Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. You may already have it... on Which eBook Reader is the Best? · · Score: 1

    If you have a Palm or Pocket PC PDA with a decent screen you already have a better and cheaper eBook reader than any of the gadgets known as eBook readers. The screen is smaller, yes, but for most devices the capacity is larger, the PDA is smaller, and you have a better variety of eBook software available.

  2. Agree with both points. on Exploit Found to Brick Most HP and Compaq Laptops · · Score: 4, Interesting

    1) Bricked is the wrong word.

    2) This hilights the dangers of any holes in a sandbox. The only secure way to design a sandbox is for there to be no mechanism from inside the sandbox to request access outside it... whether by installing a plugin, executing an external application, or otherwise elevating privileges. Even if the request is normally denied, the existince of that mechanism itself creates a new class of attacks.

    The corollary to point two is that ActiveX is not just a security hole, it's a different *kind* of security hole.

    On the other hand, all three of the most common browsers have a mechanism to request access outside the sandbox. None of them are as bad as ActiveX, but they're all unnecessary.

    * Any browser on Windows is subject to URI quoting attacks on helper applications, due to the lack of a guaranteed quote-safe command line and the use of a single set of helper bindings for trusted and untrusted sources.

    * LaunchServices on OS X duplicates the second problem as well.

    * Firefox and Safari both allow web pages to request plugins be installed: XPI in Firefox and Dashboard plugins in Safari on OSX. They both wrap these interfaces in multiple levels of "approval dialogs", but my experience is that there are too many people who can be relied upon to eventually hit "go ahead and infect me" by reflex.

    * Safari and Internet Explorer can both be made to, with various amounts of approval dialogs, open downloaded documents automatically. Safari used to do this by default but thankfully it's now an option... but really that capability should not be there at all.

    None of these holes in the sandbox actually make things more convenient for users. They look like they might, but it's actually easier to download a document or a plugin and than (as a separate step) request that it be opened or installed from a file browser or from a download manager, because making the operation asynchronous and deliberate like that means you don't have to go crazy with approval dialogs, because you're not running the risk of an unexpected dialog coming up for a user with an itchy mouse button...

  3. Corporate Personhood on Think Secret Shutting Down · · Score: 1

    As to a fundamental right of Apple, well they are a corporate entity and don't have "rights" just granted privileges.

    Back before the 1880s that was true. But thanks to some tricky work by a bunch of clever lawyers and a creative bit of editing by a Supreme Court reporter they managed to get the 14th amendment (equal protection) interpreted as granting rights to legal entities like corporations. So, yes, Apple does, according to US case law, have "rights".

    Funny stuff, wot?

  4. I think you mean "smaller, faster laptops". on Nanowires Boost Laptop Battery Life to 20 Hours · · Score: 1

    Over the last decade and change, improvements in hardware efficiency and battery performance have not tended to produce laptops with longer battery life, though there have been occasional exceptions. Rather we have seen smaller laptops using smaller batteries, and laptops with faster processors, more memory, and higher power consumption.

    Let's compare two of the smallest laptops for their time, the 10 year old Tochiba Libretto, and today's Eee PC.

    My Toshiba Libretto 110CT had a five hour battery life on a 2400 mAh battery. Today, the ASUS Eee PC is smaller, lighter, and more powerful... and has less than a 3 hour battery life on a 4400 mAh battery. The Eee PC's battery appears smaller than my Libretto's but it's still big enough to make it look hunchbacked: I'm sure that if ASUS could have reduced the size of the battery in the Eee PC by a factor of 10, they would.

  5. The plural of anecdote... on More Mac Vulnerabilities Than Windows In 2007? · · Score: 1

    The plural of anecdote is not proof.

    For example, I have been using Windows 2000 without antivirus software for several years, and I have not had a virus on it even when I was using it on networks that had active network worms that were known to attack Windows 2000.

    By your logic this means that Windows 2000 is at least as secure as any other OS out there.

