Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Welcome to the Transparent Society on Google Street View Raises Privacy Concerns · · Score: 2, Informative

    Sheesh, The Transparent Society came out nearly 10 years ago, Earth was published in 1990, and some of the same themes show up in Stand on Zanzibar (1968) and The Shockwave Rider (1975). Professor Steve Mann took this further and developed a series of Wearcams through the '90s.

    Anyone who hasn't been anticipating this for at least the past decade, if not longer, has some remedial reading ahead of them.

  2. Re:Indeed... compilation is not barrier... on A Look at BSD Rootkits · · Score: 1

    You wouldn't be thinking of this?

  3. Why would you *want* it in MP3? on Music Listeners Test 128kbps vs. 256kbps AAC · · Score: 1
    1. Are the non-DRM files just Apple's broken AAC "MP4", or can we chose MP3 (or FLAC/Ogg)?

    Why would you choose MP3 over MP4?

    Referring to MPEG-4 audio (which isn't Apple's format) as "Apple's broken AAC" makes me think you've already decided that because it's what Apple uses it must be broken. I suggest you do a wee bit of research and check out what professional classical musicians prefer to use for distribution. For example:

    For the technical side, you can read the web site of the creator of MP3 and MP4, the Fraunhofer Instutut

    http://www.iis.fraunhofer.de/pub_rel/presse/2003/m p4/

    Practically MP4 is a successor of MP3 that uses a better encoding and sounds superior. In particular, MP4s at ~100 kbps VBR at Kuschnerova's web site sound much better than MP3s at 160 kbps. The difference becomes apparent, though, if you are listening to both on a high-quality stereo system with big boxes.

    MP4 can be produced by QuckTime 6 pro and played by the free Quicktime 6. Alternatively you can use a free player/encoder from the Fraunhofer (a limited-time offer).

    A drawback of MP4 is the absence of tagging. I believe, however, that this problem will be solved soon.

    -- Dmitri Garanin at pianoworld.com, on why he chose MP4 format for Elena Kuschnerova's website in December 2003.
  4. Indeed... compilation is not barrier... on A Look at BSD Rootkits · · Score: 1

    Worst case, it can compile source code into a pristine binary that is compatible.

    Indeed. You can even hide a virus in source code, if the source is complex enough. Like, say, Gecko or Qt or Gtk or ... [insert bloated pile of C++ of your choice here] ...

    Compilation isn't a big slow noticable step any more. I'm using Tcl modules that generate C code to cache an SQL table at runtime... as an optimization. There's gentoo riceboys talking about building a kernel from the miniroot at boot time...

  5. Once you're penetrated you're ****ed. on A Look at BSD Rootkits · · Score: 4, Insightful

    Basically, once someone has gotten their code running on your system, they can do anything they want, and they can pretty much keep you from noticing that they're there. If you go looking for them, though, odds are you'll find them... but who's going to go looking?

    There's no magical difference between "rootkits" and any other trick for hiding code in a system... it doesn't matter if it's a "virus", or a "rootkit" or even a "polymorphic perverse passive-agressive viral-enhanced trojan rootkit" (or whatever the cool terminology of the week is), the trick to hiding is to change the things you know the rootkit detectors or antivirus software is looking for so they look right. The trick to finding them is to look in more places, and look in ways that they haven't thought of covering up. But the real trick is keeping them out in the first place.

    Security is like sex... once you're penetrated you're ****ed. If the basic software is designed to that when implemented as documented there's no mechanism for an attacker to use, then you're in pretty good shape. At least, you will be able to fix any holes that DO show up without breaking working software. And that's the main disadvantage Windows has... there's just too much everyday software and important APIs that are inherently insecure. Even when implemented as documented, there's attacks ... which is why they have all those security dialogs: those dialogs come down to "this program is about to do something that might be stupid, is that OK?".

    At the very least, you need to cut that down to "you just asked to do something that might be stupid, do you mean it?".

  6. Uh, right... on Apple Sued Over 'Lacking' Macbook Display · · Score: 1

    Apple: "Millions of colors, psyche!"

    Microsoft: "Gobbledegook, which you can, if you believe Wikipedia, interpret as meaning millions of colors... but we didn't say that."

  7. How many last chances do they get? on Palm Unveils Foleo, Linux-Based "Mobile Companion" · · Score: 1

    Palm is on the ropes, this being perhaps their last chance to become relevant again, and they not only blow it, they miss the target by 180 degrees.

    You're more generous than me.

    Palm blew it years ago.

