occur in only one year. That, and the demographic for viewers for streaming footage of the first humans colonizing another planet is probably a little bit different and less fickle than the demographic for shows like Jersey Shore or the Kardashians. I don't watch reality TV other than a show like The First 48, but I would watch the first offworld colony for many, many reasons beyond interpersonal drama between the inhabitants.

  5. Re:Nice dodge on Bas Lansdorp Answers Your Questions About Going to Mars · · Score: 1

    I doubt he has anything to say about that. I'm sure they have people working on that aspect, but if I was him I wouldn't be focusing my personal attention there either until my experts have it worked out. They have 10 years to work on that problem, it doesn't need to be solved right now. I'm sure they're also probably planning on localized contamination at least around the habitat. It would be exceedingly difficult to prevent 100% of contamination.

  6. Re:designated driver on Will Speed Limits Inhibit Autonomous Car Adoption? · · Score: 1

    The way DUI laws are written currently, I wonder if you could get a DUI for being in an autonomous vehicle while intoxicated simply because you have the option of taking over control.

    The way DUI laws are enforced currently, I'm sure you would get arrested. But if the car is driving safely you probably wouldn't get pulled over.

  7. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    At least that one's done. So you agree the problem is not the JRE, but the plugins/plugin framework.

    The problem is that all of the components that people exploit are installed and enabled by default in the download package that Oracle labels the JRE (which is why the report specifically blames "Java JRE").

    It's Windows that's the single largest vector for infection.

    No, Windows is the target. Java is the hole that attackers go through to get there.

    The fact that other systems run fine with Java really points out this glaring omission on MS's part.

    OK, then let me ask you a question. Why do you think it's true that Java is used as the infection vector 37% of the time, while Flash is used 16%? Or that IE is used at only 10%? When a Windows machine gets infected, why is it almost 4 times more likely that the infection happened via Java versus the loathed and vilified IE?

    (also, if you're going to try and point out how great Java works everywhere other than Windows, again, we're talking about cross-platform malware here)

  8. Re:Because the USA is pwned by lawyers? on Why There Are Too Many Patents In America · · Score: 1

    Why do we call it a mistake and have double standards when a person in certain public offices breaks the law?

    My bet would be because it was an ex-lawyer who was responsible for that law.

  9. Re:Ohhh shiny on San Francisco To Stop Buying Apple Computers · · Score: 1

    I'm not asserting that anyone should be outraged over anything. Regarding the recycling issue, I'm also not asserting anything about the customers. The customers aren't the issue, I don't care how easy it is for a customer to turn in their old computer. The actual recycling process is the issue there, you know, the goal to efficiently reuse the components in the machine. If they need to use a solvent or some chemical process to remove the glue then that doesn't help the goals of recycling. The users aren't the point, the goal of recycling is the point. My point is that glue is bad for recycling, why is that difficult to comprehend? This isn't rocket surgery here buddy.

  10. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    I'm not being obtuse. You are berating a product for the flaws of a single component that resembles an appendix that 99% of Java users never encounter nor care about.

    OK. Since you're the resident Java security expert, then let me ask you a question. Since Java is responsible for 37% of infections to Windows, and since the study specifically calls out the JRE, but you claim that the JRE is not the problem, then answer these two questions: which component is the problem, and why do end users care which component is the problem? The fact remains - Java is the #1 infection vector. You can claim that 99% of users never "encounter" the faulty components, but that leaves a hell of a lot of infections for the remaining 1%, doesn't it? Are you trying to tell me that only 1% of Java users are responsible for getting the majority of Windows infections from a single source?

    Only if you install the browser plugin(s). You don't have to, and IIRC, that's a question the user has to agree to. So, you are incorrect on both counts

    Am I now? Well, that's easy enough to test, isn't it? I open IE. I go to the page on java.com where it will test for Java. After a couple minutes it says it doesn't detect an installed version. I download the 20MB offline installer for Java 7 r5. I run the installer. The first screen has some basic information and tells me to click Next to accept the license and install Java. I click Next. Java installs. After it finishes, I open IE again and go to the same page. It now detects the correct version I just installed. I click on the Tools menu and select Manage Add-ons. Listed there I see Java Plug-in 10.5.0, I see Java(tm) Plug-In SSV Helper, I see Java(tm) Plug-In 2 SSV Helper, and ... what's that? I see Deployment Toolkit, from Oracle America, Inc., installed on 7/12/2012. The only thing I clicked in the installer was "Next". And now, I uninstall.

    See, that was easy to test, and now we don't need to rely on your memory. Tell me again which of the components in Java is not secure and how 99% of users never encounter them.

    Sun/Oracle AFAIK don't use or promote the applet model in anything they did/do at this point nor in the relatively distant past.

    Who cares? They don't need to. Malware authors know it exists, that's all that matters. Users support it, malware authors use it, it doesn't really matter what Oracle wants to promote. What they want to promote, how they expect Java to be used, and how you personally use Java have zero relevance on the question of how so many people get infected via Java.

    when is the last time you saw a JNLP app that wasn't IT distributed?