    What this means, actually, is that I actively track security lists and make sure that I am not using components of Windows that are known to have security flaws in ways that expose them to unknown data sources. For example, the only thing I used IE for is Windows Update, and I disable things like the messenger service, and so on.

    This was also the policy I enforced as a network administrator, and that was more effective in keeping my part of the network secure than the official policy for our company... which included antivirus, but also required IE and required many known-insecure services be enabled.

    IF the user is aware of the components that need to be avoided, Windows can be used safely.

    But in the default configuration, Windows is wide open. Even Vista is still using inherently unsafe components, and using unproven internal firewalls and sandboxes to keep the computer as a whole secure even if one component is compromised. This is a potentially useful technique, but it should be a backup rather than a required part of the security model.

    Apple is not innocent either. They have copied part of Microsoft's browser and desktop integration, albeit not the most dangerous part... but they have had several vulnerabilities that could have been completely avoided by NOT using the same LaunchServices database for both internal helper applications (such as those used Finder) and sandboxed ones (the ones that could be used by Safari), and by NOT treating files with known extensions as "safe" to open.

    But compared to ActiveX?

  6. Re:Flash for Linux requirements? on Adobe Opens Up AMF Spec · · Score: 1

    What does "support" mean in this case? If Konqueror messes up their netscape plugin support by doing something non-standard spec, they aren't going to add a custom fix for that?

    If Adobe messes up their netscape plugin support by making assumptions about the API that are simply undefined behaviors that only Gecko happens to implement that way, they aren't going to fix that, instead KDE will have to emulate yet another obscure Gecko behavior.

    OK, so maybe you don't care about API creep. As someone who has watched the results of API creep turn perfectly nice programming languages and libraries into baroque encrusted surds over the past three decades... I do.

    Okay?

    Not okay... this is a side issue, my original post was about Flash, not Konqueror.

  7. Re:What warping? on Guantanamo Officers Caught Modifying Wikipedia · · Score: 1

    That there were other random edits made from same address just means that this officer, like the rest of us with an internet connectin at work, gets bored and does some random surfing.

    Or just as likely it's the address of the GITMO firewall. Because most of the edits from that address are irrelevant to GITMO. How many of the edits are part of someone's job is a good question. The Castro one, I doubt. The "invasion" -> "war" one? Possibly. Some of the clearly "neutral" but potentially relevant edits, like the one finishing an incomplete paragraph with factual information? Maybe, but probably not. Removing ID numbers? Likely.

    Why he was removing the ID numbers?

    That's a more interesting question than whether *** CASTRO IS A FAG ***.

  8. Re:Flash for Linux requirements? on Adobe Opens Up AMF Spec · · Score: 1

    It works, but Adobe doesn't support it.

    At least Konqueror is open source so if you're stuck you can try and fix it from that side.

    But the Flash side of things is closed by intent.

  9. What warping? on Guantanamo Officers Caught Modifying Wikipedia · · Score: 1

    Much as I hate to come to the defence of GITMO, of the highlighted changes three are removing information that is readily available in referenced pages. Why the prisoner IDs were removed is an interesting question, but not necessarily malicious.

    When you look at the total list of edits from that address, they include pages about Pokemon, roller coasters, Japanese cartoons, and Welsh mythology. There are some more obvious "propoganda" edits, including personal opinions (which were all quickly removed) that seem more like the work of bored browsers[1] than any kind of directed program of misinformation.

    ===References===
    [1] http://www.theonion.com/content/node/50902 *** ERIC IS A FAG ***

  10. Flash for Linux requirements? on Adobe Opens Up AMF Spec · · Score: 1

    Got a definitive link for it? Because the one I found listed a handful of gecko-based browsers as requirements, and it would be nice to get everyone on the same page.

  11. Being "closed" is part of Flash's attraction. on Adobe Opens Up AMF Spec · · Score: 1

    The Flash sandbox seems to be pretty good, yes. That's about as far as it goes.