  8. Did you try dragging the playlist from iTunes? on iPod Casualties Offer New-In-Box Bargains · · Score: 1

    The "windows explorer" interface that people such as yourself insist on being so "intuitive" took over 3 hours to find and drag every song from the file system to fill it from a particular playlist.

    Back before the iPod Shuffle came out I was using iTunes smart playlists to create a "shuffle" playlist for my flash MP3 player, and just selected the whole playlist and dragged it onto the MP3 player.

    Why make work for yourself?

  9. Noise isn't just noise... on Simple Comm Technique Beats Quantum Crypto · · Score: 1

    What A and B and anyone listening in can measure is whether there is a small amount of noise, a medium amount of noise, or a huge amount of noise.

    Except that's not all anyone in the middle can measure. Noise isn't either on or off. When Bob switches his resistor, that causes noise. When Bob takes a measurement, that causes noise (after all, that's what they're depending on to detect Carol in the middle). As the temperature changes, the noise level changes. There's an enormous amount of information about the system being produced by all these changes, and the hardware and software at the ends has to deal with that too.

    If Carol makes no change in the noise level of the system faster than the changes made by all the transient sources, then she can not be detected.

    Finally, you're going to measure different "middle" values in different places on the line. The effect of each resistor isn't going to make exactly the same change in the noise level at all points. If Carol can place two probes, she can tell which resistor was at each end.

  10. Re:Actual number of colors would be fine... on Apple Sued Over 'Lacking' Macbook Display · · Score: 1

    The point is a cosmetic technicality.

    It's a cosmetic stupidity.

    * It's just asking for someone to go after you if you don't in fact provide millions of colors.
    * It produces such absurdities as "Millions of colors +", when you've got something more than "millions of colors".

    I believe True Color is in fact millions of colors

    True Color is 32 bit. That's "millions of colors +" in Apple's terminology - the video card may use 6, 8, or even 10 bits per pixel (that's not limited to Wintel hardware, BTW, the Radius Thundercolor on the old Powermacs had 10-bit DACs) - but Microsoft isn't promising any number of colors, they're just promising they'll give yuo the best the video card and monitor can produce.

    Whether it gets thrown out of court or not, the terminology is fundamentally bad and they deserve every skerrick of legal pain that results.

  11. Re:Microsoft: 10 years, Apple: 3 years. on Apple Mac OS X Update For 17 Vulnerabilities · · Score: 4, Informative

    Which Microsoft vulnerability are you referring to as being over 10 years old?

    Well, they started out caling it "Active Desktop". It's had other names, but that's where it started.

    The vulnerability is that when you combine ActiveX with the API that applications use to call the HTML control the resulting design is fundamentally impossible even in principle to secure. The problem is that the HTML control is given the responsibility for deciding whether an object its called on to display should be trusted or not, but there the HTML control does not have enough information to make that determination. It's arguable whether the application calling it does, but in every exploit I'm aware of that has made use of this vulnerability to infect the computer giving the application responsibility for that decision would have prevented it.

    The changes required to the API could be:

    (1) Making the control would call back to the application to follow links, access embedded objects, and so on.

    (2) Making the control by itself purely a display mechanism, and requiring explicit installation of extensions by the application.

    (3) Making the sandbox the control uses "hard", and requiring the user or the application to explicitly install plugins based on roles, and making the application explicitly specify the role that the instance of the control takes.

    In addition, in all cases:

    (4) Make the inheritence of the environment absolute. If you follow a link from an application then the target of the link MUST be displayed under the control of the same application. That application can display it by running a more restricted helper application if appropriate (so Windows Explorer could call Internet Explorer) but that decision MUST be made by the application, not the HTML control.

    Except in VERY limited circumstances (such as the default "open safe files after downloading" option in Safari, which CAN BE TURNED OFF) every other browser or mail software follows some variant of these rules (for example, the KHTML/Webkit "IO slaves" follow rule 2). The idea that a program failing to implement one of these rules would be treated as anything less than a critical bug to be fixed as soon as it was discovered was literally a bad joke before 1997. I mean, there were jokes going around about it, because everyone knew nobody would be so stupid as to implement something like Active Desktop.

  12. Microsoft: 10 years, Apple: 3 years. on Apple Mac OS X Update For 17 Vulnerabilities · · Score: 3, Interesting

    Apple's time to patch was about twice as long as Microsoft's in 2006. From the looks of things, they may be working hard on improving that.

    Microsoft's coming up on 10 years for an unpatched vulnerability this year. One that's been exploited over and over again, and is still there.

    Apple's comparable vulnerability is much less dangerous, AND you can turn it off, AND it only surfaces in one program. Much lower surface area, much harder to exploit.

