Slashdot Mirror


User: Sancho

Sancho's activity in the archive.

Stories
0
Comments
5,182
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,182

  1. Re:Double-click on Opera: Firefox User Figures 'Inflated' · · Score: 1

    Again though, for trying to discover unique users, this shouldn't matter. Maybe IE users browse the web more than Firefox users? That could explain the inflation, if you're just counting GET requests.

  2. Re: No Thanks on Next-gen Windows Command Line Shell Now in Beta · · Score: 1

    I think when he said "Windows developers" he meant people who develop on/for Windows, not people who develop Windows.

  3. Re:Competition is a good thing.... on Google Wallet May Compete With Paypal · · Score: 2, Informative

    Lots of similar horror stories:

    http://paypalsucks.com/

  4. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 1

    The whole argument started when someone said (paraphrasing, because it's been a sleep cycle since then) that ignorance was an acceptable excuse because computers are complicated. Applied to the current argument, because the user didn't know how to empty his cache, he shouldn't be found in possession of these items.

    I don't think that cache should be considered "possession" in the first place. I was attacking the generalized statement that ignorance of computer use made bad computing policies and being a bad neighbor on the Internet a bad thing.

  5. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 1

    I guess the car manufacturer didn't explain what cruise control was in the manual? Wait. They probably did. This, as it turns out, is a flaw in our court system.

  6. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 1

    Peer-2-peer tecnologies only highlight these issues. Worms and viruses, it seems, only prove the opposite view you're arguing, i.e., the user can't entirely control some events at his computer. At least for those users that are not in a highly secured setting (which very few of us are - is the military?)

    While it's correct to say that a user can't entirely control some events at his computer (except, perhaps, by not turning it on, and that's certainly going into the realm of the unreasonable), the examples you cite of worms and viruses really doesn't fly with me. Perhaps the first round of worms that hit, before there was a patch available, could be considered to be unpreventable (although most /could/ be prevented by a firewall of some sort), once the patch hits, there is no excuse for allowing your computer to get infected. You can't even allow for Spyware/trojans/viruses unless the propogate automatically and without user intervention, because any time the user must take an action before the malware can infect them, they could have prevented it by being better informed and simply not trusting that a site has to install software before it's useable.

    The gray case for me is a site that exploits a bug in the browser to install malware. But again, most of the time, this is prevented with a properly configured browser. For those few times when it isn't, once a patch is issued, there is again no excuse for allowing a machine to get infected.

    Getting back on track, the cache issue. Is it reasonable to assume possession based on a cache. It should almost certainly be determined on a case-by-case basis. Me shaking my fist in the above posts was primarily because someone up there (and I don't keep track of names, but it should be evident) seemed to indicate that ignorance of technology, and the use despite that ignorance, was an acceptable reason to not be held accountable to the outputs of that technology. That particular viewpoint I disagree heavily with, and was the jumping off point for my posts.

  7. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 1

    Yeah, looks like I did mean precedents. God knows how long I've been making /that/ error.

  8. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 1

    Some of your arguments are reasonable, some really aren't. You're right, in general, your average user's computer isn't going to be the linchpin in a life-or-death situation. Does that remove them from liability? It's entirely possible to get in a wreck with someone in your car and not cause any physical injury at all--nonetheless, if you are at fault, you are responsible for the damage you've done to them.

    It's difficult to quantify the damage done by a computer infection, but it's definitely there. Real damage can be caused by a person not keeping their computer up to date.

    it is not the end users fault for haveing spyware, i think most people blame MS, and the spyware companies (another palce where new laws need to be taken written)

    It's not entirely their fault, but they do share in some of the blame. Just because they didn't know that they had to patch their computers does not absolve them of all blame. They failed to maintain their machine, got owned, and caused problems for just about every person on the internet (via traffic problems, latency, spam, etc.) The worm creator + Microsoft may have more total blame, but some blame must fall on the computer owner.

  9. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 1

    Do Patriot Act Sneak-and-Peaks not require a clear indication of what is being searched for? Most search warrants do, but these days, it's hard to tell in the US.

    If they do, then the government can't do anything with those 12 kiddy porn pics. If they don't... well that's a whole nother ball of fucked up that we can discuss.

