Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Re:My criticism on Microsoft Withdraws Vista's Kill Switch · · Score: 1

    My criticism of MS is that if they employ such tactics, they had better be right the vast majority of the time.

    As far as I'm concerned, they better be right 100% of the time, or put themselves on the hook for making things right with everyone they screw up. Including compensation for lost time.

  2. They can also reduce their support costs... on Verizon Embraces Google's Android · · Score: 1

    They can also reduce their support costs by letting people do whatever they damn well please to their phones. A good deal of the problems people call cellular providers up about are caused by restrictions the providers put in to try and nickel-and-dime them on extra services... like downloading games. I probably cost my current cellphone provider more than I'll ever earn them in profits just trying to get them to explain how I could save my address book, because they refused to say "you can't do that because we disabled that feature on all our 'basic' phones". They sent me to three different stores to try and get a magic cable that would solve my problem, and they spent at least half an hour at each store looking for the cable. When they finally found one, and it said "feature disabled", and I called them back, I finally got a tech who knew (or was willing to admit) that they'd crippled the phone.

    We'd BOTH have been much better off with Android.

  3. OK, let's try 100 times actual damages! on DoJ Sides With RIAA On Damages · · Score: 2, Insightful

    Many people here are trying to equate her punishment to the actual damages she may have caused.

    OK, what are the "actual damages" in this case?

    What she did: making 23 songs available over P2P that were already available over P2P.

    If you can, with a straight face, say that the "actual damages" here are over two digits... you're a hell of a poker player.

    If she had stolen those 23 tracks as a couple of physical CDs, she'd be facing well under $1000 in fines. $1000 seems a pretty hefty disincentive already: at least it works for petty theft. And seriously, whether you call this "theft" or not, it's pretty damn petty.

    But let's go all out, let's make the fines 100 times the actual damages. Let's be really outrageous, and figure 10 lost sales for each song, and count the songs as if they were worth $1.00 each. Those are all pretty damn steep figures, but for the sake of argument... you're STILL off by a factor of 10.

    If you don't like the law, work to have it changed.

    That's what she's doing.

  4. Win2k vs Vista on Microsoft Withdraws Vista's Kill Switch · · Score: 1

    Why "or even win2k"? I'll take win2k over XP.

  5. The real problem with the Kindle isn't DRM on An Acerbic Look At the Future of Reading · · Score: 1

    The bloody thing is the size of a small hardcover. OK, it's a SLIGHT improvement over the other readers I've seen that were the size of a full-sized hardcover, but if a paperback book is already too big to tote around, who's going to carry the larger and more fragile Kindle?

    My eBook reader is a Sony Clie. I can put DRMed and non-DRMed content on it, and read it, and it fits in my pocket even if I'm wearing blue-jeans. AND it was half the price even in pre-Bush dollars.

    The whole idea of buying a dedicated eBook reader instead of software for the PDA or smartphone most of teh potential customers already have is just wacky. If Bezos wants to move eBooks, he needs to ship them in Mobipocket format instead of re-re-re-inventing the wheel (this one's triangular! One fewer bump!).

  6. Mod parent up! on $360M Patent Suit Over iPhone Voicemail · · Score: 1

    This is the real point. The only possible patent that could be used against patent trolls that I've EVER heard of was one IBM filed covering automatic patent portfolio licensing that could possibly be interpreted as a business model patent for patent trolling. :)

  7. The nuclear rocket patent! on $360M Patent Suit Over iPhone Voicemail · · Score: 4, Interesting
    Feynman's autobiography, where he describes how he became the primary patent holder for the nuclear rocket:

    We discussed it back and forth - by this time we're in his office - and I
    say, "There are so many ideas about nuclear energy that are so perfectly
    obvious, that I'd be here all day telling you stuff."

    "LIKE WHAT?"

    "Nothin' to it!" I say. "Example: nuclear reactor... under
    water... water goes in... steam goes out the other side... Pshshshsht --
    it's a submarine. Or: nuclear reactor... air comes rushing in the front...
    heated up by nuclear reaction... out the back it goes... Boom! Through the
    air -- it's an airplane. Or: nuclear reactor... you have hydrogen go through
    the thing... Zoom! -- it's a rocket. Or: nuclear reactor... only instead
    of using ordinary uranium, you use enriched uranium, with beryllium oxide
    at high temperature to make it more efficient... It's an electrical power
    plant. There's a million ideas!" I said, as I went out the door. Nothing
    happened.

    About three months later, Smith calls me in the office and says, "Feynman,
    the submarine has already been taken. But the other three are yours."
  8. "We" includes "most people". on Security in Ten Years · · Score: 1

    I never said anything about open source.

    Beg pardon, the products you listed were primarily open source, so I jumped to that conclusion.