    Flash is barely "available for Linux": there's a Linux port that's only for i32, only for gecko-based browsers, and I doubt it'll work if you're not right up-to-the-minute up-to-date with a pretty vanilla distro. And of course it's not available for other free UNIX platforms or non-x86 hardware. That's because far from being "open", it's a closed binary blob.

    But more than not being open source, it's not an open format. The fact that you can't take a flash document, open it in regular universally available tools, pull out the components and examine them, that's kind of its selling point for a lot of people using it. If it was more open, so you could reliably take a flash document, "unpack" it into a directory tree, edit it, pack it back up again... that would make people who think obfuscation is security a lot less interested in using it.

    When Adobe publishes the source code to, and maintains, a set of portable command line tools that let you hack on a .swf file as easily as a .jar or a .zip or a .tar.gz, than we can talk about them being open. But don't hold your breath.

  12. The can of worms... on A Little .Mac Security Flaw · · Score: 1

    There's many classes of related problems here.

    You have sessions that are not terminated explicitly when the user leaves the work area. Leaving yourself logged in has been a problem as long as there's been remotely accessed computers. I remember sitting around in the computer center in the dark back in the '70s because the mainframe we were using automatically resumed checkpointed jobs and the computer center had a policy of not terminating them for power outages less than some period of time.

    You have reusable authentication tokens or session IDs that aren't automatically revoked.

    These combined are a common problem thanks to the statelessness of the web.

    Adding to that the inability to explicitly log out?

    Not good.

    On the other hand, using shared devices with non-trivial persistent state is also a problem. At Usenix one year the word went out that everyone who had used Kerberos logins at the Usenix terminal room should change their passwords, because they'd found some trapdoored Kerberos software on a terminal there. As originally designed, Kerberos was meant to be used with workstations that were trivially re-imaged over the network... they had no persistent state. Now whether Athena workstations were really used that way or not, I don't know, I wasn't at MIT... but the intent was that they be treated as dataless workstations.

    Any system running a web browser, unless it's operated by someone you trust and either re-imaged before you use it or locked down so that even a local attacker using the browser can't initiate a remote execution exploit on it, is not sufficiently secure that you should be trusting it with passwords or other authentication tokens that can be used to access any resources that you actually care about.

    If Apple wanted to really attack security here, then the .Mac login screen would have a warning against using it from any location where this exploit was possible in the first place, and you would be able to indicate that you were working from an untrusted location, and if so you would be automatically prompted for your password after what most people would consider an annoyingly short period of inactivity...

    And track IP addresses, so if you log on from an IP address that someone else had used, you got put in this mode automatically.

    But, really, shared computers ... particularly at public locations ... really shouldn't be used for anything more than googling restaurants and browsing wikipedia.

  13. Unlocked car... on A Little .Mac Security Flaw · · Score: 1

    It's more like finding someone had left their keys in their car's door... and moving the car to a far part of the parking lot to teach them a lesson. Someone once told me they'd done that, and was surprised that I didn't think it was terribly funny.

    Surely there's some way in iChat to leave them a note.

  14. Not about "source code", it's a legal issue... on Beware of "Backspaceware" · · Score: 1

    People have done the same thing with both free and commercial software that has been released without source code. In some cases it's easier to "rebrand" the product with a bitmap editor and debugger than by putting together the needed compiler toolchain and recompiling it.

    The recourse is the same, whether it's released in source code or not: you use the legal system. The problem with that is the same either way, too... and that is that the law is designed to make it easy for big companies to destroy individuals, not to allow individuals to protect their rights. But even with that caveat, there are steps you can take... I am not a lawyer, so I won't go into them, hopefully someone who is will post more useful details.

  15. Kind of like open source copy protection? on The 'Malware Economy' Evolves · · Score: 1

    The design of stealth software like the "packer" is the same as copy-protection and "DRM" media encryption software, they both depend on obfuscation to hide the payload from an attacker while giving him both the key and the cyphertext. If you open-source it, you're telling the attacker (the antivirus researcher, or the deCSS author) where the key or the malware is hiding.

    I'm sure all the AV guys have already grabbed a copy of that packer and are totally on top of it.

