Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. Re:HP is run by Vogons... on Is HP Paying Intel To Keep Itanium Alive? · · Score: 1

    Linux supports the Itanium. Linux supports the VAX. You can probably find a Linux port for the intelligent toaster from Red Dwarf.

  2. Re:Support on Is HP Paying Intel To Keep Itanium Alive? · · Score: 1

    Yes, but producing the contract would make Oracle back down, which is profitless. Getting into a lawsuit and winning would be worth a lot of money.

  3. Re:Support on Is HP Paying Intel To Keep Itanium Alive? · · Score: 2, Insightful

    The Itanium could be a very nice processor, if they continued developing it. Although I'd suggest using a new brand name, after the total disaster of the first version. A pure 64-bit chip with no limitations due to legacy architectures has a lot of potential, potential Intel never really took advantage of. It didn't help that they never wrote a decent compiler for it.

  4. Re:Maybe Oracle should do something useful, period on Is HP Paying Intel To Keep Itanium Alive? · · Score: 0

    At least they're not maintaining said obnoxiously terrible software. They're ignoring it (OpenOffice) or using a monkey with typewriter (MySQL and the Oracle DB).

  5. Re:Language changes, get over it on How Technology Is Shaping Language · · Score: 2

    From an etymology dictionary: 1756, "special vocabulary of tramps or thieves," later "jargon of a particular profession" (1801), of uncertain origin, perhaps from a Scandinavian source, cf. Norw. slengenamn "nickname," slengja kjeften "to abuse with words," lit. "to sling the jaw," related to O.N. slyngva "to sling." But OED, while admitting "some approximation in sense," discounts this connection based on "date and early associations." Liberman also denies it, as well as any connection with Fr. langue. Rather, he derives it elaborately from an old word meaning "narrow piece of land." Sense of "very informal language characterized by vividness and novelty" first recorded 1818. A word that ought to have survived is slangwhanger (1807, Amer.Eng.) "noisy or abusive talker or writer."

    The 1756 definition would fit with your 13th century translation, which means it has a definite root as far back as is meaningful to go.

  6. Re:Texting on How Technology Is Shaping Language · · Score: 2

    If you have two distinct statements at some point in time, A and B, where at some subsequent time A and B can no longer be distinguished because of convergence in definitions, then there has been deterioration in regards those two statements. The same is true if you have just one statement, A, that can no longer be expressed at all.

    Likewise, if you have two distinct statements and at a PRIOR time they can no longer be distinguished, you have strengthening. The same is true if you have just one statement that previously could not be expressed at all.

    Whichever trend is stronger for the language overall is the trend that determines if the language is deteriorating or strengthening.

    Change is a part of language, yes, but the total expressiveness should either remain the same or increase. Old expressions, no longer wanted, should drop out of use just like any vestigial form in any biological system, but something should always be added that's as good or better.

  7. Re:Language changes, get over it on How Technology Is Shaping Language · · Score: 1

    Yeah. I mean, you wouldn't just buy Book 1 of Lord of the Rings.

  8. Re:Great! on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    Linux has capabilities and SELinux within the kernel, capabilities can't be regained once shed and permissions are inherited and can never be increased. AIDE is also standard on most Linux distros. This is before "hardening" with, say, GRSecurity and RBACS, or by using the Linux Journal's guide for removing the root user entirely.

    It is a mistake to think of "desktop" OS' - the kernel is the arbiter of security and the kernel doesn't care whether you're running the system as a desktop or a walrus.

  9. Re:Great! on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    Let's start with your assumption, that a person can obtain root privileges. Technically, init is the only process that needs it. After that, all other users can be given subsets according to what they need to do. If there is no "root" user, then there is no way to obtain root privileges.

    Next up, replacing /bin/sh. If the filesystem is read-only (not just mounted read-only but actually a read-only type) then replacing /bin/sh requires replacing the entire root filesystem and then remounting it. A mix of SELinux and per-process capabilities would insure that even if you were to hack into the administrative account (even if it is root) you don't gain any new privileges in the process. You have exactly the same rights, because those are inherited, and those rights don't include replacing that key file or remounting the filesystem.

    Same applies to bash, ksh and csh.