  10. Re:Sophistry at its finest... on Viewing Files on the Web Considered Possession? · · Score: 1

    What could possibly constitute an illegal 1-1 pixel image?

  11. Re:Holely Cheese on Viewing Files on the Web Considered Possession? · · Score: 5, Insightful

    Generally, if something you own or that is under your control causes something that results in some form of law-breaking and/or civil problems, you are considered accountable. If your car breaks go out and you hit someone, you're almost certainly going to be considered at fault. Same thing goes for animals under your control, and any number of other examples. In general, you are expected to be knowledgeable enough to control/maintain your possessions, or hire someone who can do so for you. Why should computers be any different?

    Furthermore, there's hell raised on Slashdot about how "people should have a license to use their computer" when threads about Microsoft insecurity causing worms to run rampant and cause networking problems...people often rally a call to hold anyone who cannot maintain/patch/protect their machine accountable. Then we come to a thread like this, and you see a number of posts suggesting that it's not their fault if they don't know how to do something on their computer.

    Please! At least the precedence of the law is on our side for holding people accountable for their possessions.

  12. Re:Bluffing. on $100,000 Poker Bot Tournament · · Score: 1

    Excellent points. To be sure, there must be some random element to the bluffing. It's just that there should be some heuristic to it. If your bot places the other bot on a hand, it's probably not time to bluff. If your bot has the nuts, on the other hand, absolutely let a random number generator determine whether to slow play or start pushing your chips in.

  13. Re:So weird on The First Annual Underhanded C Contest · · Score: 1

    I would say you'd want to start with creating an intentional buffer overflow. Find a way to hide it so it's not horribly obvious as to what it is, but frankly, from some of the Open Source code you see out there, buffer overflows survive cursory glances at the code.

    The hard part would be getting the malicious code in there, but a simple function that, passed with the correct parameters would do something good, would do something terrible with the wrong parameters. Perhaps deleting all files in a given directory (like /tmp) but with an override to give it another path to delete, which could then be munged on the stack. Code looks fine, but the "error" in it causes it to delete /tmp instead of /home.

    Heck, you can cause a lot of havoc with a simple index error, like starting the count at 1 instead of 0.

  14. Re:Bluffing. on $100,000 Poker Bot Tournament · · Score: 3, Informative

    The real key is bluffing and counter-bluffing, calling bluffs based on the statistics of the community cards, etc. Just randomly bluffing would be suicide against a bot who plays solely on the statistics, because you'd eventually end up dumping a load of money on a hand with no draws (other than a pair of whatever crap you have in your hand).

    No, there's a skill to bluffing. While a good poker player can bluff with 2-7 off suit, just randomly throwing money into the pot really isn't the way to go.

  15. Re:Ever visit hostile websites? on CA Warns Of Massive Botnet Attack · · Score: 1

    Correct configuration can turn those options off. You can also get software to disable ads, and you never have to install flash/shockwave/java/etc in Firefox.

    Sure, we're now getting into much more technical subject, but the initial assertion is still an exaggeration, and even the logical train of thought after that (you can't have a usable computer in windows without getting "Owned") is probably untrue.

    Now you'll never get the majority of Windows users doing these things, my point is just that it's certainly possible to use Windows safely.

  16. Re:Many Bothans died . . . on CA Warns Of Massive Botnet Attack · · Score: 1

    Sure. But I was responding to the assertion that it's inevitable that if you run Windows, you will eventually be "owned". My point was to show that that's a severe exaggeration.

    Hell, your average user will download and run anything just to get nifty cursors in their web browsers. There's no solution to that except education. But those are each very different extremes.

    And I also agree that computers should be reasonably secure out of the box, and of course this is a point that Microsoft has been very lax on this in the past, but to be fair, they're working on it. It may be too little, too late, but be fair, new machines shipped with SP2 have the firewall on by default. Microsoft recently bought an antivirus company, presumably to include AV with Windows. They already have an anti-spyware application getting ready for production. They're working on a "secure by default" scheme, it's just that it's been SO long with SO many security holes that the Internet is already battered from the abuse.

  17. Re:Article is missing an important detail on New Way To Crack Secure Bluetooth Devices · · Score: 1

    Awesome, a fast, civil, informative response :)

  18. Re:Article is missing an important detail on New Way To Crack Secure Bluetooth Devices · · Score: 3, Insightful

    The article isn't clear.