    It's been my experience, with regard to drive-by infections, that it's the apps you don't see that are the problem.

    They might as well have said there's a C exploit

    But they didn't, did they? They used Java. The platform of choice for malware authors.

    I do note however, that your argument list has gotten very short by this posting.

    You may also note that I've only ever had one argument - that Java is the single largest infection vector for Windows computers.

    And I'll restate the final point - if you don't install/enable the plugins, you won't have a problem

    Now that we can agree on. I'm glad you agree with that statement.

  11. Re:Because the USA is pwned by lawyers? on Why There Are Too Many Patents In America · · Score: 1
  12. Re:Because the USA is pwned by lawyers? on Why There Are Too Many Patents In America · · Score: 1

    The real problem with lawyers is all of the lawyers that get elected to office and then pass laws favoring lawyers. I can't get a home loan in this country (or at least my state) if I don't have a lawyer, the loan isn't valid. Lawyers also enjoy an unusual amount of immunity from prosecution.

  13. Re:Interesting, but... on Why There Are Too Many Patents In America · · Score: 3, Insightful

    What's with the term "Big Pharma"? Is there some sort of mom-and-pop pharmaceutical company that is the alternative to Glaxo-Smith-Kline? Aren't they all big? Isn't there just "Pharma"?

  14. Re:Ohhh shiny on San Francisco To Stop Buying Apple Computers · · Score: 1

    Wait, what's the question?

    I'm not asking a question. I was originally responding to a quote from TFA.

    You are complaining about the effort Apple must go through to recycle their devices, which imposes no barrier to the user in recycling.

    In my previous post I was responding to your claim that the recycling process has no perceivable difference when glue is added as opposed to screws, for example.

    So are you complaining that Apple's processes are too complicated for you to understand

    No, my friend, the concept of gluing things together is not too complicated to understand. It is also not "state-of-the-art", as the "analyst" in TFA claimed it is. I seem to remember gluing things together when I was a small child.

    or that, as a user, there's no difference to you in recycleing, and that makes you angry

    I confess. That sentence I do not understand. But it wouldn't be the case as I am not an Apple user.

    I'm unclear what the problem is that you are complaining about.

    If you require me to distill this to a single "problem" that I have an issue with, it is Apple's continuing march towards non-upgradeable computers. But, like I said, as I'm not an Apple customer, this does not affect me much. If this were not Apple's policy, however, then I might have been their customer.

  15. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Well, since browsers are responsible for 100% of the infections listed, I expect you don't have them installed, either? And since Windows was also 100% responsible for infections, you don't have that either? For that matter, what are you doing on the internet? It is responsible for 100% of those infections!!!

    Don't be obtuse. IE was only responsible for 10% of infections, and I don't use it. Windows help files were the vector less than 5% of the time, and I assume IE was used there as well, because my browser wouldn't automatically launch a Windows help file.

    I think you may need to revisit your assumptions

    Maybe you misunderstood me. When I referred to "my browser", I was not referring to IE. I don't use IE for the same reason I don't install Java or Acrobat Reader. That's 79% of infections that won't succeed on my machine after very little (or no) effort on my part. Go ahead, ask me about the last time I had to clean up an infection on my personal computer and how it got there.

    If you enable pieces that allow outside access and code execution, then there is much greater potential for problems.

    There's no need for me to have to do that when they're enabled by default. So yes, when Java is installed with the default settings, which includes browser plugins, you end up with something that is the single largest infection vector for Windows computers. This is a fact, this is not my opinion and it is not theoretical. It is reality. You can argue all you want, but this is what the reality of it is. The current implementation and deployment of the Java runtime is a malware author's dream. It's a full-blown high-level language able to interact directly with the system (and indirectly, due to the numerous vulnerabilities), and the code that it runs is downloaded by the browser and subsequently executed. You can't ask for a better infection vector.

    the JRE's primary purpose is to run specific java code, not random snippets from the web, at least for everything I'm involved in.

    Primary purpose for who? For you? For Sun or Oracle? For malware authors? What is the primary purpose of Java Web Start? Do you really want to have a discussion about "primary purpose" versus "unintended use"? Because I would direct you to WD-40, super glue, Teflon, Kleenex, SMS messages, etc.

    You do realize that you're trying to argue that Java isn't a threat in a discussion on an article about a piece of cross-platform malware distributed via Java, correct?

  16. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Exactly how Java ends up executing the malicious code isn't really relevant to end users. I don't have any parts of Java installed because I don't trust that it's going to be secure. I don't care enough about Java to go digging through the individual bits and pieces to identify which things are safer to install. It doesn't matter to me whether the DT is at fault, or the JRE, or J2EE or JDK or whatever else, I don't care. What I care about is avoiding infections, and since Java plays a part in 37% of infections, I'm not going to install any of it.

    Given malicious code, I propose that executing it is as dangerous whether it's Java, C, or even JavaScript.