    Same mostly applies to infecting grub. It's not a read-only FS, but it is in an area that shouldn't be writable by regular users and regular users are all you should ever have.

    The key ring is a bit more of a problem. AIDE will tell you if it has been altered at all. By standard, the key ring should not be usable if it has been altered and the admin hasn't approved the alterations, although not all distros do any kind of locking there. (Again, regular users can't approve the alterations because their rights are inherited and not replaced.)

    Same for sources.list and .repos.

    AIDE would give you a list of all modified binaries. Nothing to stop an AIDE plugin from disabling all modified binaries until the modifications are approved.

  10. Re:Monopoly on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    What expense? They bought an AV company a while back. There is no additional expense.

  11. Re:AV is a band-aid on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    Why should it matter? Privilege escalation would be impossible if they implemented proper security. (Proper security = a component installed on the browser has the subset of kernel and file privileges common to the user and the browser and all libraries called upon.) Proper sandboxing would also mean that it would be impossible for an application running inside the browser to infect any other part of the system, alter the browser, or remain running after the browser is closed.

    The base install should reveal no warnings and no vulnerabilities if scanned by nCircle and Retina and OpenVAS. Not "or", "and". You want to make sure you have maximum coverage of vulnerabilities.

    Base file permissions should reflect the recommendations of the SARA security tool, after allowing for OS differences.

    A setup like that would not be proof against any attack, but it would be proof against a large enough percentage of them that antivirus would be more "useful" than "absolutely essential".

  12. Re:AV is a band-aid on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    See the research paper on Security Kernels. You CAN make errors totally immaterial. Microsoft has chosen not to. That was a choice, not a requirement.

  13. Re:Depends on if it can be turned off and if its g on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    Microsoft started cooperating with anti-virus vendors on the understanding that they weren't going to provide their own anti-virus product. They then bought an anti-virus software maker and provided that as their own anti-virus product. They then promised that this wasn't in violation of the anti-trust agreement as they weren't going to have it built into their OS. The anti-trust agreement has now expired and, guess what! It's going right into the OS.

    Norton and McAfee are disposable these days - they started off brilliant but that was a long time ago. On the other hand, this will also kill things like DrWeb and ESET. That, to me, is much more of a problem. Those two are actually credible products and they won't be usable on Win8 because they won't install if there's any antivirus (including Microsoft's malware detector that doesn't) installed. Once Microsoft has their AV built into the OS itself, DrWeb and ESET will be unusable because you know damn well Microsoft won't have an uninstall feature, just as they don't for their browser.

  14. Re:Good for consistency; bad because of consistenc on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    Ah yes. Microsoft's anti-virus offerings so far have been... ...less than impressive and their malware detection is a memory hog that detects nothing. (Except sometimes antivirus software.)

  15. Re:Great! on MS To Build Antivirus Into Win8: Boon Or Monopoly? · · Score: 1

    That's the whole point of mandatory access controls - the object being linked to has a level of privilege that is a product of the creator of the object that cannot be exceeded regardless of who is running it. Nobody uses set uid any more, do they? The run-level scripts have no business being readable or writable by anything other than root and should have their regular permissions and security labels set accordingly.

    Trying to disinfect Linux from the inside is relatively easy. Never have critical components as modules (they should be compiled in for security and for performance) and disinfect via single-user mode.

    Of course, there's nothing to stop you from running Linux inside of a supervisor or hypervisor such that the underlying OS provides the underlying tools and not the OS you are running. If you're really clever, you actually push this functionality into BIOS/EFI - OpenBIOS is certainly capable of it. Then it doesn't matter what components of the OS are compromised.

  16. Re:Language changes, get over it on How Technology Is Shaping Language · · Score: 2

    Prepare to shock me. :)

    I'm serious. There aren't many words that originated with slang. Bastardization, perhaps, but even there I don't think it's as common as you think. However, there's an easy way to settle this. There are plenty of online etymology dictionaries. Can you give me a few examples of words where said dictionaries show the word to have been coined and to have no roots? (Because things get increasingly uncertain as you go back in time, let's set the 12th century as a cutoff point.)

  17. Re:Texting on How Technology Is Shaping Language · · Score: 3, Interesting

    I have books (printed and handwritten) from both before and after the invention of the telegraph. The sample size is limited, but I can definitely say that English did deteriorate. In fairness, though, that's as much the educational system as the technology. By insisting on producing "marketable" people, it can never produce "capable" people.