    I'm talking, of course, about deliberate automatic code execution from web browsers (and in Microsoft's case mail software and any other application that uses the Microsoft HTML control). Not buffer overflows or anything patchable like that, but a design that automatically opens a file or object just as if you'd manually downloaded it and run it from the desktop. I'm talking about daft things like ActiveX in IE, or "Open Safe Files" in Safari...

  13. Re:Celebrities are edge cases. on Is Email 'Bankrupt'? · · Score: 1

    Huh. I don't know about insane but ignoring text messages is kind of rude.

    The funny thing is that I like email because it's a more effective use of my personal time than just about any other message system. particularly compared to voice mail ... god, I hate voice mail. Someone leaves me a message in voice mail and it takes me WAY more time to deal with it than if they send me email, particularly if I have to copy something down and (of course) I can't ask them to "spell that", so then one voice mail turns into three. I can read email in my own time and on my own schedule. I can *ignore* email, if I feel like being rude (and some people need that), or not ignore it... but *I* am in control.

    Phone calls, text messages, instant message systems, these all practically demand immediate real-time response. Email doesn't. If you want to get a message to me, send me email. I may not get to it as quickly as you like, but you're more likely to get a RESPONSE you like if I can deal with it in my own time.

  14. Only early models? on Zune Team Getting Amnesty for iPod Use · · Score: 1

    Looks like a new model iPod Shuffle in there.

  15. Actual number of colors would be fine... on Apple Sued Over 'Lacking' Macbook Display · · Score: 1

    Windows used to display the actual number of colors and then they changed it to High Color And True Color.

    You're missing the point.

    Windows didn't call it "Millions of colors". They displayed *the actual number of colors*.

    If Apple listed the actual number of colors (262144) or used a term that didn't imply there were >1,000,000 colors available, then this wouldn't be an issue.

  16. Linux seems to be $140 cheaper than Windows. on Dell PCs with Ubuntu Are A Little Less Expensive · · Score: 3, Informative

    They don't offer a Linux model configured comparably to the $369 Vista model, but by customixing donwn you can get the Linux version to $409. So for $40 more than the Vista model you get:

    CPU: Celeron D => Core Duo
    GPU: GMA X3000 => GMA950
    RAM: 512M single channel at 533 => 1GB dual channel at 667
    Disk: 160GB => 250GB
    Net: 10/100 => 10/100/1000

    Apart from the GPU, the Linux version is better in every way... but if you're looking for an entry level computer you're really looking for the unavailable $329 E520 with Ubuntu.

    On the other hand, trying to configure a Vista box to match the Linux box, the best I can do is not $459, but $549... the following things are included in the price and can't be removed:

    * Microsoft Works 8. DOES NOT INCLUDE MS WORD
    * Starter pack - Yahoo! Music, Corel Photo and Dell Games
    * 56K PCI Data Fax Modem
    * 6 Months of America Online Membership Included

    The difference between the Intel X3000 and the older Intel GMA950 in the Linux box is presumably balanced by the 10/100 ethernet versus the 10/100/1000 in the Linux version.

  17. Celebrities are edge cases. on Is Email 'Bankrupt'? · · Score: 2, Insightful

    If you asked Greta Garbo or Howard Hughes instead of Knuth, they'd have said "public places are dead", and while most celebrities are less celebrated... they are an edge case. Most people don't have that enough *legitimate* mail in their inbox to make dumping email a rational response.

    Spam, now, that's a real problem... and it's a pity that the Direct Mail Association has consistently fought against any legislation that would have any real effect on spam, one assumes they share the common but misguided notion that it's impossible to create good anti-spam legislation that would allow the legitimate use of email in marketing (no, that's NOT an oxymoron).

    But absent effective legislation what one might call "excessive promotional speech" is a problem for anything that makes communication more efficient. Were people to abandon email for some other medium, they'd find that clogging up just as quickly.

  18. Re:Can you spell "commercial speech"? on Apple Sues Over iGasm Ads · · Score: 1

    If you think that a sex toy is a "related product" to an MP-3 player, Please don't talk about what you do with your free time.

    It's a sex toy that works by plugging in to an MP3 player, and the whole point of the ad is to promote it AS a related product. If you took that argument to a courtroom you'd be *lucky* to be laughed out of court. Judges hate people who waste their time.

  19. Can you spell "commercial speech"? on Apple Sues Over iGasm Ads · · Score: 2, Interesting

    Commercial speech doesn't have the same protections as other kinds of speech. Parody isn't a "get out of jail free" card in any case, but "parodying" another company's commercial, AND for a related product, that's a guaranteed losing move.