    There's obviously a major difference there. My browser isn't going to happily download and execute a C application because some web page convinced it to. And I don't think there's anything that Javascript alone can do that's going to compromise anything on my system. But if my browser has the JRE set up with defaults then it will certainly be quite happy to download and execute that fine applet you've got there.

    Finally, what sites require Java that are "normal"? Very few that most people will come into contact with.

    Right, that's why I don't feel like I'm missing anything and, due to the fact that the Java ecosystem is the vector for so many infections, I don't see any reason why anyone should have it installed unless they need it for a specific part of their job.

  17. Re:Ohhh shiny on San Francisco To Stop Buying Apple Computers · · Score: 1

    No, what's stupid is gluing the screen and battery to the case so that if you need to replace the screen or battery you end up needing to replace half the parts in the thing. That's what is stupid.

    And I'm not sure you know the definition of "imperceptibly", because the additional effort required to remove all of the glue during the recycling process is most certainly perceptible. It is neither trivial nor negligible. If Apple wants to foot the bill, great, but that doesn't mean the process is exactly the same as recycling a computer that doesn't have glue in it.

  18. Re:False Dillema on San Francisco To Stop Buying Apple Computers · · Score: 1

    Yeah yeah, data, data, words, words. You're missing the point: Apples aren't overpriced. The reason I know this is true is because the GP wrote it in bold text. Steve Jobs used to use bold text also, did you know that? No, I bet you didn't...

  19. Re:Ohhh shiny on San Francisco To Stop Buying Apple Computers · · Score: 1

    I like this quote from some random "technology analyst" in TFA:

    Apple has a long history of being a cutting-edge design company and some of these processes involve state of the art components and manufacturing techniques

    Right, state-of-the-art techniques like gluing the screen and battery to the case. That way you can't recycle the screen or the case! Cutting-edge.

  20. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Just like the Spanish Inquisition, the list of weapons you see in that study is "amongst" all of their weapons. That's not a complete list of exploits. They claim to have looked at 50 exploit kits. I believe that Metasploit alone contains a database of around 800 exploits. According to Secunia, JRE 1.6.x contains 274 vulnerabilities and 1.7.x contains 53.

  21. Re:Well I'll be a big brother's uncle! on Chinese Censors Are Being Watched · · Score: 3, Insightful

    But when the discussion turns to protest or other forms of mass action, start censoring and nip it in the bud.

    To add to that, and to show why the censors aren't shaking in their little space boots, a discussion of censorship would also trigger the censorship. This is how the censors "deal" with transparency of their actions, they hide it from The People. They don't really care if the rest of the world knows about it.

  22. Re:Well I'll be a big brother's uncle! on Chinese Censors Are Being Watched · · Score: 1

    Chinese censors may soon have to deal with an unprecedented transparency of their actions.

    Go ahead, guess how the censors are going to "deal" with transparency. I'll give you a hint: it's already their job to "deal" with transparency.

  23. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    Your link exposes that the browsers and the Java Deployment Toolkit appear to be the culprits, not the JRE itself.

    The study specifically calls out the "Java JRE" (that's right, the Java Java Runtime Environment) as the vector for 37% of Windows infections. But I do see that in the partial list of vulnerabilities that some of the ones related to Java (but not all of them) call out the Java DT. As far as browsers go, the only browser listed as an infection vector is IE, and it was only responsible for 10% of infections. 85% of the infections were the "drive-by" variety exploiting JRE, Acrobat, or Flash.

    PDFs, IIRC, just recently were a threat in and of themselves. But that's neither here nor there.

    The document isn't the problem, it's the reader that opens the document and dutifully executes the code embedded in said document that is the problem. If the reader wasn't set up to execute that code, then there wouldn't be an infection. The Acrobat browser plugin can get exploited with a hidden iframe that loads a malicious PDF document. The user would never even see the PDF appear, and would never know they were infected. They might get some sort of Acrobat dialog to update or something, but still wouldn't see the document that got them.

    The most surprising thing about that study to me is the fact that Flash is in last place among third-party plugins, I was expecting it to be a lot closer to the top. Still, the main takeaway for me is that if I do not have JRE or Acrobat browser plugins, I will not be affected by 69% of the vulnerabilities that are the top causes for drive-by infections. That's a pretty easy step to take in order to gain a lot of protection.

    Actually, your statements really prove that C/Assembly are the real culprits

    No, they don't.

  24. Re:Interesting author in source code on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 1

    The exploit isn't determining which OS they are running. The dropper determines the OS and then delivers the payload for that OS. The exploit in the payload may be new, or it may be exploiting unpatched JREs.

  25. Re:Java = security nightmare on Web Exploit Found That Customizes Attack For Windows, Mac, and Linux · · Score: 5, Insightful

    You're right, the Java programming language is not a security threat to computers in general. The Java Runtime Environment, and its various browser implementations, however, is definitely a threat. Just like PDF documents are not a threat, but Acrobat Reader is definitely a threat. See here for proof (spoiler: Java was the #1 infection vector, at 37%; Acrobat #2 at 32%).