    (Some people learn Computer Science away from the computer. They learn the theory, the logic, the reasoning, the methods and the actual science. Only then do they see how these relate to any given implementation of a computer or any given implementation of a language. These people are capable and a change in technology won't impact them in the slightest. Their skills will "just work" and their lingo will "just apply".)

  18. Re:Language changes, get over it on How Technology Is Shaping Language · · Score: 5, Interesting

    I dispute his claim that the terms are even English. They're slanguage* at best and more often mere craft jargon. To qualify as "English", it has to have sustained use, a definable meaning and exist outside limited subcultures. (Or it has to appear in the Oxford English Dictionary. I'll accept that.)

    MUD (Multi-User Dungeon) is technically the name of a specific game engine, although it can also refer to any game engine of a similar ilk. It is a technical term. The same is true of MOOs, although actually only one gaming engine ever existed as far as I know (LambdaMOO).

    *Slanguage: Something that is more complete and concrete than slang but which cannot be defined as a language in its own right.

  19. Re:WTF on SCADA Hacker: Water District Used 3-Character Password · · Score: 1

    The security guard was smashing rocks together?

  20. Re:Password not the problem on SCADA Hacker: Water District Used 3-Character Password · · Score: 1

    I'd require a one-time password. The system issues a challenge, you use an OTP calculator to add the password to the challenge and you enter the response. Serves much the same purpose as a key, except a thief can't be sure of getting the right password. If you need something physical, then a tamper-proof card with a digital certificate is good.

  21. That's less of a worry on SCADA Hacker: Water District Used 3-Character Password · · Score: 1

    What IS a worry to me is that this is the SECOND SCADA system hacked in about as many days, despite Homeland Insecurity insisting the first case was a one-off.

    Worry 1: We now know that there are many such systems connected to the Internet without even basic security. There's plenty of reprogrammable zombie networks and plenty of people with zero conscience, although the good news is that most of the latter are in politics and so safely isolated from reality.

    Worry 2: At best, it means that those entrusted with national cybersecurity are clueless about people. At worst, it means that those entrusted with national cybersecurity are clueless about computers as well.

  22. Re:and why... on SCADA Hacker: Water District Used 3-Character Password · · Score: 1

    It depends on what GIS data is meant. Live sensor data is about the only geographically-related data likely to change and be needed by control systems. However, most of that data should be coming in off a non-public network. It should also be protected from corruption, with corrupt data logged but never sent to the SCADA system.

    Sensors have little interest in lolcats or e-mail, so providing direct access to the outside is stupid. Any access to any port on the system that is not to do with sensors aught to be funneled through an intermediate server that is, itself, only reachable via VPN. Sensor access should be isolated and be via a proxy.

    In either case, direct access is a no-no.

  23. Re:I wish this was the case in the UK on Full Disk Encryption Hard For Law Enforcement To Crack · · Score: 1

    You're forgetting that goggies are in power.

  24. Re:Proof by disbelieving .. on Study Says Quantum Wavefunction Is a Real Physical Object · · Score: 1

    I'll believe you if you say so, but can you explain how the second example is of a photon interfering with itself given that it's interference at the same point in space but different points in time? Surely it would need to be two distinct photons.

  25. Re:Past the tipping point on Climate Panel Says To Prepare For Weird Weather · · Score: 5, Insightful

    James Lovelock, the grandfather of geoplanetary science, agrees with you. I'm not inclined to argue the point with him, since he has been right on every prediction so far and is the inventor of the best model we have of how planetary systems work.

    My argument is the same one as it has always been - the top 2% of the population are Mensa-level, which means we've 140,000,000 geniuses planet-wide. That is more than adequate, provided they have the education and the resources, to prepare humanity for what is inevitable and to prevent what is inevitable from being any worse. That's not even including those who are brilliant in ways IQ cannot measure, so you might need to double or triple the brainpower that can be let loose on this.

    You'd need to be willing to spend money. Over the next ten years, the US would need to double its debt just to educate its own. I did the calculation for that a while back on Slashdot for those interested in how I got that figure. However, it could be done. You just have to want to.