    My point is that deep security problems are not limited to Windows. I will happily agree that they are one of the worst examples, and I will happily agree that there are alternatives to Windows. The implication I read in your message was that as long as you avoid Microsoft you're home free. If you didn't intend to imply that, I apologize for overreacting, but the fact that there are many non-Microsoft organizations that do a great job of security doesn't mean that they're even in the majority let alone common enough to assume that you can just "dump Microsoft" and have done with it.

    On the other hand, I think you're reading something into my post that I didn't put there either.

    XPI has access to the Mozilla application. ActiveX has access to the entire operating system..

    The XPI installer API grants the installer the ability to create local files and execute them directly. This gives you full native user access without restrictions, AKA "access to the entire operating system".

    But even if I grant you the fact that you need to jump through one more trivial hoop with XPI than ActiveX, and grant that it matters, the point is not that "XPI is just as bad as ActiveX", but that XPI suffers from the same kind of design flaw as ActiveX: it provides a mechanism for an untrusted object to request full local user access.

    The difference between "clicking on a dialog box that's presented to you by the browser" and "opening an installer from the file manager or command line" is substantial.

    The former is something that users are conditioned to doing, routinely, by operating system and application components that ask them if they REALLY want to delete that file, close that window, shut down, log out, turn on, ...

    The latter is something that the user does on their own schedule. They can leave that package on the desktop unopened, in perfect safety, while they go ask Joe in IT what to do about it. They don't mind that. They're used to dowloading files today and doing something with them tomorrow.

    They do mind leaving a dialog (a modal dialog, at that) open. It bothers them. They want to close it, and they're used to just clicking OK. Making the dialog more complex doesn't make that much difference. Making them whitelist the site does matter, some, until they have enough sites whitelisted that someone can use a cross-site attack on one... turning a cross-site exploit into a remote execute attack. And that's not a "deep" difference between XPI and ActiveX, because ActiveX can be similarly configured by a site policy (it isn't, in most cases, but it's certainly possible to automatically refuse ActiveX without a dialog if it's not from some particular 'zone').

    The difference between these two approaches - content-based and user-based requests for execution of potentially untrusted code - is huge. Almost all users can learn not to explicitly run untrusted programs. It may take being bitten once, but it almost never requires a second lesson. I have only once, in ten years as a network admin with hundreds of users, had a guy come to me a second time because they thought their computer was infected after they'd opened some random file on the desktop. I have had many of them come to me over and over again because they'd approved an unexpected "do you want to run this thing I just downloaded?" dialog.

    The bottom line is that an approval dialog is not a security feature. Approval dialogs are useful in some cases where a user is about to perform an operation that's not reversible and has serious consequences, as a convenience for the user, but an approval dialog should not be considered in analyzing the security of a system because people are conditioned to approve them by reflex.

    Whitelisting is a stronger constraint, especially if the user has to explicitly enable the whitelisted site in a s

  9. "We" includes open source folks too... on Security in Ten Years · · Score: 1

    The only difference I see between XPI and ActiveX, from the point of view of security, is that XPI makes you jump through an extra dialog for trusting sites, and wait an extra 10 seconds (oh, no, it's 3 seconds) before presenting you with the "yes, I want to spread my legs" dialog.

    It's harder to accidentally click OK with XPI. But it's still possible. It still puts J Random User in the position of deciding "do I want to install this program" right then and there. And it still means that there's a code path in the browser to grant remote scripts local-user rights.

    Safari makes it a little harder with Dashboard widgets, in that you still have to run the installed Dashboard widget in Dashboard... a separate step, that you don't take in the same reflex operation. But it's still more of the same basic design flaw: the idea that it's OK for software to be automatically downloaded and installed at the request of untrusted sites, rather than explicitly by the user.

    Yes, there are a lot of good security designs being pushed by open source groups. That doesn't mean that open source is some kind of magic paint that makes bad designs impossible. That doesn't mean that closed source and proprietary systems are using evil paint that prevents them from using good design principles... consider that bad as Lan Manager was, at least it didn't make the mistake of treating an IP address as a security token, like certain open-systems protocols still do.

    "We" includes the people who are doing stupid stuff, as well as the people who are doing smart stuff, and as long as the people doing stupid stuff are widely used and successful products like Firefox, and the people doing smart stuff are obscure products like OpenBSD, then "we" really does include people from all sides of the open-vs-proprietary debate.

    Alas.

  10. Which is what allows M$ to undercut AAC on MP3 Format Still Gathering Momentum · · Score: 1

    "For up to 400,000 units per year, AAC playback costs $1.00 per unit; for more than 400,000 units per year, the price drops to $0.74 per unit."