  20. Deceptive article! on OpenDNS Says Google-Dell Browser Tool is Spyware · · Score: 3, Interesting

    Setting aside the fact that using IE at all is the best way to get infected with spyware in general[1], the alternative to Dell's site is NOT Google's normal page.

    The only way to get to Google's page from Internet Explorer in its default configuration is to explicitly go to google.com, and with the redirector in place you still get to the regular google home page if you do that.

    If you open up Internet Explorer without the redirector and type a "keyword" into it, you normally end up on Microsoft's search engine.

    Given the alternative of going to MSN.com or a Dell-branded google.com, I know which one I prefer.

    [1] If you care you should be using Firefox which (for all its flaws) has a design that's many times more secure than IE...

  21. Re:Software Activation? Heck No! on Slingbox Comes to the Mac · · Score: 1

    I am always under the impression that Microsoft will deny my windows activation request on an unused license (or reactivate my computer in case the Redmond's fragile software is broken / infected with virus) after they pulled the support for Windows XP

    Which is why I'm using Windows 2000 still.

    It doesn't need activation.

    So now they're trying to force it through the backdoor by requiring WGA for updates.

    I'm beginning to see how making the OS fragile is a marketing tactic.

  22. Re:You CAN NOT have a "leaky" sandbox. on First OpenOffice Virus, Not In the Wild · · Score: 1

    "Inherently safe" scripting is the problem though.

    It's not really a problem. We know how to design inherently safe languages. We also know how to design interfaces by which users can running scripts in unsafe languages without allowing untrusted objects to run these scripts.

    Scripting is only useful because it allows you to automate things that you do repetitively.

    That's a little simplified, but basically true, and also irrelevant. First, a lot of repetitive tasks are things like filling out standard forms and reports, creating standard letterheads and layouts, and other tools that don't modify state outside the document. Second, when you're doing more complex things repetitively, you're generally doing them *to* documents... having the scripts embedded in one of the documents is hardly an ideal user interface.

    You might need to open a lot of Word documents one after another. [...]

    You don't provide that mechanism in the scripting language that can be embedded INSIDE a word document, you provide it in the scripting language that the user explicitly runs from OUTSIDE the document in an installed component (plugin, application, etcetera) that the embedded language can't access.

    There's no reason why these can't both be based on the same language. You design the language to have a basic set of control flow operations, and a mechanism for the *application* to expose additional capabilities to the script by importing objects and libraries... the base language doesn't include any of these things.

    Then the embedded version gets loaded with objects that expose the document itself, but no more. The external version gets the whole world pulled in.

    To distribute objects to to user you can go three or four ways. First, you can embed those object *in* documents in some packaged format... without providing any mechanism to automatically install the package: the user needs to explicitly select the object and request it be installed as a plugin. Second, you can provide extensions by an an out of band publishing mechanism: for example you can distribute them on a local file share, or on an internal web site. Thirdly, you can use the same mechanism you use to push out patches, hotfixes, and upgrades within the site.

  23. Because Windows doesn't claim "millions of colors" on Apple Sued Over 'Lacking' Macbook Display · · Score: 1

    Windows doesn't call it "millions of colors" in their display adjustment dialog.

    They call it "High Color" or "True Color".

  24. If the cafe offers WiFi, he had permission. on Michigan Man Charged for Using Free WiFi · · Score: 1

    If the cafe advertises Wifi, then how exactly did he not have permission? This doesn't sound like a private network, the article makes it sound like the cafe owner was providing wifi, and he had no idea he was doing anything wrong, so there's something else going on.

    Either (1) there was some kind of history between him and the owner and they're playing nice for the press, or (2) the law is dangerously lax about the definition of permission when it comes to public Wifi.

  25. Apple is absolutely in the wrong. on Apple Sued Over 'Lacking' Macbook Display · · Score: 1

    If it's an 18 bit display, then it's only capable of displaying 256k unique shades on every pixel. That's a quarter of a million unique colors.

    I understand why they did it... Apple was trapped by their attempt to dumb down the user interface too much, to describe displays in rough terms instead of precise ones. Instead of "Thousands" they should have listed "16 bit" (or "65536 colors"), instead of millions "24 bits", instead of saving images with Alpha in Preview as "Millions of colors +" they should have listed "32 bit" or even "24 bit plus Alpha".

    But claiming that an 18 bit LCD is really displaying "Millions of colors" is absolutely deceptive advertising. Apple needs to settle this, admit that it was a mistake, and move on. I don't expect them to, but anything else will only make things worse even if they win.