  16. This is a given... on Dutch Government Adopts Open Source Software Initiative · · Score: 1

    Microsoft's efforts to confuse the market with their skewed terminology looks set to continue.

    Dude, that's what Microsoft DOES. It's been part of their core strategy for decades.

  17. Nod. I use UNIX. Who cares what color it is? on Ubuntu Gutsy Gibbon vs. Mac OS X Leopard · · Score: 1

    I basically have the option to run most any software I want without having to run windows.

    Same here with OS X desktops and free-UNIX servers. Yes, that includes all the open source UNIX-hosted GUI software I've ever tried.

    If it's absolutely necessary, I've got VMWare as a fallback for Windows... and a usually-turned-off "Wintendo" for games.

    But I think the last time I used VMware for Windows was to help figure out a problem for another Windows user.

    I really don't get the "Linux vs OS X" thing. The only major issue OS X has for me is the "Mac Tax"... if you don't need commercial software you can put together a MUCH better free-UNIX box using your free UNIX of choice (Linux, BSD, and don't forget Solaris) for less money. It's all "UNIX". UNIX is UNIX is UNIX. Who cares which color it's painted?

  18. Feed- feed- feed- feedback. on US Government Caught Manipulating Wikipedia · · Score: 1

    The fundraiser encourages people with time on their hands to look at Wikipedia, which leads to more edits and articles, and more people noticing things in Wikipedia they are interested in or concerned about, which leads to more articles and blogs about and referring to Wikipedia, which leads to more bored blog readers, people with time on their hands, looking at Wikipedia...

    It's wot you call a positive feedback loop. Like when the lead guitarist sticks his pickup in front of a speaker to make the PA system screech.

    I guess that makes Slashdot the overdriven amp behind the drummer that's just starting to smoke.

  19. The real news is that it's not really news. on Switching Hospital Systems to Linux · · Score: 1

    The reason they're able to do this easily is because they software was designed to run on open systems to begin with. "Proprietary UNIX" is still UNIX, so all they're doing is switching from one version of UNIX to another.

    If they'd decided to switch to Windows as some companies did a few years back they'd be stuck now, with no path back. Open systems ... even proprietary implementations of open systems, can't lock you in like that.

    This is no more significant, really, then them switching from HP/UX to Solaris. UNIX is UNIX is UNIX.

    The other thing that seems fishy is the use of the term "mainframes"? Mainframes? Really? I suspect they're talking about minicomputers... most of which are just really well engineered micros.

  20. Re:The Pig Farmer on Boeing 12,000lb Chemical Laser Set to Fry Targets · · Score: 1

    So that's the inspiration behind Real Genius?

  21. FIX THE DAMN SUMMARY on Space Shifting DVDs to Cost Extra? · · Score: 1

    Either provide a link to some actual document connecting Apple to this scheme of FOX's, or take out the speculation (based on nothing but other speculation) about a connection between Jobs and FOX.

  22. There is nothing there about free Windows... on Microsoft Giving Away Vista Ultimate, With a Catch · · Score: 1

    The only free software described on the site is the Windows Feedback Program software itself.

  23. Re:Non-sequitur alert on RIAA Argues That MP3s From CDs Are Unauthorized · · Score: 1

    Yes, I get that, that's why a message about why the labels push popular instead of artistic music seems to be a non-sequitur to me. There's nothing about the way the music is licensed there, it's a rant about "high school cheerleaders" and "clothes, shoes, and other associated crap".

  24. Twisting words is what lawyers DO. on RIAA Argues That MP3s From CDs Are Unauthorized · · Score: 1

    If Slashdot readers can see how a decision based on this kind of wording could be abused, do you think lawyers can't see that as well?

  25. "Rip, Mix, Burn" on RIAA Argues That MP3s From CDs Are Unauthorized · · Score: 1

    The RIAA has made contradictory statements on this. Remember Apple's "Rip, Mix, Burn" campaign? RIAA spokesmen were all over "... but you can't pass your disks to your friends". Not "... you can't rip your own CDs".