    But there's no royalties on distribution of music in AAC, which matters to music distributors. The thing is, the only hardware manufacturers who care about the costs to the music distributor are Apple, Sony, and Microsoft (at least until Amazon realizes they'll get more traction selling an Amazon-branded MP3 player than an eBook reader). Sony's format is dead... who even remembers what it's called any more? Apple uses AAC. And Microsoft charges a dime per player for WMA, so all the Lucky Random Word players use MP3 because they have to, and WMA because they can afford to.

    They apparently haven't thought ahead far enough to realize that they're helping lock existing iPod users out of their players. Which is just fine by Microsoft.

  11. Re:Macros? on Native Windows PE File Loading on OS X? · · Score: 1

    What do you mean by "where"?

    I'm not an Office geek. I haven't touched Microsoft Office on my Mac in about 6 months, and the last time I had to deal with macros in Office it was in the context of Microsoft breaking the macro virus protection I was deploying at the office in one of their attempts at fixing macro security. If Microsoft has finally wised up about sandboxes and macros and the like I can only applaud.

    Unfortunately, it seems like that's not the case. All the lush VB viral ecosystem will remain intact on Windows. Pity.

  12. You should turn streaming off by default, anyway. on Crime Wave Thwarted in Second Life · · Score: 2, Informative
    You should turn off streaming media and automatic loading of web profiles by default.

    Not just because of this, but because it reduces the security of the SL client, in a number of ways.

    First, there's vulnerabilities in the plugins and the browser software. Yes, they're using a pretty secure browser based on Gecko, without user-loaded or downloaded XUL components, but still these are complex programs that you really don't need. About the only web-based technology in SL that's reasonably safe is the new search... since it's generated by Linden Labs, and they have better avenues of attack. :)

    Second, If you look at the Linden blog on this, you see that one of the messages reads:

    Way to go LL, help griefers some more why dont you? Using video streaming to IP log griefers as they crash sims is one of the important ways to fight griefing and document who the real abusers are. Eliminating this ability only helps griefers, much as your stupid idea to enable people to hide groups. Far more than helping to get rid of griefing or give us more security features, you keep enabling griefing with your stupid decisions like this one.
    There are SL "landowners" using streaming audio and video to track visitors by their IP address. This allows them to cross-reference addresses and identify players living in the same household, players with multiple accounts, people playing from work, and so on. And these kinds of "web-bugs" inside SL can not only get the "landowner" a pretty reliable ID for you (your account name), they can also distinguish whether users you're "verified" by a credit card or paypal.

    This kind of tool is useful to track griefers, I guess, but anyone who "owns" land in SL can do it... including those charming guys with their spammy ad-farms. :)
  13. Apple's Windows software is Carbon on Native Windows PE File Loading on OS X? · · Score: 1

    particularly as carbon and any legacy carbon support they might have had in Windows is defunct.

    I suspect the most likely reason reason iTunes and Quicktime Player are still largely Carbon (modern Carbon, true, not legacy Carbon, but still Carbon) is because they've gotta stay compatible with Windows.

    The "Open" part of OPENSTEP seems to have been pretty much lost in the transition to Cocoa.

  14. Oh, THAT one I can retcon... on When Did Star Wars Jump the Shark? · · Score: 1

    Who needs thrusters, inertia, centrifugal force and the vacuum of space when you can have magically maneuverable ships that whoosh as they pass by?

    The "whoosh" is actually entirely subjective, it's caused by their shields interacting directly with your neurons. It's why X-Wing pilots have 24 times the incidence of brain cancer as the rest of the Imperial Fleet.

  15. Macros? on Native Windows PE File Loading on OS X? · · Score: 1

    Office for Macs is about to lose support for Macros

    Explain... where was this announced?

  16. Re:When Luke turned off his targeting computer. on When Did Star Wars Jump the Shark? · · Score: 1

    I guess that when they're flying out afterwards and Luke's seat seems to be wobbling back and forth you were also thinking "what the hell's causing that and wouldn't it mean his ship is all over the place?"

    I don't even recall that. If I'd thought about it at all I'd have assumed he'd turned off his inertia suppression field or whatever other 'e e "doc" smith' magic was keeping him from being smeared into a thin paste from the high gee maneuvers.

    What did bug me was how their engines were thrusting all the time even when they were maintaining constant velocity.

    But all of that was little stuff compared to the big english-major anti-tech message in him "turning off his targeting computer".

  17. Roll out this again in 2009 on Leopard as the New Vista? · · Score: 1

    We get the same thing for every new release of every OS, we got it with Panther and Tiger as well and we'll have the same kinds of complaints when the next big cat rolls out. The question isn't whether there's problems with a dot-zero release, the question is what happens next? Well, Apple's had mixed results with that... they don't tend to go back on bad ideas like Dashboard or the Panther Finder or what sounds like an even more unpleasant Finder in Leopard, but they don't generally take a year and change to come out with the dot release to fix the actual bugs either.