    They imply that part of the pairing process is inputting the 4 digit PIN. If this is the case, user intervention would be required for re-pairing. Maybe the article wasn't as precise as possible regarding the process, but it distinctly uses the above terminology which, to me, implies manual input.

    Perhaps the devices remember the PIN if the link-key is forgotten, thus removing the need for user intervention? That would explain the bit in the article about trying every PIN (a 4-digit PIN seems pretty ridiculously small, regardless).

  19. Re:Article is missing an important detail on New Way To Crack Secure Bluetooth Devices · · Score: 1

    It would seem that way.

    How does this work with headsets? Where do you enter the PIN on the headset? Or do you ONLY have to do it with the phone?

    Also, I hear that some phones do an autonegotiation that doesn't require a PIN at all. It would seem that these would be the most vulnerable to the attack, although what happens when the legitimate device tries to pair at the same time as the spoofer?

    Regardless, at the very least this looks like it could be a DOS.

  20. Re:That is a terrible idea, how about... on CA Warns Of Massive Botnet Attack · · Score: 1

    According to your "idea" that means that because every person has the ability to commit a crime, everyone should be in jail.

    Except one is a private company with a private network dictating what you may do with their property, and the other is a human rights violation.

  21. Re:As I've been saying for years: on CA Warns Of Massive Botnet Attack · · Score: 1

    That's the other half of it: Block all incoming ports. You can make connections out, and they can make it back to you, but that's it.

    That hardly solves the problem.

    They download the payload from the web, then connect to an IRC network and listen for commands. This is actually, as I understand it, the common way botnets work.

    So what if you block IRC? Run the server on port 80. Block based on sniffing? Use the SSL port. Use some other heuristic to determine when it's not REALLY http traffic? Just use http. Make your bot queue up commands and periodically query a real webserver where you can place the commands.

    Blocking ports is great for stopping worms that use security holes to spread automatically without user intervention. Beyond that, the biggest security hole is always going to be the user who runs any program they come across and always click "Ok" to every prompt they see.

  22. Re:Many Bothans died . . . on CA Warns Of Massive Botnet Attack · · Score: 1

    If you run Windows, you PC will be owned at some point.

    A slanderous statement worthy of a Republican.

    There are many ways that a Windows PC can keep from being "owned", not the least of which is not connecting it to the Internet. Shocking idea, I know! But lots of people use their PCs for offline gaming, word processing, etc.

    Short of that, a hardware firewall/NAT device will prevent worms from getting to your machine. A huge percentage of Internet users never need to open/forward ports, and as such this is a huge boon if you must connect to the Internet.

    After that, we have the Windows firewall (now on by default, though older XP CDs won't have it on by default) which will help prevent attacks coming in from within the network. Power users may wish to tweak this firewall a bit, but again, it helps prevent the spread of worms.

    Lastly, we come to only using trusted software. I don't have any particular belief that Firefox has any intentional malware. Nor OpenSSH (run through Cygwin) or Putty, for that matter. VLC for Windows is my media player of choice. These three or four pieces of software account for 90% of my time spent at the computer.

    Safe computing practices CAN ensure that a Windows machine will not be "owned". If it happens to you, it is your own failing.

  23. Re:How is this a win-win? Here's how.... on Google Launches Google Sitemaps · · Score: 1

    Seems to me that a better solution would be EITHER disallowing indexing of the registered users ljname.livejournal.com pages OR disallowing everything BUT ljname.livejournal.com, granting more benefit for registration.

  24. Re:Sitemaps abuse? on Google Launches Google Sitemaps · · Score: 1

    I'd really like to see a site-influenced system like this that defines areas of news and areas of non-news. I'm tired of searching for multiple terms and getting main articles devoted to one of the terms and sidebar links to one of the others. For example, [insert notebook model] and Linux.. you might get a site like Slashdot where there's an article about the new notebook and many, many sidebar items about Linux.

  25. Re:Adverse Affect For Me on Porting Open Source to Minor Platforms is Harmful · · Score: 1

    You can pick up old sparc machines for less than the price of a new PC. There's geek factor in owning them, and they make just dandy desktops (for web browsing, SSH, etc).