    The thing is, Apple's screwups are consistently different from Microsoft's screwups. Leopard's not like Vista, the big cat cage has a definitely distinct scent from the toxic waste dump.

  18. It's news, but it's not bricked. on Apple 10.4.11 Update Can Brick Macs With Boot Camp · · Score: 1

    A service pack rendering a PC non-operation is a big deal regardless of how you try to portray it.

    Not really, it's pretty common. And luckily it's easier to keep a bootable external drive current on the Mac, because it doesn't come with copy protection code to keep you from cloning the drive.

    Having a second drive that you can use to boot from is basic common sense.

  19. Shazbot! It is NOT zwarking bricked! on Apple 10.4.11 Update Can Brick Macs With Boot Camp · · Score: 1

    Belgium, you zarking turlingdrome, if it was bricked that would mean the firmware was zarked. If you can boot into firewire mode the firmware is hoopy and you can boot into the install CD or boot off another zarking drive. I hate to use strong language, but you're making a belgium out of a wikket here.

    You should be keeping a bootable backup drive (with carbon copy cloner or a commercial tool) anyway. What would you do if your smegging hard disk failed? You'd be just as copped, staring at your hosed Mac like it'd turned into a pile of bantha poodoo. I recommend the LaCie P3, it's totally hoopy. LaCie really knows where their towel is.

  20. TEH POINT! on Apple 10.4.11 Update Can Brick Macs With Boot Camp · · Score: 1

    It's like making everything bold and thus losing the emphasis bold used to have; what the hell is the point?

    IM IN UR INTERNETS STEALING UR MEMES!

  21. Re:It is bricked on Apple 10.4.11 Update Can Brick Macs With Boot Camp · · Score: 1

    Bricking: (software spin) rendering something useless due to software failure. What is the difference here?

    Bricking: putting a piece of hardware into a state where it can't even be booted far enough to reinstall, and can't be fixed without special tools and/or hardware. Another computer (in the worst case) doesn't count as "special tools".

    If I'm not knowledgeable enough to affect change in my system

    Then you're not knowledgeable enough to decide if it's bricked or not.

  22. You don't need bootcamp for a hackintosh. on Apple 10.4.11 Update Can Brick Macs With Boot Camp · · Score: 1

    All you really need bootcamp for is to get Windows running on Apple's hardware. If you're using someone else's hardware it shouldn't be an issue.

    In any case VMware Fusion or Parallels Desktop gives you a better experience.

  23. Definitely not bricked. on Apple 10.4.11 Update Can Brick Macs With Boot Camp · · Score: 1

    That was my first thought... the only way to brick a machine would be to trash its hardware or firmware, and since 10.4.11 doesn't include a firmware updater all it's doing is making the system unbootable... the worst case would be a partition table incompatibility... which means booting from alternate media (including a firewire drive) or booting in target mode would allow you to fix it.

    It is possible that A&I might fail on you if the partition table is sufficiently broken, but you should still be able to boot, go into disk utility, and fix that.

  24. When is the last time... on What If Gmail Had Been Designed by Microsoft? · · Score: 1

    When is the last time that MS has really innovated anything, in the sense of either
    a) coming up with a unique and novel idea?
    b) refining a previously fringe thing (webmail) to a user-friendly, attractive offering?


    Pocket Internet Explorer was a killer web browser for a handheld in 2000. No, really, it handled pretty much every site I needed to get to, worked in the background, and was plenty fast enough on a 133 MHz SH3. It is still also the only "inherently secure" web browser Microsoft has shipped with any product, because it didn't support ActiveX and implemented a "hard" sandbox.

    It's funny how Microsoft swore that sandboxes were too slow for desktops in 1997, but they were fast enough for handhelds that were slower than those 1997 desktops only 3 years later.

  25. Sarbanes-Oxley + BSA vs the environment? on BSA Software Piracy Fight Smacks of RIAA Crackdown · · Score: 1

    "BSA audits zing companies for software that came with used computers they bought to save money. The BSA considers software pirated if a company can't produce a receipt for it, no matter how long ago it was purchased. Software boxes or certificates of authenticity are no help, because the BSA argues the software could have been obtained from an illegitimate source."

    The most cost-effective way to comply with Sarbanes-Oxley is to discard records across the board after the required retention period. This means that the receipts for anything purchased more than 5 years ago are *gone*, and that includes the original receipts for used computers. This policy means that instead of reusing older computers you pretty much have to trash them after this time, unless you buy new software for them or install free UNIX.

    Which is all well and good for the BSA's customers, but the environmental costs of manufacturing and disposal don't come out of their pocket.